function update_txp_lang()
{
global $txp_lang_updated, $txpcfg;
if ($re = mysql_connect('textpattern.otherwords.net', 'textpattern_user', 'textpattern')) {
if (mysql_select_db('textpattern_master', $re)) {
if ($q = mysql_query("select unix_timestamp(updated) from \n\t\t\t\t\t\ttextpattern_master.update where\n\t\t\t\t\t\t`table`='txp_lang'", $re)) {
$updated = mysql_num_rows($q) != 0 ? mysql_result($q, 0) : false;
if ($updated > $txp_lang_updated) {
if ($get = mysql_query("select * from \n\t\t\t\t\t\t\t\ttextpattern_master.txp_lang order by var")) {
if (mysql_num_rows($get) > 0) {
while ($a = mysql_fetch_assoc($get)) {
$incoming[] = $a;
}
mysql_close($re);
}
if (!empty($incoming)) {
dbconnect($txpcfg['db'], $txpcfg['user'], $txpcfg['pass'], $txpcfg['host']);
safe_query("truncate txp_lang");
foreach ($incoming as $b) {
extract(doSlash($b));
safe_query("\n\t\t\t\t\t\t\t\t\t\tinsert into txp_lang set \n\t\t\t\t\t\t\t\t\t\tvar='{$var}',english='{$english}'");
}
safe_query("update txp_prefs set val= \t\n\t\t\t\t\t\t\t\t\t" . time() . "\n\t\t\t\t\t\t\t\t\twhere `name`='txp_lang_updated'", 1);
echo mysql_error();
}
}
}
}
}
}
}
function pagetop($pagetitle, $message = '', $msgclass = '')
{
global $css_mode, $siteurl, $sitename, $txp_user, $event;
$area = gps('area');
$event = !$event ? 'article' : $event;
$bm = gps('bm');
$privs = safe_field('privs', 'txp_users', "name = '" . doSlash($txp_user) . "'");
$GLOBALS['privs'] = $privs;
$areas = areas();
$area = false;
foreach ($areas as $k => $v) {
if (in_array($event, $v)) {
$area = $k;
break;
}
}
if (gps('logout')) {
$body_id = 'page-logout';
} elseif (!$txp_user) {
$body_id = 'page-login';
} else {
$body_id = 'page-' . $event;
}
$theme = 'default';
include txpath . DS . 'theme' . DS . $theme . DS . 'header.php';
}
function section_save()
{
global $txpcfg;
$in = psa(array('name', 'title', 'page', 'css', 'is_default', 'on_frontpage', 'in_rss', 'searchable', 'old_name'));
extract(doSlash($in));
if (empty($title)) {
$title = $name;
}
//Prevent non url chars on section names
include_once $txpcfg['txpath'] . '/lib/classTextile.php';
$textile = new Textile();
$title = $textile->TextileThis($title, 1);
$name = dumbDown($textile->TextileThis($name, 1));
$name = preg_replace("/[^[:alnum:]\\-_]/", "", str_replace(" ", "-", $name));
if ($name == 'default') {
safe_update("txp_section", "page='{$page}',css='{$css}'", "name='default'");
} else {
if ($is_default) {
// note this means 'selected by default' not 'default page'
safe_update("txp_section", "is_default=0", "name!='{$old_name}'");
}
safe_update("txp_section", "name = '{$name}',\n\t\t\t\ttitle = '{$title}',\n\t\t\t\tpage = '{$page}',\n\t\t\t\tcss = '{$css}',\n\t\t\t\tis_default = '{$is_default}',\n\t\t\t\ton_frontpage = '{$on_frontpage}',\n\t\t\t\tin_rss = '{$in_rss}',\n\t\t\t\tsearchable = '{$searchable}'", "name = '{$old_name}'");
safe_update("textpattern", "Section='{$name}'", "Section='{$old_name}'");
}
sec_section_list(messenger('section', $name, 'updated'));
}
/**
* Weave the current template and show it ready to paste.
*/
static function export()
{
$f = file_get_contents(txpath . self::$template);
foreach (self::$what as $table => $columns) {
$tick = '`';
$cols = empty($columns) ? '*' : $tick . join('`,`', doSlash($columns)) . $tick;
$rs = safe_rows($cols, $table, (empty($columns) ? '1=1' : $columns[0] . ' not like \'%.min%\'') . (empty($columns) ? '' : ' ORDER BY `' . $columns[0] . '`'));
$rows = array();
foreach ($rs as $a) {
// Enforce *nix new-lines
$a = str_replace("\r\n", "\n", $a);
// Literal backslash into corresponding MySQL literal
foreach ($a as &$v) {
$v = addcslashes(addcslashes($v, '\\'), '\\');
}
$a = "'" . join("', '", doSlash($a)) . "'";
$rows[] = self::$where . ' = "INSERT INTO `".PFX."' . $table . '`(' . $cols . ') VALUES(' . $a . ')";';
}
$f = preg_replace("#(// sql:{$table}).*(// /sql:{$table})#s", '$1' . n . join(n, $rows) . n . '$2', $f);
}
echo text_area('code', 600, '', $f, 'code');
echo script_js(<<<EOS
\t\t\$('#code').focus(function() {
\t\t\tthis.select();
\t\t});
EOS
);
}
function insert_logit($in)
{
global $DB;
$in = doSlash($in);
extract($in);
safe_insert("txp_log", "`time`=now(),page='{$uri}',ip='{$ip}',host='{$host}',refer='{$ref}',status='{$status}',method='{$method}'");
}
function article_rows($status, $time, $search, $searchsticky, $section, $category, $excerpted, $month, $author, $keywords, $custom, $frontpage, $sort)
{
$where = array();
if ($status) {
$where['status'] = $status;
} elseif ($searchsticky) {
$where[] = 'status >= 4';
} else {
$where['status'] = 4;
}
if ($search) {
include_once txpath . '/publish/search.php';
$s_filter = $searchall ? filterSearch() : '';
$match = ", " . db_match('Title,Body', doSlash($q));
$words = preg_split('/\\s+/', $q);
foreach ($words as $w) {
$where[] = "(Title " . db_rlike() . " '" . doSlash(preg_quote($w)) . "' or Body " . db_rlike() . " '" . doSlash(preg_quote($w)) . "')";
}
#$search = " and " . join(' and ', $rlike) . " $s_filter";
$where[] = $s_filter;
// searchall=0 can be used to show search results for the current section only
if ($searchall) {
$section = '';
}
if (!$sort) {
$sort = 'score';
}
}
// ..etc..
}
function categorySelectInput($type, $name, $val, $id, $onchange = 0, $parent_id = NULL)
{
$rs = tree_get('txp_category', $parent_id, "parent > 0 and type='" . doSlash($type) . "'");
if ($rs) {
return treeSelectInput($name, $rs, $val, $id, $onchange, 1, 'name');
}
return false;
}
function tree_rebuild($table, $parent, $left, $where = '1=1', $sortby = 'name')
{
$right = $left + 1;
$result = safe_column("id", $table, "parent='" . doSlash($parent) . "' and {$where} order by {$sortby}");
foreach ($result as $row) {
$right = tree_rebuild($table, $row, $right, $where, $sortby);
}
safe_update($table, "lft={$left}, rgt={$right}", "id='{$parent}' and {$where}");
return $right + 1;
}
function mentionInsert($array)
{
extract(doSlash($array));
$chk = fetch('article_id', 'txp_log_mention', 'refpage', $refpage);
if (!$chk) {
safe_insert("txp_log_mention", "article_id = '{$id}', \n\t\t\t\trefpage = '{$refpage}', \n\t\t\t\treftitle = '{$reftitle}', \n\t\t\t\texcerpt = '{$excerpt}', \n\t\t\t\tcount = 1");
} else {
safe_update("textpattern", "count=count+1", "refpage='{$refpage}'");
}
}
/**
* Constructor.
*
* @param mixed $value
* @param array $options
*/
public function __construct($value, $options = array())
{
static $choices = null;
$options = lAtts(array('allow_blank' => true, 'type' => '', 'message' => 'unknown_form'), $options, false);
if (null === $choices) {
$choices = safe_column('name', 'txp_form', $options['type'] !== '' ? 'type=\'' . doSlash($options['type']) . '\'' : '1=1');
}
$options['choices'] = $choices;
parent::__construct($value, $options);
}
function section_save()
{
$in = psa(array('name', 'page', 'css', 'is_default', 'on_frontpage', 'in_rss', 'searchable', 'old_name'));
extract(doSlash($in));
if ($is_default) {
safe_update("txp_section", "is_default=0", "name!='{$old_name}'");
}
safe_update("txp_section", "name = '{$name}',\n\t\t\tpage = '{$page}',\n\t\t\tcss = '{$css}',\n\t\t\tis_default = '{$is_default}',\n\t\t\ton_frontpage = '{$on_frontpage}',\n\t\t\tin_rss = '{$in_rss}',\n\t\t\tsearchable = '{$searchable}'", "name = '{$old_name}'");
safe_update("textpattern", "Section='{$name}'", "Section='{$old_name}'");
section_list(messenger('section', $name, 'updated'));
}
function filterSearch()
{
$rs = safe_column("name", "txp_section", "searchable != '1'");
if ($rs) {
foreach ($rs as $name) {
$filters[] = "and Section != '" . doSlash($name) . "'";
}
return join(' ', $filters);
}
return false;
}
function page_save()
{
extract(doSlash(gpsa(array('name', 'html', 'newname', 'copy'))));
if ($newname && $copy) {
safe_insert("txp_page", "name='{$newname}', user_html='{$html}'");
page_edit(messenger('page', $newname, 'created'));
} else {
safe_update("txp_page", "user_html='{$html}'", "name='{$name}'");
page_edit(messenger('page', $name, 'updated'));
}
}
function update_user_pref($name, $val)
{
global $prefs, $txp_user;
if (empty($txp_user)) {
return;
}
if (empty($prefs[$name]) or $prefs[$name] != $val) {
$GLOBALS[$name] = $prefs[$name] = $val;
return safe_upsert('txp_prefs_user', "val='" . doSlash($val) . "'", array("user='******'", "name='" . doSlash($name) . "'"));
}
return true;
}
function sed_plugin_list($atts)
{
extract(lAtts(array('debug' => 0, 'type' => '', 'link_name' => 1, 'show_author' => 1, 'link_author' => 0, 'show_description' => 1, 'descriptionwrap' => 'p', 'descriptionclass' => 'plugin-description', 'show_version' => 1, 'versionwrap' => 'span', 'versionclass' => 'plugin-version', 'hide_disabled' => 1, 'sort_dir' => 'asc', 'sort_field' => 'name', 'wraptag' => 'ul', 'wrapclass' => 'plugin-list', 'break' => 'li', 'breakclass' => 'plugin-item', 'show_count' => 0, 'exclusions' => ''), $atts));
$exclusions = explode(',', $exclusions);
#
# Create out plugin search criteria...
#
$where = '';
$w = array();
if ('' !== $type) {
$type = 'type=\'' . doSlash($type) . '\'';
$w[] = $type;
}
if ($hide_disabled) {
$w[] = 'status=\'1\'';
}
$where = join(' and ', $w);
if (empty($where)) {
$where = '1=1';
}
$sort = '';
if ('' !== $sort_field) {
$sort = ' order by `' . doSlash($sort_field) . '` ' . doSlash($sort_dir);
}
#
# Grab the actual data...
#
$plugins = safe_rows('name,author,author_uri,version,description,status,type', 'txp_plugin', '(' . $where . ')' . $sort, $debug);
#
# Generate the XHTML results...
#
if ($plugins) {
foreach ($plugins as $plugin) {
if (in_array($plugin['name'], $exclusions)) {
continue;
}
$item = tag($plugin['name'], 'span', ' class="plugin-name" ');
if ($link_name) {
$item = tag($item, 'a', ' href="' . $plugin['author_uri'] . '" rel="nofollow" ');
}
if ($show_version) {
$item .= tag(' v' . $plugin['version'], $versionwrap, ' class="' . $versionclass . '" ');
}
if ($show_description) {
$item .= tag($plugin['description'], $descriptionwrap, ' class="' . $descriptionclass . '" ');
}
$o[] = tag($item, $break, ' class="' . $breakclass . '" ');
}
}
$o = n . join(n, $o);
return n . tag($o, $wraptag, ' class="' . $wrapclass . '" ') . n . n;
}
function doTxpValidate()
{
global $logout, $txpcfg, $txp_user;
$p_userid = ps('p_userid');
$p_password = ps('p_password');
$logout = gps('logout');
$stay = ps('stay');
if ($logout) {
setcookie('txp_login', '', time() - 3600);
}
if (!empty($_COOKIE['txp_login']) and !$logout) {
@(list($c_userid, $cookie_hash) = split(',', cs('txp_login')));
$nonce = safe_field('nonce', 'txp_users', "name='" . doSlash($c_userid) . "'");
if ($nonce && $nonce === md5($c_userid . pack('H*', $cookie_hash))) {
// cookie is good, create $txp_user
$txp_user = $c_userid;
return '';
} else {
// something's gone wrong
$txp_user = '';
setcookie('txp_login', '', time() - 3600);
return gTxt('bad_cookie');
}
} elseif ($p_userid and $p_password) {
sleep(3);
// should grind dictionary attacks to a halt
if (txp_validate($p_userid, $p_password)) {
$cookie_hash = md5(uniqid(rand()));
safe_update('txp_users', "nonce = '" . doSlash(md5($p_userid . pack('H*', $cookie_hash))) . "'", "name = '" . doSlash($p_userid) . "'");
if ($stay) {
setcookie('txp_login', $p_userid . ',' . $cookie_hash, time() + 3600 * 24 * 365);
// expires in 1 year
if (cs('txp_nostay')) {
setcookie('txp_nostay', '', time() - 3600);
}
} else {
setcookie('txp_login', $p_userid . ',' . $cookie_hash);
setcookie('txp_nostay', '1', time() + 3600 * 24 * 365);
// remember nostay for 1 year
}
$txp_user = $p_userid;
// login is good, create $txp_user
return '';
} else {
$txp_user = '';
return gTxt('could_not_log_in');
}
} else {
$txp_user = '';
return gTxt('login_to_textpattern');
}
}
function reset_author_pass($name)
{
$email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'");
$new_pass = doSlash(generate_password(6));
$rs = safe_update('txp_users', "pass = password(lower('{$new_pass}'))", "name = '" . doSlash($name) . "'");
if ($rs) {
if (send_new_password($new_pass, $email, $name)) {
return gTxt('password_sent_to') . ' ' . $email;
} else {
return gTxt('could_not_mail') . ' ' . $email;
}
} else {
return gTxt('could_not_update_author') . ' ' . htmlspecialchars($name);
}
}
function author_save_new()
{
extract(doSlash(psa(array('privs', 'name', 'email', 'RealName'))));
$pw = generate_password(6);
$nonce = md5(uniqid(rand(), true));
if ($name) {
$rs = safe_insert("txp_users", "privs = '{$privs}',\n\t\t\t\t name = '{$name}',\n\t\t\t\t email = '{$email}',\n\t\t\t\t RealName = '{$RealName}',\n\t\t\t\t pass = password(lower('{$pw}')),\n\t\t\t\t nonce = '{$nonce}'");
}
if ($rs) {
send_password($pw, $email);
admin(gTxt('password_sent_to') . sp . $email);
} else {
admin(gTxt('error_adding_new_author'));
}
}
function reset_author_pass($name)
{
$email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'");
$new_pass = generate_password(PASSWORD_LENGTH);
$hash = doSlash(txp_hash_password($new_pass));
$rs = safe_update('txp_users', "pass = '******'", "name = '" . doSlash($name) . "'");
if ($rs) {
if (send_new_password($new_pass, $email, $name)) {
return gTxt('password_sent_to') . ' ' . $email;
} else {
return gTxt('could_not_mail') . ' ' . $email;
}
} else {
return gTxt('could_not_update_author') . ' ' . txpspecialchars($name);
}
}
function txp_validate($user, $password)
{
$safe_user = addslashes($user);
$r = safe_field("name", "txp_users", "name = '{$safe_user}'\n\t\t\tand (pass = password(lower('" . doSlash($password) . "')) or pass = password('" . doSlash($password) . "')) and privs > 0");
if ($r) {
// update the last access time
safe_update("txp_users", "last_access = now()", "name = '{$safe_user}'");
return true;
} else {
// try old_password mysql hash
$r_old = safe_field("name", "txp_users", "name = '{$safe_user}'\n\t\t\t\tand (pass = old_password(lower('" . doSlash($password) . "')) or pass = old_password('" . doSlash($password) . "')) and privs > 0");
if ($r_old) {
safe_update("txp_users", "last_access = now()", "name = '{$safe_user}'");
return true;
}
}
return false;
}
function discuss_save()
{
$varray = array_map('assert_string', gpsa(array('email', 'name', 'web', 'message', 'ip')));
$varray = $varray + array_map('assert_int', gpsa(array('discussid', 'visible', 'parentid')));
extract(doSlash($varray));
$message = $varray['message'] = preg_replace('#<(/?txp:.+?)>#', '<$1>', $message);
$constraints = array('status' => new ChoiceConstraint($visible, array('choices' => array(SPAM, MODERATE, VISIBLE), 'message' => 'invalid_status')));
callback_event_ref('discuss_ui', 'validate_save', 0, $varray, $constraints);
$validator = new Validator($constraints);
if ($validator->validate() && safe_update('txp_discuss', "email = '{$email}',\n name = '{$name}',\n web = '{$web}',\n message = '{$message}',\n visible = {$visible}", "discussid = {$discussid}")) {
update_comments_count($parentid);
update_lastmod('discuss_saved', compact('discussid', 'email', 'name', 'web', 'message', 'ip', 'visible', 'parentid'));
$message = gTxt('comment_updated', array('{id}' => $discussid));
} else {
$message = array(gTxt('comment_save_failed'), E_ERROR);
}
discuss_list($message);
}
/**
* Parses the form "jmd_dashboard".
*
* @param string $event
* @param string $step
*/
function jmd_dashboard($event, $step)
{
pageTop(gTxt('jmd_dashboard_tab'));
include_once txpath . DS . 'publish.php';
if (empty($GLOBALS['pretext'])) {
$GLOBALS['pretext'] = array('id' => '', 'q' => '');
}
$contents = safe_field("Form", "txp_form", "name = 'jmd_dashboard'");
if ($contents === FALSE) {
$contents = <<<FORM
<h1 style="text-align:center">
Hey, you haven’t customized jmd_dashboard yet.
<a href="?event=form&step=form_edit&name=jmd_dashboard">
Do it now!
</a>
</h1>
<div style="margin: 0 auto; width: 400px;">
<h1>
<txp:site_name/>: Last modified on <txp:jmd_dashboard_lastmod/>
</h1>
<h2>Recently published articles</h2>
<txp:article_custom break="li" wraptag="ul">
<txp:title/> –
<txp:jmd_dashboard_edit>
edit #<txp:article_id/>
</txp:jmd_dashboard_edit>
</txp:article_custom>
<h2>Recent comments</h2>
<txp:recent_comments break="li" wraptag="ul">
<txp:comment_message/> – <txp:comment_name link="0"/>
(<txp:jmd_dashboard_edit type="comment">edit</txp:jmd_dashboard_edit>)
</txp:recent_comments>
</div>
FORM;
safe_insert("txp_form", "Form='" . doSlash($contents) . "',\n type='misc', name='jmd_dashboard'");
}
echo parse($contents);
}
function tc_shopping_cart_add($atts)
{
session_start();
global $thisarticle;
extract(lAtts(array('redirect_section' => false, 'class' => 'tc_cart', 'add_message' => 'Add to Cart'), $atts));
extract(doSlash($_POST));
if (empty($_SESSION['cart'])) {
$cart = new bckCart();
} else {
$cart = $_SESSION['cart'];
}
if (intval($qty) > 0 and intval($product_id) != 0 and $product_id == $thisarticle['thisid']) {
$cart->add_item($product_id, $qty);
$_SESSION['cart'] = $cart;
}
if (intval($qty) != 0 && $redirect_section) {
header("Location: /{$redirect_section}/");
}
$form = str_replace('action="index.php"', "", form(hInput("product_id", $GLOBALS['thisarticle']['thisid']) . hInput("qty", 1) . fInput("submit", "submit", $add_message)));
return $form;
}
/**
* Generates a list of authors.
*
* @param array $atts
* @param string $thing
* @return string
*/
public static function renderAuthors($atts, $thing = null)
{
global $thisauthor, $txp_groups;
extract(lAtts(array('break' => '', 'class' => '', 'form' => '', 'group' => '', 'label' => '', 'labeltag' => '', 'limit' => '', 'name' => '', 'offset' => '', 'sort' => 'name ASC', 'wraptag' => ''), $atts));
$sql = array('1 = 1');
$sql_limit = '';
$sql_sort = " ORDER BY " . doSlash($sort);
if ($name) {
$sql[] = "name IN (" . join(', ', quote_list(do_list($name))) . ")";
}
if ($group !== '') {
$privs = do_list($group);
$groups = array_flip($txp_groups);
foreach ($privs as &$priv) {
if (isset($groups[$priv])) {
$priv = $groups[$priv];
}
}
$sql[] = 'convert(privs, char) in (' . join(', ', quote_list($privs)) . ')';
}
if ($limit !== '' || $offset) {
$sql_limit = " LIMIT " . intval($offset) . ", " . ($limit === '' ? PHP_INT_MAX : intval($limit));
}
$rs = safe_rows_start("user_id as id, name, RealName as realname, email, privs, last_access", 'txp_users', join(" AND ", $sql) . " {$sql_sort} {$sql_limit}");
if ($rs && numRows($rs)) {
$out = array();
if ($thing === null && $form !== '') {
$thing = fetch_form($form);
}
while ($a = nextRow($rs)) {
$oldauthor = $thisauthor;
$thisauthor = $a;
$out[] = parse($thing);
$thisauthor = $oldauthor;
}
unset($thisauthor);
return doLabel($label, $labeltag) . doWrap($out, $wraptag, $break, $class);
}
return '';
}
function page_save()
{
extract(doSlash(gpsa(array('name', 'html', 'copy'))));
if ($copy) {
$newname = doSlash(trim(preg_replace('/[<>&"\']/', '', gps('newname'))));
if ($newname and safe_field('name', 'txp_page', "name = '{$newname}'")) {
$message = gTxt('page_already_exists', array('{name}' => $newname));
} elseif ($newname) {
safe_insert('txp_page', "name = '{$newname}', user_html = '{$html}'");
update_lastmod();
$message = gTxt('page_created', array('{name}' => $newname));
} else {
$message = gTxt('page_name_invalid');
}
page_edit($message);
} else {
safe_update('txp_page', "user_html = '{$html}'", "name = '{$name}'");
update_lastmod();
$message = gTxt('page_updated', array('{name}' => $name));
page_edit($message);
}
}
function feed($type)
{
global $prefs;
set_error_handler('feedErrorHandler');
ob_clean();
extract($prefs);
extract(doSlash(gpsa(array('category', 'section', 'limit', 'area'))));
if ($area != 'link') {
$area = 'article';
}
$sitename .= $section ? ' - ' . fetch_section_title($section) : '';
$sitename .= $category ? ' - ' . fetch_category_title($category, $area) : '';
$self_ref = pagelinkurl(array('atom' => 1, 'area' => $area == 'article' ? '' : $area, 'section' => $section, 'category' => $category, 'limit' => $limit));
$id_ext = ($section ? '/' . $section : '') . ($category ? '/' . $category : '');
if ($area == 'article') {
$sfilter = $section ? "and Section = '" . $section . "'" : '';
$cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : '';
$limit = $limit ? $limit : $rss_how_many;
$limit = intval(min($limit, max(100, $rss_how_many)));
$frs = safe_column("name", "txp_section", "in_rss != '1'");
$query = array();
foreach ($frs as $f) {
$query[] = "and Section != '" . doSlash($f) . "'";
}
$query[] = $sfilter;
$query[] = $cfilter;
$expired = $publish_expired_articles ? '' : ' and (now() <= Expires or Expires = ' . NULLDATETIME . ') ';
$rs = safe_rows_start("*, ID as thisid, unix_timestamp(Posted) as uPosted, unix_timestamp(Expires) as uExpires, unix_timestamp(LastMod) as uLastMod", "textpattern", "Status=4 and Posted <= now() {$expired}" . join(' ', $query) . "order by Posted desc limit {$limit}");
return render_feed($rs, $area, $type, $sitename, $self_ref, $id_ext);
} elseif ($area == 'link') {
$cfilter = $category ? "category='" . $category . "'" : '1';
$limit = $limit ? $limit : $rss_how_many;
$limit = intval(min($limit, max(100, $rss_how_many)));
$rs = safe_rows_start("*" . ($atom ? '' : ", unix_timestamp(date) as uDate"), "txp_link", "{$cfilter} order by date desc" . ($atom ? ", id desc" : '') . " limit {$limit}");
return render_feed($rs, $area, $type, $sitename, $self_ref, $id_ext);
}
}
function file_download_link($atts, $thing)
{
global $thisfile, $permlink_mode;
extract(lAtts(array('filename' => '', 'id' => ''), $atts));
$from_form = false;
if ($id) {
$thisfile = fileDownloadFetchInfo('id = ' . intval($id));
} elseif ($filename) {
$thisfile = fileDownloadFetchInfo("filename = '" . doSlash($filename) . "'");
} else {
assert_file();
$from_form = true;
}
if ($thisfile) {
$url = filedownloadurl($thisfile['id'], $thisfile['filename']);
$out = $thing ? href(parse($thing), $url) : $url;
// cleanup: this wasn't called from a form,
// so we don't want this value remaining
if (!$from_form) {
$thisfile = '';
}
return $out;
}
}
function zem_older($atts, $thing = false)
{
global $thispage, $pretext, $permlink_mode;
extract(lAtts(array('showalways' => 0), $atts));
$numPages = $thispage['numPages'];
$pg = $thispage['pg'];
if ($numPages > 1 and $pg != $numPages) {
$nextpg = $pg + 1;
// author urls should use RealName, rather than username
if (!empty($pretext['author'])) {
$author = safe_field('RealName', 'txp_users', "name = '" . doSlash($pretext['author']) . "'");
} else {
$author = '';
}
$parts = array('pg' => $nextpg, 's' => @$pretext['s'], 'c' => @$pretext['c'], 'q' => @$pretext['q'], 'author' => $author);
$parts = $parts + $_GET;
$url = pagelinkurl($parts);
if ($thing) {
return '<a href="' . $url . '"' . (empty($title) ? '' : ' title="' . $title . '"') . '>' . parse($thing) . '</a>';
}
return $url;
}
return $showalways ? parse($thing) : '';
}
function customers_list($event = '', $step = '', $message = '')
{
global $statuses, $comments_disabled_after, $step, $txp_user;
pagetop("Customers", $message);
extract(get_prefs());
extract(gpsa(array('page', 'sort', 'dir', 'crit', 'qty', 'search_method')));
$sesutats = array_flip($statuses);
$dir = $dir == 'desc' ? 'desc' : 'asc';
switch ($sort) {
case 'RealName':
$sort_sql = 'RealName ' . $dir;
break;
case 'orders':
$sort_sql = 'orders ' . $dir;
break;
default:
$dir = 'desc';
$sort_sql = 'user_id ' . $dir;
break;
}
$switch_dir = $dir == 'desc' ? 'asc' : 'desc';
$criteria = "privs = 0";
if ($search_method and $crit) {
$crit_escaped = doSlash($crit);
$critsql = array('id' => "ID = '{$crit_escaped}'", 'title_body' => "Title rlike '{$crit_escaped}' or Body rlike '{$crit_escaped}'", 'section' => "Section rlike '{$crit_escaped}'", 'categories' => "Category1 rlike '{$crit_escaped}' or Category2 rlike '{$crit_escaped}'", 'status' => "Status = '" . @$sesutats[gTxt($crit_escaped)] . "'", 'author' => "AuthorID rlike '{$crit_escaped}'");
if (array_key_exists($search_method, $critsql)) {
$criteria = $critsql[$search_method];
$limit = 500;
} else {
$search_method = '';
$crit = '';
}
} else {
$search_method = '';
$crit = '';
}
$total = safe_count('txp_users', "{$criteria}");
if (isset($qty)) {
$customers_list_pageby = $qty;
} else {
$customers_list_pageby = 15;
}
$limit = max(@$customers_list_pageby, 15);
list($page, $offset, $numPages) = pager($total, $limit, $page);
$rs = safe_rows_start('*', 'txp_users', "{$criteria} order by {$sort_sql} limit {$offset}, {$limit}");
$customersOnPage = $offset + $limit;
if ($rs) {
echo n . n . '<form name="longform" method="post" action="index.php" onsubmit="return verify(\'' . gTxt('are_you_sure') . '\')">' . n . startTable('list', '', '', '', '700') . n . tr(n . tda("Displaying {$offset} - {$customersOnPage} of {$total} customers", ' colspan="2" style="border: none; padding-bottom: 15px;"') . n . tda('<a href="?event=customers&step=edit_customer" class="navlink">Add a new customer</a> <a href="?event=customers&step=export_customer" class="navlink">Export customers</a>', ' colspan="2" style="text-align: right; border: none; padding-bottom: 15px;"')) . n . tr(n . column_head('Customer', 'RealName', 'customers', true, $switch_dir, $crit, $search_method) . column_head('Phone', 'shipping_phone', 'customers', true, $switch_dir, $crit, $search_method) . column_head('Email', 'email', 'customers', true, $switch_dir, $crit, $search_method) . column_head('Orders', 'order_num', 'customers', true, $switch_dir, $crit, $search_method));
include_once txpath . '/publish/taghandlers.php';
while ($a = nextRow($rs)) {
extract($a);
$order_num = safe_count("orders", "user_id = {$user_id}");
$RealName = eLink('customers', 'edit_customer', 'user_id', $user_id, $RealName);
$Orders = eLink('order', 'edit', 'customer', $name, $order_num);
echo n . n . tr(n . td($RealName, "25%") . td($billing_phone, "25%") . td($email, "25%") . td($Orders, "25%"));
}
echo n . endTable() . n . '</form>' . n . nav_form('customers', $page, $numPages, $sort, $dir, $crit, $search_method) . n . pageby_form('customers', $customers_list_pageby);
}
}
function createTxp()
{
$GLOBALS['textarray'] = setup_load_lang(ps('lang'));
if (!is_valid_email(ps('email'))) {
exit(graf(gTxt('email_required')));
}
require txpath . '/config.php';
$ddb = $txpcfg['db'];
$duser = $txpcfg['user'];
$dpass = $txpcfg['pass'];
$dhost = $txpcfg['host'];
$dprefix = $txpcfg['table_prefix'];
$dbcharset = $txpcfg['dbcharset'];
$siteurl = str_replace("http://", '', ps('siteurl'));
$siteurl = rtrim($siteurl, "/");
define("PFX", trim($dprefix));
define('TXP_INSTALL', 1);
include_once txpath . '/lib/txplib_update.php';
include txpath . '/setup/txpsql.php';
// This has to come after txpsql.php, because otherwise we can't call mysql_real_escape_string
extract(doSlash(psa(array('name', 'pass', 'RealName', 'email'))));
$nonce = md5(uniqid(rand(), true));
mysql_query("INSERT INTO `" . PFX . "txp_users` VALUES\n\t\t\t(1,'{$name}',password(lower('{$pass}')),'{$RealName}','{$email}',1,now(),'{$nonce}')");
mysql_query("update `" . PFX . "txp_prefs` set val = '" . doSlash($siteurl) . "' where `name`='siteurl'");
mysql_query("update `" . PFX . "txp_prefs` set val = '" . LANG . "' where `name`='language'");
mysql_query("update `" . PFX . "txp_prefs` set val = '" . getlocale(LANG) . "' where `name`='locale'");
echo fbCreate();
}
