function SEARCH($text)
{
global $blogid;
// $text = preg_replace ("/[<,>,=,?,!,#,^,(,),[,\],:,;,\\\,%]/","",$text);
/* * * for jp * * * * * * * * * * */
$this->encoding = strtolower(preg_replace('|[^a-z0-9-_]|i', '', _CHARSET));
if ($this->encoding != 'utf-8') {
$text = mb_convert_encoding($text, "UTF-8", $this->encoding);
}
$text = str_replace(" ", ' ', $text);
$text = preg_replace("/[<>=?!#^()[\\]:;\\%]/", "", $text);
$this->ascii = '[\\x00-\\x7F]';
$this->two = '[\\xC0-\\xDF][\\x80-\\xBF]';
$this->three = '[\\xE0-\\xEF][\\x80-\\xBF][\\x80-\\xBF]';
$this->jpmarked = $this->boolean_mark_atoms_jp($text);
/* * * * * * * * * * * * * * * * */
$this->querystring = $text;
// $this->marked = $this->boolean_mark_atoms($text);
$this->inclusive = $this->boolean_inclusive_atoms($text);
$this->blogs = array();
// get all public searchable blogs, no matter what, include the current blog allways.
$res = sql_query('SELECT bnumber FROM ' . sql_table('blog') . ' WHERE bincludesearch=1 ');
while ($obj = sql_fetch_object($res)) {
$this->blogs[] = intval($obj->bnumber);
}
}
/**
* This function creates an sql dump of the database and sends it to
* the user as a file (can be gzipped if they want)
*
* @requires
* no output may have preceded (new headers are sent)
* @param gzip
* 1 = compress backup file, 0 = no compression (default)
*/
function do_backup($gzip = 0)
{
global $manager;
// tables of which backup is needed
$tables = array(sql_table('actionlog'), sql_table('ban'), sql_table('blog'), sql_table('comment'), sql_table('config'), sql_table('item'), sql_table('karma'), sql_table('member'), sql_table('skin'), sql_table('skin_desc'), sql_table('team'), sql_table('template'), sql_table('template_desc'), sql_table('plugin'), sql_table('plugin_event'), sql_table('plugin_option'), sql_table('plugin_option_desc'), sql_table('category'), sql_table('activation'), sql_table('tickets'));
// add tables that plugins want to backup to the list
// catch all output generated by plugins
ob_start();
$res = sql_query('SELECT pfile FROM ' . sql_table('plugin'));
while ($plugName = sql_fetch_object($res)) {
$plug =& $manager->getPlugin($plugName->pfile);
if ($plug) {
$tables = array_merge($tables, (array) $plug->getTableList());
}
}
ob_end_clean();
// remove duplicates
$tables = array_unique($tables);
// make sure browsers don't cache the backup
header("Pragma: no-cache");
// don't allow gzip compression when extension is not loaded
if ($gzip != 0 && !extension_loaded("zlib")) {
$gzip = 0;
}
if ($gzip) {
// use an output buffer
@ob_start();
@ob_implicit_flush(0);
// set filename
$filename = 'nucleus_db_backup_' . strftime("%Y-%m-%d-%H-%M-%S", time()) . ".sql.gz";
} else {
$filename = 'nucleus_db_backup_' . strftime("%Y-%m-%d-%H-%M-%S", time()) . ".sql";
}
// send headers that tell the browser a file is coming
header("Content-Type: text/x-delimtext; name=\"{$filename}\"");
header("Content-disposition: attachment; filename={$filename}");
// dump header
echo "#\n";
echo "# " . _BACKUP_BACKUPFILE_TITLE . " \n";
echo "# " . _ADMINPAGEFOOT_OFFICIALURL . "\n";
echo "#\n";
echo "# " . _BACKUP_BACKUPFILE_BACKUPDATE . gmdate("d-m-Y H:i:s", time()) . " GMT\n";
global $nucleus;
echo "# " . _BACKUP_BACKUPFILE_NUCLEUSVERSION . $nucleus['version'] . "\n";
echo "#\n";
echo "# " . _BACKUP_WARNING_NUCLEUSVERSION . "\n";
echo "#\n";
// dump all tables
reset($tables);
array_walk($tables, array(&$this, '_backup_dump_table'));
if ($gzip) {
$Size = ob_get_length();
$Crc = crc32(ob_get_contents());
$contents = gzcompress(ob_get_contents());
ob_end_clean();
echo " ‹" . substr($contents, 0, strlen($contents) - 4) . $this->gzip_PrintFourChars($Crc) . $this->gzip_PrintFourChars($Size);
}
exit;
}
/**
* Returns the requested comment
*
* @static
*/
function getComment($commentid)
{
$query = 'SELECT `cnumber` AS commentid, `cbody` AS body, `cuser` AS user, `cmail` AS userid, `cemail` AS email, `cmember` AS memberid, `ctime`, `chost` AS host, `mname` AS member, `cip` AS ip, `cblog` AS blogid' . ' FROM ' . sql_table('comment') . ' LEFT OUTER JOIN ' . sql_table('member') . ' ON `cmember` = `mnumber`' . ' WHERE `cnumber` = ' . intval($commentid);
$comments = sql_query($query);
$aCommentInfo = sql_fetch_assoc($comments);
if ($aCommentInfo) {
$aCommentInfo['timestamp'] = strtotime($aCommentInfo['ctime']);
}
return $aCommentInfo;
}
/**
* Removes a ban from the banlist (correct iprange is needed as argument)
* Returns 1 on success, 0 on error
*/
function removeBan($blogid, $iprange)
{
global $manager;
$blogid = intval($blogid);
$manager->notify('PreDeleteBan', array('blogid' => $blogid, 'range' => $iprange));
$query = 'DELETE FROM ' . sql_table('ban') . " WHERE blogid={$blogid} and iprange='" . sql_real_escape_string($iprange) . "'";
sql_query($query);
$result = sql_affected_rows() > 0;
$manager->notify('PostDeleteBan', array('blogid' => $blogid, 'range' => $iprange));
return $result;
}
function NP_SpamBayes()
{
global $DIR_PLUGINS;
$this->table_cat = sql_table('plug_sb_cat');
// categories
$this->table_wf = sql_table('plug_sb_wf');
// word frequencies
$this->table_ref = sql_table('plug_sb_ref');
// references
$this->table_log = sql_table('plug_sb_log');
// logging
include_once $DIR_PLUGINS . "spambayes/spambayes.php";
$this->spambayes = new NaiveBayesian($this);
}
public function event_PostAuthentication(&$data)
{
global $CONF;
static $blogid = 0;
static $blogs = array();
MediaUtils::$lib_path = preg_replace('#/*$#', '', $this->getDirectory());
MediaUtils::$prefix = (bool) $CONF['MediaPrefix'];
MediaUtils::$maxsize = (int) $CONF['MaxUploadSize'];
$suffixes = explode(',', $CONF['AllowedTypes']);
foreach ($suffixes as $suffix) {
$suffix = trim($suffix);
if (!in_array($suffix, MediaUtils::$suffixes)) {
MediaUtils::$suffixes[] = strtolower($suffix);
}
}
$result = sql_query('SELECT bnumber, bshortname FROM ' . sql_table('blog') . ';');
while (FALSE !== ($row = sql_fetch_assoc($result))) {
$blogs[$row['bnumber']] = $row['bshortname'];
}
MediaUtils::$blogs =& $blogs;
if (array_key_exists('blogid', $_GET)) {
$blogid = (int) $_GET['blogid'];
} else {
if (array_key_exists('blogid', $_POST)) {
$blogid = (int) $_POST['blogid'];
} else {
if (array_key_exists('itemid', $_GET) && function_exists('getBlogIDFromItemID')) {
$blogid = (int) getBlogIDFromItemID((int) $_GET['itemid']);
} else {
if (array_key_exists('itemid', $_POST) && function_exists('getBlogIDFromItemID')) {
$blogid = (int) getBlogIDFromItemID((int) $_POST['itemid']);
} else {
if (array_key_exists(MediaUtils::$cookiename, $_COOKIE)) {
$blogid = (int) $_COOKIE['blogid'];
} else {
return;
}
}
}
}
}
MediaUtils::$blogid =& $blogid;
MediaUtils::$bshortname =& MediaUtils::$blogs[MediaUtils::$blogid];
return;
}
/**
* (Static) Method to trim the action log (from over 500 back to 250 entries)
*/
function trimLog()
{
static $checked = 0;
// only check once per run
if ($checked) {
return;
}
// trim
$checked = 1;
$iTotal = quickQuery('SELECT COUNT(*) AS result FROM ' . sql_table('actionlog'));
// if size > 500, drop back to about 250
$iMaxSize = 500;
$iDropSize = 250;
if ($iTotal > $iMaxSize) {
$tsChop = quickQuery('SELECT timestamp as result FROM ' . sql_table('actionlog') . ' ORDER BY timestamp DESC LIMIT ' . $iDropSize . ',1');
sql_query('DELETE FROM ' . sql_table('actionlog') . ' WHERE timestamp < \'' . $tsChop . '\'');
}
}
function doSkinVar($skinType, $numOfPostsToShow)
{
global $blog;
if ($numOfPostsToShow <= 0) {
$numOfPostsToShow = 10;
}
$q = "SELECT inumber as id, ititle as title, " . "citem,COUNT(cnumber) as num_of_comments, " . "SUM(SubComment.cVal)*POW(COUNT(cnumber),2)*MAX(SubComment.iVal) as CurrentVal " . "FROM ( " . "SELECT *, " . "SQRT(1.0 / POW((DATEDIFF(c.ctime,CURDATE()) / 365),2)) as cVal," . "SQRT(1.0 / POW((DATEDIFF(i.itime,CURDATE()) / 365),2)) as iVal " . "FROM " . sql_table('comment') . " as c " . "INNER JOIN " . sql_table('item') . " as i " . "ON i.inumber=c.citem) as SubComment " . "GROUP BY inumber, ititle " . "ORDER BY `CurrentVal` DESC " . "LIMIT 0, " . intval($numOfPostsToShow);
$res = mysql_query($q);
echo $this->getOption('header');
$link_templ = $this->getOption('link');
while ($row = mysql_fetch_array($res)) {
$out = str_replace("%l", createItemLink($row[id]), $link_templ);
$out = str_replace("%p", $row['title'], $out);
$out = str_replace("%c", $row['num_of_comments'], $out);
$out = str_replace("%s", $row['CurrentVal'], $out);
echo $out;
}
echo $this->getOption('footer');
}
/**
* Outputs the XML contents of the export file
*
* @param $setHeaders
* set to 0 if you don't want to send out headers
* (optional, default 1)
*/
function export($setHeaders = 1)
{
if ($setHeaders) {
// make sure the mimetype is correct, and that the data does not show up
// in the browser, but gets saved into and XML file (popup download window)
header('Content-Type: text/xml');
header('Content-Disposition: attachment; filename="skinbackup.xml"');
header('Expires: 0');
header('Pragma: no-cache');
}
echo "<nucleusskin>\n";
// meta
echo "\t<meta>\n";
// skins
foreach ($this->skins as $skinId => $skinName) {
$skinName = htmlspecialchars($skinName, ENT_QUOTES);
if (strtoupper(_CHARSET) != 'UTF-8') {
$skinName = mb_convert_encoding($skinName, 'UTF-8', _CHARSET);
}
echo "\t\t" . '<skin name="' . htmlspecialchars($skinName, ENT_QUOTES) . '" />' . "\n";
}
// templates
foreach ($this->templates as $templateId => $templateName) {
$templateName = htmlspecialchars($templateName, ENT_QUOTES);
if (strtoupper(_CHARSET) != 'UTF-8') {
$templateName = mb_convert_encoding($templateName, 'UTF-8', _CHARSET);
}
echo "\t\t" . '<template name="' . htmlspecialchars($templateName, ENT_QUOTES) . '" />' . "\n";
}
// extra info
if ($this->info) {
if (strtoupper(_CHARSET) != 'UTF-8') {
$skin_info = mb_convert_encoding($this->info, 'UTF-8', _CHARSET);
} else {
$skin_info = $this->info;
}
echo "\t\t<info><![CDATA[" . $skin_info . "]]></info>\n";
}
echo "\t</meta>\n\n\n";
// contents skins
foreach ($this->skins as $skinId => $skinName) {
$skinId = intval($skinId);
$skinObj = new SKIN($skinId);
$skinName = htmlspecialchars($skinName, ENT_QUOTES);
$contentT = htmlspecialchars($skinObj->getContentType(), ENT_QUOTES);
$incMode = htmlspecialchars($skinObj->getIncludeMode(), ENT_QUOTES);
$incPrefx = htmlspecialchars($skinObj->getIncludePrefix(), ENT_QUOTES);
$skinDesc = htmlspecialchars($skinObj->getDescription(), ENT_QUOTES);
if (strtoupper(_CHARSET) != 'UTF-8') {
$skinName = mb_convert_encoding($skinName, 'UTF-8', _CHARSET);
$contentT = mb_convert_encoding($contentT, 'UTF-8', _CHARSET);
$incMode = mb_convert_encoding($incMode, 'UTF-8', _CHARSET);
$incPrefx = mb_convert_encoding($incPrefx, 'UTF-8', _CHARSET);
$skinDesc = mb_convert_encoding($skinDesc, 'UTF-8', _CHARSET);
}
echo "\t" . '<skin name="' . $skinName . '" type="' . $contentT . '" includeMode="' . $incMode . '" includePrefix="' . $incPrefx . '">' . "\n";
echo "\t\t" . '<description>' . $skinDesc . '</description>' . "\n";
$que = 'SELECT' . ' stype,' . ' scontent ' . 'FROM ' . sql_table('skin') . ' WHERE' . ' sdesc = ' . $skinId;
$res = sql_query($que);
while ($partObj = sql_fetch_object($res)) {
$type = htmlspecialchars($partObj->stype, ENT_QUOTES);
$cdata = $this->escapeCDATA($partObj->scontent);
if (strtoupper(_CHARSET) != 'UTF-8') {
$type = mb_convert_encoding($type, 'UTF-8', _CHARSET);
$cdata = mb_convert_encoding($cdata, 'UTF-8', _CHARSET);
}
echo "\t\t" . '<part name="' . $type . '">';
echo '<![CDATA[' . $cdata . ']]>';
echo "</part>\n\n";
}
echo "\t</skin>\n\n\n";
}
// contents templates
foreach ($this->templates as $templateId => $templateName) {
$templateId = intval($templateId);
$templateName = htmlspecialchars($templateName, ENT_QUOTES);
$templateDesc = htmlspecialchars(TEMPLATE::getDesc($templateId), ENT_QUOTES);
if (strtoupper(_CHARSET) != 'UTF-8') {
$templateName = mb_convert_encoding($templateName, 'UTF-8', _CHARSET);
$templateDesc = mb_convert_encoding($templateDesc, 'UTF-8', _CHARSET);
}
echo "\t" . '<template name="' . $templateName . '">' . "\n";
echo "\t\t" . '<description>' . $templateDesc . "</description>\n";
$que = 'SELECT' . ' tpartname,' . ' tcontent' . ' FROM ' . sql_table('template') . ' WHERE' . ' tdesc = ' . $templateId;
$res = sql_query($que);
while ($partObj = sql_fetch_object($res)) {
$type = htmlspecialchars($partObj->tpartname, ENT_QUOTES);
$cdata = $this->escapeCDATA($partObj->tcontent);
if (strtoupper(_CHARSET) != 'UTF-8') {
$type = mb_convert_encoding($type, 'UTF-8', _CHARSET);
$cdata = mb_convert_encoding($cdata, 'UTF-8', _CHARSET);
}
echo "\t\t" . '<part name="' . $type . '">';
echo '<![CDATA[' . $cdata . ']]>';
echo '</part>' . "\n\n";
}
echo "\t</template>\n\n\n";
}
echo '</nucleusskin>';
}
/**
* Returns the SQL query used to fill out templates for a list of items
*
* @param $itemarray
* an array holding the item numbers of the items to be displayed
* @param $showDrafts
* 0=do not show drafts 1=show drafts
* @param $showFuture
* 0=do not show future posts 1=show future posts
* @returns
* either a full SQL query, or an empty string
* @note
* No LIMIT clause is added. (caller should add this if multiple pages are requested)
*/
function getSqlItemList($itemarray, $showDrafts = 0, $showFuture = 0)
{
if (!is_array($itemarray)) {
return '';
}
$showDrafts = intval($showDrafts);
$showFuture = intval($showFuture);
$items = array();
foreach ($itemarray as $value) {
if (intval($value)) {
$items[] = intval($value);
}
}
if (!count($items)) {
return '';
}
//$itemlist = implode(',',$items);
$i = count($items);
$query = '';
foreach ($items as $value) {
$query .= '(' . 'SELECT' . ' i.inumber as itemid,' . ' i.ititle as title,' . ' i.ibody as body,' . ' m.mname as author,' . ' m.mrealname as authorname,' . ' i.itime,' . ' i.imore as more,' . ' m.mnumber as authorid,' . ' m.memail as authormail,' . ' m.murl as authorurl,' . ' c.cname as category,' . ' i.icat as catid,' . ' i.iclosed as closed';
$query .= ' FROM ' . sql_table('item') . ' as i, ' . sql_table('member') . ' as m, ' . sql_table('category') . ' as c' . ' WHERE' . ' i.iblog = ' . $this->blogid . ' and i.iauthor = m.mnumber' . ' and i.icat = c.catid';
if (!$showDrafts) {
$query .= ' and i.idraft=0';
}
// exclude drafts
if (!$showFuture) {
$query .= ' and i.itime<=' . mysqldate($this->getCorrectTime());
}
// don't show future items
//$query .= ' and i.inumber IN ('.$itemlist.')';
$query .= ' and i.inumber = ' . intval($value);
$query .= ')';
$i--;
if ($i) {
$query .= ' UNION ';
}
}
return $query;
}
function doAction($type = '')
{
global $CONF, $manager;
if (!$type) {
$type = 'google';
}
if ($type !== 'google' && $type !== 'yahoo') {
return;
}
$sitemap = array();
$blog_res = sql_query('SELECT * FROM ' . sql_table('blog'));
while ($blog = sql_fetch_array($blog_res)) {
if ($this->getBlogOption($blog['bnumber'], 'IncludeSitemap') == 'yes') {
if ($blog['bnumber'] != $CONF['DefaultBlog']) {
$sitemap[] = array('loc' => $this->_prepareLink($blog['bnumber'], createBlogidLink($blog['bnumber'])), 'priority' => '1.0', 'changefreq' => 'daily');
} else {
$sitemap[] = array('loc' => $blog['burl'], 'priority' => '1.0', 'changefreq' => 'daily');
}
$params = array(sql_table('category'), $blog['bnumber']);
$cat_res = sql_query(vsprintf('SELECT * FROM %s WHERE cblog=%s ORDER BY catid', $params));
while ($cat = sql_fetch_array($cat_res)) {
$sitemap[] = array('loc' => $this->_prepareLink($blog['bnumber'], createCategoryLink($cat['catid'])), 'priority' => '1.0', 'changefreq' => 'daily');
}
$b =& $manager->getBlog($blog['bnumber']);
$item_res = sql_query('
SELECT
*,
UNIX_TIMESTAMP(itime) AS timestamp
FROM
' . sql_table('item') . '
WHERE
iblog = ' . $blog['bnumber'] . ' AND
idraft = 0
AND itime <= ' . mysqldate($b->getCorrectTime()) . '
ORDER BY
inumber DESC
');
$now = $_SERVER['HTTP_REQUEST_TIME'];
while ($item = sql_fetch_array($item_res)) {
$tz = date('O', $item['timestamp']);
$tz = substr($tz, 0, 3) . ':' . substr($tz, 3, 2);
$pasttime = $now - $item['timestamp'];
if ($pasttime < 86400 * 2) {
$fq = 'hourly';
} elseif ($pasttime < 86400 * 14) {
$fq = 'daily';
} elseif ($pasttime < 86400 * 62) {
$fq = 'weekly';
} else {
$fq = 'monthly';
}
$sitemap[] = array('loc' => $this->_prepareLink($blog['bnumber'], createItemLink($item['inumber'])), 'lastmod' => gmdate('Y-m-d\\TH:i:s', $item['timestamp']) . $tz, 'priority' => '1.0', 'changefreq' => $fq);
}
}
}
$eventdata = array('sitemap' => &$sitemap);
$manager->notify('SiteMap', $eventdata);
if ($type == 'google') {
header("Content-type: application/xml");
echo "<?xml version='1.0' encoding='UTF-8'?>\n\n";
echo "<urlset xmlns='http://www.sitemaps.org/schemas/sitemap/0.9' ";
echo "xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' ";
echo "xsi:schemaLocation='http://www.sitemaps.org/schemas/sitemap/0.9 http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd'>\n";
$tpl = "\t\t<%s>%s</%s>\n";
foreach ($sitemap as $url) {
echo "\t<url>\n";
foreach ($url as $key => $value) {
echo sprintf($tpl, $key, htmlspecialchars($value, ENT_QUOTES, _CHARSET), $key);
}
echo "\t</url>\n";
}
echo "</urlset>\n";
} else {
header("Content-type: text/plain");
foreach ($sitemap as $url) {
echo $url['loc'] . "\n";
}
}
exit;
}
/**
* Returns a list of recent items (Nucleus Version)
* ($amount = max 20);
*/
function _getRecentItems($blogid, $username, $password, $amount)
{
$blogid = intval($blogid);
$amount = intval($amount);
// 1. login
$mem = new MEMBER();
if (!$mem->login($username, $password)) {
return _error(1, "Could not log in");
}
// 2. check if allowed
if (!BLOG::existsID($blogid)) {
return _error(2, "No such blog ({$blogid})");
}
if (!$mem->teamRights($blogid)) {
return _error(3, "Not a team member");
}
$amount = intval($amount);
if ($amount < 1 or $amount > 20) {
return _error(5, "Amount parameter must be in range 1..20");
}
// 3. create and return list of recent items
// Struct returned has dateCreated, userid, blogid and content
$structarray = array();
// the array in which the structs will be stored
$query = "SELECT ibody, iauthor, ibody, imore, ititle, iclosed, idraft, itime" . ' FROM ' . sql_table('item') . " WHERE iblog={$blogid}" . " ORDER BY itime DESC" . " LIMIT {$amount}";
$r = sql_query($query);
while ($obj = sql_fetch_object($r)) {
$newstruct = new xmlrpcval(array("publishDate" => new xmlrpcval(iso8601_encode(strtotime($obj->itime)), "dateTime.iso8601"), "userid" => new xmlrpcval($obj->iauthor, "string"), "blogid" => new xmlrpcval($blogid, "string"), "title" => new xmlrpcval($obj->ititle, "string"), "body" => new xmlrpcval($obj->ibody, "string"), "more" => new xmlrpcval($obj->imore, "string"), "draft" => new xmlrpcval($obj->idraft, "boolean"), "closed" => new xmlrpcval($obj->iclosed, "boolean")), 'struct');
array_push($structarray, $newstruct);
}
return new xmlrpcresp(new xmlrpcval($structarray, "array"));
}
/**
* @static
* @todo document this
*/
function _insertPluginOptions($context, $contextid = 0)
{
// get all current values for this contextid
// (note: this might contain doubles for overlapping contextids)
$aIdToValue = array();
$res = sql_query('SELECT oid, ovalue FROM ' . sql_table('plugin_option') . ' WHERE ocontextid=' . intval($contextid));
while ($o = sql_fetch_object($res)) {
$aIdToValue[$o->oid] = $o->ovalue;
}
// get list of oids per pid
$query = 'SELECT * FROM ' . sql_table('plugin_option_desc') . ',' . sql_table('plugin') . ' WHERE opid=pid and ocontext=\'' . sql_real_escape_string($context) . '\' ORDER BY porder, oid ASC';
$res = sql_query($query);
$aOptions = array();
while ($o = sql_fetch_object($res)) {
if (in_array($o->oid, array_keys($aIdToValue))) {
$value = $aIdToValue[$o->oid];
} else {
$value = $o->odef;
}
array_push($aOptions, array('pid' => $o->pid, 'pfile' => $o->pfile, 'oid' => $o->oid, 'value' => $value, 'name' => $o->oname, 'description' => $o->odesc, 'type' => $o->otype, 'typeinfo' => $o->oextra, 'contextid' => $contextid, 'extra' => ''));
}
global $manager;
$manager->notify('PrePluginOptionsEdit', array('context' => $context, 'contextid' => $contextid, 'options' => &$aOptions));
$iPrevPid = -1;
foreach ($aOptions as $aOption) {
// new plugin?
if ($iPrevPid != $aOption['pid']) {
$iPrevPid = $aOption['pid'];
if (!defined('_PLUGIN_OPTIONS_TITLE')) {
define('_PLUGIN_OPTIONS_TITLE', 'Options for %s');
}
echo '<tr><th colspan="2">' . sprintf(_PLUGIN_OPTIONS_TITLE, htmlspecialchars($aOption['pfile'], ENT_QUOTES)) . '</th></tr>';
}
$meta = NucleusPlugin::getOptionMeta($aOption['typeinfo']);
if (@$meta['access'] != 'hidden') {
echo '<tr>';
listplug_plugOptionRow($aOption);
echo '</tr>';
}
}
}
function RegistPath($objID, $path, $bid, $oParam, $name, $new = FALSE)
{
global $CONF;
switch ($oParam) {
case 'item':
case 'member':
if (preg_match('/.html$/', $path)) {
$path = substr($path, 0, -5);
}
break;
case 'blog':
case 'category':
case 'subcategory':
break;
default:
return;
break;
}
$bid = intval($bid);
$objID = intval($objID);
$name = rawurlencode($name);
if ($new && $oParam == 'item') {
$tque = 'SELECT itime as result FROM %s WHERE inumber = %d';
$itime = quickQuery(sprintf($tque, sql_table('item'), $objID));
list($y, $m, $d, $trush) = sscanf($itime, '%d-%d-%d %s');
$param['year'] = sprintf('%04d', $y);
$param['month'] = sprintf('%02d', $m);
$param['day'] = sprintf('%02d', $d);
$dfItem = $this->getOption('customurl_dfitem');
$ikey = TEMPLATE::fill($dfItem, $param);
if ($path == $ikey) {
$path = $ikey . '_' . $objID;
}
} elseif (!$new && strlen($path) == 0) {
$del_que = 'DELETE FROM %s WHERE obj_id = %d AND obj_param = "%s"';
sql_query(sprintf($del_que, _CUSTOMURL_TABLE, $objID, $oParam));
$msg = array(0, _DELETE_PATH, $name, _DELETE_MSG);
return $msg;
exit;
}
$dotslash = array('.', '/');
$path = str_replace($dotslash, '_', $path);
if (!preg_match('/^[-_a-zA-Z0-9]+$/', $path)) {
$msg = array(1, _INVALID_ERROR, $name, _INVALID_MSG);
return $msg;
exit;
}
$tempPath = $path;
if ($oParam == 'item' || $oParam == 'member') {
$tempPath .= '.html';
}
$conf_que = 'SELECT obj_id FROM %s' . ' WHERE obj_name = "%s"' . ' AND obj_bid = %d' . ' AND obj_param = "%s"' . ' AND obj_id != %d';
$res = sql_query(sprintf($conf_que, _CUSTOMURL_TABLE, $tempPath, $bid, $oParam, $objID));
if ($res && sql_num_rows($res)) {
$msg = array(0, _CONFLICT_ERROR, $name, _CONFLICT_MSG);
$path .= '_' . $objID;
}
if ($oParam == 'category' && !$msg) {
$conf_cat = 'SELECT obj_id FROM %s WHERE obj_name = "%s"' . ' AND obj_param = "blog"';
$res = sql_query(sprintf($conf_cat, _CUSTOMURL_TABLE, $tempPath));
if ($res && sql_num_rows($res)) {
$msg = array(0, _CONFLICT_ERROR, $name, _CONFLICT_MSG);
$path .= '_' . $objID;
}
}
if ($oParam == 'blog' && !$msg) {
$conf_blg = 'SELECT obj_id FROM %s WHERE obj_name = "%s"' . ' AND obj_param = "category"';
$res = sql_query(sprintf($conf_blg, _CUSTOMURL_TABLE, $tempPath));
if ($res && sql_num_rows($res)) {
$msg = array(0, _CONFLICT_ERROR, $name, _CONFLICT_MSG);
$path .= '_' . $objID;
}
}
$newPath = $path;
if ($oParam == 'item' || $oParam == 'member') {
$newPath .= '.html';
}
$query = 'SELECT * FROM %s WHERE obj_id = %d AND obj_param = "%s"';
$res = sql_query(sprintf($query, _CUSTOMURL_TABLE, $objID, $oParam));
$row = sql_fetch_object($res);
$pathID = $row->id;
if ($pathID) {
$query = 'UPDATE %s SET obj_name = "%s" WHERE id = %d';
sql_query(sprintf($query, _CUSTOMURL_TABLE, $newPath, $pathID));
} else {
$query = 'INSERT INTO %s (obj_param, obj_name, obj_id, obj_bid)' . ' VALUES ("%s", "%s", %d, %d)';
sql_query(sprintf($query, _CUSTOMURL_TABLE, $oParam, $newPath, $objID, $bid));
}
switch ($oParam) {
case 'blog':
$this->setBlogOption($objID, 'customurl_bname', $path);
break;
case 'category':
$this->setCategoryOption($objID, 'customurl_cname', $path);
break;
case 'member':
$this->setMemberOption($objID, 'customurl_mname', $path);
break;
default:
break;
}
return $msg;
}
/**
* Returns a list of recent items
*/
function _getRecentItemsBlogger($blogid, $username, $password, $amount)
{
$blogid = intval($blogid);
$amount = intval($amount);
// 1. login
$mem = new MEMBER();
if (!$mem->login($username, $password)) {
return _error(1, "Could not log in");
}
// 2. check if allowed
if (!BLOG::existsID($blogid)) {
return _error(2, "No such blog ({$blogid})");
}
if (!$mem->teamRights($blogid)) {
return _error(3, "Not a team member");
}
$amount = intval($amount);
if ($amount < 1 or $amount > 20) {
return _error(5, "Amount parameter must be in range 1..20");
}
// 3. create and return list of recent items
// Struct returned has dateCreated, userid, blogid and content
$blog = new BLOG($blogid);
$structarray = array();
// the array in which the structs will be stored
$query = "SELECT mname, ibody, iauthor, ibody, inumber, ititle as title, itime, cname as category" . ' FROM ' . sql_table('item') . ', ' . sql_table('category') . ', ' . sql_table('member') . " WHERE iblog={$blogid} and icat=catid and iauthor=mnumber" . " ORDER BY itime DESC" . " LIMIT {$amount}";
$r = sql_query($query);
while ($row = sql_fetch_assoc($r)) {
// remove linebreaks if needed
if ($blog->convertBreaks()) {
$row['ibody'] = removeBreaks($row['ibody']);
}
$content = blogger_specialTags($row) . $row['ibody'];
$newstruct = new xmlrpcval(array("userid" => new xmlrpcval($row['iauthor'], "string"), "dateCreated" => new xmlrpcval(iso8601_encode(strtotime($row['itime'])), "dateTime.iso8601"), "blogid" => new xmlrpcval($blogid, "string"), "content" => new xmlrpcval($content, "string"), "postid" => new xmlrpcval($row['inumber'], "string"), "authorName" => new xmlrpcval($row['mname'], 'string'), "title" => new xmlrpcval($row['title'], 'string')), 'struct');
array_push($structarray, $newstruct);
}
return new xmlrpcresp(new xmlrpcval($structarray, "array"));
}
function unInstall()
{
// restore to standard settings
sql_query(sprintf("UPDATE %s SET value='2' WHERE name='DisableJSTools'", sql_table('config')));
}
function _deleteKeyword($itemid, $keyword)
{
$keywordid = $this->_getKeywordID($keyword);
$sql = sprintf('DELETE FROM %s WHERE key_id=%d AND keyword_id=%d', sql_table('plug_keywords_relationship'), intval($itemid), intval($keywordid));
sql_query($sql);
}
/**
* @param $aOptions: array ( 'oid' => array( 'contextid' => 'value'))
* (taken from request using requestVar())
* @param $newContextid: integer (accepts a contextid when it is for a new
* contextid there was no id available at the moment of writing the
* formcontrols into the page (by ex: itemOptions for new item)
* @static
*/
function _applyPluginOptions(&$aOptions, $newContextid = 0)
{
global $manager;
if (!is_array($aOptions)) {
return;
}
foreach ($aOptions as $oid => $values) {
// get option type info
$query = 'SELECT opid, oname, ocontext, otype, oextra, odef FROM ' . sql_table('plugin_option_desc') . ' WHERE oid=' . intval($oid);
$res = sql_query($query);
if ($o = sql_fetch_object($res)) {
foreach ($values as $key => $value) {
// avoid overriding the key used by foreach statement
$contextid = $key;
// retreive any metadata
$meta = NucleusPlugin::getOptionMeta($o->oextra);
// if the option is readonly or hidden it may not be saved
if ($meta['access'] != 'readonly' && $meta['access'] != 'hidden') {
$value = undoMagic($value);
// value comes from request
switch ($o->otype) {
case 'yesno':
if ($value != 'yes' && $value != 'no') {
$value = 'no';
}
break;
default:
break;
}
// check the validity of numerical options
if ($meta['datatype'] == 'numerical' && !is_numeric($value)) {
//the option must be numeric, but the it isn't
//use the default for this option
$value = $o->odef;
}
// decide wether we are using the contextid of newContextid
if ($newContextid != 0) {
$contextid = $newContextid;
}
//trigger event PrePluginOptionsUpdate to give the plugin the
//possibility to change/validate the new value for the option
$manager->notify('PrePluginOptionsUpdate', array('context' => $o->ocontext, 'plugid' => $o->opid, 'optionname' => $o->oname, 'contextid' => $contextid, 'value' => &$value));
// delete the old value for the option
sql_query('DELETE FROM ' . sql_table('plugin_option') . ' WHERE oid=' . intval($oid) . ' AND ocontextid=' . intval($contextid));
sql_query('INSERT INTO ' . sql_table('plugin_option') . " (oid, ocontextid, ovalue) VALUES (" . intval($oid) . "," . intval($contextid) . ",'" . sql_real_escape_string($value) . "')");
}
}
}
// clear option value cache if the plugin object is already loaded
if (is_object($o)) {
$plugin =& $manager->pidLoaded($o->opid);
if ($plugin) {
$plugin->clearOptionValueCache();
}
}
}
}
function action_itemview($bid = 0, $msg = '')
{
global $CONF, $oPluginAdmin;
if (empty($bid)) {
if (getVar('blogid')) {
$bid = intGetVar('blogid');
} else {
$bid = intval($CONF['DefaultBlog']);
}
} else {
$bid = intval($bid);
}
$oPluginAdmin->start();
$printData = '<h2>' . _ADMIN_AREA_TITLE . '</h2>' . '<ul style="list-style:none;">' . ' <li>' . ' <a href="' . $this->pediturl . '">' . _OPTION_SETTING . ' </a>' . ' </li>' . ' <li>' . ' <a href="' . $this->adminurl . 'index.php?action=blogview">' . _FOR_BLOG_SETTING . ' </a>' . ' </li>' . ' <li>' . ' <a href="' . $this->adminurl . 'index.php?action=categoryview&blogid=' . $bid . '">' . _FOR_CATEGORY_SETTING . ' </a>' . ' </li>' . ' <li>' . ' <a href="' . $this->adminurl . 'index.php?action=memberview">' . _FOR_MEMBER_SETTING . ' </a>' . ' </li>' . '</ul>' . '<p><h3>' . $this->_hsc($msg) . '</h3>';
echo $printData;
unset($printData);
$this->print_tablehead(_LISTS_TITLE, _LISTS_ITEM_DESC);
$query = 'SELECT %s,%s,%s FROM %s WHERE iblog = %d ORDER BY itime DESC';
$query = sprintf($query, ititle, inumber, ibody, sql_table('item'), $bid);
$res = sql_query($query);
while ($i = mysql_fetch_object($res)) {
$query = 'SELECT obj_name as result FROM %s WHERE obj_param = "item" AND obj_id = %d';
$query = sprintf($query, sql_table('plug_customurl'), intval($i->inumber));
$temp_res = quickQuery($query);
$ipath = $this->_hsc(substr($temp_res, 0, -5));
$data = array('oid' => intval($i->inumber), 'obd' => $bid, 'opr' => 'item', 'name' => $this->_hsc($i->ititle), 'ret' => 'itemview', 'ed_URL' => $this->editurl . 'index.php?action=itemedit' . '&itemid=' . intval($i->inumber), 'path' => $ipath);
if (extension_loaded('mbstring')) {
$data['desc'] = $this->_hsc(mb_substr(strip_tags($i->ibody), 0, 80));
} else {
$this->_hsc(substr(strip_tags($i->ibody), 0, 80));
}
$this->print_tablerow($data);
}
echo '</tbody></table></p>';
unset($query);
$oPluginAdmin->end();
}
// defines how much media items will be shown per page. You can override this
// in config.php if you like. (changing it in config.php instead of here will
// allow your settings to be kept even after a Nucleus upgrade)
$CONF['MediaPerPage'] = 10;
// include all classes and config data
require '../../../../../config.php';
include $DIR_LIBS . 'MEDIA.php';
// media classes
sendContentType('application/xhtml+xml', 'media');
// user needs to be logged in to use this
if (!$member->isLoggedIn()) {
media_loginAndPassThrough();
exit;
}
// check if member is on at least one teamlist
$query = 'SELECT * FROM ' . sql_table('team') . ' WHERE tmember=' . $member->getID();
if ($manager->pluginInstalled('NP_SQLite')) {
$teams = nucleus_mysql_query($query);
if (nucleus_mysql_num_rows($teams) == 0) {
media_doError(_ERROR_DISALLOWEDUPLOAD);
}
} else {
$teams = sql_query($query);
if (sql_num_rows($teams) == 0) {
media_doError(_ERROR_DISALLOWEDUPLOAD);
}
}
// get action
$action = requestVar('action');
if ($action == '') {
$action = 'selectmedia';
function event_LoginFailed(&$data)
{
if ($this->enable_security == 'yes' && $this->max_failed_login > 0) {
global $_SERVER;
$login = $data['username'];
$ip = $_SERVER['REMOTE_ADDR'];
$lres = sql_query("SELECT * FROM " . sql_table('plug_securityenforcer') . " WHERE login='******'");
if (sql_num_rows($lres)) {
sql_query("UPDATE " . sql_table('plug_securityenforcer') . " SET fails=fails+1, lastfail=" . time() . " WHERE login='******'");
} else {
sql_query("INSERT INTO " . sql_table('plug_securityenforcer') . " (login,fails,lastfail) VALUES ('" . sql_real_escape_string($login) . "',1," . time() . ")");
}
$lres = sql_query("SELECT * FROM " . sql_table('plug_securityenforcer') . " WHERE login='******'");
if (sql_num_rows($lres)) {
sql_query("UPDATE " . sql_table('plug_securityenforcer') . " SET fails=fails+1, lastfail=" . time() . " WHERE login='******'");
} else {
sql_query("INSERT INTO " . sql_table('plug_securityenforcer') . " (login,fails,lastfail) VALUES ('" . sql_real_escape_string($ip) . "',1," . time() . ")");
}
}
return;
}
/**
* Install custom plugins
*/
function installCustomPlugs(&$manager)
{
global $aConfPlugsToInstall, $DIR_LIBS;
$aErrors = array();
if (count($aConfPlugsToInstall) == 0) {
return $aErrors;
}
$res = sql_query('SELECT * FROM ' . sql_table('plugin'));
$numCurrent = sql_num_rows($res);
foreach ($aConfPlugsToInstall as $plugName) {
// do this before calling getPlugin (in case the plugin id is used there)
$query = 'INSERT INTO ' . sql_table('plugin') . ' (porder, pfile) VALUES (' . ++$numCurrent . ', "' . addslashes($plugName) . '")';
sql_query($query);
// get and install the plugin
$manager->clearCachedInfo('installedPlugins');
$plugin =& $manager->getPlugin($plugName);
$plugin->plugid = $numCurrent;
if (!$plugin) {
sql_query('DELETE FROM ' . sql_table('plugin') . ' WHERE pfile=\'' . addslashes($plugName) . '\'');
$numCurrent--;
array_push($aErrors, _ERROR22 . $plugName);
continue;
}
$plugin->install();
}
// SYNC PLUGIN EVENT LIST
sql_query('DELETE FROM ' . sql_table('plugin_event'));
// loop over all installed plugins
$res = sql_query('SELECT pid, pfile FROM ' . sql_table('plugin'));
while ($o = sql_fetch_object($res)) {
$pid = $o->pid;
$plug =& $manager->getPlugin($o->pfile);
if ($plug) {
$eventList = $plug->getEventList();
foreach ($eventList as $eventName) {
sql_query('INSERT INTO ' . sql_table('plugin_event') . ' (pid, event) VALUES (' . $pid . ', \'' . $eventName . '\')');
}
}
}
return $aErrors;
}
/**
* Cleans up entries in the activation table. All entries older than 2 days are removed.
* (static)
*
* @author dekarma
*/
function cleanupActivationTable()
{
$actdays = 2;
if (isset($CONF['ActivationDays']) && intval($CONF['ActivationDays']) > 0) {
$actdays = intval($CONF['ActivationDays']);
} else {
$CONF['ActivationDays'] = 2;
}
$boundary = time() - 60 * 60 * 24 * $actdays;
// 1. walk over all entries, and see if special actions need to be performed
$res = sql_query('SELECT * FROM ' . sql_table('activation') . ' WHERE vtime < \'' . date('Y-m-d H:i:s', $boundary) . '\'');
while ($o = sql_fetch_object($res)) {
switch ($o->vtype) {
case 'register':
// delete all information about this site member. registration is undone because there was
// no timely activation
include_once $DIR_LIBS . 'ADMIN.php';
ADMIN::deleteOneMember(intval($o->vmember));
break;
case 'addresschange':
// revert the e-mail address of the member back to old address
list($oldEmail, $oldCanLogin) = explode('/', $o->vextra);
sql_query('UPDATE ' . sql_table('member') . ' SET mcanlogin='******', memail=\'' . sql_real_escape_string($oldEmail) . '\' WHERE mnumber=' . intval($o->vmember));
break;
case 'forgot':
// delete the activation link and ignore. member can request a new password using the
// forgot password link
break;
}
}
// 2. delete activation entries for real
sql_query('DELETE FROM ' . sql_table('activation') . ' WHERE vtime < \'' . date('Y-m-d H:i:s', $boundary) . '\'');
}
function SE_unlockLogin($login)
{
sql_query("DELETE FROM " . sql_table('plug_securityenforcer') . " WHERE login='******'");
}
function _linklist_makeSelect($mode, $data, $default = '')
{
global $member;
$arr = array();
$str = '';
$arr_def = (array) $default;
$size = '';
$multiple = '';
switch ($mode) {
case 'bid[]':
$size = 'size="3"';
$multiple = 'multiple="multiple"';
$arr =& $data;
if (count($arr) < 2) {
//set default
$arr_def = array_keys($arr);
}
if (!$member->isAdmin() and count($arr_def) == 1 and empty($arr_def[0])) {
$arr_def[0] = array_shift(array_keys($arr));
}
break;
case 'gid':
case 'sortkey':
//alphabet (group)
$arr =& $data;
break;
case 'blogselected':
if ($data == 0 or !preg_match("/^[0-9,]+\$/", $data)) {
//hidden
$arr[0] = 'ALL';
} else {
//get blogname from ids
$query = sprintf("SELECT bnumber, bname FROM %s " . "WHERE bnumber IN (%s) ORDER BY bnumber", sql_table('blog'), $data);
$res = sql_query($query);
while ($row = mysql_fetch_assoc($res)) {
$arr[$row['bnumber']] = shorten($row['bname'], 15, '..');
}
}
break;
}
$str .= <<<OUT
<select name="{$mode}" {$size} {$multiple}>
OUT;
foreach ($arr as $key => $val) {
$selected = in_array($key, $arr_def) ? 'selected="selected"' : '';
if ($mode == 'bid[]') {
$val = "{$key}:{$val}";
}
$str .= <<<OUT
<option value="{$key}" {$selected}>{$val}</option>
OUT;
}
$str .= "</select>";
return $str;
}
function DefaultSkin()
{
$_ = htmlspecialchars($this->getOption('spskinname'), ENT_QUOTES, _CHARSET);
if (empty($_)) {
$sql = sprintf('SELECT sdname FROM `%s` ORDER BY `sdname` ASC', sql_table('skin_desc'));
$res = sql_fetch_assoc(sql_query($sql));
$_ = $res['sdname'];
}
$this->setOption('spskinname', $_);
return $_;
}
function getDesc($id)
{
$query = 'SELECT tddesc FROM ' . sql_table('template_desc') . ' WHERE tdnumber=' . intval($id);
$res = sql_query($query);
$obj = sql_fetch_object($res);
return $obj->tddesc;
}
/**
* static: returns an array of friendly names
*/
function getFriendlyNames()
{
$skintypes = array('index' => _SKIN_PART_MAIN, 'item' => _SKIN_PART_ITEM, 'archivelist' => _SKIN_PART_ALIST, 'archive' => _SKIN_PART_ARCHIVE, 'search' => _SKIN_PART_SEARCH, 'error' => _SKIN_PART_ERROR, 'member' => _SKIN_PART_MEMBER, 'imagepopup' => _SKIN_PART_POPUP);
$query = "SELECT stype FROM " . sql_table('skin') . " WHERE stype NOT IN ('index', 'item', 'error', 'search', 'archive', 'archivelist', 'imagepopup', 'member')";
$res = sql_query($query);
while ($row = sql_fetch_array($res)) {
$skintypes[strtolower($row['stype'])] = ucfirst($row['stype']);
}
return $skintypes;
}
function checkTBVersion()
{
$res = sql_query('SHOW FIELDS FROM ' . sql_table('plugin_tb'));
$fieldnames = array();
while ($co = sql_fetch_assoc($res)) {
$fieldnames[] = $co['Field'];
}
if (in_array('block', $fieldnames)) {
return TRUE;
} else {
return FALSE;
}
}
/**
* Adds a new comment to the database
* @param string $timestamp
* @param array $comment
* @return mixed
*/
function addComment($timestamp, $comment)
{
global $CONF, $member, $manager;
$blogid = getBlogIDFromItemID($this->itemid);
$settings =& $manager->getBlog($blogid);
$settings->readSettings();
// begin if: comments disabled
if (!$settings->commentsEnabled()) {
return _ERROR_COMMENTS_DISABLED;
}
// end if
// begin if: public cannot comment
if (!$settings->isPublic() && !$member->isLoggedIn()) {
return _ERROR_COMMENTS_NONPUBLIC;
}
// end if
// begin if: comment uses a protected member name
if ($CONF['ProtectMemNames'] && !$member->isLoggedIn() && MEMBER::isNameProtected($comment['user'])) {
return _ERROR_COMMENTS_MEMBERNICK;
}
// end if
// begin if: email required, but missing (doesn't apply to members)
if ($settings->emailRequired() && strlen($comment['email']) == 0 && !$member->isLoggedIn()) {
return _ERROR_EMAIL_REQUIRED;
}
// end if
## Note usage of mb_strlen() vs strlen() below ##
// begin if: commenter's name is too long
if (mb_strlen($comment['user']) > 40) {
return _ERROR_USER_TOO_LONG;
}
// end if
// begin if: commenter's email is too long
if (mb_strlen($comment['email']) > 100) {
return _ERROR_EMAIL_TOO_LONG;
}
// end if
// begin if: commenter's url is too long
if (mb_strlen($comment['userid']) > 100) {
return _ERROR_URL_TOO_LONG;
}
// end if
$comment['timestamp'] = $timestamp;
$comment['host'] = gethostbyaddr(serverVar('REMOTE_ADDR'));
$comment['ip'] = serverVar('REMOTE_ADDR');
// begin if: member is logged in, use that data
if ($member->isLoggedIn()) {
$comment['memberid'] = $member->getID();
$comment['user'] = '';
$comment['userid'] = '';
$comment['email'] = '';
} else {
$comment['memberid'] = 0;
}
// spam check
$continue = FALSE;
$plugins = array();
if (isset($manager->subscriptions['ValidateForm'])) {
$plugins = array_merge($plugins, $manager->subscriptions['ValidateForm']);
}
if (isset($manager->subscriptions['PreAddComment'])) {
$plugins = array_merge($plugins, $manager->subscriptions['PreAddComment']);
}
if (isset($manager->subscriptions['PostAddComment'])) {
$plugins = array_merge($plugins, $manager->subscriptions['PostAddComment']);
}
$plugins = array_unique($plugins);
while (list(, $plugin) = each($plugins)) {
$p = $manager->getPlugin($plugin);
$continue = $continue || $p->supportsFeature('handleSpam');
}
$spamcheck = array('type' => 'comment', 'body' => $comment['body'], 'id' => $comment['itemid'], 'live' => TRUE, 'return' => $continue);
// begin if: member logged in
if ($member->isLoggedIn()) {
$spamcheck['author'] = $member->displayname;
$spamcheck['email'] = $member->email;
} else {
$spamcheck['author'] = $comment['user'];
$spamcheck['email'] = $comment['email'];
$spamcheck['url'] = $comment['userid'];
}
// end if
$manager->notify('SpamCheck', array('spamcheck' => &$spamcheck));
if (!$continue && isset($spamcheck['result']) && $spamcheck['result'] == TRUE) {
return _ERROR_COMMENTS_SPAM;
}
// isValidComment returns either "1" or an error message
$isvalid = $this->isValidComment($comment, $spamcheck);
if ($isvalid != 1) {
return $isvalid;
}
// begin if: send email to notification address
if ($settings->getNotifyAddress() && $settings->notifyOnComment()) {
$mailto_msg = _NOTIFY_NC_MSG . ' ' . $this->itemid . "\n";
// $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $this->itemid . "\n\n";
$temp = parse_url($CONF['Self']);
if ($temp['scheme']) {
$mailto_msg .= createItemLink($this->itemid) . "\n\n";
} else {
$tempurl = $settings->getURL();
if (substr($tempurl, -1) == '/' || substr($tempurl, -4) == '.php') {
$mailto_msg .= $tempurl . '?itemid=' . $this->itemid . "\n\n";
} else {
$mailto_msg .= $tempurl . '/?itemid=' . $this->itemid . "\n\n";
}
}
if ($comment['memberid'] == 0) {
$mailto_msg .= _NOTIFY_USER . ' ' . $comment['user'] . "\n";
$mailto_msg .= _NOTIFY_USERID . ' ' . $comment['userid'] . "\n";
} else {
$mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
}
$mailto_msg .= _NOTIFY_HOST . ' ' . $comment['host'] . "\n";
$mailto_msg .= _NOTIFY_COMMENT . "\n " . $comment['body'] . "\n";
$mailto_msg .= getMailFooter();
$item =& $manager->getItem($this->itemid, 0, 0);
$mailto_title = _NOTIFY_NC_TITLE . ' ' . strip_tags($item['title']) . ' (' . $this->itemid . ')';
$frommail = $member->getNotifyFromMailAddress($comment['email']);
$notify =& new NOTIFICATION($settings->getNotifyAddress());
$notify->notify($mailto_title, $mailto_msg, $frommail);
}
$comment = COMMENT::prepare($comment);
$manager->notify('PreAddComment', array('comment' => &$comment, 'spamcheck' => &$spamcheck));
$name = sql_real_escape_string($comment['user']);
$url = sql_real_escape_string($comment['userid']);
$email = sql_real_escape_string($comment['email']);
$body = sql_real_escape_string($comment['body']);
$host = sql_real_escape_string($comment['host']);
$ip = sql_real_escape_string($comment['ip']);
$memberid = intval($comment['memberid']);
$timestamp = date('Y-m-d H:i:s', $comment['timestamp']);
$itemid = $this->itemid;
$qSql = 'SELECT COUNT(*) AS result ' . 'FROM ' . sql_table('comment') . ' WHERE ' . 'cmail = "' . $url . '"' . ' AND cmember = "' . $memberid . '"' . ' AND cbody = "' . $body . '"' . ' AND citem = "' . $itemid . '"' . ' AND cblog = "' . $blogid . '"';
$result = (int) quickQuery($qSql);
if ($result > 0) {
return _ERROR_BADACTION;
}
$query = 'INSERT INTO ' . sql_table('comment') . ' (CUSER, CMAIL, CEMAIL, CMEMBER, CBODY, CITEM, CTIME, CHOST, CIP, CBLOG) ' . "VALUES ('{$name}', '{$url}', '{$email}', {$memberid}, '{$body}', {$itemid}, '{$timestamp}', '{$host}', '{$ip}', '{$blogid}')";
sql_query($query);
// post add comment
$commentid = sql_insert_id();
$manager->notify('PostAddComment', array('comment' => &$comment, 'commentid' => &$commentid, 'spamcheck' => &$spamcheck));
// succeeded !
return TRUE;
}
