/**
* Delete a user
*
* @param int $uid id of user to delete
* @return string HTML redirect
*
*/
function deleteUser($uid)
{
global $_CONF;
if (!USER_deleteAccount($uid)) {
COM_redirect($_CONF['site_admin_url'] . '/user.php');
}
COM_redirect($_CONF['site_admin_url'] . '/user.php?msg=22');
}
/**
* This will save a submission
*
* @param string $type Type of submission we are dealing with
* @param array $A Data for that submission
*
*/
function savesubmission($type, $A)
{
global $_CONF, $_TABLES, $LANG12;
COM_clearSpeedlimit($_CONF['speedlimit'], 'submit');
$last = COM_checkSpeedlimit('submit');
if ($last > 0) {
$retval = COM_showMessageText($LANG12[30] . $last . $LANG12[31], $LANG12[26]);
$retval = COM_createHTMLDocument($retval);
return $retval;
}
if (!empty($type) && $type !== 'story') {
// Update the submitspeedlimit for user - assuming Plugin approves
// submission record
COM_updateSpeedlimit('submit');
// see if this is a submission that needs to be handled by a plugin
// and should include its own redirect
$retval = PLG_saveSubmission($type, $A);
if ($retval === false) {
COM_errorLog("Could not save your submission. Bad type: {$type}");
} elseif (empty($retval)) {
// plugin should include its own redirect - but in case handle
// it here and redirect to the main page
PLG_submissionSaved($type);
COM_redirect($_CONF['site_url'] . '/index.php');
} else {
PLG_submissionSaved($type);
return $retval;
}
}
if (!empty($A['title']) && !empty($A['introtext']) && TOPIC_checkTopicSelectionControl()) {
$retval = savestory($A);
PLG_submissionSaved($type);
} else {
$retval = COM_showMessageText($LANG12[23], $LANG12[22]) . submissionform($type);
$retval = COM_createHTMLDocument($retval);
}
return $retval;
}
/**
* Return the current user status for a user.
* NOTE: May not return for banned/non-approved users.
*
* @param int $userid Valid uid value.
* @return int user status, 0-3
*/
function SEC_checkUserStatus($userid)
{
global $_CONF, $_TABLES;
// Check user status
$status = DB_getItem($_TABLES['users'], 'status', "uid={$userid}");
// only do redirects if we aren't on users.php in a valid mode (logout or
// default)
if (strpos($_SERVER['PHP_SELF'], 'users.php') === false) {
$redirect = true;
} else {
if (empty($_REQUEST['mode']) || $_REQUEST['mode'] == 'logout') {
$redirect = false;
} else {
$redirect = true;
}
}
if ($status == USER_ACCOUNT_AWAITING_ACTIVATION) {
DB_change($_TABLES['users'], 'status', USER_ACCOUNT_ACTIVE, 'uid', $userid);
} elseif ($status == USER_ACCOUNT_AWAITING_APPROVAL) {
// If we aren't on users.php with a default action then go to it
if ($redirect) {
COM_accessLog("SECURITY: Attempted Cookie Session login from user awaiting approval {$userid}.");
COM_redirect($_CONF['site_url'] . '/users.php?msg=70');
}
} elseif ($status == USER_ACCOUNT_DISABLED) {
if ($redirect) {
COM_accessLog("SECURITY: Attempted Cookie Session login from banned user {$userid}.");
COM_redirect($_CONF['site_url'] . '/users.php?msg=69');
}
}
return $status;
}
/**
* Saves an event to the database
*
* (parameters should be obvious - old list was incomplete anyway)
* @return string HTML redirect or error message
*
*/
function CALENDAR_saveEvent($eid, $title, $event_type, $url, $allday, $start_month, $start_day, $start_year, $start_hour, $start_minute, $start_ampm, $end_month, $end_day, $end_year, $end_hour, $end_minute, $end_ampm, $location, $address1, $address2, $city, $state, $zipcode, $description, $postmode, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $hour_mode)
{
global $_CONF, $_TABLES, $_USER, $LANG_CAL_ADMIN, $MESSAGE, $_CA_CONF;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$access = 0;
if (DB_count($_TABLES['events'], 'eid', $eid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon FROM {$_TABLES['events']} " . "WHERE eid = '{$eid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit event {$eid}.");
return $retval;
}
if ($hour_mode == 24) {
// to avoid having to mess with the tried and tested code below, map
// the 24-hour values onto their 12-hour counterparts and use those
if ($start_hour >= 12) {
$start_ampm = 'pm';
$start_hour = $start_hour - 12;
} else {
$start_ampm = 'am';
$start_hour = $start_hour;
}
if ($start_hour == 0) {
$start_hour = 12;
}
if ($end_hour >= 12) {
$end_ampm = 'pm';
$end_hour = $end_hour - 12;
} else {
$end_ampm = 'am';
$end_hour = $end_hour;
}
if ($end_hour == 0) {
$end_hour = 12;
}
}
if ($allday == 'on') {
$allday = 1;
} else {
$allday = 0;
}
// Make sure start date is before end date
if (checkdate($start_month, $start_day, $start_year)) {
$datestart = sprintf('%4d-%02d-%02d', $start_year, $start_month, $start_day);
$timestart = $start_hour . ':' . $start_minute . ':00';
} else {
$retval .= COM_showMessageText($LANG_CAL_ADMIN[23], $LANG_CAL_ADMIN[2]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
return $retval;
}
if (checkdate($end_month, $end_day, $end_year)) {
$dateend = sprintf('%4d-%02d-%02d', $end_year, $end_month, $end_day);
$timeend = $end_hour . ':' . $end_minute . ':00';
} else {
$retval .= COM_showMessageText($LANG_CAL_ADMIN[24], $LANG_CAL_ADMIN[2]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
return $retval;
}
if ($allday == 0) {
if ($dateend < $datestart) {
$retval .= COM_showMessageText($LANG_CAL_ADMIN[25], $LANG_CAL_ADMIN[2]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
return $retval;
}
} else {
if ($dateend < $datestart) {
// Force end date to be same as start date
$dateend = $datestart;
}
}
// Remove any autotags the user doesn't have permission to use
$description = PLG_replaceTags($description, '', true);
// clean 'em up
if ($postmode == 'html') {
$description = COM_checkHTML(COM_checkWords($description), 'calendar.edit');
} else {
$postmode = 'plaintext';
$description = htmlspecialchars(COM_checkWords($description));
}
$description = DB_escapeString($description);
$title = DB_escapeString(strip_tags(COM_checkWords($title)));
$location = DB_escapeString(COM_checkHTML(COM_checkWords($location), 'calendar.edit'));
$address1 = DB_escapeString(strip_tags(COM_checkWords($address1)));
$address2 = DB_escapeString(strip_tags(COM_checkWords($address2)));
$city = DB_escapeString(strip_tags(COM_checkWords($city)));
$zipcode = DB_escapeString(strip_tags(COM_checkWords($zipcode)));
$event_type = DB_escapeString(strip_tags(COM_checkWords($event_type)));
$url = DB_escapeString(strip_tags($url));
if ($allday == 0) {
// Add 12 to make time on 24 hour clock if needed
if ($start_ampm == 'pm' and $start_hour != 12) {
$start_hour = $start_hour + 12;
}
// If 12AM set hour to 00
if ($start_ampm == 'am' and $start_hour == 12) {
$start_hour = '00';
}
// Add 12 to make time on 24 hour clock if needed
if ($end_ampm == 'pm' and $end_hour != 12) {
$end_hour = $end_hour + 12;
}
// If 12AM set hour to 00
if ($end_ampm == 'am' and $end_hour == 12) {
$end_hour = '00';
}
$timestart = $start_hour . ':' . $start_minute . ':00';
$timeend = $end_hour . ':' . $end_minute . ':00';
}
if (!empty($eid) and !empty($description) and !empty($title)) {
if (!SEC_checkToken()) {
COM_accessLog("User {$_USER['username']} tried to save event {$eid} and failed CSRF checks.");
COM_redirect($_CONF['site_admin_url'] . '/plugins/calendar/index.php');
}
$hits = DB_getItem($_TABLES['events'], 'hits', "eid = '{$eid}'");
if (empty($hits)) {
$hits = 0;
}
DB_delete($_TABLES['eventsubmission'], 'eid', $eid);
DB_save($_TABLES['events'], 'eid,title,event_type,url,allday,datestart,dateend,timestart,' . 'timeend,location,address1,address2,city,state,zipcode,description,' . 'postmode,owner_id,group_id,perm_owner,perm_group,perm_members,' . 'perm_anon,hits', "'{$eid}','{$title}','{$event_type}','{$url}',{$allday},'{$datestart}'," . "'{$dateend}','{$timestart}','{$timeend}','{$location}','{$address1}'," . "'{$address2}','{$city}','{$state}','{$zipcode}','{$description}','{$postmode}'," . "{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$hits}");
if (DB_count($_TABLES['personal_events'], 'eid', $eid) > 0) {
$result = DB_query("SELECT uid FROM {$_TABLES['personal_events']} " . "WHERE eid = '{$eid}'");
$numrows = DB_numRows($result);
for ($i = 1; $i <= $numrows; $i++) {
$P = DB_fetchArray($result);
DB_save($_TABLES['personal_events'], 'eid,title,event_type,datestart,dateend,address1,address2,' . 'city,state,zipcode,allday,url,description,postmode,' . 'group_id,owner_id,perm_owner,perm_group,perm_members,' . 'perm_anon,uid,location,timestart,timeend', "'{$eid}','{$title}','{$event_type}','{$datestart}','{$dateend}'," . "'{$address1}','{$address2}','{$city}','{$state}','{$zipcode}'," . "{$allday},'{$url}','{$description}','{$postmode}',{$group_id}," . "{$owner_id},{$perm_owner},{$perm_group},{$perm_members}," . "{$perm_anon},{$P['uid']},'{$location}','{$timestart}','{$timeend}'");
}
}
PLG_itemSaved($eid, 'calendar');
COM_rdfUpToDateCheck('calendar', $event_type, $eid);
return PLG_afterSaveSwitch($_CA_CONF['aftersave'], $_CONF['site_url'] . '/calendar/event.php?eid=' . $eid, 'calendar', 17);
} else {
$retval .= COM_showMessageText($LANG_CAL_ADMIN[10], $LANG_CAL_ADMIN[2]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
return $retval;
}
}
/**
* Shows story editor
* Displays the story entry form
*
* @param string $sid ID of story to edit
* @param string $mode 'preview', 'edit', 'editsubmission', 'clone'
* @param string $errormsg a message to display on top of the page
* @return string HTML for story editor
*/
function storyeditor($sid = '', $mode = '', $errormsg = '')
{
global $_CONF, $_TABLES, $_USER, $LANG24, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $_SCRIPTS, $LANG_DIRECTION, $LANG_MONTH, $LANG_WEEK;
$display = '';
if (!isset($_CONF['hour_mode'])) {
$_CONF['hour_mode'] = 12;
}
if (!empty($errormsg)) {
$display .= COM_showMessageText($errormsg, $LANG24[25]);
}
$story = new Story();
if ($mode == 'preview') {
// Handle Magic GPC Garbage:
while (list($key, $value) = each($_POST)) {
if (!is_array($value)) {
$_POST[$key] = COM_stripslashes($value);
} else {
while (list($subkey, $subvalue) = each($value)) {
$value[$subkey] = COM_stripslashes($subvalue);
}
}
}
$result = $story->loadFromArgsArray($_POST);
if ($_CONF['maximagesperarticle'] > 0) {
$errors = $story->checkAttachedImages();
if (count($errors) > 0) {
$msg = $LANG24[55] . LB . '<ul>' . LB;
foreach ($errors as $err) {
$msg .= '<li>' . $err . '</li>' . LB;
}
$msg .= '</ul>' . LB;
$display .= COM_showMessageText($msg, $LANG24[54]);
}
}
} else {
$result = $story->loadFromDatabase($sid, $mode);
}
if ($result == STORY_PERMISSION_DENIED || $result == STORY_NO_ACCESS_PARAMS) {
$display .= COM_showMessageText($LANG24[42], $LANG_ACCESS['accessdenied']);
COM_accessLog("User {$_USER['username']} tried to illegally access story {$sid}.");
return $display;
} elseif ($result == STORY_EDIT_DENIED || $result == STORY_EXISTING_NO_EDIT_PERMISSION) {
$display .= COM_showMessageText($LANG24[41], $LANG_ACCESS['accessdenied']);
$display .= STORY_renderArticle($story, 'p');
COM_accessLog("User {$_USER['username']} tried to illegally edit story {$sid}.");
return $display;
} elseif ($result == STORY_INVALID_SID) {
if ($mode == 'editsubmission') {
// that submission doesn't seem to be there any more (may have been
// handled by another Admin) - take us back to the moderation page
COM_redirect($_CONF['site_admin_url'] . '/moderation.php');
} else {
COM_redirect($_CONF['site_admin_url'] . '/story.php');
}
} elseif ($result == STORY_DUPLICATE_SID) {
$display .= COM_showMessageText($LANG24[24]);
}
// Load HTML templates
$story_templates = COM_newTemplate($_CONF['path_layout'] . 'admin/story');
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
$story_templates->set_file(array('editor' => 'storyeditor_advanced.thtml'));
$advanced_editormode = true;
$story_templates->set_var('change_editormode', 'onchange="change_editmode(this);"');
require_once $_CONF['path_system'] . 'classes/navbar.class.php';
$story_templates->set_var('show_preview', 'none');
$story_templates->set_var('lang_expandhelp', $LANG24[67]);
$story_templates->set_var('lang_reducehelp', $LANG24[68]);
$story_templates->set_var('lang_publishdate', $LANG24[69]);
$story_templates->set_var('lang_toolbar', $LANG24[70]);
$story_templates->set_var('toolbar1', $LANG24[71]);
$story_templates->set_var('toolbar2', $LANG24[72]);
$story_templates->set_var('toolbar3', $LANG24[73]);
$story_templates->set_var('toolbar4', $LANG24[74]);
$story_templates->set_var('toolbar5', $LANG24[75]);
if ($story->EditElements('advanced_editor_mode') == 1 || $story->EditElements('postmode') == 'adveditor') {
$story_templates->set_var('show_texteditor', 'none');
$story_templates->set_var('show_htmleditor', '');
} else {
$story_templates->set_var('show_texteditor', '');
$story_templates->set_var('show_htmleditor', 'none');
}
} else {
$story_templates->set_file(array('editor' => 'storyeditor.thtml'));
$advanced_editormode = false;
}
$story_templates->set_var('hour_mode', $_CONF['hour_mode']);
if ($story->hasContent()) {
$previewContent = STORY_renderArticle($story, 'p');
if ($advanced_editormode && $previewContent != '') {
$story_templates->set_var('preview_content', $previewContent);
} elseif ($previewContent != '') {
$display .= COM_startBlock($LANG24[26], '', COM_getBlockTemplate('_admin_block', 'header'));
$display .= $previewContent;
$display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
}
}
if ($advanced_editormode) {
$navbar = new navbar();
if (!empty($previewContent)) {
$navbar->add_menuitem($LANG24[79], 'showhideEditorDiv("preview",0);return false;', true);
$navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",1);return false;', true);
$navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",2);return false;', true);
$navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",3);return false;', true);
$navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",4);return false;', true);
$navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",5);return false;', true);
$navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",6);return false;', true);
} else {
$navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",0);return false;', true);
$navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",1);return false;', true);
$navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",2);return false;', true);
$navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",3);return false;', true);
$navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",4);return false;', true);
$navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",5);return false;', true);
}
if ($mode == 'preview') {
$story_templates->set_var('show_preview', '');
$story_templates->set_var('show_htmleditor', 'none');
$story_templates->set_var('show_texteditor', 'none');
$story_templates->set_var('show_submitoptions', 'none');
$navbar->set_selected($LANG24[79]);
} else {
$navbar->set_selected($LANG24[80]);
}
$story_templates->set_var('navbar', $navbar->generate());
}
$oldSid = $story->EditElements('originalSid');
if (!empty($oldSid) && $mode != 'clone') {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$story_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$story_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
$story_templates->set_var('allow_delete', true);
$story_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
$story_templates->set_var('confirm_message', $MESSAGE[76]);
}
if ($mode == 'editsubmission' || $story->type == 'submission') {
$story_templates->set_var('submission_option', '<input type="hidden" name="type" value="submission"' . XHTML . '>');
}
$story_templates->set_var('lang_author', $LANG24[7]);
$storyauthor = COM_getDisplayName($story->EditElements('uid'));
$story_templates->set_var('story_author', $storyauthor);
$story_templates->set_var('author', $storyauthor);
$story_templates->set_var('story_uid', $story->EditElements('uid'));
// user access info
$story_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$story_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($story->EditElements('owner_id'));
$story_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', 'uid = ' . $story->EditElements('owner_id')));
$story_templates->set_var('owner_name', $ownername);
$story_templates->set_var('owner', $ownername);
$story_templates->set_var('owner_id', $story->EditElements('owner_id'));
$story_templates->set_var('lang_group', $LANG_ACCESS['group']);
$story_templates->set_var('group_dropdown', SEC_getGroupDropdown($story->EditElements('group_id'), 3));
$story_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$story_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
$story_templates->set_var('permissions_editor', SEC_getPermissionsHTML($story->EditElements('perm_owner'), $story->EditElements('perm_group'), $story->EditElements('perm_members'), $story->EditElements('perm_anon')));
$story_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']);
$story_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$curtime = COM_getUserDateTimeFormat($story->EditElements('date'));
$story_templates->set_var('lang_date', $LANG24[15]);
$story_templates->set_var('publish_second', $story->EditElements('publish_second'));
$publish_ampm = '';
$publish_hour = $story->EditElements('publish_hour');
if ($publish_hour >= 12) {
if ($publish_hour > 12) {
$publish_hour = $publish_hour - 12;
}
$ampm = 'pm';
} else {
$ampm = 'am';
}
$ampm_select = COM_getAmPmFormSelection('publish_ampm', $ampm);
$story_templates->set_var('publishampm_selection', $ampm_select);
$month_options = COM_getMonthFormOptions($story->EditElements('publish_month'));
$story_templates->set_var('publish_month_options', $month_options);
$day_options = COM_getDayFormOptions($story->EditElements('publish_day'));
$story_templates->set_var('publish_day_options', $day_options);
$year_options = COM_getYearFormOptions($story->EditElements('publish_year'));
$story_templates->set_var('publish_year_options', $year_options);
if ($_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($story->EditElements('publish_hour'), 24);
} else {
$hour_options = COM_getHourFormOptions($publish_hour);
}
$story_templates->set_var('publish_hour_options', $hour_options);
$minute_options = COM_getMinuteFormOptions($story->EditElements('publish_minute'));
$story_templates->set_var('publish_minute_options', $minute_options);
$story_templates->set_var('publish_date_explanation', $LANG24[46]);
$story_templates->set_var('story_unixstamp', $story->EditElements('unixdate'));
$story_templates->set_var('expire_second', $story->EditElements('expire_second'));
$expire_ampm = '';
$expire_hour = $story->EditElements('expire_hour');
if ($expire_hour >= 12) {
if ($expire_hour > 12) {
$expire_hour = $expire_hour - 12;
}
$ampm = 'pm';
} else {
$ampm = 'am';
}
$ampm_select = COM_getAmPmFormSelection('expire_ampm', $ampm);
if (empty($ampm_select)) {
// have a hidden field to 24 hour mode to prevent JavaScript errors
$ampm_select = '<input type="hidden" name="expire_ampm" value=""' . XHTML . '>';
}
$story_templates->set_var('expireampm_selection', $ampm_select);
$month_options = COM_getMonthFormOptions($story->EditElements('expire_month'));
$story_templates->set_var('expire_month_options', $month_options);
$day_options = COM_getDayFormOptions($story->EditElements('expire_day'));
$story_templates->set_var('expire_day_options', $day_options);
$year_options = COM_getYearFormOptions($story->EditElements('expire_year'));
$story_templates->set_var('expire_year_options', $year_options);
if ($_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($story->EditElements('expire_hour'), 24);
} else {
$hour_options = COM_getHourFormOptions($expire_hour);
}
$story_templates->set_var('expire_hour_options', $hour_options);
$minute_options = COM_getMinuteFormOptions($story->EditElements('expire_minute'));
$story_templates->set_var('expire_minute_options', $minute_options);
$story_templates->set_var('expire_date_explanation', $LANG24[46]);
$story_templates->set_var('story_unixstamp', $story->EditElements('expirestamp'));
$atopic = DB_getItem($_TABLES['topics'], 'tid', "archive_flag = 1");
$have_archive_topic = empty($atopic) ? false : true;
if ($story->EditElements('statuscode') == STORY_ARCHIVE_ON_EXPIRE) {
$story_templates->set_var('is_checked2', 'checked="checked"');
$story_templates->set_var('is_checked3', 'checked="checked"');
$js_showarchivedisabled = 'false';
$have_archive_topic = true;
// force display of auto archive option
} elseif ($story->EditElements('statuscode') == STORY_DELETE_ON_EXPIRE) {
$story_templates->set_var('is_checked2', 'checked="checked"');
$story_templates->set_var('is_checked4', 'checked="checked"');
if (!$have_archive_topic) {
$story_templates->set_var('is_checked3', 'style="display:none;"');
}
$js_showarchivedisabled = 'false';
} else {
if (!$have_archive_topic) {
$story_templates->set_var('is_checked3', 'style="display:none;"');
}
$js_showarchivedisabled = 'true';
}
$story_templates->set_var('lang_archivetitle', $LANG24[58]);
$story_templates->set_var('lang_option', $LANG24[59]);
$story_templates->set_var('lang_enabled', $LANG_ADMIN['enabled']);
$story_templates->set_var('lang_story_stats', $LANG24[87]);
if ($have_archive_topic) {
$story_templates->set_var('lang_optionarchive', $LANG24[61]);
} else {
$story_templates->set_var('lang_optionarchive', '');
}
$story_templates->set_var('lang_optiondelete', $LANG24[62]);
$story_templates->set_var('lang_title', $LANG_ADMIN['title']);
$story_templates->set_var('story_title', $story->EditElements('title'));
$story_templates->set_var('lang_page_title', $LANG_ADMIN['page_title']);
$story_templates->set_var('page_title', $story->EditElements('page_title'));
$story_templates->set_var('lang_metadescription', $LANG_ADMIN['meta_description']);
$story_templates->set_var('meta_description', $story->EditElements('meta_description'));
$story_templates->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']);
$story_templates->set_var('meta_keywords', $story->EditElements('meta_keywords'));
if ($_CONF['meta_tags'] > 0) {
$story_templates->set_var('hide_meta', '');
} else {
$story_templates->set_var('hide_meta', ' style="display:none;"');
}
$story_templates->set_var('lang_topic', $LANG_ADMIN['topic']);
if ($mode == 'preview') {
$tlist = TOPIC_getTopicSelectionControl('article', '', false, true, true);
} else {
$tlist = TOPIC_getTopicSelectionControl('article', $oldSid, false, true, true);
}
if (empty($tlist)) {
$display .= COM_showMessage(101);
return $display;
}
$story_templates->set_var('topic_selection', $tlist);
$story_templates->set_var('lang_show_topic_icon', $LANG24[56]);
if ($story->EditElements('show_topic_icon') == 1) {
$story_templates->set_var('show_topic_icon_checked', 'checked="checked"');
} else {
$story_templates->set_var('show_topic_icon_checked', '');
}
$story_templates->set_var('lang_cachetime', $LANG24['cache_time']);
$story_templates->set_var('lang_cachetime_desc', $LANG24['cache_time_desc']);
$story_templates->set_var('cache_time', $story->EditElements('cache_time'));
$story_templates->set_var('lang_draft', $LANG24[34]);
if ($story->EditElements('draft_flag')) {
$story_templates->set_var('is_checked', 'checked="checked"');
}
$story_templates->set_var('lang_mode', $LANG24[3]);
$story_templates->set_var('status_options', COM_optionList($_TABLES['statuscodes'], 'code,name', $story->EditElements('statuscode')));
$story_templates->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $story->EditElements('commentcode')));
$story_templates->set_var('trackback_options', COM_optionList($_TABLES['trackbackcodes'], 'code,name', $story->EditElements('trackbackcode')));
// comment expire
$story_templates->set_var('lang_cmt_disable', $LANG24[63]);
if ($story->EditElements('cmt_close')) {
$story_templates->set_var('is_checked5', 'checked="checked"');
$js_showcmtclosedisabled = 'false';
} else {
$js_showcmtclosedisabled = 'true';
}
$month_options = COM_getMonthFormOptions($story->EditElements('cmt_close_month'));
$story_templates->set_var('cmt_close_month_options', $month_options);
$day_options = COM_getDayFormOptions($story->EditElements('cmt_close_day'));
$story_templates->set_var('cmt_close_day_options', $day_options);
// ensure that the year dropdown includes the close year
$endtm = mktime(0, 0, 0, date('m'), date('d') + $_CONF['article_comment_close_days'], date('Y'));
$yoffset = date('Y', $endtm) - date('Y');
$close_year = $story->EditElements('cmt_close_year');
if ($yoffset < -1) {
$year_options = COM_getYearFormOptions($close_year, $yoffset);
} elseif ($yoffset > 5) {
$year_options = COM_getYearFormOptions($close_year, -1, $yoffset);
} else {
$year_options = COM_getYearFormOptions($close_year);
}
$story_templates->set_var('cmt_close_year_options', $year_options);
$cmt_close_ampm = '';
$cmt_close_hour = $story->EditElements('cmt_close_hour');
//correct hour
if ($cmt_close_hour >= 12) {
if ($cmt_close_hour > 12) {
$cmt_close_hour = $cmt_close_hour - 12;
}
$ampm = 'pm';
} else {
$ampm = 'am';
}
$ampm_select = COM_getAmPmFormSelection('cmt_close_ampm', $ampm);
if (empty($ampm_select)) {
// have a hidden field to 24 hour mode to prevent JavaScript errors
$ampm_select = '<input type="hidden" name="cmt_close_ampm" value=""' . XHTML . '>';
}
$story_templates->set_var('cmt_close_ampm_selection', $ampm_select);
if ($_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($story->EditElements('cmt_close_hour'), 24);
} else {
$hour_options = COM_getHourFormOptions($cmt_close_hour);
}
$story_templates->set_var('cmt_close_hour_options', $hour_options);
$minute_options = COM_getMinuteFormOptions($story->EditElements('cmt_close_minute'));
$story_templates->set_var('cmt_close_minute_options', $minute_options);
$story_templates->set_var('cmt_close_second', $story->EditElements('cmt_close_second'));
if ($_CONF['onlyrootfeatures'] == 1 && SEC_inGroup('Root') or $_CONF['onlyrootfeatures'] !== 1) {
$featured_options = "<select name=\"featured\">" . LB . COM_optionList($_TABLES['featurecodes'], 'code,name', $story->EditElements('featured')) . "</select>" . LB;
} else {
$featured_options = "<input type=\"hidden\" name=\"featured\" value=\"0\"" . XHTML . ">";
}
$story_templates->set_var('featured_options', $featured_options);
$story_templates->set_var('frontpage_options', COM_optionList($_TABLES['frontpagecodes'], 'code,name', $story->EditElements('frontpage')));
$story_templates->set_var('story_introtext', $story->EditElements('introtext'));
$story_templates->set_var('story_bodytext', $story->EditElements('bodytext'));
$story_templates->set_var('lang_introtext', $LANG24[16]);
$story_templates->set_var('lang_bodytext', $LANG24[17]);
$story_templates->set_var('lang_postmode', $LANG24[4]);
$story_templates->set_var('lang_publishoptions', $LANG24[76]);
$story_templates->set_var('noscript', COM_getNoScript(false, $LANG24[77], sprintf($LANG24[78], $_CONF['site_admin_url'], $sid)));
$postmode = $story->EditElements('postmode');
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') {
$postmode = '';
}
}
$post_options = COM_optionList($_TABLES['postmodes'], 'code,name', $postmode);
$postmode_list = 'plaintext,html';
// If Advanced Mode - add post option and set default if editing story created with Advanced Editor
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
$postmode_list .= ',adveditor';
if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') {
$post_options .= '<option value="adveditor" selected="selected">' . $LANG24[86] . '</option>';
} else {
$post_options .= '<option value="adveditor">' . $LANG24[86] . '</option>';
}
}
if ($_CONF['wikitext_editor']) {
$postmode_list .= ',wikitext';
if ($story->EditElements('postmode') == 'wikitext') {
$post_options .= '<option value="wikitext" selected="selected">' . $LANG24[88] . '</option>';
} else {
$post_options .= '<option value="wikitext">' . $LANG24[88] . '</option>';
}
}
$story_templates->set_var('post_options', $post_options);
$postmode_array = explode(',', $postmode_list);
$allowed_html = '';
foreach ($postmode_array as $pm) {
$allowed_html .= COM_allowedHTML('story.edit', false, 1, $pm);
}
$allowed_tags = array('code', 'raw');
if ($_CONF['allow_page_breaks'] == 1) {
$allowed_tags = array_merge($allowed_tags, array('page_break'));
}
$allowed_html .= COM_allowedAutotags(false, $allowed_tags);
$story_templates->set_var('lang_allowed_html', $allowed_html);
$fileinputs = '';
$saved_images = '';
if ($_CONF['maximagesperarticle'] > 0) {
$story_templates->set_var('lang_images', $LANG24[47]);
$icount = DB_count($_TABLES['article_images'], 'ai_sid', $story->getSid());
if ($icount > 0) {
$result_articles = DB_query("SELECT * FROM {$_TABLES['article_images']} WHERE ai_sid = '" . $story->getSid() . "'");
for ($z = 1; $z <= $icount; $z++) {
$I = DB_fetchArray($result_articles);
$saved_images .= $z . ') ' . COM_createLink($I['ai_filename'], $_CONF['site_url'] . '/images/articles/' . $I['ai_filename']) . ' ' . $LANG_ADMIN['delete'] . ': <input type="checkbox" name="delete[' . $I['ai_img_num'] . ']"' . XHTML . '><br' . XHTML . '>';
}
}
$newallowed = $_CONF['maximagesperarticle'] - $icount;
for ($z = $icount + 1; $z <= $_CONF['maximagesperarticle']; $z++) {
$fileinputs .= $z . ') <input type="file" dir="ltr" name="file' . $z . '"' . XHTML . '>';
if ($z < $_CONF['maximagesperarticle']) {
$fileinputs .= '<br' . XHTML . '>';
}
}
$fileinputs .= '<br' . XHTML . '>' . $LANG24[51];
if ($_CONF['allow_user_scaling'] == 1) {
$fileinputs .= $LANG24[27];
}
$fileinputs .= $LANG24[28] . '<br' . XHTML . '>';
}
// Add JavaScript
$_SCRIPTS->setJavaScriptFile('story_editor', '/javascript/story_editor.js');
if ($_CONF['titletoid'] && empty($oldSid)) {
$_SCRIPTS->setJavaScriptFile('title_2_id', '/javascript/title_2_id.js');
$story_templates->set_var('titletoid', true);
}
$_SCRIPTS->setJavaScriptFile('postmode_control', '/javascript/postmode_control.js');
// Loads jQuery UI datepicker and timepicker-addon
$_SCRIPTS->setJavaScriptLibrary('jquery.ui.slider');
// $_SCRIPTS->setJavaScriptLibrary('jquery.ui.button');
$_SCRIPTS->setJavaScriptLibrary('jquery.ui.datepicker');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-i18n');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-timepicker-addon');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-timepicker-addon-i18n');
// $_SCRIPTS->setJavaScriptLibrary('jquery-ui-slideraccess');
$_SCRIPTS->setJavaScriptFile('datetimepicker', '/javascript/datetimepicker.js');
$langCode = COM_getLangIso639Code();
$toolTip = $MESSAGE[118];
$imgUrl = $_CONF['site_url'] . '/images/calendar.png';
$_SCRIPTS->setJavaScript("jQuery(function () {" . " geeklog.hour_mode = {$_CONF['hour_mode']};" . " geeklog.datetimepicker.set('publish', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . " geeklog.datetimepicker.set('expire', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . " geeklog.datetimepicker.set('cmt_close', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . "});", true, true);
// Setup Advanced Editor
COM_setupAdvancedEditor('/javascript/storyeditor_adveditor.js');
$story_templates->set_var('saved_images', $saved_images);
$story_templates->set_var('image_form_elements', $fileinputs);
$story_templates->set_var('lang_hits', $LANG24[18]);
$story_templates->set_var('story_hits', $story->EditElements('hits'));
$story_templates->set_var('lang_comments', $LANG24[19]);
$story_templates->set_var('story_comments', $story->EditElements('comments'));
$story_templates->set_var('lang_trackbacks', $LANG24[29]);
$story_templates->set_var('story_trackbacks', $story->EditElements('trackbacks'));
$story_templates->set_var('lang_emails', $LANG24[39]);
$story_templates->set_var('story_emails', $story->EditElements('numemails'));
if ($mode == 'clone') {
$story_templates->set_var('story_id', COM_makesid());
} else {
$story_templates->set_var('story_id', $story->getSid());
$story_templates->set_var('old_story_id', $story->EditElements('originalSid'));
}
$story_templates->set_var('lang_sid', $LANG24[12]);
$story_templates->set_var('lang_save', $LANG_ADMIN['save']);
$story_templates->set_var('lang_preview', $LANG_ADMIN['preview']);
$story_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$story_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
$story_templates->set_var('gltoken_name', CSRF_TOKEN);
$token = SEC_createToken();
$story_templates->set_var('gltoken', $token);
$story_templates->parse('output', 'editor');
$display .= COM_startBlock($LANG24[5], '', COM_getBlockTemplate('_admin_block', 'header'));
$display .= SEC_getTokenExpiryNotice($token, $LANG24[91]);
$display .= $story_templates->finish($story_templates->get_var('output'));
$display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $display;
}
/**
* Delete a poll
*
* @param string $pid ID of poll to delete
*/
function deletePoll($pid)
{
global $_CONF, $_TABLES, $_USER;
$pid = DB_escapeString($pid);
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
$Q = DB_fetchArray($result);
$access = SEC_hasAccess($Q['owner_id'], $Q['group_id'], $Q['perm_owner'], $Q['perm_group'], $Q['perm_members'], $Q['perm_anon']);
if ($access < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete poll {$pid}.");
COM_redirect($_CONF['site_admin_url'] . '/plugins/polls/index.php');
}
DB_delete($_TABLES['polltopics'], 'pid', $pid);
DB_delete($_TABLES['pollanswers'], 'pid', $pid);
DB_delete($_TABLES['pollquestions'], 'pid', $pid);
DB_delete($_TABLES['pollvoters'], 'pid', $pid);
DB_delete($_TABLES['comments'], array('sid', 'type'), array($pid, 'polls'));
PLG_itemDeleted($pid, 'polls');
COM_redirect($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=20');
}
/**
* Re-send a request after successful re-authentication
* Re-creates a GET or POST request based on data passed along in a form. Used
* in case of an expired security token so that the user doesn't lose changes.
*/
function resend_request()
{
global $_CONF;
$method = '';
if (isset($_POST['token_requestmethod'])) {
$method = COM_applyFilter($_POST['token_requestmethod']);
}
$returnUrl = '';
if (isset($_POST['token_returnurl'])) {
$returnUrl = urldecode($_POST['token_returnurl']);
if (substr($returnUrl, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) {
// only accept URLs on our site
$returnUrl = '';
}
}
$postData = '';
if (isset($_POST['token_postdata'])) {
$postData = urldecode($_POST['token_postdata']);
}
$getData = '';
if (isset($_POST['token_getdata'])) {
$getData = urldecode($_POST['token_getdata']);
}
$files = '';
if (isset($_POST['token_files'])) {
$files = urldecode($_POST['token_files']);
}
if (SECINT_checkToken() && !empty($method) && !empty($returnUrl) && ($method === 'POST' && !empty($postData) || $method === 'GET' && !empty($getData))) {
$magic = get_magic_quotes_gpc();
if ($method === 'POST') {
$req = new HTTP_Request2($returnUrl, HTTP_Request2::METHOD_POST);
$data = unserialize($postData);
foreach ($data as $key => $value) {
if ($key == CSRF_TOKEN) {
$req->addPostParameter($key, SEC_createToken());
} else {
if ($magic) {
$value = stripslashes_gpc_recursive($value);
}
$req->addPostParameter($key, $value);
}
}
if (!empty($files)) {
$files = unserialize($files);
}
if (!empty($files)) {
foreach ($files as $key => $value) {
$req->addPostParameter('_files_' . $key, $value);
}
}
} else {
$data = unserialize($getData);
foreach ($data as $key => &$value) {
if ($key == CSRF_TOKEN) {
$value = SEC_createToken();
} else {
if ($magic) {
$value = stripslashes_gpc_recursive($value);
}
}
}
$returnUrl = $returnUrl . '?' . http_build_query($data);
$req = new HTTP_Request2($returnUrl, HTTP_Request2::METHOD_GET);
}
$req->setHeader('User-Agent', 'Geeklog/' . VERSION);
// need to fake the referrer so the new token matches
$req->setHeader('Referer', COM_getCurrentUrl());
foreach ($_COOKIE as $cookie => $value) {
$req->addCookie($cookie, $value);
}
try {
$response = $req->send();
$status = $response->getStatus();
if ($status == 200) {
COM_output($response->getBody());
} else {
throw new HTTP_Request2_Exception('HTTP error: status code = ' . $status);
}
} catch (HTTP_Request2_Exception $e) {
if (!empty($files)) {
SECINT_cleanupFiles($files);
}
trigger_error("Resending {$method} request failed: " . $e->getMessage());
}
} else {
if (!empty($files)) {
SECINT_cleanupFiles($files);
}
COM_redirect($_CONF['site_url'] . '/index.php');
}
// don't return
exit;
}
/**
* Save an event to user's personal calendar
*
* User has seen the confirmation screen and they still wants to
* add this event to their calendar. Actually save it now.
*
* @param string $eid ID of event to save
*/
function saveuserevent($eid)
{
global $_CONF, $_TABLES, $_USER;
if (!COM_isAnonUser()) {
// Try to delete the event first in case it has already been added
DB_query("DELETE FROM {$_TABLES['personal_events']} WHERE uid={$_USER['uid']} AND eid='{$eid}'");
$result = DB_query("SELECT eid FROM {$_TABLES['events']} WHERE (eid = '{$eid}')" . COM_getPermSql('AND'));
if (DB_numRows($result) == 1) {
$savesql = "INSERT INTO {$_TABLES['personal_events']} " . "(eid,uid,title,event_type,datestart,dateend,timestart,timeend,allday,location,address1,address2,city,state," . "zipcode,url,description,group_id,owner_id,perm_owner,perm_group,perm_members,perm_anon) SELECT eid," . $_USER['uid'] . ",title,event_type,datestart,dateend,timestart,timeend,allday,location,address1,address2," . "city,state,zipcode,url,description,group_id,owner_id,perm_owner,perm_group,perm_members,perm_anon FROM " . "{$_TABLES['events']} WHERE eid = '{$eid}'";
DB_query($savesql);
COM_redirect($_CONF['site_url'] . '/calendar/index.php?mode=personal&msg=24');
}
}
COM_redirect($_CONF['site_url'] . '/index.php');
}
/**
* Handles comment processing
*
* @param string $mode Mode of comment processing
* @param string $type Type of item (article, polls, etc.)
* @param string $title Title of item
* @param string $sid ID for item to show comments for
* @param string $format 'threaded', 'nested', or 'flat'
* @return string HTML formated
*/
function CMT_handleComment($mode = '', $type = '', $title = '', $sid = '', $format = '')
{
global $_CONF, $_TABLES, $_USER, $LANG03, $LANG_ADMIN, $topic, $_PLUGINS;
$commentmode = '';
if (!empty($_REQUEST[CMT_MODE])) {
$commentmode = COM_applyFilter($_REQUEST[CMT_MODE]);
}
if (empty($mode)) {
$mode = COM_applyFilter(COM_getArgument(CMT_MODE));
}
if (empty($commentmode) && !empty($mode)) {
$commentmode = $mode;
}
if (empty($sid) && !empty($_REQUEST[CMT_SID])) {
$sid = COM_applyFilter($_REQUEST[CMT_SID]);
}
$pid = 0;
if (!empty($_REQUEST[CMT_PID])) {
$pid = COM_applyFilter($_REQUEST[CMT_PID], true);
}
if (empty($type) && !empty($_REQUEST[CMT_TYPE])) {
$type = COM_applyFilter($_REQUEST[CMT_TYPE]);
}
if (!empty($_REQUEST['title'])) {
$title = $_REQUEST['title'];
// apply filters later in CMT_commentForm or CMT_saveComment
}
if (!empty($_REQUEST[CMT_UID])) {
$uid = COM_applyFilter($_REQUEST[CMT_UID]);
} else {
$uid = 1;
if (!empty($_USER['uid'])) {
$uid = $_USER['uid'];
}
}
$postmode = $_CONF['postmode'];
if (isset($_REQUEST['postmode'])) {
$postmode = COM_applyFilter($_REQUEST['postmode']);
}
$formtype = '';
if (!empty($_REQUEST['formtype'])) {
$formtype = COM_applyFilter($_REQUEST['formtype']);
}
// Get comment id, may not be there...will handle in function
$cid = 0;
if (isset($_REQUEST[CMT_CID])) {
$cid = COM_applyFilter($_REQUEST[CMT_CID], true);
}
TOPIC_getTopic('comment', $cid);
if (empty($format) && isset($_REQUEST['format'])) {
$format = COM_applyFilter($_REQUEST['format']);
}
if (!in_array($format, array('threaded', 'nested', 'flat', 'nocomment'))) {
if (COM_isAnonUser()) {
$format = $_CONF['comment_mode'];
} else {
$format = DB_getItem($_TABLES['usercomment'], 'commentmode', "uid = {$_USER['uid']}");
}
}
$order = '';
if (isset($_REQUEST['order'])) {
$order = COM_applyFilter($_REQUEST['order']);
}
$cpage = 1;
if (!empty($_REQUEST['cpage'])) {
$cpage = COM_applyFilter($_REQUEST['cpage'], true);
if (empty($cpage)) {
$cpage = 1;
}
}
$is_comment_page = CMT_isCommentPage();
$retval = '';
if ($_CONF['show_comments_at_replying'] && $is_comment_page && !empty($sid) && !empty($type) && in_array($commentmode, array('', $LANG03[28], $LANG03[34], $LANG03[14], 'edit'))) {
if ($commentmode == 'edit') {
$cid = 0;
if (isset($_REQUEST[CMT_CID])) {
$cid = COM_applyFilter($_REQUEST[CMT_CID], true);
}
if ($cid <= 0) {
COM_errorLog("CMT_handleComment(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing/bad values.');
COM_redirect($_CONF['site_url'] . '/index.php');
}
$pid = $cid;
}
if ($pid > 0 && empty($title)) {
$atype = DB_escapeString($type);
$title = DB_getItem($_TABLES['comments'], 'title', "(cid = {$pid}) AND (type = '{$atype}')");
}
if (empty($title)) {
$title = PLG_getItemInfo($type, $sid, 'title');
$title = str_replace('$', '$', $title);
// CMT_userComments expects non-htmlspecial chars for title...
$title = str_replace('&', '&', $title);
$title = str_replace('"', '"', $title);
$title = str_replace('<', '<', $title);
$title = str_replace('>', '>', $title);
}
$retval .= CMT_userComments($sid, $title, $type, $order, $format, $pid, $cpage, $pid > 0, false, 0);
}
switch ($commentmode) {
case $LANG03[28]:
// Preview Changes (for edit)
// Preview Changes (for edit)
case $LANG03[34]:
// Preview Submission changes (for edit)
// Preview Submission changes (for edit)
case $LANG03[14]:
// Preview
$retval .= CMT_commentForm($title, $_POST['comment'], $sid, $pid, $type, $commentmode, $postmode, $format, $order, $cpage);
if ($is_comment_page) {
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[14]));
}
break;
case $LANG03[35]:
// Submit Changes to Moderation table
// Submit Changes to Moderation table
case $LANG03[29]:
// Submit Changes
if (SEC_checkToken()) {
$retval .= CMT_handleEditSubmit($commentmode);
} else {
COM_redirect($_CONF['site_url'] . '/index.php');
}
break;
case $LANG03[11]:
// Submit comment
$retval .= CMT_handleSubmit($title, $sid, $pid, $type, $postmode, $uid);
break;
case $LANG_ADMIN['delete']:
case 'delete':
// Delete comment
if (SEC_checkToken()) {
$retval .= CMT_handleDelete($sid, $type, $formtype);
} else {
COM_redirect($_CONF['site_url'] . '/index.php');
}
break;
case 'view':
// View comment by $cid
$retval .= CMT_handleView($format, $order, $cpage, true);
break;
case 'display':
// View comment by $pid
$retval .= CMT_handleView($format, $order, $cpage, false);
break;
case 'report':
if ($is_comment_page) {
$cid = 0;
if (isset($_GET[CMT_CID])) {
$cid = COM_applyFilter($_GET[CMT_CID], true);
}
$type = '';
if (isset($_GET[CMT_TYPE])) {
$type = COM_applyFilter($_GET[CMT_TYPE]);
}
if ($cid <= 0 || empty($type)) {
COM_redirect($_CONF['site_url'] . '/index.php');
}
$retval .= CMT_reportAbusiveComment($cid, $type);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[27]));
}
break;
case 'sendreport':
if (SEC_checkToken()) {
$cid = 0;
if (isset($_POST[CMT_CID])) {
$cid = COM_applyFilter($_POST[CMT_CID], true);
}
$type = '';
if (isset($_POST[CMT_TYPE])) {
$type = COM_applyFilter($_POST[CMT_TYPE]);
}
if ($cid <= 0 || empty($type)) {
COM_redirect($_CONF['site_url'] . '/index.php');
}
$retval .= CMT_sendReport($cid, $type);
} else {
COM_redirect($_CONF['site_url'] . '/index.php');
}
break;
case 'editsubmission':
if (!SEC_hasRights('comment.moderate')) {
COM_redirect($_CONF['site_url'] . '/index.php');
}
// deliberate fall-through
// deliberate fall-through
case 'edit':
$retval .= CMT_handleEdit($commentmode, $postmode, $format, $order, $cpage);
if ($is_comment_page) {
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[1]));
}
break;
case 'unsubscribe':
$cid = 0;
$key = COM_applyFilter($_GET['key']);
if (!empty($key)) {
$key = DB_escapeString($key);
$cid = DB_getItem($_TABLES['commentnotifications'], 'cid', "deletehash = '{$key}'");
if (!empty($cid)) {
$redirecturl = $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $cid . '&format=nested&msg=16';
DB_delete($_TABLES['commentnotifications'], 'deletehash', $key, $redirecturl);
exit;
}
}
COM_redirect($_CONF['site_url'] . '/index.php');
break;
case $LANG_ADMIN['cancel']:
if ($formtype == 'editsubmission') {
COM_redirect($_CONF['site_admin_url'] . '/moderation.php');
} else {
$retval .= CMT_handleCancel();
// moved to function for readibility
}
break;
default:
// New Comment or Reply Comment
$abort = false;
// Check to make sure comment type exists
if ($type != 'article' && !in_array($type, $_PLUGINS)) {
$abort = true;
}
// Check article permissions
if (!$abort && $type == 'article' && !empty($sid)) {
$dbTitle = DB_getItem($_TABLES['stories'], 'title', "(sid = '{$sid}') AND (draft_flag = 0) AND (date <= NOW()) AND (commentcode = 0)" . COM_getPermSQL('AND'));
// if ($dbTitle === null || TOPIC_hasMultiTopicAccess('article', $sid) < 2) { // Make sure have at least read access to topics to post comment
if ($dbTitle === null || TOPIC_hasMultiTopicAccess('article', $sid, $topic) < 2) {
// Make sure have at least read access to current topic of article to post comment
// no permissions, or no story of that title
$abort = true;
}
}
if (!$abort && !empty($sid) && !empty($type)) {
if ($pid > 0 && empty($title)) {
$atype = DB_escapeString($type);
$title = DB_getItem($_TABLES['comments'], 'title', "(cid = {$pid}) AND (type = '{$atype}')");
}
if (empty($title)) {
$title = PLG_getItemInfo($type, $sid, 'title');
// Check title, if for some reason blank assume no access allowed to plugin item (therefore cannot add comment) so return to homepage
if (is_array($title) || empty($title) || $title == false) {
COM_redirect($_CONF['site_url'] . '/index.php');
}
$title = str_replace('$', '$', $title);
// CMT_commentForm expects non-htmlspecial chars for title...
$title = str_replace('&', '&', $title);
$title = str_replace('"', '"', $title);
$title = str_replace('<', '<', $title);
$title = str_replace('>', '>', $title);
}
$retval .= CMT_commentForm($title, '', $sid, $pid, $type, $commentmode, $postmode, $format, $order, $cpage);
} else {
if (COMMENT_ON_SAME_PAGE) {
// Do nothing and do not show comment form (happens most likely when admin viewing draft article)
} else {
// For comments not displayed on same page (probably owner pushed the post comment button on a draft article)
COM_redirect($_CONF['site_url'] . '/index.php');
}
}
if ($is_comment_page) {
$noindex = '<meta name="robots" content="noindex"' . XHTML . '>';
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[1], 'headercode' => $noindex));
}
break;
}
return $retval;
}
/**
* Delete a feed.
*
* @param int $fid feed id
* @return string HTML redirect
*
*/
function deletefeed($fid)
{
global $_CONF, $_TABLES;
if ($fid > 0) {
$feedfile = DB_getItem($_TABLES['syndication'], 'filename', "fid = {$fid}");
deleteFeedFile($feedfile);
DB_delete($_TABLES['syndication'], 'fid', $fid);
COM_redirect($_CONF['site_admin_url'] . '/syndication.php?msg=59');
}
COM_redirect($_CONF['site_admin_url'] . '/syndication.php');
}
/**
* Check security token
*/
private static function checkSecurityToken()
{
global $_CONF, $_USER;
if (!SEC_checkToken()) {
$uid = $_USER['uid'];
COM_accessLog("User {$_USER['username']} tried to illegally delete user {$uid} and failed CSRF checks.");
COM_redirect($_CONF['site_admin_url'] . '/index.php');
}
}
/**
* Continue a plugin upgrade that started in plugin_upload()
*
* @param string $plugin plugin name
* @param string $pi_version current plugin version
* @param string $code_version plugin version to be upgraded to
* @return string HTML refresh
* @see function plugin_upload
*/
function continue_upgrade($plugin, $pi_version, $code_version)
{
global $_CONF, $_TABLES;
$retval = '';
$msg_with_plugin_name = false;
// simple sanity checks
if (empty($plugin) || empty($pi_version) || empty($code_version) || $pi_version == $code_version) {
$msg = 72;
} else {
// more sanity checks
$result = DB_query("SELECT pi_version, pi_enabled FROM {$_TABLES['plugins']} WHERE pi_name = '" . DB_escapeString($plugin) . "'");
$A = DB_fetchArray($result);
if (!empty($A['pi_version']) && $A['pi_enabled'] == 1 && $A['pi_version'] == $pi_version && $A['pi_version'] != $code_version) {
// continue upgrade process that started in plugin_upload()
$result = PLG_upgrade($plugin);
if ($result === true) {
PLG_pluginStateChange($plugin, 'upgraded');
$msg = 60;
// successfully updated
} else {
$msg_with_plugin_name = true;
$msg = $result;
// message provided by the plugin
}
} else {
$msg = 72;
}
}
$url = $_CONF['site_admin_url'] . '/plugins.php?msg=' . $msg;
if ($msg_with_plugin_name) {
$url .= '&plugin=' . $plugin;
}
COM_redirect($url);
}
/**
* This function actually sends the messages to the specified group
*
* @param array $vars Same as $_POST, holds all the email info
* @return string HTML with success or error message
*
*/
function send_messages(array $vars)
{
global $_CONF, $_TABLES, $LANG31;
require_once $_CONF['path_system'] . 'lib-user.php';
$retval = '';
if (empty($vars['fra']) || empty($vars['fraepost']) || empty($vars['subject']) || empty($vars['message']) || empty($vars['to_group']) || strpos($vars['fra'], '@') !== false) {
$retval .= COM_showMessageText($LANG31[26]);
$retval .= display_mailform($vars);
return $retval;
}
$to_group = COM_applyFilter($vars['to_group'], true);
if ($to_group > 0) {
$group_name = DB_getItem($_TABLES['groups'], 'grp_name', "grp_id = {$to_group}");
if (!SEC_inGroup($group_name)) {
COM_redirect($_CONF['site_admin_url'] . '/mail.php');
}
} else {
COM_redirect($_CONF['site_admin_url'] . '/mail.php');
}
// Urgent message!
$priority = isset($vars['priority']) ? 1 : 0;
// If you want to send html mail
$html = isset($vars['html']);
$groupList = implode(',', USER_getChildGroups($to_group));
// and now mail it
if (isset($vars['overstyr'])) {
$sql = "SELECT DISTINCT username,fullname,email FROM {$_TABLES['users']},{$_TABLES['group_assignments']} WHERE uid > 1";
$sql .= " AND {$_TABLES['users']}.status = " . USER_ACCOUNT_ACTIVE . " AND ((email IS NOT NULL) and (email != ''))";
$sql .= " AND {$_TABLES['users']}.uid = ug_uid AND ug_main_grp_id IN ({$groupList})";
} else {
$sql = "SELECT DISTINCT username,fullname,email,emailfromadmin FROM {$_TABLES['users']},{$_TABLES['userprefs']},{$_TABLES['group_assignments']} WHERE {$_TABLES['users']}.uid > 1";
$sql .= " AND {$_TABLES['users']}.status = " . USER_ACCOUNT_ACTIVE . " AND ((email IS NOT NULL) and (email != ''))";
$sql .= " AND {$_TABLES['users']}.uid = {$_TABLES['userprefs']}.uid AND emailfromadmin = 1";
$sql .= " AND ug_uid = {$_TABLES['users']}.uid AND ug_main_grp_id IN ({$groupList})";
}
$result = DB_query($sql);
$numRows = DB_numRows($result);
$from = array($vars['fraepost'] => $vars['fra']);
$subject = COM_stripslashes($vars['subject']);
$subject = strip_tags($subject);
$message = COM_stripslashes($vars['message']);
if ($html) {
if (stripos($message, '<body') === false) {
$message = '<body>' . PHP_EOL . $message . PHP_EOL . '</body>' . PHP_EOL;
}
if (stripos($message, '<head') === false) {
$message = '<head></head>' . PHP_EOL . $message;
}
if (stripos($message, '<html') === false) {
$message = '<html>' . PHP_EOL . $message . '</html>' . PHP_EOL;
}
} else {
$message = strip_tags($message);
}
// Loop through and send the messages!
$successes = array();
$failures = array();
for ($i = 0; $i < $numRows; $i++) {
$A = DB_fetchArray($result);
if (empty($A['fullname'])) {
$to = array($A['email'] => $A['username']);
} else {
$to = array($A['email'] => $A['fullname']);
}
$tempTo = is_array($to) ? implode('', array_keys($to)) : $to;
if (!COM_mail($to, $subject, $message, $from, $html, $priority)) {
$failures[] = htmlspecialchars($tempTo);
} else {
$successes[] = htmlspecialchars($tempTo);
}
}
$retval .= COM_startBlock($LANG31[1]);
$failCount = count($failures);
$successCount = count($successes);
$mailResult = str_replace('<successcount>', $successCount, $LANG31[20]);
$retval .= str_replace('<failcount>', $failCount, $mailResult);
$retval .= '<h2>' . $LANG31[21] . '</h2>';
for ($i = 0; $i < count($failures); $i++) {
$retval .= current($failures) . '<br' . XHTML . '>';
next($failures);
}
if (count($failures) === 0) {
$retval .= $LANG31[23];
}
$retval .= '<h2>' . $LANG31[22] . '</h2>';
for ($i = 0; $i < count($successes); $i++) {
$retval .= current($successes) . '<br' . XHTML . '>';
next($successes);
}
if (count($successes) === 0) {
$retval .= $LANG31[24];
}
$retval .= COM_endBlock();
return $retval;
}
function quick_message_display($msg)
{
global $_CONF;
COM_redirect($_CONF['site_url'] . '/users.php?msg=' . $msg);
}
/**
* Display form to email a story to someone.
*
* @param string $sid ID of article to email
* @param bool $cc Whether to send a copy of the message to the author
* @param string $to name of person / friend to email
* @param string $toemail friend's email address
* @param string $from name of person sending the email
* @param string $fromemail sender's email address
* @param string $shortmsg short intro text to send with the story
* @param string $msg Error message code
* @return string HTML for email story form
*
*/
function mailstoryform($sid, $cc = false, $to = '', $toemail = '', $from = '', $fromemail = '', $shortmsg = '', $msg = 0)
{
global $_CONF, $_TABLES, $_USER, $LANG08;
require_once $_CONF['path_system'] . 'lib-story.php';
$retval = '';
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) {
$retval .= SEC_loginRequiredForm();
return $retval;
}
$story = new Story();
$result = $story->loadFromDatabase($sid, 'view');
if ($result != STORY_LOADED_OK) {
COM_redirect($_CONF['site_url'] . '/index.php');
}
if ($msg > 0) {
$retval .= COM_showMessage($msg);
}
if (empty($from) && empty($fromemail)) {
if (!COM_isAnonUser()) {
$from = COM_getDisplayName($_USER['uid'], $_USER['username'], $_USER['fullname']);
$fromemail = DB_getItem($_TABLES['users'], 'email', "uid = {$_USER['uid']}");
}
}
$cc = $cc ? ' checked="checked"' : '';
$mail_template = COM_newTemplate($_CONF['path_layout'] . 'profiles');
$mail_template->set_file('form', 'contactauthorform.thtml');
$mail_template->set_var('start_block_mailstory2friend', COM_startBlock($LANG08[17]));
$mail_template->set_var('lang_title', $LANG08[31]);
$mail_template->set_var('story_title', $story->displayElements('title'));
$url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
$mail_template->set_var('story_url', $url);
$link = COM_createLink($story->displayElements('title'), $url);
$mail_template->set_var('story_link', $link);
$mail_template->set_var('lang_fromname', $LANG08[20]);
$mail_template->set_var('name', $from);
$mail_template->set_var('lang_fromemailaddress', $LANG08[21]);
$mail_template->set_var('email', $fromemail);
$mail_template->set_var('lang_toname', $LANG08[18]);
$mail_template->set_var('toname', $to);
$mail_template->set_var('lang_toemailaddress', $LANG08[19]);
$mail_template->set_var('toemail', $toemail);
if (!$_CONF['mail_cc_enabled']) {
$mail_template->set_var('cc_enabled', ' style="display: none"');
} else {
$mail_template->set_var('cc', $cc);
$mail_template->set_var('lang_cc', $LANG08[36]);
$mail_template->set_var('lang_cc_description', $LANG08[37]);
}
$mail_template->set_var('lang_shortmessage', $LANG08[27]);
$mail_template->set_var('shortmsg', htmlspecialchars($shortmsg));
$mail_template->set_var('lang_warning', $LANG08[22]);
$mail_template->set_var('lang_sendmessage', $LANG08[16]);
$mail_template->set_var('story_id', $sid);
$mail_template->set_var('end_block', COM_endBlock());
PLG_templateSetVars('emailstory', $mail_template);
$mail_template->parse('output', 'form');
$retval .= $mail_template->finish($mail_template->get_var('output'));
return $retval;
}
/**
* Saves the user's information back to the database
*
* @param array $A User's data
* @return string HTML error message or meta redirect
*/
function saveuser(array $A)
{
global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE, $MESSAGE;
if ($_US_VERBOSE) {
COM_errorLog('**** Inside saveuser in usersettings.php ****', 1);
}
$reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = {$_USER['uid']}");
if ($reqid != $A['uid']) {
DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $_USER['uid']);
COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}.");
COM_redirect($_CONF['site_url'] . '/index.php');
}
if (!isset($A['cooktime'])) {
// If not set or possibly removed from template - set to default
$A['cooktime'] = $_CONF['default_perm_cookie_timeout'];
} else {
$A['cooktime'] = COM_applyFilter($A['cooktime'], true);
}
// If empty or invalid - set to user default
// So code after this does not fail the user password required test
if ($A['cooktime'] < 0) {
// note that == 0 is allowed!
$A['cooktime'] = $_USER['cookietimeout'];
}
// to change the password, email address, or cookie timeout,
// we need the user's current password
$service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$_USER['uid']}");
if ($service == '') {
if (!empty($A['passwd']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
// verify password
if (empty($A['old_passwd']) || SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) < 0) {
COM_redirect($_CONF['site_url'] . '/usersettings.php?msg=83');
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
COM_redirect("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
}
}
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
COM_redirect("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
}
}
} else {
if ($A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
// re athenticate remote user again for these changes to take place
// Can't just be done here since user may have to relogin to his service which then sends us back here and we lose his changes
}
}
// no need to filter the password as it's encoded anyway
if ($_CONF['allow_username_change'] == 1) {
$A['new_username'] = COM_applyFilter($A['new_username']);
if (!empty($A['new_username']) && $A['new_username'] != $_USER['username']) {
$A['new_username'] = DB_escapeString($A['new_username']);
if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) {
if ($_CONF['allow_user_photo'] == 1) {
$photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}");
if (!empty($photo)) {
$newphoto = preg_replace('/' . $_USER['username'] . '/', $A['new_username'], $photo, 1);
$imgpath = $_CONF['path_images'] . 'userphotos/';
if (rename($imgpath . $photo, $imgpath . $newphoto) === false) {
$display = COM_errorLog('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".');
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[21]));
return $display;
}
DB_change($_TABLES['users'], 'photo', DB_escapeString($newphoto), "uid", $_USER['uid']);
}
}
DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", $_USER['uid']);
} else {
COM_redirect($_CONF['site_url'] . '/usersettings.php?msg=51');
}
}
}
// a quick spam check with the unfiltered field contents
$profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1><p>';
// this is a hack, for some reason remoteservice links made SPAMX SLV check barf
if (empty($service)) {
$profile .= COM_createLink($A['homepage'], $A['homepage']) . '<br' . XHTML . '>';
}
$profile .= $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>' . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>';
$result = PLG_checkforSpam($profile, $_CONF['spamx']);
if ($result > 0) {
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$A['email'] = COM_applyFilter($A['email']);
$A['email_conf'] = COM_applyFilter($A['email_conf']);
$A['homepage'] = COM_applyFilter($A['homepage']);
// basic filtering only
$A['fullname'] = strip_tags(COM_stripslashes($A['fullname']));
$A['location'] = strip_tags(COM_stripslashes($A['location']));
$A['sig'] = strip_tags(COM_stripslashes($A['sig']));
$A['about'] = strip_tags(COM_stripslashes($A['about']));
$A['pgpkey'] = strip_tags(COM_stripslashes($A['pgpkey']));
if (!COM_isEmail($A['email'])) {
COM_redirect($_CONF['site_url'] . '/usersettings.php?msg=52');
} elseif ($A['email'] !== $A['email_conf']) {
COM_redirect($_CONF['site_url'] . '/usersettings.php?msg=78');
} elseif (emailAddressExists($A['email'], $_USER['uid'])) {
COM_redirect($_CONF['site_url'] . '/usersettings.php?msg=56');
} else {
$passwd = '';
if ($service == '') {
if (!empty($A['passwd'])) {
if ($A['passwd'] == $A['passwd_conf'] && SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) == 0) {
SEC_updateUserPassword($A['passwd'], $_USER['uid']);
if ($A['cooktime'] > 0) {
$cooktime = $A['cooktime'];
} else {
$cooktime = -1000;
}
SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime);
} elseif (SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) < 0) {
COM_redirect($_CONF['site_url'] . '/usersettings.php?msg=68');
} elseif ($A['passwd'] != $A['passwd_conf']) {
COM_redirect($_CONF['site_url'] . '/usersettings.php?msg=67');
}
}
} else {
// Cookie
if ($A['cooktime'] > 0) {
$cooktime = $A['cooktime'];
} else {
$cooktime = -1000;
}
SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime);
}
if ($_US_VERBOSE) {
COM_errorLog('cooktime = ' . $A['cooktime'], 1);
}
if ($A['cooktime'] <= 0) {
$cooktime = 1000;
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() - $cooktime);
} else {
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $A['cooktime']);
}
if ($_CONF['allow_user_photo'] == 1) {
$delete_photo = '';
if (isset($A['delete_photo'])) {
$delete_photo = $A['delete_photo'];
}
$filename = handlePhotoUpload($delete_photo);
}
if (!empty($A['homepage'])) {
$pos = MBYTE_strpos($A['homepage'], ':');
if ($pos === false) {
$A['homepage'] = 'http://' . $A['homepage'];
} else {
$prot = substr($A['homepage'], 0, $pos + 1);
if ($prot !== 'http:' && $prot !== 'https:') {
$A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1);
}
}
$A['homepage'] = DB_escapeString($A['homepage']);
}
$A['fullname'] = DB_escapeString($A['fullname']);
$A['email'] = DB_escapeString($A['email']);
$A['location'] = DB_escapeString($A['location']);
$A['sig'] = DB_escapeString($A['sig']);
$A['about'] = DB_escapeString($A['about']);
$A['pgpkey'] = DB_escapeString($A['pgpkey']);
if (!empty($filename)) {
if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) {
$filename = '';
}
}
DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='{$filename}' WHERE uid={$_USER['uid']}");
DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}");
// Call custom registration save function if enabled and exists
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userSave')) {
CUSTOM_userSave($_USER['uid']);
}
PLG_userInfoChanged($_USER['uid']);
// at this point, the user information has been saved, but now we're going to check to see if
// the user has requested resynchronization with their remoteservice account
$msg = 5;
// default msg = Your account information has been successfully saved
if (isset($A['resynch'])) {
if ($_CONF['user_login_method']['oauth'] && strpos($_USER['remoteservice'], 'oauth.') === 0) {
$modules = SEC_collectRemoteOAuthModules();
$active_service = count($modules) === 0 ? false : in_array(substr($_USER['remoteservice'], 6), $modules);
if (!$active_service) {
$status = -1;
$msg = 115;
// Remote service has been disabled.
} else {
require_once $_CONF['path_system'] . 'classes/oauthhelper.class.php';
$service = substr($_USER['remoteservice'], 6);
$consumer = new OAuthConsumer($service);
$callback_url = $_CONF['site_url'];
$consumer->setRedirectURL($callback_url);
$user = $consumer->authenticate_user();
$consumer->doSynch($user);
}
}
if ($msg != 5) {
$msg = 114;
// Account saved but re-synch failed.
COM_errorLog($MESSAGE[$msg]);
}
}
if ($_US_VERBOSE) {
COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1);
}
COM_redirect($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=' . $msg);
}
}
/**
* Delete a link
*
* @param string $lid id of link to delete
* @param string $type 'submission' when attempting to delete a submission
*/
function deleteLink($lid, $type = '')
{
global $_CONF, $_TABLES, $_USER;
if (empty($type)) {
// delete regular link
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid ='{$lid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete link {$lid}.");
COM_redirect($_CONF['site_admin_url'] . '/plugins/links/index.php');
}
DB_delete($_TABLES['links'], 'lid', $lid);
PLG_itemDeleted($lid, 'links');
COM_redirect($_CONF['site_admin_url'] . '/plugins/links/index.php?msg=3');
} elseif ($type == 'submission') {
if (plugin_ismoderator_links()) {
DB_delete($_TABLES['linksubmission'], 'lid', $lid);
COM_redirect($_CONF['site_admin_url'] . '/plugins/links/index.php?msg=3');
} else {
COM_accessLog("User {$_USER['username']} tried to illegally delete link submission {$lid}.");
}
} else {
COM_accessLog("User {$_USER['username']} tried to illegally delete link {$lid} of type {$type}.");
}
COM_redirect($_CONF['site_admin_url'] . '/plugins/links/index.php');
}
/**
* Ban IP Addresses being selected with the Spamx plugin
*
* @param string $suffix
*/
function banIpAddresses($suffix)
{
global $_CONF, $_PLUGINS, $_TABLES, $_USER;
if (SEC_checkToken()) {
if (!in_array('spamx', $_PLUGINS)) {
COM_errorLog(__FUNCTION__ . ': Spmax plugin is not installed or disabled.');
COM_redirect($_CONF['site_admin_url'] . '/index.php');
}
$getCommentIds = getCommentIds($suffix);
if (count($getCommentIds) > 0) {
$sql = "SELECT DISTINCT ipaddress FROM {$_TABLES['comments']} " . "WHERE (ipaddress NOT LIKE '192.168.%') AND (ipaddress <> '::1') AND " . " (cid IN (" . implode(',', $getCommentIds) . "))";
$result = DB_query($sql);
if (!DB_error()) {
$ipAddresses = array();
while (($A = DB_fetchArray($result, false)) !== false) {
$ipAddresses[] = $A['ipaddress'];
}
foreach ($ipAddresses as $ipAddress) {
$sql = "INSERT INTO {$_TABLES['spamx']} (name, value) " . "VALUES ('IP', '" . DB_escapeString($ipAddress) . "')";
DB_query($sql);
}
}
COM_redirect($_CONF['site_admin_url'] . '/comment.php?msg=144');
}
} else {
COM_accessLog("User {$_USER['username']} tried to ban IP addresses and failed CSRF checks.");
COM_redirect($_CONF['site_admin_url'] . '/index.php');
}
}
}
// Go to next day
$thedate = COM_getUserDateTimeFormat(mktime(0, 0, 0, $monthnum, $daynum + 1, $yearnum));
}
$display .= $cal_templates->parse('output', 'week');
$display = COM_createHTMLDocument($display, array('pagetitle' => $pagetitle));
break;
case 'addentry':
$display .= plugin_submit_calendar($mode);
$display = COM_createHTMLDocument($display, array('pagetitle' => $pagetitle));
break;
case 'savepersonal':
if (SEC_checkToken()) {
$display = plugin_savesubmission_calendar($_POST);
} else {
COM_redirect($_CONF['site_url'] . '/calendar/index.php');
}
break;
default:
// month view
// Load templates
$cal_templates = COM_newTemplate(CTL_plugin_templatePath('calendar'));
$cal_templates->set_file(array('calendar' => 'calendar.thtml', 'week' => 'calendarweek.thtml', 'day' => 'calendarday.thtml', 'event' => 'calendarevent.thtml', 'mastercal' => 'mastercalendaroption.thtml', 'personalcal' => 'personalcalendaroption.thtml', 'addevent' => 'addeventoption.thtml'));
$cal_templates->set_var('mode', $mode);
if ($mode == 'personal') {
$cal_templates->set_var('start_block', COM_startBlock($LANG_CAL_2[12]));
$cal_templates->set_var('end_block', COM_endBlock());
} else {
$cal_templates->set_var('start_block', COM_startBlock($LANG_CAL_2[11]));
$cal_templates->set_var('end_block', COM_endBlock());
}
$defsort_arr = array('field' => 'unixdate', 'direction' => 'desc');
$text_arr = array('has_menu' => false, 'title' => $LANG_POLLS['pollstitle'], 'instructions' => "", 'icon' => '', 'form_url' => '', 'form_url' => $_CONF['site_url'] . '/polls/index.php');
$query_arr = array('table' => 'polltopics', 'sql' => $sql = "SELECT *,UNIX_TIMESTAMP(created) AS unixdate, display " . "FROM {$_TABLES['polltopics']} WHERE 1=1", 'query_fields' => array('topic'), 'default_filter' => COM_getPermSQL(), 'query' => '', 'query_limit' => 0);
$retval .= ADMIN_list('polls', 'plugin_getListField_polls', $header_arr, $text_arr, $query_arr, $defsort_arr);
}
return $retval;
}
// MAIN
//
// no pid will load a list of polls
// no aid will let you vote on the select poll
// an aid greater than 0 will save a vote for that answer on the selected poll
// an aid of -1 will display the select poll
$display = '';
if (isset($_POST['reply']) && $_POST['reply'] == $LANG01[25]) {
COM_redirect($_CONF['site_url'] . '/comment.php?sid=' . $_POST['pid'] . '&pid=' . $_POST['pid'] . '&type=' . $_POST['type']);
}
//var_dump($_POST);die();
$pid = 0;
$aid = 0;
if (isset($_REQUEST['pid'])) {
$pid = COM_applyFilter($_REQUEST['pid']);
if (isset($_GET['aid'])) {
$aid = -1;
// only for showing results instead of questions
} elseif (isset($_POST['aid'])) {
$aid = $_POST['aid'];
}
}
$order = '';
if (isset($_REQUEST['order'])) {
/**
* Save information of a weblog directory service
*
* @param int $pid ID of service or 0 for new entry
* @param string $name name of the service
* @param string $site_url Homepage URL of the service
* @param string $ping_url URL to ping at the service
* @param string $method method used for the ping
* @param string $enabled 'on' when enabled
* @return string HTML redirect or service editor
*
*/
function saveService($pid, $name, $site_url, $ping_url, $method, $enabled)
{
global $_CONF, $_TABLES, $LANG_TRB;
$enabled = $enabled == 'on' ? 1 : 0;
if ($method == 'extended') {
$method = 'weblogUpdates.extendedPing';
} else {
$method = 'weblogUpdates.ping';
}
$name = strip_tags(COM_stripslashes($name));
$site_url = strip_tags(COM_stripslashes($site_url));
$ping_url = strip_tags(COM_stripslashes($ping_url));
$errormsg = '';
if (empty($name)) {
$errormsg = $LANG_TRB['error_site_name'];
} else {
// all URLs must start with http: or https:
$parts = explode(':', $site_url);
if ($parts[0] != 'http' && $parts[0] != 'https') {
$errormsg = $LANG_TRB['error_site_url'];
} else {
$parts = explode(':', $ping_url);
if ($parts[0] != 'http' && $parts[0] != 'https') {
$errormsg = $LANG_TRB['error_ping_url'];
}
}
}
if (!empty($errormsg)) {
return editServiceForm($pid, $errormsg, $name, $site_url, $ping_url, $method, $enabled);
}
$name = DB_escapeString($name);
$site_url = DB_escapeString($site_url);
$ping_url = DB_escapeString($ping_url);
if ($pid > 0) {
DB_save($_TABLES['pingservice'], 'pid,name,site_url,ping_url,method,is_enabled', "'{$pid}','{$name}','{$site_url}','{$ping_url}','{$method}','{$enabled}'");
} else {
DB_save($_TABLES['pingservice'], 'name,site_url,ping_url,method,is_enabled', "'{$name}','{$site_url}','{$ping_url}','{$method}','{$enabled}'");
}
COM_redirect($_CONF['site_admin_url'] . '/trackback.php?mode=listservice&msg=65');
}
/**
* Delete a group
*
* @param int $grp_id id of group to delete
* @return string HTML redirect
*
*/
function deleteGroup($grp_id)
{
global $_CONF, $_TABLES, $_USER;
if (!SEC_inGroup('Root') && DB_getItem($_TABLES['groups'], 'grp_name', "grp_id = {$grp_id}") == 'Root') {
COM_accessLog("User {$_USER['username']} tried to delete the Root group with insufficient privileges.");
COM_redirect($_CONF['site_admin_url'] . '/group.php');
}
$GroupAdminGroups = SEC_getUserGroups();
if (!in_array($grp_id, $GroupAdminGroups) && !SEC_groupIsRemoteUserAndHaveAccess($grp_id, $GroupAdminGroups)) {
COM_accessLog("User {$_USER['username']} tried to delete group {$grp_id} with insufficient privileges.");
COM_redirect($_CONF['site_admin_url'] . '/group.php');
}
DB_delete($_TABLES['access'], 'acc_grp_id', $grp_id);
DB_delete($_TABLES['group_assignments'], 'ug_grp_id', $grp_id);
DB_delete($_TABLES['group_assignments'], 'ug_main_grp_id', $grp_id);
DB_delete($_TABLES['groups'], 'grp_id', $grp_id);
PLG_groupChanged($grp_id, 'delete');
if (isset($_REQUEST['chk_showall']) && $_REQUEST['chk_showall'] == 1) {
COM_redirect($_CONF['site_admin_url'] . '/group.php?msg=50&chk_showall=1');
} else {
COM_redirect($_CONF['site_admin_url'] . '/group.php?msg=50');
}
}
/**
* Delete a block
*
* @param string $bid id of block to delete
* @return string HTML redirect or error message
*/
function deleteBlock($bid)
{
global $_CONF, $_TABLES, $_USER;
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid ='{$bid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access < 3 || TOPIC_hasMultiTopicAccess('block', $bid) < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete block {$bid}.");
COM_redirect($_CONF['site_admin_url'] . '/block.php');
}
TOPIC_deleteTopicAssignments('block', $bid);
DB_delete($_TABLES['blocks'], 'bid', $bid);
$cacheInstance = 'block__' . $bid . '__';
// remove any of this blocks instances if exists
CACHE_remove_instance($cacheInstance);
COM_redirect($_CONF['site_admin_url'] . '/block.php?msg=12');
}
/**
* Forward the user depending on config setting after saving something
*
* @param string $target where to redirect to
* @param string $item_url the url of the item saved
* @param string $plugin the name of the plugin that saved the item
* @param string $message (optional) message number to attach to url
* @return string the url where the user will be forwarded to
*
*/
function PLG_afterSaveSwitch($target, $item_url, $plugin, $message = '')
{
global $_CONF;
if (isset($message) && (!empty($message) || is_numeric($message))) {
$msg = "msg={$message}";
} else {
$msg = '';
}
switch ($target) {
case 'item':
$url = $item_url;
if (!empty($msg) && $plugin != 'story') {
if (strpos($url, '?') === false) {
$url .= '?' . $msg;
} else {
$url .= '&' . $msg;
}
}
break;
case 'home':
$url = $_CONF['site_url'] . '/index.php';
if (!empty($msg)) {
$url .= '?' . $msg;
if ($plugin != 'story' && $plugin != 'user') {
$url .= '&plugin=' . $plugin;
}
}
break;
case 'admin':
$url = $_CONF['site_admin_url'] . '/moderation.php';
if (!empty($msg)) {
$url .= '?' . $msg;
if ($plugin != 'story' && $plugin != 'user') {
$url .= '&plugin=' . $plugin;
}
}
break;
case 'plugin':
$url = $_CONF['site_url'] . "/{$plugin}/index.php";
if (!empty($msg)) {
$url .= '?' . $msg;
}
break;
case 'list':
default:
if ($plugin == 'story') {
$url = $_CONF['site_admin_url'] . "/{$plugin}.php";
} elseif ($plugin == 'user') {
$url = $_CONF['site_admin_url'] . "/user.php";
} else {
$url = $_CONF['site_admin_url'] . "/plugins/{$plugin}/index.php";
}
if (!empty($msg)) {
$url .= '?' . $msg;
}
break;
}
COM_redirect($url);
}
/**
* article: delete a comment
*
* @param int $cid Comment to be deleted
* @param string $id Item id to which $cid belongs
* @return mixed false for failure, HTML string (redirect?) for success
*/
function plugin_deletecomment_article($cid, $id)
{
global $_CONF, $_TABLES, $_USER;
$retval = '';
$has_editPermissions = SEC_hasRights('story.edit');
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon " . "FROM {$_TABLES['stories']} WHERE sid = '{$id}'");
$A = DB_fetchArray($result);
if ($has_editPermissions && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3) {
CMT_deleteComment($cid, $id, 'article');
$comments = DB_count($_TABLES['comments'], 'sid', $id);
DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $id);
// Comment count in Older Stories block may have changed so delete cache
$cacheInstance = 'olderstories__';
// remove all olderstories instances
CACHE_remove_instance($cacheInstance);
COM_redirect(COM_buildUrl($_CONF['site_url'] . "/article.php?story={$id}") . '#comments');
} else {
COM_errorLog("User {$_USER['username']} (IP: {$_SERVER['REMOTE_ADDR']}) " . "tried to illegally delete comment {$cid} from {$id}");
COM_redirect($_CONF['site_url'] . '/index.php');
}
return $retval;
}
/**
* Copies a record from one table to another (can be the same table)
* This will use a REPLACE INTO...SELECT FROM to copy a record from one table
* to another table. They can be the same table.
*
* @param string $table Table to insert record into
* @param string $fields Comma delimited list of fields to copy over
* @param string $values Values to store in database field
* @param string $tableFrom Table to get record from
* @param array|string $id Field name(s) to use in where clause
* @param array|string $value Value(s) to use in where clause
* @param string $return_page Page to send user to when done
*/
function DB_copy($table, $fields, $values, $tableFrom, $id, $value, $return_page = '')
{
global $_DB;
$_DB->dbCopy($table, $fields, $values, $tableFrom, $id, $value);
if (!empty($return_page)) {
COM_redirect("{$return_page}");
}
}
// | |
// | This program is free software; you can redistribute it and/or |
// | modify it under the terms of the GNU General Public License |
// | as published by the Free Software Foundation; either version 2 |
// | of the License, or (at your option) any later version. |
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +--------------------------------------------------------------------------+
require_once '../lib-common.php';
$display = '';
if (!SEC_inGroup('Root')) {
$display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally access the clear cache.");
COM_output($display);
exit;
}
/*
* Main processing
*/
CTL_clearCache();
COM_redirect($_CONF['site_admin_url'] . '/index.php?msg=500');
$sessid = SESS_newSession($_USER['uid'], $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']);
SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
PLG_loginUser($_USER['uid']);
// Now that we handled session cookies, handle longterm cookie
if (!isset($_COOKIE[$_CONF['cookie_name']])) {
// Either their cookie expired or they are new
$cooktime = COM_getUserCookieTimeout();
if (!empty($cooktime)) {
// They want their cookie to persist for some amount of time so set it now
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $cooktime);
}
}
if (!SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,syndication.edit', 'OR')) {
COM_redirect($_CONF['site_admin_url'] . '/index.php');
} else {
COM_redirect($_CONF['site_url'] . '/index.php');
}
} elseif (!SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') && count(PLG_getAdminOptions()) == 0 && !SEC_hasConfigAccess()) {
COM_updateSpeedlimit('login');
$display .= COM_startBlock($LANG20[1]);
if (!$_CONF['user_login_method']['standard']) {
$display .= '<p>' . $LANG_LOGIN[2] . '</p>';
} else {
if (isset($_POST['warn'])) {
$display .= $LANG20[2] . '<br' . XHTML . '><br' . XHTML . '>' . COM_accessLog($LANG20[3] . ' ' . $_POST['loginname']);
}
$display .= '<form action="' . $_CONF['site_admin_url'] . '/index.php" method="post">' . '<table cellspacing="0" cellpadding="3" border="0" width="100%">' . LB . '<tr><td class="alignright"><b><label for="loginname">' . $LANG20[4] . '</label></b></td>' . LB . '<td><input type="text" name="loginname" id="loginname" size="16" maxlength="16"' . XHTML . '></td>' . LB . '</tr>' . LB . '<tr>' . LB . '<td class="alignright"><b><label for="passwd">' . $LANG20[5] . '</label></b></td>' . LB . '<td><input type="password" name="passwd" id="passwd" size="16"' . XHTML . '></td>' . '</tr>' . LB . '<tr>' . LB . '<td colspan="2" align="center" class="warning">' . $LANG20[6] . '<input type="hidden" name="warn" value="1"' . XHTML . '>' . '<br' . XHTML . '><input type="submit" name="mode" value="' . $LANG20[7] . '"' . XHTML . '></td>' . LB . '</tr>' . LB . '</table></form>';
}
$display .= COM_endBlock();
$display = COM_createHTMLDocument($display);
COM_output($display);
/**
* Delete a topic
*
* @param string $tid Topic ID
* @return string HTML redirect
*/
function deleteTopic($tid)
{
global $_CONF, $_TABLES, $_USER, $_TOPICS;
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid ='{$tid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete topic {$tid}.");
COM_redirect($_CONF['site_admin_url'] . '/topic.php');
}
// Update any child topics to root and un hide them
DB_query("UPDATE {$_TABLES['topics']} SET parent_id = '" . TOPIC_ROOT . "', hidden = 0 WHERE parent_id = '{$tid}'");
// same with feeds
DB_query("UPDATE {$_TABLES['syndication']} SET topic = '::all', is_enabled = 0 WHERE topic = '{$tid}'");
// Need to cycle through stories from topic
// Only delete story if only this one topic
// Make sure to check if this topic is default for story. If is make another topic default.
$object_tables[] = $_TABLES['stories'];
$object_tables[] = $_TABLES['storysubmission'];
$object_tables[] = $_TABLES['blocks'];
$object_tables_id[$_TABLES['stories']] = 'sid';
$object_tables_id[$_TABLES['storysubmission']] = 'sid';
$object_tables_id[$_TABLES['blocks']] = 'bid';
$object_type[$_TABLES['stories']] = 'article';
$object_type[$_TABLES['storysubmission']] = 'article';
$object_type[$_TABLES['blocks']] = 'block';
foreach ($object_tables as $object_table) {
$sql = "SELECT {$object_tables_id[$object_table]}, ta.tdefault\n FROM {$object_table}, {$_TABLES['topic_assignments']} ta\n WHERE ta.type = '{$object_type[$object_table]}' AND ta.id = CAST({$object_tables_id[$object_table]} AS CHAR) AND ta.tid = '{$tid}'";
$result = DB_query($sql);
$numStories = DB_numRows($result);
for ($i = 0; $i < $numStories; $i++) {
$A = DB_fetchArray($result);
// Now check if another topic exists for this story
$sql = "SELECT {$object_tables_id[$object_table]}, ta.tid\n FROM {$object_table}, {$_TABLES['topic_assignments']} ta\n WHERE ta.type = '{$object_type[$object_table]}' AND ta.id = {$object_tables_id[$object_table]}\n AND ta.tid <> '{$tid}' AND {$object_tables_id[$object_table]} = '{$A[$object_tables_id[$object_table]]}'";
$resultB = DB_query($sql);
$numTopics = DB_numRows($resultB);
if ($numTopics == 0) {
// Delete comments, trackbacks, images associated with stories in this topic since only topic
if ($object_table == $_TABLES['stories'] || $object_table == $_TABLES['storysubmission']) {
STORY_deleteImages($A['sid']);
DB_delete($_TABLES['comments'], array('sid', 'type'), array($A['sid'], 'article'));
DB_delete($_TABLES['trackback'], array('sid', 'type'), array($A['sid'], 'article'));
if ($object_table == $_TABLES['stories']) {
PLG_itemDeleted($A['sid'], 'article');
}
}
DB_delete($object_table, $object_tables_id[$object_table], $A[$object_tables_id[$object_table]]);
} else {
// Story still exists for other topics so make sure one is default
if ($object_table == $_TABLES['stories'] || $object_table == $_TABLES['storysubmission']) {
if ($A['tdefault'] == 1) {
$B = DB_fetchArray($resultB);
$sql = "UPDATE {$_TABLES['topic_assignments']} SET tdefault = 1 WHERE type = 'article' AND tid = '{$B['tid']}' AND id = '{$B['sid']}'";
DB_query($sql);
}
}
}
}
}
// Notify of Delete topic so other plugins can deal with their items without topics
PLG_itemDeleted($tid, 'topic');
// delete these
DB_delete($_TABLES['topic_assignments'], 'tid', $tid);
DB_delete($_TABLES['topics'], 'tid', $tid);
// Reorder Topics, Delete topic cache and reload topic tree
reorderTopics();
// update feed(s)
COM_rdfUpToDateCheck('article');
COM_redirect($_CONF['site_admin_url'] . '/topic.php?msg=14');
}
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
###############################################################################
/**
* Geeklog common function library
*/
require_once '../lib-common.php';
/**
* Security check to ensure user even belongs on this page
*/
require_once 'auth.inc.php';
// MAIN
if (isset($_GET['mode']) && $_GET['mode'] == 'logout') {
COM_redirect($_CONF['site_url'] . '/users.php?mode=logout');
}
/**
* Display a reminder to execute the security check script
*
* @return string HTML for security reminder (or empty string)
*/
function security_check_reminder()
{
global $_CONF, $_TABLES, $_IMAGE_TYPE, $MESSAGE;
$retval = '';
if (!SEC_inGroup('Root')) {
return $retval;
}
$done = DB_getItem($_TABLES['vars'], 'value', "name = 'security_check'");
if ($done != 1) {
