function headerCss() { $pref = e107::getPref(); echo "<!-- *CSS* -->\n"; $e_js = e107::getJs(); // Core CSS - XXX awaiting for path changes if (!isset($no_core_css) || !$no_core_css) { //echo "<link rel='stylesheet' href='".e_FILE_ABS."e107.css' type='text/css' />\n"; $e_js->otherCSS('{e_WEB_CSS}e107.css'); } if (!defsettrue('e_IFRAME') && isset($pref['admincss']) && $pref['admincss']) { $css_file = file_exists(THEME . 'admin_' . $pref['admincss']) ? 'admin_' . $pref['admincss'] : $pref['admincss']; //echo "<link rel='stylesheet' href='".$css_file."' type='text/css' />\n"; $e_js->themeCSS($css_file); } elseif (isset($pref['themecss']) && $pref['themecss']) { $css_file = file_exists(THEME . 'admin_' . $pref['themecss']) ? 'admin_' . $pref['themecss'] : $pref['themecss']; //echo "<link rel='stylesheet' href='".$css_file."' type='text/css' />\n"; $e_js->themeCSS($css_file); } else { $css_file = file_exists(THEME . 'admin_style.css') ? 'admin_style.css' : 'style.css'; //echo "<link rel='stylesheet' href='".$css_file."' type='text/css' />\n"; $e_js->themeCSS($css_file); } $e_js->renderJs('other_css', false, 'css', false); echo "\n<!-- footer_other_css -->\n"; // Core CSS $e_js->renderJs('core_css', false, 'css', false); echo "\n<!-- footer_core_css -->\n"; // Plugin CSS $e_js->renderJs('plugin_css', false, 'css', false); echo "\n<!-- footer_plugin_css -->\n"; // Theme CSS //echo "<!-- Theme css -->\n"; $e_js->renderJs('theme_css', false, 'css', false); echo "\n<!-- footer_theme_css -->\n"; // Inline CSS - not sure if this should stay at all! $e_js->renderJs('inline_css', false, 'css', false); echo "\n<!-- footer_inline_css -->\n"; /* echo "<!-- Theme css -->\n"; if (strpos(e_SELF.'?'.e_QUERY, 'menus.php?configure') === FALSE && isset($pref['admincss']) && $pref['admincss'] && file_exists(THEME.$pref['admincss'])) { $css_file = file_exists(THEME.'admin_'.$pref['admincss']) ? THEME_ABS.'admin_'.$pref['admincss'] : THEME_ABS.$pref['admincss']; echo "<link rel='stylesheet' href='".$css_file."' type='text/css' />\n"; } else if (isset($pref['themecss']) && $pref['themecss'] && file_exists(THEME.$pref['themecss'])) { $css_file = file_exists(THEME.'admin_'.$pref['themecss']) ? THEME_ABS.'admin_'.$pref['themecss'] : THEME_ABS.$pref['themecss']; echo "<link rel='stylesheet' href='".$css_file."' type='text/css' />\n"; } else { $css_file = file_exists(THEME.'admin_style.css') ? THEME_ABS.'admin_style.css' : THEME_ABS.'style.css'; echo "<link rel='stylesheet' href='".$css_file."' type='text/css' />\n"; } if (!isset($no_core_css) || !$no_core_css) { echo "<link rel='stylesheet' href='".e_WEB_CSS."e107.css' type='text/css' />\n"; } * */ }
} else { $row = $sql->db_Fetch(); if ($row['gen_datestamp'] + 604800 < time()) { require_once e_HANDLER . "cache_handler.php"; $ec = new ecache(); $ec->clear(); $sql->db_Update('generic', "gen_datestamp='" . time() . "' WHERE gen_type='empty_cache'"); } } } } // // B.2 Send footer template, stop timing, send simple page stats // //NEW - Iframe mod if (!defsettrue('e_IFRAME')) { parse_admin($ADMIN_FOOTER); } $eTimingStop = microtime(); global $eTimingStart; $clockTime = e107::getSingleton('e107_traffic')->TimeDelta($eTimingStart, $eTimingStop); $dbPercent = 100.0 * $db_time / $clockTime; // Format for display or logging $rendertime = number_format($clockTime, 2); // Clock time during page render $db_time = number_format($db_time, 2); // Clock time in DB render $dbPercent = number_format($dbPercent, 0); // DB as percent of clock $memuse = eHelper::getMemoryUsage(); // Memory at end, in B/KB/MB/GB ;)
function show_create_item() { $pref = e107::getPref(); $this->_pre_create(); require_once e_HANDLER . "userclass_class.php"; // require_once(e_HANDLER."form_handler.php"); // $frm = new e_form(true); //enable inner tabindex counter $frm = e107::getForm(); $text = ''; if (isset($_POST['preview'])) { $text = $this->preview_item($this->getId()); } $sub_action = $this->getSubAction(); $id = $this->getSubAction() != 'sn' && $this->getSubAction() != 'upload' ? $this->getId() : 0; $e107 = e107::getInstance(); $tp = e107::getParser(); $sql = e107::getDb(); if ($sub_action == "sn" && !varset($_POST['preview'])) { if ($sql->db_Select("submitnews", "*", "submitnews_id=" . $this->getId(), TRUE)) { //list($id, $submitnews_name, $submitnews_email, $_POST['news_title'], $submitnews_category, $_POST['news_body'], $submitnews_datestamp, $submitnews_ip, $submitnews_auth, $submitnews_file) = $sql->db_Fetch(); $row = $sql->db_Fetch(); $_POST['news_title'] = $row['submitnews_title']; $_POST['news_body'] = $row['submitnews_item']; $_POST['cat_id'] = $row['submitnews_category']; if (defsettrue('e_WYSIWYG')) { if (substr($_POST['news_body'], -7, 7) == '[/html]') { $_POST['news_body'] = substr($_POST['news_body'], 0, -7); } if (substr($_POST['news_body'], 0, 6) == '[html]') { $_POST['news_body'] = substr($_POST['news_body'], 6); } $_POST['news_body'] .= "<br /><b>" . NWSLAN_49 . " {$row['submitnews_name']}</b>"; $_POST['news_body'] .= $row['submitnews_file'] ? "<br /><br /><img src='{e_NEWSIMAGE}{$row['submitnews_file']}' class='f-right' />" : ''; } else { $_POST['news_body'] .= "\n[[b]" . NWSLAN_49 . " {$row['submitnews_name']}[/b]]"; $_POST['news_body'] .= $row['submitnews_file'] ? "\n\n[img]{e_NEWSIMAGE}{$row['submitnews_file']}[/img]" : ""; } $_POST['data'] = $tp->dataFilter($_POST['data']); // Filter any nasties $_POST['news_title'] = $tp->dataFilter($_POST['news_title']); } } /* if ($sub_action == "upload" && !varset($_POST['preview'])) { if ($sql->db_Select('upload', '*', "upload_id=".$this->getId())) { $row = $sql->db_Fetch(); $post_author_id = substr($row['upload_poster'], 0, strpos($row['upload_poster'], ".")); $post_author_name = substr($row['upload_poster'], (strpos($row['upload_poster'], ".")+1)); $match = array(); //XXX DB UPLOADS STILL SUPPORTED? $upload_file = "pub_" . (preg_match('#Binary\s(.*?)\/#', $row['upload_file'], $match) ? $match[1] : $row['upload_file']); $_POST['news_title'] = LAN_UPLOAD.": ".$row['upload_name']; $_POST['news_body'] = $row['upload_description']."\n[b]".NWSLAN_49." [link=".$e107->url->create('user/profile/view', 'id='.$post_author_id.'&name='.$post_author_name)."]".$post_author_name."[/link][/b]\n\n[file=request.php?".$upload_file."]{$row['upload_name']}[/file]\n"; } } */ $text .= "\n\t\t<div class='admintabs' id='tab-container'>\n\t\t\t<ul class='e-tabs' id='core-emote-tabs'>\n\t\t\t\t<li id='tab-general'><a href='#core-newspost-create'>" . LAN_NEWS_52 . "</a></li>\n\t\t\t\t<li id='tab-seo'><a href='#core-newspost-seo'>SEO</a></li>\n\t\t\t\t<li id='tab-advanced'><a href='#core-newspost-edit-options'>" . LAN_NEWS_53 . "</a></li>\n\t\t\t</ul>\n\t\t\t<form method='post' action='" . e_SELF . "?" . e_QUERY . "' id='core-newspost-create-form' " . (FILE_UPLOADS ? "enctype='multipart/form-data'" : "") . " >\n\t\t\t\t<fieldset id='core-newspost-create'>\n\t\t\t\t\t<legend>" . LAN_NEWS_52 . "</legend>\n\t\t\t\t\t<table class='table adminform'>\n\t\t\t\t\t\t<colgroup>\n\t\t\t\t\t\t\t<col class='col-label' />\n\t\t\t\t\t\t\t<col class='col-control' />\n\t\t\t\t\t\t</colgroup>\n\t\t\t\t\t\t<tbody>\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td>" . NWSLAN_6 . ": </td>\n\t\t\t\t\t\t\t\t<td>\n\t\t"; if (!$this->news_categories) { $text .= NWSLAN_10; } else { // $text .= $frm->selectbox("cat_id",$this->news_category,$_POST['cat_id']); $text .= $frm->select_open('cat_id'); foreach ($this->news_categories as $row) { $text .= $frm->option($tp->toHTML($row['category_name'], FALSE, "LINKTEXT"), $row['category_id'], varset($_POST['cat_id']) == $row['category_id']); } $text .= "</select>"; } $text .= "\n\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td>" . NWSLAN_12 . ":</td>\n\t\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t<input type='text' name='news_title' value=\"" . $tp->post_toForm($_POST['news_title']) . "\" class='tbox' style='width:90%' required='required' />\n\t\t\t\t\t\t\t\t\t" . "\n\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t</tr>\n\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td>" . LAN_NEWS_27 . ":</td>\n\t\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t<input type='text' name='news_summary' value=\"" . $tp->post_toForm($_POST['news_summary']) . "\" class='tbox' style='width:90%' />\n\t\t\t\t\t\t\t\t\t" . "\n\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\n\t\t<tr>\n\t\t\t\t\t\t\t\t<td>" . LAN_TEMPLATE . ":</td>\n\t\t\t\t\t\t\t\t<td>\n\t\t"; //XXX multiple-selections at once. (comma separated) - working $text .= $frm->selectbox('news_render_type', $this->news_renderTypes, $_POST['news_render_type'], "multiple=1", array(NWSLAN_74)) . "\n\t\t\t\t\t\t\t\t\t\t<div class='field-help'>\n\t\t\t\t\t\t\t\t\t\t\t" . NWSLAN_74 . "\n\t\t\t\t\t\t\t\t\t\t</div>\n\t\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t"; // -------- News Author --------------------- $text .= "\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td>" . LAN_NEWS_50 . ":</td>\n\t\t\t\t\t\t\t\t<td>\n\t\t"; if (!getperms('0') && !check_class($pref['news_editauthor'])) { $auth = $_POST['news_author'] ? intval($_POST['news_author']) : USERID; $e107->sql->db_Select("user", "user_name", "user_id={$auth} LIMIT 1"); $row = $e107->sql->db_Fetch(MYSQL_ASSOC); $text .= "<input type='hidden' name='news_author' value='" . $auth . chr(35) . $row['user_name'] . "' />"; $text .= "<a href='" . $e107->url->create('user/profile/view', 'name=' . $row['user_name'] . '&id=' . $_POST['news_author']) . "'>" . $row['user_name'] . "</a>"; } else { $text .= $frm->select_open('news_author'); $qry = "SELECT user_id,user_name FROM #user WHERE user_perms = '0' OR user_perms = '0.' OR user_perms REGEXP('(^|,)(H)(,|\$)') "; if ($pref['subnews_class'] && $pref['subnews_class'] != e_UC_GUEST && $pref['subnews_class'] != e_UC_NOBODY) { if ($pref['subnews_class'] == e_UC_MEMBER) { $qry .= " OR user_ban != 1"; } elseif ($pref['subnews_class'] == e_UC_ADMIN) { $qry .= " OR user_admin = 1"; } else { $qry .= " OR FIND_IN_SET(" . intval($pref['subnews_class']) . ", user_class) "; } } $sql->db_Select_gen($qry); while ($row = $sql->db_Fetch()) { if ($_POST['news_author']) { $sel = $_POST['news_author'] == $row['user_id']; } else { $sel = USERID == $row['user_id']; } $text .= $frm->option($row['user_name'], $row['user_id'] . chr(35) . $row['user_name'], $sel); } $text .= "</select>\n\t\t\t"; } $text .= "</td></tr>\n"; // ----- $text .= "<tr>\n\t\t\t\t\t\n\t\t\t\t\t<td colspan='2'>\n"; $text .= "<div class='e-tabs'>\n\t\t<ul>\n\t\t\t<li><a href='#news-body-container'>" . NWSLAN_13 . "</a></li>\n\t\t\t<li><a href='#news-extended-container'>" . NWSLAN_14 . "</a></li>\n\t\t</ul>"; $val = strstr($tp->post_toForm($_POST['news_body']), "[img]http") ? $tp->post_toForm($_POST['news_body']) : str_replace("[img]../", "[img]", $tp->post_toForm($_POST['news_body'])); $text .= "<div id='news-body-container' class='e-tab'>"; $text .= $frm->bbarea('news_body', $val, 'news', 'news'); $text .= "</div><div id='news-extended-container' class='t-container'>"; $val = strstr($tp->post_toForm($_POST['news_extended']), "[img]http") ? $tp->post_toForm($_POST['news_extended']) : str_replace("[img]../", "[img]", $tp->post_toForm($_POST['news_extended'])); $text .= $frm->bbarea('news_extended', $val, 'extended', 'news', 'large'); $text .= "</div>\n\t\t\t</div></td></tr>"; //----------- /* $text .= " <tr> <td>".NWSLAN_13.":<br /></td> <td> "; $val = (strstr($tp->post_toForm($_POST['news_body']), "[img]http") ? $tp->post_toForm($_POST['news_body']) : str_replace("[img]../", "[img]", $tp->post_toForm($_POST['news_body']))); $text .= $frm->bbarea('news_body', $val, 'news', 'helpb'); // Extended news form textarea // Fixes Firefox issue with hidden wysiwyg textarea. // XXX - WYSIWYG is already plugin, this should go // if(defsettrue('e_WYSIWYG')) $ff_expand = "tinyMCE.execCommand('mceResetDesignMode')"; $val = (strstr($tp->post_toForm($_POST['news_extended']), "[img]http") ? $tp->post_toForm($_POST['news_extended']) : str_replace("[img]../", "[img]", $tp->post_toForm($_POST['news_extended']))); $text .= " </td> </tr> <tr> <td>".NWSLAN_14.":</td> <td> ".$frm->bbarea('news_extended', $val, 'extended', 'helpc')." <!-- <div class='field-help'>".NWSLAN_83."</div> --> </td> </tr>"; /* /* $text .= " <tr> <td>".NWSLAN_66.":</td> <td>"; $text .= $frm->mediaUrl('news', NWSLAN_69); $text .= " </td> </tr>"; */ $text .= "\n\t\n\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t<td>" . NWSLAN_67 . ":<br />\n\t\t\t\t\t\t\t\t\t\t" . $frm->help(LAN_NEWS_23) . "</td>\n\t\t\t\t\t\t\t\t\t\t<td>\n\t\t\t\t"; if (vartrue($_POST['news_thumbnail']) && $_POST['news_thumbnail'][0] != "{") { $_POST['news_thumbnail'] = "{e_IMAGE}newspost_images/" . $_POST['news_thumbnail']; } $text .= $frm->imagepicker('news_thumbnail', $_POST['news_thumbnail'], '', 'news'); $text .= "\n\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t</tbody>\n\t\t\t\t\t</table>\n\t\t\t\t</fieldset>\n\t\t"; //BEGIN SEO block $text .= "\n\t\t\t\t<fieldset id='core-newspost-seo'>\n\t\t\t\t\t<legend>SEO</legend>\n\t\t\t\t\t<table class='table adminform'>\n\t\t\t\t\t\t<colgroup>\n\t\t\t\t\t\t\t<col class='col-label' />\n\t\t\t\t\t\t\t<col class='col-control' />\n\t\t\t\t\t\t</colgroup>\n\t\t\t\t\t\t<tbody>\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td>Friendly URL string: </td>\n\t\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t\t" . $frm->text('news_sef', $tp->post_toForm($_POST['news_sef']), 255) . "\n\t\t\t\t\t\t\t\t\t<div class='field-help'>If left empty will be automatically created from current News Title based on your current <a href='" . e_ADMIN_ABS . "eurl.php?mode=main&action=settings' title='To URL settings area' rel='external'>URL settings</a></div>\n\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t</tr>\n\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td>" . LAN_KEYWORDS . ": </td>\n\t\t\t\t\t\t\t\t<td>" . $frm->tags('news_meta_keywords', $tp->post_toForm($_POST['news_meta_keywords']), 255) . "\n\t\t\t\t\t\t\t\t<div class='field-help'>Keywords/tags associated to associate with this news item</div>\n\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\n\t\t\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td>Meta description: </td>\n\t\t\t\t\t\t\t\t<td>" . $frm->textarea('news_meta_description', $tp->post_toForm($_POST['news_meta_description']), 7) . "</td>\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t</tbody>\n\t\t\t\t\t</table>\n\t\t\t\t</fieldset>\n\t\t"; //BEGIN Options block $text .= "\n\t\t\t\t<fieldset id='core-newspost-edit-options'>\n\t\t\t\t\t<legend>" . LAN_NEWS_53 . "</legend>\n\t\t\t\t\t<table class='table adminform'>\n\t\t\t\t\t\t<colgroup>\n\t\t\t\t\t\t\t<col class='col-label' />\n\t\t\t\t\t\t\t<col class='col-control' />\n\t\t\t\t\t\t</colgroup>\n\t\t\t\t\t\t<tbody>\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td>" . NWSLAN_15 . ":</td>\n\t\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t\t" . $frm->radio('news_allow_comments', 0, !$_POST['news_allow_comments']) . "" . $frm->label(LAN_ENABLED, 'news_allow_comments', 0) . " \n\t\t\t\t\t\t\t\t\t" . $frm->radio('news_allow_comments', 1, $_POST['news_allow_comments']) . "" . $frm->label(LAN_DISABLED, 'news_allow_comments', 1) . "\n\t\t\t\t\t\t\t\t\t<div class='field-help'>\n\t\t\t\t\t\t\t\t\t\t" . NWSLAN_18 . "\n\t\t\t\t\t\t\t\t\t</div>\n\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td>" . NWSLAN_19 . ":</td>\n\t\t\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t\t\t<div class='field-spacer'>" . NWSLAN_21 . ":</div>\n\t\t\t\t\t\t\t\t\t\t<div class='field-spacer'>\n\t\t"; $text .= $frm->datepicker("news_start", $_POST['news_start'], "type=datetime"); $text .= " - "; $text .= $frm->datepicker("news_end", $_POST['news_end'], "type=datetime"); $text .= "</div>\n\t\t\t\t\t\t\t\t\t\t<div class='field-help'>\n\t\t\t\t\t\t\t\t\t\t\t" . NWSLAN_72 . "\n\t\t\t\t\t\t\t\t\t\t</div>\n\t\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td>" . LAN_NEWS_32 . ":</td>\n\t\t\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t\t\t<div class='field-spacer'>\n\t\t"; $text .= $frm->datepicker("news_datestamp", $_POST['news_datestamp'], "type=datetime"); $text .= "</div>"; /* $text .= "<div class='field-spacer'> ".$frm->checkbox('update_datestamp', '1', $_POST['update_datestamp']).$frm->label(NWSLAN_105, 'update_datestamp', '1')." </div> <div class='field-help'> ".LAN_NEWS_33." </div>"; */ $text .= "\n\t\t\t</td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t"; // --------------------- News Userclass --------------------------- $text .= "\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td>" . NWSLAN_22 . ":</td>\n\t\t\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t\t\t" . $frm->uc_select('news_userclass[]', vartrue($_POST['news_class'], 0), 'nobody,public,guest,member,admin,classes,language', 'description=1&multiple=1') . "\n\t\t\t\t\t\t\t\t\t\t<div class='field-help'>\n\t\t\t\t\t\t\t\t\t\t\t" . NWSLAN_84 . "\n\t\t\t\t\t\t\t\t\t\t</div>\n\t\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td>" . LAN_NEWS_28 . ":</td>\n\t\t\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t\t\t" . $frm->checkbox('news_sticky', '1', $_POST['news_sticky']) . $frm->label(LAN_NEWS_29, 'news_sticky', '1') . "\n\t\t\t\t\t\t\t\t\t\t<div class='field-help'>\n\t\t\t\t\t\t\t\t\t\t\t" . LAN_NEWS_30 . "\n\t\t\t\t\t\t\t\t\t\t</div>\n\t\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t"; if ($pref['trackbackEnabled']) { $text .= "\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td>" . LAN_NEWS_34 . ":</td>\n\t\t\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t\t\t<a class='e-pointer' onclick='expandit(this);'>" . LAN_NEWS_35 . "</a>\n\t\t\t\t\t\t\t\t\t\t<div class='e-hideme'>\n\t\t\t\t\t\t\t\t\t\t\t<div class='field-spacer'>\n\t\t\t\t\t\t\t\t\t\t\t\t<span class='smalltext'>" . LAN_NEWS_37 . "</span>\n\t\t\t\t\t\t\t\t\t\t\t</div>\n\t\t\t\t\t\t\t\t\t\t\t<div class='field-spacer'>\n\t\t\t\t\t\t\t\t\t\t\t\t<textarea class='tbox textarea' name='trackback_urls' style='width:95%' cols='80' rows='5'>" . $_POST['trackback_urls'] . "</textarea>\n\t\t\t\t\t\t\t\t\t\t\t</div>\n\t\t\t\t\t\t\t\t\t\t</div>\n\t\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t"; } //triggerHook $data = array('method' => 'form', 'table' => 'news', 'id' => $id, 'plugin' => 'news', 'function' => 'create_item'); $hooks = e107::getEvent()->triggerHook($data); if (!empty($hooks)) { $text .= "\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td colspan='2' >" . LAN_HOOKS . " </td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t"; foreach ($hooks as $hook) { if (!empty($hook)) { $text .= "\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td>" . $hook['caption'] . "</td>\n\t\t\t\t\t\t\t\t\t<td>" . $hook['text'] . "</td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t"; } } } $text .= "\n\t\t\t\t\t\t</tbody>\n\t\t\t\t\t</table>\n\t\t\t\t</fieldset>\n\t\t\t\t<div class='buttons-bar center'>\n\t\t\t\t\t" . $frm->admin_button('preview', isset($_POST['preview']) ? NWSLAN_24 : NWSLAN_27, 'other') . "\n\t\t\t\t\t" . $frm->admin_button('submit_news', $id && $sub_action != "sn" && $sub_action != "upload" ? NWSLAN_25 : NWSLAN_26, 'update') . "\n\t\t\t\t\t" . $frm->checkbox('create_edit_stay', 1, isset($_POST['create_edit_stay'])) . $frm->label(LAN_NEWS_54, 'create_edit_stay', 1) . "\n\t\t\t\t\t<input type='hidden' name='news_id' value='{$id}' />\n\t\t\t\t</div>\n\t\t\t</form>\n\t\t</div>\n\n\t\t"; $emessage = eMessage::getInstance(); echo $emessage->render() . $text; // $e107->ns->tablerender($this->getSubAction() == 'edit' ? NWSLAN_29a : NWSLAN_29, $emessage->render().$text); }
/** * Define e_PAGE, e_SELF, e_ADMIN_AREA and USER_AREA; * The following files are assumed to use admin theme: * 1. Any file in the admin directory (check for non-plugin added to avoid mismatches) * 2. any plugin file starting with 'admin_' * 3. any plugin file in a folder called admin/ * 4. any file that specifies $eplug_admin = TRUE; or ADMIN_AREA = TRUE; * NOTE: USER_AREA = true; will force e_ADMIN_AREA to FALSE * * @param boolean $no_cbrace remove curly brackets from the url * @return e107 */ public function set_urls($no_cbrace = true) { //global $PLUGINS_DIRECTORY,$ADMIN_DIRECTORY, $eplug_admin; $PLUGINS_DIRECTORY = $this->getFolder('plugins'); $ADMIN_DIRECTORY = $this->getFolder('admin'); // Outdated /*$requestQry = ''; $requestUrl = $_SERVER['REQUEST_URI']; if(strpos($_SERVER['REQUEST_URI'], '?') !== FALSE) list($requestUrl, $requestQry) = explode("?", $_SERVER['REQUEST_URI'], 2); */ $eplug_admin = vartrue($GLOBALS['eplug_admin'], false); // Leave e_SELF BC, use e_REQUEST_SELF instead /*// moved after page check - e_PAGE is important for BC if($requestUrl && $requestUrl != $_SERVER['PHP_SELF']) { $_SERVER['PHP_SELF'] = $requestUrl; }*/ $eSelf = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_FILENAME']; $_self = $this->HTTP_SCHEME . '://' . $_SERVER['HTTP_HOST'] . $eSelf; if (!deftrue('e_SINGLE_ENTRY')) { $page = substr(strrchr($_SERVER['PHP_SELF'], '/'), 1); define('e_PAGE', $page); define('e_SELF', $_self); } // START New - request uri/url detection, XSS protection // TODO - move it to a separate method $requestUri = $requestUrl = ''; if (isset($_SERVER['HTTP_X_REWRITE_URL'])) { // check this first so IIS will catch $requestUri = $_SERVER['HTTP_X_REWRITE_URL']; $requestUrl = $this->HTTP_SCHEME . '://' . $_SERVER['HTTP_HOST'] . $requestUri; // fix request uri $_SERVER['REQUEST_URI'] = $requestUri; } elseif (isset($_SERVER['REQUEST_URI'])) { $requestUri = $_SERVER['REQUEST_URI']; $requestUrl = $this->HTTP_SCHEME . '://' . $_SERVER['HTTP_HOST'] . $requestUri; } else { // go back to e_SELF $requestUri = $eSelf; $requestUrl = $_self; if (e_QUERY) { $requestUri .= '?' . e_QUERY; // TODO e_SINGLE_ENTRY check, separate static method for cleaning QUERY_STRING $requestUrl .= '?' . e_QUERY; } } // FIXME - basic security - add url sanitize method to e_parse $check = rawurldecode($requestUri); // urlencoded by default // a bit aggressive XSS protection... convert to e.g. htmlentities if you are not a bad guy $checkregx = $no_cbrace ? '[<>\\{\\}]' : '[<>]'; if (preg_match('/' . $checkregx . '/', $check)) { header('HTTP/1.1 403 Forbidden'); exit; } // e_MENU fix if (e_MENU) { $requestUri = str_replace('[' . e_MENU . ']', '', $requestUri); $requestUrl = str_replace('[' . e_MENU . ']', '', $requestUrl); } // the last anti-XSS measure, XHTML compliant URL to be used in forms instead e_SELF define('e_REQUEST_URL', str_replace(array("'", '"'), array('%27', '%22'), $requestUrl)); // full request url string (including domain) define('e_REQUEST_SELF', array_shift(explode('?', e_REQUEST_URL))); // full URL without the QUERY string define('e_REQUEST_URI', str_replace(array("'", '"'), array('%27', '%22'), $requestUri)); // absolute http path + query string define('e_REQUEST_HTTP', array_shift(explode('?', e_REQUEST_URI))); // SELF URL without the QUERY string and leading domain part unset($requestUrl, $requestUri); // END request uri/url detection, XSS protection // e_SELF has the full HTML path $inAdminDir = FALSE; $isPluginDir = strpos($_self, '/' . $PLUGINS_DIRECTORY) !== FALSE; // True if we're in a plugin $e107Path = str_replace($this->base_path, '', $_self); // Knock off the initial bits if (!$isPluginDir && strpos($e107Path, $ADMIN_DIRECTORY) === 0 || $isPluginDir && (strpos(e_PAGE, '_admin.php') !== false || strpos(e_PAGE, 'admin_') === 0 || strpos($e107Path, 'admin/') !== FALSE) || (varsettrue($eplug_admin) || defsettrue('ADMIN_AREA'))) { $inAdminDir = TRUE; } if ($isPluginDir) { $temp = substr($e107Path, strpos($e107Path, '/') + 1); $plugDir = substr($temp, 0, strpos($temp, '/')); define('e_CURRENT_PLUGIN', $plugDir); define('e_PLUGIN_DIR', e_PLUGIN . e_CURRENT_PLUGIN . '/'); define('e_PLUGIN_DIR_ABS', e_PLUGIN_ABS . e_CURRENT_PLUGIN . '/'); } else { define('e_CURRENT_PLUGIN', ''); define('e_PLUGIN_DIR', ''); define('e_PLUGIN_DIR_ABS', ''); } // This should avoid further checks - NOTE: used in js_manager.php if (!defined('e_ADMIN_AREA')) { define('e_ADMIN_AREA', $inAdminDir && !deftrue('USER_AREA')); //Force USER_AREA added } define('ADMINDIR', $ADMIN_DIRECTORY); define('SITEURLBASE', $this->HTTP_SCHEME . '://' . $_SERVER['HTTP_HOST']); define('SITEURL', SITEURLBASE . e_HTTP); // login/signup define('e_SIGNUP', SITEURL . (file_exists(e_BASE . 'customsignup.php') ? 'customsignup.php' : 'signup.php')); if (!defined('e_LOGIN')) { define('e_LOGIN', SITEURL . (file_exists(e_BASE . 'customlogin.php') ? 'customlogin.php' : 'login.php')); } return $this; }
function sc_bb_preimagedir($parm) { if (defsettrue('e_WYSIWYG')) { return; } global $bbcode_imagedir; $bbcode_imagedir = $parm; return; }
//echo "<link rel='stylesheet' href='".e_FILE_ABS."e107.css' type='text/css' />\n"; $e_js->otherCSS('{e_WEB_CSS}e107.css'); } // Register Plugin specific CSS // DEPRECATED, use $e_js->pluginCSS('myplug', 'style/myplug.css'[, $media = 'all|screen|...']); if (isset($eplug_css) && $eplug_css) { if (!is_array($eplug_css)) { $eplug_css = array($eplug_css); } foreach ($eplug_css as $kcss) { // echo ($kcss[0] == "<") ? $kcss : "<link rel='stylesheet' href='{$kcss}' type='text/css' />\n"; $e_js->otherCSS($kcss); } } //NEW - Iframe mod if (!defsettrue('e_IFRAME') && isset($pref['admincss']) && $pref['admincss']) { $css_file = file_exists(THEME . 'admin_' . $pref['admincss']) ? 'admin_' . $pref['admincss'] : $pref['admincss']; //echo "<link rel='stylesheet' href='".$css_file."' type='text/css' />\n"; $e_js->themeCSS($css_file); } elseif (isset($pref['themecss']) && $pref['themecss']) { $css_file = file_exists(THEME . 'admin_' . $pref['themecss']) ? 'admin_' . $pref['themecss'] : $pref['themecss']; //echo "<link rel='stylesheet' href='".$css_file."' type='text/css' />\n"; $e_js->themeCSS($css_file); } else { $css_file = file_exists(THEME . 'admin_style.css') ? 'admin_style.css' : 'style.css'; //echo "<link rel='stylesheet' href='".$css_file."' type='text/css' />\n"; $e_js->themeCSS($css_file); } // FIXME: TEXTDIRECTION compatibility CSS (marj?) // TODO: probably better to externalise along with some other things above // possibility to overwrite some CSS definition according to TEXTDIRECTION
/** * Get type title (multi-language) * * @param string $type * @param string $message_stack * @return string title */ public static function getTitle($type, $message_stack = 'default') { if ($message_stack && $message_stack != 'default' && defined('EMESSLAN_TITLE_' . strtoupper($type . '_' . $message_stack))) { return constant('EMESSLAN_TITLE_' . strtoupper($type . '_' . $message_stack)); } return defsettrue('EMESSLAN_TITLE_' . strtoupper($type), ''); }
/** * Core CSF protection, see class2.php * Could be adopted by plugins for their own (different) protection logic * @param boolean $die * @return boolean */ public function check($die = true) { // define('e_TOKEN_NAME', 'e107_token_'.md5($_SERVER['HTTP_HOST'].e_HTTP)); // TODO e-token required for all system forms? // only if not disabled and not in 'cli' mod if (e_SECURITY_LEVEL < e_session::SECURITY_LEVEL_BALANCED || e107::getE107('cli')) { return true; } if ($this->getSessionId()) { if (isset($_POST['e-token']) && !$this->checkFormToken($_POST['e-token']) || isset($_GET['e-token']) && !$this->checkFormToken($_GET['e-token'])) { if (defsettrue('e_DEBUG')) { $details = "HOST: " . $_SERVER['HTTP_HOST'] . "\n"; $details .= "REQUEST_URI: " . $_SERVER['REQUEST_URI'] . "\n"; $details .= "_SESSION:\n"; $details .= print_r($_SESSION, true); $details .= "\n_POST:\n"; $details .= print_r($_POST, true); $details .= "\n_GET:\n"; $details .= print_r($_GET, true); $details .= "\nPlugins:\n"; $details .= print_r($pref['plug_installed'], true); e107::getAdminLog()->log_event('Unauthorized access!', $details, E_LOG_FATAL); } // do not redirect, prevent dead loop, save server resources if ($die) { die('Unauthorized access!'); } return false; } } if (!defined('e_TOKEN')) { // FREEZE token regeneration if minimal, ajax or iframe (ajax and iframe not implemented yet) request $_toFreeze = e107::getE107('minimal') || e107::getE107('ajax') || e107::getE107('iframe'); if (!defined('e_TOKEN_FREEZE') && $_toFreeze) { define('e_TOKEN_FREEZE', true); } // __form_token_regenerate set in footer, so if footer is not called, token will be never regenerated! if (e_SECURITY_LEVEL == e_session::SECURITY_LEVEL_INSANE && !deftrue('e_TOKEN_FREEZE') && $this->has('__form_token_regenerate')) { $this->_regenerateFormToken()->clear('__form_token_regenerate'); } define('e_TOKEN', $this->getFormToken()); } return true; }
/** * Get current theme name * * @return string */ public function getCurrentTheme() { // XXX - USERTHEME is defined only on user session init return $this->isInAdmin() ? e107::getPref('admintheme') : defsettrue('USERTHEME', e107::getPref('sitetheme')); }