function headerCss()
{
$pref = e107::getPref();
echo "<!-- *CSS* -->\n";
$e_js = e107::getJs();
// Core CSS - XXX awaiting for path changes
if (!isset($no_core_css) || !$no_core_css) {
//echo "<link rel='stylesheet' href='".e_FILE_ABS."e107.css' type='text/css' />\n";
$e_js->otherCSS('{e_WEB_CSS}e107.css');
}
if (!defsettrue('e_IFRAME') && isset($pref['admincss']) && $pref['admincss']) {
$css_file = file_exists(THEME . 'admin_' . $pref['admincss']) ? 'admin_' . $pref['admincss'] : $pref['admincss'];
//echo "<link rel='stylesheet' href='".$css_file."' type='text/css' />\n";
$e_js->themeCSS($css_file);
} elseif (isset($pref['themecss']) && $pref['themecss']) {
$css_file = file_exists(THEME . 'admin_' . $pref['themecss']) ? 'admin_' . $pref['themecss'] : $pref['themecss'];
//echo "<link rel='stylesheet' href='".$css_file."' type='text/css' />\n";
$e_js->themeCSS($css_file);
} else {
$css_file = file_exists(THEME . 'admin_style.css') ? 'admin_style.css' : 'style.css';
//echo "<link rel='stylesheet' href='".$css_file."' type='text/css' />\n";
$e_js->themeCSS($css_file);
}
$e_js->renderJs('other_css', false, 'css', false);
echo "\n<!-- footer_other_css -->\n";
// Core CSS
$e_js->renderJs('core_css', false, 'css', false);
echo "\n<!-- footer_core_css -->\n";
// Plugin CSS
$e_js->renderJs('plugin_css', false, 'css', false);
echo "\n<!-- footer_plugin_css -->\n";
// Theme CSS
//echo "<!-- Theme css -->\n";
$e_js->renderJs('theme_css', false, 'css', false);
echo "\n<!-- footer_theme_css -->\n";
// Inline CSS - not sure if this should stay at all!
$e_js->renderJs('inline_css', false, 'css', false);
echo "\n<!-- footer_inline_css -->\n";
/*
echo "<!-- Theme css -->\n";
if (strpos(e_SELF.'?'.e_QUERY, 'menus.php?configure') === FALSE && isset($pref['admincss']) && $pref['admincss'] && file_exists(THEME.$pref['admincss'])) {
$css_file = file_exists(THEME.'admin_'.$pref['admincss']) ? THEME_ABS.'admin_'.$pref['admincss'] : THEME_ABS.$pref['admincss'];
echo "<link rel='stylesheet' href='".$css_file."' type='text/css' />\n";
} else if (isset($pref['themecss']) && $pref['themecss'] && file_exists(THEME.$pref['themecss']))
{
$css_file = file_exists(THEME.'admin_'.$pref['themecss']) ? THEME_ABS.'admin_'.$pref['themecss'] : THEME_ABS.$pref['themecss'];
echo "<link rel='stylesheet' href='".$css_file."' type='text/css' />\n";
}
else
{
$css_file = file_exists(THEME.'admin_style.css') ? THEME_ABS.'admin_style.css' : THEME_ABS.'style.css';
echo "<link rel='stylesheet' href='".$css_file."' type='text/css' />\n";
}
if (!isset($no_core_css) || !$no_core_css) {
echo "<link rel='stylesheet' href='".e_WEB_CSS."e107.css' type='text/css' />\n";
}
* */
}
} else {
$row = $sql->db_Fetch();
if ($row['gen_datestamp'] + 604800 < time()) {
require_once e_HANDLER . "cache_handler.php";
$ec = new ecache();
$ec->clear();
$sql->db_Update('generic', "gen_datestamp='" . time() . "' WHERE gen_type='empty_cache'");
}
}
}
}
//
// B.2 Send footer template, stop timing, send simple page stats
//
//NEW - Iframe mod
if (!defsettrue('e_IFRAME')) {
parse_admin($ADMIN_FOOTER);
}
$eTimingStop = microtime();
global $eTimingStart;
$clockTime = e107::getSingleton('e107_traffic')->TimeDelta($eTimingStart, $eTimingStop);
$dbPercent = 100.0 * $db_time / $clockTime;
// Format for display or logging
$rendertime = number_format($clockTime, 2);
// Clock time during page render
$db_time = number_format($db_time, 2);
// Clock time in DB render
$dbPercent = number_format($dbPercent, 0);
// DB as percent of clock
$memuse = eHelper::getMemoryUsage();
// Memory at end, in B/KB/MB/GB ;)
function show_create_item()
{
$pref = e107::getPref();
$this->_pre_create();
require_once e_HANDLER . "userclass_class.php";
// require_once(e_HANDLER."form_handler.php");
// $frm = new e_form(true); //enable inner tabindex counter
$frm = e107::getForm();
$text = '';
if (isset($_POST['preview'])) {
$text = $this->preview_item($this->getId());
}
$sub_action = $this->getSubAction();
$id = $this->getSubAction() != 'sn' && $this->getSubAction() != 'upload' ? $this->getId() : 0;
$e107 = e107::getInstance();
$tp = e107::getParser();
$sql = e107::getDb();
if ($sub_action == "sn" && !varset($_POST['preview'])) {
if ($sql->db_Select("submitnews", "*", "submitnews_id=" . $this->getId(), TRUE)) {
//list($id, $submitnews_name, $submitnews_email, $_POST['news_title'], $submitnews_category, $_POST['news_body'], $submitnews_datestamp, $submitnews_ip, $submitnews_auth, $submitnews_file) = $sql->db_Fetch();
$row = $sql->db_Fetch();
$_POST['news_title'] = $row['submitnews_title'];
$_POST['news_body'] = $row['submitnews_item'];
$_POST['cat_id'] = $row['submitnews_category'];
if (defsettrue('e_WYSIWYG')) {
if (substr($_POST['news_body'], -7, 7) == '[/html]') {
$_POST['news_body'] = substr($_POST['news_body'], 0, -7);
}
if (substr($_POST['news_body'], 0, 6) == '[html]') {
$_POST['news_body'] = substr($_POST['news_body'], 6);
}
$_POST['news_body'] .= "<br /><b>" . NWSLAN_49 . " {$row['submitnews_name']}</b>";
$_POST['news_body'] .= $row['submitnews_file'] ? "<br /><br /><img src='{e_NEWSIMAGE}{$row['submitnews_file']}' class='f-right' />" : '';
} else {
$_POST['news_body'] .= "\n[[b]" . NWSLAN_49 . " {$row['submitnews_name']}[/b]]";
$_POST['news_body'] .= $row['submitnews_file'] ? "\n\n[img]{e_NEWSIMAGE}{$row['submitnews_file']}[/img]" : "";
}
$_POST['data'] = $tp->dataFilter($_POST['data']);
// Filter any nasties
$_POST['news_title'] = $tp->dataFilter($_POST['news_title']);
}
}
/*
if ($sub_action == "upload" && !varset($_POST['preview']))
{
if ($sql->db_Select('upload', '*', "upload_id=".$this->getId())) {
$row = $sql->db_Fetch();
$post_author_id = substr($row['upload_poster'], 0, strpos($row['upload_poster'], "."));
$post_author_name = substr($row['upload_poster'], (strpos($row['upload_poster'], ".")+1));
$match = array();
//XXX DB UPLOADS STILL SUPPORTED?
$upload_file = "pub_" . (preg_match('#Binary\s(.*?)\/#', $row['upload_file'], $match) ? $match[1] : $row['upload_file']);
$_POST['news_title'] = LAN_UPLOAD.": ".$row['upload_name'];
$_POST['news_body'] = $row['upload_description']."\n[b]".NWSLAN_49." [link=".$e107->url->create('user/profile/view', 'id='.$post_author_id.'&name='.$post_author_name)."]".$post_author_name."[/link][/b]\n\n[file=request.php?".$upload_file."]{$row['upload_name']}[/file]\n";
}
}
*/
$text .= "\n\t\t<div class='admintabs' id='tab-container'>\n\t\t\t<ul class='e-tabs' id='core-emote-tabs'>\n\t\t\t\t<li id='tab-general'><a href='#core-newspost-create'>" . LAN_NEWS_52 . "</a></li>\n\t\t\t\t<li id='tab-seo'><a href='#core-newspost-seo'>SEO</a></li>\n\t\t\t\t<li id='tab-advanced'><a href='#core-newspost-edit-options'>" . LAN_NEWS_53 . "</a></li>\n\t\t\t</ul>\n\t\t\t<form method='post' action='" . e_SELF . "?" . e_QUERY . "' id='core-newspost-create-form' " . (FILE_UPLOADS ? "enctype='multipart/form-data'" : "") . " >\n\t\t\t\t<fieldset id='core-newspost-create'>\n\t\t\t\t\t<legend>" . LAN_NEWS_52 . "</legend>\n\t\t\t\t\t<table class='table adminform'>\n\t\t\t\t\t\t<colgroup>\n\t\t\t\t\t\t\t<col class='col-label' />\n\t\t\t\t\t\t\t<col class='col-control' />\n\t\t\t\t\t\t</colgroup>\n\t\t\t\t\t\t<tbody>\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td>" . NWSLAN_6 . ": </td>\n\t\t\t\t\t\t\t\t<td>\n\t\t";
if (!$this->news_categories) {
$text .= NWSLAN_10;
} else {
// $text .= $frm->selectbox("cat_id",$this->news_category,$_POST['cat_id']);
$text .= $frm->select_open('cat_id');
foreach ($this->news_categories as $row) {
$text .= $frm->option($tp->toHTML($row['category_name'], FALSE, "LINKTEXT"), $row['category_id'], varset($_POST['cat_id']) == $row['category_id']);
}
$text .= "</select>";
}
$text .= "\n\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td>" . NWSLAN_12 . ":</td>\n\t\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t<input type='text' name='news_title' value=\"" . $tp->post_toForm($_POST['news_title']) . "\" class='tbox' style='width:90%' required='required' />\n\t\t\t\t\t\t\t\t\t" . "\n\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t</tr>\n\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td>" . LAN_NEWS_27 . ":</td>\n\t\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t<input type='text' name='news_summary' value=\"" . $tp->post_toForm($_POST['news_summary']) . "\" class='tbox' style='width:90%' />\n\t\t\t\t\t\t\t\t\t" . "\n\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\n\t\t<tr>\n\t\t\t\t\t\t\t\t<td>" . LAN_TEMPLATE . ":</td>\n\t\t\t\t\t\t\t\t<td>\n\t\t";
//XXX multiple-selections at once. (comma separated) - working
$text .= $frm->selectbox('news_render_type', $this->news_renderTypes, $_POST['news_render_type'], "multiple=1", array(NWSLAN_74)) . "\n\t\t\t\t\t\t\t\t\t\t<div class='field-help'>\n\t\t\t\t\t\t\t\t\t\t\t" . NWSLAN_74 . "\n\t\t\t\t\t\t\t\t\t\t</div>\n\t\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t";
// -------- News Author ---------------------
$text .= "\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td>" . LAN_NEWS_50 . ":</td>\n\t\t\t\t\t\t\t\t<td>\n\t\t";
if (!getperms('0') && !check_class($pref['news_editauthor'])) {
$auth = $_POST['news_author'] ? intval($_POST['news_author']) : USERID;
$e107->sql->db_Select("user", "user_name", "user_id={$auth} LIMIT 1");
$row = $e107->sql->db_Fetch(MYSQL_ASSOC);
$text .= "<input type='hidden' name='news_author' value='" . $auth . chr(35) . $row['user_name'] . "' />";
$text .= "<a href='" . $e107->url->create('user/profile/view', 'name=' . $row['user_name'] . '&id=' . $_POST['news_author']) . "'>" . $row['user_name'] . "</a>";
} else {
$text .= $frm->select_open('news_author');
$qry = "SELECT user_id,user_name FROM #user WHERE user_perms = '0' OR user_perms = '0.' OR user_perms REGEXP('(^|,)(H)(,|\$)') ";
if ($pref['subnews_class'] && $pref['subnews_class'] != e_UC_GUEST && $pref['subnews_class'] != e_UC_NOBODY) {
if ($pref['subnews_class'] == e_UC_MEMBER) {
$qry .= " OR user_ban != 1";
} elseif ($pref['subnews_class'] == e_UC_ADMIN) {
$qry .= " OR user_admin = 1";
} else {
$qry .= " OR FIND_IN_SET(" . intval($pref['subnews_class']) . ", user_class) ";
}
}
$sql->db_Select_gen($qry);
while ($row = $sql->db_Fetch()) {
if ($_POST['news_author']) {
$sel = $_POST['news_author'] == $row['user_id'];
} else {
$sel = USERID == $row['user_id'];
}
$text .= $frm->option($row['user_name'], $row['user_id'] . chr(35) . $row['user_name'], $sel);
}
$text .= "</select>\n\t\t\t";
}
$text .= "</td></tr>\n";
// -----
$text .= "<tr>\n\t\t\t\t\t\n\t\t\t\t\t<td colspan='2'>\n";
$text .= "<div class='e-tabs'>\n\t\t<ul>\n\t\t\t<li><a href='#news-body-container'>" . NWSLAN_13 . "</a></li>\n\t\t\t<li><a href='#news-extended-container'>" . NWSLAN_14 . "</a></li>\n\t\t</ul>";
$val = strstr($tp->post_toForm($_POST['news_body']), "[img]http") ? $tp->post_toForm($_POST['news_body']) : str_replace("[img]../", "[img]", $tp->post_toForm($_POST['news_body']));
$text .= "<div id='news-body-container' class='e-tab'>";
$text .= $frm->bbarea('news_body', $val, 'news', 'news');
$text .= "</div><div id='news-extended-container' class='t-container'>";
$val = strstr($tp->post_toForm($_POST['news_extended']), "[img]http") ? $tp->post_toForm($_POST['news_extended']) : str_replace("[img]../", "[img]", $tp->post_toForm($_POST['news_extended']));
$text .= $frm->bbarea('news_extended', $val, 'extended', 'news', 'large');
$text .= "</div>\n\t\t\t</div></td></tr>";
//-----------
/*
$text .= "
<tr>
<td>".NWSLAN_13.":<br /></td>
<td>
";
$val = (strstr($tp->post_toForm($_POST['news_body']), "[img]http") ? $tp->post_toForm($_POST['news_body']) : str_replace("[img]../", "[img]", $tp->post_toForm($_POST['news_body'])));
$text .= $frm->bbarea('news_body', $val, 'news', 'helpb');
// Extended news form textarea
// Fixes Firefox issue with hidden wysiwyg textarea.
// XXX - WYSIWYG is already plugin, this should go
// if(defsettrue('e_WYSIWYG')) $ff_expand = "tinyMCE.execCommand('mceResetDesignMode')";
$val = (strstr($tp->post_toForm($_POST['news_extended']), "[img]http") ? $tp->post_toForm($_POST['news_extended']) : str_replace("[img]../", "[img]", $tp->post_toForm($_POST['news_extended'])));
$text .= "
</td>
</tr>
<tr>
<td>".NWSLAN_14.":</td>
<td>
".$frm->bbarea('news_extended', $val, 'extended', 'helpc')."
<!-- <div class='field-help'>".NWSLAN_83."</div> -->
</td>
</tr>";
/*
/*
$text .= "
<tr>
<td>".NWSLAN_66.":</td>
<td>";
$text .= $frm->mediaUrl('news', NWSLAN_69);
$text .= "
</td>
</tr>";
*/
$text .= "\n\t\n\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t<td>" . NWSLAN_67 . ":<br />\n\t\t\t\t\t\t\t\t\t\t" . $frm->help(LAN_NEWS_23) . "</td>\n\t\t\t\t\t\t\t\t\t\t<td>\n\t\t\t\t";
if (vartrue($_POST['news_thumbnail']) && $_POST['news_thumbnail'][0] != "{") {
$_POST['news_thumbnail'] = "{e_IMAGE}newspost_images/" . $_POST['news_thumbnail'];
}
$text .= $frm->imagepicker('news_thumbnail', $_POST['news_thumbnail'], '', 'news');
$text .= "\n\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t</tbody>\n\t\t\t\t\t</table>\n\t\t\t\t</fieldset>\n\t\t";
//BEGIN SEO block
$text .= "\n\t\t\t\t<fieldset id='core-newspost-seo'>\n\t\t\t\t\t<legend>SEO</legend>\n\t\t\t\t\t<table class='table adminform'>\n\t\t\t\t\t\t<colgroup>\n\t\t\t\t\t\t\t<col class='col-label' />\n\t\t\t\t\t\t\t<col class='col-control' />\n\t\t\t\t\t\t</colgroup>\n\t\t\t\t\t\t<tbody>\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td>Friendly URL string: </td>\n\t\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t\t" . $frm->text('news_sef', $tp->post_toForm($_POST['news_sef']), 255) . "\n\t\t\t\t\t\t\t\t\t<div class='field-help'>If left empty will be automatically created from current News Title based on your current <a href='" . e_ADMIN_ABS . "eurl.php?mode=main&action=settings' title='To URL settings area' rel='external'>URL settings</a></div>\n\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t</tr>\n\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td>" . LAN_KEYWORDS . ": </td>\n\t\t\t\t\t\t\t\t<td>" . $frm->tags('news_meta_keywords', $tp->post_toForm($_POST['news_meta_keywords']), 255) . "\n\t\t\t\t\t\t\t\t<div class='field-help'>Keywords/tags associated to associate with this news item</div>\n\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\n\t\t\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td>Meta description: </td>\n\t\t\t\t\t\t\t\t<td>" . $frm->textarea('news_meta_description', $tp->post_toForm($_POST['news_meta_description']), 7) . "</td>\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t</tbody>\n\t\t\t\t\t</table>\n\t\t\t\t</fieldset>\n\t\t";
//BEGIN Options block
$text .= "\n\t\t\t\t<fieldset id='core-newspost-edit-options'>\n\t\t\t\t\t<legend>" . LAN_NEWS_53 . "</legend>\n\t\t\t\t\t<table class='table adminform'>\n\t\t\t\t\t\t<colgroup>\n\t\t\t\t\t\t\t<col class='col-label' />\n\t\t\t\t\t\t\t<col class='col-control' />\n\t\t\t\t\t\t</colgroup>\n\t\t\t\t\t\t<tbody>\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td>" . NWSLAN_15 . ":</td>\n\t\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t\t" . $frm->radio('news_allow_comments', 0, !$_POST['news_allow_comments']) . "" . $frm->label(LAN_ENABLED, 'news_allow_comments', 0) . " \n\t\t\t\t\t\t\t\t\t" . $frm->radio('news_allow_comments', 1, $_POST['news_allow_comments']) . "" . $frm->label(LAN_DISABLED, 'news_allow_comments', 1) . "\n\t\t\t\t\t\t\t\t\t<div class='field-help'>\n\t\t\t\t\t\t\t\t\t\t" . NWSLAN_18 . "\n\t\t\t\t\t\t\t\t\t</div>\n\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td>" . NWSLAN_19 . ":</td>\n\t\t\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t\t\t<div class='field-spacer'>" . NWSLAN_21 . ":</div>\n\t\t\t\t\t\t\t\t\t\t<div class='field-spacer'>\n\t\t";
$text .= $frm->datepicker("news_start", $_POST['news_start'], "type=datetime");
$text .= " - ";
$text .= $frm->datepicker("news_end", $_POST['news_end'], "type=datetime");
$text .= "</div>\n\t\t\t\t\t\t\t\t\t\t<div class='field-help'>\n\t\t\t\t\t\t\t\t\t\t\t" . NWSLAN_72 . "\n\t\t\t\t\t\t\t\t\t\t</div>\n\t\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td>" . LAN_NEWS_32 . ":</td>\n\t\t\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t\t\t<div class='field-spacer'>\n\t\t";
$text .= $frm->datepicker("news_datestamp", $_POST['news_datestamp'], "type=datetime");
$text .= "</div>";
/*
$text .= "<div class='field-spacer'>
".$frm->checkbox('update_datestamp', '1', $_POST['update_datestamp']).$frm->label(NWSLAN_105, 'update_datestamp', '1')."
</div>
<div class='field-help'>
".LAN_NEWS_33."
</div>";
*/
$text .= "\n\t\t\t</td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t";
// --------------------- News Userclass ---------------------------
$text .= "\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td>" . NWSLAN_22 . ":</td>\n\t\t\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t\t\t" . $frm->uc_select('news_userclass[]', vartrue($_POST['news_class'], 0), 'nobody,public,guest,member,admin,classes,language', 'description=1&multiple=1') . "\n\t\t\t\t\t\t\t\t\t\t<div class='field-help'>\n\t\t\t\t\t\t\t\t\t\t\t" . NWSLAN_84 . "\n\t\t\t\t\t\t\t\t\t\t</div>\n\t\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td>" . LAN_NEWS_28 . ":</td>\n\t\t\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t\t\t" . $frm->checkbox('news_sticky', '1', $_POST['news_sticky']) . $frm->label(LAN_NEWS_29, 'news_sticky', '1') . "\n\t\t\t\t\t\t\t\t\t\t<div class='field-help'>\n\t\t\t\t\t\t\t\t\t\t\t" . LAN_NEWS_30 . "\n\t\t\t\t\t\t\t\t\t\t</div>\n\t\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t";
if ($pref['trackbackEnabled']) {
$text .= "\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td>" . LAN_NEWS_34 . ":</td>\n\t\t\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t\t\t<a class='e-pointer' onclick='expandit(this);'>" . LAN_NEWS_35 . "</a>\n\t\t\t\t\t\t\t\t\t\t<div class='e-hideme'>\n\t\t\t\t\t\t\t\t\t\t\t<div class='field-spacer'>\n\t\t\t\t\t\t\t\t\t\t\t\t<span class='smalltext'>" . LAN_NEWS_37 . "</span>\n\t\t\t\t\t\t\t\t\t\t\t</div>\n\t\t\t\t\t\t\t\t\t\t\t<div class='field-spacer'>\n\t\t\t\t\t\t\t\t\t\t\t\t<textarea class='tbox textarea' name='trackback_urls' style='width:95%' cols='80' rows='5'>" . $_POST['trackback_urls'] . "</textarea>\n\t\t\t\t\t\t\t\t\t\t\t</div>\n\t\t\t\t\t\t\t\t\t\t</div>\n\t\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t";
}
//triggerHook
$data = array('method' => 'form', 'table' => 'news', 'id' => $id, 'plugin' => 'news', 'function' => 'create_item');
$hooks = e107::getEvent()->triggerHook($data);
if (!empty($hooks)) {
$text .= "\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td colspan='2' >" . LAN_HOOKS . " </td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t";
foreach ($hooks as $hook) {
if (!empty($hook)) {
$text .= "\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td>" . $hook['caption'] . "</td>\n\t\t\t\t\t\t\t\t\t<td>" . $hook['text'] . "</td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t";
}
}
}
$text .= "\n\t\t\t\t\t\t</tbody>\n\t\t\t\t\t</table>\n\t\t\t\t</fieldset>\n\t\t\t\t<div class='buttons-bar center'>\n\t\t\t\t\t" . $frm->admin_button('preview', isset($_POST['preview']) ? NWSLAN_24 : NWSLAN_27, 'other') . "\n\t\t\t\t\t" . $frm->admin_button('submit_news', $id && $sub_action != "sn" && $sub_action != "upload" ? NWSLAN_25 : NWSLAN_26, 'update') . "\n\t\t\t\t\t" . $frm->checkbox('create_edit_stay', 1, isset($_POST['create_edit_stay'])) . $frm->label(LAN_NEWS_54, 'create_edit_stay', 1) . "\n\t\t\t\t\t<input type='hidden' name='news_id' value='{$id}' />\n\t\t\t\t</div>\n\t\t\t</form>\n\t\t</div>\n\n\t\t";
$emessage = eMessage::getInstance();
echo $emessage->render() . $text;
// $e107->ns->tablerender($this->getSubAction() == 'edit' ? NWSLAN_29a : NWSLAN_29, $emessage->render().$text);
}
/**
* Define e_PAGE, e_SELF, e_ADMIN_AREA and USER_AREA;
* The following files are assumed to use admin theme:
* 1. Any file in the admin directory (check for non-plugin added to avoid mismatches)
* 2. any plugin file starting with 'admin_'
* 3. any plugin file in a folder called admin/
* 4. any file that specifies $eplug_admin = TRUE; or ADMIN_AREA = TRUE;
* NOTE: USER_AREA = true; will force e_ADMIN_AREA to FALSE
*
* @param boolean $no_cbrace remove curly brackets from the url
* @return e107
*/
public function set_urls($no_cbrace = true)
{
//global $PLUGINS_DIRECTORY,$ADMIN_DIRECTORY, $eplug_admin;
$PLUGINS_DIRECTORY = $this->getFolder('plugins');
$ADMIN_DIRECTORY = $this->getFolder('admin');
// Outdated
/*$requestQry = '';
$requestUrl = $_SERVER['REQUEST_URI'];
if(strpos($_SERVER['REQUEST_URI'], '?') !== FALSE)
list($requestUrl, $requestQry) = explode("?", $_SERVER['REQUEST_URI'], 2); */
$eplug_admin = vartrue($GLOBALS['eplug_admin'], false);
// Leave e_SELF BC, use e_REQUEST_SELF instead
/*// moved after page check - e_PAGE is important for BC
if($requestUrl && $requestUrl != $_SERVER['PHP_SELF'])
{
$_SERVER['PHP_SELF'] = $requestUrl;
}*/
$eSelf = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_FILENAME'];
$_self = $this->HTTP_SCHEME . '://' . $_SERVER['HTTP_HOST'] . $eSelf;
if (!deftrue('e_SINGLE_ENTRY')) {
$page = substr(strrchr($_SERVER['PHP_SELF'], '/'), 1);
define('e_PAGE', $page);
define('e_SELF', $_self);
}
// START New - request uri/url detection, XSS protection
// TODO - move it to a separate method
$requestUri = $requestUrl = '';
if (isset($_SERVER['HTTP_X_REWRITE_URL'])) {
// check this first so IIS will catch
$requestUri = $_SERVER['HTTP_X_REWRITE_URL'];
$requestUrl = $this->HTTP_SCHEME . '://' . $_SERVER['HTTP_HOST'] . $requestUri;
// fix request uri
$_SERVER['REQUEST_URI'] = $requestUri;
} elseif (isset($_SERVER['REQUEST_URI'])) {
$requestUri = $_SERVER['REQUEST_URI'];
$requestUrl = $this->HTTP_SCHEME . '://' . $_SERVER['HTTP_HOST'] . $requestUri;
} else {
// go back to e_SELF
$requestUri = $eSelf;
$requestUrl = $_self;
if (e_QUERY) {
$requestUri .= '?' . e_QUERY;
// TODO e_SINGLE_ENTRY check, separate static method for cleaning QUERY_STRING
$requestUrl .= '?' . e_QUERY;
}
}
// FIXME - basic security - add url sanitize method to e_parse
$check = rawurldecode($requestUri);
// urlencoded by default
// a bit aggressive XSS protection... convert to e.g. htmlentities if you are not a bad guy
$checkregx = $no_cbrace ? '[<>\\{\\}]' : '[<>]';
if (preg_match('/' . $checkregx . '/', $check)) {
header('HTTP/1.1 403 Forbidden');
exit;
}
// e_MENU fix
if (e_MENU) {
$requestUri = str_replace('[' . e_MENU . ']', '', $requestUri);
$requestUrl = str_replace('[' . e_MENU . ']', '', $requestUrl);
}
// the last anti-XSS measure, XHTML compliant URL to be used in forms instead e_SELF
define('e_REQUEST_URL', str_replace(array("'", '"'), array('%27', '%22'), $requestUrl));
// full request url string (including domain)
define('e_REQUEST_SELF', array_shift(explode('?', e_REQUEST_URL)));
// full URL without the QUERY string
define('e_REQUEST_URI', str_replace(array("'", '"'), array('%27', '%22'), $requestUri));
// absolute http path + query string
define('e_REQUEST_HTTP', array_shift(explode('?', e_REQUEST_URI)));
// SELF URL without the QUERY string and leading domain part
unset($requestUrl, $requestUri);
// END request uri/url detection, XSS protection
// e_SELF has the full HTML path
$inAdminDir = FALSE;
$isPluginDir = strpos($_self, '/' . $PLUGINS_DIRECTORY) !== FALSE;
// True if we're in a plugin
$e107Path = str_replace($this->base_path, '', $_self);
// Knock off the initial bits
if (!$isPluginDir && strpos($e107Path, $ADMIN_DIRECTORY) === 0 || $isPluginDir && (strpos(e_PAGE, '_admin.php') !== false || strpos(e_PAGE, 'admin_') === 0 || strpos($e107Path, 'admin/') !== FALSE) || (varsettrue($eplug_admin) || defsettrue('ADMIN_AREA'))) {
$inAdminDir = TRUE;
}
if ($isPluginDir) {
$temp = substr($e107Path, strpos($e107Path, '/') + 1);
$plugDir = substr($temp, 0, strpos($temp, '/'));
define('e_CURRENT_PLUGIN', $plugDir);
define('e_PLUGIN_DIR', e_PLUGIN . e_CURRENT_PLUGIN . '/');
define('e_PLUGIN_DIR_ABS', e_PLUGIN_ABS . e_CURRENT_PLUGIN . '/');
} else {
define('e_CURRENT_PLUGIN', '');
define('e_PLUGIN_DIR', '');
define('e_PLUGIN_DIR_ABS', '');
}
// This should avoid further checks - NOTE: used in js_manager.php
if (!defined('e_ADMIN_AREA')) {
define('e_ADMIN_AREA', $inAdminDir && !deftrue('USER_AREA'));
//Force USER_AREA added
}
define('ADMINDIR', $ADMIN_DIRECTORY);
define('SITEURLBASE', $this->HTTP_SCHEME . '://' . $_SERVER['HTTP_HOST']);
define('SITEURL', SITEURLBASE . e_HTTP);
// login/signup
define('e_SIGNUP', SITEURL . (file_exists(e_BASE . 'customsignup.php') ? 'customsignup.php' : 'signup.php'));
if (!defined('e_LOGIN')) {
define('e_LOGIN', SITEURL . (file_exists(e_BASE . 'customlogin.php') ? 'customlogin.php' : 'login.php'));
}
return $this;
}
function sc_bb_preimagedir($parm)
{
if (defsettrue('e_WYSIWYG')) {
return;
}
global $bbcode_imagedir;
$bbcode_imagedir = $parm;
return;
}
//echo "<link rel='stylesheet' href='".e_FILE_ABS."e107.css' type='text/css' />\n";
$e_js->otherCSS('{e_WEB_CSS}e107.css');
}
// Register Plugin specific CSS
// DEPRECATED, use $e_js->pluginCSS('myplug', 'style/myplug.css'[, $media = 'all|screen|...']);
if (isset($eplug_css) && $eplug_css) {
if (!is_array($eplug_css)) {
$eplug_css = array($eplug_css);
}
foreach ($eplug_css as $kcss) {
// echo ($kcss[0] == "<") ? $kcss : "<link rel='stylesheet' href='{$kcss}' type='text/css' />\n";
$e_js->otherCSS($kcss);
}
}
//NEW - Iframe mod
if (!defsettrue('e_IFRAME') && isset($pref['admincss']) && $pref['admincss']) {
$css_file = file_exists(THEME . 'admin_' . $pref['admincss']) ? 'admin_' . $pref['admincss'] : $pref['admincss'];
//echo "<link rel='stylesheet' href='".$css_file."' type='text/css' />\n";
$e_js->themeCSS($css_file);
} elseif (isset($pref['themecss']) && $pref['themecss']) {
$css_file = file_exists(THEME . 'admin_' . $pref['themecss']) ? 'admin_' . $pref['themecss'] : $pref['themecss'];
//echo "<link rel='stylesheet' href='".$css_file."' type='text/css' />\n";
$e_js->themeCSS($css_file);
} else {
$css_file = file_exists(THEME . 'admin_style.css') ? 'admin_style.css' : 'style.css';
//echo "<link rel='stylesheet' href='".$css_file."' type='text/css' />\n";
$e_js->themeCSS($css_file);
}
// FIXME: TEXTDIRECTION compatibility CSS (marj?)
// TODO: probably better to externalise along with some other things above
// possibility to overwrite some CSS definition according to TEXTDIRECTION
/**
* Get type title (multi-language)
*
* @param string $type
* @param string $message_stack
* @return string title
*/
public static function getTitle($type, $message_stack = 'default')
{
if ($message_stack && $message_stack != 'default' && defined('EMESSLAN_TITLE_' . strtoupper($type . '_' . $message_stack))) {
return constant('EMESSLAN_TITLE_' . strtoupper($type . '_' . $message_stack));
}
return defsettrue('EMESSLAN_TITLE_' . strtoupper($type), '');
}
/**
* Core CSF protection, see class2.php
* Could be adopted by plugins for their own (different) protection logic
* @param boolean $die
* @return boolean
*/
public function check($die = true)
{
// define('e_TOKEN_NAME', 'e107_token_'.md5($_SERVER['HTTP_HOST'].e_HTTP));
// TODO e-token required for all system forms?
// only if not disabled and not in 'cli' mod
if (e_SECURITY_LEVEL < e_session::SECURITY_LEVEL_BALANCED || e107::getE107('cli')) {
return true;
}
if ($this->getSessionId()) {
if (isset($_POST['e-token']) && !$this->checkFormToken($_POST['e-token']) || isset($_GET['e-token']) && !$this->checkFormToken($_GET['e-token'])) {
if (defsettrue('e_DEBUG')) {
$details = "HOST: " . $_SERVER['HTTP_HOST'] . "\n";
$details .= "REQUEST_URI: " . $_SERVER['REQUEST_URI'] . "\n";
$details .= "_SESSION:\n";
$details .= print_r($_SESSION, true);
$details .= "\n_POST:\n";
$details .= print_r($_POST, true);
$details .= "\n_GET:\n";
$details .= print_r($_GET, true);
$details .= "\nPlugins:\n";
$details .= print_r($pref['plug_installed'], true);
e107::getAdminLog()->log_event('Unauthorized access!', $details, E_LOG_FATAL);
}
// do not redirect, prevent dead loop, save server resources
if ($die) {
die('Unauthorized access!');
}
return false;
}
}
if (!defined('e_TOKEN')) {
// FREEZE token regeneration if minimal, ajax or iframe (ajax and iframe not implemented yet) request
$_toFreeze = e107::getE107('minimal') || e107::getE107('ajax') || e107::getE107('iframe');
if (!defined('e_TOKEN_FREEZE') && $_toFreeze) {
define('e_TOKEN_FREEZE', true);
}
// __form_token_regenerate set in footer, so if footer is not called, token will be never regenerated!
if (e_SECURITY_LEVEL == e_session::SECURITY_LEVEL_INSANE && !deftrue('e_TOKEN_FREEZE') && $this->has('__form_token_regenerate')) {
$this->_regenerateFormToken()->clear('__form_token_regenerate');
}
define('e_TOKEN', $this->getFormToken());
}
return true;
}
/**
* Get current theme name
*
* @return string
*/
public function getCurrentTheme()
{
// XXX - USERTHEME is defined only on user session init
return $this->isInAdmin() ? e107::getPref('admintheme') : defsettrue('USERTHEME', e107::getPref('sitetheme'));
}