function output_form_start($f, $show_id, $show_token, $errors, $method, $fileupload, $params, $style)
{
$form_id_input = '';
$form_id_input .= $show_id ? '<input type="hidden" name="form_id" value="' . $f . '"/>' : '';
$form_id_input .= $show_token ? '<input type="hidden" name="_t" value="' . form_token() . '"/>' : '';
include "tpl_form_start_{$style}.php";
}
/**
* 做一个login
*/
public function login()
{
if (IS_AJAX && 'submit' == I('post.submit')) {
//login 操作
$username = I('post.username');
$userpass = I('post.userpass');
//表单令牌
if (token_check() == false) {
printJson(array('tk' => form_token()), 1, '请求超时,请重试');
}
$mod = Factory::getModel('bt_user');
$where = sprintf("username='******' AND deleted=0", $username);
$row = $mod->field('id,userpass,salt')->where($where)->find();
if (empty($row)) {
printJson(array('tk' => form_token()), 1, '账号不存在');
}
if ($row['userpass'] != md5($userpass . $row['salt'])) {
printJson(array('tk' => form_token()), 1, '账号或者密码不正确');
}
$row['username'] = $username;
session_regenerate_id();
$user_cls = load_class('UserModel');
$user_cls->setSessionUser($row);
printJson(1);
}
$turl = urldecode(I('get.url', url('DiskTop', 'index')));
$this->assign('turl', $turl);
$this->display();
}
function form_validate()
{
global $mybb;
$t = form_token();
if ($t != $_POST['_t']) {
error_page('Sorry, the form you submitted was invalid. Please try again.');
}
}
/**
* Hooks to article saving process and updates short URLs
*/
public static function update()
{
global $prefs;
if (empty($prefs['rah_bitly_login']) || empty($prefs['rah_bitly_apikey']) || empty($prefs['rah_bitly_field'])) {
return;
}
static $old = array();
static $updated = false;
$id = !empty($GLOBALS['ID']) ? $GLOBALS['ID'] : ps('ID');
if (!$id || ps('_txp_token') != form_token() || intval(ps('Status')) < 4) {
$old = array('permlink' => NULL, 'status' => NULL);
return;
}
include_once txpath . '/publish/taghandlers.php';
/*
Get the old article permlink before anything is saved
*/
if (!$old) {
$old = array('permlink' => permlinkurl_id($id), 'status' => fetch('Status', 'textpattern', 'ID', $id));
return;
}
/*
Clear the permlink cache
*/
unset($GLOBALS['permlinks'][$id]);
/*
Generate a new if permlink has changed or if article is published
*/
if (callback_event('rah_bitly.update') !== '') {
return;
}
if ($updated == false && ($permlink = permlinkurl_id($id)) && ($old['permlink'] != $permlink || !ps('custom_' . $prefs['rah_bitly_field']) || $old['status'] != ps('Status'))) {
$uri = self::fetch($permlink);
if ($uri) {
$fields = getCustomFields();
if (!isset($fields[$prefs['rah_bitly_field']])) {
return;
}
safe_update('textpattern', 'custom_' . intval($prefs['rah_bitly_field']) . "='" . doSlash($uri) . "'", "ID='" . doSlash($id) . "'");
$_POST['custom_' . $prefs['rah_bitly_field']] = $uri;
}
$updated = true;
}
if (!empty($uri)) {
echo script_js('$(\'input[name="custom_' . $prefs['rah_bitly_field'] . '"]\').val("' . escape_js($uri) . '");');
}
}
/**
* Form Open
*
* Create the form open tag as well as any hidden inputs. Also implements CSRF.
*
* @param string The action attribute
* @param string A string of extra attributes
* @param array An array of hidden elements
* @param bool If CSRF should be enabled
* @return string The form element and any hidden inputs
*/
function form_open($action = '', $attributes = '', $hidden = array(), $csrf_enabled = TRUE)
{
$_ci =& get_instance();
$_ci->load->library('form_validation');
if ($attributes == '') {
$attributes = 'method="post"';
}
$action = strpos($action, '://') === FALSE ? $_ci->config->site_url($action) : $action;
$form = '<form action="' . $action . '"';
$form .= _attributes_to_string($attributes, TRUE);
$form .= '>';
if (is_array($hidden) && count($hidden) > 0) {
$form .= form_hidden($hidden);
}
if ($csrf_enabled) {
$form .= form_token();
}
return $form;
}
/**
* Render a link invoking an admin-side "add" action while taking up to two additional URL parameters.
*
* @param string $event Event
* @param string $step Step
* @param string $thing URL parameter key #1
* @param string $value URL parameter value #1
* @param string $thing2 URL parameter key #2
* @param string $value2 URL parameter value #2
* @return string HTML
*/
function aLink($event, $step, $thing, $value, $thing2, $value2)
{
$o = '<a href="?event=' . $event . a . 'step=' . $step . a . '_txp_token=' . form_token() . a . $thing . '=' . urlencode($value) . a . $thing2 . '=' . urlencode($value2) . '"';
$o .= ' class="alink">+</a>';
return $o;
}
" lang="<?php
echo LANG;
?>
" dir="<?php
echo txpspecialchars(gTxt('lang_dir'));
?>
">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><?php
echo gTxt('build');
?>
| Textpattern CMS</title>
<script type="text/javascript" src="jquery.js"></script>
<?php
echo script_js('var textpattern = {event: "' . txpspecialchars($event) . '", step: "' . txpspecialchars($step) . '", _txp_token: "' . txpspecialchars(form_token()) . '"};');
?>
<?php
echo $theme->html_head();
?>
</head>
<body id="tag-event">
<?php
$tag_name = gps('tag_name');
$functname = 'tag_' . $tag_name;
if (function_exists($functname)) {
$endform = n . tr(td() . td(fInput('submit', '', gTxt('build')))) . n . endTable() . n . eInput('tag') . n . sInput('build') . n . hInput('tag_name', $tag_name);
echo $functname($tag_name);
}
?>
/**
* Renders a widget to select various amounts to page lists by.
*
* The rendered options can be changed via a '{$event}_ui > pageby_values'
* callback event.
*
* @param string $event Event
* @param int $val Current setting
* @param string|null $step Step
* @return string HTML
*/
function pageby_form($event, $val, $step = null)
{
$vals = array(15, 25, 50, 100);
callback_event_ref($event . '_ui', 'pageby_values', 0, $vals);
if ($step === null) {
$step = $event . '_change_pageby';
}
$out = array();
foreach ($vals as $qty) {
if ($qty == $val) {
$class = 'navlink-active';
$aria_pressed = 'true';
} else {
$class = 'navlink';
$aria_pressed = 'false';
}
$out[] = href($qty, array('event' => $event, 'step' => $step, 'qty' => $qty, '_txp_token' => form_token()), array('class' => $class, 'title' => gTxt('view_per_page', array('{page}' => $qty)), 'aria-pressed' => $aria_pressed, 'role' => 'button'));
}
return graf(join('', $out), array('class' => 'nav-tertiary pageby'));
}
?>
<!DOCTYPE html>
<html lang="<?php
echo LANG;
?>
" dir="<?php
echo txpspecialchars(gTxt('lang_dir'));
?>
">
<head>
<meta charset="utf-8">
<title><?php
echo gTxt('build');
?>
| Textpattern CMS</title><?php
echo script_js('vendors/jquery/jquery/jquery.js', TEXTPATTERN_SCRIPT_URL) . script_js('vendors/jquery/ui/js/jquery-ui.js', TEXTPATTERN_SCRIPT_URL) . script_js('//code.jquery.com/jquery-migrate-1.2.1.js', TEXTPATTERN_SCRIPT_URL) . script_js('var textpattern = ' . json_encode(array('event' => $event, 'step' => $step, '_txp_token' => form_token(), 'textarray' => (object) null)) . ';') . script_js('textpattern.js', TEXTPATTERN_SCRIPT_URL) . n;
// Mandatory un-themable Textpattern core styles
echo $theme->html_head();
?>
</head>
<body id="tag-event">
<?php
echo Txp::get('Textpattern_Tag_BuilderTags')->renderTagHelp(gps('tag_name'));
?>
</body>
</html>
<?php
/**
* Collection of tag builder functions.
*
* @package Admin\Tag
function smd_ebook_buttons($curr = 'mgr')
{
global $smd_ebook_event;
$ret = array('btnMgr' => sLink($smd_ebook_event, '', gTxt('smd_ebook_lbl_mgr'), 'navlink' . ($curr === 'mgr' ? ' smd_active' : '')), 'btnPrf' => sLink($smd_ebook_event, 'smd_ebook_prefs', gTxt('smd_ebook_lbl_prf'), 'navlink' . ($curr === 'prf' ? ' smd_active' : '')), 'btnCln' => sLink($smd_ebook_event, 'smd_ebook_tidy', gTxt('smd_ebook_lbl_cln'), 'navlink' . ($curr === 'cln' ? ' smd_active' : '')), 'btnTst' => href(gTxt('smd_ebook_lbl_tst'), 'index.php?event=' . $smd_ebook_event . a . 'step=smd_ebook_test' . a . '_txp_token=' . form_token(), ' class="navlink"'));
return $ret;
}
/**
* Validates a token.
*
* @return bool
*/
protected function valid_token()
{
$args = func_get_args();
return ps('token') === md5(join('', $args) . ps('origin') . form_token() . get_pref('blog_uid'));
}
function bouncer($step, $steps)
{
global $event;
if (empty($step)) {
return true;
}
// Validate step
if (!array_key_exists($step, $steps)) {
return false;
}
// Does this step require a token?
if (!$steps[$step]) {
return true;
}
// Validate token
if (gps('_txp_token') == form_token()) {
return true;
}
// This place ain't no good for you, son.
die(gTxt('get_off_my_lawn', array('{event}' => $event, '{step}' => $step)));
}
/**
* Renders the list of preferences.
*
* Plugins may add their own prefs, for example by using plugin lifecycle events
* or raising a (pre) callback on event=admin / step=prefs_list so they are
* installed or updated when accessing the Preferences panel. Access to the
* prefs can be controlled by using add_privs() on 'prefs.your-prefs-event-name'.
*
* @param string $message The feedback / error string to display
*/
function prefs_list($message = '')
{
global $prefs, $txp_user;
extract($prefs);
pagetop(gTxt('tab_preferences'), $message);
$locale = setlocale(LC_ALL, $locale);
echo n . '<form class="prefs-form" id="prefs_form" method="post" action="index.php">';
// TODO: remove 'custom' when custom fields are refactored.
$core_events = array('site', 'admin', 'publish', 'feeds', 'comments', 'custom');
$joined_core = join(',', quote_list($core_events));
$sql = array();
$sql[] = 'prefs_id = 1 and event != "" and type in(' . PREF_CORE . ', ' . PREF_PLUGIN . ')';
$sql[] = "(user_name = '' OR (user_name = '" . doSlash($txp_user) . "' AND name NOT IN (\n SELECT name FROM " . safe_pfx('txp_prefs') . " WHERE user_name = ''\n )))";
if (!get_pref('use_comments', 1, 1)) {
$sql[] = "event != 'comments'";
}
$rs = safe_rows_start("*, FIELD(event, {$joined_core}) AS sort_value", 'txp_prefs', join(" AND ", $sql) . " ORDER BY sort_value = 0, sort_value, event, position");
$last_event = null;
$out = array();
$build = array();
$groupOut = array();
if (numRows($rs)) {
while ($a = nextRow($rs)) {
if (!has_privs('prefs.' . $a['event'])) {
continue;
}
if ($a['event'] !== $last_event) {
if ($last_event !== null) {
$build[] = tag(hed(gTxt($last_event), 2, array('id' => 'prefs_group_' . $last_event . '-label')) . join(n, $out), 'section', array('class' => 'txp-prefs-group', 'id' => 'prefs_group_' . $last_event, 'aria-labelledby' => 'prefs_group_' . $last_event . '-label'));
$groupOut[] = n . tag(href(gTxt($last_event), '#prefs_group_' . $last_event, array('data-txp-pane' => $last_event, 'data-txp-token' => form_token())), 'li');
}
$last_event = $a['event'];
$out = array();
}
$label = '';
if (!in_array($a['html'], array('yesnoradio', 'is_dst'))) {
$label = $a['name'];
}
// TODO: remove exception when custom fields move to meta store.
$help = '';
if (strpos($a['name'], 'custom_') === false) {
$help = $a['name'];
}
if ($a['html'] == 'text_input') {
$size = INPUT_REGULAR;
} else {
$size = '';
}
$out[] = inputLabel($a['name'], pref_func($a['html'], $a['name'], $a['val'], $size), $label, $help, array('class' => 'txp-form-field', 'id' => 'prefs-' . $a['name']));
}
}
if ($last_event === null) {
echo graf(gTxt('no_preferences'));
} else {
$build[] = tag(hed(gTxt($last_event), 2, array('id' => 'prefs_group_' . $last_event . '-label')) . join(n, $out), 'section', array('class' => 'txp-prefs-group', 'id' => 'prefs_group_' . $last_event, 'aria-labelledby' => 'prefs_group_' . $last_event . '-label'));
$groupOut[] = n . tag(href(gTxt($last_event), '#prefs_group_' . $last_event, array('data-txp-pane' => $last_event, 'data-txp-token' => form_token())), 'li') . n;
echo hed(gTxt('tab_preferences'), 1, array('class' => 'txp-heading')) . n . '<div class="txp-layout-4col-cell-1alt">' . wrapGroup('all_preferences', n . tag(join($groupOut), 'ul', array('class' => 'switcher-list')), 'all_preferences');
if ($last_event !== null) {
echo graf(fInput('submit', 'Submit', gTxt('save'), 'publish'), array('class' => 'txp-save'));
}
echo n . '</div>' . n . '<div class="txp-layout-4col-cell-2-3-4">' . join(n, $build) . n . '</div>' . sInput('prefs_save') . eInput('prefs') . hInput('prefs_id', '1') . tInput();
}
echo n . '</form>';
}
function status_link($status, $name, $linktext)
{
$out = '<a href="index.php?';
$out .= 'event=plugin&step=switch_status&status=' . $status . '&name=' . urlencode($name) . '&_txp_token=' . form_token() . '"';
$out .= '>' . $linktext . '</a>';
return $out;
}
/**
* Option to sync.
*
* @return bool
*/
function rah_blobin_sync()
{
global $event, $step;
if (has_privs('rah_blobin_sync')) {
return href(gTxt('rah_blobin_sync_now'), array('event' => $event, 'step' => $step, 'rah_blobin_sync' => 1, '_txp_token' => form_token()), array('class' => 'navlink'));
} else {
return span(gTxt('rah_blobin_sync_now'), array('class' => 'navlink-disabled'));
}
}
function pagetop($pagetitle, $message = "")
{
global $siteurl, $sitename, $txp_user, $event, $step, $app_mode, $theme;
if ($app_mode == 'async') {
return;
}
$area = gps('area');
$event = !$event ? 'article' : $event;
$bm = gps('bm');
$privs = safe_field("privs", "txp_users", "name = '" . doSlash($txp_user) . "'");
$GLOBALS['privs'] = $privs;
$areas = areas();
$area = false;
foreach ($areas as $k => $v) {
if (in_array($event, $v)) {
$area = $k;
break;
}
}
if (gps('logout')) {
$body_id = 'page-logout';
} elseif (!$txp_user) {
$body_id = 'page-login';
} else {
$body_id = 'page-' . htmlspecialchars($event);
}
header(pluggable_ui('admin_side', 'x_frame_options', 'X-Frame-Options: SAMEORIGIN'));
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php
echo LANG;
?>
" lang="<?php
echo LANG;
?>
" dir="<?php
echo gTxt('lang_dir');
?>
">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="noindex, nofollow" />
<title>Txp › <?php
echo htmlspecialchars($sitename);
?>
› <?php
echo escape_title($pagetitle);
?>
</title>
<script src="jquery.js" type="text/javascript"></script>
<?php
echo script_js('var textpattern = {event: "' . htmlspecialchars($event) . '", step: "' . htmlspecialchars($step) . '", _txp_token: "' . htmlspecialchars(form_token()) . '"};');
?>
<script type="text/javascript" src="textpattern.js"></script>
<script type="text/javascript">
<!--
var cookieEnabled = checkCookies();
if (!cookieEnabled)
{
confirm('<?php
echo trim(gTxt('cookies_must_be_enabled'));
?>
');
}
<?php
$edit = array();
if ($event == 'list') {
$rs = safe_column('name', 'txp_section', "name != 'default'");
$edit['section'] = $rs ? selectInput('Section', $rs, '', true) : '';
$rs = getTree('root', 'article');
$edit['category1'] = $rs ? treeSelectInput('Category1', $rs, '') : '';
$edit['category2'] = $rs ? treeSelectInput('Category2', $rs, '') : '';
$edit['comments'] = onoffRadio('Annotate', safe_field('val', 'txp_prefs', "name = 'comments_on_default'"));
$edit['status'] = selectInput('Status', array(1 => gTxt('draft'), 2 => gTxt('hidden'), 3 => gTxt('pending'), 4 => gTxt('live'), 5 => gTxt('sticky')), '', true);
$rs = safe_column('name', 'txp_users', "privs not in(0,6) order by name asc");
$edit['author'] = $rs ? selectInput('AuthorID', $rs, '', true) : '';
}
if (in_array($event, array('image', 'file', 'link'))) {
$rs = getTree('root', $event);
$edit['category'] = $rs ? treeSelectInput('category', $rs, '') : '';
$rs = safe_column('name', 'txp_users', "privs not in(0,6) order by name asc");
$edit['author'] = $rs ? selectInput('author', $rs, '', true) : '';
}
if ($event == 'plugin') {
$edit['order'] = selectInput('order', array(1 => 1, 2 => 2, 3 => 3, 4 => 4, 5 => 5, 6 => 6, 7 => 7, 8 => 8, 9 => 9), 5, false);
}
if ($event == 'admin') {
$edit['privilege'] = privs();
$rs = safe_column('name', 'txp_users', '1=1');
$edit_assign_assets = $rs ? selectInput('assign_assets', $rs, '', true) : '';
}
// output JavaScript
?>
function poweredit(elm)
{
var something = elm.options[elm.selectedIndex].value;
// Add another chunk of HTML
var pjs = document.getElementById('js');
if (pjs == null)
{
var br = document.createElement('br');
elm.parentNode.appendChild(br);
pjs = document.createElement('P');
pjs.setAttribute('id','js');
elm.parentNode.appendChild(pjs);
}
if (pjs.style.display == 'none' || pjs.style.display == '')
{
pjs.style.display = 'block';
}
if (something != '')
{
switch (something)
{
<?php
foreach ($edit as $key => $val) {
echo "case 'change" . $key . "':" . n . t . "pjs.innerHTML = '<span>" . str_replace(array("\n", '-'), array('', '-'), str_replace('</', '<\\/', addslashes($val))) . "<\\/span>';" . n . t . 'break;' . n . n;
}
if (isset($edit_assign_assets)) {
echo "case 'delete':" . n . t . "pjs.innerHTML = '<label for=\"assign_assets\">" . addslashes(gTxt('assign_assets_to')) . "</label><span>" . str_replace(array("\n", '-'), array('', '-'), str_replace('</', '<\\/', addslashes($edit_assign_assets))) . "<\\/span>';" . n . t . 'break;' . n . n;
}
?>
default:
pjs.style.display = 'none';
break;
}
}
return false;
}
addEvent(window, 'load', cleanSelects);
-->
</script>
<?php
echo $theme->html_head();
callback_event('admin_side', 'head_end');
?>
</head>
<body id="<?php
echo $body_id;
?>
" class="<?php
echo $area;
?>
">
<?php
callback_event('admin_side', 'pagetop');
$theme->set_state($area, $event, $bm, $message);
echo pluggable_ui('admin_side', 'header', $theme->header());
callback_event('admin_side', 'pagetop_end');
}
function ipban_list($message = '')
{
global $event;
pageTop(gTxt('list_banned_ips'), $message);
echo hed(gTxt('banned_ips'), 1, array('class' => 'txp-heading'));
echo n . '<div id="' . $event . '_banned_control" class="txp-control-panel">' . graf(sLink('discuss', 'discuss_list', gTxt('list_discussions')), ' class="txp-buttons"') . n . '</div>';
$rs = safe_rows_start('*, unix_timestamp(date_banned) as uBanned', 'txp_discuss_ipban', "1 = 1 order by date_banned desc");
if ($rs and numRows($rs) > 0) {
echo n . tag_start('div', array('id' => $event . '_ban_container', 'class' => 'txp-container')) . n . tag_start('div', array('class' => 'txp-listtables')) . n . tag_start('table', array('class' => 'txp-list')) . n . tag_start('thead') . tr(hCell(gTxt('date_banned'), '', ' scope="col" class="txp-list-col-banned date"') . hCell(gTxt('IP'), '', ' scope="col" class="txp-list-col-ip"') . hCell(gTxt('name_used'), '', ' scope="col" class="txp-list-col-name"') . hCell(gTxt('banned_for'), '', ' scope="col" class="txp-list-col-id"')) . n . tag_end('thead') . n . tag_start('tbody');
while ($a = nextRow($rs)) {
extract($a);
echo tr(hCell(gTime($uBanned), '', ' scope="row" class="txp-list-col-banned date"') . td(txpspecialchars($ip) . sp . span('[', array('aria-hidden' => 'true')) . href(gTxt('unban'), array('event' => 'discuss', 'step' => 'ipban_unban', 'ip' => $ip, '_txp_token' => form_token()), array('class' => 'action-ban')) . span(']', array('aria-hidden' => 'true')), '', 'txp-list-col-ip') . td(txpspecialchars($name_used), '', 'txp-list-col-name') . td(href($banned_on_message, '?event=discuss' . a . 'step=discuss_edit' . a . 'discussid=' . $banned_on_message), '', 'txp-list-col-id'));
}
echo n . tag_end('tbody') . n . tag_end('table') . n . tag_end('div') . n . tag_end('div');
} else {
echo graf(gTxt('no_ips_banned'), ' class="indicator"');
}
}
function ipban_list($message = '')
{
global $event;
pageTop(gTxt('list_banned_ips'), $message);
$rs = safe_rows_start('*, unix_timestamp(date_banned) as uBanned', 'txp_discuss_ipban', "1 = 1 order by date_banned desc");
if ($rs and numRows($rs) > 0) {
echo '<div id="' . $event . '_ban_container" class="txp-container txp-list">' . startTable('list', '', 'list') . n . '<thead>' . tr(hCell(gTxt('date_banned'), '', ' class="date banned"') . hCell(gTxt('IP'), '', ' class="ip"') . hCell(gTxt('name_used'), '', ' class="name"') . hCell(gTxt('banned_for'), '', ' class="id"') . hCell('', '', ' class="actions"')) . n . '</thead>';
echo '<tbody>';
$ctr = 1;
while ($a = nextRow($rs)) {
extract($a);
echo tr(td(safe_strftime('%d %b %Y %I:%M %p', $uBanned), 100, 'date banned') . td($ip, 100, 'ip') . td($name_used, 100, 'name') . td('<a href="?event=discuss' . a . 'step=discuss_edit' . a . 'discussid=' . $banned_on_message . '">' . $banned_on_message . '</a>', 100, 'id') . td('<a class="action-ban" href="?event=discuss' . a . 'step=ipban_unban' . a . 'ip=' . $ip . a . '_txp_token=' . form_token() . '">' . gTxt('unban') . '</a>', '', 'actions'), ' class="' . ($ctr % 2 == 0 ? 'even' : 'odd') . '"');
$ctr++;
}
echo '</tbody>' . endTable() . '</div>';
} else {
echo graf(gTxt('no_ips_banned'), ' class="indicator"');
}
}
function tInput()
{
return hInput('_txp_token', form_token());
}
function pagetop($pagetitle, $message = "")
{
global $siteurl, $sitename, $txp_user, $event, $step, $app_mode, $theme;
if ($app_mode == 'async') {
return;
}
$area = gps('area');
$event = !$event ? 'article' : $event;
$bm = gps('bm');
$privs = safe_field("privs", "txp_users", "name = '" . doSlash($txp_user) . "'");
$GLOBALS['privs'] = $privs;
$areas = areas();
$area = false;
foreach ($areas as $k => $v) {
if (in_array($event, $v)) {
$area = $k;
break;
}
}
if (gps('logout')) {
$body_id = 'page-logout';
} elseif (!$txp_user) {
$body_id = 'page-login';
} else {
$body_id = 'page-' . txpspecialchars($event);
}
header('X-Frame-Options: ' . X_FRAME_OPTIONS);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php
echo LANG;
?>
" lang="<?php
echo LANG;
?>
" dir="<?php
echo txpspecialchars(gTxt('lang_dir'));
?>
">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="noindex, nofollow" />
<title><?php
echo escape_title($pagetitle);
?>
- <?php
echo txpspecialchars($sitename);
?>
| Textpattern CMS</title>
<script type="text/javascript" src="jquery.js"></script>
<?php
echo script_js('var textpattern = {
event: "' . txpspecialchars($event) . '",
step: "' . txpspecialchars($step) . '",
_txp_token: "' . txpspecialchars(form_token()) . '",
ajax_timeout: ' . txpspecialchars(AJAX_TIMEOUT) . ',
ajaxally_challenged: ' . (AJAXALLY_CHALLENGED ? 'true' : 'false') . ',
textarray: {},
do_spellcheck: "' . txpspecialchars(get_pref('do_spellcheck', '#page-article #body, #page-article #title,' . '#page-image #alt-text, #page-image #caption,' . '#page-file #description,' . '#page-link #link-title, #page-link #link-description')) . '"};');
gTxtScript(array('form_submission_error', 'are_you_sure'));
?>
<script type="text/javascript" src="textpattern.js"></script>
<script type="text/javascript">
<!--
var cookieEnabled = checkCookies();
if (!cookieEnabled)
{
confirm('<?php
echo trim(gTxt('cookies_must_be_enabled'));
?>
');
}
function poweredit(elm)
{
var something = elm.options[elm.selectedIndex].value;
// Add another chunk of HTML
var pjs = document.getElementById('js');
if (pjs == null)
{
var br = document.createElement('br');
elm.parentNode.appendChild(br);
pjs = document.createElement('P');
pjs.setAttribute('id','js');
elm.parentNode.appendChild(pjs);
}
if (pjs.style.display == 'none' || pjs.style.display == '')
{
pjs.style.display = 'block';
}
if (something != '')
{
switch (something)
{
default:
pjs.style.display = 'none';
break;
}
}
return false;
}
addEvent(window, 'load', cleanSelects);
-->
</script>
<?php
// Mandatory un-themable Textpattern core styles
?>
<style type="text/css">
.not-ready .doc-ready, .not-ready form.async input[type="submit"], .not-ready a.async {
visibility: hidden;
}
</style>
<?php
echo $theme->html_head();
callback_event('admin_side', 'head_end');
?>
</head>
<body id="<?php
echo $body_id;
?>
" class="not-ready <?php
echo $area;
?>
">
<div class="txp-header">
<?php
callback_event('admin_side', 'pagetop');
$theme->set_state($area, $event, $bm, $message);
echo pluggable_ui('admin_side', 'header', $theme->header());
callback_event('admin_side', 'pagetop_end');
echo '</div><!-- /txp-header --><div class="txp-body">';
}
/**
* Render a link element to hook up txpAsyncHref() with request parameters
*
* @param string $item Link text
* @param array $parms Request parameters; array keys are 'event', 'step', 'thing', 'property'
* @param string $atts HTML attributes
* @return string HTML
* @since 4.5.0
* @see textpattern.js: txpAsyncHref
*/
function asyncHref($item, $parms, $atts = '')
{
extract(doSpecial(lAtts(array('event' => $GLOBALS['event'], 'step' => $GLOBALS['step'], 'thing' => '', 'property' => ''), $parms)));
$class = "{$step} async";
$href = "?event={$event}&step={$step}&thing={$thing}&property={$property}";
if (AJAXALLY_CHALLENGED) {
$href .= '&value=' . txpspecialchars($item) . '&_txp_token=' . form_token();
}
return href($item, $href, $atts . " class=\"{$class}\"");
}
function ipban_list($message = '')
{
global $event;
pageTop(gTxt('list_banned_ips'), $message);
echo '<h1 class="txp-heading">' . gTxt('banned_ips') . '</h1>';
echo '<div id="' . $event . '_banned_control" class="txp-control-panel">';
echo graf(sLink('discuss', 'discuss_list', gTxt('list_discussions')), ' class="txp-buttons"');
echo '</div>';
$rs = safe_rows_start('*, unix_timestamp(date_banned) as uBanned', 'txp_discuss_ipban', "1 = 1 order by date_banned desc");
if ($rs and numRows($rs) > 0) {
echo '<div id="' . $event . '_ban_container" class="txp-container">' . startTable('', '', 'txp-list') . n . '<thead>' . tr(hCell(gTxt('date_banned'), '', ' class="date banned"') . hCell(gTxt('IP'), '', ' class="ip"') . hCell(gTxt('name_used'), '', ' class="name"') . hCell(gTxt('banned_for'), '', ' class="id"')) . n . '</thead>';
echo '<tbody>';
while ($a = nextRow($rs)) {
extract($a);
echo tr(td(gTime($uBanned), '', 'date banned') . td(txpspecialchars($ip) . n . '[<a class="action-ban" href="?event=discuss' . a . 'step=ipban_unban' . a . 'ip=' . txpspecialchars($ip) . a . '_txp_token=' . form_token() . '">' . gTxt('unban') . '</a>]', '', 'ip') . td(txpspecialchars($name_used), '', 'name') . td('<a href="?event=discuss' . a . 'step=discuss_edit' . a . 'discussid=' . $banned_on_message . '">' . $banned_on_message . '</a>', '', 'id'));
}
echo '</tbody>' . endTable() . '</div>';
} else {
echo graf(gTxt('no_ips_banned'), ' class="indicator"');
}
}
<div class="inner_br">
<div class="cls100_p">
<div class="clsInnerCommon">
<h2><?php
echo 'Provider Signup';
?>
</h2>
<h3><span class="clsNewBuyer"><?php
echo $this->lang->line('singup_2');
?>
</span></h3>
<div class="clsMainInfo">
<form method="post" action="" enctype="multipart/form-data">
<?php
echo form_token();
?>
<p><span> <?php
echo $this->lang->line('conform_email');
?>
</span>
<?php
if (isset($confirmed_mail)) {
echo $confirmed_mail;
}
?>
</p>
<p><span><?php
echo $this->lang->line('pick_username');
?>
/**
* Creates and outputs an admin-side header.
*
* The output contains HTML <head> section and the main
* navigation. The results are echoed as opposed to returned.
*
* This function offers a way to invoke modal activity messages
* and set the page title.
*
* Output will automatically become silent on asynchronous
* script responses that do not want HTML headers.
*
* @param string $pagetitle The page title
* @param string|array $message A message show to the user
* @example
* pagetop('Title', array('My error message', E_ERROR));
* echo 'My page contents.';
*/
function pagetop($pagetitle, $message = '')
{
global $siteurl, $sitename, $txp_user, $event, $step, $app_mode, $theme, $privs;
if ($app_mode == 'async') {
return;
}
$area = gps('area');
$event = !$event ? 'article' : $event;
$bm = gps('bm');
$privs = safe_field("privs", "txp_users", "name = '" . doSlash($txp_user) . "'");
$areas = areas();
$area = false;
foreach ($areas as $k => $v) {
if (in_array($event, $v)) {
$area = $k;
break;
}
}
if (gps('logout')) {
$body_id = 'page-logout';
} elseif (!$txp_user) {
$body_id = 'page-login';
} else {
$body_id = 'page-' . txpspecialchars($event);
}
header('X-Frame-Options: ' . X_FRAME_OPTIONS);
header('X-UA-Compatible: ' . X_UA_COMPATIBLE);
$lang_direction = gTxt('lang_dir');
if (!in_array($lang_direction, array('ltr', 'rtl'))) {
// Apply biased default for missing translations
$lang_direction = 'ltr';
}
?>
<!DOCTYPE html>
<html lang="<?php
echo LANG;
?>
" dir="<?php
echo $lang_direction;
?>
">
<head>
<meta charset="utf-8">
<meta name="robots" content="noindex, nofollow">
<title><?php
echo admin_title($pagetitle);
?>
</title><?php
echo script_js('vendors/jquery/jquery/jquery.js', TEXTPATTERN_SCRIPT_URL) . script_js('vendors/jquery/ui/js/jquery-ui.js', TEXTPATTERN_SCRIPT_URL) . script_js('//code.jquery.com/jquery-migrate-1.2.1.js', TEXTPATTERN_SCRIPT_URL) . script_js('var textpattern = ' . json_encode(array('event' => $event, 'step' => $step, '_txp_token' => form_token(), 'ajax_timeout' => (int) AJAX_TIMEOUT, 'textarray' => (object) null, 'do_spellcheck' => get_pref('do_spellcheck', '#page-article #body, #page-article #title,' . '#page-image #alt-text, #page-image #caption,' . '#page-file #description,' . '#page-link #link-title, #page-link #link-description'), 'production_status' => get_pref('production_status'))) . ';') . script_js('textpattern.js', TEXTPATTERN_SCRIPT_URL) . n;
gTxtScript(array('form_submission_error', 'are_you_sure', 'cookies_must_be_enabled', 'ok', 'save', 'publish'));
// Mandatory un-themable Textpattern core styles
?>
<style>
.not-ready .doc-ready,
.not-ready form.async input[type="submit"],
.not-ready a.async
{
visibility: hidden;
}
</style>
<?php
echo $theme->html_head();
callback_event('admin_side', 'head_end');
?>
</head>
<body id="<?php
echo $body_id;
?>
" class="not-ready <?php
echo $area;
?>
">
<header role="banner" class="txp-header">
<?php
callback_event('admin_side', 'pagetop');
$theme->set_state($area, $event, $bm, $message);
echo pluggable_ui('admin_side', 'header', $theme->header());
callback_event('admin_side', 'pagetop_end');
echo n . '</header><!-- /txp-header -->' . n . '<main role="main" class="txp-body" aria-label="' . gTxt('main_content') . '">';
callback_event('admin_side', 'main_content');
}
</label>
<div><textarea id="txtBody" name="txtBody" cols="130" rows="15" class="<?php
echo $lang;
?>
"><?php
echo $post->postBody;
?>
</textarea></div>
</div>
<div class="row">
<button type="submit" class="submit button green" id="btnSave" name="btnSave"><?php
echo _t('Save');
?>
</button>
<a href="<?php
echo _url('admin/post/list');
?>
">
<button type="button" class="button" id="btnCancel" name="btnCancel"><?php
echo _t('Cancel');
?>
</button>
</a>
</div>
<?php
form_token();
?>
</form>
</div>
<?php
include _i('inc/tpl/footer.php');
function forumEditCat($f_cat, $f_des, $f_id2)
{
global $mysqli, $db_table_prefix, $load_page_dir, $session_token_num, $websiteUrl, $site_forum_main;
// Form button to edit forum cat
echo "<form enctype=\"multipart/form-data\" action=\"\" method=\"POST\" onsubmit=\"submitmystat.disabled = true; return true;\" class='sweetform' >";
// Setup token in form // create multi sessions
if (isset($session_token_num)) {
$session_token_num = $session_token_num + 1;
} else {
$session_token_num = "1";
}
form_token();
echo "<input type=\"hidden\" name=\"forum_cat\" value=\"{$f_cat}\" />";
echo "<input type=\"hidden\" name=\"forum_id_edit\" value=\"{$f_id2}\" />";
echo "<input type=\"hidden\" name=\"EditCat\" value=\"TRUE\" />";
echo "<input type=\"submit\" value=\"Edit\" name=\"Edit\" class=\"sweet\" onClick=\"this.value = 'Please Wait....'\" />";
echo "</form>";
// Only Admins Can Delete Forum Cats
if (userCheckForumAdmin()) {
// Form button to delete forum cat
echo "<form enctype=\"multipart/form-data\" action=\"{$websiteUrl}{$site_forum_main}forum_delete_stuff/\" method=\"POST\" onsubmit=\"submitmystat.disabled = true; return true;\" class='sweetform' >";
// Setup token in form // create multi sessions
if (isset($session_token_num)) {
$session_token_num = $session_token_num + 1;
} else {
$session_token_num = "1";
}
form_token();
echo "<input type=\"hidden\" name=\"forum_cat\" value=\"{$f_cat}\" />";
echo "<input type=\"hidden\" name=\"forum_id_edit\" value=\"{$f_id2}\" />";
echo "<input type=\"hidden\" name=\"DeleteCat\" value=\"TRUE\" />";
echo "<input type=\"submit\" value=\"Delete\" name=\"Delete\" class=\"sweet\" onClick=\"this.value = 'Please Wait....'\" />";
echo "</form>";
}
}
