/** * Get a link owner object from link_type and object ID * * @param string link type ( item, comment, ... ) * @param integer the corresponding object ID */ function get_link_owner($link_type, $object_ID) { switch ($link_type) { case 'item': // create LinkItem object $ItemCache =& get_ItemCache(); $Item = $ItemCache->get_by_ID($object_ID, false); $LinkOwner = new LinkItem($Item); break; case 'comment': // create LinkComment object $CommentCache =& get_CommentCache(); $Comment = $CommentCache->get_by_ID($object_ID, false); $LinkOwner = new LinkComment($Comment); break; case 'user': // create LinkUser object $UserCache =& get_UserCache(); $User = $UserCache->get_by_ID($object_ID, false); $LinkOwner = new LinkUser($User); break; default: $LinkOwner = NULL; } return $LinkOwner; }
function user_avatar($user_ID) { global $Blog; $UserCache =& get_UserCache(); $User =& $UserCache->get_by_ID($user_ID); return $User->get_identity_link(array('link_text' => 'only_avatar', 'thumb_size' => $Blog->get_setting('image_size_user_list'))); }
function emlog_to($emlog_ID, $emlog_to, $emlog_user_ID) { $deleted_user_note = ''; if (!empty($emlog_user_ID)) { // Get user $UserCache =& get_UserCache(); if ($User = $UserCache->get_by_ID($emlog_user_ID, false)) { $to = $User->get_identity_link(); } else { // could not find user, probably it was deleted $deleted_user_note = '( ' . T_('Deleted user') . ' )'; } } if (empty($to)) { // User is not defined global $admin_url; $to = '<a href="' . $admin_url . '?ctrl=email&tab=sent&emlog_ID=' . $emlog_ID . '">' . htmlspecialchars($emlog_to) . $deleted_user_note . '</a>'; } return $to; }
/** * Display the widget! * * @param array MUST contain at least the basic display params */ function display($params) { global $DB, $Settings, $UserSettings, $localtimenow; if (!$this->get_param('allow_anonymous') && !is_logged_in()) { // display only for logged in users return; } // load online Users $UserCache =& get_UserCache(); $online_threshold = $localtimenow - 2 * $Settings->get('timeout_online'); $UserCache->load_where('user_lastseen_ts > ' . $DB->quote(date2mysql($online_threshold) . ' AND user_status <> ' . $DB->quote('closed'))); $this->init_display($params); // START DISPLAY: echo $this->disp_params['block_start']; // Display title if requested $this->disp_title(); echo $this->disp_params['block_body_start']; $r = ''; while (($iterator_User =& $UserCache->get_next()) != NULL) { // Iterate through UserCache $user_lastseen_ts = mysql2timestamp($iterator_User->get('lastseen_ts')); if ($user_lastseen_ts > $online_threshold && $UserSettings->get('show_online', $iterator_User->ID) && !$iterator_User->check_status('is_closed')) { if (empty($r)) { // first user $r .= $params['list_start']; } $r .= $params['item_start']; $r .= $iterator_User->get_identity_link(array('login_mask' => '$login$')); $r .= $params['item_end']; } } if (!empty($r)) { $r .= $params['list_end']; echo $r; } echo $this->disp_params['block_body_end']; echo $this->disp_params['block_end']; return true; }
/** * Get title of the item/task cell by field type * * @param string Type of the field: 'priority', 'status', 'assigned' * @param object Item * @param integer Priority * @return string */ function td_task_cell($type, $Item) { global $current_User; switch ($type) { case 'priority': $value = $Item->priority; $title = item_priority_title($Item->priority); break; case 'status': $value = $Item->pst_ID; $title = $Item->get('t_extra_status'); if (empty($title)) { $title = T_('No status'); } break; case 'assigned': $value = $Item->assigned_user_ID; if (empty($value)) { $title = T_('No user'); } else { $UserCache =& get_UserCache(); $User =& $UserCache->get_by_ID($Item->assigned_user_ID); $title = $User->get_colored_login(array('mask' => '$avatar$ $login$')); } break; default: $value = 0; $title = ''; } if ($current_User->check_perm('item_post!CURSTATUS', 'edit', false, $Item)) { // Current user can edit this item return '<a href="#" rel="' . $value . '">' . $title . '</a>'; } else { // No perms to edit item, Display only a title return $title; } }
function user_login($user_ID, $link = true) { $UserCache =& get_UserCache(); $User =& $UserCache->get_by_ID($user_ID, false, false); if ($User) { if ($link) { $login_text = get_user_identity_link($User->login, $User->ID, 'user', 'login'); if ($User->check_status('is_closed')) { // add (closed account) note to corresponding contacts! $login_text .= '<span class="note">(' . T_('closed account') . ')</span>'; } return $login_text; } return $User->login; } return ''; }
/** * Get an array of registered users and guests. * * @return array containing number of registered users and guests ('registered' and 'guests') */ function init() { if ($this->_initialized) { return true; } global $DB, $UserSettings, $localtimenow; $this->_count_guests = 0; $this->_registered_Users = array(); $timeout_YMD = date('Y-m-d H:i:s', $localtimenow - $this->_timeout_online_user); $UserCache =& get_UserCache(); // We get all sessions that have been seen in $timeout_YMD and that have a session key. // NOTE: we do not use DISTINCT here, because guest users are all "NULL". $online_user_ids = $DB->get_col("\n\t\t\tSELECT SQL_NO_CACHE sess_user_ID\n\t\t\t FROM T_sessions\n\t\t\t WHERE sess_lastseen_ts > '" . $timeout_YMD . "'\n\t\t\t AND sess_key IS NOT NULL\n\t\t\t GROUP BY sess_ID", 0, 'Sessions: get list of relevant users.'); $registered_online_user_ids = array_diff($online_user_ids, array(NULL)); // load all online users into the cache because we need information ( login, avatar ) about them $UserCache->load_list($registered_online_user_ids); foreach ($online_user_ids as $user_ID) { if (!empty($user_ID) && ($User =& $UserCache->get_by_ID($user_ID, false))) { if ($UserSettings->get('show_online', $User->ID)) { // Assign by ID so that each user is only counted once (he could use multiple user agents at the same time): $this->_registered_Users[$user_ID] =& $User; } else { // Count this user as guest when he doesn't want to be visible: $this->_count_guests++; } } else { $this->_count_guests++; } } $this->_initialized = true; }
/** * Get current_User for an XML-RPC request - Includes login (password) check. * * @param xmlrpcmsg XML-RPC Message * @param integer idx of login param in XML-RPC Message * @param integer idx of pass param in XML-RPC Message * @return User or NULL */ function &xmlrpcs_login($m, $login_param, $pass_param) { global $xmlrpcs_errcode, $xmlrpcs_errmsg, $xmlrpcerruser; $username = $m->getParam($login_param); $username = $username->scalarval(); $password = $m->getParam($pass_param); $password = $password->scalarval(); /** * @var UserCache */ $UserCache =& get_UserCache(); $current_User =& $UserCache->get_by_login($username); if (empty($current_User) || !$current_User->check_password($password, false)) { // User not found or password doesn't match $xmlrpcs_errcode = $xmlrpcerruser + 1; $xmlrpcs_errmsg = 'Wrong username/password combination: ' . $username . ' / ' . starify($password); $r = NULL; return $r; } // This may be needed globally for status permissions in ItemList2, etc.. $GLOBALS['current_User'] =& $current_User; // Check here ability to use APIs $group = $current_User->get_Group(); if (!$group->check_perm('perm_api', 'always')) { // Permission denied $xmlrpcs_errcode = $xmlrpcerruser + 1; $xmlrpcs_errmsg = 'User has no permission to use this API: ' . $username . ' / ' . starify($password); $r = NULL; return $r; } logIO('Login OK - User: '******' - ' . $current_User->login); return $current_User; }
/** * Generate a title for the current list, depending on its filtering params * * @todo cleanup some displays * @todo implement HMS part of YMDHMS * * @return array List of titles to display, which are escaped for HTML display * (dh> only checked this for 'authors'/?authors=, where the output was not escaped) */ function get_filter_titles($ignore = array(), $params = array()) { global $month; $params = array_merge(array('category_text' => T_('Category') . ': ', 'categories_text' => T_('Categories') . ': ', 'tags_text' => T_('Tags') . ': '), $params); if (empty($this->filters)) { // Filters have no been set before, we'll use the default filterset: // echo ' setting default filterset '; $this->set_filters($this->default_filters); } $title_array = array(); if ($this->single_post) { // We have requested a specific post: // Should be in first position $Item =& $this->get_by_idx(0); if (is_null($Item)) { $title_array[] = T_('Invalid request'); } else { $title_array[] = $Item->get_titletag(); } return $title_array; } // CATEGORIES: if (!empty($this->filters['cat_array'])) { // We have requested specific categories... $cat_names = array(); $ChapterCache =& get_ChapterCache(); foreach ($this->filters['cat_array'] as $cat_ID) { if (($my_Chapter =& $ChapterCache->get_by_ID($cat_ID, false)) !== false) { // It is almost never meaningful to die over an invalid cat when generating title $cat_names[] = $my_Chapter->name; } } if ($this->filters['cat_modifier'] == '*') { $cat_names_string = implode(' + ', $cat_names); } else { $cat_names_string = implode(', ', $cat_names); } if (!empty($cat_names_string)) { if ($this->filters['cat_modifier'] == '-') { $cat_names_string = T_('All but ') . ' ' . $cat_names_string; $title_array['cats'] = $params['categories_text'] . $cat_names_string; } else { if (count($this->filters['cat_array']) > 1) { $title_array['cats'] = $params['categories_text'] . $cat_names_string; } else { $title_array['cats'] = $params['category_text'] . $cat_names_string; } } } } // ARCHIVE TIMESLOT: if (!empty($this->filters['ymdhms'])) { // We have asked for a specific timeframe: $my_year = substr($this->filters['ymdhms'], 0, 4); if (strlen($this->filters['ymdhms']) > 4) { // We have requested a month too: $my_month = T_($month[substr($this->filters['ymdhms'], 4, 2)]); } else { $my_month = ''; } // Requested a day? $my_day = substr($this->filters['ymdhms'], 6, 2); $arch = T_('Archives for') . ': ' . $my_month . ' ' . $my_year; if (!empty($my_day)) { // We also want to display a day $arch .= ', ' . $my_day; } if (!empty($this->filters['week']) || $this->filters['week'] === 0) { // We also want to display a week number $arch .= ', ' . T_('week') . ' ' . $this->filters['week']; } $title_array['ymdhms'] = $arch; } // KEYWORDS: if (!empty($this->filters['keywords'])) { $title_array['keywords'] = T_('Keyword(s)') . ': ' . $this->filters['keywords']; } // TAGS: if (!empty($this->filters['tags'])) { $title_array[] = $params['tags_text'] . $this->filters['tags']; } // AUTHORS: if (!empty($this->filters['authors']) || !empty($this->filters['authors_login'])) { $authors = trim($this->filters['authors'] . ',' . get_users_IDs_by_logins($this->filters['authors_login']), ','); $authors = preg_split('~\\s*,\\s*~', $authors, -1, PREG_SPLIT_NO_EMPTY); $author_names = array(); if ($authors) { $UserCache =& get_UserCache(); foreach ($authors as $author_ID) { if ($tmp_User = $UserCache->get_by_ID($author_ID, false, false)) { $author_names[] = $tmp_User->get_identity_link(array('link_text' => 'login')); } } } $title_array[] = T_('Author(s)') . ': ' . implode(', ', $author_names); } // ASSIGNEES: if (!empty($this->filters['assignees']) || !empty($this->filters['assignees_login'])) { if ($this->filters['assignees'] == '-') { $title_array[] = T_('Not assigned'); } else { $assignees = trim($this->filters['assignees'] . ',' . get_users_IDs_by_logins($this->filters['assignees_login']), ','); $assignees = preg_split('~\\s*,\\s*~', $assignees, -1, PREG_SPLIT_NO_EMPTY); $assignees_names = array(); if ($assignees) { $UserCache =& get_UserCache(); foreach ($assignees as $user_ID) { if ($tmp_User =& $UserCache->get_by_ID($user_ID, false, false)) { $assignees_names[] = $tmp_User->get_identity_link(array('link_text' => 'login')); } } } $title_array[] = T_('Assigned to') . ': ' . implode(', ', $assignees_names); } } // LOCALE: if ($this->filters['lc'] != 'all') { $title_array[] = T_('Locale') . ': ' . $this->filters['lc']; } // EXTRA STATUSES: if (!empty($this->filters['statuses'])) { if ($this->filters['statuses'] == '-') { $title_array[] = T_('Without status'); } else { $title_array[] = T_('Status(es)') . ': ' . $this->filters['statuses']; } } // SHOW STATUSES if (count($this->filters['visibility_array']) < 5 && !in_array('visibility', $ignore)) { $post_statuses = get_visibility_statuses(); $status_titles = array(); foreach ($this->filters['visibility_array'] as $status) { $status_titles[] = $post_statuses[$status]; } $title_array[] = T_('Visibility') . ': ' . implode(', ', $status_titles); } // START AT if (!empty($this->filters['ymdhms_min'])) { $title_array['ymdhms_min'] = T_('Start at') . ': ' . $this->filters['ymdhms_min']; } if (!empty($this->filters['ts_min'])) { if ($this->filters['ts_min'] == 'now') { $title_array['ts_min'] = T_('Hide past'); } else { $title_array['ts_min'] = T_('Start at') . ': ' . $this->filters['ts_min']; } } // STOP AT if (!empty($this->filters['ymdhms_max'])) { $title_array['ymdhms_max'] = T_('Stop at') . ': ' . $this->filters['ymdhms_max']; } if (!empty($this->filters['ts_max'])) { if ($this->filters['ts_max'] == 'now') { if (!in_array('hide_future', $ignore)) { $title_array['ts_max'] = T_('Hide future'); } } else { $title_array['ts_max'] = T_('Stop at') . ': ' . $this->filters['ts_max']; } } // LIMIT TO if ($this->single_post) { // Single post: no paging required! } elseif (!empty($this->filters['ymdhms'])) { // no restriction if we request a month... some permalinks may point to the archive! } elseif ($this->filters['unit'] == 'posts' || $this->filters['unit'] == 'all') { // We're going to page, so there's no real limit here... } elseif ($this->filters['unit'] == 'days') { // We are going to limit to x days: // echo 'LIMIT DAYS '; if (empty($this->filters['ymdhms_min'])) { // We have no start date, we'll display the last x days: if (!empty($this->filters['keywords']) || !empty($this->filters['cat_array']) || !empty($this->filters['authors'])) { // We are in DAYS mode but we can't restrict on these! (TODO: ?) } else { // We are going to limit to LAST x days: // TODO: rename 'posts' to 'limit' $title_array['posts'] = sprintf(T_('Limited to %d last days'), $this->limit); } } else { // We have a start date, we'll display x days starting from that point: $title_array['posts'] = sprintf(T_('Limited to %d days'), $this->limit); } } else { debug_die('Unhandled LIMITING mode in ItemList:' . $this->filters['unit'] . ' (paged mode is obsolete)'); } return $title_array; }
/** * Skip to previous/next User * * @param integer the currently selected user ID ( Note: it must be set only if we would like to skip some users from the list ) * @param string prev | next (relative to the current sort order) */ function &get_prevnext_User($direction = 'next', $selected_user_ID = NULL) { $users_list = $this->filters['users']; if (count($users_list) < 2) { // Short users list $r = NULL; return $r; } // ID of selected user if ($selected_user_ID === NULL) { // get currently selected user ID from param $selected_user_ID = get_param('user_ID'); } $user_key = array_search($selected_user_ID, $users_list); if (is_int($user_key)) { // Selected user is located in the list $prevnext_key = $direction == 'next' ? $user_key + 1 : $user_key - 1; if (isset($users_list[$prevnext_key])) { // Prev/next user is located in the list $prevnext_ID = $users_list[$prevnext_key]; } } if (empty($prevnext_ID)) { // No prev/next user $r = NULL; return $r; } $UserCache =& get_UserCache(); $User =& $UserCache->get_by_ID($prevnext_ID, false, false); return $User; }
/** * Display the edited items results table * * @param array Params */ function items_edited_results_block($params = array()) { // Make sure we are not missing any param: $params = array_merge(array('edited_User' => NULL, 'results_param_prefix' => 'actv_postedit_', 'results_title' => T_('Posts edited by the user'), 'results_no_text' => T_('User has not edited any posts')), $params); if (!is_logged_in()) { // Only logged in users can access to this function return; } global $current_User; if (!$current_User->check_perm('users', 'edit')) { // Check minimum permission: return; } $edited_User = $params['edited_User']; if (!$edited_User) { // No defined User, probably the function is calling from AJAX request $user_ID = param('user_ID', 'integer', 0); if (empty($user_ID)) { // Bad request, Exit here return; } $UserCache =& get_UserCache(); if (($edited_User =& $UserCache->get_by_ID($user_ID, false)) === false) { // Bad request, Exit here return; } } global $DB; param('user_tab', 'string', '', true); param('user_ID', 'integer', 0, true); $edited_versions_SQL = new SQL(); $edited_versions_SQL->SELECT('DISTINCT( iver_itm_ID )'); $edited_versions_SQL->FROM('T_items__version'); $edited_versions_SQL->WHERE('iver_edit_user_ID = ' . $DB->quote($edited_User->ID)); $SQL = new SQL(); $SQL->SELECT('*'); $SQL->FROM('T_items__item '); $SQL->WHERE('( ( post_lastedit_user_ID = ' . $DB->quote($edited_User->ID) . ' ) OR ( post_ID IN ( ' . $edited_versions_SQL->get() . ' ) ) )'); $SQL->WHERE_and('post_creator_user_ID != ' . $DB->quote($edited_User->ID)); // Create result set: $edited_items_Results = new Results($SQL->get(), $params['results_param_prefix'], 'D'); $edited_items_Results->Cache =& get_ItemCache(); $edited_items_Results->title = $params['results_title']; $edited_items_Results->no_results_text = $params['results_no_text']; // Get a count of the post which current user can delete $deleted_posts_edited_count = count($edited_User->get_deleted_posts('edited')); if ($edited_items_Results->total_rows > 0 && $deleted_posts_edited_count > 0) { // Display actino icon to delete all records if at least one record exists & current user can delete at least one item created by user $edited_items_Results->global_icon(sprintf(T_('Delete all post edited by %s'), $edited_User->login), 'delete', '?ctrl=user&user_tab=activity&action=delete_all_posts_edited&user_ID=' . $edited_User->ID . '&' . url_crumb('user'), ' ' . T_('Delete all'), 3, 4); } // Initialize Results object items_results($edited_items_Results, array('field_prefix' => 'post_', 'display_ord' => false, 'display_history' => false)); if (is_ajax_content()) { // init results param by template name if (!isset($params['skin_type']) || !isset($params['skin_name'])) { debug_die('Invalid ajax results request!'); } $edited_items_Results->init_params_by_skin($params['skin_type'], $params['skin_name']); } $display_params = array('before' => '<div class="results" style="margin-top:25px" id="edited_posts_result">'); $edited_items_Results->display($display_params); if (!is_ajax_content()) { // Create this hidden div to get a function name for AJAX request echo '<div id="' . $params['results_param_prefix'] . 'ajax_callback" style="display:none">' . __FUNCTION__ . '</div>'; } }
/** * Resolve user ID of owner * * @return User */ function &get_owner_User() { if (!isset($this->owner_User)) { $UserCache =& get_UserCache(); $this->owner_User =& $UserCache->get_by_ID($this->owner_user_ID); } return $this->owner_User; }
/** * Send newsletter emails */ function newsletter_send() { global $DB, $Session; load_class('users/model/_userlist.class.php', 'UserList'); // Initialize users list from session cache in order to get users IDs for newsletter $UserList = new UserList('admin'); $UserList->memorize = false; $UserList->load_from_Request(); $users_IDs = $UserList->filters['users']; // Get all active users which accept newsletter email $SQL = get_newsletter_users_sql($users_IDs); $users = $DB->get_col($SQL->get()); echo sprintf(T_('Newsletter is sending for %s users...'), count($users)) . '<br /><br />'; evo_flush(); $email_newsletter_params = array('message' => $Session->get('newsletter_message')); foreach ($users as $user_ID) { $UserCache =& get_UserCache(); $User = $UserCache->get_by_ID($user_ID); echo sprintf(T_('Email is sending for %s (%s)...'), $User->get_identity_link(), $User->get('email')) . ' '; // Send a newsletter in user's locale locale_temp_switch($User->get('locale')); $email_result = send_mail_to_User($user_ID, $Session->get('newsletter_title'), 'newsletter', $email_newsletter_params); locale_restore_previous(); if ($email_result) { // Success sending echo T_('OK'); } else { // Failed sending echo '<span class="red">' . T_('Failed') . '</span>'; } echo '<br />'; evo_flush(); } }
/** * Check if user has a permission to moderate the user * * @param integer User ID * @return boolean TRUE on success */ function can_moderate_user($user_ID, $assert = false) { if ($this->ID == $user_ID) { // User can edit own profile return true; } if ($this->check_perm('users', 'edit')) { // User can edit all users return true; } if ($this->check_perm('users', 'moderate', $assert)) { // User can moderate other user but we should to compare levels of users groups $UserCache =& get_UserCache(); if ($target_User = $UserCache->get_by_ID($user_ID, false, false)) { if ($target_User->get_Group()->get('level') < $this->get_Group()->get('level')) { // User can moderate only users with level lower than own level return true; } } } if ($assert) { // We can't let this go on! debug_die(sprintf(T_('User #%s has no permission to edit user #%s!'), $this->ID, $user_ID)); } return false; }
function pbm_validate_user_password($user_login, $user_pass) { $UserCache =& get_UserCache(); $User =& $UserCache->get_by_login($user_login); if (!$User) { return false; } // First check unhashed password if (!$User->check_password($user_pass, false)) { if (preg_match('~^[a-f0-9]{32}$~i', $user_pass)) { // This is a hashed password, see if it's valid // We check it here because some crazy user may use a real 32-chars password! if ($User->check_password($user_pass, true)) { // Valid password return $User; } } return false; } return $User; }
/** * Constructor * * Will fail if non existent User or Blog is requested. * But specific access permissions on (threfore existence of) this User or Blog should have been tested before anyway. * * @param string Root type: 'user', 'group' or 'collection' * @param integer ID of the user, the group or the collection the file belongs to... * @param boolean Create the directory, if it does not exist yet? */ function FileRoot($root_type, $root_in_type_ID, $create = true) { /** * @var User */ global $current_User; global $Messages; global $Settings, $Debuglog; global $Blog; // Store type: $this->type = $root_type; // Store ID in type: $this->in_type_ID = $root_in_type_ID; // Generate unique ID: $this->ID = FileRoot::gen_ID($root_type, $root_in_type_ID); switch ($root_type) { case 'user': $UserCache =& get_UserCache(); if (!($User =& $UserCache->get_by_ID($root_in_type_ID, false, false))) { // User not found return false; } $this->name = $User->get('login'); //.' ('. /* TRANS: short for "user" */ T_('u').')'; $this->ads_path = $User->get_media_dir($create); $this->ads_url = $User->get_media_url(); return; case 'collection': $BlogCache =& get_BlogCache(); if (!($Blog =& $BlogCache->get_by_ID($root_in_type_ID, false, false))) { // Blog not found return false; } $this->name = $Blog->get('shortname'); //.' ('. /* TRANS: short for "blog" */ T_('b').')'; $this->ads_path = $Blog->get_media_dir($create); $this->ads_url = $Blog->get_media_url(); return; case 'shared': // fp> TODO: handle multiple shared directories global $media_path, $media_url; $rds_shared_subdir = 'shared/global/'; $ads_shared_dir = $media_path . $rds_shared_subdir; if (!$Settings->get('fm_enable_roots_shared')) { // Shared dir is disabled: $Debuglog->add('Attempt to access shared dir, but this feature is globally disabled', 'files'); } elseif (!mkdir_r($ads_shared_dir)) { // Only display error on an admin page: if (is_admin_page()) { $Messages->add(sprintf(T_('The directory «%s» could not be created.'), $rds_shared_subdir) . get_manual_link('directory_creation_error'), 'error'); } } else { $this->name = T_('Shared'); $this->ads_path = $ads_shared_dir; if (isset($Blog)) { // (for now) Let's make shared files appear as being part of the currently displayed blog: $this->ads_url = $Blog->get_local_media_url() . 'shared/global/'; } else { $this->ads_url = $media_url . 'shared/global/'; } } return; case 'skins': // fp> some stuff here should go out of here... but I don't know where to put it yet. I'll see after the Skin refactoring. if (!$Settings->get('fm_enable_roots_skins')) { // Skins root is disabled: $Debuglog->add('Attempt to access skins dir, but this feature is globally disabled', 'files'); } elseif (empty($current_User) || !$current_User->check_perm('templates')) { // No perm to access templates: $Debuglog->add('Attempt to access skins dir, but no permission', 'files'); } else { global $skins_path, $skins_url; $this->name = T_('Skins'); $this->ads_path = $skins_path; if (isset($Blog)) { // (for now) Let's make skin files appear as being part of the currently displayed blog: $this->ads_url = $Blog->get_local_skins_url(); } else { $this->ads_url = $skins_url; } } return; } debug_die("Invalid root type"); }
/** * Handle messaging module htsrv actions */ function handle_htsrv_action() { global $current_User, $Blog, $Session, $Messages, $samedomain_htsrv_url; // Init objects we want to work on. $action = param_action(true, true); $disp = param('disp', '/^[a-z0-9\\-_]+$/', 'threads'); // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('messaging_' . $disp); // Load classes load_class('messaging/model/_thread.class.php', 'Thread'); load_class('messaging/model/_message.class.php', 'Message'); if (!is_logged_in()) { // user must be logged in debug_die('User must be logged in to proceed with messaging updates!'); } // Check permission: $current_User->check_perm('perm_messaging', 'reply', true); // set where to redirect $redirect_to = param('redirect_to', 'url', NULL); if (empty($redirect_to)) { if (isset($Blog)) { $redirect_to = url_add_param($Blog->gen_baseurl(), 'disp=' . $disp); } else { $redirect_to = url_add_param($baseurl, 'disp=' . $disp); } } if ($disp != 'contacts' && ($thrd_ID = param('thrd_ID', 'integer', '', true))) { // Load thread from cache: $ThreadCache =& get_ThreadCache(); if (($edited_Thread =& $ThreadCache->get_by_ID($thrd_ID, false)) === false) { unset($edited_Thread); forget_param('thrd_ID'); $Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Thread')), 'error'); $action = 'nil'; } } switch ($disp) { // threads action case 'threads': if ($action != 'create') { // Make sure we got a thrd_ID: param('thrd_ID', 'integer', true); } switch ($action) { case 'create': // create thread // check if create new thread is allowed if (check_create_thread_limit()) { // max new threads limit reached, don't allow to create new thread debug_die('Invalid request, new conversation limit already reached!'); } if (!create_new_thread()) { // unsuccessful new thread creation global $edited_Thread, $edited_Message, $thrd_recipients, $thrd_recipients_array; $redirect_to .= '&action=new'; // save new message and thread params into the Session to not lose the content $unsaved_message_params = array(); $unsaved_message_params['subject'] = $edited_Thread->title; $unsaved_message_params['message'] = $edited_Message->text; $unsaved_message_params['thrdtype'] = param('thrdtype', 'string', 'individual'); // alternative: discussion $unsaved_message_params['thrd_recipients'] = $thrd_recipients; $unsaved_message_params['thrd_recipients_array'] = $thrd_recipients_array; save_message_params_to_session($unsaved_message_params); } break; case 'delete': // delete thread // Check permission: $current_User->check_perm('perm_messaging', 'delete', true); $confirmed = param('confirmed', 'integer', 0); if ($confirmed) { $msg = sprintf(T_('Thread «%s» deleted.'), $edited_Thread->dget('title')); $edited_Thread->dbdelete(true); unset($edited_Thread); forget_param('thrd_ID'); $Messages->add($msg, 'success'); } else { $delete_url = $samedomain_htsrv_url . 'action.php?mname=messaging&thrd_ID=' . $edited_Thread->ID . '&action=delete&confirmed=1&redirect_to=' . $redirect_to . '&' . url_crumb('messaging_threads'); $ok_button = '<span class="linkbutton"><a href="' . $delete_url . '">' . T_('I am sure!') . '!</a></span>'; $cancel_button = '<span class="linkbutton"><a href="' . $redirect_to . '">CANCEL</a></span>'; $msg = sprintf(T_('You are about to delete all messages in the conversation «%s».'), $edited_Thread->dget('title')); $msg .= '<br />' . T_('This CANNOT be undone!') . '<br />' . T_('Are you sure?') . '<br /><br />' . $ok_button . "\t" . $cancel_button; $Messages->add($msg, 'error'); } break; case 'leave': // user wants to leave the thread leave_thread($edited_Thread->ID, $current_User->ID, false); $Messages->add(sprintf(T_('You have successfuly left the «%s» conversation!'), $edited_Thread->get('title')), 'success'); break; case 'close': // close the thread // close the thread case 'close_and_block': // close the thread and block contact leave_thread($edited_Thread->ID, $current_User->ID, true); // user has closed this conversation because there was only one other user involved $Messages->add(sprintf(T_('You have successfuly closed the «%s» conversation!'), $edited_Thread->get('title')), 'success'); if ($action == 'close_and_block') { // user also wants to block contact with the other user involved in this thread $block_user_ID = param('block_ID', 'integer', true); $UserCache =& get_UserCache(); $blocked_User = $UserCache->get_by_ID($block_user_ID); set_contact_blocked($block_user_ID, true); $Messages->add(sprintf(T_('«%s» was blocked.'), $blocked_User->get('login')), 'success'); } break; } break; // break from threads action switch // contacts action // break from threads action switch // contacts action case 'contacts': $user_ID = param('user_ID', 'string', true); if ($action != 'block' && $action != 'unblock') { // only block or unblock is valid debug_die("Invalid action param"); } set_contact_blocked($user_ID, $action == 'block' ? 1 : 0); $redirect_to = str_replace('&', '&', $redirect_to); break; // messages action // messages action case 'messages': if ($action == 'create') { // create new message create_new_message($thrd_ID); } elseif ($action == 'delete') { // Check permission: $current_User->check_perm('perm_messaging', 'delete', true); $msg_ID = param('msg_ID', 'integer', true); $MessageCache =& get_MessageCache(); if (($edited_Message =& $MessageCache->get_by_ID($msg_ID, false)) === false) { $Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Message')), 'error'); break; } $confirmed = param('confirmed', 'integer', 0); if ($confirmed) { // delete message $edited_Message->dbdelete(); unset($edited_Message); $Messages->add(T_('Message deleted.'), 'success'); } else { $delete_url = $samedomain_htsrv_url . 'action.php?mname=messaging&disp=messages&thrd_ID=' . $thrd_ID . '&msg_ID=' . $msg_ID . '&action=delete&confirmed=1'; $delete_url = url_add_param($delete_url, 'redirect_to=' . rawurlencode($redirect_to), '&') . '&' . url_crumb('messaging_messages'); $ok_button = '<span class="linkbutton"><a href="' . $delete_url . '">' . T_('I am sure!') . '!</a></span>'; $cancel_button = '<span class="linkbutton"><a href="' . $redirect_to . '">CANCEL</a></span>'; $msg = T_('You are about to delete this message. ') . '<br /> ' . T_('This CANNOT be undone!') . '<br />' . T_('Are you sure?') . '<br /><br />' . $ok_button . $cancel_button; $Messages->add($msg, 'error'); } } break; } header_redirect($redirect_to); // Will save $Messages into Session }
/** * Automagically login every user as "demouser" who is not logged in and does not * try to currently. * * To enable/test it, change the "if-0" check below to "if( 1 )". * * @see Plugin::AlternateAuthentication() */ function AlternateAuthentication() { if (0) { global $Session, $Messages; $UserCache =& get_UserCache(); if ($demo_User =& $UserCache->get_by_login('demouser')) { // demouser exists: $Session->set_User($demo_User); $Messages->add('Logged in as demouser.', 'success'); return true; } } }
/** * Get global title matching filter params * * Outputs the title of the category when you load the page with <code>?cat=</code> * Display "Archive Directory" title if it has been requested * Display "Latest comments" title if these have been requested * Display "Statistics" title if these have been requested * Display "User profile" title if it has been requested * * @todo single month: Respect locales datefmt * @todo single post: posts do no get proper checking (wether they are in the requested blog or wether their permissions match user rights, * thus the title sometimes gets displayed even when it should not. We need to pre-query the ItemList instead!! * @todo make it complete with all possible params! * * @param array params * - "auto_pilot": "seo_title": Use the SEO title autopilot. (Default: "none") */ function get_request_title($params = array()) { global $MainList, $preview, $disp, $action, $current_User, $Blog, $admin_url; $r = array(); $params = array_merge(array('auto_pilot' => 'none', 'title_before' => '', 'title_after' => '', 'title_none' => '', 'title_single_disp' => true, 'title_single_before' => '#', 'title_single_after' => '#', 'title_page_disp' => true, 'title_page_before' => '#', 'title_page_after' => '#', 'glue' => ' - ', 'format' => 'htmlbody', 'arcdir_text' => T_('Archive Directory'), 'catdir_text' => T_('Category Directory'), 'mediaidx_text' => T_('Photo Index'), 'postidx_text' => T_('Post Index'), 'search_text' => T_('Search'), 'sitemap_text' => T_('Site Map'), 'msgform_text' => T_('Sending a message'), 'messages_text' => T_('Messages'), 'contacts_text' => T_('Contacts'), 'login_text' => T_('Login '), 'register_text' => T_('Register'), 'req_validatemail' => T_('Account activation'), 'account_activation' => T_('Account activation'), 'lostpassword_text' => T_('Lost password?'), 'profile_text' => T_('User Profile'), 'avatar_text' => T_('Profile picture'), 'pwdchange_text' => T_('Password change'), 'userprefs_text' => T_('User preferences'), 'user_text' => T_('User: %s'), 'users_text' => T_('Users'), 'closeaccount_text' => T_('Close account'), 'subs_text' => T_('Notifications'), 'comments_text' => T_('Latest Comments'), 'feedback-popup_text' => T_('Feedback'), 'edit_text_create' => T_('New post'), 'edit_text_update' => T_('Editing post'), 'edit_text_copy' => T_('Duplicating post'), 'edit_comment_text' => T_('Editing comment'), 'front_text' => '', 'posts_text' => '#', 'useritems_text' => T_('User posts'), 'usercomments_text' => T_('User comments')), $params); if ($params['auto_pilot'] == 'seo_title') { // We want to use the SEO title autopilot. Do overrides: $params['format'] = 'htmlhead'; $params['title_after'] = $params['glue'] . $Blog->get('name'); $params['title_single_after'] = ''; $params['title_page_after'] = ''; $params['title_none'] = $Blog->dget('name', 'htmlhead'); } $before = $params['title_before']; $after = $params['title_after']; switch ($disp) { case 'arcdir': // We are requesting the archive directory: $r[] = $params['arcdir_text']; break; case 'catdir': // We are requesting the archive directory: $r[] = $params['catdir_text']; break; case 'mediaidx': $r[] = $params['mediaidx_text']; break; case 'postidx': $r[] = $params['postidx_text']; break; case 'sitemap': $r[] = $params['sitemap_text']; break; case 'search': $r[] = $params['search_text']; break; case 'comments': // We are requesting the latest comments: global $Item; if (isset($Item)) { $r[] = sprintf($params['comments_text'] . T_(' on %s'), $Item->get('title')); } else { $r[] = $params['comments_text']; } break; case 'feedback-popup': // We are requesting the comments on a specific post: // Should be in first position $Item =& $MainList->get_by_idx(0); $r[] = sprintf($params['feedback-popup_text'] . T_(' on %s'), $Item->get('title')); break; case 'profile': // We are requesting the user profile: $r[] = $params['profile_text']; break; case 'avatar': // We are requesting the user avatar: $r[] = $params['avatar_text']; break; case 'pwdchange': // We are requesting the user change password: $r[] = $params['pwdchange_text']; break; case 'userprefs': // We are requesting the user preferences: $r[] = $params['userprefs_text']; break; case 'subs': // We are requesting the subscriptions screen: $r[] = $params['subs_text']; break; case 'msgform': // We are requesting the message form: $r[] = $params['msgform_text']; break; case 'threads': case 'messages': // We are requesting the messages form $thrd_ID = param('thrd_ID', 'integer', 0); if (empty($thrd_ID)) { $r[] = $params['messages_text']; } else { // We get a thread title by ID load_class('messaging/model/_thread.class.php', 'Thread'); $ThreadCache =& get_ThreadCache(); if ($Thread = $ThreadCache->get_by_ID($thrd_ID, false)) { // Thread exists and we get a title if ($params['auto_pilot'] == 'seo_title') { // Display thread title only for tag <title> $r[] = $Thread->title; } } else { // Bad request with not existing thread $r[] = strip_tags($params['messages_text']); } } break; case 'contacts': // We are requesting the message form: $r[] = $params['contacts_text']; break; case 'login': // We are requesting the login form: if ($action == 'req_validatemail') { $r[] = $params['req_validatemail']; } else { $r[] = $params['login_text']; } break; case 'register': // We are requesting the registration form: $r[] = $params['register_text']; break; case 'activateinfo': // We are requesting the activate info form: $r[] = $params['account_activation']; break; case 'lostpassword': // We are requesting the lost password form: $r[] = $params['lostpassword_text']; break; case 'single': case 'page': // We are displaying a single message: if ($preview) { // We are requesting a post preview: $r[] = T_('PREVIEW'); } elseif ($params['title_' . $disp . '_disp'] && isset($MainList)) { $r = array_merge($r, $MainList->get_filter_titles(array('visibility', 'hide_future'), $params)); } if ($params['title_' . $disp . '_before'] != '#') { $before = $params['title_' . $disp . '_before']; } if ($params['title_' . $disp . '_after'] != '#') { $after = $params['title_' . $disp . '_after']; } break; case 'user': // We are requesting the user page: $user_ID = param('user_ID', 'integer', 0); $UserCache =& get_UserCache(); $User =& $UserCache->get_by_ID($user_ID, false, false); $user_login = $User ? $User->get('login') : ''; $r[] = sprintf($params['user_text'], $user_login); break; case 'users': $r[] = $params['users_text']; break; case 'closeaccount': $r[] = $params['closeaccount_text']; break; case 'edit': $action = param_action(); // Edit post by switching into 'In skin' mode from Back-office $p = param('p', 'integer', 0); // Edit post from Front-office $cp = param('cp', 'integer', 0); // Copy post from Front-office if ($action == 'edit_switchtab' || $p > 0) { // Edit post $title = $params['edit_text_update']; } else { if ($cp > 0) { // Copy post $title = $params['edit_text_copy']; } else { // Create post $title = $params['edit_text_create']; } } if ($params['auto_pilot'] != 'seo_title') { // Add advanced edit and close icon global $edited_Item; if (!empty($edited_Item) && $edited_Item->ID > 0) { // Set the cancel editing url as permanent url of the item $cancel_url = $edited_Item->get_permanent_url(); } else { // Set the cancel editing url to home page of the blog $cancel_url = $Blog->gen_blogurl(); } $title .= '<span class="title_action_icons">'; if ($current_User->check_perm('admin', 'normal')) { global $advanced_edit_link; $title .= action_icon(T_('Go to advanced edit screen'), 'edit', $advanced_edit_link['href'], ' ' . T_('Advanced editing'), NULL, 3, array('onclick' => $advanced_edit_link['onclick'])); } $title .= action_icon(T_('Cancel editing'), 'close', $cancel_url, ' ' . T_('Cancel editing'), NULL, 3); $title .= '</span>'; } $r[] = $title; break; case 'edit_comment': global $comment_Item, $edited_Comment; $title = $params['edit_comment_text']; if ($params['auto_pilot'] != 'seo_title') { // Add advanced edit and close icon $title .= '<span class="title_action_icons">'; if ($current_User->check_perm('admin', 'normal')) { $advanced_edit_url = url_add_param($admin_url, 'ctrl=comments&action=edit&blog=' . $Blog->ID . '&comment_ID=' . $edited_Comment->ID); $title .= action_icon(T_('Go to advanced edit screen'), 'edit', $advanced_edit_url, ' ' . T_('Advanced editing'), NULL, 3, array('onclick' => 'return switch_edit_view();')); } if (empty($comment_Item)) { $comment_Item =& $edited_Comment->get_Item(); } if (!empty($comment_Item)) { $title .= action_icon(T_('Cancel editing'), 'close', url_add_tail($comment_Item->get_permanent_url(), '#c' . $edited_Comment->ID), ' ' . T_('Cancel editing'), NULL, 3); } $title .= '</span>'; } $r[] = $title; break; case 'useritems': // We are requesting the user items list: $r[] = $params['useritems_text']; break; case 'usercomments': // We are requesting the user comments list: $r[] = $params['usercomments_text']; break; default: if (isset($MainList)) { $r = array_merge($r, $MainList->get_filter_titles(array('visibility', 'hide_future'), $params)); } break; } if (!empty($r)) { // We have at leats one title match: $r = implode($params['glue'], $r); if (!empty($r)) { // This is in case we asked for an empty title (e-g for search) $r = $before . format_to_output($r, $params['format']) . $after; } } elseif (!empty($params['title_none'])) { $r = $params['title_none']; } else { // never return array() $r = ''; } return $r; }
/** * Get User that should be used for this widget now * * @return object User */ function &get_widget_User() { global $Item, $Blog; $widget_User = NULL; if (empty($this->disp_params['login'])) { // No defined user in widget settings // Note: There is no 'in-item' context in i7 if (!empty($Blog)) { // Use an owner of the current $Blog $widget_User =& $Blog->get_owner_User(); } } else { // Try to get user by login from DB $UserCache =& get_UserCache(); $widget_User =& $UserCache->get_by_login($this->disp_params['login']); } return $widget_User; }
/** * Generate a title for the current list, depending on its filtering params * * @todo cleanup some displays * @todo implement HMS part of YMDHMS * * @return array List of titles to display, which are escaped for HTML display * (dh> only checked this for 'authors'/?authors=, where the output was not escaped) */ function get_filter_titles($ignore = array(), $params = array()) { global $month, $disp_detail; $params = array_merge(array('category_text' => T_('Category') . ': ', 'categories_text' => T_('Categories') . ': ', 'categories_nor_text' => T_('All but '), 'tag_text' => T_('Tag') . ': ', 'tags_text' => T_('Tags') . ': ', 'author_text' => T_('Author') . ': ', 'authors_text' => T_('Authors') . ': ', 'authors_nor_text' => T_('All authors except') . ': ', 'visibility_text' => T_('Visibility') . ': ', 'keyword_text' => T_('Keyword') . ': ', 'keywords_text' => T_('Keywords') . ': ', 'keywords_exact_text' => T_('Exact match') . ' ', 'status_text' => T_('Status') . ': ', 'statuses_text' => T_('Statuses') . ': ', 'archives_text' => T_('Archives for') . ': ', 'assignes_text' => T_('Assigned to') . ': ', 'group_mask' => '$group_title$$filter_items$', 'filter_mask' => '"$filter_name$"', 'filter_mask_nogroup' => '"$filter_name$"', 'before_items' => '', 'after_items' => '', 'separator_and' => ' ' . T_('and') . ' ', 'separator_or' => ' ' . T_('or') . ' ', 'separator_nor' => ' ' . T_('or') . ' ', 'separator_comma' => ', ', 'display_category' => true, 'display_archive' => true, 'display_keyword' => true, 'display_tag' => true, 'display_author' => true, 'display_assignee' => true, 'display_locale' => true, 'display_status' => true, 'display_visibility' => true, 'display_time' => true, 'display_limit' => true), $params); if (empty($this->filters)) { // Filters have no been set before, we'll use the default filterset: // echo ' setting default filterset '; $this->set_filters($this->default_filters); } $title_array = array(); if ($this->single_post) { // We have requested a specific post: // Should be in first position $Item =& $this->get_by_idx(0); if (is_null($Item)) { $title_array[] = T_('Invalid request'); } else { $title_array[] = $Item->get_titletag(); } return $title_array; } // Check if the filter mask has an icon to clear the filter item $clear_icon = strpos($params['filter_mask'], '$clear_icon$') !== false; $filter_classes = array('green'); $filter_class_i = 0; if (strpos($params['filter_mask'], '$filter_class$') !== false) { // Initialize array with available classes for filter items $filter_classes = array('green', 'yellow', 'orange', 'red', 'magenta', 'blue'); } // CATEGORIES: if ($params['display_category']) { if (!empty($this->filters['cat_array'])) { // We have requested specific categories... $cat_names = array(); $ChapterCache =& get_ChapterCache(); $catsel_param = get_param('catsel'); foreach ($this->filters['cat_array'] as $cat_ID) { if (($tmp_Chapter =& $ChapterCache->get_by_ID($cat_ID, false)) !== false) { // It is almost never meaningful to die over an invalid cat when generating title $cat_clear_url = regenerate_url((empty($catsel_param) ? 'cat=' : 'catsel=') . $cat_ID); if ($disp_detail == 'posts-subcat' || $disp_detail == 'posts-cat') { // Remove category url from $ReqPath when we use the cat url instead of cat ID $cat_clear_url = str_replace('/' . $tmp_Chapter->get_url_path(), '', $cat_clear_url); } $cat_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', $cat_clear_url) : ''; $cat_names[] = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array($params['category_text'], $tmp_Chapter->name, $cat_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']); } } $filter_class_i++; if ($this->filters['cat_modifier'] == '*') { // Categories with "AND" condition $cat_names_string = implode($params['separator_and'], $cat_names); } elseif ($this->filters['cat_modifier'] == '-') { // Categories with "NOR" condition $cat_names_string = implode($params['separator_nor'], $cat_names); } else { // Categories with "OR" condition $cat_names_string = implode($params['separator_or'], $cat_names); } if (!empty($cat_names_string)) { if ($this->filters['cat_modifier'] == '-') { // Categories with "NOR" condition $cat_names_string = $params['categories_nor_text'] . $cat_names_string; $params['category_text'] = $params['categories_text']; } $title_array['cats'] = str_replace(array('$group_title$', '$filter_items$'), count($this->filters['cat_array']) > 1 ? array($params['categories_text'], $params['before_items'] . $cat_names_string . $params['after_items']) : array($params['category_text'], $cat_names_string), $params['group_mask']); } } } // ARCHIVE TIMESLOT: if ($params['display_archive']) { if (!empty($this->filters['ymdhms'])) { // We have asked for a specific timeframe: $my_year = substr($this->filters['ymdhms'], 0, 4); if (strlen($this->filters['ymdhms']) > 4) { // We have requested a month too: $my_month = T_($month[substr($this->filters['ymdhms'], 4, 2)]); } else { $my_month = ''; } // Requested a day? $my_day = substr($this->filters['ymdhms'], 6, 2); $arch = $my_month . ' ' . $my_year; if (!empty($my_day)) { // We also want to display a day $arch .= ', ' . $my_day; } if (!empty($this->filters['week']) || $this->filters['week'] === 0) { // We also want to display a week number $arch .= ', ' . T_('week') . ' ' . $this->filters['week']; } $filter_class_i = $filter_class_i > count($filter_classes) - 1 ? 0 : $filter_class_i; $arch_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'm')) : ''; $arch = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array($params['archives_text'], $arch, $arch_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']); $title_array['ymdhms'] = str_replace(array('$group_title$', '$filter_items$'), array($params['archives_text'], $arch), $params['group_mask']); $filter_class_i++; } } // KEYWORDS: if ($params['display_keyword']) { if (!empty($this->filters['keywords'])) { if ($this->filters['phrase'] == 'OR' || $this->filters['phrase'] == 'AND') { // Search by each keyword $keywords = trim(preg_replace('/("|, *)/', ' ', $this->filters['keywords'])); $keywords = explode(' ', $keywords); } else { // Exact match (Single keyword) $keywords = array($this->filters['keywords']); } $filter_class_i = $filter_class_i > count($filter_classes) - 1 ? 0 : $filter_class_i; $keyword_names = array(); foreach ($keywords as $keyword) { $word_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 's=' . $keyword)) : ''; $keyword_names[] = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array($params['keyword_text'], $keyword, $word_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']); } $filter_class_i++; $keywords = ($this->filters['exact'] ? $params['keywords_exact_text'] : '') . implode($this->filters['phrase'] == 'OR' ? $params['separator_or'] : $params['separator_and'], $keyword_names); $title_array[] = str_replace(array('$group_title$', '$filter_items$'), count($keyword_names) > 1 ? array($params['keywords_text'], $params['before_items'] . $keywords . $params['after_items']) : array($params['keyword_text'], $keywords), $params['group_mask']); } } // TAGS: if ($params['display_tag']) { if (!empty($this->filters['tags'])) { $tags = explode(',', $this->filters['tags']); $tag_names = array(); $filter_class_i = $filter_class_i > count($filter_classes) - 1 ? 0 : $filter_class_i; foreach ($tags as $tag) { $tag_clear_url = regenerate_url($this->param_prefix . 'tag=' . $tag); if ($disp_detail == 'posts-tag') { // Remove tag url from $ReqPath when we use tag url instead of tag ID $tag_clear_url = str_replace('/' . $tag . ':', '', $tag_clear_url); } $tag_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', $tag_clear_url) : ''; $tag_names[] = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array($params['tag_text'], $tag, $tag_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']); } $filter_class_i++; $tags = implode($params['separator_comma'], $tag_names); $title_array[] = str_replace(array('$group_title$', '$filter_items$'), count($tag_names) > 1 ? array($params['tags_text'], $params['before_items'] . $tags . $params['after_items']) : array($params['tag_text'], $tags), $params['group_mask']); } } // AUTHORS: if ($params['display_author']) { if (!empty($this->filters['authors']) || !empty($this->filters['authors_login'])) { $authors = trim($this->filters['authors'] . ',' . get_users_IDs_by_logins($this->filters['authors_login']), ','); $exclude_authors = false; if (substr($authors, 0, 1) == '-') { // Authors are excluded $authors = substr($authors, 1); $exclude_authors = true; } $authors = preg_split('~\\s*,\\s*~', $authors, -1, PREG_SPLIT_NO_EMPTY); $author_names = array(); if ($authors) { $UserCache =& get_UserCache(); $filter_class_i = $filter_class_i > count($filter_classes) - 1 ? 0 : $filter_class_i; foreach ($authors as $author_ID) { if ($tmp_User = $UserCache->get_by_ID($author_ID, false, false)) { $user_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'author=' . $author_ID)) : ''; $author_names[] = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array($params['author_text'], $tmp_User->get('login'), $user_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']); } } $filter_class_i++; } if (count($author_names) > 0) { // Display info of filter by authors if ($exclude_authors) { // Exclude authors $author_names_string = $params['authors_nor_text'] . implode($params['separator_nor'], $author_names); } else { // Filter by authors $author_names_string = implode($params['separator_comma'], $author_names); } $title_array[] = str_replace(array('$group_title$', '$filter_items$'), count($author_names) > 1 ? array($params['authors_text'], $params['before_items'] . $author_names_string . $params['after_items']) : array($params['author_text'], $author_names_string), $params['group_mask']); } } } // ASSIGNEES: if ($params['display_assignee']) { if (!empty($this->filters['assignees']) || !empty($this->filters['assignees_login'])) { $filter_class_i = $filter_class_i > count($filter_classes) - 1 ? 0 : $filter_class_i; if ($this->filters['assignees'] == '-') { $user_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'assgn')) : ''; $title_array[] = str_replace(array('$filter_name$', '$clear_icon$', '$filter_class$'), array(T_('Not assigned'), $user_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask_nogroup']); } else { $assignees = trim($this->filters['assignees'] . ',' . get_users_IDs_by_logins($this->filters['assignees_login']), ','); $assignees = preg_split('~\\s*,\\s*~', $assignees, -1, PREG_SPLIT_NO_EMPTY); $assignees_names = array(); if ($assignees) { $UserCache =& get_UserCache(); foreach ($assignees as $user_ID) { if ($tmp_User =& $UserCache->get_by_ID($user_ID, false, false)) { $user_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'assgn=' . $user_ID)) : ''; $assignees_names[] = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array($params['assignes_text'], $tmp_User->get_identity_link(array('link_text' => 'name')), $user_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']); } } } $title_array[] = str_replace(array('$group_title$', '$filter_items$'), count($assignees_names) > 1 ? array($params['assignes_text'], $params['before_items'] . implode($params['separator_comma'], $assignees_names) . $params['after_items']) : array($params['assignes_text'], implode($params['separator_comma'], $assignees_names)), $params['group_mask']); } $filter_class_i++; } } // LOCALE: if ($params['display_locale']) { if ($this->filters['lc'] != 'all') { $filter_class_i = $filter_class_i > count($filter_classes) - 1 ? 0 : $filter_class_i; $user_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'lc')) : ''; $loc = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array(T_('Locale') . ': ', $this->filters['lc'], $user_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']); $title_array[] = str_replace(array('$group_title$', '$filter_items$'), array(T_('Locale') . ': ', $loc), $params['group_mask']); $filter_class_i++; } } // EXTRA STATUSES: if ($params['display_status']) { if (!empty($this->filters['statuses'])) { $filter_class_i = $filter_class_i > count($filter_classes) - 1 ? 0 : $filter_class_i; if ($this->filters['statuses'] == '-') { $status_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'status=-')) : ''; $title_array[] = str_replace(array('$filter_name$', '$clear_icon$', '$filter_class$'), array(T_('Without status'), $status_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask_nogroup']); } else { $status_IDs = explode(',', $this->filters['statuses']); $ItemStatusCache =& get_ItemStatusCache(); $statuses = array(); foreach ($status_IDs as $status_ID) { if ($ItemStatus =& $ItemStatusCache->get_by_ID($status_ID)) { $status_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'status=' . $status_ID)) : ''; $statuses[] = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array($params['status_text'], $ItemStatus->get_name(), $status_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']); } } $title_array[] = str_replace(array('$group_title$', '$filter_items$'), count($statuses) > 1 ? array($params['statuses_text'], $params['before_items'] . implode($params['separator_comma'], $statuses) . $params['after_items']) : array($params['status_text'], implode($params['separator_comma'], $statuses)), $params['group_mask']); } $filter_class_i++; } } // VISIBILITY (SHOW STATUSES): if ($params['display_visibility']) { if (!in_array('visibility', $ignore)) { $post_statuses = get_visibility_statuses(); if (count($this->filters['visibility_array']) != count($post_statuses)) { // Display it only when visibility filter is changed $status_titles = array(); $filter_class_i = $filter_class_i > count($filter_classes) - 1 ? 0 : $filter_class_i; foreach ($this->filters['visibility_array'] as $status) { $vis_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'show_statuses=' . $status)) : ''; $status_titles[] = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array($params['visibility_text'], $post_statuses[$status], $vis_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']); } $filter_class_i++; $title_array[] = str_replace(array('$group_title$', '$filter_items$'), count($status_titles) > 1 ? array($params['visibility_text'], $params['before_items'] . implode($params['separator_comma'], $status_titles) . $params['after_items']) : array($params['visibility_text'], implode($params['separator_comma'], $status_titles)), $params['group_mask']); } } } if ($params['display_time']) { // START AT: if (!empty($this->filters['ymdhms_min']) || !empty($this->filters['ts_min'])) { $filter_class_i = $filter_class_i > count($filter_classes) - 1 ? 0 : $filter_class_i; if (!empty($this->filters['ymdhms_min'])) { $time_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'dstart')) : ''; $title_array['ts_min'] = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array(T_('Start at') . ': ', date2mysql($this->filters['ymdhms_min']), $time_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']); } else { if ($this->filters['ts_min'] == 'now') { $time_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'show_future')) : ''; $title_array['ts_min'] = str_replace(array('$filter_name$', '$clear_icon$', '$filter_class$'), array(T_('Hide past'), $time_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask_nogroup']); } else { $time_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'show_future')) : ''; $title_array['ts_min'] = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array(T_('Start at') . ': ', date2mysql($this->filters['ts_min']), $time_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']); } } $filter_class_i++; } // STOP AT: if (!empty($this->filters['ymdhms_max']) || !empty($this->filters['ts_max'])) { $filter_class_i = $filter_class_i > count($filter_classes) - 1 ? 0 : $filter_class_i; if (!empty($this->filters['ymdhms_max'])) { $time_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'dstop')) : ''; $title_array['ts_max'] = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array(T_('Stop at') . ': ', date2mysql($this->filters['ymdhms_max']), $time_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']); } else { if ($this->filters['ts_max'] == 'now') { if (!in_array('hide_future', $ignore)) { $time_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'show_past')) : ''; $title_array['ts_max'] = str_replace(array('$filter_name$', '$clear_icon$', '$filter_class$'), array(T_('Hide future'), $time_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask_nogroup']); } } else { $time_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'show_past')) : ''; $title_array['ts_max'] = str_replace(array('$group_title$', '$filter_name$', '$clear_icon$', '$filter_class$'), array(T_('Stop at') . ': ', date2mysql($this->filters['ts_max']), $time_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask']); } } $filter_class_i++; } } // LIMIT TO: if ($params['display_limit']) { if ($this->single_post) { // Single post: no paging required! } elseif (!empty($this->filters['ymdhms'])) { // no restriction if we request a month... some permalinks may point to the archive! } elseif ($this->filters['unit'] == 'posts' || $this->filters['unit'] == 'all') { // We're going to page, so there's no real limit here... } elseif ($this->filters['unit'] == 'days') { // We are going to limit to x days: // echo 'LIMIT DAYS '; $filter_class_i = $filter_class_i > count($filter_classes) - 1 ? 0 : $filter_class_i; if (empty($this->filters['ymdhms_min'])) { // We have no start date, we'll display the last x days: if (!empty($this->filters['keywords']) || !empty($this->filters['cat_array']) || !empty($this->filters['authors'])) { // We are in DAYS mode but we can't restrict on these! (TODO: ?) } else { // We are going to limit to LAST x days: // TODO: rename 'posts' to 'limit' $unit_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'unit')) : ''; $title_array['posts'] = str_replace(array('$filter_name$', '$clear_icon$', '$filter_class$'), array(sprintf(T_('Limited to last %d days'), $this->limit), $unit_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask_nogroup']); } } else { // We have a start date, we'll display x days starting from that point: $unit_clear_icon = $clear_icon ? action_icon(T_('Remove this filter'), 'remove', regenerate_url($this->param_prefix . 'unit')) : ''; $title_array['posts'] = str_replace(array('$filter_name$', '$clear_icon$', '$filter_class$'), array(sprintf(T_('Limited to %d days'), $this->limit), $unit_clear_icon, $filter_classes[$filter_class_i]), $params['filter_mask_nogroup']); } $filter_class_i++; } else { debug_die('Unhandled LIMITING mode in ItemList:' . $this->filters['unit'] . ' (paged mode is obsolete)'); } } return $title_array; }
/** * Display threads results table * * @param array Params */ function threads_results_block($params = array()) { // Make sure we are not missing any param: $params = array_merge(array('edited_User' => NULL, 'results_param_prefix' => 'actv_thrd_', 'results_title' => T_('Threads with private messages sent by the user'), 'results_no_text' => T_('User has not sent any private messages')), $params); if (!is_logged_in()) { // Only logged in users can access to this function return; } global $current_User; if (!$current_User->check_perm('users', 'edit') || !$current_User->check_perm('perm_messaging', 'reply')) { // Check minimum permission: return; } $edited_User = $params['edited_User']; if (!$edited_User) { // No defined User, probably the function is calling from AJAX request $user_ID = param('user_ID', 'integer', 0); if (empty($user_ID)) { // Bad request, Exit here return; } $UserCache =& get_UserCache(); if (($edited_User =& $UserCache->get_by_ID($user_ID, false)) === false) { // Bad request, Exit here return; } } global $DB, $current_User; param('user_tab', 'string', '', true); param('user_ID', 'integer', 0, true); // Check permission: if ($current_User->check_perm('perm_messaging', 'abuse')) { // Create result set: $threads_Results = get_threads_results(array('results_param_prefix' => $params['results_param_prefix'], 'user_ID' => $edited_User->ID, 'sent_user_ID' => $edited_User->ID)); $threads_Results->Cache =& get_ThreadCache(); $threads_Results->title = $params['results_title']; $threads_Results->no_results_text = $params['results_no_text']; if ($threads_Results->total_rows > 0) { // Display action icon to delete all records if at least one record exists $threads_Results->global_icon(sprintf(T_('Delete all private messages sent by %s'), $edited_User->login), 'delete', '?ctrl=user&user_tab=activity&action=delete_all_messages&user_ID=' . $edited_User->ID . '&' . url_crumb('user'), ' ' . T_('Delete all'), 3, 4); } // Load classes load_class('messaging/model/_thread.class.php', 'Thread'); // Initialize Results object threads_results($threads_Results, array('abuse_management' => 1, 'show_only_date' => 1)); if (is_ajax_content()) { // init results param by template name if (!isset($params['skin_type']) || !isset($params['skin_name'])) { debug_die('Invalid ajax results request!'); } $threads_Results->init_params_by_skin($params['skin_type'], $params['skin_name']); } $display_params = array('before' => '<div class="results" style="margin-top:25px" id="threads_result">'); $threads_Results->display($display_params); if (!is_ajax_content()) { // Create this hidden div to get a function name for AJAX request echo '<div id="' . $params['results_param_prefix'] . 'ajax_callback" style="display:none">' . __FUNCTION__ . '</div>'; } } else { // No permission for abuse management echo '<div style="margin-top:25px;font-weight:bold">' . sprintf(T_('User has sent %s private messages'), $edited_User->get_num_messages('sent')) . '</div>'; } }
/** * Sends an email to User * * @param integer Recipient ID. * @param string Subject of the mail * @param string Email template name * @param array Email template params * @param boolean Force to send this email even if the user is not activated. By default not activated user won't get emails. * Pasword reset, and account activation emails must be always forced. * @param array Additional headers ( headername => value ). Take care of injection! * @return boolean True if mail could be sent (not necessarily delivered!), false if not - (return value of {@link mail()}) */ function send_mail_to_User($user_ID, $subject, $template_name, $template_params = array(), $force_on_non_activated = false, $headers = array()) { global $UserSettings, $Settings, $current_charset; $UserCache =& get_UserCache(); if ($User = $UserCache->get_by_ID($user_ID)) { if (!$User->check_status('can_receive_any_message')) { // user status doesn't allow to receive nor emails nor private messages return false; } if (!($User->check_status('is_validated') || $force_on_non_activated)) { // user is not activated and non activated users should not receive emails, unless force_on_non_activated is turned on return false; } // UserSettings update is not required yet $update_settings = false; // Check if a new email to User with the corrensponding email type is allowed switch ($template_name) { case 'account_activate': if ($Settings->get('validation_process') == 'easy' && !$template_params['is_reminder']) { // this is not a notification email break; } case 'private_message_new': case 'private_messages_unread_reminder': case 'post_new': case 'comment_new': case 'account_activated': case 'account_closed': case 'account_reported': // this is a notificaiton email if (!check_allow_new_email('notification_email_limit', 'last_notification_email', $User->ID)) { // more notification email is not allowed today return false; } $update_settings = true; break; case 'newsletter': // this is a newsletter email if (!check_allow_new_email('newsletter_limit', 'last_newsletter', $User->ID)) { // more newsletter email is not allowed today return false; } $update_settings = true; break; } // Update notification sender's info from General settings $User->update_sender(); switch ($UserSettings->get('email_format', $User->ID)) { // Set Content-Type from user's setting "Email format" case 'auto': $template_params['boundary'] = 'b2evo-' . md5(rand()); $headers['Content-Type'] = 'multipart/mixed; boundary="' . $template_params['boundary'] . '"'; break; case 'html': $headers['Content-Type'] = 'text/html; charset=' . $current_charset; break; case 'text': $headers['Content-Type'] = 'text/plain; charset=' . $current_charset; break; } // Get a message text from template file $message = mail_template($template_name, $UserSettings->get('email_format', $User->ID), $template_params, $User); // Autoinsert user's data $subject = mail_autoinsert_user_data($subject, $User); $message = mail_autoinsert_user_data($message, $User); if (send_mail($User->email, NULL, $subject, $message, NULL, NULL, $headers, $user_ID)) { // email was sent, update last email settings; if ($update_settings) { // User Settings need to be updated $UserSettings->dbupdate(); } return true; } } // No user or email could not be sent return false; }
/** * Template tag. Initializes internal states for the most common skin displays. * * For more specific skins, this function should not be called and * equivalent code should be customized within the skin. * * @param string What are we going to display. Most of the time the global $disp should be passed. */ function skin_init($disp) { /** * @var Blog */ global $Blog; /** * @var Item */ global $Item; /** * @var Skin */ global $Skin; global $robots_index; global $seo_page_type; global $redir, $ReqURL, $ReqURI, $m, $w, $preview; global $Chapter; global $Debuglog; /** * @var ItemList2 */ global $MainList; /** * This will give more detail when $disp == 'posts'; otherwise it will have the same content as $disp * @var string */ global $disp_detail, $Settings; global $Timer; global $Messages, $PageCache; $Timer->resume('skin_init'); if (empty($disp_detail)) { $disp_detail = $disp; } $Debuglog->add('skin_init: ' . $disp, 'skins'); // This is the main template; it may be used to display very different things. // Do inits depending on current $disp: switch ($disp) { case 'posts': case 'single': case 'page': case 'feedback-popup': case 'search': // We need to load posts for this display: // Note: even if we request the same post as $Item above, the following will do more restrictions (dates, etc.) // Init the MainList object: init_MainList($Blog->get_setting('posts_per_page')); // Init post navigation $post_navigation = $Skin->get_post_navigation(); if (empty($post_navigation)) { $post_navigation = $Blog->get_setting('post_navigation'); } break; } // SEO stuff & redirects if necessary: $seo_page_type = NULL; switch ($disp) { // CONTENT PAGES: case 'single': case 'page': init_ajax_forms(); // auto requires jQuery init_ratings_js(); init_voting_comment_js(); init_scrollwide_js(); // Add jQuery Wide Scroll plugin if ($disp == 'single') { $seo_page_type = 'Single post page'; } else { $seo_page_type = '"Page" page'; } // Check if the post has 'redirected' status: if (!$preview && $Item->status == 'redirected' && $redir == 'yes') { // $redir=no here allows to force a 'single post' URL for commenting // Redirect to the URL specified in the post: $Debuglog->add('Redirecting to post URL [' . $Item->url . '].'); header_redirect($Item->url, true); } // Check if we want to redirect to a canonical URL for the post // Please document encountered problems. if (!$preview && ($Blog->get_setting('canonical_item_urls') && $redir == 'yes' || $Blog->get_setting('relcanonical_item_urls'))) { // We want to redirect to the Item's canonical URL: $canonical_url = $Item->get_permanent_url('', '', '&'); if (preg_match('|[&?](page=\\d+)|', $ReqURI, $page_param)) { // A certain post page has been requested, keep only this param and discard all others: $canonical_url = url_add_param($canonical_url, $page_param[1], '&'); } if (preg_match('|[&?](mode=quote&[qcp]+=\\d+)|', $ReqURI, $page_param)) { // A quote of comment/post, keep only these params and discard all others: $canonical_url = url_add_param($canonical_url, $page_param[1], '&'); } if (!is_same_url($ReqURL, $canonical_url)) { // The requested URL does not look like the canonical URL for this post... // url difference was resolved $url_resolved = false; // Check if the difference is because of an allowed post navigation param if (preg_match('|[&?]cat=(\\d+)|', $ReqURI, $cat_param)) { // A category post navigation param is set $extended_url = ''; if ($post_navigation == 'same_category' && isset($cat_param[1])) { // navigatie through posts from the same category $category_ids = postcats_get_byID($Item->ID); if (in_array($cat_param[1], $category_ids)) { // cat param is one of this Item categories $extended_url = $Item->add_navigation_param($canonical_url, $post_navigation, $cat_param[1], '&'); // Set MainList navigation target to the requested category $MainList->nav_target = $cat_param[1]; } } $url_resolved = is_same_url($ReqURL, $extended_url); } if (!$url_resolved && $Blog->get_setting('canonical_item_urls') && $redir == 'yes' && !$Item->check_cross_post_nav('auto', $Blog->ID)) { // REDIRECT TO THE CANONICAL URL: $Debuglog->add('Redirecting to canonical URL [' . $canonical_url . '].'); header_redirect($canonical_url, true); } else { // Use rel="canoncial": add_headline('<link rel="canonical" href="' . $canonical_url . '" />'); } // EXITED. } } if (!$MainList->result_num_rows) { // There is nothing to display for this page, don't index it! $robots_index = false; } break; case 'posts': init_ajax_forms('blog'); // auto requires jQuery init_scrollwide_js('blog'); // Add jQuery Wide Scroll plugin // fp> if we add this here, we have to exetnd the inner if() // init_ratings_js( 'blog' ); // Get list of active filters: $active_filters = $MainList->get_active_filters(); if (!empty($active_filters)) { // The current page is being filtered... if (array_diff($active_filters, array('page')) == array()) { // This is just a follow "paged" page $disp_detail = 'posts-next'; $seo_page_type = 'Next page'; if ($Blog->get_setting('paged_noindex')) { // We prefer robots not to index category pages: $robots_index = false; } } elseif (array_diff($active_filters, array('cat_array', 'cat_modifier', 'cat_focus', 'posts', 'page')) == array()) { // This is a category page $disp_detail = 'posts-cat'; $seo_page_type = 'Category page'; if ($Blog->get_setting('chapter_noindex')) { // We prefer robots not to index category pages: $robots_index = false; } global $cat, $catsel; if (empty($catsel) && preg_match('~[0-9]+~', $cat)) { // We are on a single cat page: // NOTE: we must have selected EXACTLY ONE CATEGORY through the cat parameter // BUT: - this can resolve to including children // - selecting exactly one cat through catsel[] is NOT OK since not equivalent (will exclude children) // echo 'SINGLE CAT PAGE'; if ($Blog->get_setting('canonical_cat_urls') && $redir == 'yes' || $Blog->get_setting('relcanonical_cat_urls')) { // Check if the URL was canonical: if (!isset($Chapter)) { $ChapterCache =& get_ChapterCache(); /** * @var Chapter */ $Chapter =& $ChapterCache->get_by_ID($MainList->filters['cat_array'][0], false); } if ($Chapter) { if ($Chapter->parent_ID) { // This is a sub-category page (i-e: not a level 1 category) $disp_detail = 'posts-subcat'; } $canonical_url = $Chapter->get_permanent_url(NULL, NULL, $MainList->get_active_filter('page'), NULL, '&'); if (!is_same_url($ReqURL, $canonical_url)) { // fp> TODO: we're going to lose the additional params, it would be better to keep them... // fp> what additional params actually? if ($Blog->get_setting('canonical_cat_urls') && $redir == 'yes') { // REDIRECT TO THE CANONICAL URL: header_redirect($canonical_url, true); } else { // Use rel="canonical": add_headline('<link rel="canonical" href="' . $canonical_url . '" />'); } } } } if ($post_navigation == 'same_category') { // Category is set and post navigation should go through the same category, set navigation target param $MainList->nav_target = $cat; } } } elseif (array_diff($active_filters, array('tags', 'posts', 'page')) == array()) { // This is a tag page $disp_detail = 'posts-tag'; $seo_page_type = 'Tag page'; if ($Blog->get_setting('tag_noindex')) { // We prefer robots not to index tag pages: $robots_index = false; } if ($Blog->get_setting('canonical_tag_urls') && $redir == 'yes' || $Blog->get_setting('relcanonical_tag_urls')) { // Check if the URL was canonical: $canonical_url = $Blog->gen_tag_url($MainList->get_active_filter('tags'), $MainList->get_active_filter('page'), '&'); if (!is_same_url($ReqURL, $canonical_url)) { if ($Blog->get_setting('canonical_tag_urls') && $redir == 'yes') { // REDIRECT TO THE CANONICAL URL: header_redirect($canonical_url, true); } else { // Use rel="canoncial": add_headline('<link rel="canonical" href="' . $canonical_url . '" />'); } } } } elseif (array_diff($active_filters, array('ymdhms', 'week', 'posts', 'page')) == array()) { // This is an archive page // echo 'archive page'; $disp_detail = 'posts-date'; $seo_page_type = 'Date archive page'; if ($Blog->get_setting('canonical_archive_urls') && $redir == 'yes' || $Blog->get_setting('relcanonical_archive_urls')) { // Check if the URL was canonical: $canonical_url = $Blog->gen_archive_url(substr($m, 0, 4), substr($m, 4, 2), substr($m, 6, 2), $w, '&', $MainList->get_active_filter('page')); if (!is_same_url($ReqURL, $canonical_url)) { if ($Blog->get_setting('canonical_archive_urls') && $redir == 'yes') { // REDIRECT TO THE CANONICAL URL: header_redirect($canonical_url, true); } else { // Use rel="canoncial": add_headline('<link rel="canonical" href="' . $canonical_url . '" />'); } } } if ($Blog->get_setting('archive_noindex')) { // We prefer robots not to index archive pages: $robots_index = false; } } else { // Other filtered pages: // pre_dump( $active_filters ); $disp_detail = 'posts-filtered'; $seo_page_type = 'Other filtered page'; if ($Blog->get_setting('filtered_noindex')) { // We prefer robots not to index other filtered pages: $robots_index = false; } } } else { // This is the default blog page $disp_detail = 'posts-default'; $seo_page_type = 'Default page'; if ($Blog->get_setting('canonical_homepage') && $redir == 'yes' || $Blog->get_setting('relcanonical_homepage')) { // Check if the URL was canonical: $canonical_url = $Blog->gen_blogurl(); if (!is_same_url($ReqURL, $canonical_url)) { if ($Blog->get_setting('canonical_homepage') && $redir == 'yes') { // REDIRECT TO THE CANONICAL URL: header_redirect($canonical_url, true); } else { // Use rel="canoncial": add_headline('<link rel="canonical" href="' . $canonical_url . '" />'); } } } if ($Blog->get_setting('default_noindex')) { // We prefer robots not to index archive pages: $robots_index = false; } } break; case 'search': $seo_page_type = 'Search page'; if ($Blog->get_setting('filtered_noindex')) { // We prefer robots not to index these pages: $robots_index = false; } break; // SPECIAL FEATURE PAGES: // SPECIAL FEATURE PAGES: case 'feedback-popup': $seo_page_type = 'Comment popup'; if ($Blog->get_setting($disp . '_noindex')) { // We prefer robots not to index these pages: $robots_index = false; } break; case 'arcdir': $seo_page_type = 'Date archive directory'; if ($Blog->get_setting($disp . '_noindex')) { // We prefer robots not to index these pages: $robots_index = false; } break; case 'catdir': $seo_page_type = 'Category directory'; if ($Blog->get_setting($disp . '_noindex')) { // We prefer robots not to index these pages: $robots_index = false; } break; case 'msgform': init_ajax_forms('blog'); // auto requires jQuery $seo_page_type = 'Contact form'; if ($Blog->get_setting($disp . '_noindex')) { // We prefer robots not to index these pages: $robots_index = false; } break; case 'messages': case 'contacts': case 'threads': init_results_js('blog'); // Add functions to work with Results tables // just in case some robot would be logged in: $seo_page_type = 'Messaging module'; $robots_index = false; break; case 'login': global $Plugins, $transmit_hashed_password; $seo_page_type = 'Login form'; $robots_index = false; require_js('functions.js', 'blog'); $transmit_hashed_password = (bool) $Settings->get('js_passwd_hashing') && !(bool) $Plugins->trigger_event_first_true('LoginAttemptNeedsRawPassword'); if ($transmit_hashed_password) { // Include JS for client-side password hashing: require_js('sha1_md5.js', 'blog'); } break; case 'register': if (is_logged_in()) { // If user is logged in the register form should not be displayed. In this case redirect to the blog home page. $Messages->add(T_('You are already logged in.'), 'note'); header_redirect($Blog->gen_blogurl(), false); } $seo_page_type = 'Register form'; $robots_index = false; break; case 'lostpassword': if (is_logged_in()) { // If user is logged in the lost password form should not be displayed. In this case redirect to the blog home page. $Messages->add(T_('You are already logged in.'), 'note'); header_redirect($Blog->gen_blogurl(), false); } $seo_page_type = 'Lost password form'; $robots_index = false; break; case 'profile': global $rsc_url; require_css($rsc_url . 'css/jquery/smoothness/jquery-ui.css'); init_userfields_js('blog'); case 'avatar': case 'pwdchange': case 'userprefs': case 'subs': $seo_page_type = 'Special feature page'; if ($Blog->get_setting('special_noindex')) { // We prefer robots not to index these pages: $robots_index = false; } break; case 'users': $seo_page_type = 'Users list'; $robots_index = false; global $rsc_url; require_css($rsc_url . 'css/jquery/smoothness/jquery-ui.css'); init_results_js('blog'); // Add functions to work with Results tables break; case 'user': $seo_page_type = 'User display'; if (is_logged_in()) { // Used for combo_box contacts groups require_js('form_extensions.js', 'blog'); } break; case 'edit': init_datepicker_js('blog'); require_js('admin.js', 'blog'); init_inskin_editing('blog'); init_plugins_js('blog'); break; case 'edit_comment': init_plugins_js('blog'); break; case 'useritems': case 'usercomments': global $inc_path, $display_params, $viewed_User; // get user_ID because we want it in redirect_to in case we need to ask for login. $user_ID = param('user_ID', 'integer', true, true); if (empty($user_ID)) { bad_request_die(sprintf(T_('Parameter «%s» is required!'), 'user_ID')); } // set where to redirect in case of error $error_redirect_to = empty($Blog) ? $baseurl : $Blog->gen_blogurl(); if (!is_logged_in()) { // Redirect to the login page if not logged in and allow anonymous user setting is OFF $Messages->add(T_('You must log in to view this user profile.')); header_redirect(get_login_url('cannot see user'), 302); // will have exited } if (is_logged_in() && !check_user_status('can_view_user', $user_ID)) { // user is logged in, but his/her status doesn't permit to view user profile if (check_user_status('can_be_validated')) { // user is logged in but his/her account is not active yet // Redirect to the account activation page $Messages->add(T_('You must activate your account before you can view this user profile. <b>See below:</b>')); header_redirect(get_activate_info_url(), 302); // will have exited } $Messages->add(T_('Your account status currently does not permit to view this user profile.')); header_redirect($error_redirect_to, 302); // will have exited } if (!empty($user_ID)) { $UserCache =& get_UserCache(); $viewed_User = $UserCache->get_by_ID($user_ID, false); if (empty($viewed_User)) { $Messages->add(T_('The requested user does not exist!')); header_redirect($error_redirect_to); // will have exited } if ($viewed_User->check_status('is_closed')) { $Messages->add(T_('The requested user account is closed!')); header_redirect($error_redirect_to); // will have exited } } // Require results.css to display thread query results in a table require_css('results.css'); // Results/tables styles // Require functions.js to show/hide a panel with filters require_js('functions.js', 'blog'); // Include this file to expand/collapse the filters panel when JavaScript is disabled require_once $inc_path . '_filters.inc.php'; $display_params = !empty($Skin) ? $Skin->get_template('Results') : NULL; if ($disp == 'useritems') { // Init items list global $user_ItemList; $param_prefix = 'useritems_'; $page = param($param_prefix . 'paged', 'integer', 1); $orderby = param($param_prefix . 'orderby', 'string', $Blog->get_setting('orderby')); $order = param($param_prefix . 'order', 'string', $Blog->get_setting('orderdir')); $useritems_Blog = NULL; $user_ItemList = new ItemList2($useritems_Blog, NULL, NULL, NULL, 'ItemCache', $param_prefix); $user_ItemList->load_from_Request(); $user_ItemList->set_filters(array('page' => $page, 'authors' => $user_ID, 'orderby' => str_replace($param_prefix, '', $orderby), 'order' => str_replace($param_prefix, '', $order))); $user_ItemList->query(); } else { // Init comments list global $user_CommentList; $param_prefix = 'usercmts_'; $page = param($param_prefix . 'paged', 'integer', 1); $orderby = param($param_prefix . 'orderby', 'string', 'date'); $order = param($param_prefix . 'order', 'string', $Blog->get_setting('orderdir')); $user_CommentList = new CommentList2(NULL, NULL, 'CommentCache', $param_prefix); $user_CommentList->load_from_Request(); $user_CommentList->set_filters(array('page' => $page, 'author_IDs' => $user_ID, 'orderby' => str_replace($param_prefix, '', $orderby), 'order' => str_replace($param_prefix, '', $order))); $user_CommentList->query(); } break; case 'comments': if (!$Blog->get_setting('comments_latest')) { // If latest comments page is disabled - Display 404 page with error message $Messages->add(T_('This feature is disabled.'), 'error'); global $disp; $disp = '404'; } else { break; } case '404': // We have a 404 unresolved content error // How do we want do deal with it? skin_404_header(); // This MAY or MAY not have exited -- will exit on 30x redirect, otherwise will return here. // Just in case some dumb robot needs extra directives on this: $robots_index = false; break; } if (!empty($_SERVER['HTTP_USER_AGENT'])) { // Detect IE browser version preg_match('/msie (\\d+)/i', $_SERVER['HTTP_USER_AGENT'], $browser_ie); if (count($browser_ie) == 2 && $browser_ie[1] < 7) { // IE < 7 require_css('ie6.css', 'relative'); $Messages->add(T_('Your web browser is too old. For this site to work correctly, we recommend you use a more recent browser.'), 'note'); } } // dummy var for backward compatibility with versions < 2.4.1 -- prevents "Undefined variable" global $global_Cache, $credit_links; $credit_links = $global_Cache->get('creds'); $Timer->pause('skin_init'); // Check if user is logged in with a not active account, and display an error message if required check_allow_disp($disp); // initialize Blog enabled widgets, before displaying anything init_blog_widgets($Blog->ID); // Initialize displaying.... $Timer->start('Skin:display_init'); $Skin->display_init(); $Timer->pause('Skin:display_init'); // Send default headers: // See comments inside of this function: headers_content_mightcache('text/html'); // In most situations, you do NOT want to cache dynamic content! // Never allow Messages to be cached! if ($Messages->count() && !empty($PageCache)) { // Abort PageCache collect $PageCache->abort_collect(); } }
/** * Send email notifications to subscribed users: * * efy-asimo> moderatation and subscription notifications have been separated * * @param boolean true if send only moderation email, false otherwise * @param boolean true if send for everyone else but not for moterators, because a moderation email was sent for them * @param integer the user ID who executed the action which will be notified, or NULL if it was executed by an anonymous user */ function send_email_notifications($only_moderators = false, $except_moderators = false, $executed_by_userid = NULL) { global $DB, $admin_url, $baseurl, $debug, $Debuglog, $htsrv_url; global $Settings, $UserSettings; if ($only_moderators && $except_moderators) { // at least one of them must be false return; } $edited_Item =& $this->get_Item(); $edited_Blog =& $edited_Item->get_Blog(); $owner_User = $edited_Blog->get_owner_User(); $notify_users = array(); $moderators = array(); if ($only_moderators || $except_moderators) { // we need the list of moderators: $sql = 'SELECT DISTINCT user_email, user_ID, uset_value as notify_moderation FROM T_users LEFT JOIN T_coll_user_perms ON bloguser_user_ID = user_ID LEFT JOIN T_coll_group_perms ON bloggroup_group_ID = user_grp_ID LEFT JOIN T_users__usersettings ON uset_user_ID = user_ID AND uset_name = "notify_comment_moderation" LEFT JOIN T_groups ON grp_ID = user_grp_ID WHERE ( ( bloguser_blog_ID = ' . $edited_Blog->ID . ' AND bloguser_perm_edit_cmt IN ( "anon", "lt", "le", "all" ) ) OR ( bloggroup_blog_ID = ' . $edited_Blog->ID . ' AND bloggroup_perm_edit_cmt IN ( "anon", "lt", "le", "all" ) ) OR ( grp_perm_blogs = "editall" ) ) AND LENGTH(TRIM(user_email)) > 0'; $moderators_to_notify = $DB->get_results($sql); foreach ($moderators_to_notify as $moderator) { $notify_moderator = is_null($moderator->notify_moderation) ? $Settings->get('def_notify_comment_moderation') : $moderator->notify_moderation; if ($notify_moderator) { // add user to notify $moderators[] = $moderator->user_ID; } } if ($UserSettings->get('notify_comment_moderation', $owner_User->ID) && is_email($owner_User->get('email'))) { // add blog owner $moderators[] = $owner_User->ID; } // Load all moderators, and check each edit permission on this comment $UserCache =& get_UserCache(); $UserCache->load_list($moderators); foreach ($moderators as $index => $moderator_ID) { $moderator_User = $UserCache->get_by_ID($moderator_ID, false); if (!$moderator_User || !$moderator_User->check_perm('comment!CURSTATUS', 'edit', false, $this)) { // User doesn't exists any more, or has no permission to edit this comment! unset($moderators[$index]); } elseif ($only_moderators) { $notify_users[$moderator_ID] = 'moderator'; } } } if (!$only_moderators) { // Not only moderators needs to be notified: $except_condition = ''; if ($except_moderators && !empty($moderators)) { // Set except moderators condition. Exclude moderators who already got a notification email. $except_condition = ' AND user_ID NOT IN ( "' . implode('", "', $moderators) . '" )'; } // Check if we need to include the item creator user: $creator_User =& $edited_Item->get_creator_User(); if ($UserSettings->get('notify_published_comments', $creator_User->ID) && !empty($creator_User->email) && !in_array($creator_User->ID, $moderators)) { // Post creator wants to be notified, and post author is not a moderator... $notify_users[$creator_User->ID] = 'creator'; } // Get list of users who want to be notified about the this post comments: if ($edited_Blog->get_setting('allow_item_subscriptions')) { // item subscriptions is allowed $sql = 'SELECT DISTINCT user_ID FROM T_items__subscriptions INNER JOIN T_users ON isub_user_ID = user_ID WHERE isub_item_ID = ' . $edited_Item->ID . ' AND isub_comments <> 0 AND LENGTH(TRIM(user_email)) > 0' . $except_condition; $notify_list = $DB->get_results($sql); // Preprocess list: foreach ($notify_list as $notification) { $notify_users[$notification->user_ID] = 'item_subscription'; } } // Get list of users who want to be notfied about this blog comments: if ($edited_Blog->get_setting('allow_subscriptions')) { // blog subscription is allowed $sql = 'SELECT DISTINCT user_ID FROM T_subscriptions INNER JOIN T_users ON sub_user_ID = user_ID WHERE sub_coll_ID = ' . $edited_Blog->ID . ' AND sub_comments <> 0 AND LENGTH(TRIM(user_email)) > 0' . $except_condition; $notify_list = $DB->get_results($sql); // Preprocess list: foreach ($notify_list as $notification) { $notify_users[$notification->user_ID] = 'blog_subscription'; } } } if ($executed_by_userid != NULL && isset($notify_users[$executed_by_userid])) { // don't notify the user who just created/updated this comment unset($notify_users[$executed_by_userid]); } if (!count($notify_users)) { // No-one to notify: return false; } /* * We have a list of user IDs to notify: */ // TODO: dh> this reveals the comments author's email address to all subscribers!! // $notify_from should get used by default, unless the user has opted in to be the sender! // fp>If the subscriber has permission to moderate the comments, he SHOULD receive the email address. // Get author email address. It will be visible for moderators/blog/post owners only -- NOT for other subscribers if ($this->get_author_User()) { // Comment from a registered user: $reply_to = $this->author_User->get('email'); $author_name = $this->author_User->get('login'); $author_ID = $this->author_User->ID; } elseif (!empty($this->author_email)) { // non-member, but with email address: $reply_to = $this->author_email; $author_name = $this->dget('author'); $author_ID = NULL; } else { // Fallback (we have no email address): fp>TODO: or the subscriber is not allowed to view it. $reply_to = NULL; $author_name = $this->dget('author'); $author_ID = NULL; } // Load all users who will be notified, becasuse another way the send_mail_to_User funtion would load them one by one $UserCache =& get_UserCache(); $UserCache->load_list(array_keys($notify_users)); // Load a list with the blocked emails in cache load_blocked_emails(array_keys($notify_users)); // Send emails: foreach ($notify_users as $notify_user_ID => $notify_type) { // get data content $notify_User = $UserCache->get_by_ID($notify_user_ID); $notify_email = $notify_User->get('email'); // init notification setting locale_temp_switch($notify_User->get('locale')); $notify_user_Group = $notify_User->get_Group(); $notify_full = $notify_type == 'moderator' && $notify_user_Group->check_perm('comment_moderation_notif', 'full') || $notify_user_Group->check_perm('comment_subscription_notif', 'full'); switch ($this->type) { case 'trackback': /* TRANS: Subject of the mail to send on new trackbacks. First %s is the blog's shortname, the second %s is the item's title. */ $subject = T_('[%s] New trackback on "%s"'); break; default: /* TRANS: Subject of the mail to send on new comments. */ // In case of full notification the first %s is blog name, the second %s is the item's title. // In case of short notification the first %s is author login, the second %s is the item's title. $subject = $notify_full ? T_('[%s] New comment on "%s"') : T_('%s posted a new comment on "%s"'); if ($only_moderators) { if ($this->status == 'draft') { $subject = $notify_full ? T_('[%s] New comment awaiting moderation on "%s"') : T_('New comment awaiting moderation: ') . $subject; } else { $subject = $notify_full ? T_('[%s] New comment may need moderation on "%s"') : T_('New comment may need moderation: ') . $subject; } } } if ($notify_type == 'moderator') { // moderation email $user_reply_to = $reply_to; } else { if ($notify_type == 'blog_subscription') { // blog subscription $user_reply_to = NULL; } else { if ($notify_type == 'item_subscription') { // item subscription $user_reply_to = NULL; } else { if ($notify_type == 'creator') { // user is the creator of the post $user_reply_to = $reply_to; } else { debug_die('Unknown user subscription type'); } } } } $subject = sprintf($subject, $notify_full ? $edited_Blog->get('shortname') : $author_name, $edited_Item->get('title')); $email_template_params = array('notify_full' => $notify_full, 'Comment' => $this, 'Blog' => $edited_Blog, 'Item' => $edited_Item, 'author_name' => $author_name, 'author_ID' => $author_ID, 'notify_type' => $notify_type); if ($debug) { $notify_message = mail_template('comment_new', 'text', $email_template_params); $mail_dump = "Sending notification to {$notify_email}:<pre>Subject: {$subject}\n{$notify_message}</pre>"; if ($debug >= 2) { // output mail content - NOTE: this will kill sending of headers. echo "<p>{$mail_dump}</p>"; } $Debuglog->add($mail_dump, 'notification'); } // Send the email: // Note: Note activated users won't get notification email send_mail_to_User($notify_user_ID, $subject, 'comment_new', $email_template_params, false, array('Reply-To' => $user_reply_to)); blocked_emails_memorize($notify_User->email); locale_restore_previous(); } blocked_emails_display(); }
/** * Replace @usernames with link to profile page * * @param string Content * @param array Search list * @param array Replace list * @return string Content */ function replace_usernames($content, $search_list, $replace_list) { global $Blog; if (empty($Blog)) { // No Blog, Exit here return $content; } if (preg_match_all($search_list, $content, $user_matches)) { $blog_url = $Blog->gen_blogurl(); // Add this for rel attribute in order to activate bubbletips on usernames $link_attr_rel = 'bubbletip_user_%user_ID%'; if ($this->get_coll_setting($this->setting_nofollow_auto, $Blog)) { // Add attribute rel="nofollow" for auto-links $link_attr_rel .= ' nofollow'; } $link_attrs = ' rel="' . $link_attr_rel . '"'; $link_attrs .= ' class="user"'; if (!empty($user_matches[1])) { $UserCache =& get_UserCache(); foreach ($user_matches[1] as $u => $username) { if (in_array($username, $this->already_linked_usernames)) { // Skip this username, it was already linked before continue; } if ($User =& $UserCache->get_by_login($username)) { // Replace @usernames $user_link_attrs = str_replace('%user_ID%', $User->ID, $link_attrs); $user_link = '<a href="' . $Blog->get('userurl', array('url_suffix' => 'user_ID=' . $User->ID)) . '"' . $user_link_attrs . '>' . $user_matches[0][$u] . '</a>'; $content = preg_replace('#' . $user_matches[0][$u] . '#', $user_link, $content, 1); $this->already_linked_usernames[] = $user_matches[1][$u]; } } } } return $content; }
/** * Initialize internal states for the most common skin displays. * * For more specific skins, this function may not be called and * equivalent code may be customized within the skin. * * @param string What are we going to display. Most of the time the global $disp should be passed. */ function skin_init($disp) { /** * @var Blog */ global $Blog; /** * @var Item */ global $Item; /** * @var Skin */ global $Skin; global $robots_index; global $seo_page_type; global $redir, $ReqURL, $ReqURI, $m, $w, $preview; global $Chapter; global $Debuglog; /** * @var ItemList2 */ global $MainList; /** * This will give more detail when $disp == 'posts'; otherwise it will have the same content as $disp * @var string */ global $disp_detail, $Settings; global $Timer; global $Messages, $PageCache; global $Session, $current_User; $Timer->resume('skin_init'); if (empty($disp_detail)) { $disp_detail = $disp; } $Debuglog->add('skin_init: $disp=' . $disp, 'skins'); // This is the main template; it may be used to display very different things. // Do inits depending on current $disp: switch ($disp) { case 'front': case 'posts': case 'single': case 'page': case 'terms': case 'download': case 'feedback-popup': // We need to load posts for this display: if ($disp == 'terms') { // Initialize the redirect param to know what page redirect after accepting of terms: param('redirect_to', 'url', ''); } // Note: even if we request the same post as $Item above, the following will do more restrictions (dates, etc.) // Init the MainList object: init_MainList($Blog->get_setting('posts_per_page')); // Init post navigation $post_navigation = $Skin->get_post_navigation(); if (empty($post_navigation)) { $post_navigation = $Blog->get_setting('post_navigation'); } if (!empty($MainList) && $MainList->single_post && ($single_Item =& mainlist_get_item())) { // If we are currently viewing a single post // We assume the current user will have read the entire post and all its current comments: $single_Item->update_read_timestamps(true, true); // Restart the items list: $MainList->restart(); } break; case 'search': // Searching post, comments and categories load_funcs('collections/_search.funcs.php'); // Check previous search keywords so it can be displayed in the search input box param('s', 'string', '', true); break; } // SEO stuff & redirects if necessary: $seo_page_type = NULL; switch ($disp) { // CONTENT PAGES: case 'single': case 'page': case 'terms': if ($disp == 'terms' && !$Item) { // Wrong post ID for terms page: global $disp; $disp = '404'; $Messages->add(sprintf(T_('Terms not found. (post ID #%s)'), get_param('p')), 'error'); break; } if (!$preview && empty($Item)) { // No Item, incorrect request and incorrect state of the application, a 404 redirect should have already happened //debug_die( 'Invalid page URL!' ); } if ($disp == 'single') { $seo_page_type = 'Single post page'; } else { $seo_page_type = '"Page" page'; } if (!$preview) { // Check if item has a goal to insert a hit into DB $Item->check_goal(); } // Check if the post has 'redirected' status: if (!$preview && $Item->status == 'redirected' && $redir == 'yes') { // $redir=no here allows to force a 'single post' URL for commenting // Redirect to the URL specified in the post: $Debuglog->add('Redirecting to post URL [' . $Item->url . '].'); header_redirect($Item->url, true, true); } // Check if we want to redirect to a canonical URL for the post // Please document encountered problems. if (!$preview && ($Blog->get_setting('canonical_item_urls') && $redir == 'yes' || $Blog->get_setting('relcanonical_item_urls'))) { // We want to redirect to the Item's canonical URL: $canonical_url = $Item->get_permanent_url('', '', '&'); if (preg_match('|[&?](page=\\d+)|', $ReqURI, $page_param)) { // A certain post page has been requested, keep only this param and discard all others: $canonical_url = url_add_param($canonical_url, $page_param[1], '&'); } if (preg_match('|[&?](mode=quote&[qcp]+=\\d+)|', $ReqURI, $page_param)) { // A quote of comment/post, keep only these params and discard all others: $canonical_url = url_add_param($canonical_url, $page_param[1], '&'); } if (!is_same_url($ReqURL, $canonical_url)) { // The requested URL does not look like the canonical URL for this post... // url difference was resolved $url_resolved = false; // Check if the difference is because of an allowed post navigation param if (preg_match('|[&?]cat=(\\d+)|', $ReqURI, $cat_param)) { // A category post navigation param is set $extended_url = ''; if ($post_navigation == 'same_category' && isset($cat_param[1])) { // navigatie through posts from the same category $category_ids = postcats_get_byID($Item->ID); if (in_array($cat_param[1], $category_ids)) { // cat param is one of this Item categories $extended_url = $Item->add_navigation_param($canonical_url, $post_navigation, $cat_param[1], '&'); // Set MainList navigation target to the requested category $MainList->nav_target = $cat_param[1]; } } $url_resolved = is_same_url($ReqURL, $extended_url); } if (preg_match('|[&?]tag=([^&A-Z]+)|', $ReqURI, $tag_param)) { // A tag post navigation param is set $extended_url = ''; if ($post_navigation == 'same_tag' && isset($tag_param[1])) { // navigatie through posts from the same tag $tag_names = $Item->get_tags(); if (in_array($tag_param[1], $tag_names)) { // tag param is one of this Item tags $extended_url = $Item->add_navigation_param($canonical_url, $post_navigation, $tag_param[1], '&'); // Set MainList navigation target to the requested tag $MainList->nav_target = $tag_param[1]; } } $url_resolved = is_same_url($ReqURL, $extended_url); } if (!$url_resolved && $Blog->get_setting('canonical_item_urls') && $redir == 'yes' && !$Item->check_cross_post_nav('auto', $Blog->ID)) { // REDIRECT TO THE CANONICAL URL: $Debuglog->add('Redirecting to canonical URL [' . $canonical_url . '].'); header_redirect($canonical_url, true); } else { // Use rel="canoncial": add_headline('<link rel="canonical" href="' . $canonical_url . '" />'); } // EXITED. } } if (!$MainList->result_num_rows) { // There is nothing to display for this page, don't index it! $robots_index = false; } break; case 'download': if (empty($Item)) { // No Item, incorrect request and incorrect state of the application, a 404 redirect should have already happened debug_die('Invalid page URL!'); } $download_link_ID = param('download', 'integer', 0); // Check if we can allow to download the selected file $LinkCache =& get_LinkCache(); if (!(($download_Link =& $LinkCache->get_by_ID($download_link_ID, false, false)) && ($LinkItem =& $download_Link->get_LinkOwner()) && ($LinkItem->Item && $LinkItem->Item->ID == $Item->ID) && ($download_File =& $download_Link->get_File()) && $download_File->exists())) { // Bad request, Redirect to Item permanent url $Messages->add(T_('The requested file is not available for download.'), 'error'); $canonical_url = $Item->get_permanent_url('', '', '&'); $Debuglog->add('Redirecting to canonical URL [' . $canonical_url . '].'); header_redirect($canonical_url, true); } // Save the downloading Link to the global vars $GLOBALS['download_Link'] =& $download_Link; // Save global $Item to $download_Item, because $Item can be rewritten by function get_featured_Item() in some skins $GLOBALS['download_Item'] =& $Item; init_ajax_forms('blog'); // auto requires jQuery // Initialize JavaScript to download file after X seconds add_js_headline(' jQuery( document ).ready( function () { jQuery( "#download_timer_js" ).show(); } ); var b2evo_download_timer = ' . intval($Blog->get_setting('download_delay')) . '; var downloadInterval = setInterval( function() { jQuery( "#download_timer" ).html( b2evo_download_timer ); if( b2evo_download_timer == 0 ) { // Stop timer and download a file clearInterval( downloadInterval ); jQuery( "#download_help_url" ).show(); } b2evo_download_timer--; }, 1000 );'); // Use meta tag to download file when JavaScript is NOT enabled add_headline('<meta http-equiv="refresh" content="' . intval($Blog->get_setting('download_delay')) . '; url=' . $download_Link->get_download_url(array('type' => 'action')) . '" />'); $seo_page_type = 'Download page'; if ($Blog->get_setting($disp . '_noindex')) { // We prefer robots not to index these pages: $robots_index = false; } break; case 'posts': init_ajax_forms('blog'); // auto requires jQuery // fp> if we add this here, we have to exetnd the inner if() // init_ratings_js( 'blog' ); // Get list of active filters: $active_filters = $MainList->get_active_filters(); if (!empty($active_filters)) { // The current page is being filtered... if (array_diff($active_filters, array('page')) == array()) { // This is just a follow "paged" page $disp_detail = 'posts-next'; $seo_page_type = 'Next page'; if ($Blog->get_setting('paged_noindex')) { // We prefer robots not to index category pages: $robots_index = false; } } elseif (array_diff($active_filters, array('cat_array', 'cat_modifier', 'cat_focus', 'posts', 'page')) == array()) { // This is a category page $disp_detail = 'posts-cat'; $seo_page_type = 'Category page'; if ($Blog->get_setting('chapter_noindex')) { // We prefer robots not to index category pages: $robots_index = false; } global $cat, $catsel; if (empty($catsel) && preg_match('~^[0-9]+$~', $cat)) { // We are on a single cat page: // NOTE: we must have selected EXACTLY ONE CATEGORY through the cat parameter // BUT: - this can resolve to including children // - selecting exactly one cat through catsel[] is NOT OK since not equivalent (will exclude children) // echo 'SINGLE CAT PAGE'; if ($Blog->get_setting('canonical_cat_urls') && $redir == 'yes' || $Blog->get_setting('relcanonical_cat_urls')) { // Check if the URL was canonical: if (!isset($Chapter)) { $ChapterCache =& get_ChapterCache(); /** * @var Chapter */ $Chapter =& $ChapterCache->get_by_ID($MainList->filters['cat_array'][0], false); } if ($Chapter) { if ($Chapter->parent_ID) { // This is a sub-category page (i-e: not a level 1 category) $disp_detail = 'posts-subcat'; } $canonical_url = $Chapter->get_permanent_url(NULL, NULL, $MainList->get_active_filter('page'), NULL, '&'); if (!is_same_url($ReqURL, $canonical_url)) { // fp> TODO: we're going to lose the additional params, it would be better to keep them... // fp> what additional params actually? if ($Blog->get_setting('canonical_cat_urls') && $redir == 'yes') { // REDIRECT TO THE CANONICAL URL: header_redirect($canonical_url, true); } else { // Use rel="canonical": add_headline('<link rel="canonical" href="' . $canonical_url . '" />'); } } } else { // If the requested chapter was not found display 404 page $Messages->add(T_('The requested chapter was not found')); global $disp; $disp = '404'; break; } } if ($post_navigation == 'same_category') { // Category is set and post navigation should go through the same category, set navigation target param $MainList->nav_target = $cat; } } } elseif (array_diff($active_filters, array('tags', 'posts', 'page')) == array()) { // This is a tag page $disp_detail = 'posts-tag'; $seo_page_type = 'Tag page'; if ($Blog->get_setting('tag_noindex')) { // We prefer robots not to index tag pages: $robots_index = false; } if ($Blog->get_setting('canonical_tag_urls') && $redir == 'yes' || $Blog->get_setting('relcanonical_tag_urls')) { // Check if the URL was canonical: $canonical_url = $Blog->gen_tag_url($MainList->get_active_filter('tags'), $MainList->get_active_filter('page'), '&'); if (!is_same_url($ReqURL, $canonical_url)) { if ($Blog->get_setting('canonical_tag_urls') && $redir == 'yes') { // REDIRECT TO THE CANONICAL URL: header_redirect($canonical_url, true); } else { // Use rel="canoncial": add_headline('<link rel="canonical" href="' . $canonical_url . '" />'); } } } $tag = $MainList->get_active_filter('tags'); if ($post_navigation == 'same_tag' && !empty($tag)) { // Tag is set and post navigation should go through the same tag, set navigation target param $MainList->nav_target = $tag; } } elseif (array_diff($active_filters, array('ymdhms', 'week', 'posts', 'page')) == array()) { // This is an archive page // echo 'archive page'; $disp_detail = 'posts-date'; $seo_page_type = 'Date archive page'; if ($Blog->get_setting('canonical_archive_urls') && $redir == 'yes' || $Blog->get_setting('relcanonical_archive_urls')) { // Check if the URL was canonical: $canonical_url = $Blog->gen_archive_url(substr($m, 0, 4), substr($m, 4, 2), substr($m, 6, 2), $w, '&', $MainList->get_active_filter('page')); if (!is_same_url($ReqURL, $canonical_url)) { if ($Blog->get_setting('canonical_archive_urls') && $redir == 'yes') { // REDIRECT TO THE CANONICAL URL: header_redirect($canonical_url, true); } else { // Use rel="canoncial": add_headline('<link rel="canonical" href="' . $canonical_url . '" />'); } } } if ($Blog->get_setting('archive_noindex')) { // We prefer robots not to index archive pages: $robots_index = false; } } else { // Other filtered pages: // pre_dump( $active_filters ); $disp_detail = 'posts-filtered'; $seo_page_type = 'Other filtered page'; if ($Blog->get_setting('filtered_noindex')) { // We prefer robots not to index other filtered pages: $robots_index = false; } } } elseif ($Blog->get_setting('front_disp') == 'posts') { // This is the default blog page only if the 'front_disp' is set to 'posts' $disp_detail = 'posts-default'; $seo_page_type = 'Default page'; if ($Blog->get_setting('default_noindex')) { // We prefer robots not to index archive pages: $robots_index = false; } } break; case 'search': $seo_page_type = 'Search page'; if ($Blog->get_setting('filtered_noindex')) { // We prefer robots not to index these pages: $robots_index = false; } break; // SPECIAL FEATURE PAGES: // SPECIAL FEATURE PAGES: case 'feedback-popup': $seo_page_type = 'Comment popup'; if ($Blog->get_setting($disp . '_noindex')) { // We prefer robots not to index these pages: $robots_index = false; } break; case 'arcdir': $seo_page_type = 'Date archive directory'; if ($Blog->get_setting($disp . '_noindex')) { // We prefer robots not to index these pages: $robots_index = false; } break; case 'catdir': $seo_page_type = 'Category directory'; if ($Blog->get_setting($disp . '_noindex')) { // We prefer robots not to index these pages: $robots_index = false; } break; case 'msgform': global $disp; // get expected message form type $msg_type = param('msg_type', 'string', ''); // initialize $recipient_User = NULL; $Comment = NULL; $allow_msgform = NULL; // get possible params $recipient_id = param('recipient_id', 'integer', 0, true); $comment_id = param('comment_id', 'integer', 0, true); $post_id = param('post_id', 'integer', 0, true); $subject = param('subject', 'string', ''); // try to init recipient_User if (!empty($recipient_id)) { $UserCache =& get_UserCache(); $recipient_User =& $UserCache->get_by_ID($recipient_id); } elseif (!empty($comment_id)) { // comment id is set, try to get comment author user $CommentCache =& get_CommentCache(); $Comment = $CommentCache->get_by_ID($comment_id, false); if ($Comment = $CommentCache->get_by_ID($comment_id, false)) { $recipient_User =& $Comment->get_author_User(); if (empty($recipient_User) && $Comment->allow_msgform && is_email($Comment->get_author_email())) { // set allow message form to email because comment author (not registered) accepts email $allow_msgform = 'email'; param('recipient_address', 'string', $Comment->get_author_email()); param('recipient_name', 'string', $Comment->get_author_name()); } } } else { // Recipient was not defined, try set the blog owner as recipient global $Blog; if (empty($Blog)) { // Blog is not set, this is an invalid request debug_die('Invalid send message request!'); } $recipient_User = $Blog->get_owner_User(); } if ($recipient_User) { // recipient User is set // get_msgform_possibility returns NULL (false), only if there is no messaging option between current_User and recipient user $allow_msgform = $recipient_User->get_msgform_possibility(); if ($msg_type == 'email' && $recipient_User->get_msgform_possibility(NULL, 'email') != 'email') { // User doesn't want to receive email messages, Restrict if this was requested by wrong url: $msg_type = ''; } if ($allow_msgform == 'login') { // user must login first to be able to send a message to this User $disp = 'login'; param('action', 'string', 'req_login'); // override redirect to param param('redirect_to', 'url', regenerate_url(), true, true); if (($msg_Blog =& get_setting_Blog('msg_blog_ID')) && $Blog->ID != $msg_Blog->ID) { // Redirect to special blog for messaging actions if it is defined in general settings header_redirect(url_add_param($msg_Blog->get('msgformurl', array('glue' => '&')), 'redirect_to=' . rawurlencode($redirect_to), '&')); } $Messages->add(T_('You must log in before you can contact this user')); } elseif ($allow_msgform == 'PM' && check_user_status('can_be_validated')) { // user is not activated if ($recipient_User->accepts_email()) { // recipient User accepts email allow to send email $allow_msgform = 'email'; $msg_type = 'email'; $activateinfo_link = 'href="' . get_activate_info_url(NULL, '&') . '"'; $Messages->add(sprintf(T_('You must activate your account before you can send a private message to %s. However you can send them an email if you\'d like. <a %s>More info »</a>'), $recipient_User->get('login'), $activateinfo_link), 'warning'); } else { // Redirect to the activate info page for not activated users $Messages->add(T_('You must activate your account before you can contact a user. <b>See below:</b>')); header_redirect(get_activate_info_url(), 302); // will have exited } } elseif ($msg_type == 'PM' && $allow_msgform == 'email') { // only email is allowed but user expect private message form if (!empty($current_User) && $recipient_id == $current_User->ID) { $Messages->add(T_('You cannot send a private message to yourself. However you can send yourself an email if you\'d like.'), 'warning'); } else { $Messages->add(sprintf(T_('You cannot send a private message to %s. However you can send them an email if you\'d like.'), $recipient_User->get('login')), 'warning'); } } elseif ($msg_type != 'email' && $allow_msgform == 'PM') { // private message form should be displayed, change display to create new individual thread with the given recipient user // check if creating new PM is allowed if (check_create_thread_limit(true)) { // thread limit reached header_redirect(); // exited here } global $edited_Thread, $edited_Message, $recipients_selected; // Load classes load_class('messaging/model/_thread.class.php', 'Thread'); load_class('messaging/model/_message.class.php', 'Message'); // Set global variable to auto define the FB autocomplete plugin field $recipients_selected = array(array('id' => $recipient_User->ID, 'title' => $recipient_User->login)); init_tokeninput_js('blog'); $disp = 'threads'; $edited_Thread = new Thread(); $edited_Message = new Message(); $edited_Message->Thread =& $edited_Thread; $edited_Thread->recipients = $recipient_User->login; param('action', 'string', 'new', true); param('thrdtype', 'string', 'individual', true); } if ($allow_msgform == 'email') { // set recippient user param set_param('recipient_id', $recipient_User->ID); } } if ($allow_msgform == NULL) { // should be Prevented by UI if (!empty($recipient_User)) { $Messages->add(sprintf(T_('The user "%s" does not want to be contacted through the message form.'), $recipient_User->get('login')), 'error'); } elseif (!empty($Comment)) { $Messages->add(T_('This commentator does not want to get contacted through the message form.'), 'error'); } $blogurl = $Blog->gen_blogurl(); // If it was a front page request or the front page is set to 'msgform' then we must not redirect to the front page because it is forbidden for the current User $redirect_to = is_front_page() || $Blog->get_setting('front_disp') == 'msgform' ? url_add_param($blogurl, 'disp=403', '&') : $blogurl; header_redirect($redirect_to, 302); // exited here } if ($allow_msgform == 'PM' || $allow_msgform == 'email') { // Some message form is available // Get the suggested subject for the email: if (empty($subject)) { // no subject provided by param: global $DB; if (!empty($comment_id)) { // fp>TODO there should be NO SQL in this file. Make a $ItemCache->get_by_comment_ID(). $row = $DB->get_row(' SELECT post_title FROM T_items__item, T_comments WHERE comment_ID = ' . $DB->quote($comment_id) . ' AND post_ID = comment_item_ID'); if ($row) { $subject = T_('Re:') . ' ' . sprintf(T_('Comment on %s'), $row->post_title); } } if (empty($subject) && !empty($post_id)) { // fp>TODO there should be NO SQL in this file. Use $ItemCache->get_by_ID. $row = $DB->get_row(' SELECT post_title FROM T_items__item WHERE post_ID = ' . $post_id); if ($row) { $subject = T_('Re:') . ' ' . $row->post_title; } } } if ($allow_msgform == 'PM' && isset($edited_Thread)) { $edited_Thread->title = $subject; } else { param('subject', 'string', $subject, true); } } if (($msg_Blog =& get_setting_Blog('msg_blog_ID')) && $Blog->ID != $msg_Blog->ID) { // Redirect to special blog for messaging actions if it is defined in general settings header_redirect($msg_Blog->get('msgformurl', array('glue' => '&'))); } $seo_page_type = 'Contact form'; if ($Blog->get_setting($disp . '_noindex')) { // We prefer robots not to index these pages: $robots_index = false; } break; case 'messages': case 'contacts': case 'threads': switch ($disp) { case 'messages': // Actions ONLY for disp=messages // fp> The correct place to get thrd_ID is here, because we want it in redirect_to in case we need to ask for login. $thrd_ID = param('thrd_ID', 'integer', '', true); if (!is_logged_in()) { // Redirect to the login page for anonymous users $Messages->add(T_('You must log in to read your messages.')); header_redirect(get_login_url('cannot see messages'), 302); // will have exited } // check if user status allow to view messages if (!$current_User->check_status('can_view_messages')) { // user status does not allow to view messages if ($current_User->check_status('can_be_validated')) { // user is logged in but his/her account is not activate yet $Messages->add(T_('You must activate your account before you can read & send messages. <b>See below:</b>')); header_redirect(get_activate_info_url(), 302); // will have exited } $Messages->add('You are not allowed to view Messages!'); header_redirect($Blog->gen_blogurl(), 302); // will have exited } // check if user permissions allow to view messages if (!$current_User->check_perm('perm_messaging', 'reply')) { // Redirect to the blog url for users without messaging permission $Messages->add('You are not allowed to view Messages!'); header_redirect($Blog->gen_blogurl(), 302); // will have exited } if (!empty($thrd_ID)) { // if this thread exists and current user is part of this thread update status because won't be any unread messages on this conversation // we need to mark this early to make sure the unread message count will be correct in the evobar mark_as_read_by_user($thrd_ID, $current_User->ID); } if (($unsaved_message_params = get_message_params_from_session()) !== NULL) { // set Message and Thread saved params from Session global $edited_Message, $action; load_class('messaging/model/_message.class.php', 'Message'); $edited_Message = new Message(); $edited_Message->text = $unsaved_message_params['message']; $edited_Message->original_text = $unsaved_message_params['message_original']; $edited_Message->set_renderers($unsaved_message_params['renderers']); $edited_Message->thread_ID = $thrd_ID; $action = $unsaved_message_params['action']; } break; case 'contacts': // Actions ONLY for disp=contacts if (!is_logged_in()) { // Redirect to the login page for anonymous users $Messages->add(T_('You must log in to manage your contacts.')); header_redirect(get_login_url('cannot see contacts'), 302); // will have exited } if (!$current_User->check_status('can_view_contacts')) { // user is logged in, but his status doesn't allow to view contacts if ($current_User->check_status('can_be_validated')) { // user is logged in but his/her account was not activated yet // Redirect to the account activation page $Messages->add(T_('You must activate your account before you can manage your contacts. <b>See below:</b>')); header_redirect(get_activate_info_url(), 302); // will have exited } // Redirect to the blog url for users without messaging permission $Messages->add('You are not allowed to view Contacts!'); $blogurl = $Blog->gen_blogurl(); // If it was a front page request or the front page is set to display 'contacts' then we must not redirect to the front page because it is forbidden for the current User $redirect_to = is_front_page() || $Blog->get_setting('front_disp') == 'contacts' ? url_add_param($blogurl, 'disp=403', '&') : $blogurl; header_redirect($redirect_to, 302); } if (has_cross_country_restriction('any') && empty($current_User->ctry_ID)) { // User may browse/contact other users only from the same country $Messages->add(T_('Please specify your country before attempting to contact other users.')); header_redirect(get_user_profile_url()); } // Get action parameter from request: $action = param_action(); if (!$current_User->check_perm('perm_messaging', 'reply')) { // Redirect to the blog url for users without messaging permission $Messages->add('You are not allowed to view Contacts!'); $blogurl = $Blog->gen_blogurl(); // If it was a front page request or the front page is set to display 'contacts' then we must not redirect to the front page because it is forbidden for the current User $redirect_to = is_front_page() || $Blog->get_setting('front_disp') == 'contacts' ? url_add_param($blogurl, 'disp=403', '&') : $blogurl; header_redirect($redirect_to, 302); // will have exited } switch ($action) { case 'add_user': // Add user to contacts list // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('messaging_contacts'); $user_ID = param('user_ID', 'integer', 0); if ($user_ID > 0) { // Add user to contacts if (create_contacts_user($user_ID)) { // Add user to the group $group_ID = param('group_ID', 'string', ''); if ($result = create_contacts_group_users($group_ID, $user_ID, 'group_ID_combo')) { // User has been added to the group $Messages->add(sprintf(T_('User has been added to the «%s» group.'), $result['group_name']), 'success'); } else { // User has been added ONLY to the contacts list $Messages->add('User has been added to your contacts.', 'success'); } } header_redirect($Blog->get('userurl', array('url_suffix' => 'user_ID=' . $user_ID, 'glue' => '&'))); } break; case 'unblock': // Unblock user // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('messaging_contacts'); $user_ID = param('user_ID', 'integer', 0); if ($user_ID > 0) { set_contact_blocked($user_ID, 0); $Messages->add(T_('Contact was unblocked.'), 'success'); } break; case 'remove_user': // Remove user from contacts group // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('messaging_contacts'); $view = param('view', 'string', 'profile'); $user_ID = param('user_ID', 'integer', 0); $group_ID = param('group_ID', 'integer', 0); if ($user_ID > 0 && $group_ID > 0) { // Remove user from selected group if (remove_contacts_group_user($group_ID, $user_ID)) { // User has been removed from the group if ($view == 'contacts') { // Redirect to the contacts list header_redirect($Blog->get('contactsurl', array('glue' => '&'))); } else { // Redirect to the user profile page header_redirect($Blog->get('userurl', array('url_suffix' => 'user_ID=' . $user_ID, 'glue' => '&'))); } } } break; case 'add_group': // Add users to the group // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('messaging_contacts'); $group = param('group', 'string', ''); $users = param('users', 'string', ''); if ($result = create_contacts_group_users($group, $users)) { // Users have been added to the group $Messages->add(sprintf(T_('%d contacts have been added to the «%s» group.'), $result['count_users'], $result['group_name']), 'success'); $redirect_to = $Blog->get('contactsurl', array('glue' => '&')); $item_ID = param('item_ID', 'integer', 0); if ($item_ID > 0) { $redirect_to = url_add_param($redirect_to, 'item_ID=' . $item_ID, '&'); } header_redirect($redirect_to); } break; case 'rename_group': // Rename the group // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('messaging_contacts'); $group_ID = param('group_ID', 'integer', true); if (rename_contacts_group($group_ID)) { $item_ID = param('item_ID', 'integer', 0); $redirect_to = url_add_param($Blog->get('contactsurl', array('glue' => '&')), 'g=' . $group_ID, '&'); if ($item_ID > 0) { $redirect_to = url_add_param($redirect_to, 'item_ID=' . $item_ID, '&'); } $Messages->add(T_('The group has been renamed.'), 'success'); header_redirect($redirect_to); } break; case 'delete_group': // Delete the group // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('messaging_contacts'); $group_ID = param('group_ID', 'integer', true); if (delete_contacts_group($group_ID)) { $item_ID = param('item_ID', 'integer', 0); $redirect_to = $Blog->get('contactsurl', array('glue' => '&')); if ($item_ID > 0) { $redirect_to = url_add_param($redirect_to, 'item_ID=' . $item_ID, '&'); } $Messages->add(T_('The group has been deleted.'), 'success'); header_redirect($redirect_to); } break; } modules_call_method('switch_contacts_actions', array('action' => $action)); break; case 'threads': // Actions ONLY for disp=threads if (!is_logged_in()) { // Redirect to the login page for anonymous users $Messages->add(T_('You must log in to read your messages.')); header_redirect(get_login_url('cannot see messages'), 302); // will have exited } if (!$current_User->check_status('can_view_threads')) { // user status does not allow to view threads if ($current_User->check_status('can_be_validated')) { // user is logged in but his/her account is not activate yet $Messages->add(T_('You must activate your account before you can read & send messages. <b>See below:</b>')); header_redirect(get_activate_info_url(), 302); // will have exited } $Messages->add('You are not allowed to view Messages!'); $blogurl = $Blog->gen_blogurl(); // If it was a front page request or the front page is set to display 'threads' then we must not redirect to the front page because it is forbidden for the current User $redirect_to = is_front_page() || $Blog->get_setting('front_disp') == 'threads' ? url_add_param($blogurl, 'disp=404', '&') : $blogurl; header_redirect($redirect_to, 302); // will have exited } if (!$current_User->check_perm('perm_messaging', 'reply')) { // Redirect to the blog url for users without messaging permission $Messages->add('You are not allowed to view Messages!'); $blogurl = $Blog->gen_blogurl(); // If it was a front page request or the front page is set to display 'threads' then we must not redirect to the front page because it is forbidden for the current User $redirect_to = is_front_page() || $Blog->get_setting('front_disp') == 'threads' ? url_add_param($blogurl, 'disp=403', '&') : $blogurl; header_redirect($redirect_to, 302); // will have exited } $action = param('action', 'string', 'view'); if ($action == 'new') { // Before new message form is displayed ... if (has_cross_country_restriction('contact') && empty($current_User->ctry_ID)) { // Cross country contact restriction is enabled, but user country is not set yet $Messages->add(T_('Please specify your country before attempting to contact other users.')); header_redirect(get_user_profile_url()); } elseif (check_create_thread_limit(true)) { // don't allow to create new thread, because the new thread limit was already reached set_param('action', 'view'); } } // Load classes load_class('messaging/model/_thread.class.php', 'Thread'); load_class('messaging/model/_message.class.php', 'Message'); // Get action parameter from request: $action = param_action('view'); switch ($action) { case 'new': // Check permission: $current_User->check_perm('perm_messaging', 'reply', true); global $edited_Thread, $edited_Message; $edited_Thread = new Thread(); $edited_Message = new Message(); $edited_Message->Thread =& $edited_Thread; modules_call_method('update_new_thread', array('Thread' => &$edited_Thread)); if (($unsaved_message_params = get_message_params_from_session()) !== NULL) { // set Message and Thread saved params from Session $edited_Message->text = $unsaved_message_params['message']; $edited_Message->original_text = $unsaved_message_params['message_original']; $edited_Message->set_renderers($unsaved_message_params['renderers']); $edited_Thread->title = $unsaved_message_params['subject']; $edited_Thread->recipients = $unsaved_message_params['thrd_recipients']; $edited_Message->Thread = $edited_Thread; global $thrd_recipients_array, $thrdtype, $action, $creating_success; $thrd_recipients_array = $unsaved_message_params['thrd_recipients_array']; $thrdtype = $unsaved_message_params['thrdtype']; $action = $unsaved_message_params['action']; $creating_success = !empty($unsaved_message_params['creating_success']) ? $unsaved_message_params['creating_success'] : false; } else { if (empty($edited_Thread->recipients)) { $edited_Thread->recipients = param('thrd_recipients', 'string', ''); } if (empty($edited_Thread->title)) { $edited_Thread->title = param('subject', 'string', ''); } } break; default: // Check permission: $current_User->check_perm('perm_messaging', 'reply', true); break; } break; } // Actions for disp = messages, contacts, threads: if (($msg_Blog =& get_setting_Blog('msg_blog_ID')) && $Blog->ID != $msg_Blog->ID) { // Redirect to special blog for messaging actions if it is defined in general settings $blog_url_params = array('glue' => '&'); if (!empty($thrd_ID)) { // Don't forget the important param on redirect $blog_url_params['url_suffix'] = 'thrd_ID=' . $thrd_ID; } header_redirect($msg_Blog->get($disp . 'url', $blog_url_params)); } // just in case some robot would be logged in: $seo_page_type = 'Messaging module'; $robots_index = false; // Display messages depending on user email status display_user_email_status_message(); break; case 'login': global $Plugins, $transmit_hashed_password; if (is_logged_in()) { // User is already logged in if ($current_User->check_status('can_be_validated')) { // account is not active yet, redirect to the account activation page $Messages->add(T_('You are logged in but your account is not activated. You will find instructions about activating your account below:')); header_redirect(get_activate_info_url(), 302); // will have exited } // User is already logged in, redirect to "redirect_to" page $Messages->add(T_('You are already logged in.'), 'note'); $redirect_to = param('redirect_to', 'url', NULL); if (empty($redirect_to)) { // If empty redirect to referer page $redirect_to = ''; } header_redirect($redirect_to, 302); // will have exited } if (($login_Blog =& get_setting_Blog('login_blog_ID')) && $Blog->ID != $login_Blog->ID) { // Redirect to special blog for login/register actions if it is defined in general settings header_redirect($login_Blog->get('loginurl', array('glue' => '&'))); } $seo_page_type = 'Login form'; $robots_index = false; break; case 'register': if (is_logged_in()) { // If user is logged in the register form should not be displayed. In this case redirect to the blog home page. $Messages->add(T_('You are already logged in.'), 'note'); header_redirect($Blog->gen_blogurl(), false); } if (($login_Blog =& get_setting_Blog('login_blog_ID')) && $Blog->ID != $login_Blog->ID) { // Redirect to special blog for login/register actions if it is defined in general settings header_redirect($login_Blog->get('registerurl', array('glue' => '&'))); } $seo_page_type = 'Register form'; $robots_index = false; // Check invitation code if it exists and registration is enabled global $display_invitation; $display_invitation = check_invitation_code(); break; case 'lostpassword': if (is_logged_in()) { // If user is logged in the lost password form should not be displayed. In this case redirect to the blog home page. $Messages->add(T_('You are already logged in.'), 'note'); header_redirect($Blog->gen_blogurl(), false); } if (($login_Blog =& get_setting_Blog('login_blog_ID')) && $Blog->ID != $login_Blog->ID) { // Redirect to special blog for login/register actions if it is defined in general settings header_redirect($login_Blog->get('lostpasswordurl', array('glue' => '&'))); } $seo_page_type = 'Lost password form'; $robots_index = false; break; case 'activateinfo': if (!is_logged_in()) { // Redirect to the login page for anonymous users $Messages->add(T_('You must log in before you can activate your account.')); header_redirect(get_login_url('cannot see messages'), 302); // will have exited } if (!$current_User->check_status('can_be_validated')) { // don't display activateinfo screen $after_email_validation = $Settings->get('after_email_validation'); if ($after_email_validation == 'return_to_original') { // we want to return to original page after account activation // check if Session 'validatemail.redirect_to' param is still set $redirect_to = $Session->get('core.validatemail.redirect_to'); if (empty($redirect_to)) { // Session param is empty try to get general redirect_to param $redirect_to = param('redirect_to', 'url', ''); } else { // cleanup validateemail.redirect_to param from session $Session->delete('core.validatemail.redirect_to'); } } else { // go to after email validation url which is set in the user general settings form $redirect_to = $after_email_validation; } if (empty($redirect_to) || preg_match('#disp=activateinfo#', $redirect_to)) { // redirect_to is pointing to the activate info display or is empty // redirect to referer page $redirect_to = ''; } if ($current_User->check_status('is_validated')) { $Messages->add(T_('Your account has already been activated.')); } header_redirect($redirect_to, 302); // will have exited } if (($login_Blog =& get_setting_Blog('login_blog_ID')) && $Blog->ID != $login_Blog->ID) { // Redirect to special blog for login/register actions if it is defined in general settings header_redirect($login_Blog->get('activateinfourl', array('glue' => '&'))); } break; case 'profile': case 'avatar': $action = param_action(); if ($action == 'crop' && is_logged_in()) { // Check data for crop action: global $current_User, $cropped_File; $file_ID = param('file_ID', 'integer'); if (!($cropped_File = $current_User->get_File_by_ID($file_ID, $error_code))) { // Current user cannot crop this file set_param('action', ''); } } case 'pwdchange': case 'userprefs': case 'subs': $seo_page_type = 'Special feature page'; if ($Blog->get_setting('special_noindex')) { // We prefer robots not to index these pages: $robots_index = false; } // Display messages depending on user email status display_user_email_status_message(); break; case 'users': if (!is_logged_in() && !$Settings->get('allow_anonymous_user_list')) { // Redirect to the login page if not logged in and allow anonymous user setting is OFF $Messages->add(T_('You must log in to view the user directory.')); header_redirect(get_login_url('cannot see user'), 302); // will have exited } if (is_logged_in() && !check_user_status('can_view_users')) { // user status doesn't permit to view users list if (check_user_status('can_be_validated')) { // user is logged in but his/her account is not active yet // Redirect to the account activation page $Messages->add(T_('You must activate your account before you can view the user directory. <b>See below:</b>')); header_redirect(get_activate_info_url(), 302); // will have exited } // set where to redirect $error_redirect_to = empty($Blog) ? $baseurl : $Blog->gen_blogurl(); $Messages->add(T_('Your account status currently does not permit to view the user directory.')); header_redirect($error_redirect_to, 302); // will have exited } if (has_cross_country_restriction('users', 'list') && empty($current_User->ctry_ID)) { // User may browse other users only from the same country $Messages->add(T_('Please specify your country before attempting to contact other users.')); header_redirect(get_user_profile_url()); } $seo_page_type = 'Users list'; $robots_index = false; break; case 'user': // get user_ID because we want it in redirect_to in case we need to ask for login. $user_ID = param('user_ID', 'integer', '', true); // set where to redirect in case of error $error_redirect_to = empty($Blog) ? $baseurl : $Blog->gen_blogurl(); if (!is_logged_in()) { // Redirect to the login page if not logged in and allow anonymous user setting is OFF $user_available_by_group_level = true; if (!empty($user_ID)) { $UserCache =& get_UserCache(); if ($User =& $UserCache->get_by_ID($user_ID, false)) { // If user exists we can check if the anonymous users have an access to view the user by group level limitation $User->get_Group(); $user_available_by_group_level = $User->Group->level >= $Settings->get('allow_anonymous_user_level_min') && $User->Group->level <= $Settings->get('allow_anonymous_user_level_max'); } } if (!$Settings->get('allow_anonymous_user_profiles') || !$user_available_by_group_level || empty($user_ID)) { // If this user is not available for anonymous users $Messages->add(T_('You must log in to view this user profile.')); header_redirect(get_login_url('cannot see user'), 302); // will have exited } } if (is_logged_in() && !check_user_status('can_view_user', $user_ID)) { // user is logged in, but his/her status doesn't permit to view user profile if (check_user_status('can_be_validated')) { // user is logged in but his/her account is not active yet // Redirect to the account activation page $Messages->add(T_('You must activate your account before you can view this user profile. <b>See below:</b>')); header_redirect(get_activate_info_url(), 302); // will have exited } $Messages->add(T_('Your account status currently does not permit to view this user profile.')); header_redirect($error_redirect_to, 302); // will have exited } if (!empty($user_ID)) { $UserCache =& get_UserCache(); $User =& $UserCache->get_by_ID($user_ID, false); if (empty($User)) { $Messages->add(T_('The requested user does not exist!')); header_redirect($error_redirect_to); // will have exited } if ($User->check_status('is_closed')) { $Messages->add(T_('The requested user account is closed!')); header_redirect($error_redirect_to); // will have exited } if (has_cross_country_restriction('any')) { if (empty($current_User->ctry_ID)) { // Current User country is not set $Messages->add(T_('Please specify your country before attempting to contact other users.')); header_redirect(get_user_profile_url()); // will have exited } if (has_cross_country_restriction('users', 'profile') && $current_User->ctry_ID !== $User->ctry_ID) { // Current user country is different then edited user country and cross country user browsing is not enabled. $Messages->add(T_('You don\'t have permission to view this user profile.')); header_redirect(url_add_param($error_redirect_to, 'disp=403', '&')); // will have exited } } } // Initialize users list from session cache in order to display prev/next links: // It is used to navigate between users load_class('users/model/_userlist.class.php', 'UserList'); global $UserList; $UserList = new UserList(); $UserList->memorize = false; $UserList->load_from_Request(); $seo_page_type = 'User display'; break; case 'edit': global $current_User, $post_ID; // Post ID, go from $_GET when we edit a post from Front-office // or from $_POST when we switch from Back-office $post_ID = param('p', 'integer', empty($post_ID) ? 0 : $post_ID, true); if (!is_logged_in()) { // Redirect to the login page if not logged in and allow anonymous user setting is OFF $redirect_to = url_add_param($Blog->gen_blogurl(), 'disp=edit'); $Messages->add(T_('You must log in to create & edit posts.')); header_redirect(get_login_url('cannot edit posts', $redirect_to), 302); // will have exited } if (!$current_User->check_status('can_edit_post')) { if ($current_User->check_status('can_be_validated')) { // user is logged in but his/her account was not activated yet // Redirect to the account activation page $Messages->add(T_('You must activate your account before you can create & edit posts. <b>See below:</b>')); header_redirect(get_activate_info_url(), 302); // will have exited } // Redirect to the blog url for users without messaging permission $Messages->add(T_('You are not allowed to create & edit posts!')); header_redirect($Blog->gen_blogurl(), 302); } // user logged in and the account was activated check_item_perm_edit($post_ID); if (!blog_has_cats($Blog->ID)) { // No categories are in this blog $error_message = T_('Since this blog has no categories, you cannot post into it.'); if ($current_User->check_perm('blog_cats', 'edit', false, $Blog->ID)) { // If current user has a permission to create a category global $admin_url; $error_message .= ' ' . sprintf(T_('You must <a %s>create categories</a> first.'), 'href="' . $admin_url . '?ctrl=chapters&blog=' . $Blog->ID . '"'); } $Messages->add($error_message, 'error'); header_redirect($Blog->gen_blogurl(), 302); } // Prepare the 'In-skin editing': init_inskin_editing(); break; case 'edit_comment': global $current_User, $edited_Comment, $comment_Item, $Item, $comment_title, $comment_content, $display_params; // comment ID $comment_ID = param('c', 'integer', 0, true); if (!is_logged_in()) { // Redirect to the login page if not logged in and allow anonymous user setting is OFF $redirect_to = url_add_param($Blog->gen_blogurl(), 'disp=edit_comment'); $Messages->add(T_('You must log in to edit comments.')); header_redirect(get_login_url('cannot edit comments', $redirect_to), 302); // will have exited } if (!$current_User->check_status('can_edit_comment')) { if ($current_User->check_status('can_be_validated')) { // user is logged in but his/her account was not activated yet // Redirect to the account activation page $Messages->add(T_('You must activate your account before you can edit comments. <b>See below:</b>')); header_redirect(get_activate_info_url(), 302); // will have exited } // Redirect to the blog url for users without messaging permission $Messages->add('You are not allowed to edit comments!'); header_redirect($Blog->gen_blogurl(), 302); } if (empty($comment_ID)) { // Can't edit a not exisiting comment $Messages->add('Invalid comment edit URL!'); global $disp; $disp = 404; break; } $CommentCache =& get_CommentCache(); $edited_Comment = $CommentCache->get_by_ID($comment_ID); $comment_Item = $edited_Comment->get_Item(); if (!$current_User->check_perm('comment!CURSTATUS', 'edit', false, $edited_Comment)) { // If User has no permission to edit comments with this comment status: $Messages->add('You are not allowed to edit the previously selected comment!'); header_redirect($Blog->gen_blogurl(), 302); } $comment_title = ''; $comment_content = htmlspecialchars_decode($edited_Comment->content); // Format content for editing, if we were not already in editing... $Plugins_admin =& get_Plugins_admin(); $comment_Item->load_Blog(); $params = array('object_type' => 'Comment', 'object_Blog' => &$comment_Item->Blog); $Plugins_admin->unfilter_contents($comment_title, $comment_content, $edited_Comment->get_renderers_validated(), $params); $Item = $comment_Item; $display_params = array(); break; case 'useritems': case 'usercomments': global $display_params, $viewed_User; // get user_ID because we want it in redirect_to in case we need to ask for login. $user_ID = param('user_ID', 'integer', true, true); if (empty($user_ID)) { bad_request_die(sprintf(T_('Parameter «%s» is required!'), 'user_ID')); } // set where to redirect in case of error $error_redirect_to = empty($Blog) ? $baseurl : $Blog->gen_blogurl(); if (!is_logged_in()) { // Redirect to the login page if not logged in and allow anonymous user setting is OFF $Messages->add(T_('You must log in to view this user profile.')); header_redirect(get_login_url('cannot see user'), 302); // will have exited } if (is_logged_in() && !check_user_status('can_view_user', $user_ID)) { // user is logged in, but his/her status doesn't permit to view user profile if (check_user_status('can_be_validated')) { // user is logged in but his/her account is not active yet // Redirect to the account activation page $Messages->add(T_('You must activate your account before you can view this user profile. <b>See below:</b>')); header_redirect(get_activate_info_url(), 302); // will have exited } $Messages->add(T_('Your account status currently does not permit to view this user profile.')); header_redirect($error_redirect_to, 302); // will have exited } if (!empty($user_ID)) { $UserCache =& get_UserCache(); $viewed_User = $UserCache->get_by_ID($user_ID, false); if (empty($viewed_User)) { $Messages->add(T_('The requested user does not exist!')); header_redirect($error_redirect_to); // will have exited } if ($viewed_User->check_status('is_closed')) { $Messages->add(T_('The requested user account is closed!')); header_redirect($error_redirect_to); // will have exited } } $display_params = !empty($Skin) ? $Skin->get_template('Results') : NULL; if ($disp == 'useritems') { // Init items list global $user_ItemList; $useritems_Blog = NULL; $user_ItemList = new ItemList2($useritems_Blog, NULL, NULL, NULL, 'ItemCache', 'useritems_'); $user_ItemList->load_from_Request(); $user_ItemList->set_filters(array('authors' => $user_ID), true, true); $user_ItemList->query(); } else { // Init comments list global $user_CommentList; $user_CommentList = new CommentList2(NULL, NULL, 'CommentCache', 'usercmts_'); $user_CommentList->load_from_Request(); $user_CommentList->set_filters(array('author_IDs' => $user_ID), true, true); $user_CommentList->query(); } break; case 'comments': if (!$Blog->get_setting('comments_latest')) { // If latest comments page is disabled - Display 404 page with error message $Messages->add(T_('This feature is disabled.'), 'error'); global $disp; $disp = '404'; } break; case 'closeaccount': global $current_User; if (!$Settings->get('account_close_enabled') || is_logged_in() && $current_User->check_perm('users', 'edit', false) || !is_logged_in() && !$Session->get('account_closing_success')) { // If an account closing page is disabled - Display 404 page with error message // Don't allow admins close own accounts from front office // Don't display this message for not logged in users, except of one case to display a bye message after account closing global $disp; $disp = '404'; } elseif ($Session->get('account_closing_success')) { // User has closed the account global $account_closing_success; $account_closing_success = $Session->get('account_closing_success'); // Unset this temp session var to don't display the message twice $Session->delete('account_closing_success'); if (is_logged_in()) { // log out current User logout(); } } break; case 'tags': $seo_page_type = 'Tags'; if ($Blog->get_setting($disp . '_noindex')) { // We prefer robots not to index these pages: $robots_index = false; } break; } $Debuglog->add('skin_init: $disp=' . $disp . ' / $disp_detail=' . $disp_detail . ' / $seo_page_type=' . $seo_page_type, 'skins'); // Make this switch block special only for 404 page switch ($disp) { case '404': // We have a 404 unresolved content error // How do we want do deal with it? skin_404_header(); // This MAY or MAY not have exited -- will exit on 30x redirect, otherwise will return here. // Just in case some dumb robot needs extra directives on this: $robots_index = false; break; } global $Hit, $check_browser_version; if ($check_browser_version && $Hit->get_browser_version() > 0 && $Hit->is_IE(9, '<')) { // Display info message if browser IE < 9 version and it is allowed by config var: global $debug; $Messages->add(T_('Your web browser is too old. For this site to work correctly, we recommend you use a more recent browser.'), 'note'); if ($debug) { $Messages->add('User Agent: ' . $Hit->get_user_agent(), 'note'); } } // dummy var for backward compatibility with versions < 2.4.1 -- prevents "Undefined variable" global $global_Cache, $credit_links; $credit_links = $global_Cache->get('creds'); $Timer->pause('skin_init'); // Check if user is logged in with a not active account, and display an error message if required check_allow_disp($disp); // initialize Blog enabled widgets, before displaying anything init_blog_widgets($Blog->ID); // Initialize displaying.... $Timer->start('Skin:display_init'); $Skin->display_init(); $Timer->pause('Skin:display_init'); // Send default headers: // See comments inside of this function: headers_content_mightcache('text/html'); // In most situations, you do NOT want to cache dynamic content! // Never allow Messages to be cached! if ($Messages->count() && !empty($PageCache)) { // Abort PageCache collect $PageCache->abort_collect(); } }
function user_pm($user_ID, $user_login) { global $current_User; if ($user_ID == $current_User->ID) { return ' '; } $UserCache =& get_UserCache(); $User =& $UserCache->get_by_ID($user_ID); if ($User && $User->get_msgform_possibility() == 'PM') { // return new pm link only, if current User may send private message to User return action_icon(T_('Private Message') . ': ' . $user_login, 'comments', '?ctrl=threads&action=new&user_login='******''; }
if (!$current_User->check_perm('users', 'view')) { // User has no permissions to view: he can only edit his profile if (isset($user_ID) && $user_ID != $current_User->ID) { // User is trying to edit something he should not: add error message (Should be prevented by UI) $Messages->add(T_('You have no permission to view other users!'), 'error'); } // Make sure the user only edits himself: $user_ID = $current_User->ID; if (!in_array($action, array('update', 'edit', 'default_settings', 'change_admin_skin'))) { header_redirect(regenerate_url('ctrl,action', 'ctrl=user&action=edit&user_ID=' . $user_ID, '', '&')); } } /* * Load editable objects and set $action (while checking permissions) */ $UserCache =& get_UserCache(); if (!is_null($user_ID)) { // User selected if (($edited_User =& $UserCache->get_by_ID($user_ID, false)) === false) { // We could not find the User to edit: unset($edited_User); forget_param('user_ID'); $Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('User')), 'error'); $action = 'list'; } elseif ($action == 'list') { // 'list' is default, $user_ID given if ($user_ID == $current_User->ID || $current_User->check_perm('users', 'edit')) { $action = 'edit'; } else { $action = 'view'; }
/** * Load blogs a user has permissions for. * * @param string permission: 'member' (default), 'browse' (files) * @param string * @param integer user ID * @return array The blog IDs */ function load_user_blogs($permname = 'blog_ismember', $permlevel = 'view', $user_ID = NULL, $order_by = '', $order_dir = '', $limit = NULL) { global $DB, $Settings, $Debuglog; $Debuglog->add("Loading <strong>{$this->objtype}(permission: {$permname})</strong> into cache", 'dataobjects'); if ($order_by == '') { // Use default value from settings $order_by = $Settings->get('blogs_order_by'); } if ($order_dir == '') { // Use default value from settings $order_dir = $Settings->get('blogs_order_dir'); } if (is_null($user_ID)) { global $current_User; $user_ID = $current_User->ID; $for_User = $current_User; } else { $UserCache =& get_UserCache(); $for_User =& $UserCache->get_by_ID($user_ID); } $for_User->get_Group(); // ensure Group is set $Group = $for_User->Group; // First check if we have a global access perm: if ($Group->check_perm('blogs', $permlevel)) { // If group grants a global permission: $this->load_all($order_by, $order_dir); return $this->get_ID_array(); } // Note: We only JOIN in the advanced perms if any given blog has them enabled, // otherwise they are ignored! $sql = "SELECT DISTINCT T_blogs.*\n\t\t FROM T_blogs LEFT JOIN T_coll_user_perms ON (blog_advanced_perms <> 0\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tAND blog_ID = bloguser_blog_ID\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tAND bloguser_user_ID = {$user_ID} )\n\t\t \t\t LEFT JOIN T_coll_group_perms ON (blog_advanced_perms <> 0\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tAND blog_ID = bloggroup_blog_ID\n\t\t \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tAND bloggroup_group_ID = {$Group->ID} )\n\t\t WHERE "; if ($permname != 'blog_admin') { // Only the admin perm is not convered by being the owner of the blog: $sql .= "blog_owner_user_ID = {$user_ID} "; } switch ($permname) { case 'blog_ismember': $sql .= "OR bloguser_ismember <> 0\n\t\t\t\t\t\t\t\t OR bloggroup_ismember <> 0"; break; case 'blog_post_statuses': $sql .= "OR bloguser_perm_poststatuses <> ''\n\t\t\t\t\t\t\t OR bloggroup_perm_poststatuses <> ''"; break; case 'blog_comments': // user needs to have permission for at least one kind of comments $sql .= "OR bloguser_perm_cmtstatuses <> ''\n\t\t\t\t\t\tOR bloggroup_perm_cmtstatuses <> ''"; break; case 'stats': $permname = 'blog_properties'; // TEMP // TEMP case 'blog_cats': case 'blog_properties': case 'blog_admin': case 'blog_media_browse': $short_permname = substr($permname, 5); $sql .= "OR bloguser_perm_{$short_permname} <> 0\n\t\t\t\t\t\t\t\t OR bloggroup_perm_{$short_permname} <> 0"; break; default: debug_die('BlogCache::load_user_blogs() : Unsupported perm [' . $permname . ']!'); } $sql .= " ORDER BY " . gen_order_clause($order_by, $order_dir, $this->dbprefix, $this->dbIDname); if ($limit) { $sql .= " LIMIT {$limit}"; } foreach ($DB->get_results($sql, OBJECT, 'Load user blog list') as $row) { // Instantiate a custom object $this->instantiate($row); } return $DB->get_col(NULL, 0); }