Пример #1
0
/**
* Returns the content of a given staticpage
*
* @author   mystral-kk - geeklog AT mystral-kk DOT net
* @license  GPL v2
* @param    $sp_id  string  an id of a staticpage
* @return           string  the content of the staticpage
*/
function CUSTOM_getStaticpage($sp_id)
{
    global $_TABLES, $_PLUGINS, $_SP_CONF, $LANG_STATIC;
    $retval = '';
    if (!in_array('staticpages', $_PLUGINS)) {
        return $retval;
    }
    $sql = "SELECT sp_php, sp_content FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '" . addslashes($sp_id) . "') " . "AND " . SP_getPerms();
    $result = DB_query($sql);
    if (DB_error() or DB_numRows($result) == 0) {
        return $retval;
    } else {
        $A = DB_fetchArray($result);
        $sp_php = $A['sp_php'];
        $sp_content = stripslashes($A['sp_content']);
    }
    if ($_SP_CONF['allow_php'] == 1) {
        // Check for type (i.e. html or php)
        if ($sp_php == 1) {
            $retval .= eval($sp_content);
        } else {
            if ($sp_php == 2) {
                ob_start();
                eval($sp_content);
                $retval .= ob_get_contents();
                ob_end_clean();
            } else {
                $retval .= PLG_replacetags($sp_content);
            }
        }
    } else {
        if ($sp_php != 0) {
            COM_errorLog("PHP in static pages is disabled.  Cannot display page '{$sp_id}'.", 1);
            $retval .= $LANG_STATIC['deny_msg'];
        } else {
            $retval .= $sp_content;
        }
    }
    return $retval;
}
Пример #2
0
/**
 * Get an existing static page
 *
 * @param   array   args    Contains all the data provided by the client
 * @param   string  &output OUTPUT parameter containing the returned text
 * @param   string  &svc_msg OUTPUT parameter containing any service messages
 * @return  int		    Response code as defined in lib-plugins.php
 */
function service_get_staticpages($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_SP_CONF;
    $output = '';
    $svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
    if (empty($args['sp_id']) && !empty($args['id'])) {
        $args['sp_id'] = $args['id'];
    }
    if ($args['gl_svc']) {
        if (isset($args['sp_id'])) {
            $args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
        }
        if (isset($args['mode'])) {
            $args['mode'] = COM_applyBasicFilter($args['mode']);
        }
        if (empty($args['sp_id'])) {
            $svc_msg['gl_feed'] = true;
        } else {
            $svc_msg['gl_feed'] = false;
        }
    } else {
        $svc_msg['gl_feed'] = false;
    }
    if (!$svc_msg['gl_feed']) {
        $page = '';
        if (isset($args['sp_id'])) {
            $page = $args['sp_id'];
        }
        $mode = '';
        if (isset($args['mode'])) {
            $mode = $args['mode'];
        }
        $error = 0;
        if ($page == '') {
            $error = 1;
        }
        $perms = SP_getPerms();
        if (!empty($perms)) {
            $perms = ' AND ' . $perms;
        }
        $sql = "SELECT sp_title,sp_content,sp_hits,sp_date,sp_format," . "commentcode,sp_uid,owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}') AND (sp_status = 1)" . $perms;
        $result = DB_query($sql);
        $count = DB_numRows($result);
        if ($count == 0 || $count > 1) {
            $error = 1;
        }
        if (!$error) {
            $output = DB_fetchArray($result, false);
            // WE ASSUME $output doesn't have any confidential fields
            if ($mode !== 'autotag') {
                $_CONF['pagetitle'] = $output['sp_title'];
            }
        } else {
            // an error occured (page not found, access denied, ...)
            if (empty($page)) {
                $failflg = 0;
            } else {
                $failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id='{$page}'");
            }
            if ($failflg) {
                if ($mode !== 'autotag') {
                    $output = COM_siteHeader('menu');
                }
                $output .= SEC_loginRequiredForm();
                if ($mode !== 'autotag') {
                    $output .= COM_siteFooter();
                }
            } else {
                if ($mode !== 'autotag') {
                    COM_404();
                }
            }
            return PLG_RET_ERROR;
        }
        if ($args['gl_svc']) {
            // This date format is PHP 5 only,
            // but only the web-service uses the value
            $output['published'] = date('c', strtotime($output['sp_date']));
            $output['updated'] = date('c', strtotime($output['sp_date']));
            $output['id'] = $page;
            $output['title'] = $output['sp_title'];
            $output['category'] = array($output['sp_tid']);
            $output['content'] = $output['sp_content'];
            $output['content_type'] = 'html';
            $output['author_name'] = DB_getItem($_TABLES['users'], 'username', 'uid=' . (int) $output['owner_id']);
            $output['link_edit'] = $page;
        }
    } else {
        $output = array();
        $mode = '';
        if (isset($args['mode'])) {
            $mode = $args['mode'];
        }
        $perms = SP_getPerms();
        if (!empty($perms)) {
            $perms = ' AND ' . $perms;
        }
        $offset = 0;
        if (isset($args['offset'])) {
            $offset = COM_applyBasicFilter($args['offset'], true);
        }
        $max_items = $_SP_CONF['atom_max_items'] + 1;
        $limit = " LIMIT {$offset}, {$max_items}";
        $order = " ORDER BY sp_date DESC";
        $sql = "SELECT sp_id,sp_title,sp_content,sp_hits,sp_date,sp_format,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} WHERE (sp_status = 1)" . $perms . $order . $limit;
        $result = DB_query($sql);
        $count = 0;
        while (($output_item = DB_fetchArray($result, false)) !== false) {
            // WE ASSUME $output doesn't have any confidential fields
            $count += 1;
            if ($count == $max_items) {
                $svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items'];
                break;
            }
            if ($args['gl_svc']) {
                // This date format is PHP 5 only, but only the web-service uses the value
                $output_item['published'] = date('c', strtotime($output_item['sp_date']));
                $output_item['updated'] = date('c', strtotime($output_item['sp_date']));
                $output_item['id'] = $output_item['sp_id'];
                $output_item['title'] = $output_item['sp_title'];
                $output_item['category'] = array($output_item['sp_tid']);
                $output_item['content'] = $output_item['sp_content'];
                $output_item['content_type'] = 'html';
                $output_item['author_name'] = DB_getItem($_TABLES['users'], 'username', 'uid=' . (int) $output['owner_id']);
            }
            $output[] = $output_item;
        }
    }
    return PLG_RET_OK;
}
Пример #3
0
/**
 * Get an existing static page
 *
 * @param   array   args    Contains all the data provided by the client
 * @param   string  &output OUTPUT parameter containing the returned text
 * @param   string  &svc_msg OUTPUT parameter containing any service messages
 * @return  int		    Response code as defined in lib-plugins.php
 */
function service_get_staticpages($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_SP_CONF;
    $output = '';
    $svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'draft_flag', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
    if (empty($args['sp_id']) && !empty($args['id'])) {
        $args['sp_id'] = $args['id'];
    }
    if ($args['gl_svc']) {
        if (isset($args['sp_id'])) {
            $args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
        }
        if (isset($args['mode'])) {
            $args['mode'] = COM_applyBasicFilter($args['mode']);
        }
        if (empty($args['sp_id'])) {
            $svc_msg['gl_feed'] = true;
        } else {
            $svc_msg['gl_feed'] = false;
        }
    } else {
        $svc_msg['gl_feed'] = false;
    }
    if (!$svc_msg['gl_feed']) {
        $page = '';
        if (isset($args['sp_id'])) {
            $page = $args['sp_id'];
        }
        $mode = '';
        if (isset($args['mode'])) {
            $mode = $args['mode'];
        }
        $error = 0;
        if ($page == '') {
            $error = 1;
        }
        $perms = SP_getPerms();
        if (!SEC_hasRights('staticpages.edit')) {
            if (!empty($perms)) {
                $perms .= ' AND';
            }
            $perms .= '(draft_flag = 0)';
        }
        if (!empty($perms)) {
            $perms = ' AND ' . $perms;
        }
        $sql = array();
        $sql['mysql'] = "SELECT sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}')" . $perms;
        $sql['mssql'] = "SELECT sp_title,sp_page_title," . "CAST(sp_content AS text) AS sp_content,sp_hits," . "created,modified,sp_format,commentcode," . "CAST(meta_description AS text) AS meta_description," . "CAST(meta_keywords AS text) AS meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group,perm_members," . "perm_anon,sp_tid,sp_help,sp_php,sp_inblock " . "FROM {$_TABLES['staticpage']} WHERE (sp_id = '{$page}')" . $perms;
        $sql['pgsql'] = "SELECT sp_title,sp_page_title,sp_content,sp_hits," . "created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}')" . $perms;
        $result = DB_query($sql);
        $count = DB_numRows($result);
        if ($count == 0 || $count > 1) {
            $error = 1;
        }
        if (!$error) {
            $output = DB_fetchArray($result, false);
            // WE ASSUME $output doesn't have any confidential fields
            if ($output['template_id'] != '') {
                $retval = '';
                $mode = '';
                $xmlObject = simplexml_load_string($output['sp_content']);
                // create array of XML data
                $tag = array();
                foreach ($xmlObject->variable as $variable) {
                    $key = $variable["name"] . '';
                    $value = $variable->data;
                    $tag[$key] = $value;
                }
                // Loop through variables to replace any autotags first
                foreach ($tag as &$value) {
                    $value = PLG_replaceTags($value);
                }
                $args = array('sp_id' => $output['template_id'], 'mode' => $mode, 'gl_svc' => '');
                $svc_msg = array();
                if (PLG_invokeService('staticpages', 'get', $args, $retval, $svc_msg) == PLG_RET_OK) {
                    $retval['sp_content'] = str_replace(array_keys($tag), array_values($tag), $retval['sp_content']);
                    $output['sp_content'] = $retval['sp_content'];
                }
            }
        } else {
            // an error occured (page not found, access denied, ...)
            /**
             * if the user has edit permissions and the page does not exist,
             * send them to the editor so they can create it "wiki style"
             */
            $create_page = false;
            if ($mode !== 'autotag' && $count == 0 && SEC_hasRights('staticpages.edit')) {
                // check again without permissions
                if (DB_count($_TABLES['staticpage'], 'sp_id', $page) == 0) {
                    $url = $_CONF['site_admin_url'] . '/plugins/staticpages/index.php?mode=edit&sp_new_id=' . $page . '&msg=21';
                    $output = COM_refresh($url);
                    $create_page = true;
                }
            }
            if (!$create_page) {
                if (empty($page)) {
                    $failflg = 0;
                } else {
                    $failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id = '{$page}'");
                }
                if ($failflg) {
                    if ($mode !== 'autotag') {
                        $output = COM_siteHeader('menu');
                    }
                    $output .= SEC_loginRequiredForm();
                    if ($mode !== 'autotag') {
                        $output .= COM_siteFooter(true);
                    }
                } else {
                    if ($mode !== 'autotag') {
                        $output = COM_siteHeader('menu');
                    }
                    $output .= COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header'));
                    $output .= $LANG_STATIC['deny_msg'];
                    $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
                    if ($mode !== 'autotag') {
                        $output .= COM_siteFooter(true);
                    }
                }
            }
            return PLG_RET_ERROR;
        }
        if ($args['gl_svc']) {
            // This date format is PHP 5 only,
            // but only the web-service uses the value
            $output['published'] = date('c', strtotime($output['created']));
            $output['updated'] = date('c', strtotime($output['modified']));
            $output['id'] = $page;
            $output['title'] = $output['sp_title'];
            $output['page_title'] = $output['sp_page_title'];
            $output['category'] = array($output['sp_tid']);
            $output['content'] = $output['sp_content'];
            $output['content_type'] = 'html';
            $owner_data = SESS_getUserDataFromId($output['owner_id']);
            $output['author_name'] = $owner_data['username'];
            $output['link_edit'] = $page;
        }
    } else {
        $output = array();
        $mode = '';
        if (isset($args['mode'])) {
            $mode = $args['mode'];
        }
        $perms = SP_getPerms();
        if (!empty($perms)) {
            $perms = ' WHERE ' . $perms;
        }
        $offset = 0;
        if (isset($args['offset'])) {
            $offset = COM_applyBasicFilter($args['offset'], true);
        }
        $max_items = $_SP_CONF['atom_max_items'] + 1;
        $limit = " LIMIT {$offset}, {$max_items}";
        $order = " ORDER BY modified DESC";
        $sql = array();
        $sql['mysql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
        $sql['mssql'] = "SELECT sp_id,sp_title,sp_page_title,CAST(sp_content AS text) AS sp_content,sp_hits," . "created,modified,sp_format,CAST(meta_description AS text) AS meta_description,CAST(meta_keywords AS text) AS meta_keywords,template_flag,template_id,draft_flag,owner_id,group_id,perm_owner,perm_group,perm_members," . "perm_anon,sp_tid,sp_help,sp_php,sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
        $sql['pgsql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
        $result = DB_query($sql);
        $count = 0;
        while (($output_item = DB_fetchArray($result, false)) !== false) {
            // WE ASSUME $output doesn't have any confidential fields
            $count += 1;
            if ($count == $max_items) {
                $svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items'];
                break;
            }
            if ($args['gl_svc']) {
                // This date format is PHP 5 only, but only the web-service uses the value
                $output_item['published'] = date('c', strtotime($output_item['created']));
                $output_item['updated'] = date('c', strtotime($output_item['modified']));
                $output_item['id'] = $output_item['sp_id'];
                $output_item['title'] = $output_item['sp_title'];
                $output_item['page_title'] = $output_item['sp_page_title'];
                $output_item['category'] = array($output_item['sp_tid']);
                $output_item['content'] = $output_item['sp_content'];
                $output_item['content_type'] = 'html';
                $owner_data = SESS_getUserDataFromId($output_item['owner_id']);
                $output_item['author_name'] = $owner_data['username'];
            }
            $output[] = $output_item;
        }
    }
    return PLG_RET_OK;
}
Пример #4
0
if ($display_mode != 'print') {
    $display_mode = '';
}
$msg = 0;
if (isset($_GET['msg'])) {
    $msg = COM_applyFilter($_GET['msg'], true);
    if ($msg <= 0) {
        $msg = 0;
    }
}
// Handle just template staticpage security here, rest done in services.
// Cannot view template staticpages directly. If template staticpage bail here
// if user doesn't have edit rights.
if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$page}'") == 1) {
    if (SEC_hasRights('staticpages.edit')) {
        $perms = SP_getPerms('', '3');
        if (!empty($perms)) {
            $perms = ' AND ' . $perms;
        }
        if (DB_getItem($_TABLES['staticpage'], 'sp_id', "sp_id = '{$page}'" . $perms) == '') {
            COM_handle404();
            exit;
        }
    } else {
        COM_handle404();
        exit;
    }
}
$retval = SP_returnStaticpage($page, $display_mode, $comment_order, $comment_mode, $comment_page, $msg, $query);
if ($display_mode == 'print') {
    header('Content-Type: text/html; charset=' . COM_getCharset());
Пример #5
0
/**
* List all template static pages. For use with a dropdown.
*
* @retun    string      HTML for the list
*
*/
function templatelist($selected = '')
{
    global $_TABLES;
    $retval = '';
    $perms = SP_getPerms();
    if (!empty($perms)) {
        $perms = ' AND ' . $perms;
    }
    $sql = "SELECT sp_id, sp_title FROM {$_TABLES['staticpage']} WHERE template_flag = 1 AND (draft_flag = 0)" . $perms . " ORDER BY sp_title";
    $result = DB_query($sql);
    $nrows = DB_numRows($result);
    if ($nrows > 0) {
        for ($i = 0; $i < $nrows; $i++) {
            $A = DB_fetchArray($result);
            $retval .= '<option value="' . $A['sp_id'] . '"';
            if ($A['sp_id'] == $selected) {
                $retval .= ' selected="selected"';
            }
            $retval .= '>' . $A['sp_title'] . '</option>';
        }
    }
    return $retval;
}
Пример #6
0
/**
 * Get an existing static page
 *
 * @param   array   args    Contains all the data provided by the client
 * @param   string  &output OUTPUT parameter containing the returned text
 * @param   string  &svc_msg OUTPUT parameter containing any service messages
 * @return  int         Response code as defined in lib-plugins.php
 */
function service_get_staticpages($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_SP_CONF, $topic;
    $output = '';
    $svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'draft_flag', 'cache_time', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
    if (empty($args['sp_id']) && !empty($args['id'])) {
        $args['sp_id'] = $args['id'];
    }
    if ($args['gl_svc']) {
        if (isset($args['sp_id'])) {
            $args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
        }
        if (isset($args['mode'])) {
            $args['mode'] = COM_applyBasicFilter($args['mode']);
        }
        if (empty($args['sp_id'])) {
            $svc_msg['gl_feed'] = true;
        } else {
            $svc_msg['gl_feed'] = false;
        }
    } else {
        $svc_msg['gl_feed'] = false;
    }
    if (!$svc_msg['gl_feed']) {
        $page = '';
        if (isset($args['sp_id'])) {
            $page = $args['sp_id'];
        }
        $mode = '';
        if (isset($args['mode'])) {
            $mode = $args['mode'];
        }
        $error = 0;
        if ($page == '') {
            $error = 1;
        }
        $perms = SP_getPerms();
        if (!SEC_hasRights('staticpages.edit')) {
            if (!empty($perms)) {
                $perms .= ' AND';
            }
            $perms .= '(draft_flag = 0)';
        }
        if (!empty($perms)) {
            $perms = ' AND ' . $perms;
        }
        // Topic Permissions
        $topic_perms = COM_getTopicSQL('', 0, 'ta');
        if ($topic_perms != "") {
            $topic_perms = " AND (" . $topic_perms . "";
            if (COM_onFrontpage()) {
                $topic_perms .= " OR (ta.tid = '" . TOPIC_HOMEONLY_OPTION . "' OR ta.tid = '" . TOPIC_ALL_OPTION . "'))";
            } else {
                // $topic_perms .= " OR ta.tid = '" . TOPIC_ALL_OPTION . "')";
                $topic_perms .= " OR (ta.tid = '" . TOPIC_HOMEONLY_OPTION . "' OR ta.tid = '" . TOPIC_ALL_OPTION . "'))";
            }
        }
        $topic_perms .= " GROUP BY sp_id";
        $sql = array();
        $sql['mysql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . "FROM {$_TABLES['staticpage']}, {$_TABLES['topic_assignments']} ta " . "WHERE (sp_id = '{$page}')" . $perms . " AND ta.type = 'staticpages' AND ta.id = sp_id " . $topic_perms;
        $sql['pgsql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits," . "created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . "sp_inblock FROM {$_TABLES['staticpage']}, {$_TABLES['topic_assignments']} ta " . "WHERE (sp_id = '{$page}')" . $perms . " AND ta.type = 'staticpages' AND ta.id = sp_id " . $topic_perms;
        $result = DB_query($sql);
        $count = DB_numRows($result);
        if ($count == 0 || $count > 1) {
            $error = 1;
        }
        if (!$error) {
            $output = DB_fetchArray($result, false);
            $page = $output['sp_id'];
            // reset page id so case mimics id perfectly since this affects the cache file and canonical link
            // WE ASSUME $output doesn't have any confidential fields
            // Generate output now (omly if not grabing a template since template is combined with variables first and then generated)
            if (!isset($args['template'])) {
                $output['sp_content'] = SP_render_content($page, $output['sp_content'], $output['sp_php'], $output['cache_time'], $output['template_id']);
            }
        } else {
            // an error occured (page not found, access denied, ...)
            /**
             * if the user has edit permissions and the page does not exist,
             * send them to the editor so they can create it "wiki style"
             */
            $create_page = false;
            if ($mode !== 'autotag' && $count == 0 && SEC_hasRights('staticpages.edit')) {
                // check again without permissions
                if (DB_count($_TABLES['staticpage'], 'sp_id', $page) == 0) {
                    $url = $_CONF['site_admin_url'] . '/plugins/staticpages/index.php?mode=edit&sp_new_id=' . $page . '&msg=21';
                    $output = COM_refresh($url);
                    $create_page = true;
                }
            }
            if (!$create_page) {
                if (empty($page)) {
                    $failflg = 0;
                } else {
                    $failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id = '{$page}'");
                }
                if ($failflg) {
                    $output .= SEC_loginRequiredForm();
                    if ($mode !== 'autotag') {
                        $output = COM_createHTMLDocument($output, array('rightblock' => true));
                    }
                } else {
                    if ($mode !== 'autotag') {
                        COM_handle404();
                    }
                }
            }
            return PLG_RET_ERROR;
        }
        if ($args['gl_svc']) {
            // This date format is PHP 5 only,
            // but only the web-service uses the value
            $output['published'] = date('c', strtotime($output['created']));
            $output['updated'] = date('c', strtotime($output['modified']));
            $output['id'] = $page;
            $output['title'] = $output['sp_title'];
            $output['page_title'] = $output['sp_page_title'];
            $output['category'] = TOPIC_getTopicIdsForObject('staticpages', $page);
            $output['content'] = $output['sp_content'];
            $output['content_type'] = 'html';
            $owner_data = SESS_getUserDataFromId($output['owner_id']);
            $output['author_name'] = $owner_data['username'];
            $output['link_edit'] = $page;
        }
    } else {
        $output = array();
        $mode = '';
        if (isset($args['mode'])) {
            $mode = $args['mode'];
        }
        $perms = SP_getPerms();
        if (!empty($perms)) {
            $perms = ' WHERE ' . $perms;
        }
        $offset = 0;
        if (isset($args['offset'])) {
            $offset = COM_applyBasicFilter($args['offset'], true);
        }
        $max_items = $_SP_CONF['atom_max_items'] + 1;
        $limit = " LIMIT {$offset}, {$max_items}";
        $order = " ORDER BY modified DESC";
        $sql = array();
        $sql['mysql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . " FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
        $sql['pgsql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_help,sp_php,sp_inblock,cache_time " . "FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
        $result = DB_query($sql);
        $count = 0;
        while (($output_item = DB_fetchArray($result, false)) !== false) {
            // WE ASSUME $output doesn't have any confidential fields
            $count++;
            if ($count == $max_items) {
                $svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items'];
                break;
            }
            if ($args['gl_svc']) {
                // This date format is PHP 5 only, but only the web-service uses the value
                $output_item['published'] = date('c', strtotime($output_item['created']));
                $output_item['updated'] = date('c', strtotime($output_item['modified']));
                $output_item['id'] = $output_item['sp_id'];
                $output_item['title'] = $output_item['sp_title'];
                $output_item['page_title'] = $output_item['sp_page_title'];
                //$output_item['category']     = array($output_item['sp_tid']);
                $output_item['category'] = TOPIC_getTopicIdsForObject('staticpages', $page);
                //$output_item['content']      = $output_item['sp_content'];
                $output['content'] = SP_render_content($output['sp_id'], $output['sp_content'], $output['sp_php'], $output['cache_time'], $output['template_id']);
                $output_item['content_type'] = 'html';
                $owner_data = SESS_getUserDataFromId($output_item['owner_id']);
                $output_item['author_name'] = $owner_data['username'];
            }
            $output[] = $output_item;
        }
    }
    return PLG_RET_OK;
}
Пример #7
0
/**
 * Get an existing static page
 *
 * @param   array   args    Contains all the data provided by the client
 * @param   string  &output OUTPUT parameter containing the returned text
 * @param   string  &svc_msg OUTPUT parameter containing any service messages
 * @return  int		    Response code as defined in lib-plugins.php
 */
function service_get_staticpages($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_SP_CONF;
    $output = '';
    $svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
    if (empty($args['sp_id']) && !empty($args['id'])) {
        $args['sp_id'] = $args['id'];
    }
    if ($args['gl_svc']) {
        if (isset($args['sp_id'])) {
            $args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
        }
        if (isset($args['mode'])) {
            $args['mode'] = COM_applyBasicFilter($args['mode']);
        }
        if (empty($args['sp_id'])) {
            $svc_msg['gl_feed'] = true;
        } else {
            $svc_msg['gl_feed'] = false;
        }
    } else {
        $svc_msg['gl_feed'] = false;
    }
    if (!$svc_msg['gl_feed']) {
        $page = '';
        if (isset($args['sp_id'])) {
            $page = $args['sp_id'];
        }
        $mode = '';
        if (isset($args['mode'])) {
            $mode = $args['mode'];
        }
        $error = 0;
        if ($page == '') {
            $error = 1;
        }
        $perms = SP_getPerms();
        if (!empty($perms)) {
            $perms = ' AND ' . $perms;
        }
        $sql = array();
        $sql['mysql'] = "SELECT sp_title,sp_content,sp_hits,sp_date,sp_format," . "commentcode,owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}')" . $perms;
        $sql['mssql'] = "SELECT sp_title," . "CAST(sp_content AS text) AS sp_content,sp_hits," . "sp_date,sp_format,commentcode,owner_id,group_id," . "perm_owner,perm_group,perm_members,perm_anon,sp_tid," . "sp_help,sp_php,sp_inblock " . "FROM {$_TABLES['staticpage']} WHERE (sp_id = '{$page}')" . $perms;
        $result = DB_query($sql);
        $count = DB_numRows($result);
        if ($count == 0 || $count > 1) {
            $error = 1;
        }
        if (!$error) {
            $output = DB_fetchArray($result, false);
            // WE ASSUME $output doesn't have any confidential fields
        } else {
            // an error occured (page not found, access denied, ...)
            if (empty($page)) {
                $failflg = 0;
            } else {
                $failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id='{$page}'");
            }
            if ($failflg) {
                if ($mode !== 'autotag') {
                    $output = COM_siteHeader('menu');
                }
                $output .= COM_startBlock($LANG_LOGIN[1], '', COM_getBlockTemplate('_msg_block', 'header'));
                $login = new Template($_CONF['path_layout'] . 'submit');
                $login->set_file(array('login' => 'submitloginrequired.thtml'));
                $login->set_var('login_message', $LANG_LOGIN[2]);
                $login->set_var('site_url', $_CONF['site_url']);
                $login->set_var('lang_login', $LANG_LOGIN[3]);
                $login->set_var('lang_newuser', $LANG_LOGIN[4]);
                $login->parse('output', 'login');
                $output .= $login->finish($login->get_var('output'));
                $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
                if ($mode !== 'autotag') {
                    $output .= COM_siteFooter(true);
                }
            } else {
                if ($mode !== 'autotag') {
                    $output = COM_siteHeader('menu');
                }
                $output .= COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header'));
                $output .= $LANG_STATIC['deny_msg'];
                $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
                if ($mode !== 'autotag') {
                    $output .= COM_siteFooter(true);
                }
            }
            return PLG_RET_ERROR;
        }
        if ($args['gl_svc']) {
            // This date format is PHP 5 only,
            // but only the web-service uses the value
            $output['published'] = date('c', strtotime($output['sp_date']));
            $output['updated'] = date('c', strtotime($output['sp_date']));
            $output['id'] = $page;
            $output['title'] = $output['sp_title'];
            $output['category'] = array($output['sp_tid']);
            $output['content'] = $output['sp_content'];
            $output['content_type'] = 'html';
            $owner_data = SESS_getUserDataFromId($output['owner_id']);
            $output['author_name'] = $owner_data['username'];
            $output['link_edit'] = $page;
        }
    } else {
        $output = array();
        $mode = '';
        if (isset($args['mode'])) {
            $mode = $args['mode'];
        }
        $perms = SP_getPerms();
        if (!empty($perms)) {
            $perms = ' WHERE ' . $perms;
        }
        $offset = 0;
        if (isset($args['offset'])) {
            $offset = COM_applyBasicFilter($args['offset'], true);
        }
        $max_items = $_SP_CONF['atom_max_items'] + 1;
        $limit = " LIMIT {$offset}, {$max_items}";
        $order = " ORDER BY sp_date DESC";
        $sql = array();
        $sql['mysql'] = "SELECT sp_id,sp_title,sp_content,sp_hits,sp_date,sp_format,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
        $sql['mssql'] = "SELECT sp_id,sp_title,CAST(sp_content AS text) AS sp_content,sp_hits," . "sp_date,sp_format,owner_id,group_id,perm_owner,perm_group,perm_members," . "perm_anon,sp_tid,sp_help,sp_php,sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
        $result = DB_query($sql);
        $count = 0;
        while (($output_item = DB_fetchArray($result, false)) !== false) {
            // WE ASSUME $output doesn't have any confidential fields
            $count += 1;
            if ($count == $max_items) {
                $svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items'];
                break;
            }
            if ($args['gl_svc']) {
                // This date format is PHP 5 only, but only the web-service uses the value
                $output_item['published'] = date('c', strtotime($output_item['sp_date']));
                $output_item['updated'] = date('c', strtotime($output_item['sp_date']));
                $output_item['id'] = $output_item['sp_id'];
                $output_item['title'] = $output_item['sp_title'];
                $output_item['category'] = array($output_item['sp_tid']);
                $output_item['content'] = $output_item['sp_content'];
                $output_item['content_type'] = 'html';
                $owner_data = SESS_getUserDataFromId($output_item['owner_id']);
                $output_item['author_name'] = $owner_data['username'];
            }
            $output[] = $output_item;
        }
    }
    return PLG_RET_OK;
}