function create_stack()
{
global $IN, $DB, $PREFS;
// Only continue if we have segments to check and this is a page request
if (REQ != "PAGE" || empty($IN->SEGS)) {
return;
}
// Added by: Leevi Graham - Technical Director - Newism Pty Ltd <http://leevigraham.com> | <http://newism.com.au> on Dec 9th 2009
// quick check to see if there is a comparison string, and if so does the comparison string match the URI?
// no point doing a DB lookup if there is no category
// This requires a new $conf variable to match against eg:
// $conf['low_seg2cat_match'] = "#^/(earn|spend|save)#";
if ($PREFS->ini('low_seg2cat_match') != FALSE && !preg_match($PREFS->ini('low_seg2cat_match'), $IN->URI)) {
return;
}
// initiate some vars
$site = $PREFS->ini('site_id');
$data = $cats = $segs = array();
$data['segment_category_ids'] = '';
// loop through segments and set data array thus: segment_1_category_id etc
foreach ($IN->SEGS as $nr => $seg) {
$data['segment_' . $nr . '_category_id'] = '';
$data['segment_' . $nr . '_category_name'] = '';
$data['segment_' . $nr . '_category_description'] = '';
$data['segment_' . $nr . '_category_image'] = '';
$data['segment_' . $nr . '_category_parent_id'] = '';
$segs[] = $DB->escape_str($seg);
}
// put segments in sql IN query; retrieve categories that match
$sql_segs = "'" . implode("','", $segs) . "'";
$sql = "SELECT\r\n\t\t\t\tcat_id, cat_url_title, cat_name, cat_description, cat_image, parent_id\r\n\t\t\tFROM\r\n\t\t\t\texp_categories\r\n\t\t\tWHERE\r\n\t\t\t\tcat_url_title\r\n\t\t\tIN\r\n\t\t\t\t({$sql_segs})\r\n\t\t\tAND\r\n\t\t\t\tsite_id = '{$site}'\r\n\t\t";
$query = $DB->query($sql);
// if we have matching categories, continue...
if ($query->num_rows) {
// initiate typography class for category title
if (!class_exists('Typography')) {
require PATH_CORE . 'core.typography' . EXT;
}
$TYPE = new Typography();
// flip segment array to get 'segment_1' => '1'
$ids = array_flip($IN->SEGS);
// loop through categories
foreach ($query->result as $row) {
// overwrite values in data array
$data['segment_' . $ids[$row['cat_url_title']] . '_category_id'] = $row['cat_id'];
$data['segment_' . $ids[$row['cat_url_title']] . '_category_name'] = $TYPE->light_xhtml_typography($row['cat_name']);
$data['segment_' . $ids[$row['cat_url_title']] . '_category_description'] = $row['cat_description'];
$data['segment_' . $ids[$row['cat_url_title']] . '_category_image'] = $row['cat_image'];
$data['segment_' . $ids[$row['cat_url_title']] . '_category_parent_id'] = $row['parent_id'];
$cats[] = $row['cat_id'];
}
// create inclusive stack of all category ids present in segments
$data['segment_category_ids'] = implode('&', $cats);
}
// register global variables
$IN->global_vars = array_merge($IN->global_vars, $data);
}
function keywords()
{
global $IN;
if (!class_exists('Typography')) {
require_once PATH_CORE . 'core.typography' . EXT;
}
$format = new Typography();
return $IN->GBL('q') ? $format->light_xhtml_typography(stripslashes($IN->GBL('q'))) : FALSE;
}
/** ----------------------------------------
/** Weblog Calendar
/** ----------------------------------------*/
function calendar()
{
global $LANG, $TMPL, $LOC, $IN, $DB, $FNS, $PREFS, $SESS;
// Rick is using some funky conditional stuff for the calendar, so
// we have to reassign the var_cond array using the legacy conditional
// parser. Bummer, but whatcha going to do?
$TMPL->var_cond = $FNS->assign_conditional_variables($TMPL->tagdata, SLASH, LD, RD);
/** ----------------------------------------
/** Determine the Month and Year
/** ----------------------------------------*/
$year = '';
$month = '';
// Hard-coded month/year via tag parameters
if ($TMPL->fetch_param('month') and $TMPL->fetch_param('year')) {
$year = $TMPL->fetch_param('year');
$month = $TMPL->fetch_param('month');
if (strlen($month) == 1) {
$month = '0' . $month;
}
} else {
// Month/year in query string
if (preg_match("#(\\d{4}/\\d{2})#", $IN->QSTR, $match)) {
$ex = explode('/', $match['1']);
$time = mktime(0, 0, 0, $ex['1'], 01, $ex['0']);
// $time = $LOC->set_localized_time(mktime(0, 0, 0, $ex['1'], 01, $ex['0']));
$year = date("Y", $time);
$month = date("m", $time);
} else {
// Defaults to current month/year
$year = date("Y", $LOC->set_localized_time($LOC->now));
$month = date("m", $LOC->set_localized_time($LOC->now));
}
}
/** ----------------------------------------
/** Set Unix timestamp for the given month/year
/** ----------------------------------------*/
$local_date = mktime(12, 0, 0, $month, 1, $year);
// $local_date = $LOC->set_localized_time($local_date);
/** ----------------------------------------
/** Determine the total days in the month
/** ----------------------------------------*/
$adjusted_date = $LOC->adjust_date($month, $year);
$month = $adjusted_date['month'];
$year = $adjusted_date['year'];
$total_days = $LOC->fetch_days_in_month($month, $year);
$previous_date = mktime(12, 0, 0, $month - 1, 1, $year);
$next_date = mktime(12, 0, 0, $month + 1, 1, $year);
/** ---------------------------------------
/** Determine the total days of the previous month
/** ---------------------------------------*/
$adj_prev_date = $LOC->adjust_date($month - 1, $year);
$prev_month = $adj_prev_date['month'];
$prev_year = $adj_prev_date['year'];
$prev_total_days = $LOC->fetch_days_in_month($prev_month, $prev_year);
/** ----------------------------------------
/** Set the starting day of the week
/** ----------------------------------------*/
// This can be set using a parameter in the tag: start_day="saturday"
// By default the calendar starts on sunday
$start_days = array('sunday' => 0, 'monday' => 1, 'tuesday' => 2, 'wednesday' => 3, 'thursday' => 4, 'friday' => 5, 'saturday' => 6);
$start_day = isset($start_days[$TMPL->fetch_param('start_day')]) ? $start_days[$TMPL->fetch_param('start_day')] : 0;
$date = getdate($local_date);
$day = $start_day + 1 - $date["wday"];
while ($day > 1) {
$day -= 7;
}
/** ----------------------------------------
/** {previous_path="weblog/index"}
/** ----------------------------------------*/
// This variables points to the previous month
if (preg_match_all("#" . LD . "previous_path=(.+?)" . RD . "#", $TMPL->tagdata, $matches)) {
$adjusted_date = $LOC->adjust_date($month - 1, $year, TRUE);
foreach ($matches['1'] as $match) {
$path = $FNS->create_url($match) . $adjusted_date['year'] . '/' . $adjusted_date['month'] . '/';
$TMPL->tagdata = preg_replace("#" . LD . "previous_path=.+?" . RD . "#", $path, $TMPL->tagdata, 1);
}
}
/** ----------------------------------------
/** {next_path="weblog/index"}
/** ----------------------------------------*/
// This variables points to the next month
if (preg_match_all("#" . LD . "next_path=(.+?)" . RD . "#", $TMPL->tagdata, $matches)) {
$adjusted_date = $LOC->adjust_date($month + 1, $year, TRUE);
foreach ($matches['1'] as $match) {
$path = $FNS->create_url($match) . $adjusted_date['year'] . '/' . $adjusted_date['month'] . '/';
$TMPL->tagdata = preg_replace("#" . LD . "next_path=.+?" . RD . "#", $path, $TMPL->tagdata, 1);
}
}
/** ----------------------------------------
/** {date format="%m %Y"}
/** ----------------------------------------*/
// This variable is used in the heading of the calendar
// to show the month and year
if (preg_match_all("#" . LD . "date format=[\"|'](.+?)[\"|']" . RD . "#", $TMPL->tagdata, $matches)) {
foreach ($matches['1'] as $match) {
$TMPL->tagdata = preg_replace("#" . LD . "date format=.+?" . RD . "#", $LOC->decode_date($match, $local_date), $TMPL->tagdata, 1);
}
}
/** ----------------------------------------
/** {previous_date format="%m %Y"}
/** ----------------------------------------*/
// This variable is used in the heading of the calendar
// to show the month and year
if (preg_match_all("#" . LD . "previous_date format=[\"|'](.+?)[\"|']" . RD . "#", $TMPL->tagdata, $matches)) {
foreach ($matches['1'] as $match) {
$TMPL->tagdata = preg_replace("#" . LD . "previous_date format=.+?" . RD . "#", $LOC->decode_date($match, $previous_date), $TMPL->tagdata, 1);
}
}
/** ----------------------------------------
/** {next_date format="%m %Y"}
/** ----------------------------------------*/
// This variable is used in the heading of the calendar
// to show the month and year
if (preg_match_all("#" . LD . "next_date format=[\"|'](.+?)[\"|']" . RD . "#", $TMPL->tagdata, $matches)) {
foreach ($matches['1'] as $match) {
$TMPL->tagdata = preg_replace("#" . LD . "next_date format=.+?" . RD . "#", $LOC->decode_date($match, $next_date), $TMPL->tagdata, 1);
}
}
/** ----------------------------------------
/** Day Heading
/** ----------------------------------------*/
/*
This code parses out the headings for each day of the week
Contained in the tag will be this variable pair:
{calendar_heading}
<td class="calendarDayHeading">{lang:weekday_abrev}</td>
{/calendar_heading}
There are three display options for the header:
{lang:weekday_abrev} = S M T W T F S
{lang:weekday_short} = Sun Mon Tues, etc.
{lang:weekday_long} = Sunday Monday Tuesday, etc.
*/
foreach (array('Su', 'Mo', 'Tu', 'We', 'Th', 'Fr', 'Sa') as $val) {
$day_names_a[] = !$LANG->line($val) ? $val : $LANG->line($val);
}
foreach (array('Sun', 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat') as $val) {
$day_names_s[] = !$LANG->line($val) ? $val : $LANG->line($val);
}
foreach (array('Sunday', 'Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', 'Saturday') as $val) {
$day_names_l[] = !$LANG->line($val) ? $val : $LANG->line($val);
}
if (preg_match("/" . LD . "calendar_heading" . RD . "(.*?)" . LD . SLASH . "calendar_heading" . RD . "/s", $TMPL->tagdata, $match)) {
$temp = '';
for ($i = 0; $i < 7; $i++) {
$temp .= str_replace(array(LD . 'lang:weekday_abrev' . RD, LD . 'lang:weekday_short' . RD, LD . 'lang:weekday_long' . RD), array($day_names_a[($start_day + $i) % 7], $day_names_s[($start_day + $i) % 7], $day_names_l[($start_day + $i) % 7]), trim($match['1']) . "\n");
}
$TMPL->tagdata = preg_replace("/" . LD . "calendar_heading" . RD . ".*?" . LD . SLASH . "calendar_heading" . RD . "/s", trim($temp), $TMPL->tagdata);
}
/** ----------------------------------------
/** Separate out cell data
/** ----------------------------------------*/
// We need to strip out the various variable pairs
// that allow us to render each calendar cell.
// We'll do this up-front and assign temporary markers
// in the template which we will replace with the final
// data later
$row_start = '';
$row_end = '';
$row_chunk = '';
$row_chunk_m = '94838dkAJDei8azDKDKe01';
$entries = '';
$entries_m = 'Gm983TGxkedSPoe0912NNk';
$if_today = '';
$if_today_m = 'JJg8e383dkaadPo20qxEid';
$if_entries = '';
$if_entries_m = 'Rgh43K0L0Dff9003cmqQw1';
$if_not_entries = '';
$if_not_entries_m = 'yr83889910BvndkGei8ti3';
$if_blank = '';
$if_blank_m = '43HDueie4q7pa8dAAseit6';
if (preg_match("/" . LD . "calendar_rows" . RD . "(.*?)" . LD . SLASH . "calendar_rows" . RD . "/s", $TMPL->tagdata, $match)) {
$row_chunk = trim($match['1']);
// Fetch all the entry_date variable
if (preg_match_all("/" . LD . "entry_date\\s+format=[\"'](.*?)[\"']" . RD . "/s", $row_chunk, $matches)) {
for ($j = 0; $j < count($matches['0']); $j++) {
$matches['0'][$j] = str_replace(array(LD, RD), '', $matches['0'][$j]);
$entry_dates[$matches['0'][$j]] = $LOC->fetch_date_params($matches['1'][$j]);
}
}
if (preg_match("/" . LD . "row_start" . RD . "(.*?)" . LD . SLASH . "row_start" . RD . "/s", $row_chunk, $match)) {
$row_start = trim($match['1']);
$row_chunk = trim(str_replace($match['0'], "", $row_chunk));
}
if (preg_match("/" . LD . "row_end" . RD . "(.*?)" . LD . SLASH . "row_end" . RD . "/s", $row_chunk, $match)) {
$row_end = trim($match['1']);
$row_chunk = trim(str_replace($match['0'], "", $row_chunk));
}
foreach ($TMPL->var_cond as $key => $val) {
if ($val['3'] == 'today') {
$if_today = trim($val['2']);
$row_chunk = str_replace($val['1'], $if_today_m, $row_chunk);
unset($TMPL->var_cond[$key]);
}
if ($val['3'] == 'entries') {
$if_entries = trim($val['2']);
$row_chunk = str_replace($val['1'], $if_entries_m, $row_chunk);
unset($TMPL->var_cond[$key]);
}
if ($val['3'] == 'not_entries') {
$if_not_entries = trim($val['2']);
$row_chunk = str_replace($val['1'], $if_not_entries_m, $row_chunk);
unset($TMPL->var_cond[$key]);
}
if ($val['3'] == 'blank') {
$if_blank = trim($val['2']);
$row_chunk = str_replace($val['1'], $if_blank_m, $row_chunk);
unset($TMPL->var_cond[$key]);
}
if (preg_match("/" . LD . "entries" . RD . "(.*?)" . LD . SLASH . "entries" . RD . "/s", $if_entries, $match)) {
$entries = trim($match['1']);
$if_entries = trim(str_replace($match['0'], $entries_m, $if_entries));
}
}
$TMPL->tagdata = preg_replace("/" . LD . "calendar_rows" . RD . ".*?" . LD . SLASH . "calendar_rows" . RD . "/s", $row_chunk_m, $TMPL->tagdata);
}
/** ----------------------------------------
/** Fetch {switch} variable
/** ----------------------------------------*/
// This variable lets us use a different CSS class
// for the current day
$switch_t = '';
$switch_c = '';
if ($TMPL->fetch_param('switch')) {
$x = explode("|", $TMPL->fetch_param('switch'));
if (count($x) == 2) {
$switch_t = $x['0'];
$switch_c = $x['1'];
}
}
/** ---------------------------------------
/** Set the day number numeric format
/** ---------------------------------------*/
$day_num_fmt = $TMPL->fetch_param('leading_zeroes') == 'yes' ? "%02d" : "%d";
/** ----------------------------------------
/** Build the SQL query
/** ----------------------------------------*/
$this->initialize();
$this->tagparams['rdf'] = 'off';
$this->build_sql_query('/' . $year . '/' . $month . '/');
if ($this->sql != '') {
$query = $DB->query($this->sql);
$data = array();
if ($query->num_rows > 0) {
// We'll need this later
if (!class_exists('Typography')) {
require PATH_CORE . 'core.typography' . EXT;
}
$TYPE = new Typography();
$TYPE->convert_curly = FALSE;
/** ----------------------------------------
/** Fetch query results and build data array
/** ----------------------------------------*/
foreach ($query->result as $row) {
/** ----------------------------------------
/** Adjust dates if needed
/** ----------------------------------------*/
// If the "dst_enabled" item is set in any given entry
// we need to offset to the timestamp by an hour
if ($row['entry_date'] != '') {
$row['entry_date'] = $LOC->offset_entry_dst($row['entry_date'], $row['dst_enabled'], FALSE);
}
/** ----------------------------------------
/** Define empty arrays and strings
/** ----------------------------------------*/
$defaults = array('entry_date' => 'a', 'permalink' => 'a', 'title_permalink' => 'a', 'author' => 's', 'profile_path' => 'a', 'id_path' => 'a', 'base_fields' => 'a', 'comment_tb_total' => 's', 'day_path' => 'a', 'comment_auto_path' => 's', 'comment_entry_id_auto_path' => 's', 'comment_url_title_auto_path' => 's');
foreach ($defaults as $key => $val) {
${$key} = $val == 'a' ? array() : '';
}
/** ---------------------------
/** Single Variables
/** ---------------------------*/
foreach ($TMPL->var_single as $key => $val) {
if (isset($entry_dates[$key])) {
foreach ($entry_dates[$key] as $dvar) {
$val = str_replace($dvar, $LOC->convert_timestamp($dvar, $row['entry_date'], TRUE), $val);
}
$entry_date[$key] = $val;
}
/** ----------------------------------------
/** parse permalink
/** ----------------------------------------*/
if (strncmp('permalink', $key, 9) == 0) {
if ($FNS->extract_path($key) != '' and $FNS->extract_path($key) != 'SITE_INDEX') {
$path = $FNS->extract_path($key) . '/' . $row['entry_id'];
} else {
$path = $row['entry_id'];
}
$permalink[$key] = $FNS->create_url($path, 1);
}
/** ----------------------------------------
/** parse title permalink
/** ----------------------------------------*/
if (strncmp('title_permalink', $key, 15) == 0 or strncmp('url_title_path', $key, 14) == 0) {
if ($FNS->extract_path($key) != '' and $FNS->extract_path($key) != 'SITE_INDEX') {
$path = $FNS->extract_path($key) . '/' . $row['url_title'];
} else {
$path = $row['url_title'];
}
$title_permalink[$key] = $FNS->create_url($path, 1);
}
/** ----------------------------------------
/** {comment_auto_path}
/** ----------------------------------------*/
if ($key == "comment_auto_path") {
$comment_auto_path = $row['comment_url'] == '' ? $row['blog_url'] : $row['comment_url'];
}
/** ----------------------------------------
/** {comment_url_title_auto_path}
/** ----------------------------------------*/
if ($key == "comment_url_title_auto_path") {
$path = $row['comment_url'] == '' ? $row['blog_url'] : $row['comment_url'];
$comment_url_title_auto_path = $path . $row['url_title'] . '/';
}
/** ----------------------------------------
/** {comment_entry_id_auto_path}
/** ----------------------------------------*/
if ($key == "comment_entry_id_auto_path") {
$path = $row['comment_url'] == '' ? $row['blog_url'] : $row['comment_url'];
$comment_entry_id_auto_path = $path . $row['entry_id'] . '/';
}
/** ----------------------------------------
/** {author}
/** ----------------------------------------*/
if ($key == "author") {
$author = $row['screen_name'] != '' ? $row['screen_name'] : $row['username'];
}
/** ----------------------------------------
/** profile path
/** ----------------------------------------*/
if (strncmp('profile_path', $key, 12) == 0) {
$profile_path[$key] = $FNS->create_url($FNS->extract_path($key) . '/' . $row['member_id']);
}
/** ----------------------------------------
/** parse comment_path or trackback_path
/** ----------------------------------------*/
if (preg_match("#^(comment_path|trackback_path|entry_id_path)#", $key)) {
$id_path[$key] = $FNS->create_url($FNS->extract_path($key) . '/' . $row['entry_id']);
}
/** ----------------------------------------
/** parse {comment_tb_total}
/** ----------------------------------------*/
if ($key == "comment_tb_total") {
$comment_tb_total = $row['comment_total'] + $row['trackback_total'];
}
/** ----------------------------------------
/** Basic fields (username, screen_name, etc.)
/** ----------------------------------------*/
if (isset($row[$val])) {
$base_fields[$key] = $row[$val];
}
/** ----------------------------------------
/** {day_path}
/** ----------------------------------------*/
if (strncmp('day_path', $key, 8) == 0) {
$d = date('d', $LOC->set_localized_time($row['entry_date']));
$m = date('m', $LOC->set_localized_time($row['entry_date']));
$y = date('Y', $LOC->set_localized_time($row['entry_date']));
if ($FNS->extract_path($key) != '' and $FNS->extract_path($key) != 'SITE_INDEX') {
$path = $FNS->extract_path($key) . '/' . $y . '/' . $m . '/' . $d;
} else {
$path = $y . '/' . $m . '/' . $d;
}
$if_entries = str_replace(LD . $key . RD, LD . 'day_path' . $val . RD, $if_entries);
$day_path[$key] = $FNS->create_url($path, 1);
}
}
// END FOREACH SINGLE VARIABLES
/** ----------------------------------------
/** Build Data Array
/** ----------------------------------------*/
$d = date('d', $LOC->set_localized_time($row['entry_date']));
if (substr($d, 0, 1) == '0') {
$d = substr($d, 1);
}
$data[$d][] = array($TYPE->parse_type($row['title'], array('text_format' => 'lite', 'html_format' => 'none', 'auto_links' => 'n', 'allow_img_url' => 'no')), $row['url_title'], $entry_date, $permalink, $title_permalink, $author, $profile_path, $id_path, $base_fields, $comment_tb_total, $day_path, $comment_auto_path, $comment_url_title_auto_path, $comment_entry_id_auto_path);
}
// END FOREACH
}
// END if ($query->num_rows > 0)
}
// END if ($this->query != '')
/** ----------------------------------------
/** Build Calendar Cells
/** ----------------------------------------*/
$out = '';
$today = getdate($LOC->set_localized_time($LOC->now));
while ($day <= $total_days) {
$out .= $row_start;
for ($i = 0; $i < 7; $i++) {
if ($day > 0 and $day <= $total_days) {
if ($if_entries != '' and isset($data[$day])) {
$out .= str_replace($if_entries_m, $this->var_replace($if_entries, $data[$day], $entries), $row_chunk);
foreach ($day_path as $k => $v) {
$out = str_replace(LD . 'day_path' . $k . RD, $data[$day]['0']['10'][$k], $out);
}
} else {
$out .= str_replace($if_not_entries_m, $if_not_entries, $row_chunk);
}
$out = str_replace(LD . 'day_number' . RD, sprintf($day_num_fmt, $day), $out);
if ($day == $today["mday"] and $month == $today["mon"] and $year == $today["year"]) {
$out = str_replace(LD . 'switch' . RD, $switch_t, $out);
} else {
$out = str_replace(LD . 'switch' . RD, $switch_c, $out);
}
} else {
$out .= str_replace($if_blank_m, $if_blank, $row_chunk);
$out = str_replace(LD . 'day_number' . RD, $day <= 0 ? sprintf($day_num_fmt, $prev_total_days + $day) : sprintf($day_num_fmt, $day - $total_days), $out);
}
$day++;
}
$out .= $row_end;
}
// Garbage collection
$out = str_replace(array($entries_m, $if_blank_m, $if_today_m, $if_entries_m, $if_not_entries_m), '', $out);
return str_replace($row_chunk_m, $out, $TMPL->tagdata);
}
/** -----------------------------------------
/** Change Comment Status
/** -----------------------------------------*/
function change_comment_status($status = '')
{
global $IN, $DSP, $DB, $LANG, $PREFS, $REGX, $FNS, $SESS, $STAT;
$weblog_id = $IN->GBL('weblog_id');
$entry_id = $IN->GBL('entry_id');
$current_page = $IN->GBL('current_page');
$comments = array();
$trackbacks = array();
foreach ($_POST as $key => $val) {
if (strstr($key, 'toggle') and !is_array($val)) {
if (substr($val, 0, 1) == 'c') {
$comments[] = $DB->escape_str(substr($val, 1));
}
}
}
if ($IN->GBL('comment_id') !== FALSE && is_numeric($IN->GBL('comment_id'))) {
$comments[] = $DB->escape_str($IN->GBL('comment_id'));
}
if (sizeof($comments) == 0) {
return $DSP->no_access_message();
}
if (!$DSP->allowed_group('can_moderate_comments') && !$DSP->allowed_group('can_edit_all_comments')) {
return $DSP->no_access_message();
}
if ($DSP->allowed_group('can_edit_all_comments')) {
// Can Edit All Comments
$sql = "SELECT exp_comments.entry_id, exp_comments.weblog_id, exp_comments.author_id\n\t\t\t\t\tFROM exp_comments\n\t\t\t\t\tWHERE exp_comments.comment_id IN ('" . implode("','", $comments) . "')";
} else {
// Can Moderate Comments, but only from non-USER blogs.
$sql = "SELECT exp_comments.entry_id, exp_comments.weblog_id, exp_comments.author_id\n\t\t\t\t\tFROM exp_comments, exp_weblogs\n\t\t\t\t\tWHERE exp_comments.comment_id IN ('" . implode("','", $comments) . "') \n\t\t\t\t\tAND exp_comments.weblog_id = exp_weblogs.weblog_id ";
$sql .= USER_BLOG !== FALSE ? "AND exp_weblogs.weblog_id = '" . UB_BLOG_ID . "' " : "AND exp_weblogs.is_user_blog = 'n' ";
}
/** -------------------------------
/** Retrieve Our Results
/** -------------------------------*/
$query = $DB->query($sql);
if ($query->num_rows == 0) {
return $DSP->no_access_message();
}
$entry_ids = array();
$author_ids = array();
$weblog_ids = array();
foreach ($query->result as $row) {
$entry_ids[] = $row['entry_id'];
$author_ids[] = $row['author_id'];
$weblog_ids[] = $row['weblog_id'];
}
$entry_ids = array_unique($entry_ids);
$author_ids = array_unique($author_ids);
$weblog_ids = array_unique($weblog_ids);
/** -------------------------------
/** Change Status
/** -------------------------------*/
$status = ($status == 'close' or isset($_GET['status']) and $_GET['status'] == 'close') ? 'c' : 'o';
$DB->query("UPDATE exp_comments SET status = '{$status}' WHERE comment_id IN ('" . implode("','", $comments) . "') ");
foreach (array_unique($entry_ids) as $entry_id) {
$query = $DB->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '" . $DB->escape_str($entry_id) . "'");
$comment_date = ($query->num_rows == 0 or !is_numeric($query->row['max_date'])) ? 0 : $query->row['max_date'];
$query = $DB->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '" . $DB->escape_str($entry_id) . "' AND status = 'o'");
$DB->query("UPDATE exp_weblog_titles SET comment_total = '" . $query->row['count'] . "', recent_comment_date = '{$comment_date}' WHERE entry_id = '" . $DB->escape_str($entry_id) . "'");
}
// Quicker and updates just the weblogs
foreach (array_unique($weblog_ids) as $weblog_id) {
$STAT->update_comment_stats($weblog_id, '', FALSE);
}
// Updates the total stats
$STAT->update_comment_stats();
foreach (array_unique($author_ids) as $author_id) {
$res = $DB->query("SELECT COUNT(comment_id) AS comment_total, MAX(comment_date) AS comment_date FROM exp_comments WHERE author_id = '{$author_id}'");
$comment_total = $res->row['comment_total'];
$comment_date = !empty($res->row['comment_date']) ? $res->row['comment_date'] : 0;
$DB->query($DB->update_string('exp_members', array('total_comments' => $comment_total, 'last_comment_date' => $comment_date), "member_id = '{$author_id}'"));
}
/** ----------------------------------------
/** Send email notification
/** ----------------------------------------*/
if ($status == 'o') {
/** ----------------------------------------
/** Instantiate Typography class
/** ----------------------------------------*/
if (!class_exists('Typography')) {
require PATH_CORE . 'core.typography' . EXT;
}
$TYPE = new Typography(0);
/** ----------------------------------------
/** Go Through Array of Entries
/** ----------------------------------------*/
foreach ($comments as $comment_id) {
$query = $DB->query("SELECT comment, name, email, comment_date, entry_id\n\t\t\t\t\t\t\t\t\t FROM exp_comments \n\t\t\t\t\t\t\t\t\t WHERE comment_id = '" . $DB->escape_str($comment_id) . "'");
/*
Find all of the unique commenters for this entry that have
notification turned on, posted at/before this comment
and do not have the same email address as this comment.
*/
$results = $DB->query("SELECT DISTINCT(email), name, comment_id \n\t\t\t\t\t\t\t\t\t FROM exp_comments \n\t\t\t\t\t\t\t\t\t WHERE status = 'o' \n\t\t\t\t\t\t\t\t\t AND entry_id = '" . $DB->escape_str($query->row['entry_id']) . "'\n\t\t\t\t\t\t\t\t\t AND notify = 'y'\n\t\t\t\t\t\t\t\t\t AND email != '" . $DB->escape_str($query->row['email']) . "'\n\t\t\t\t\t\t\t\t\t AND comment_date <= '" . $DB->escape_str($query->row['comment_date']) . "'");
$recipients = array();
if ($results->num_rows > 0) {
foreach ($results->result as $row) {
$recipients[] = array($row['email'], $row['comment_id'], $row['name']);
}
}
$email_msg = '';
if (count($recipients) > 0) {
$comment = $TYPE->parse_type($query->row['comment'], array('text_format' => 'none', 'html_format' => 'none', 'auto_links' => 'n', 'allow_img_url' => 'n'));
$qs = $PREFS->ini('force_query_string') == 'y' ? '' : '?';
$action_id = $FNS->fetch_action_id('Comment_CP', 'delete_comment_notification');
$results = $DB->query("SELECT wt.title, wt.url_title, w.blog_title, w.comment_url, w.blog_url\n\t\t\t\t\t\t\t\t\t\t FROM exp_weblog_titles wt, exp_weblogs w \n\t\t\t\t\t\t\t\t\t\t WHERE wt.entry_id = '" . $DB->escape_str($query->row['entry_id']) . "'\n\t\t\t\t\t\t\t\t\t\t AND wt.weblog_id = w.weblog_id");
$com_url = $results->row['comment_url'] == '' ? $results->row['blog_url'] : $results->row['comment_url'];
$swap = array('name_of_commenter' => $query->row['name'], 'name' => $query->row['name'], 'weblog_name' => $results->row['blog_title'], 'entry_title' => $results->row['title'], 'site_name' => stripslashes($PREFS->ini('site_name')), 'site_url' => $PREFS->ini('site_url'), 'comment' => $comment, 'comment_id' => $comment_id, 'comment_url' => $FNS->remove_double_slashes($com_url . '/' . $results->row['url_title'] . '/'));
$template = $FNS->fetch_email_template('comment_notification');
$email_tit = $FNS->var_swap($template['title'], $swap);
$email_msg = $FNS->var_swap($template['data'], $swap);
/** ----------------------------
/** Send email
/** ----------------------------*/
if (!class_exists('EEmail')) {
require PATH_CORE . 'core.email' . EXT;
}
$email = new EEmail();
$email->wordwrap = true;
$sent = array();
foreach ($recipients as $val) {
if (!in_array($val['0'], $sent)) {
$title = $email_tit;
$message = $email_msg;
// Deprecate the {name} variable at some point
$title = str_replace('{name}', $val['2'], $title);
$message = str_replace('{name}', $val['2'], $message);
$title = str_replace('{name_of_recipient}', $val['2'], $title);
$message = str_replace('{name_of_recipient}', $val['2'], $message);
$title = str_replace('{notification_removal_url}', $FNS->fetch_site_index(0, 0) . $qs . 'ACT=' . $action_id . '&id=' . $val['1'], $title);
$message = str_replace('{notification_removal_url}', $FNS->fetch_site_index(0, 0) . $qs . 'ACT=' . $action_id . '&id=' . $val['1'], $message);
$email->initialize();
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to($val['0']);
$email->subject($title);
$email->message($REGX->entities_to_ascii($message));
$email->Send();
$sent[] = $val['0'];
}
}
}
}
}
$FNS->clear_caching('all');
$val = $IN->GBL('validate') == 1 ? AMP . 'validate=1' : '';
if ($IN->GBL('search_in') !== FALSE) {
$url = BASE . AMP . 'C=edit' . AMP . 'M=view_entries' . AMP . 'search_in=comments' . AMP . 'rownum=' . $IN->GBL('current_page') . AMP . 'order=desc' . AMP . 'keywords=' . $IN->GBL('keywords');
} else {
$url = BASE . AMP . 'C=edit' . AMP . 'M=view_comments' . AMP . 'weblog_id=' . $weblog_id . AMP . 'entry_id=' . $entry_id . AMP . 'current_page=' . $current_page . AMP . 'U=1' . $val;
}
$FNS->redirect($url);
exit;
}
/** ------------------------
/** View a specific email
/** ------------------------*/
function view_email()
{
global $IN, $DB, $LANG, $DSP, $LOC;
if (!$DSP->allowed_group('can_send_cached_email')) {
return $DSP->no_access_message($LANG->line('not_allowed_to_email_mailinglist'));
}
$id = $IN->GBL('id');
/** -----------------------------
/** Run Query
/** -----------------------------*/
$query = $DB->query("SELECT mailtype, subject, message FROM exp_email_cache WHERE cache_id = '" . $DB->escape_str($id) . "' ");
if ($query->num_rows == 0) {
$DSP->body .= $DSP->qdiv('itemWrapper', $DSP->qdiv('highlight', $LANG->line('no_cached_email')));
return;
}
/** -----------------------------
/** Clean up message
/** -----------------------------*/
// If the message was submitted in HTML format
// we'll remove everything except the body
$message = $query->row['message'];
if ($query->row['mailtype'] == 'html') {
$message = preg_match("/<body.*?" . ">(.*)<\\/body>/is", $message, $match) ? $match['1'] : $message;
}
/** -----------------------------
/** Render output
/** -----------------------------*/
$DSP->body .= $DSP->heading(BR . $query->row['subject']);
/** ----------------------------------------
/** Instantiate Typography class
/** ----------------------------------------*/
if (!class_exists('Typography')) {
require PATH_CORE . 'core.typography' . EXT;
}
$TYPE = new Typography();
$DSP->body .= $TYPE->parse_type($message, array('text_format' => 'xhtml', 'html_format' => 'all', 'auto_links' => 'y', 'allow_img_url' => 'y'));
}
/** ----------------------------------------
/** Send Trackback
/** ----------------------------------------*/
function send_trackback($tb_data)
{
global $REGX, $FNS, $PREFS;
if (!is_array($tb_data)) {
return false;
}
/** ----------------------------------------
/** Pre-process data
/** ----------------------------------------*/
$required = array('entry_id', 'entry_link', 'entry_title', 'entry_content', 'trackback_url', 'weblog_name', 'tb_format');
foreach ($tb_data as $key => $val) {
if (!in_array($key, $required)) {
return false;
}
switch ($key) {
case 'trackback_url':
${$key} = $this->extract_trackback_urls($val);
break;
case 'entry_content':
${$key} = $FNS->char_limiter($REGX->xml_convert(strip_tags(stripslashes($val))));
break;
case 'entry_link':
${$key} = str_replace('-', '-', $REGX->xml_convert(strip_tags(stripslashes($val))));
break;
default:
${$key} = $REGX->xml_convert(strip_tags(stripslashes($val)));
break;
}
/** ----------------------------------------
/** Convert High ASCII Characters
/** ----------------------------------------*/
if ($this->convert_ascii == 'y' or $PREFS->ini('auto_convert_high_ascii') == 'y') {
if ($key == 'entry_content') {
${$key} = $REGX->ascii_to_entities(${$key});
} elseif ($key == 'entry_title') {
${$key} = $REGX->ascii_to_entities(${$key});
} elseif ($key == 'weblog_name') {
${$key} = $REGX->ascii_to_entities(${$key});
}
}
}
/** ----------------------------------------
/** Instantiate Typography class
/** ----------------------------------------*/
if (!class_exists('Typography')) {
require PATH_CORE . 'core.typography' . EXT;
}
$TYPE = new Typography(0);
$TYPE->encode_email = false;
$entry_content = $REGX->xss_clean($entry_content);
$entry_content = $TYPE->parse_type($entry_content, array('text_format' => !isset($tb_data['tb_format']) ? 'none' : $tb_data['tb_format'], 'html_format' => 'none', 'auto_links' => 'n', 'allow_img_url' => 'n'));
/** ----------------------------------------
/** Assign our data string
/** ----------------------------------------*/
$data = "url=" . rawurlencode($entry_link) . "&title=" . rawurlencode($entry_title) . "&blog_name=" . rawurlencode($weblog_name) . "&excerpt=" . rawurlencode($entry_content) . "&charset=" . rawurlencode($PREFS->ini('charset'));
/** ----------------------------------------
/** Send Trackbacks
/** ----------------------------------------*/
if (count($trackback_url) > 0) {
foreach ($trackback_url as $url) {
if (!$this->previously_sent_trackbacks($entry_id, $url)) {
$this->process_trackback($url, $data);
}
}
}
return array($this->tb_good_urls, $this->tb_bad_urls);
}
/** ----------------------------------------
/** Stand-alone version of the entry form
/** ----------------------------------------*/
function entry_form($return_form = FALSE, $captcha = '')
{
global $TMPL, $LANG, $LOC, $OUT, $DB, $IN, $REGX, $FNS, $SESS, $PREFS, $EXT;
$field_data = '';
$catlist = '';
$status = '';
$title = '';
$url_title = '';
$dst_enabled = $SESS->userdata('daylight_savings');
$LANG->fetch_language_file('weblog');
// No loggy? No looky...
if ($SESS->userdata('member_id') == 0) {
return '';
}
if (!($weblog = $TMPL->fetch_param('weblog'))) {
return $OUT->show_user_error('general', $LANG->line('weblog_not_specified'));
}
// Fetch the action ID number. Even though we don't need it until later
// we'll grab it here. If not found it means the action table doesn't
// contain the ID, which means the user has not updated properly. Ya know?
if (!($insert_action = $FNS->fetch_action_id('Weblog', 'insert_new_entry'))) {
return $OUT->show_user_error('general', $LANG->line('weblog_no_action_found'));
}
// We need to first determine which weblog to post the entry into.
$assigned_weblogs = $FNS->fetch_assigned_weblogs();
$weblog_id = !$IN->GBL('weblog_id', 'POST') ? '' : $IN->GBL('weblog_id');
if ($weblog_id == '') {
$query = $DB->query("SELECT weblog_id from exp_weblogs WHERE site_id IN ('" . implode("','", $TMPL->site_ids) . "') AND blog_name = '" . $DB->escape_str($weblog) . "' AND is_user_blog = 'n'");
if ($query->num_rows == 1) {
$weblog_id = $query->row['weblog_id'];
}
}
/** ----------------------------------------------
/** Security check
/** ---------------------------------------------*/
if (!in_array($weblog_id, $assigned_weblogs)) {
return $TMPL->no_results();
}
/** ----------------------------------------------
/** Fetch weblog preferences
/** ---------------------------------------------*/
$query = $DB->query("SELECT * FROM exp_weblogs WHERE weblog_id = '{$weblog_id}'");
if ($query->num_rows == 0) {
return "The weblog you have specified does not exist.";
}
foreach ($query->row as $key => $val) {
${$key} = $val;
}
if (!isset($_POST['weblog_id'])) {
$title = $default_entry_title;
$url_title = $url_title_prefix;
}
// -------------------------------------------
// 'weblog_standalone_form_start' hook.
// - Rewrite the Stand Alone Entry Form completely
//
$edata = $EXT->call_extension('weblog_standalone_form_start', $return_form, $captcha, $weblog_id);
if ($EXT->end_script === TRUE) {
return;
}
//
// -------------------------------------------
/** ----------------------------------------
/** Return the "no cache" version of the form
/** ----------------------------------------*/
if ($return_form == FALSE) {
$nc = '{{NOCACHE_WEBLOG_FORM ';
if (count($TMPL->tagparams) > 0) {
foreach ($TMPL->tagparams as $key => $val) {
$nc .= ' ' . $key . '="' . $val . '" ';
}
}
$nc .= '}}' . $TMPL->tagdata . '{{/NOCACHE_FORM}}';
return $nc;
}
/** ----------------------------------------------
/** JavaScript For URL Title
/** ---------------------------------------------*/
$convert_ascii = $PREFS->ini('auto_convert_high_ascii') == 'y' ? TRUE : FALSE;
$word_separator = $PREFS->ini('word_separator') != "dash" ? '_' : '-';
/** -------------------------------------
/** Create Foreign Character Conversion JS
/** -------------------------------------*/
/* -------------------------------------
/* 'foreign_character_conversion_array' hook.
/* - Allows you to use your own foreign character conversion array
/* - Added 1.6.0
*/
if (isset($EXT->extensions['foreign_character_conversion_array'])) {
$foreign_characters = $EXT->call_extension('foreign_character_conversion_array');
} else {
$foreign_characters = array('223' => "ss", '224' => "a", '225' => "a", '226' => "a", '229' => "a", '227' => "ae", '230' => "ae", '228' => "ae", '231' => "c", '232' => "e", '233' => "e", '234' => "e", '235' => "e", '236' => "i", '237' => "i", '238' => "i", '239' => "i", '241' => "n", '242' => "o", '243' => "o", '244' => "o", '245' => "o", '246' => "oe", '249' => "u", '250' => "u", '251' => "u", '252' => "ue", '255' => "y", '257' => "aa", '269' => "ch", '275' => "ee", '291' => "gj", '299' => "ii", '311' => "kj", '316' => "lj", '326' => "nj", '353' => "sh", '363' => "uu", '382' => "zh", '256' => "aa", '268' => "ch", '274' => "ee", '290' => "gj", '298' => "ii", '310' => "kj", '315' => "lj", '325' => "nj", '352' => "sh", '362' => "uu", '381' => "zh");
}
/*
/* -------------------------------------*/
$foreign_replace = '';
foreach ($foreign_characters as $old => $new) {
$foreign_replace .= "if (c == '{$old}') {NewTextTemp += '{$new}'; continue;}\n\t\t\t\t";
}
$default_entry_title = $REGX->form_prep($default_entry_title);
$url_title_js = <<<EOT
<script type="text/javascript">
<!--
function liveUrlTitle()
{
\t\t\tvar defaultTitle = '{$default_entry_title}';
\t\t\tvar NewText = document.getElementById("title").value;
\t\t\t
\t\t\tif (defaultTitle != '')
\t\t\t{
\t\t\t\tif (NewText.substr(0, defaultTitle.length) == defaultTitle)
\t\t\t\t{
\t\t\t\t\tNewText = NewText.substr(defaultTitle.length);
\t\t\t\t}\t
\t\t\t}
\t\t\t
\t\t\tNewText = NewText.toLowerCase();
\t\t\tvar separator = "{$word_separator}";
\t
\t\t\t// Foreign Character Attempt
\t\t\t
\t\t\tvar NewTextTemp = '';
\t\t\tfor(var pos=0; pos<NewText.length; pos++)
\t\t\t{
\t\t\t\tvar c = NewText.charCodeAt(pos);
\t\t\t\t
\t\t\t\tif (c >= 32 && c < 128)
\t\t\t\t{
\t\t\t\t\tNewTextTemp += NewText.charAt(pos);
\t\t\t\t}
\t\t\t\telse
\t\t\t\t{
\t\t\t\t\t{$foreign_replace}
\t\t\t\t}
\t\t\t}
\t\t\tvar multiReg = new RegExp(separator + '{2,}', 'g');
\t\t\t
\t\t\tNewText = NewTextTemp;
\t\t\t
\t\t\tNewText = NewText.replace('/<(.*?)>/g', '');
\t\t\tNewText = NewText.replace(/\\s+/g, separator);
\t\t\tNewText = NewText.replace(/\\//g, separator);
\t\t\tNewText = NewText.replace(/[^a-z0-9\\-\\._]/g,'');
\t\t\tNewText = NewText.replace(/\\+/g, separator);
\t\t\tNewText = NewText.replace(multiReg, separator);
\t\t\tNewText = NewText.replace(/-\$/g,'');
\t\t\tNewText = NewText.replace(/_\$/g,'');
\t\t\tNewText = NewText.replace(/^_/g,'');
\t\t\tNewText = NewText.replace(/^-/g,'');
\t\t\t
\t\t\tif (document.getElementById("url_title"))
\t\t\t{
\t\t\t\tdocument.getElementById("url_title").value = "{$url_title_prefix}" + NewText;\t\t\t
\t\t\t}
\t\t\telse
\t\t\t{
\t\t\t\tdocument.forms['entryform'].elements['url_title'].value = "{$url_title_prefix}" + NewText;
\t\t\t}\t\t
\t\t}
function showhide_item(id)
{
\t\t\tif (document.getElementById(id).style.display == "block")
\t\t\t{
\t\t\t\tdocument.getElementById(id).style.display = "none";
\t}
\telse
\t{
\t\t\t\tdocument.getElementById(id).style.display = "block";
\t}
}
\t\t
\t\t
\t\t-->
\t\t</script>
EOT;
// -------------------------------------------
// 'weblog_standalone_form_urltitle_js' hook.
// - Rewrite the Stand Alone Entry Form's URL Title JavaScript
//
if ($EXT->active_hook('weblog_standalone_form_urltitle_js') === TRUE) {
$url_title_js = $EXT->call_extension('weblog_standalone_form_urltitle_js', $url_title_js);
if ($EXT->end_script === TRUE) {
return;
}
}
//
// -------------------------------------------
$LANG->fetch_language_file('publish');
/** ----------------------------------------
/** Compile form declaration and hidden fields
/** ----------------------------------------*/
$RET = isset($_POST['RET']) ? $_POST['RET'] : $FNS->fetch_current_uri();
$XID = !isset($_POST['XID']) ? '' : $_POST['XID'];
$PRV = isset($_POST['PRV']) ? $_POST['PRV'] : '{PREVIEW_TEMPLATE}';
$hidden_fields = array('ACT' => $insert_action, 'RET' => $RET, 'PRV' => $PRV, 'URI' => $IN->URI == '' ? 'index' : $IN->URI, 'XID' => $XID, 'return_url' => isset($_POST['return_url']) ? $_POST['return_url'] : $TMPL->fetch_param('return'), 'author_id' => $SESS->userdata('member_id'), 'weblog_id' => $weblog_id);
/** ----------------------------------------
/** Add status to hidden fields
/** ----------------------------------------*/
$status_id = !isset($_POST['status_id']) ? $TMPL->fetch_param('status') : $_POST['status_id'];
if ($status_id == 'Open' || $status_id == 'Closed') {
$status_id = strtolower($status_id);
}
$status_query = $DB->query("SELECT * FROM exp_statuses WHERE group_id = '{$status_group}' order by status_order");
if ($status_id != '') {
$closed_flag = TRUE;
if ($status_query->num_rows > 0) {
foreach ($status_query->result as $row) {
if ($row['status'] == $status_id) {
$closed_flag = FALSE;
}
}
}
$hidden_fields['status'] = $closed_flag == TRUE ? 'closed' : $status_id;
}
/** ----------------------------------------
/** Add "allow" options
/** ----------------------------------------*/
$allow_cmts = !isset($_POST['allow_cmts']) ? $TMPL->fetch_param('allow_comments') : $_POST['allow_cmts'];
if ($allow_cmts != '' and $comment_system_enabled == 'y') {
$hidden_fields['allow_comments'] = $allow_cmts == 'yes' ? 'y' : 'n';
}
$allow_tbks = !isset($_POST['allow_tbks']) ? $TMPL->fetch_param('allow_trackbacks') : $_POST['allow_tbks'];
if ($allow_tbks != '') {
$hidden_fields['allow_trackbacks'] = $allow_tbks == 'yes' ? 'y' : 'n';
}
$sticky_entry = !isset($_POST['sticky_entry']) ? $TMPL->fetch_param('sticky_entry') : $_POST['sticky_entry'];
if ($sticky_entry != '') {
$hidden_fields['sticky'] = $sticky_entry == 'yes' ? 'y' : 'n';
}
/** ----------------------------------------
/** Add categories to hidden fields
/** ----------------------------------------*/
if ($category_id = $TMPL->fetch_param('category')) {
if (isset($_POST['category'])) {
foreach ($_POST as $key => $val) {
if (strstr($key, 'category') and is_array($val)) {
$i = 0;
foreach ($val as $v) {
$hidden_fields['category[' . $i++ . ']'] = $v;
}
}
}
} else {
if (strpos($category_id, '|') === FALSE) {
$hidden_fields['category[]'] = $category_id;
} else {
$category_id = trim($category_id, '|');
$i = 0;
foreach (explode("|", $category_id) as $val) {
$hidden_fields['category[' . $i++ . ']'] = $val;
}
}
}
}
/** ----------------------------------------
/** Add pings to hidden fields
/** ----------------------------------------*/
$hidden_pings = !isset($_POST['hidden_pings']) ? $TMPL->fetch_param('hidden_pings') : $_POST['hidden_pings'];
if ($hidden_pings == 'yes') {
$hidden_fields['hidden_pings'] = 'yes';
$ping_servers = $this->fetch_ping_servers('new');
if (is_array($ping_servers) and count($ping_servers) > 0) {
$i = 0;
foreach ($ping_servers as $val) {
if ($val['1'] != '') {
$hidden_fields['ping[' . $i++ . ']'] = $val['0'];
}
}
}
}
/** -------------------------------------
/** Parse out the tag
/** -------------------------------------*/
$tagdata = $TMPL->tagdata;
/** ----------------------------------------------
/** Upload and Smileys Link
/** ---------------------------------------------*/
$s = $PREFS->ini('admin_session_type') != 'c' ? $SESS->userdata['session_id'] : 0;
$cp_url = $PREFS->ini('cp_url') . '?S=' . $s;
// -------------------------------------------
// 'weblog_standalone_form_upload_url' hook.
// - Rewrite URL for Upload Link
//
if ($EXT->active_hook('weblog_standalone_form_upload_url') === TRUE) {
$upload_url = $EXT->call_extension('weblog_standalone_form_upload_url', $weblog_id);
} else {
$upload_url = $cp_url . '&C=publish&M=file_upload_form&field_group=' . $field_group . '&Z=1';
}
//
// -------------------------------------------
$tagdata = str_replace('{upload_url}', $upload_url, $tagdata);
$tagdata = str_replace('{smileys_url}', $cp_url . '&C=publish&M=emoticons&field_group=' . $field_group . '&Z=1', $tagdata);
// Onward...
$which = $IN->GBL('preview', 'POST') ? 'preview' : 'new';
/** --------------------------------
/** Fetch Custom Fields
/** --------------------------------*/
if ($TMPL->fetch_param('show_fields') !== FALSE) {
if (strncmp('not ', $TMPL->fetch_param('show_fields'), 4) == 0) {
$these = "AND field_name NOT IN ('" . str_replace('|', "','", trim(substr($TMPL->fetch_param('show_fields'), 3))) . "') ";
} else {
$these = "AND field_name IN ('" . str_replace('|', "','", trim($TMPL->fetch_param('show_fields'))) . "') ";
}
} else {
$these = '';
}
$query = $DB->query("SELECT * FROM exp_weblog_fields WHERE group_id = '{$field_group}' {$these} ORDER BY field_order");
$fields = array();
$date_fields = array();
$cond = array();
if ($which == 'preview') {
foreach ($query->result as $row) {
$fields['field_id_' . $row['field_id']] = $row['field_name'];
$cond[$row['field_name']] = '';
if ($row['field_type'] == 'date') {
$date_fields[$row['field_name']] = $row['field_id'];
}
}
}
/** ----------------------------------------
/** Preview
/** ----------------------------------------*/
if (preg_match("#" . LD . "preview" . RD . "(.+?)" . LD . '/' . "preview" . RD . "#s", $tagdata, $match)) {
if ($which != 'preview') {
$tagdata = str_replace($match['0'], '', $tagdata);
} else {
/** ----------------------------------------
/** Instantiate Typography class
/** ----------------------------------------*/
if (!class_exists('Typography')) {
require PATH_CORE . 'core.typography' . EXT;
}
$TYPE = new Typography();
$TYPE->convert_curly = FALSE;
$title = $TYPE->format_characters(stripslashes($IN->GBL('title', 'POST')));
$match['1'] = str_replace(LD . 'title' . RD, $title, $match['1']);
// We need to grab each global array index and do a little formatting
$str = '';
foreach ($_POST as $key => $val) {
if (!is_array($val)) {
if (strstr($key, 'field_id')) {
$expl = explode('field_id_', $key);
if (in_array($expl['1'], $date_fields)) {
$temp_date = $LOC->convert_human_date_to_gmt($_POST['field_id_' . $expl['1']]);
$temp = $_POST['field_id_' . $expl['1']];
$cond[$fields['field_id_' . $expl['1']]] = $temp_date;
} else {
$cond[$fields['field_id_' . $expl['1']]] = $_POST['field_id_' . $expl['1']];
$txt_fmt = !isset($_POST['field_ft_' . $expl['1']]) ? 'xhtml' : $_POST['field_ft_' . $expl['1']];
$temp = $TYPE->parse_type(stripslashes($val), array('text_format' => $txt_fmt, 'html_format' => $weblog_html_formatting, 'auto_links' => $weblog_allow_img_urls, 'allow_img_url' => $weblog_auto_link_urls));
}
if (isset($fields[$key])) {
$match['1'] = str_replace(LD . $fields[$key] . RD, $temp, $match['1']);
}
$str .= $temp;
}
}
}
$match['1'] = str_replace(LD . 'display_custom_fields' . RD, $str, $match['1']);
$match['1'] = $FNS->prep_conditionals($match['1'], $cond);
$tagdata = str_replace($match['0'], $match['1'], $tagdata);
}
}
/** -------------------------------------
/** Formatting buttons
/** -------------------------------------*/
if (preg_match("#" . LD . "formatting_buttons" . RD . "#s", $tagdata)) {
if (!defined('BASE')) {
$s = $PREFS->ini('admin_session_type') != 'c' ? $SESS->userdata['session_id'] : 0;
define('BASE', $PREFS->ini('cp_url', FALSE) . '?S=' . $s);
}
if (!class_exists('Display')) {
require PATH_CP . 'cp.display' . EXT;
}
global $DSP;
$DSP = new Display();
if (!class_exists('Publish')) {
require PATH_CP . 'cp.publish' . EXT;
}
$PUB = new Publish();
$tagdata = str_replace(LD . 'formatting_buttons' . RD, str_replace('.entryform.', ".getElementById('entryform').", $PUB->html_formatting_buttons($SESS->userdata('member_id'), $field_group)), $tagdata);
}
/** -------------------------------------
/** Fetch the {custom_fields} chunk
/** -------------------------------------*/
$custom_fields = '';
if (preg_match("#" . LD . "custom_fields" . RD . "(.+?)" . LD . '/' . "custom_fields" . RD . "#s", $tagdata, $match)) {
$custom_fields = trim($match['1']);
$tagdata = str_replace($match['0'], LD . 'temp_custom_fields' . RD, $tagdata);
}
// If we have custom fields to show, generate them
if ($custom_fields != '') {
$field_array = array('textarea', 'textinput', 'pulldown', 'date', 'relationship');
$textarea = '';
$textinput = '';
$pulldown = '';
$date = '';
$relationship = '';
$rel_options = '';
$pd_options = '';
$required = '';
foreach ($field_array as $val) {
if (preg_match("#" . LD . "\\s*if\\s+" . $val . RD . "(.+?)" . LD . '/' . "if" . RD . "#s", $custom_fields, $match)) {
${$val} = $match['1'];
if ($val == 'pulldown') {
if (preg_match("#" . LD . "options" . RD . "(.+?)" . LD . '/' . "options" . RD . "#s", $pulldown, $pmatch)) {
$pd_options = $pmatch['1'];
$pulldown = str_replace($pmatch['0'], LD . 'temp_pd_options' . RD, $pulldown);
}
}
if ($val == 'relationship') {
if (preg_match("#" . LD . "options" . RD . "(.+?)" . LD . '/' . "options" . RD . "#s", $relationship, $pmatch)) {
$rel_options = $pmatch['1'];
$relationship = str_replace($pmatch['0'], LD . 'temp_rel_options' . RD, $relationship);
}
}
$custom_fields = str_replace($match['0'], LD . 'temp_' . $val . RD, $custom_fields);
}
}
if (preg_match("#" . LD . "if\\s+required" . RD . "(.+?)" . LD . '/' . "if" . RD . "#s", $custom_fields, $match)) {
$required = $match['1'];
$custom_fields = str_replace($match['0'], LD . 'temp_required' . RD, $custom_fields);
}
/** --------------------------------
/** Parse Custom Fields
/** --------------------------------*/
$build = '';
foreach ($query->result as $row) {
$temp_chunk = $custom_fields;
$temp_field = '';
switch ($which) {
case 'preview':
$field_data = !isset($_POST['field_id_' . $row['field_id']]) ? '' : $_POST['field_id_' . $row['field_id']];
$field_fmt = !isset($_POST['field_ft_' . $row['field_id']]) ? $row['field_fmt'] : $_POST['field_ft_' . $row['field_id']];
break;
case 'edit':
$field_data = !isset($result->row['field_id_' . $row['field_id']]) ? '' : $result->row['field_id_' . $row['field_id']];
$field_fmt = !isset($result->row['field_ft_' . $row['field_id']]) ? $row['field_fmt'] : $result->row['field_ft_' . $row['field_id']];
break;
default:
$field_data = '';
$field_fmt = $row['field_fmt'];
break;
}
/** --------------------------------
/** Textarea field types
/** --------------------------------*/
if ($row['field_type'] == 'textarea' and $textarea != '') {
$temp_chunk = str_replace(LD . 'temp_textarea' . RD, $textarea, $temp_chunk);
}
if ($row['field_type'] == 'text' and $textinput != '') {
$temp_chunk = str_replace(LD . 'temp_textinput' . RD, $textinput, $temp_chunk);
}
if ($row['field_type'] == 'rel') {
if ($row['field_related_to'] == 'blog') {
$relto = 'exp_weblog_titles';
$relid = 'weblog_id';
} else {
$relto = 'exp_gallery_entries';
$relid = 'gallery_id';
}
if ($row['field_related_orderby'] == 'date') {
$row['field_related_orderby'] = 'entry_date';
}
$sql = "SELECT entry_id, title FROM " . $relto . " WHERE " . $relid . " = '" . $DB->escape_str($row['field_related_id']) . "' ";
$sql .= "ORDER BY " . $row['field_related_orderby'] . " " . $row['field_related_sort'];
if ($row['field_related_max'] > 0) {
$sql .= " LIMIT " . $row['field_related_max'];
}
$relquery = $DB->query($sql);
if ($relquery->num_rows > 0) {
$relentry_id = '';
if (!isset($_POST['field_id_' . $row['field_id']])) {
$relentry = $DB->query("SELECT rel_child_id FROM exp_relationships WHERE rel_id = '" . $DB->escape_str($field_data) . "'");
if ($relentry->num_rows == 1) {
$relentry_id = $relentry->row['rel_child_id'];
}
} else {
$relentry_id = $_POST['field_id_' . $row['field_id']];
}
$temp_options = $rel_options;
$temp_options = str_replace(LD . 'option_name' . RD, '--', $temp_options);
$temp_options = str_replace(LD . 'option_value' . RD, '', $temp_options);
$temp_options = str_replace(LD . 'selected' . RD, '', $temp_options);
$pdo = $temp_options;
foreach ($relquery->result as $relrow) {
$temp_options = $rel_options;
$temp_options = str_replace(LD . 'option_name' . RD, $relrow['title'], $temp_options);
$temp_options = str_replace(LD . 'option_value' . RD, $relrow['entry_id'], $temp_options);
$temp_options = str_replace(LD . 'selected' . RD, $relentry_id == $relrow['entry_id'] ? ' selected="selected"' : '', $temp_options);
$pdo .= $temp_options;
}
$temp_relationship = str_replace(LD . 'temp_rel_options' . RD, $pdo, $relationship);
$temp_chunk = str_replace(LD . 'temp_relationship' . RD, $temp_relationship, $temp_chunk);
}
}
if ($row['field_type'] == 'date' and $date != '') {
$temp_chunk = $custom_fields;
$date_field = 'field_id_' . $row['field_id'];
$date_local = 'field_dt_' . $row['field_id'];
$dtwhich = $which;
if (isset($_POST[$date_field])) {
$field_data = $_POST[$date_field];
$dtwhich = 'preview';
}
$custom_date = '';
$localize = FALSE;
if ($dtwhich != 'preview') {
$localize = TRUE;
if ($field_data != '' and isset($result->row['field_dt_' . $row['field_id']]) and $result->row['field_dt_' . $row['field_id']] != '') {
$field_data = $LOC->offset_entry_dst($field_data, $dst_enabled);
$field_data = $LOC->simpl_offset($field_data, $result->row['field_dt_' . $row['field_id']]);
$localize = FALSE;
}
if ($field_data != '') {
$custom_date = $LOC->set_human_time($field_data, $localize);
}
$cal_date = $LOC->set_localized_time($custom_date) * 1000;
} else {
$custom_date = $_POST[$date_field];
$cal_date = $custom_date != '' ? $LOC->set_localized_time($LOC->convert_human_date_to_gmt($custom_date)) * 1000 : $LOC->set_localized_time() * 1000;
}
$temp_chunk = str_replace(LD . 'temp_date' . RD, $date, $temp_chunk);
$temp_chunk = str_replace(LD . 'date' . RD, $custom_date, $temp_chunk);
} elseif ($row['field_type'] == 'select' and $pulldown != '') {
if ($row['field_pre_populate'] == 'n') {
$pdo = '';
if ($row['field_required'] == 'n') {
$temp_options = $pd_options;
$temp_options = str_replace(LD . 'option_name' . RD, '--', $temp_options);
$temp_options = str_replace(LD . 'option_value' . RD, '', $temp_options);
$temp_options = str_replace(LD . 'selected' . RD, '', $temp_options);
$pdo = $temp_options;
}
foreach (explode("\n", trim($row['field_list_items'])) as $v) {
$temp_options = $pd_options;
$v = trim($v);
$temp_options = str_replace(LD . 'option_name' . RD, $v, $temp_options);
$temp_options = str_replace(LD . 'option_value' . RD, $v, $temp_options);
$temp_options = str_replace(LD . 'selected' . RD, $v == $field_data ? ' selected="selected"' : '', $temp_options);
$pdo .= $temp_options;
}
$temp_pulldown = str_replace(LD . 'temp_pd_options' . RD, $pdo, $pulldown);
$temp_chunk = str_replace(LD . 'temp_pulldown' . RD, $temp_pulldown, $temp_chunk);
} else {
// We need to pre-populate this menu from an another weblog custom field
$pop_query = $DB->query("SELECT field_id_" . $row['field_pre_field_id'] . " FROM exp_weblog_data WHERE weblog_id = " . $row['field_pre_blog_id'] . "");
if ($pop_query->num_rows > 0) {
$temp_options = $rel_options;
$temp_options = str_replace(LD . 'option_name' . RD, '--', $temp_options);
$temp_options = str_replace(LD . 'option_value' . RD, '', $temp_options);
$temp_options = str_replace(LD . 'selected' . RD, '', $temp_options);
$pdo = $temp_options;
foreach ($pop_query->result as $prow) {
$pretitle = substr($prow['field_id_' . $row['field_pre_field_id']], 0, 110);
$pretitle = preg_replace("/\r\n|\r|\n|\t/", ' ', $pretitle);
$pretitle = $REGX->form_prep($pretitle);
$temp_options = $rel_options;
$temp_options = str_replace(LD . 'option_name' . RD, $pretitle, $temp_options);
$temp_options = str_replace(LD . 'option_value' . RD, $REGX->form_prep($prow['field_id_' . $row['field_pre_field_id']]), $temp_options);
$temp_options = str_replace(LD . 'selected' . RD, $prow['field_id_' . $row['field_pre_field_id']] == $field_data ? ' selected="selected"' : '', $temp_options);
$pdo .= $temp_options;
}
$temp_relationship = str_replace(LD . 'temp_rel_options' . RD, $pdo, $relationship);
$temp_chunk = str_replace(LD . 'temp_relationship' . RD, $temp_relationship, $temp_chunk);
}
}
}
if ($row['field_required'] == 'y') {
$temp_chunk = str_replace(LD . 'temp_required' . RD, $required, $temp_chunk);
} else {
$temp_chunk = str_replace(LD . 'temp_required' . RD, '', $temp_chunk);
}
$temp_chunk = str_replace(LD . 'field_data' . RD, $REGX->form_prep($field_data), $temp_chunk);
$temp_chunk = str_replace(LD . 'temp_date' . RD, '', $temp_chunk);
$temp_chunk = str_replace(LD . 'temp_textarea' . RD, '', $temp_chunk);
$temp_chunk = str_replace(LD . 'temp_relationship' . RD, '', $temp_chunk);
$temp_chunk = str_replace(LD . 'temp_textinput' . RD, '', $temp_chunk);
$temp_chunk = str_replace(LD . 'temp_pulldown' . RD, '', $temp_chunk);
$temp_chunk = str_replace(LD . 'temp_pd_options' . RD, '', $temp_chunk);
$temp_chunk = str_replace(LD . 'calendar_link' . RD, '', $temp_chunk);
$temp_chunk = str_replace(LD . 'calendar_id' . RD, '', $temp_chunk);
$temp_chunk = str_replace(LD . 'rows' . RD, !isset($row['field_ta_rows']) ? '10' : $row['field_ta_rows'], $temp_chunk);
$temp_chunk = str_replace(LD . 'field_label' . RD, $row['field_label'], $temp_chunk);
$temp_chunk = str_replace(LD . 'field_instructions' . RD, $row['field_instructions'], $temp_chunk);
$temp_chunk = str_replace(LD . 'text_direction' . RD, $row['field_text_direction'], $temp_chunk);
$temp_chunk = str_replace(LD . 'maxlength' . RD, $row['field_maxl'], $temp_chunk);
$temp_chunk = str_replace(LD . 'field_name' . RD, 'field_id_' . $row['field_id'], $temp_chunk);
$hidden_fields['field_ft_' . $row['field_id']] = $field_fmt;
// $temp_chunk .= "\n<input type='hidden' name='field_ft_".$row['field_id']."' value='".$field_fmt."' />\n";
$build .= $temp_chunk;
}
$tagdata = str_replace(LD . 'temp_custom_fields' . RD, stripslashes($build), $tagdata);
}
/** ----------------------------------------
/** Categories
/** ----------------------------------------*/
if (preg_match("#" . LD . "category_menu" . RD . "(.+?)" . LD . '/' . "category_menu" . RD . "#s", $tagdata, $match)) {
// -------------------------------------------
// 'weblog_standalone_form_category_menu' hook.
// - Rewrite the displaying of categories, if you dare!
//
if ($EXT->active_hook('weblog_standalone_form_category_menu') === TRUE) {
$edata = $EXT->call_extension('weblog_standalone_form_category_menu', $cat_group, $which, $deft_category, $catlist);
$match['1'] = str_replace(LD . 'select_options' . RD, $edata, $match['1']);
$tagdata = str_replace($match['0'], $match['1'], $tagdata);
if ($EXT->end_script === TRUE) {
return;
}
} else {
$this->category_tree_form($cat_group, $which, $deft_category, $catlist);
if (count($this->categories) == 0) {
$tagdata = str_replace($match['0'], '', $tagdata);
} else {
$c = '';
foreach ($this->categories as $val) {
$c .= $val;
}
$match['1'] = str_replace(LD . 'select_options' . RD, $c, $match['1']);
$tagdata = str_replace($match['0'], $match['1'], $tagdata);
}
}
//
// -------------------------------------------
}
/** ----------------------------------------
/** Ping Servers
/** ----------------------------------------*/
if (preg_match("#" . LD . "ping_servers" . RD . "(.+?)" . LD . '/' . "ping_servers" . RD . "#s", $tagdata, $match)) {
$field = preg_match("#" . LD . "ping_row" . RD . "(.+?)" . LD . '/' . "ping_row" . RD . "#s", $tagdata, $match1) ? $match1['1'] : '';
if (!isset($match1['0'])) {
$tagdata = str_replace($match['0'], '', $tagdata);
}
$ping_servers = $this->fetch_ping_servers($which);
if (!is_array($ping_servers) or count($ping_servers) == 0) {
$tagdata = str_replace($match['0'], '', $tagdata);
} else {
$ping_build = '';
foreach ($ping_servers as $val) {
$temp = $field;
$temp = str_replace(LD . 'ping_value' . RD, $val['0'], $temp);
$temp = str_replace(LD . 'ping_checked' . RD, $val['1'], $temp);
$temp = str_replace(LD . 'ping_server_name' . RD, $val['2'], $temp);
$ping_build .= $temp;
}
$match['1'] = str_replace($match1['0'], $ping_build, $match['1']);
$tagdata = str_replace($match['0'], $match['1'], $tagdata);
}
}
/** ----------------------------------------
/** Status
/** ----------------------------------------*/
if (preg_match("#" . LD . "status_menu" . RD . "(.+?)" . LD . '/' . "status_menu" . RD . "#s", $tagdata, $match)) {
if (isset($_POST['status'])) {
$deft_status = $_POST['status'];
}
if ($deft_status == '') {
$deft_status = 'open';
}
if ($status == '') {
$status = $deft_status;
}
/** --------------------------------
/** Fetch disallowed statuses
/** --------------------------------*/
$no_status_access = array();
if ($SESS->userdata['group_id'] != 1) {
$query = $DB->query("SELECT status_id FROM exp_status_no_access WHERE member_group = '" . $SESS->userdata['group_id'] . "'");
if ($query->num_rows > 0) {
foreach ($query->result as $row) {
$no_status_access[] = $row['status_id'];
}
}
}
/** --------------------------------
/** Create status menu
/** --------------------------------*/
$r = '';
if ($status_query->num_rows == 0) {
// if there is no status group assigned, only Super Admins can create 'open' entries
if ($SESS->userdata['group_id'] == 1) {
$selected = $status == 'open' ? " selected='selected'" : '';
$r .= "<option value='open'" . $selected . ">" . $LANG->line('open') . "</option>";
}
$selected = $status == 'closed' ? " selected='selected'" : '';
$r .= "<option value='closed'" . $selected . ">" . $LANG->line('closed') . "</option>";
} else {
$no_status_flag = TRUE;
foreach ($status_query->result as $row) {
$selected = $status == $row['status'] ? " selected='selected'" : '';
if ($selected != 1) {
if (in_array($row['status_id'], $no_status_access)) {
continue;
}
}
$no_status_flag = FALSE;
$status_name = ($row['status'] == 'open' or $row['status'] == 'closed') ? $LANG->line($row['status']) : $row['status'];
$r .= "<option value='" . $REGX->form_prep($row['status']) . "'" . $selected . ">" . $REGX->form_prep($status_name) . "</option>\n";
}
if ($no_status_flag == TRUE) {
$tagdata = str_replace($match['0'], '', $tagdata);
}
}
$match['1'] = str_replace(LD . 'select_options' . RD, $r, $match['1']);
$tagdata = str_replace($match['0'], $match['1'], $tagdata);
}
/** ----------------------------------------
/** Trackback field
/** ----------------------------------------*/
if (preg_match("#" . LD . "if\\s+trackback" . RD . "(.+?)" . LD . '/' . "if" . RD . "#s", $tagdata, $match)) {
if ($show_trackback_field == 'n') {
$tagdata = str_replace($match['0'], '', $tagdata);
} else {
$tagdata = str_replace($match['0'], $match['1'], $tagdata);
}
}
/** ----------------------------------------
/** Parse single variables
/** ----------------------------------------*/
foreach ($TMPL->var_single as $key => $val) {
/** ----------------------------------------
/** {title}
/** ----------------------------------------*/
if ($key == 'title') {
$title = !isset($_POST['title']) ? $title : stripslashes($_POST['title']);
$tagdata = $TMPL->swap_var_single($key, $REGX->form_prep($title), $tagdata);
}
/** ----------------------------------------
/** {allow_comments}
/** ----------------------------------------*/
if ($key == 'allow_comments') {
if ($which == 'preview') {
$checked = !isset($_POST['allow_comments']) || $comment_system_enabled != 'y' ? '' : "checked='checked'";
} else {
$checked = $deft_comments == 'n' || $comment_system_enabled != 'y' ? '' : "checked='checked'";
}
$tagdata = $TMPL->swap_var_single($key, $checked, $tagdata);
}
/** ----------------------------------------
/** {allow_trackbacks}
/** ----------------------------------------*/
if ($key == 'allow_trackbacks') {
if ($which == 'preview') {
$checked = !isset($_POST['allow_trackbacks']) || $trackback_system_enabled != 'y' ? '' : "checked='checked'";
} else {
$checked = $deft_trackbacks == 'n' || $trackback_system_enabled != 'y' ? '' : "checked='checked'";
}
$tagdata = $TMPL->swap_var_single($key, $checked, $tagdata);
}
/** ----------------------------------------
/** {dst_enabled}
/** ----------------------------------------*/
if ($key == 'dst_enabled') {
if ($which == 'preview') {
$checked = isset($_POST['dst_enabled']) && $PREFS->ini('honor_entry_dst') == 'y' ? "checked='checked'" : '';
} else {
$checked = $dst_enabled == 'y' ? "checked='checked'" : '';
}
$tagdata = $TMPL->swap_var_single($key, $checked, $tagdata);
}
/** ----------------------------------------
/** {sticky}
/** ----------------------------------------*/
if ($key == 'sticky') {
$checked = '';
if ($which == 'preview') {
$checked = !isset($_POST['sticky']) ? '' : "checked='checked'";
}
$tagdata = $TMPL->swap_var_single($key, $checked, $tagdata);
}
/** ----------------------------------------
/** {url_title}
/** ----------------------------------------*/
if ($key == 'url_title') {
$url_title = !isset($_POST['url_title']) ? $url_title : $_POST['url_title'];
$tagdata = $TMPL->swap_var_single($key, $url_title, $tagdata);
}
/** ----------------------------------------
/** {entry_date}
/** ----------------------------------------*/
if ($key == 'entry_date') {
$entry_date = !isset($_POST['entry_date']) ? $LOC->set_human_time($LOC->now) : $_POST['entry_date'];
$tagdata = $TMPL->swap_var_single($key, $entry_date, $tagdata);
}
/** ----------------------------------------
/** {expiration_date}
/** ----------------------------------------*/
if ($key == 'expiration_date') {
$expiration_date = !isset($_POST['expiration_date']) ? '' : $_POST['expiration_date'];
$tagdata = $TMPL->swap_var_single($key, $expiration_date, $tagdata);
}
/** ----------------------------------------
/** {comment_expiration_date}
/** ----------------------------------------*/
if ($key == 'comment_expiration_date') {
$comment_expiration_date = '';
if ($which == 'preview') {
$comment_expiration_date = !isset($_POST['comment_expiration_date']) ? '' : $_POST['comment_expiration_date'];
} else {
if ($comment_expiration > 0) {
$comment_expiration_date = $comment_expiration * 86400;
$comment_expiration_date = $comment_expiration_date + $LOC->now;
$comment_expiration_date = $LOC->set_human_time($comment_expiration_date);
}
}
$tagdata = $TMPL->swap_var_single($key, $comment_expiration_date, $tagdata);
}
/** ----------------------------------------
/** {trackback_urls}
/** ----------------------------------------*/
if ($key == 'trackback_urls') {
$trackback_urls = !isset($_POST['trackback_urls']) ? '' : stripslashes($_POST['trackback_urls']);
$tagdata = $TMPL->swap_var_single($key, $trackback_urls, $tagdata);
}
}
// -------------------------------------------
// 'weblog_standalone_form_end' hook.
// - Allows adding to end of submission form
//
if ($EXT->active_hook('weblog_standalone_form_end') === TRUE) {
$tagdata = $EXT->call_extension('weblog_standalone_form_end', $tagdata);
}
//
// -------------------------------------------
// Build the form
$data = array('hidden_fields' => $hidden_fields, 'action' => $RET, 'id' => 'entryform');
$res = $FNS->form_declaration($data);
if ($TMPL->fetch_param('use_live_url') != 'no') {
$res .= $url_title_js;
}
$res .= $tagdata;
$res .= "</form>";
return $res;
}
/**
* Parses XML and returns as ExpressionEngine variables for the Basic User xml schema
*
* @param string $xml the xml to be parsed
* @return string Returns parsed xml
*/
protected function _parse_basic_user($xml)
{
global $TMPL, $REGX, $FNS, $LOC;
if (!class_exists('Typography')) {
require PATH_CORE . 'core.typography' . EXT;
}
$TYPE = new Typography(FALSE, FALSE);
$prefs = array('text_format' => 'none', 'html_format' => 'all', 'auto_links' => 'n', 'allow_img_url' => 'n', 'convert_curly' => 'y');
$count = 0;
/** ---------------------------------------
/** Parse date variables outside
/** ---------------------------------------*/
$date_vars = array('created_at');
foreach ($date_vars as $val) {
if (preg_match_all("/" . LD . $val . "\\s+format=[\"'](.*?)[\"']" . RD . "/s", $this->tagdata, $matches)) {
for ($j = 0; $j < count($matches['0']); $j++) {
$matches['0'][$j] = str_replace(array(LD, RD), '', $matches['0'][$j]);
switch ($val) {
case 'created_at':
$created_at[$matches['0'][$j]] = $LOC->fetch_date_params($matches['1'][$j]);
break;
}
}
}
}
foreach ($xml->user as $user) {
if ($count == $this->limit) {
break;
}
/** ---------------------------------------
/** Prepare conditionals
/** ---------------------------------------*/
$cond = array();
foreach ($user as $key => $val) {
$cond[$key] = $val;
}
$cond['count'] = $count + 1;
$cond['total_results'] = $this->limit;
$tagdata = $FNS->prep_conditionals($this->tagdata, $cond);
/** ---------------------------------------
/** Single variables
/** ---------------------------------------*/
foreach ($TMPL->var_single as $key => $val) {
if (isset($user->{$val})) {
$tagdata = $TMPL->swap_var_single($val, $REGX->xss_clean($TYPE->parse_type($user->{$val}, $prefs)), $tagdata);
} elseif ($val == "relative_time") {
$relative_time = $this->_relativeTime(strtotime($user->created_at));
if ($TMPL->fetch_param("ucfirst_relative_time") == "y") {
$relative_time = ucfirst($relative_time);
}
$tagdata = $TMPL->swap_var_single("relative_time", $TYPE->parse_type($relative_time, $prefs), $tagdata);
}
if (isset($created_at[$key])) {
foreach ($created_at[$key] as $dvar) {
$val = str_replace($dvar, $LOC->convert_timestamp($dvar), $val);
}
$tagdata = $TMPL->swap_var_single($key, $val, $tagdata);
}
}
foreach ($user->status as $status) {
$status->text = $this->twitterStatusUrlConverter($status->text);
$status->text = $TYPE->parse_type($status->text, $prefs);
$status->text = $REGX->xss_clean($status->text);
foreach ($TMPL->var_single as $key => $val) {
if (isset($status->{$val})) {
$tagdata = $TMPL->swap_var_single($val, $REGX->xss_clean($TYPE->parse_type($status->{$val}, $prefs)), $tagdata);
}
}
}
$this->return_data .= $tagdata;
$count++;
}
return $this->return_data;
}
/** -------------------------------------
/** pMachine News Feed
/** -------------------------------------*/
function pmachine_news_feed()
{
global $DB, $DSP, $PREFS, $FNS, $SESS, $LANG, $LOC;
if ($this->conn_failure === TRUE or !file_exists(PATH_PI . 'pi.magpie' . EXT)) {
return $r = '';
}
$r = $DSP->table('tableBorder', '0', '0', '100%') . $DSP->tr() . $DSP->table_qcell('tableHeading', $LANG->line('pmachine_news_feed')) . $DSP->tr_c();
define('MAGPIE_CACHE_AGE', 60 * 60 * 24 * 3);
// set cache to 3 days
define('MAGPIE_CACHE_DIR', PATH_CACHE . 'magpie_cache/');
define('MAGPIE_DEBUG', 0);
if (!class_exists('Magpie')) {
require PATH_PI . 'pi.magpie' . EXT;
}
$feed = fetch_rss('http://expressionengine.com/feeds/rss/cpnews/');
$i = 0;
if (!is_object($feed) or count($feed->items) == 0) {
$r .= $DSP->table_qrow($i++ % 2 ? 'tableCellOne' : 'tableCellTwo', array($LANG->line('no_news')));
} else {
$total = count($feed->items);
$j = 0;
ob_start();
?>
<script type="text/javascript">
<!--
function showHide(el)
{
if (document.getElementById(el).style.display == 'block')
{
document.getElementById(el).style.display = 'none';
}
else
{
document.getElementById(el).style.display = 'block';
};
}
//-->
</script>
<?php
$buffer = ob_get_contents();
ob_end_clean();
$r .= $buffer;
$qm = $PREFS->ini('force_query_string') == 'y' ? '' : '?';
for ($i = 0; $i < $total, $i < 3; $i++) {
$title = $feed->items[$i]['title'];
$date = $LOC->set_human_time($LOC->set_gmt(strtotime(preg_replace("/(20[10][0-9]\\-[0-9]{2}\\-[0-9]{2})T([0-9]{2}:[0-9]{2}:[0-9]{2})Z/", '\\1 \\2 UTC', $feed->items[$i]['pubdate']))));
$content = $feed->items[$i]['description'];
$link = $feed->items[$i]['link'];
if (!class_exists('Typography')) {
require PATH_CORE . 'core.typography' . EXT;
}
$TYPE = new Typography();
$content = $TYPE->parse_type($content, array('text_format' => 'xhtml', 'html_format' => 'y', 'auto_links' => 'y', 'allow_img_url' => 'y'));
$r .= $DSP->table_qrow($j++ % 2 ? 'tableCellOne' : 'tableCellTwo', array($DSP->qdiv('itemWrapper', $DSP->qspan('defaultBold', $DSP->anchor($FNS->fetch_site_index() . $qm . 'URL=' . $link, $title, "onclick='showHide(\"news_item_{$i}\"); return false;'") . NBS . '(' . $date . ')')) . $DSP->qdiv('itemWrapper', $content, "news_item_{$i}", "style='display: none;'")));
}
$r .= $DSP->table_qrow($j++ % 2 ? 'tableCellOne' : 'tableCellTwo', array($DSP->qdiv('itemWrapper', $DSP->qspan('defaultBold', $DSP->anchor($FNS->fetch_site_index() . $qm . 'URL=http://expressionengine.com/blog/', $LANG->line('more_news'), "onclick='window.open(this.href); return false;'")))));
}
return $r . $DSP->table_c();
}
function display_tag($params, $tagdata, $field_data, $field_settings)
{
global $TMPL, $FF;
$this_row = $FF->weblog->query->row;
$this_field_id = $FF->field_id;
$parse_images = $FF->weblog->TYPE->parse_images;
$parse_options = array('text_format' => $this_row['field_ft_' . $this_field_id], 'html_format' => $this_row['weblog_html_formatting'], 'auto_links' => $this_row['weblog_auto_link_urls'], 'allow_img_url' => $this_row['weblog_allow_img_urls'], 'parse_images' => $parse_images);
if (!class_exists('Typography')) {
require PATH_CORE . 'core.typography' . EXT;
}
$TYPE = new Typography();
$parsed_contents = $TYPE->parse_type($field_data, $parse_options);
return $parsed_contents;
}
/** -----------------------------------------
/** USAGE: Get Recent Posts for User
/** -----------------------------------------*/
function getRecentPosts($plist, $entry_id = '')
{
global $DB, $LANG, $FNS, $PREFS;
$parameters = $plist->output_parameters();
if (!$this->fetch_member_data($parameters['1'], $parameters['2'])) {
return new XML_RPC_Response('0', '802', $LANG->line('invalid_access'));
}
if (!$this->userdata['can_access_edit'] && $this->userdata['group_id'] != '1') {
return new XML_RPC_Response('0', '803', $LANG->line('invalid_access'));
}
/** ---------------------------------------
/** Parse Out Weblog Information
/** ---------------------------------------*/
if ($entry_id == '') {
$this->parse_weblog($parameters['0']);
$limit = !empty($parameters['3']) && is_numeric($parameters['3']) ? $parameters['3'] : '10';
}
/** ---------------------------------------
/** Perform Query
/** ---------------------------------------*/
$sql = "SELECT DISTINCT(wt.entry_id), wt.title, wt.url_title, wt.weblog_id, \n \t\t\twt.author_id, wt.entry_date, wt.allow_comments, wt.allow_trackbacks, wt.sent_trackbacks,\n \t\t\texp_weblog_data.*\n FROM exp_weblog_titles wt, exp_weblog_data \n WHERE wt.entry_id = exp_weblog_data.entry_id ";
if ($this->userdata['group_id'] != '1' && !$this->userdata['can_edit_other_entries']) {
$sql .= "AND wt.author_id = '" . $this->userdata['member_id'] . "' ";
}
if ($entry_id != '') {
$sql .= "AND wt.entry_id = '{$entry_id}' ";
} else {
$sql .= str_replace('exp_weblogs.weblog_id', 'wt.weblog_id', $this->weblog_sql) . " ";
}
if ($entry_id == '') {
$sql .= "ORDER BY entry_date desc LIMIT 0, {$limit}";
}
$query = $DB->query($sql);
if ($query->num_rows == 0) {
return new XML_RPC_Response('0', '805', $LANG->line('no_entries_found'));
}
if ($entry_id != '') {
$this->parse_weblog($query->row['weblog_id']);
}
/** ----------------------------------------
/** Instantiate Typography class
/** ----------------------------------------*/
if ($this->parse_type === TRUE) {
if (!class_exists('Typography')) {
require PATH_CORE . 'core.typography' . EXT;
}
$TYPE = new Typography();
$TYPE->encode_email = false;
$PREFS->core_ini['enable_emoticons'] = 'n';
}
/** ---------------------------------------
/** Process Output
/** ---------------------------------------*/
$settings = array();
$settings['html_format'] = $this->html_format;
$settings['auto_links'] = 'n';
$settings['allow_img_url'] = 'y';
$response = array();
foreach ($query->result as $row) {
$convert_breaks = 'none';
$link = $FNS->remove_double_slashes($this->comment_url . '/' . $row['url_title'] . '/');
// Fields: Textarea and Text Input Only
$this->field_data = array('excerpt' => '', 'content' => '', 'more' => '', 'keywords' => '');
if (isset($this->fields[$this->excerpt_field])) {
if ($this->parse_type === true) {
$settings['text_format'] = $row['field_ft_' . $this->excerpt_field];
$this->field_data['excerpt'] = $TYPE->parse_type($row['field_id_' . $this->excerpt_field], $settings);
} else {
$this->field_data['excerpt'] .= $row['field_id_' . $this->excerpt_field];
}
}
if (isset($this->fields[$this->content_field])) {
$convert_breaks = $row['field_ft_' . $this->content_field];
if ($this->parse_type === true) {
$settings['text_format'] = $row['field_ft_' . $this->content_field];
$this->field_data['content'] = $TYPE->parse_type($row['field_id_' . $this->content_field], $settings);
} else {
$this->field_data['content'] .= $row['field_id_' . $this->content_field];
}
}
if (isset($this->fields[$this->more_field])) {
if ($this->parse_type === true) {
$settings['text_format'] = $row['field_ft_' . $this->more_field];
$this->field_data['more'] = $TYPE->parse_type($row['field_id_' . $this->more_field], $settings);
} else {
$this->field_data['more'] .= $row['field_id_' . $this->more_field];
}
}
if (isset($this->fields[$this->keywords_field])) {
if ($this->parse_type === true) {
$settings['text_format'] = $row['field_ft_' . $this->keywords_field];
$this->field_data['keywords'] = $TYPE->parse_type($row['field_id_' . $this->keywords_field], $settings);
} else {
$this->field_data['keywords'] .= $row['field_id_' . $this->keywords_field];
}
}
// Categories
$cat_array = array();
$sql = "SELECT\texp_categories.cat_id, exp_categories.cat_name\n \t\t\t\tFROM\texp_category_posts, exp_categories\n \t\t\t\tWHERE\texp_category_posts.cat_id = exp_categories.cat_id\n \t\t\t\tAND\t\texp_category_posts.entry_id = '" . $row['entry_id'] . "' \n \t\t\t\tORDER BY cat_id";
$results = $DB->query($sql);
if ($results->num_rows > 0) {
foreach ($results->result as $rrow) {
$cat_array[] = new XML_RPC_Values($rrow['cat_name'], 'string');
//$cat_array[] = new XML_RPC_Values($rrow['cat_id'], 'string');
}
}
// Sent Trackbacks
$current_pings = strlen($query->row['sent_trackbacks']) > 0 ? explode("\n", trim($query->row['sent_trackbacks'])) : array();
$pings = array();
if (sizeof($current_pings) > 0) {
foreach ($current_pings as $value) {
$pings[] = new XML_RPC_Values($value, 'string');
}
}
// Entry Data to XML-RPC form
$entry_data = new XML_RPC_Values(array('userid' => new XML_RPC_Values($row['author_id'], 'string'), 'dateCreated' => new XML_RPC_Values(date('Ymd\\TH:i:s', $row['entry_date']) . 'Z', 'dateTime.iso8601'), 'blogid' => new XML_RPC_Values($row['weblog_id'], 'string'), 'title' => new XML_RPC_Values($row['title'], 'string'), 'mt_excerpt' => new XML_RPC_Values($this->field_data['excerpt'], 'string'), 'description' => new XML_RPC_Values($this->field_data['content'], 'string'), 'mt_text_more' => new XML_RPC_Values($this->field_data['more'], 'string'), 'mt_keywords' => new XML_RPC_Values($this->field_data['keywords'], 'string'), 'mt_convert_breaks' => new XML_RPC_Values($convert_breaks, 'string'), 'postid' => new XML_RPC_Values($row['entry_id'], 'string'), 'link' => new XML_RPC_Values($link, 'string'), 'permaLink' => new XML_RPC_Values($link, 'string'), 'categories' => new XML_RPC_Values($cat_array, 'array'), 'mt_allow_comments' => new XML_RPC_Values($row['allow_comments'] == 'y' ? 1 : 0, 'int'), 'mt_allow_pings' => new XML_RPC_Values($row['allow_trackbacks'] == 'y' ? 1 : 0, 'int'), 'mt_tb_ping_urls' => new XML_RPC_Values($pings, 'array')), 'struct');
array_push($response, $entry_data);
}
if ($entry_id != '') {
return new XML_RPC_Response($entry_data);
} else {
return new XML_RPC_Response(new XML_RPC_Values($response, 'array'));
}
}
/** -----------------------------
/** View Email
/** -----------------------------*/
function view_email()
{
global $IN, $DB, $LANG, $DSP, $LOC;
if (!$DSP->allowed_group('can_admin_members')) {
return $DSP->no_access_message();
}
$id = $IN->GBL('id');
/** -----------------------------
/** Run Query
/** -----------------------------*/
$query = $DB->query("SELECT subject, message, recipient, recipient_name, member_name, ip_address FROM exp_email_console_cache WHERE cache_id = '{$id}' ");
if ($query->num_rows == 0) {
$DSP->body .= $DSP->qdiv('itemWrapper', $DSP->qdiv('highlight', $LANG->line('no_cached_email')));
return;
}
/** -----------------------------
/** Render output
/** -----------------------------*/
$DSP->body .= $DSP->heading(BR . $query->row['subject']);
/** ----------------------------------------
/** Instantiate Typography class
/** ----------------------------------------*/
if (!class_exists('Typography')) {
require PATH_CORE . 'core.typography' . EXT;
}
$TYPE = new Typography();
$DSP->body .= $TYPE->parse_type($query->row['message'], array('text_format' => 'xhtml', 'html_format' => 'all', 'auto_links' => 'y', 'allow_img_url' => 'y'));
$DSP->body .= $DSP->qdiv('', BR);
$DSP->body .= $DSP->table('tableBorderNoBot', '0', '10', '100%');
$DSP->body .= $DSP->tr();
$DSP->body .= $DSP->table_qcell('tableCellTwo', $DSP->qspan('defaultBold', $LANG->line('from')));
$DSP->body .= $DSP->table_qcell('tableCellOne', $DSP->qspan('defaultBold', $query->row['member_name']));
$DSP->body .= $DSP->table_qcell('tableCellOne', $DSP->qspan('defaultBold', $query->row['ip_address']));
$DSP->body .= $DSP->tr_c();
$DSP->body .= $DSP->tr();
$DSP->body .= $DSP->table_qcell('tableCellTwo', $DSP->qspan('defaultBold', $LANG->line('to')));
$DSP->body .= $DSP->table_qcell('tableCellOne', $DSP->qspan('defaultBold', $query->row['recipient_name']));
$DSP->body .= $DSP->table_qcell('tableCellOne', $DSP->qspan('defaultBold', $DSP->mailto($query->row['recipient'])));
$DSP->body .= $DSP->tr_c();
$DSP->body .= $DSP->table_c();
}
function show_message($data, $xhtml = TRUE)
{
global $LANG, $DB, $PREFS, $REGX;
foreach (array('title', 'heading', 'content', 'redirect', 'rate', 'link') as $val) {
if (!isset($data[$val])) {
$data[$val] = '';
}
}
if (!is_numeric($data['rate']) or $data['rate'] == '') {
$data['rate'] = $this->resresh_time;
// There is a silly typo here that for legacy reasons we're leaving in.
}
$data['meta_refresh'] = $data['redirect'] != '' ? "<meta http-equiv='refresh' content='" . $data['rate'] . "; url=" . $REGX->xss_clean($data['redirect']) . "'>" : '';
$data['charset'] = $PREFS->ini('charset');
if (is_array($data['link']) and count($data['link']) > 0) {
$refresh_msg = ($data['redirect'] != '' and $this->refresh_msg == TRUE) ? $LANG->line('click_if_no_redirect') : '';
$ltitle = $refresh_msg == '' ? $data['link']['1'] : $refresh_msg;
$url = strtolower($data['link']['0']) == 'javascript:history.go(-1)' ? $data['link']['0'] : $REGX->xss_clean($data['link']['0']);
$data['link'] = "<a href='" . $url . "'>" . $ltitle . "</a>";
}
if ($xhtml == TRUE) {
if (!class_exists('Typography')) {
require PATH_CORE . 'core.typography' . EXT;
}
$TYPE = new Typography();
$data['content'] = $TYPE->parse_type(stripslashes($data['content']), array('text_format' => 'xhtml'));
}
$query = $DB->query("SELECT template_data FROM exp_specialty_templates WHERE site_id = '" . $DB->escape_str($PREFS->ini('site_id')) . "' AND template_name = 'message_template'");
foreach ($data as $key => $val) {
$query->row['template_data'] = str_replace('{' . $key . '}', $val, $query->row['template_data']);
}
echo stripslashes($query->row['template_data']);
exit;
}
private function _new_follower_email($leader_id, $follower_id, $template)
{
global $DB, $REGX, $PREFS, $FNS, $LANG;
//get leader information
$query = $DB->query("SELECT * FROM exp_members, exp_member_data\n\t\t\t\t\t\t\t WHERE exp_members.member_id = exp_member_data.member_id\n\t\t\t\t\t\t\t AND exp_members.member_id = '" . $leader_id . "'\n\t\t\t\t\t\t\t AND accept_messages = 'y'");
$leaderInfo = $query->result[0];
//get follower information
$query = $DB->query("SELECT * FROM exp_members, exp_member_data\n\t\t\t\t\t\t\t WHERE exp_members.member_id = exp_member_data.member_id\n\t\t\t\t\t\t\t AND exp_members.member_id = '" . $follower_id . "'");
$followerInfo = $query->result[0];
//get template information
list($template_group, $template_name) = split(SLASH, $template);
$sql = "SELECT g.group_name, t.template_name, t.template_data \n\t\t\t\tFROM exp_templates t \n\t\t\t\tLEFT JOIN exp_template_groups g ON t.group_id = g.group_id \n\t\t\t\tWHERE t.template_name='" . $template_name . "' \n\t\t\t\tAND g.group_name='" . $template_group . "'\n\t\t\t\tLIMIT 1";
$query = $DB->query($sql);
$templateInfo = $query->result[0];
//get template
$TMPL = new Template();
$TMPL->run_template_engine($query->row['group_name'], $query->row['template_name']);
$messagebody = $TMPL->final_template;
//get subject
$bodyArray = split("\n", $messagebody);
$subject = $LANG->line('followers_subject');
if (substr($bodyArray[0], 0, 9) == "Subject: ") {
$subject = substr($bodyArray[0], 9);
unset($bodyArray[0]);
}
$messagebody = join("\n", $bodyArray);
//get swap data
$swap['leader_name'] = $leaderInfo['m_field_id_37'] . ' ' . $leaderInfo['m_field_id_38'];
$swap['follower_name'] = $followerInfo['m_field_id_37'] . ' ' . $followerInfo['m_field_id_38'];
$swap['follower_id'] = $followerInfo['member_id'];
$swap['leader_id'] = $leaderInfo['member_id'];
//get conditionals
$cond['following_and_followed'] = $this->_check_if_mutual($leaderInfo['member_id'], $this->_get_member_id());
//perform swaps
$messagebody = $FNS->var_swap($messagebody, $swap);
$messagebody = $FNS->prep_conditionals($messagebody, $cond);
$subject = $FNS->var_swap($subject, $swap);
$subject = $FNS->prep_conditionals($subject, $cond);
if (!empty($leaderInfo)) {
if (!class_exists('EEmail')) {
require PATH_CORE . 'core.email' . EXT;
}
$email = new EEmail();
if (!class_exists('Typography')) {
require PATH_CORE . 'core.typography' . EXT;
}
$TYPE = new Typography(0);
$messagebody = $TYPE->parse_type(stripslashes($REGX->xss_clean($messagebody)), array('text_format' => 'none', 'html_format' => 'none', 'auto_links' => 'n', 'allow_img_url' => 'n'));
foreach ($query->result as $row) {
$email->initialize();
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to($leaderInfo['email']);
$email->subject($subject);
$email->message($REGX->entities_to_ascii($messagebody));
$email->Send();
// cc to private messaging table
$this->_cc_private_messaging(NULL, $leaderInfo['member_id'], $subject, $messagebody);
//
}
}
}
/**
* Constructor
*
* @param unknown_type $isnot_ee
*/
public function Ed_imageresizer()
{
global $TMPL, $IN, $PREFS;
$TYPE = new Typography();
$this->forceWidth = $TMPL->fetch_param('forceWidth') != 'yes' ? FALSE : TRUE;
$this->forceHeight = $TMPL->fetch_param('forceHeight') != 'yes' ? FALSE : TRUE;
$this->image = $TYPE->parse_file_paths(preg_replace('/^(s?f|ht)tps?:\\/\\/[^\\/]+/i', '', (string) html_entity_decode($TMPL->fetch_param('image'))));
$this->maxWidth = $TMPL->fetch_param('maxWidth') != '' ? (int) $TMPL->fetch_param('maxWidth') : 0;
$this->maxHeight = $TMPL->fetch_param('maxHeight') != '' ? (int) $TMPL->fetch_param('maxHeight') : 0;
$this->color = $TMPL->fetch_param('color') != '' ? preg_replace('/[^0-9a-fA-F]/', '', (string) $TMPL->fetch_param('color')) : FALSE;
$this->cropratio = $TMPL->fetch_param('cropratio');
$this->class = $TMPL->fetch_param('class');
$this->title = $TMPL->fetch_param('title');
$this->id = $TMPL->fetch_param('id');
$this->alt = $TMPL->fetch_param('alt');
$this->default_image = (string) html_entity_decode($TMPL->fetch_param('default'));
$this->href_only = $TMPL->fetch_param('href_only');
$this->debug = $TMPL->fetch_param('debug') != 'yes' ? false : true;
$this->grayscale = $TMPL->fetch_param('grayscale') != 'yes' ? false : true;
// LOW EDIT: Get server and cache paths from config file
if (!$this->server_path) {
$this->server_path = $PREFS->ini('ed_server_path');
}
if (!$this->cache_path) {
$this->cache_path = $PREFS->ini('ed_cache_path');
}
// END LOW EDIT
$error_string = '<div style="background:#f00; color:#fff; font:bold 11px verdana; padding:12px; border:2px solid #000">%s</div>';
if ($this->cache_path == '' || $this->server_path == '') {
if ($this->debug) {
$this->return_data = sprintf($error_string, 'The cache and server paths need to be set in your config file.');
} else {
$this->return_data = '';
}
return;
}
$ret = $this->_run();
// error
if (is_array($ret) && $this->debug) {
$this->return_data = sprintf($error_string, $ret[2]);
return;
} elseif (is_array($ret)) {
return;
}
$this->return_data = $ret;
return;
}
public function find_flags($quarantinable_id, $quarantinable_type)
{
global $DB, $LANG, $PREFS;
$flag_query = $DB->query("SELECT\n\t\t\t\t# submissions\n\t\t\t\ts.id as id,\n\t\t\t\ts.ip as ip,\n\t\t\t\ts.created_at as created_at,\n\t\t\t\ts.flag_type as type,\n\t\t\t\ts.comment as comment,\n\t\t\t\ts.email as email,\n\t\t\t\tIF(STRCMP(s.name,''),s.name,'Guest') as name,\n\t\t\t\tm.member_id as member_id,\n\t\t\t\tm.email as member_email,\n\t\t\t\tm.url as member_url,\n\t\t\t\tIF(STRCMP(m.screen_name,''),m.screen_name,m.username) as member_name\n\t\t\tFROM exp_nsm_quarantine_submissions as s\n\t\t\tLEFT JOIN exp_members as m ON m.member_id = s.member_id\n\t\t\tWHERE s.quarantinable_id={$quarantinable_id} AND s.quarantinable_type='{$quarantinable_type}'\n\t\t\tAND s.site_id = " . $PREFS->ini('site_id') . "\n\t\t\tORDER BY s.created_at DESC");
if (!class_exists('Typography')) {
require PATH_CORE . 'core.typography' . EXT;
}
$TYPE = new Typography();
$type_prefs = array('text_format' => 'xhtml', 'html_format' => 'safe', 'auto_links' => 'y', 'allow_img_url' => 'y');
foreach ($flag_query->result as &$flag) {
if (empty($flag['member_id']) === FALSE) {
$flag['author_cp_url'] = BASE . AMP . "C=myaccount" . AMP . "id=" . $flag['member_id'];
$flag['name'] = $flag['member_name'];
$flag['email'] = $flag['member_email'];
}
$flag['comment'] = $TYPE->parse_type(stripslashes(htmlentities($flag['comment'])), $type_prefs);
}
return $flag_query->num_rows > 0 ? $flag_query->result : FALSE;
}
/** ----------------------------------------
/** Member Public Profile
/** ----------------------------------------*/
function public_profile()
{
global $IN, $SESS, $LANG, $OUT, $DB, $FNS, $PREFS, $LOC, $REGX;
/** ----------------------------------------
/** Can the user view profiles?
/** ----------------------------------------*/
if ($SESS->userdata['can_view_profiles'] == 'n')
{
return $OUT->show_user_error('general', array($LANG->line('mbr_not_allowed_to_view_profiles')));
}
/** ----------------------------------------
/** Fetch the member data
/** ----------------------------------------*/
$sql = " SELECT m.member_id, m.weblog_id, m.tmpl_group_id, m.group_id, m.username, m.screen_name, m.email, m.signature, m.avatar_filename, m.avatar_width, m.avatar_height, m.photo_filename, m.photo_width, m.photo_height, m.url, m.location, m.occupation, m.interests, m.icq, m.aol_im, m.yahoo_im, m.msn_im, m.bio, m.join_date, m.last_visit, m.last_activity, m.last_entry_date, m.last_comment_date, m.last_forum_post_date, m.total_entries, m.total_comments, m.total_forum_topics, m.total_forum_posts, m.language, m.timezone, m.daylight_savings, m.bday_d, m.bday_m, m.bday_y, m.accept_user_email, g.group_title, g.can_send_private_messages
FROM exp_members m, exp_member_groups g
WHERE m.member_id = '".$this->cur_id."'
AND g.site_id = '".$DB->escape_str($PREFS->ini('site_id'))."'
AND m.group_id = g.group_id ";
if ($this->is_admin == FALSE OR $SESS->userdata('group_id') != 1)
{
$sql .= "AND m.group_id != '2' ";
}
$sql .=" AND m.group_id != '3' AND m.group_id != '4'";
$query = $DB->query($sql);
if ($query->num_rows == 0)
{
return $OUT->show_user_error('general', array($LANG->line('profile_not_available')));
}
/** ----------------------------------------
/** Fetch the template
/** ----------------------------------------*/
$content = $this->_load_element('public_profile');
/** ----------------------------------------
/** Is there an avatar?
/** ----------------------------------------*/
if ($PREFS->ini('enable_avatars') == 'y' AND $query->row['avatar_filename'] != '')
{
$avatar_path = $PREFS->ini('avatar_url', 1).$query->row['avatar_filename'];
$avatar_width = $query->row['avatar_width'];
$avatar_height = $query->row['avatar_height'];
$content = $this->_allow_if('avatar', $content);
}
else
{
$avatar_path = '';
$avatar_width = '';
$avatar_height = '';
$content = $this->_deny_if('avatar', $content);
}
/** ----------------------------------------
/** Is there a member photo?
/** ----------------------------------------*/
if ($PREFS->ini('enable_photos') == 'y' AND $query->row['photo_filename'] != '')
{
$photo_path = $PREFS->ini('photo_url', 1).$query->row['photo_filename'];
$photo_width = $query->row['photo_width'];
$photo_height = $query->row['photo_height'];
$content = $this->_allow_if('photo', $content);
$content = $this->_deny_if('not_photo', $content);
}
else
{
$photo_path = '';
$photo_width = '';
$photo_height = '';
$content = $this->_deny_if('photo', $content);
$content = $this->_allow_if('not_photo', $content);
}
/** ----------------------------------------
/** Forum specific stuff
/** ----------------------------------------*/
$rank_class = 'rankMember';
$rank_title = '';
$rank_stars = '';
$stars = '';
if ($this->in_forum == TRUE)
{
$rank_query = $DB->query("SELECT rank_title, rank_min_posts, rank_stars FROM exp_forum_ranks ORDER BY rank_min_posts");
$mod_query = $DB->query("SELECT mod_member_id, mod_group_id FROM exp_forum_moderators");
$total_posts = ($query->row['total_forum_topics'] + $query->row['total_forum_posts']);
/** ----------------------------------------
/** Assign the rank stars
/** ----------------------------------------*/
if (preg_match("/{if\s+rank_stars\}(.+?){\/if\}/i", $content, $matches))
{
$rank_stars = $matches['1'];
$content = str_replace($matches['0'], '{rank_stars}', $content);
}
if ($rank_stars != '' AND $rank_query->num_rows > 0)
{
$num_stars = NULL;
$rank_title = '';
$i = 1;
foreach ($rank_query->result as $rank)
{
if ($num_stars == NULL)
{
$num_stars = $rank['rank_stars'];
$rank_title = $rank['rank_title'];
}
if ($rank['rank_min_posts'] >= $total_posts)
{
$stars = str_repeat($rank_stars, $num_stars);
break;
}
else
{
$num_stars = $rank['rank_stars'];
$rank_title = $rank['rank_title'];
}
if ($i++ == $rank_query->num_rows)
{
$stars = str_repeat($rank_stars, $num_stars);
break;
}
}
}
/** ----------------------------------------
/** Assign the member rank
/** ----------------------------------------*/
// Is the user an admin?
$admin_query = $DB->query('SELECT admin_group_id, admin_member_id FROM exp_forum_administrators');
$is_admin = FALSE;
if ($admin_query->num_rows > 0)
{
foreach ($admin_query->result as $row)
{
if ($row['admin_member_id'] != 0)
{
if ($row['admin_member_id'] == $this->cur_id)
{
$is_admin = TRUE;
break;
}
}
elseif ($row['admin_group_id'] != 0)
{
if ($row['admin_group_id'] == $query->row['group_id'])
{
$is_admin = TRUE;
break;
}
}
}
}
if ($query->row['group_id'] == 1 OR $is_admin == TRUE)
{
$rankclass = 'rankAdmin';
$rank_class = 'rankAdmin';
$rank_title = $LANG->line('administrator');
}
else
{
if ($mod_query->num_rows > 0)
{
foreach ($mod_query->result as $mod)
{
if ($mod['mod_member_id'] == $this->cur_id OR $mod['mod_group_id'] == $query->row['group_id'])
{
$rank_class = 'rankModerator';
$rank_title = $LANG->line('moderator');
break;
}
}
}
}
}
/** ----------------------------------------
/** Parse variables
/** ----------------------------------------*/
$qs = ($PREFS->ini('force_query_string') == 'y') ? '' : '?';
if ($this->in_forum == TRUE)
{
$search_path = $this->forum_path.'member_search/'.$this->cur_id.'/';
}
else
{
$search_path = $FNS->fetch_site_index(0, 0).$qs.'ACT='.$FNS->fetch_action_id('Search', 'do_search').'&mbr='.urlencode($query->row['member_id']);
}
$ignore_form = array('hidden_fields' => array('toggle[]' => '', 'name' => '', 'daction' => ''),
'action' => $this->_member_path('update_ignore_list'),
'id' => 'target'
);
if ( ! in_array($query->row['member_id'], $SESS->userdata['ignore_list']))
{
$ignore_button = "<a href='".$this->_member_path('edit_ignore_list')."' ".
"onclick='dynamic_action(\"add\");list_addition(\"".$query->row['screen_name']."\");return false;'>".
"{lang:ignore_member}</a></form>";
}
else
{
$ignore_button = "<a href='".$this->_member_path('edit_ignore_list')."' ".
"onclick='dynamic_action(\"delete\");list_addition(\"".$query->row['member_id']."\", \"toggle[]\");return false;'>".
"{lang:unignore_member}</a></form>";
}
$content = $this->_var_swap($content,
array(
'aim_console' => "onclick=\"window.open('".$this->_member_path('aim_console/'.$this->cur_id)."', '_blank', 'width=240,height=360,scrollbars=yes,resizable=yes,status=yes,screenx=5,screeny=5');\"",
'icq_console' => "onclick=\"window.open('".$this->_member_path('icq_console/'.$this->cur_id)."', '_blank', 'width=650,height=580,scrollbars=yes,resizable=yes,status=yes,screenx=5,screeny=5');\"",
'yahoo_console' => "http://edit.yahoo.com/config/send_webmesg?.target=".$query->row['yahoo_im']."&.src=pg",
'email_console' => "onclick=\"window.open('".$this->_member_path('email_console/'.$this->cur_id)."', '_blank', 'width=650,height=600,scrollbars=yes,resizable=yes,status=yes,screenx=5,screeny=5');\"",
'send_private_message' => $this->_member_path('messages/pm/'.$this->cur_id),
'search_path' => $search_path,
'path:avatar_url' => $avatar_path,
'avatar_width' => $avatar_width,
'avatar_height' => $avatar_height,
'path:photo_url' => $photo_path,
'photo_width' => $photo_width,
'photo_height' => $photo_height,
'rank_class' => $rank_class,
'rank_stars' => $stars,
'rank_title' => $rank_title,
'ignore_link' => $this->list_js().
$FNS->form_declaration($ignore_form).
$ignore_button
)
);
$vars = $FNS->assign_variables($content, '/');
$this->var_single = $vars['var_single'];
$this->var_pair = $vars['var_pair'];
$this->var_cond = $FNS->assign_conditional_variables($content, '/');
/** ----------------------------------------
/** Parse conditional pairs
/** ----------------------------------------*/
foreach ($this->var_cond as $val)
{
/** ----------------------------------------
/** Conditional statements
/** ----------------------------------------*/
$cond = $FNS->prep_conditional($val['0']);
$lcond = substr($cond, 0, strpos($cond, ' '));
$rcond = substr($cond, strpos($cond, ' '));
if ( isset($query->row[$val['3']]))
{
$lcond = str_replace($val['3'], "\$query->row['".$val['3']."']", $lcond);
$cond = $lcond.' '.$rcond;
$cond = str_replace("\|", "|", $cond);
eval("\$result = ".$cond.";");
if ($result)
{
$content = preg_replace("/".LD.$val['0'].RD."(.*?)".LD.'\/if'.RD."/s", "\\1", $content);
}
else
{
$content = preg_replace("/".LD.$val['0'].RD."(.*?)".LD.'\/if'.RD."/s", "", $content);
}
}
/** ----------------------------------------
/** {if accept_email}
/** ----------------------------------------*/
if (preg_match("/^if\s+accept_email.*/i", $val['0']))
{
if ($query->row['accept_user_email'] == 'n')
{
$content = preg_replace("/".LD.$val['0'].RD."(.+?)".LD.'\/if'.RD."/s", "", $content);
}
else
{
$content = preg_replace("/".LD.$val['0'].RD."(.+?)".LD.'\/if'.RD."/s", "\\1", $content);
}
}
/** ----------------------------------------
/** {if can_private_message}
/** ----------------------------------------*/
if (stristr($val['0'], 'can_private_message'))
{
if ($query->row['can_send_private_messages'] == 'n')
{
$content = preg_replace("/".LD.$val['0'].RD."(.+?)".LD.'\/if'.RD."/s", "", $content);
}
else
{
$content = preg_replace("/".LD.$val['0'].RD."(.+?)".LD.'\/if'.RD."/s", "\\1", $content);
}
}
/** -------------------------------------
/** {if ignore}
/** -------------------------------------*/
if (stristr($val['0'], 'ignore'))
{
if ($query->row['member_id'] == $SESS->userdata['member_id'])
{
$content = $this->_deny_if('ignore', $content);
}
else
{
$content = $this->_allow_if('ignore', $content);
}
}
}
// END CONDITIONAL PAIRS
if ( ! class_exists('Typography'))
{
require PATH_CORE.'core.typography'.EXT;
}
$TYPE = new Typography;
/** ----------------------------------------
/** Parse "single" variables
/** ----------------------------------------*/
foreach ($this->var_single as $key => $val)
{
/** ----------------------------------------
/** Format URLs
/** ----------------------------------------*/
if ($key == 'url')
{
if (substr($query->row['url'], 0, 4) != "http" AND ! ereg('://', $query->row['url']))
$query->row['url'] = "http://".$query->row['url'];
}
/** ----------------------------------------
/** "last_visit"
/** ----------------------------------------*/
if (ereg("^last_visit", $key))
{
$content = $this->_var_swap_single($key, ($query->row['last_activity'] > 0) ? $LOC->decode_date($val, $query->row['last_activity']) : '', $content);
}
/** ----------------------------------------
/** "join_date"
/** ----------------------------------------*/
if (ereg("^join_date", $key))
{
$content = $this->_var_swap_single($key, ($query->row['join_date'] > 0) ? $LOC->decode_date($val, $query->row['join_date']) : '', $content);
}
/** ----------------------------------------
/** "last_entry_date"
/** ----------------------------------------*/
if (ereg("^last_entry_date", $key))
{
$content = $this->_var_swap_single($key, ($query->row['last_entry_date'] > 0) ? $LOC->decode_date($val, $query->row['last_entry_date']) : '', $content);
}
/** ----------------------------------------
/** "last_forum_post_date"
/** ----------------------------------------*/
if (ereg("^last_forum_post_date", $key))
{
$content = $this->_var_swap_single($key, ($query->row['last_forum_post_date'] > 0) ? $LOC->decode_date($val, $query->row['last_forum_post_date']) : '', $content);
}
/** ----------------------------------------
/** parse "recent_comment"
/** ----------------------------------------*/
if (ereg("^last_comment_date", $key))
{
$content = $this->_var_swap_single($key, ($query->row['last_comment_date'] > 0) ? $LOC->decode_date($val, $query->row['last_comment_date']) : '', $content);
}
/** ----------------------
/** {name}
/** ----------------------*/
$name = ( ! $query->row['screen_name']) ? $query->row['username'] : $query->row['screen_name'];
$name = $this->_convert_special_chars($name);
if ($key == "name")
{
$content = $this->_var_swap_single($val, $name, $content);
}
/** ----------------------
/** {member_group}
/** ----------------------*/
if ($key == "member_group")
{
$content = $this->_var_swap_single($val, $query->row['group_title'], $content);
}
/** ----------------------
/** {email}
/** ----------------------*/
if ($key == "email")
{
$content = $this->_var_swap_single($val, $TYPE->encode_email($query->row['email']), $content);
}
/** ----------------------
/** {birthday}
/** ----------------------*/
if ($key == "birthday")
{
$birthday = '';
if ($query->row['bday_m'] != '' AND $query->row['bday_m'] != 0)
{
$month = (strlen($query->row['bday_m']) == 1) ? '0'.$query->row['bday_m'] : $query->row['bday_m'];
$m = $LOC->localize_month($month);
$birthday .= $LANG->line($m['1']);
if ($query->row['bday_d'] != '' AND $query->row['bday_d'] != 0)
{
$birthday .= ' '.$query->row['bday_d'];
}
}
if ($query->row['bday_y'] != '' AND $query->row['bday_y'] != 0)
{
if ($birthday != '')
{
$birthday .= ', ';
}
$birthday .= $query->row['bday_y'];
}
if ($birthday == '')
{
$birthday = '';
}
$content = $this->_var_swap_single($val, $birthday, $content);
}
/** ----------------------
/** {timezone}
/** ----------------------*/
if ($key == "timezone")
{
$timezone = ($query->row['timezone'] != '') ? $LANG->line($query->row['timezone']) : '';
$content = $this->_var_swap_single($val, $timezone, $content);
}
/** ----------------------
/** {local_time}
/** ----------------------*/
if (ereg("^local_time", $key))
{
$time = $LOC->now;
if ($SESS->userdata('member_id') != $this->cur_id)
{
// Default is UTC?
$zone = ($query->row['timezone'] == '') ? 'UTC' : $query->row['timezone'];
$time = $LOC->set_localized_time($time, $zone, $query->row['daylight_savings']);
}
$content = $this->_var_swap_single($key, $LOC->decode_date($val, $time), $content);
}
/** ----------------------
/** {bio}
/** ----------------------*/
if (ereg("^bio$", $key))
{
$bio = $TYPE->parse_type($query->row[$val],
array(
'text_format' => 'xhtml',
'html_format' => 'safe',
'auto_links' => 'y',
'allow_img_url' => 'n'
)
);
$content = $this->_var_swap_single($key, $bio, $content);
}
// Special condideration for {total_forum_replies}, and
// {total_forum_posts} whose meanings do not match the
// database field names
if (ereg("^total_forum_replies", $key))
{
$content = $this->_var_swap_single($key, $query->row['total_forum_posts'], $content);
}
if (ereg("^total_forum_posts", $key))
{
$total_posts = $query->row['total_forum_topics'] + $query->row['total_forum_posts'];
$content = $this->_var_swap_single($key, $total_posts, $content);
}
/** ----------------------------------------
/** parse basic fields (username, screen_name, etc.)
/** ----------------------------------------*/
if (isset($query->row[$val]))
{
$content = $this->_var_swap_single($val, $query->row[$val], $content);
}
}
/** -------------------------------------
/** Do we have custom fields to show?
/** ------------------------------------*/
// Grab the data for the particular member
$sql = "SELECT m_field_id, m_field_name, m_field_label, m_field_description, m_field_fmt FROM exp_member_fields ";
if ($SESS->userdata['group_id'] != 1)
{
$sql .= " WHERE m_field_public = 'y' ";
}
$sql .= " ORDER BY m_field_order";
$query = $DB->query($sql);
if ($query->num_rows > 0)
{
$fnames = array();
foreach ($query->result as $row)
{
$fnames[$row['m_field_name']] = $row['m_field_id'];
}
$result = $DB->query("SELECT * FROM exp_member_data WHERE member_id = '{$this->cur_id}'");
/** ----------------------------------------
/** Parse conditionals for custom fields
/** ----------------------------------------*/
foreach ($this->var_cond as $val)
{
// Prep the conditional
$cond = $FNS->prep_conditional($val['0']);
$lcond = substr($cond, 0, strpos($cond, ' '));
$rcond = substr($cond, strpos($cond, ' '));
if (isset($fnames[$val['3']]))
{
$lcond = str_replace($val['3'], "\$result->row['m_field_id_".$fnames[$val['3']]."']", $lcond);
$cond = $lcond.' '.$rcond;
$cond = str_replace("\|", "|", $cond);
eval("\$rez = ".$cond.";");
if ($rez)
{
$content = preg_replace("/".LD.$val['0'].RD."(.*?)".LD.'\/if'.RD."/s", "\\1", $content);
}
else
{
$content = preg_replace("/".LD.$val['0'].RD."(.*?)".LD.'\/if'.RD."/s", "", $content);
}
}
}
// END CONDITIONALS
/** ----------------------------------------
/** Parse single variables
/** ----------------------------------------*/
foreach ($this->var_single as $key => $val)
{
foreach ($query->result as $row)
{
if ($row['m_field_name'] == $key)
{
$field_data = ( ! isset( $result->row['m_field_id_'.$row['m_field_id']] )) ? '' : $result->row['m_field_id_'.$row['m_field_id']];
if ($field_data != '')
{
$field_data = $TYPE->parse_type($field_data,
array(
'text_format' => $row['m_field_fmt'],
'html_format' => 'none',
'auto_links' => 'n',
'allow_img_url' => 'n'
)
);
}
$content = $this->_var_swap_single($val, $field_data, $content);
}
}
}
/** ----------------------------------------
/** Parse auto-generated "custom_fields"
/** ----------------------------------------*/
$field_chunk = $this->_load_element('public_custom_profile_fields');
// Is there a chunk to parse?
if ($query->num_rows == 0)
{
$content = preg_replace("/{custom_profile_fields}/s", '', $content);
}
else
{
if ( ! class_exists('Typography'))
{
require PATH_CORE.'core.typography'.EXT;
}
$TYPE = new Typography;
$str = '';
foreach ($query->result as $row)
{
$temp = $field_chunk;
$field_data = ( ! isset( $result->row['m_field_id_'.$row['m_field_id']] )) ? '' : $result->row['m_field_id_'.$row['m_field_id']];
if ($field_data != '')
{
$field_data = $TYPE->parse_type($field_data,
array(
'text_format' => $row['m_field_fmt'],
'html_format' => 'safe',
'auto_links' => 'y',
'allow_img_url' => 'n'
)
);
}
$temp = str_replace('{field_name}', $row['m_field_label'], $temp);
$temp = str_replace('{field_description}', $row['m_field_description'], $temp);
$temp = str_replace('{field_data}', $field_data, $temp);
$str .= $temp;
}
$content = preg_replace("/{custom_profile_fields}/s", $str, $content);
}
}
// END if ($quey->num_rows > 0)
/** ----------------------------------------
/** Clean up left over variables
/** ----------------------------------------*/
$content = preg_replace("/{custom_profile_fields}/s", '', $content);
$content = preg_replace("/".LD."if\s+.*?".RD.".*?".LD.'\/if'.RD."/s", "", $content);
return $content;
}
/** -----------------------------------------
/** USAGE: Get Recent Posts for User
/** -----------------------------------------*/
function getRecentPosts($plist, $entry_id = '')
{
global $DB, $LANG, $FNS;
$parameters = $plist->output_parameters();
if (!$this->fetch_member_data($parameters['2'], $parameters['3'])) {
return new XML_RPC_Response('0', '802', $LANG->line('invalid_access'));
}
if (!$this->userdata['can_access_edit']) {
return new XML_RPC_Response('0', '802', $LANG->line('invalid_access'));
}
/** ---------------------------------------
/** Parse Out Weblog Information
/** ---------------------------------------*/
if ($entry_id == '') {
$this->parse_weblog($parameters['1']);
$limit = (!isset($parameters['4']) or $parameters['4'] == '0') ? '10' : $parameters['4'];
}
/** ---------------------------------------
/** Perform Query
/** ---------------------------------------*/
$sql = "SELECT DISTINCT(exp_weblog_titles.entry_id), exp_weblog_titles.title, exp_weblog_titles.weblog_id,\n \t\t\texp_weblog_titles.author_id, exp_weblog_titles.entry_date, exp_weblog_data.*\n FROM exp_weblog_titles, exp_weblog_data ";
if ($this->categories != '' && $this->categories != 'none') {
$sql .= "INNER JOIN exp_category_posts ON exp_weblog_titles.entry_id = exp_category_posts.entry_id ";
}
$sql .= "WHERE\texp_weblog_titles.entry_id = exp_weblog_data.entry_id ";
if ($this->userdata['group_id'] != '1' && !$this->userdata['can_edit_other_entries']) {
$sql .= "AND exp_weblog_titles.author_id = '" . $this->userdata['member_id'] . "' ";
}
if ($entry_id != '') {
$sql .= "AND exp_weblog_titles.entry_id = '{$entry_id}' ";
} else {
$sql .= str_replace('exp_weblogs.weblog_id', 'exp_weblog_titles.weblog_id', $this->weblog_sql) . " ";
}
if ($this->categories != '' && $this->categories != 'none') {
$sql .= $FNS->sql_andor_string($this->categories, 'exp_category_posts.cat_id') . " ";
}
if ($this->status != '') {
$sql .= $FNS->sql_andor_string($this->status, 'exp_weblog_titles.status') . " ";
}
if ($entry_id == '') {
$sql .= "ORDER BY entry_date desc LIMIT 0, {$limit}";
}
$query = $DB->query($sql);
if ($query->num_rows == 0) {
return new XML_RPC_Response('0', '802', $LANG->line('no_entries_found'));
}
if ($entry_id != '') {
$this->parse_weblog($query->row['weblog_id']);
}
/** ----------------------------------------
/** Instantiate Typography class
/** ----------------------------------------*/
if ($this->parse_type === true) {
if (!class_exists('Typography')) {
require PATH_CORE . 'core.typography' . EXT;
}
$TYPE = new Typography(0);
$TYPE->encode_email = false;
}
/** ---------------------------------------
/** Process Output
/** ---------------------------------------*/
$response = array();
foreach ($query->result as $row) {
$entry_content = '<title>' . $row['title'] . '</title>';
// Fields: Textarea and Text Input Only
foreach ($this->fields as $field_id => $field_data) {
if (isset($row['field_id_' . $field_id])) {
$field_content = $row['field_id_' . $field_id];
if ($this->parse_type === true) {
$field_content = $TYPE->parse_type($field_content, array('text_format' => $this->text_format === false ? 'none' : $field_data['1'], 'html_format' => $this->html_format, 'auto_links' => 'n', 'allow_img_url' => 'n'));
}
if ($this->block_entry === true) {
$entry_content .= trim($field_content) != '' ? $this->LB . $field_content : '';
} else {
$entry_content .= $this->LB . "<{$field_data['0']}>" . $field_content . "</{$field_data['0']}>";
}
}
}
// Categories
$cat_array = array();
$sql = "SELECT\texp_categories.cat_name, exp_categories.cat_id\n \t\t\t\tFROM\texp_category_posts, exp_categories\n \t\t\t\tWHERE\texp_category_posts.cat_id = exp_categories.cat_id\n \t\t\t\tAND\t\texp_category_posts.entry_id = '" . $row['entry_id'] . "' ";
$sql .= $this->cat_output == 'name' ? "ORDER BY cat_name" : "ORDER BY cat_id";
$results = $DB->query($sql);
if ($results->num_rows > 0) {
foreach ($results->result as $rrow) {
$cat_array[] = $this->cat_output == 'name' ? $rrow['cat_name'] : $rrow['cat_id'];
}
}
$cats = sizeof($cat_array) > 0 ? implode('|', $cat_array) : '';
$entry_content .= $this->block_entry === true ? '' : $this->LB . "<category>" . $cats . "</category>";
// Entry Data to XML-RPC form
$entry_data = new XML_RPC_Values(array('userid' => new XML_RPC_Values($row['author_id'], 'string'), 'dateCreated' => new XML_RPC_Values(date('Y-m-d\\TH:i:s', $row['entry_date']) . '+00:00', 'dateTime.iso8601'), 'blogid' => new XML_RPC_Values($row['weblog_id'], 'string'), 'content' => new XML_RPC_Values($entry_content, 'string'), 'postid' => new XML_RPC_Values($row['entry_id'], 'string'), 'category' => new XML_RPC_Values($cats, 'string')), 'struct');
array_push($response, $entry_data);
}
if ($entry_id != '') {
return new XML_RPC_Response($entry_data);
} else {
return new XML_RPC_Response(new XML_RPC_Values($response, 'array'));
}
}
/**
* Save Field Settings
*
* @param array $field_settings The field's settings
* @return array modified $settings
*/
function save_field_settings($settings)
{
global $DB, $TYPE;
// merge nested wygwam settings
if (isset($settings['wygwam']))
{
$settings = array_merge($settings, $settings['wygwam']);
unset($settings['wygwam']);
}
// -------------------------------------------
// Advanced Settings
// -------------------------------------------
$config_lists = $this->helper->config_lists();
// convert any advanced settings to their proper formats
if (isset($settings['config']) && is_array($settings['config']))
{
foreach ($settings['config'] as $config => $value)
{
// format_tags?
if ($config == 'format_tags')
{
$settings['config'][$config] = implode(';', $value);
}
// list?
if (in_array($config, $config_lists))
{
$settings['config'][$config] = array_filter(preg_split('/[\r\n]+/', $value));
}
}
}
// -------------------------------------------
// Field Conversion
// -------------------------------------------
if (isset($_POST['field_id']) && $_POST['field_id'] && isset($settings['convert']) && $settings['convert'])
{
$field_id = $_POST['field_id'];
$query = $DB->query('SELECT entry_id, field_id_'.$field_id.' data, field_ft_'.$field_id.' format
FROM exp_weblog_data
WHERE field_id_'.$field_id.' != ""');
if ($query->num_rows)
{
// prepare Typography
if (! $TYPE)
{
if (! class_exists('Typography'))
{
require PATH_CORE.'core.typography'.EXT;
}
$TYPE = new Typography;
}
// prepare Textile
if ($settings['convert'] == 'textile')
{
if (! class_exists('Textile'))
{
require FT_PATH.'wygwam/lib/textile/textile.php';
}
$textile = new Textile();
}
foreach ($query->result as $row)
{
$data = $row['data'];
$convert = FALSE;
// Auto <br /> and XHTML
switch ($row['format'])
{
case 'br': $convert = TRUE; $data = $TYPE->nl2br_except_pre($data); break;
case 'xhtml': $convert = TRUE; $data = $TYPE->auto_typography($data); break;
}
// Textile
if ($settings['convert'] == 'textile')
{
$convert = TRUE;
$data = $textile->TextileThis($data);
}
// Save the new field data
if ($convert)
{
$DB->query($DB->update_string('exp_weblog_data',
array(
'field_id_'.$field_id => $data,
'field_ft_'.$field_id => 'none'
),
'entry_id = '.$row['entry_id']
));
}
}
}
}
return $settings;
}
/** ----------------------------------------
/** Insert new comment
/** ----------------------------------------*/
function insert_new_comment()
{
global $IN, $SESS, $PREFS, $DB, $FNS, $OUT, $LANG, $REGX, $LOC, $STAT, $EXT;
$default = array('name', 'email', 'url', 'comment', 'location', 'entry_id');
foreach ($default as $val) {
if (!isset($_POST[$val])) {
$_POST[$val] = '';
}
}
// No entry ID? What the heck are they doing?
if (!is_numeric($_POST['entry_id'])) {
return false;
}
// If the comment is empty, bounce them back
if ($_POST['comment'] == '') {
if (!isset($_POST['RET']) or $_POST['RET'] == '') {
return false;
}
$FNS->redirect($_POST['RET']);
}
/** ----------------------------------------
/** Fetch the comment language pack
/** ----------------------------------------*/
$LANG->fetch_language_file('comment');
/** ----------------------------------------
/** Is the user banned?
/** ----------------------------------------*/
if ($SESS->userdata['is_banned'] == TRUE) {
return $OUT->show_user_error('general', array($LANG->line('not_authorized')));
}
/** ----------------------------------------
/** Is the IP address and User Agent required?
/** ----------------------------------------*/
if ($PREFS->ini('require_ip_for_posting') == 'y') {
if ($IN->IP == '0.0.0.0' || $SESS->userdata['user_agent'] == "") {
return $OUT->show_user_error('general', array($LANG->line('not_authorized')));
}
}
/** ----------------------------------------
/** Is the nation of the user banend?
/** ----------------------------------------*/
$SESS->nation_ban_check();
/** ----------------------------------------
/** Can the user post comments?
/** ----------------------------------------*/
if ($SESS->userdata['can_post_comments'] == 'n') {
$error[] = $LANG->line('cmt_no_authorized_for_comments');
return $OUT->show_user_error('general', $error);
}
/** ----------------------------------------
/** Blacklist/Whitelist Check
/** ----------------------------------------*/
if ($IN->blacklisted == 'y' && $IN->whitelisted == 'n') {
return $OUT->show_user_error('general', array($LANG->line('not_authorized')));
}
/** ----------------------------------------
/** Is this a preview request?
/** ----------------------------------------*/
if (isset($_POST['preview'])) {
return $this->preview_handler();
}
// -------------------------------------------
// 'insert_comment_start' hook.
// - Allows complete rewrite of comment submission routine.
// - Or could be used to modify the POST data before processing
//
$edata = $EXT->call_extension('insert_comment_start');
if ($EXT->end_script === TRUE) {
return;
}
//
// -------------------------------------------
/** ----------------------------------------
/** Fetch weblog preferences
/** ----------------------------------------*/
$sql = "SELECT exp_weblog_titles.title, \n exp_weblog_titles.url_title,\n exp_weblog_titles.weblog_id,\n exp_weblog_titles.author_id,\n exp_weblog_titles.comment_total,\n exp_weblog_titles.allow_comments,\n exp_weblog_titles.entry_date,\n exp_weblog_titles.comment_expiration_date,\n exp_weblogs.blog_title,\n exp_weblogs.comment_system_enabled,\n exp_weblogs.comment_max_chars,\n exp_weblogs.comment_use_captcha,\n exp_weblogs.comment_timelock,\n exp_weblogs.comment_require_membership,\n exp_weblogs.comment_moderate,\n exp_weblogs.comment_require_email,\n exp_weblogs.comment_notify,\n exp_weblogs.comment_notify_authors,\n exp_weblogs.comment_notify_emails,\n exp_weblogs.comment_expiration\n FROM exp_weblog_titles, exp_weblogs\n WHERE exp_weblog_titles.weblog_id = exp_weblogs.weblog_id\n AND exp_weblog_titles.entry_id = '" . $DB->escape_str($_POST['entry_id']) . "'\n\t\t\t\tAND exp_weblog_titles.status != 'closed' ";
// -------------------------------------------
// 'insert_comment_preferences_sql' hook.
// - Rewrite or add to the comment preference sql query
// - Could be handy for comment/weblog restrictions
//
if ($EXT->active_hook('insert_comment_preferences_sql') === TRUE) {
$sql = $EXT->call_extension('insert_comment_preferences_sql', $sql);
if ($EXT->end_script === TRUE) {
return $edata;
}
}
//
// -------------------------------------------
$query = $DB->query($sql);
unset($sql);
if ($query->num_rows == 0) {
return false;
}
/** ----------------------------------------
/** Are comments allowed?
/** ----------------------------------------*/
if ($query->row['allow_comments'] == 'n' || $query->row['comment_system_enabled'] == 'n') {
return $OUT->show_user_error('submission', $LANG->line('cmt_comments_not_allowed'));
}
/** ----------------------------------------
/** Has commenting expired?
/** ----------------------------------------*/
if ($this->comment_expiration_mode == 0) {
if ($query->row['comment_expiration_date'] > 0) {
if ($LOC->now > $query->row['comment_expiration_date']) {
return $OUT->show_user_error('submission', $LANG->line('cmt_commenting_has_expired'));
}
}
} else {
if ($query->row['comment_expiration'] > 0) {
$days = $query->row['entry_date'] + $query->row['comment_expiration'] * 86400;
if ($LOC->now > $days) {
return $OUT->show_user_error('submission', $LANG->line('cmt_commenting_has_expired'));
}
}
}
/** ----------------------------------------
/** Is there a comment timelock?
/** ----------------------------------------*/
if ($query->row['comment_timelock'] != '' and $query->row['comment_timelock'] > 0) {
if ($SESS->userdata['group_id'] != 1) {
$time = $LOC->now - $query->row['comment_timelock'];
$result = $DB->query("SELECT COUNT(*) AS count FROM exp_comments WHERE comment_date > '{$time}' AND ip_address = '{$IN->IP}' ");
if ($result->row['count'] > 0) {
return $OUT->show_user_error('submission', str_replace("%s", $query->row['comment_timelock'], $LANG->line('cmt_comments_timelock')));
}
}
}
/** ----------------------------------------
/** Do we allow duplicate data?
/** ----------------------------------------*/
if ($PREFS->ini('deny_duplicate_data') == 'y') {
if ($SESS->userdata['group_id'] != 1) {
$result = $DB->query("SELECT COUNT(*) AS count FROM exp_comments WHERE comment = '" . $DB->escape_str($_POST['comment']) . "' ");
if ($result->row['count'] > 0) {
return $OUT->show_user_error('submission', $LANG->line('cmt_duplicate_comment_warning'));
}
}
}
/** ----------------------------------------
/** Assign data
/** ----------------------------------------*/
$author_id = $query->row['author_id'];
$entry_title = $query->row['title'];
$url_title = $query->row['url_title'];
$blog_title = $query->row['blog_title'];
$weblog_id = $query->row['weblog_id'];
$comment_total = $query->row['comment_total'] + 1;
$require_membership = $query->row['comment_require_membership'];
$comment_moderate = ($SESS->userdata['group_id'] == 1 or $SESS->userdata['exclude_from_moderation'] == 'y') ? 'n' : $query->row['comment_moderate'];
$author_notify = $query->row['comment_notify_authors'];
$notify_address = ($query->row['comment_notify'] == 'y' and $query->row['comment_notify_emails'] != '') ? $query->row['comment_notify_emails'] : '';
/** ----------------------------------------
/** Start error trapping
/** ----------------------------------------*/
$error = array();
if ($SESS->userdata('member_id') != 0) {
// If the user is logged in we'll reassign the POST variables with the user data
$_POST['name'] = $SESS->userdata['screen_name'] != '' ? $SESS->userdata['screen_name'] : $SESS->userdata['username'];
$_POST['email'] = $SESS->userdata['email'];
$_POST['url'] = $SESS->userdata['url'];
$_POST['location'] = $SESS->userdata['location'];
}
/** ----------------------------------------
/** Is membership is required to post...
/** ----------------------------------------*/
if ($require_membership == 'y') {
// Not logged in
if ($SESS->userdata('member_id') == 0) {
return $OUT->show_user_error('submission', $LANG->line('cmt_must_be_member'));
}
// Membership is pending
if ($SESS->userdata['group_id'] == 4) {
return $OUT->show_user_error('general', $LANG->line('cmt_account_not_active'));
}
} else {
/** ----------------------------------------
/** Missing name?
/** ----------------------------------------*/
if ($_POST['name'] == '') {
$error[] = $LANG->line('cmt_missing_name');
}
/** -------------------------------------
/** Is name banned?
/** -------------------------------------*/
if ($SESS->ban_check('screen_name', $_POST['name'])) {
$error[] = $LANG->line('cmt_name_not_allowed');
}
/** ----------------------------------------
/** Missing or invalid email address
/** ----------------------------------------*/
if ($query->row['comment_require_email'] == 'y') {
if ($_POST['email'] == '') {
$error[] = $LANG->line('cmt_missing_email');
} elseif (!$REGX->valid_email($_POST['email'])) {
$error[] = $LANG->line('cmt_invalid_email');
}
}
}
/** -------------------------------------
/** Is email banned?
/** -------------------------------------*/
if ($_POST['email'] != '') {
if ($SESS->ban_check('email', $_POST['email'])) {
$error[] = $LANG->line('cmt_banned_email');
}
}
/** ----------------------------------------
/** Is comment too big?
/** ----------------------------------------*/
if ($query->row['comment_max_chars'] != '' and $query->row['comment_max_chars'] != 0) {
if (strlen($_POST['comment']) > $query->row['comment_max_chars']) {
$str = str_replace("%n", strlen($_POST['comment']), $LANG->line('cmt_too_large'));
$str = str_replace("%x", $query->row['comment_max_chars'], $str);
$error[] = $str;
}
}
/** ----------------------------------------
/** Do we have errors to display?
/** ----------------------------------------*/
if (count($error) > 0) {
return $OUT->show_user_error('submission', $error);
}
/** ----------------------------------------
/** Do we require captcha?
/** ----------------------------------------*/
if ($query->row['comment_use_captcha'] == 'y') {
if ($PREFS->ini('captcha_require_members') == 'y' || ($PREFS->ini('captcha_require_members') == 'n' and $SESS->userdata('member_id') == 0)) {
if (!isset($_POST['captcha']) || $_POST['captcha'] == '') {
return $OUT->show_user_error('submission', $LANG->line('captcha_required'));
} else {
$res = $DB->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='" . $DB->escape_str($_POST['captcha']) . "' AND ip_address = '" . $IN->IP . "' AND date > UNIX_TIMESTAMP()-7200");
if ($res->row['count'] == 0) {
return $OUT->show_user_error('submission', $LANG->line('captcha_incorrect'));
}
$DB->query("DELETE FROM exp_captcha WHERE (word='" . $DB->escape_str($_POST['captcha']) . "' AND ip_address = '" . $IN->IP . "') OR date < UNIX_TIMESTAMP()-7200");
}
}
}
/** ----------------------------------------
/** Build the data array
/** ----------------------------------------*/
$notify = $IN->GBL('notify_me', 'POST') ? 'y' : 'n';
$cmtr_name = $REGX->xss_clean($_POST['name']);
$cmtr_email = $_POST['email'];
$cmtr_url = $REGX->xss_clean($REGX->prep_url($_POST['url']));
$cmtr_loc = $REGX->xss_clean($_POST['location']);
$data = array('weblog_id' => $weblog_id, 'entry_id' => $_POST['entry_id'], 'author_id' => $SESS->userdata('member_id'), 'name' => $cmtr_name, 'email' => $cmtr_email, 'url' => $cmtr_url, 'location' => $cmtr_loc, 'comment' => $REGX->xss_clean($_POST['comment']), 'comment_date' => $LOC->now, 'ip_address' => $IN->IP, 'notify' => $notify, 'status' => $comment_moderate == 'y' ? 'c' : 'o', 'site_id' => $PREFS->ini('site_id'));
// -------------------------------------------
// 'insert_comment_insert_array' hook.
// - Modify any of the soon to be inserted values
//
if ($EXT->active_hook('insert_comment_insert_array') === TRUE) {
$data = $EXT->call_extension('insert_comment_insert_array', $data);
if ($EXT->end_script === TRUE) {
return $edata;
}
}
//
// -------------------------------------------
/** ----------------------------------------
/** Insert data
/** ----------------------------------------*/
if ($PREFS->ini('secure_forms') == 'y') {
$query = $DB->query("SELECT COUNT(*) AS count FROM exp_security_hashes WHERE hash='" . $DB->escape_str($_POST['XID']) . "' AND ip_address = '" . $IN->IP . "' AND date > UNIX_TIMESTAMP()-7200");
if ($query->row['count'] > 0) {
$sql = $DB->insert_string('exp_comments', $data);
$DB->query($sql);
$comment_id = $DB->insert_id;
$DB->query("DELETE FROM exp_security_hashes WHERE (hash='" . $DB->escape_str($_POST['XID']) . "' AND ip_address = '" . $IN->IP . "') OR date < UNIX_TIMESTAMP()-7200");
} else {
$FNS->redirect(stripslashes($_POST['RET']));
}
} else {
$sql = $DB->insert_string('exp_comments', $data);
$DB->query($sql);
$comment_id = $DB->insert_id;
}
if ($comment_moderate == 'n') {
/** ------------------------------------------------
/** Update comment total and "recent comment" date
/** ------------------------------------------------*/
$DB->query("UPDATE exp_weblog_titles SET comment_total = '{$comment_total}', recent_comment_date = '" . $LOC->now . "' WHERE entry_id = '" . $DB->escape_str($_POST['entry_id']) . "'");
/** ----------------------------------------
/** Update member comment total and date
/** ----------------------------------------*/
if ($SESS->userdata('member_id') != 0) {
$query = $DB->query("SELECT total_comments FROM exp_members WHERE member_id = '" . $SESS->userdata('member_id') . "'");
$DB->query("UPDATE exp_members SET total_comments = '" . ($query->row['total_comments'] + 1) . "', last_comment_date = '" . $LOC->now . "' WHERE member_id = '" . $SESS->userdata('member_id') . "'");
}
/** ----------------------------------------
/** Update comment stats
/** ----------------------------------------*/
$STAT->update_comment_stats($weblog_id, $LOC->now);
/** ----------------------------------------
/** Fetch email notification addresses
/** ----------------------------------------*/
$query = $DB->query("SELECT DISTINCT(email), name, comment_id, author_id FROM exp_comments WHERE status = 'o' AND entry_id = '" . $DB->escape_str($_POST['entry_id']) . "' AND notify = 'y'");
$recipients = array();
if ($query->num_rows > 0) {
foreach ($query->result as $row) {
if ($row['email'] == "" and $row['author_id'] != 0) {
$result = $DB->query("SELECT email, screen_name FROM exp_members WHERE member_id = '" . $DB->escape_str($row['author_id']) . "'");
if ($result->num_rows == 1) {
$recipients[] = array($result->row['email'], $row['comment_id'], $result->row['screen_name']);
}
} elseif ($row['email'] != "") {
$recipients[] = array($row['email'], $row['comment_id'], $row['name']);
}
}
}
}
/** ----------------------------------------
/** Fetch Author Notification
/** ----------------------------------------*/
if ($author_notify == 'y') {
$result = $DB->query("SELECT email FROM exp_members WHERE member_id = '" . $DB->escape_str($author_id) . "'");
$notify_address .= ',' . $result->row['email'];
}
/** ----------------------------------------
/** Instantiate Typography class
/** ----------------------------------------*/
if (!class_exists('Typography')) {
require PATH_CORE . 'core.typography' . EXT;
}
$TYPE = new Typography(FALSE, FALSE);
$TYPE->smileys = FALSE;
$comment = $REGX->xss_clean($_POST['comment']);
$comment = $TYPE->parse_type($comment, array('text_format' => 'none', 'html_format' => 'none', 'auto_links' => 'n', 'allow_img_url' => 'n'));
/** ----------------------------
/** Send admin notification
/** ----------------------------*/
if ($notify_address != '') {
$swap = array('name' => $cmtr_name, 'name_of_commenter' => $cmtr_name, 'email' => $cmtr_email, 'url' => $cmtr_url, 'location' => $cmtr_loc, 'weblog_name' => $blog_title, 'entry_title' => $entry_title, 'comment_id' => $comment_id, 'comment' => $comment, 'comment_url' => $FNS->remove_session_id($_POST['RET']), 'delete_link' => $PREFS->ini('cp_url') . '?S=0&C=edit' . '&M=del_comment_conf' . '&weblog_id=' . $weblog_id . '&entry_id=' . $_POST['entry_id'] . '&comment_id=' . $comment_id);
$template = $FNS->fetch_email_template('admin_notify_comment');
$email_tit = $FNS->var_swap($template['title'], $swap);
$email_msg = $FNS->var_swap($template['data'], $swap);
// We don't want to send an admin notification if the person
// leaving the comment is an admin in the notification list
if ($_POST['email'] != '') {
if (strpos($notify_address, $_POST['email']) !== FALSE) {
$notify_address = str_replace($_POST['email'], "", $notify_address);
}
}
$notify_address = $REGX->remove_extra_commas($notify_address);
if ($notify_address != '') {
/** ----------------------------
/** Send email
/** ----------------------------*/
if (!class_exists('EEmail')) {
require PATH_CORE . 'core.email' . EXT;
}
$replyto = $data['email'] == '' ? $PREFS->ini('webmaster_email') : $data['email'];
$email = new EEmail();
$sent = array();
foreach (explode(',', $notify_address) as $addy) {
if (in_array($addy, $sent)) {
continue;
}
$email->initialize();
$email->wordwrap = false;
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to($addy);
$email->reply_to($replyto);
$email->subject($email_tit);
$email->message($REGX->entities_to_ascii($email_msg));
$email->Send();
$sent[] = $addy;
}
}
}
/** ----------------------------------------
/** Send user notifications
/** ----------------------------------------*/
if ($comment_moderate == 'n') {
$email_msg = '';
if (count($recipients) > 0) {
$qs = $PREFS->ini('force_query_string') == 'y' ? '' : '?';
$action_id = $FNS->fetch_action_id('Comment_CP', 'delete_comment_notification');
$swap = array('name_of_commenter' => $cmtr_name, 'weblog_name' => $blog_title, 'entry_title' => $entry_title, 'site_name' => stripslashes($PREFS->ini('site_name')), 'site_url' => $PREFS->ini('site_url'), 'comment_url' => $FNS->remove_session_id($_POST['RET']), 'comment_id' => $comment_id, 'comment' => $comment);
$template = $FNS->fetch_email_template('comment_notification');
$email_tit = $FNS->var_swap($template['title'], $swap);
$email_msg = $FNS->var_swap($template['data'], $swap);
/** ----------------------------
/** Send email
/** ----------------------------*/
if (!class_exists('EEmail')) {
require PATH_CORE . 'core.email' . EXT;
}
$email = new EEmail();
$email->wordwrap = true;
$cur_email = $_POST['email'] == '' ? FALSE : $_POST['email'];
if (!isset($sent)) {
$sent = array();
}
foreach ($recipients as $val) {
// We don't notify the person currently commenting. That would be silly.
if ($val['0'] != $cur_email and !in_array($val['0'], $sent)) {
$title = $email_tit;
$message = $email_msg;
$title = str_replace('{name_of_recipient}', $val['2'], $title);
$message = str_replace('{name_of_recipient}', $val['2'], $message);
$title = str_replace('{notification_removal_url}', $FNS->fetch_site_index(0, 0) . $qs . 'ACT=' . $action_id . '&id=' . $val['1'], $title);
$message = str_replace('{notification_removal_url}', $FNS->fetch_site_index(0, 0) . $qs . 'ACT=' . $action_id . '&id=' . $val['1'], $message);
$email->initialize();
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to($val['0']);
$email->subject($title);
$email->message($REGX->entities_to_ascii($message));
$email->Send();
$sent[] = $val['0'];
}
}
}
/** ----------------------------------------
/** Clear cache files
/** ----------------------------------------*/
$FNS->clear_caching('all', $FNS->fetch_site_index() . $_POST['URI']);
// clear out the entry_id version if the url_title is in the URI, and vice versa
if (preg_match("#\\/" . preg_quote($url_title) . "\\/#", $_POST['URI'], $matches)) {
$FNS->clear_caching('all', $FNS->fetch_site_index() . preg_replace("#" . preg_quote($matches['0']) . "#", "/{$data['entry_id']}/", $_POST['URI']));
} else {
$FNS->clear_caching('all', $FNS->fetch_site_index() . preg_replace("#{$data['entry_id']}#", $url_title, $_POST['URI']));
}
}
/** ----------------------------------------
/** Set cookies
/** ----------------------------------------*/
if ($notify == 'y') {
$FNS->set_cookie('notify_me', 'yes', 60 * 60 * 24 * 365);
} else {
$FNS->set_cookie('notify_me', 'no', 60 * 60 * 24 * 365);
}
if ($IN->GBL('save_info', 'POST')) {
$FNS->set_cookie('save_info', 'yes', 60 * 60 * 24 * 365);
$FNS->set_cookie('my_name', $_POST['name'], 60 * 60 * 24 * 365);
$FNS->set_cookie('my_email', $_POST['email'], 60 * 60 * 24 * 365);
$FNS->set_cookie('my_url', $_POST['url'], 60 * 60 * 24 * 365);
$FNS->set_cookie('my_location', $_POST['location'], 60 * 60 * 24 * 365);
} else {
$FNS->set_cookie('save_info', 'no', 60 * 60 * 24 * 365);
$FNS->set_cookie('my_name', '');
$FNS->set_cookie('my_email', '');
$FNS->set_cookie('my_url', '');
$FNS->set_cookie('my_location', '');
}
// -------------------------------------------
// 'insert_comment_end' hook.
// - More emails, more processing, different redirect
// - $comment_id added 1.6.1
//
$edata = $EXT->call_extension('insert_comment_end', $data, $comment_moderate, $comment_id);
if ($EXT->end_script === TRUE) {
return;
}
//
// -------------------------------------------
/** -------------------------------------------
/** Bounce user back to the comment page
/** -------------------------------------------*/
if ($comment_moderate == 'y') {
$data = array('title' => $LANG->line('cmt_comment_accepted'), 'heading' => $LANG->line('thank_you'), 'content' => $LANG->line('cmt_will_be_reviewed'), 'redirect' => $_POST['RET'], 'link' => array($_POST['RET'], $LANG->line('cmt_return_to_comments')), 'rate' => 3);
$OUT->show_message($data);
} else {
$FNS->redirect($_POST['RET']);
}
}
/** ----------------------------------------
/** Custom Member Profile Data
/** ----------------------------------------*/
function custom_profile_data()
{
global $DB, $SESS, $TMPL, $FNS, $PREFS, $LOC, $LANG;
$member_id = ( ! $TMPL->fetch_param('member_id')) ? $SESS->userdata['member_id'] : $TMPL->fetch_param('member_id');
/** ----------------------------------------
/** Default Member Data
/** ----------------------------------------*/
$query = $DB->query("SELECT m.member_id, m.group_id, m.username, m.screen_name, m.email, m.signature,
m.avatar_filename, m.avatar_width, m.avatar_height,
m.photo_filename, m.photo_width, m.photo_height,
m.url, m.location, m.occupation, m.interests,
m.bio,
m.join_date, m.last_visit, m.last_activity, m.last_entry_date, m.last_comment_date,
m.last_forum_post_date, m.total_entries, m.total_comments, m.total_forum_topics, m.total_forum_posts,
m.language, m.timezone, m.daylight_savings, m.bday_d, m.bday_m, m.bday_y,
g.group_title
FROM exp_members m, exp_member_groups g
WHERE m.member_id = '".$DB->escape_str($member_id)."'
AND g.site_id = '".$DB->escape_str($PREFS->ini('site_id'))."'
AND m.group_id = g.group_id");
if ($query->num_rows == 0)
{
return $TMPL->tagdata = '';
}
$default_fields = $query->row;
/** ----------------------------------------
/** Is there an avatar?
/** ----------------------------------------*/
if ($PREFS->ini('enable_avatars') == 'y' AND $query->row['avatar_filename'] != '')
{
$avatar_path = $PREFS->ini('avatar_url', 1).$query->row['avatar_filename'];
$avatar_width = $query->row['avatar_width'];
$avatar_height = $query->row['avatar_height'];
$avatar = 'TRUE';
}
else
{
$avatar_path = '';
$avatar_width = '';
$avatar_height = '';
$avatar = 'FALSE';
}
/** ----------------------------------------
/** Is there a member photo?
/** ----------------------------------------*/
if ($PREFS->ini('enable_photos') == 'y' AND $query->row['photo_filename'] != '')
{
$photo_path = $PREFS->ini('photo_url', 1).$query->row['photo_filename'];
$photo_width = $query->row['photo_width'];
$photo_height = $query->row['photo_height'];
$photo = 'TRUE';
}
else
{
$photo_path = '';
$photo_width = '';
$photo_height = '';
$photo = 'FALSE';
}
/** ----------------------------------------
/** Parse variables
/** ----------------------------------------*/
$qs = ($PREFS->ini('force_query_string') == 'y') ? '' : '?';
if ($this->in_forum == TRUE)
{
$search_path = $this->forum_path.'member_search/'.$this->cur_id.'/';
}
else
{
$search_path = $FNS->fetch_site_index(0, 0).$qs.'ACT='.$FNS->fetch_action_id('Search', 'do_search').'&mbr='.urlencode($query->row['member_id']);
}
$more_fields = array(
'send_private_message' => $this->_member_path('messages/pm/'.$member_id),
'search_path' => $search_path,
'avatar_url' => $avatar_path,
'avatar_filename' => $query->row['avatar_filename'],
'avatar_width' => $avatar_width,
'avatar_height' => $avatar_height,
'photo_url' => $photo_path,
'photo_filename' => $query->row['photo_filename'],
'photo_width' => $photo_width,
'photo_height' => $photo_height,);
$default_fields = array_merge($default_fields, $more_fields);
/** ----------------------------------------
/** Fetch the custom member field definitions
/** ----------------------------------------*/
$fields = array();
$query = $DB->query("SELECT m_field_id, m_field_name, m_field_fmt FROM exp_member_fields");
if ($query->num_rows > 0)
{
foreach ($query->result as $row)
{
$fields[$row['m_field_name']] = array($row['m_field_id'], $row['m_field_fmt']);
}
}
$query = $DB->query("SELECT * FROM exp_member_data WHERE member_id = '".$member_id."'");
if ($query->num_rows == 0)
{
foreach ($fields as $key => $val)
{
$TMPL->tagdata = $TMPL->swap_var_single($key, '', $TMPL->tagdata);
}
return $TMPL->tagdata;
}
if ( ! class_exists('Typography'))
{
require PATH_CORE.'core.typography'.EXT;
}
$TYPE = new Typography;
foreach ($query->result as $row)
{
$cond = array('avatar' => $avatar,
'photo' => $photo);
foreach($fields as $key => $value)
{
if (substr($key, 0, 7) == 'mfield_');
$cond[$key] = $TYPE->parse_type($row['m_field_id_'.$value['0']],
array(
'text_format' => $value['1'],
'html_format' => 'safe',
'auto_links' => 'y',
'allow_img_url' => 'n'
)
);
}
$TMPL->tagdata = $FNS->prep_conditionals($TMPL->tagdata, $cond);
/** ----------------------------------------
/** Swap Variables
/** ----------------------------------------*/
foreach ($TMPL->var_single as $key => $val)
{
/** ----------------------------------------
/** parse default member data
/** ----------------------------------------*/
/** ----------------------------------------
/** Format URLs
/** ----------------------------------------*/
if ($key == 'url')
{
if (substr($default_fields['url'], 0, 4) != "http" AND ! ereg('://', $default_fields['url']))
$default_fields['url'] = "http://".$default_fields['url'];
}
/** ----------------------------------------
/** "last_visit"
/** ----------------------------------------*/
if (ereg("^last_visit", $key))
{
$TMPL->tagdata = $this->_var_swap_single($key, ($default_fields['last_activity'] > 0) ? $LOC->decode_date($val, $default_fields['last_activity']) : '', $TMPL->tagdata);
}
/** ----------------------------------------
/** "join_date"
/** ----------------------------------------*/
if (ereg("^join_date", $key))
{
$TMPL->tagdata = $this->_var_swap_single($key, ($default_fields['join_date'] > 0) ? $LOC->decode_date($val, $default_fields['join_date']) : '', $TMPL->tagdata);
}
/** ----------------------------------------
/** "last_entry_date"
/** ----------------------------------------*/
if (ereg("^last_entry_date", $key))
{
$TMPL->tagdata = $this->_var_swap_single($key, ($default_fields['last_entry_date'] > 0) ? $LOC->decode_date($val, $default_fields['last_entry_date']) : '', $TMPL->tagdata);
}
/** ----------------------------------------
/** "last_forum_post_date"
/** ----------------------------------------*/
if (ereg("^last_forum_post_date", $key))
{
$TMPL->tagdata = $this->_var_swap_single($key, ($default_fields['last_forum_post_date'] > 0) ? $LOC->decode_date($val, $default_fields['last_forum_post_date']) : '', $TMPL->tagdata);
}
/** ----------------------------------------
/** parse "recent_comment"
/** ----------------------------------------*/
if (ereg("^last_comment_date", $key))
{
$TMPL->tagdata = $this->_var_swap_single($key, ($default_fields['last_comment_date'] > 0) ? $LOC->decode_date($val, $default_fields['last_comment_date']) : '', $TMPL->tagdata);
}
/** ----------------------
/** {name}
/** ----------------------*/
$name = ( ! $default_fields['screen_name']) ? $default_fields['username'] : $default_fields['screen_name'];
$name = $this->_convert_special_chars($name);
if ($key == "name")
{
$TMPL->tagdata = $this->_var_swap_single($val, $name, $TMPL->tagdata);
}
/** ----------------------
/** {member_group}
/** ----------------------*/
if ($key == "member_group")
{
$TMPL->tagdata = $this->_var_swap_single($val, $default_fields['group_title'], $TMPL->tagdata);
}
/** ----------------------
/** {email}
/** ----------------------*/
if ($key == "email")
{
$TMPL->tagdata = $this->_var_swap_single($val, $TYPE->encode_email($default_fields['email']), $TMPL->tagdata);
}
/** ----------------------
/** {birthday}
/** ----------------------*/
if ($key == "birthday")
{
$birthday = '';
if ($default_fields['bday_m'] != '' AND $default_fields['bday_m'] != 0)
{
$month = (strlen($default_fields['bday_m']) == 1) ? '0'.$default_fields['bday_m'] : $default_fields['bday_m'];
$m = $LOC->localize_month($month);
$birthday .= $LANG->line($m['1']);
if ($default_fields['bday_d'] != '' AND $default_fields['bday_d'] != 0)
{
$birthday .= ' '.$default_fields['bday_d'];
}
}
if ($default_fields['bday_y'] != '' AND $default_fields['bday_y'] != 0)
{
if ($birthday != '')
{
$birthday .= ', ';
}
$birthday .= $default_fields['bday_y'];
}
if ($birthday == '')
{
$birthday = '';
}
$TMPL->tagdata = $this->_var_swap_single($val, $birthday, $TMPL->tagdata);
}
/** ----------------------
/** {timezone}
/** ----------------------*/
if ($key == "timezone")
{
$timezone = ($default_fields['timezone'] != '') ? $LANG->line($default_fields['timezone']) : '';
$TMPL->tagdata = $this->_var_swap_single($val, $timezone, $TMPL->tagdata);
}
/** ----------------------
/** {local_time}
/** ----------------------*/
if (ereg("^local_time", $key))
{
$time = $LOC->now;
if ($SESS->userdata('member_id') != $this->cur_id)
{
// Default is UTC?
$zone = ($default_fields['timezone'] == '') ? 'UTC' : $default_fields['timezone'];
$time = $LOC->set_localized_time($time, $zone, $default_fields['daylight_savings']);
}
$TMPL->tagdata = $this->_var_swap_single($key, $LOC->decode_date($val, $time), $TMPL->tagdata);
}
/** ----------------------
/** {bio}
/** ----------------------*/
if (ereg("^bio$", $key))
{
$bio = $TYPE->parse_type($default_fields[$val],
array(
'text_format' => 'xhtml',
'html_format' => 'safe',
'auto_links' => 'y',
'allow_img_url' => 'n'
)
);
$TMPL->tagdata = $this->_var_swap_single($key, $bio, $TMPL->tagdata);
}
// Special condideration for {total_forum_replies}, and
// {total_forum_posts} whose meanings do not match the
// database field names
if (ereg("^total_forum_replies", $key))
{
$TMPL->tagdata = $this->_var_swap_single($key, $default_fields['total_forum_posts'], $TMPL->tagdata);
}
if (ereg("^total_forum_posts", $key))
{
$total_posts = $default_fields['total_forum_topics'] + $default_fields['total_forum_posts'];
$TMPL->tagdata = $this->_var_swap_single($key, $total_posts, $TMPL->tagdata);
}
/** ----------------------------------------
/** parse basic fields (username, screen_name, etc.)
/** ----------------------------------------*/
if (isset($default_fields[$val]))
{
$TMPL->tagdata = $this->_var_swap_single($val, $default_fields[$val], $TMPL->tagdata);
}
/** ----------------------------------------
/** parse custom member fields
/** ----------------------------------------*/
if ( isset($fields[$val]) AND isset($row['m_field_id_'.$fields[$val]['0']]))
{
$TMPL->tagdata = $TMPL->swap_var_single(
$val,
$TYPE->parse_type(
$row['m_field_id_'.$fields[$val]['0']],
array(
'text_format' => $fields[$val]['1'],
'html_format' => 'safe',
'auto_links' => 'y',
'allow_img_url' => 'n'
)
),
$TMPL->tagdata
);
}
}
}
return $TMPL->tagdata;
}
}
$source = isset($_REQUEST['source']) ? $_REQUEST['source'] : '';
$safe_str = isset($_REQUEST['safe_str']) ? $_REQUEST['safe_str'] : '';
$nbsp_to_space = isset($_REQUEST['nbsp_to_space']) ? $_REQUEST['nbsp_to_space'] : '';
$ent_parse = isset($_REQUEST['ent_parse']) ? $_REQUEST['ent_parse'] : '';
$ent_amp = isset($_REQUEST['ent_amp']) ? $_REQUEST['ent_amp'] : '';
$ent_single_quotes = isset($_REQUEST['ent_single_quotes']) ? $_REQUEST['ent_single_quotes'] : '';
$ent_double_quotes = isset($_REQUEST['ent_double_quotes']) ? $_REQUEST['ent_double_quotes'] : '';
$ent_lt_gt = isset($_REQUEST['ent_lt_gt']) ? $_REQUEST['ent_lt_gt'] : '';
$ent_hyphenminus = isset($_REQUEST['ent_hyphenminus']) ? $_REQUEST['ent_hyphenminus'] : '';
$p = '';
if (!empty($source)) {
$p = $source;
if (!empty($ent_parse)) {
if (!isset($Typography) || empty($Typography)) {
$Typography = new Typography();
}
$p = $Typography->parse($p);
if (!isset($Entities) || empty($Entities)) {
$Entities = new Entities();
}
$p = $Entities->ipa_text_to_dec_ents($p);
//$p = $Entities->text_digits_to_dec_ents($p);
$p = $Entities->text_symbs_to_dec_ents($p);
$p = $Entities->named_symbs_to_dec_ents($p);
//$p = $Entities->latin_text_chars_to_dec_ents($p);
$p = $Entities->acc_text_to_dec_ents($p);
$p = $Entities->acc_named_to_dec_ents($p);
//$p = $Entities->cyr_text_chars_to_dec_ents($p);
$p = $Entities->cyr_named_chars_to_dec_ents($p);
$p = $Entities->hex_ents_to_dec_ents($p);
function add_home_panel($method)
{
global $DSP, $EXT, $PREFS, $SESS;
$r = $EXT->last_call !== FALSE ? $EXT->last_call : '';
$site = $PREFS->ini('site_id');
$group = $SESS->userdata['group_id'];
// With this crazy hook we need to make sure that it's our method that's being called,
// as other methods using this hook will *also* call this function.
$our_methods = array('custom_panel_one', 'custom_panel_two');
if (in_array($method, $our_methods) && !empty($this->settings[$site][$method]) && !empty($this->settings[$site][$method . '_heading']) && in_array($group, $this->settings[$site][$method . '_groups'])) {
if (!class_exists('Typography')) {
require_once PATH_CORE . 'core.typography' . EXT;
}
$format = new Typography();
$text = $format->xhtml_typography($this->settings[$site][$method]);
$r .= $DSP->table('tableBorder', '0', '0', '100%') . $DSP->tr() . $DSP->table_qcell('tableHeading', $this->settings[$site][$method . '_heading']) . $DSP->tr_c() . $DSP->table_qrow('tableCellTwo customPanel', $text) . $DSP->table_c();
// The'control_panel_home_page_left/right_option' hook doesn't return data,
// so we have to manually save our output in the last_call variable.
// Otherwise subsequent calls to this hook with other functions
// will overwrite what we just created.
$EXT->last_call = $r;
}
return $r;
}
/** -----------------------------------
/** Bulletin Board
/** -----------------------------------*/
function bulletin_board($message = '')
{
global $LANG, $DB, $OUT, $IN, $LOC, $SESS, $PREFS;
$DB->query("UPDATE exp_members SET last_view_bulletins = '" . $LOC->now . "' WHERE member_id = '{$this->member_id}'");
$this->title = $LANG->line('bulletin_board');
$this->crumb = $LANG->line('bulletin_board');
$this->conditionals['bulletins'] = 'n';
$this->conditionals['no_bulletins'] = 'y';
$this->conditionals['paginate'] = 'n';
$this->conditionals['can_post_bulletin'] = $SESS->userdata['can_send_bulletins'] == 'y' ? 'y' : 'n';
$this->single_parts['include']['message'] = $message;
$this->conditionals['message'] = $message != '' ? 'y' : 'n';
$this->single_parts['path']['send_bulletin'] = $this->_create_path('send_bulletin');
/** ---------------------------------------
/** Retrieve Bulletins
/** ---------------------------------------*/
$dql = "SELECT m.screen_name, b.sender_id, b.bulletin_message, b.bulletin_date, b.bulletin_id ";
$sql = "FROM exp_member_bulletin_board b, exp_members m\n\t\t\t\t WHERE b.sender_id = m.member_id\n\t\t\t\t AND b.bulletin_group = " . $DB->escape_str($SESS->userdata['group_id']) . "\n\t\t\t\t AND bulletin_date < " . $LOC->now . "\n\t\t\t\t AND \n\t\t\t\t (\n\t\t\t\t \tb.bulletin_expires > " . $LOC->now . "\n\t\t\t\t \tOR\n\t\t\t\t \tb.bulletin_expires = 0\n\t\t\t\t )\n\t\t\t\t ORDER BY b.bulletin_date DESC";
/** ----------------------------------------
/** Run "count" query for pagination
/** ----------------------------------------*/
$query = $DB->query("SELECT COUNT(b.bulletin_id) AS count " . $sql);
/** ----------------------------------------
/** If No Messages, we say so.
/** ----------------------------------------*/
if ($query->row['count'] == 0) {
$this->single_parts['include']['bulletins'] = $LANG->line('message_no_bulletins');
$this->return_data = $this->_process_template($this->retrieve_template('bulletin_board'));
return;
}
/** ----------------------------------------
/** Determine Current Page
/** ----------------------------------------*/
$row_count = 0;
// How many rows shown this far (i.e. offset)
if ($this->allegiance == 'user') {
$row_count = $this->cur_id;
} else {
$row_count = $IN->GBL('page', 'GP') === false ? 0 : $IN->GBL('page', 'GP');
}
if (!is_numeric($row_count)) {
$row_count = 0;
}
$this->per_page = 5;
$current_page = $row_count / $this->per_page + 1;
$total_pages = intval($query->row['count'] / $this->per_page);
if ($query->row['count'] % $this->per_page) {
$total_pages++;
}
$this->single_parts['include']['page_count'] = $current_page . ' ' . $LANG->line('of') . ' ' . $total_pages;
/** -----------------------------
/** Do we need pagination?
/** -----------------------------*/
$pager = '';
if ($query->row['count'] > $this->per_page) {
if (!class_exists('Paginate')) {
require PATH_CORE . 'core.paginate' . EXT;
}
$PGR = new Paginate();
if ($this->allegiance == 'user') {
$PGR->path = $this->base_url . 'bulletin_board/';
} else {
$PGR->base_url = $this->base_url . 'bulletin_board';
$PGR->qstr_var = 'page';
}
$PGR->total_count = $query->row['count'];
$PGR->per_page = $this->per_page;
$PGR->cur_page = $row_count;
$this->single_parts['include']['pagination_link'] = $PGR->show_links();
$this->conditionals['paginate'] = 'y';
$sql .= " LIMIT " . $row_count . ", " . $this->per_page;
}
/** ----------------------------------------
/** Create Bulletins
/** ----------------------------------------*/
$this->conditionals['bulletins'] = 'y';
$this->conditionals['no_bulletins'] = 'n';
$folder_rows_template = $this->retrieve_template('bulletin');
$i = 0;
$r = '';
$censor = FALSE;
if ($PREFS->ini('enable_censoring') == 'y' && $PREFS->ini('censored_words') != '') {
$censor = TRUE;
if (!class_exists('Typography')) {
require PATH_CORE . 'core.typography' . EXT;
}
$TYPE = new Typography(0);
}
$query = $DB->query($dql . $sql);
if ($query->row['bulletin_date'] != $SESS->userdata['last_bulletin_date']) {
$DB->query($DB->update_string('exp_members', array('last_bulletin_date' => $query->row['bulletin_date']), "group_id = '" . $DB->escape_str($SESS->userdata['group_id']) . "'"));
}
foreach ($query->result as $row) {
++$i;
$data = $row;
$this->conditionals['can_delete_bulletin'] = ($SESS->userdata['group_id'] == 1 or $row['sender_id'] == $SESS->userdata['member_id']) ? 'y' : 'n';
if ($this->allegiance == 'cp') {
$this->single_parts['path']['delete_bulletin'] = $this->_create_path('delete_bulletin', AMP . 'bulletin_id=' . $row['bulletin_id']);
} else {
$this->single_parts['path']['delete_bulletin'] = $this->_create_path('delete_bulletin') . $row['bulletin_id'] . '/';
}
$data['bulletin_message'] = $censor === FALSE ? $data['bulletin_message'] : $TYPE->filter_censored_words($data['bulletin_message']);
$data['bulletin_sender'] = $row['screen_name'];
$data['bulletin_date'] = $LOC->set_human_time($row['bulletin_date']);
$data['style'] = $i % 2 ? 'tableCellTwo' : 'tableCellOne';
$r .= $this->_process_template($folder_rows_template, $data);
}
$this->single_parts['include']['bulletins'] = $r;
/** ----------------------------------------
/** Return the Folder's Contents
/** ----------------------------------------*/
$this->return_data = $this->_process_template($this->retrieve_template('bulletin_board'));
}
/** ----------------------------------------
/** Encode email from template callback
/** ----------------------------------------*/
function encode_email($str)
{
$email = is_array($str) ? trim($str['1']) : trim($str);
$title = '';
$email = str_replace(array('"', "'"), '', $email);
if ($p = strpos($email, "title=")) {
$title = substr($email, $p + 6);
$email = trim(substr($email, 0, $p));
}
if (!class_exists('Typography')) {
require PATH_CORE . 'core.typography' . EXT;
}
return Typography::encode_email($email, $title, TRUE);
}
/** -----------------------------------
/** Send Message
/** -----------------------------------*/
function send_message()
{
global $LANG, $DB, $IN, $LOC, $FNS, $SESS, $REGX, $PREFS;
$submission_error = array();
/** ----------------------------------------
/** Is the user banned?
/** ----------------------------------------*/
if ($SESS->userdata['is_banned'] === TRUE) {
return $this->_error_page();
}
/** ----------------------------------------
/** Is the IP or User Agent unavalable?
/** ----------------------------------------*/
if ($IN->IP == '0.0.0.0' || $SESS->userdata['user_agent'] == '') {
return $this->_error_page();
}
/** -------------------------------------
/** Status Setting
/** -------------------------------------*/
if ($IN->GBL('preview') or $IN->GBL('remove')) {
$status = 'preview';
} elseif ($IN->GBL('draft')) {
$status = 'draft';
} else {
$status = 'sent';
}
/** -------------------------------------
/** Already Sent?
/** -------------------------------------*/
if ($IN->GBL('message_id') !== FALSE && is_numeric($IN->GBL('message_id'))) {
$query = $DB->query("SELECT message_status FROM exp_message_data WHERE message_id = '" . $DB->escape_str($IN->GBL('message_id')) . "'");
if ($query->num_rows > 0 && $query->row['message_status'] == 'sent') {
return $this->_error_page($LANG->line('messsage_already_sent'));
}
}
/* -------------------------------------------
/* Hidden Configuration Variables
/* - prv_msg_waiting_period => How many hours after becoming a member until they can PM?
/* -------------------------------------------*/
$waiting_period = $PREFS->ini('prv_msg_waiting_period') !== FALSE ? (int) $PREFS->ini('prv_msg_waiting_period') : 1;
if ($SESS->userdata['join_date'] > $LOC->now - $waiting_period * 60 * 60) {
return $this->_error_page(str_replace(array('%time%', '%email%', '%site%'), array($waiting_period, $FNS->encode_email($PREFS->ini('webmaster_email')), $PREFS->ini('site_name')), $LANG->line('waiting_period_not_reached')));
}
/* -------------------------------------------
/* Hidden Configuration Variables
/* - prv_msg_throttling_period => How many seconds between PMs?
/* -------------------------------------------*/
if ($status == 'sent' && $SESS->userdata['group_id'] != 1) {
$period = $PREFS->ini('prv_msg_throttling_period') !== FALSE ? (int) $PREFS->ini('prv_msg_throttling_period') : 30;
$query = $DB->query("SELECT COUNT(*) AS count FROM exp_message_data d\n \t\t\t\t\t\t WHERE d.sender_id = '" . $DB->escape_str($this->member_id) . "'\n\t\t\t\t\t\t\t\t AND d.message_status = 'sent'\n\t\t\t\t\t\t\t\t AND d.message_date > " . $DB->escape_str($LOC->now - $period));
if ($query->row['count'] > 0) {
return $this->_error_page(str_replace('%x', $period, $LANG->line('send_throttle')));
}
}
/** ------------------------------------------
/** Is there a recipient, subject, and body?
/** ------------------------------------------*/
if ($IN->GBL('recipients') == '' && $status == 'sent') {
$submission_error[] = $LANG->line('empty_recipients_field');
} elseif ($IN->GBL('subject') == '') {
$submission_error[] = $LANG->line('empty_subject_field');
} elseif ($IN->GBL('body') == '') {
$submission_error[] = $LANG->line('empty_body_field');
}
/** -------------------------------------------
/** Deny Duplicate Data
/** -------------------------------------------*/
if ($PREFS->ini('deny_duplicate_data') == 'y') {
$query = $DB->query("SELECT COUNT(*) AS count FROM exp_message_data d\n \t\t\t\t\t\t WHERE d.sender_id = '" . $DB->escape_str($this->member_id) . "'\n\t\t\t\t\t\t\t\t AND d.message_status = 'sent'\n\t\t\t\t\t\t\t\t AND d.message_body = '" . $DB->escape_str($REGX->xss_clean($IN->GBL('body'))) . "'");
if ($query->row['count'] > 0) {
return $this->_error_page($LANG->line('duplicate_message_sent'));
}
}
/** ------------------------------------------
/** Valid Recipients? - Only Checked on Sent
/** ------------------------------------------*/
$recipients = $this->convert_recipients($IN->GBL('recipients'), 'array', 'member_id');
$cc = trim($IN->GBL('cc')) == '' ? array() : $this->convert_recipients($IN->GBL('cc'), 'array', 'member_id');
$recip_orig = sizeof($recipients);
$cc_orig = sizeof($cc);
// Make sure CC does not contain members in Recipients
$cc = array_diff($cc, $recipients);
if (sizeof($recipients) == 0 && $status == 'sent') {
$submission_error[] = $LANG->line('empty_recipients_field');
}
if ($this->invalid_name === TRUE) {
$submission_error[] = $LANG->line('invalid_username');
}
/** ------------------------------------------
/** Too Big for Its Britches?
/** ------------------------------------------*/
if ($this->max_chars != 0 && strlen($IN->GBL('body')) > $this->max_chars) {
$submission_error[] = str_replace('%max%', $this->max_chars, $LANG->line('message_too_large'));
}
/** -------------------------------------
/** Super Admins get a free pass
/** -------------------------------------*/
if ($SESS->userdata('group_id') != 1) {
/** ------------------------------------------
/** Sender Allowed to Send More Messages?
/** ------------------------------------------*/
$query = $DB->query("SELECT COUNT(c.copy_id) AS count \n\t\t\t\t\t\t\t\t FROM exp_message_copies c, exp_message_data d\n\t\t\t\t\t\t\t\t WHERE c.message_id = d.message_id\n\t\t\t\t\t\t\t\t AND c.sender_id = '" . $DB->escape_str($this->member_id) . "'\n\t\t\t\t\t\t\t\t AND d.message_status = 'sent'\n\t\t\t\t\t\t\t\t AND d.message_date > " . ($LOC->now - 24 * 60 * 60));
if ($query->row['count'] + sizeof($recipients) + sizeof($cc) > $this->send_limit) {
$submission_error[] = $LANG->line('sending_limit_warning');
}
/** ------------------------------------------
/** Sender Allowed to Store More Messages?
/** ------------------------------------------*/
if ($this->storage_limit != '0' && ($IN->GBL('sent_copy') !== FALSE && $IN->GBL('sent_copy') == 'y')) {
if ($this->total_messages == '') {
$this->storage_usage();
}
if ($this->total_messages + 1 > $this->storage_limit) {
$submission_error[] = $LANG->line('storage_limit_warning');
}
}
}
/** -------------------------------------
/** Upload Path Set?
/** -------------------------------------*/
if ($this->upload_path == '' && (isset($_POST['remove']) || isset($_FILES['userfile']['name']) && $_FILES['userfile']['name'] != '')) {
$submission_error[] = $LANG->line('unable_to_recieve_attach');
}
/** -------------------------------------
/** Attachments?
/** -------------------------------------*/
if ($IN->GBL('attach') !== FALSE && $IN->GBL('attach') != '') {
$this->attachments = explode('|', $_POST['attach']);
}
/* -------------------------------------
/* Create Forward Attachments
/*
/* We have to copy the attachments for
/* forwarded messages. We only do this
/* when the compose messaage page is first
/* submitted. We have a special variable
/* called 'create_attach' to tell us when
/* that is.
/* -------------------------------------*/
if ($this->attach_allowed == 'y' && $this->upload_path != '' && sizeof($this->attachments) > 0 && $IN->GBL('create_attach')) {
if (($message = $this->_duplicate_files()) !== TRUE) {
$submission_error[] = $message . BR;
}
}
/** -------------------------------------
/** Is this a remove attachment request?
/** -------------------------------------*/
if (isset($_POST['remove']) && $this->upload_path != '') {
$id = key($_POST['remove']);
if (is_numeric($id)) {
$this->_remove_attachment($id);
// Treat an attachment removal like a draft, where we do not
// see the preview only the message.
$this->hide_preview = TRUE;
}
}
/** -------------------------------------
/** Do we have an attachment to deal with?
/** -------------------------------------*/
if ($this->attach_allowed == 'y') {
if ($this->upload_path != '' and isset($_FILES['userfile']['name']) and $_FILES['userfile']['name'] != '') {
$preview = $IN->GBL('preview', 'POST') !== FALSE ? TRUE : FALSE;
if (($message = $this->_attach_file()) !== TRUE) {
$submission_error[] = $message . BR;
}
}
}
/** -----------------------------------
/** Check Overflow
/** -----------------------------------*/
$details = array();
$details['overflow_recipients'] = array();
$details['overflow_cc'] = array();
for ($i = 0, $size = sizeof($recipients); $i < $size; $i++) {
if ($this->_check_overflow($recipients[$i]) === FALSE) {
$details['overflow_recipients'][] = $recipients[$i];
unset($recipients[$i]);
}
}
for ($i = 0, $size = sizeof($cc); $i < $size; $i++) {
if ($this->_check_overflow($cc[$i]) === FALSE) {
$details['overflow_cc'][] = $cc[$i];
unset($cc[$i]);
}
}
/* -------------------------------------------------
/* If we have people unable to receive a message
/* because of an overflow we make the message a
/* preview and will send a message to the sender.
/* -------------------------------------*/
if (sizeof($details['overflow_recipients']) > 0 or sizeof($details['overflow_cc']) > 0) {
sort($recipients);
sort($cc);
$overflow_names = array();
/* -------------------------------------
/* Send email alert regarding a full
/* inbox to these users, load names
/* for error message
/* -------------------------------------*/
global $PREFS;
$query = $DB->query("SELECT exp_members.screen_name, exp_members.email, exp_members.accept_messages, exp_member_groups.prv_msg_storage_limit\n\t\t\t\t\t\t\t\t FROM exp_members\n\t\t\t\t\t\t\t\t LEFT JOIN exp_member_groups ON exp_member_groups.group_id = exp_members.group_id\n\t\t\t\t\t\t\t\t WHERE exp_members.member_id IN ('" . implode("','", array_merge($details['overflow_recipients'], $details['overflow_cc'])) . "')\n\t\t\t\t\t\t\t\t AND exp_member_groups.site_id = '" . $DB->escape_str($PREFS->ini('site_id')) . "'");
if ($query->num_rows > 0) {
if (!class_exists('EEmail')) {
require PATH_CORE . 'core.email' . EXT;
}
$email = new EEmail();
$email->wordwrap = true;
$swap = array('sender_name' => $SESS->userdata('screen_name'), 'site_name' => stripslashes($PREFS->ini('site_name')), 'site_url' => $PREFS->ini('site_url'));
$template = $FNS->fetch_email_template('pm_inbox_full');
$email_tit = $FNS->var_swap($template['title'], $swap);
$email_msg = $FNS->var_swap($template['data'], $swap);
foreach ($query->result as $row) {
$overflow_names[] = $row['screen_name'];
if ($row['accept_messages'] != 'y') {
continue;
}
$email->initialize();
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to($row['email']);
$email->subject($email_tit);
$email->message($FNS->var_swap($email_msg, array('recipient_name' => $row['screen_name'], 'pm_storage_limit' => $row['prv_msg_storage_limit'])));
$email->Send();
}
}
$submission_error[] = str_replace('%overflow_names%', implode(', ', $overflow_names), $LANG->line('overflow_recipients'));
}
/** ----------------------------------------
/** Submission Errors Force a Preview
/** ----------------------------------------*/
if (sizeof($submission_error) > 0) {
$status = 'preview';
$this->hide_preview = TRUE;
$this->invalid_name = FALSE;
}
/* -------------------------------------
/* Check Blocked on Sent
/*
/* If a message is blocked, we will not notify
/* the sender of this and simply proceed.
/* -------------------------------------*/
if ($status == 'sent') {
$sql = "SELECT member_id FROM exp_message_listed\n\t\t\t\t\tWHERE listed_type = 'blocked'\n\t\t\t\t\tAND listed_member = '{$this->member_id}'\n\t\t\t\t\tAND \n\t\t\t\t\t(\n\t\t\t\t\tmember_id IN ('" . implode("','", $recipients) . "')";
if (sizeof($cc) > 0) {
$sql .= "OR\n\t\t\t\t\t\t member_id IN ('" . implode("','", $cc) . "')";
}
$sql .= ")";
$blocked = $DB->query($sql);
if ($blocked->num_rows > 0) {
foreach ($blocked->result as $row) {
$details['blocked'][] = $row['member_id'];
}
$recipients = array_diff($recipients, $details['blocked']);
$cc = sizeof($cc) > 0 ? array_diff($cc, $details['blocked']) : array();
sort($recipients);
sort($cc);
}
}
/** -------------------------------------
/** Store Data
/** -------------------------------------*/
$data = array('message_id' => '', 'sender_id' => $this->member_id, 'message_date' => $LOC->now, 'message_subject' => $REGX->xss_clean($IN->GBL('subject')), 'message_body' => $REGX->xss_clean($IN->GBL('body')), 'message_tracking' => !$IN->GBL('tracking') ? 'n' : 'y', 'message_attachments' => sizeof($this->attachments) > 0 ? 'y' : 'n', 'message_recipients' => implode('|', $recipients), 'message_cc' => implode('|', $cc), 'message_hide_cc' => !$IN->GBL('hide_cc') ? 'n' : 'y', 'message_sent_copy' => !$IN->GBL('sent_copy') ? 'n' : 'y', 'total_recipients' => sizeof($recipients) + sizeof($cc), 'message_status' => $status);
if ($IN->GBL('message_id') && is_numeric($IN->GBL('message_id'))) {
/* -------------------------------------
/* Preview or Draft previously submitted.
/* So, we're updating an already existing message
/* -------------------------------------*/
$message_id = $IN->GBL('message_id');
unset($data['message_id']);
$DB->query($DB->update_string('exp_message_data', $data, "message_id = '" . $DB->escape_str($message_id) . "'"));
} else {
$DB->query($DB->insert_string('exp_message_data', $data));
$message_id = $DB->insert_id;
}
/** -----------------------------------------
/** Send out Messages to Recipients and CC
/** -----------------------------------------*/
if ($status == 'sent') {
$copy_data = array('copy_id' => '', 'message_id' => $message_id, 'sender_id' => $this->member_id);
/** -----------------------------------------
/** Send out Messages to Recipients and CC
/** -----------------------------------------*/
for ($i = 0, $size = sizeof($recipients); $i < $size; $i++) {
$copy_data['recipient_id'] = $recipients[$i];
$copy_data['message_authcode'] = $FNS->random('alpha', 10);
$DB->query($DB->insert_string('exp_message_copies', $copy_data));
}
for ($i = 0, $size = sizeof($cc); $i < $size; $i++) {
$copy_data['recipient_id'] = $cc[$i];
$copy_data['message_authcode'] = $FNS->random('alpha', 10);
$DB->query($DB->insert_string('exp_message_copies', $copy_data));
}
/** ----------------------------------
/** Increment exp_members.private_messages
/** ----------------------------------*/
$DB->query("UPDATE exp_members SET private_messages = private_messages + 1\n\t\t\t\t\t\tWHERE member_id IN ('" . implode("','", array_merge($recipients, $cc)) . "')");
/** ----------------------------------
/** Send Any and All Email Notifications
/** ----------------------------------*/
$query = $DB->query("SELECT screen_name, email FROM exp_members\n\t\t\t\t\t\t\t\t WHERE member_id IN ('" . implode("','", array_merge($recipients, $cc)) . "')\n\t\t\t\t\t\t\t\t AND notify_of_pm = 'y'\n\t\t\t\t\t\t\t\t AND member_id != {$this->member_id}");
if ($query->num_rows > 0) {
global $PREFS;
if (!class_exists('Typography')) {
require PATH_CORE . 'core.typography' . EXT;
}
$TYPE = new Typography(0);
$TYPE->smileys = FALSE;
$TYPE->highlight_code = TRUE;
if ($PREFS->ini('enable_censoring') == 'y' && $PREFS->ini('censored_words') != '') {
$subject = $TYPE->filter_censored_words($REGX->xss_clean($IN->GBL('subject')));
} else {
$subject = $REGX->xss_clean($IN->GBL('subject'));
}
$body = $TYPE->parse_type(stripslashes($REGX->xss_clean($IN->GBL('body'))), array('text_format' => 'none', 'html_format' => 'none', 'auto_links' => 'n', 'allow_img_url' => 'n'));
if (!class_exists('EEmail')) {
require PATH_CORE . 'core.email' . EXT;
}
$email = new EEmail();
$email->wordwrap = true;
$swap = array('sender_name' => $SESS->userdata('screen_name'), 'message_subject' => $subject, 'message_content' => $body, 'site_name' => stripslashes($PREFS->ini('site_name')), 'site_url' => $PREFS->ini('site_url'));
$template = $FNS->fetch_email_template('private_message_notification');
$email_tit = $FNS->var_swap($template['title'], $swap);
$email_msg = $FNS->var_swap($template['data'], $swap);
foreach ($query->result as $row) {
$email->initialize();
$email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
$email->to($row['email']);
$email->subject($email_tit);
$email->message($REGX->entities_to_ascii($FNS->var_swap($email_msg, array('recipient_name' => $row['screen_name']))));
$email->Send();
}
}
}
/** -------------------------------------
/** Sent Copy?
/** -------------------------------------*/
if ($status == 'sent' && $data['message_sent_copy'] == 'y') {
$copy_data['recipient_id'] = $this->member_id;
$copy_data['message_authcode'] = $FNS->random('alpha', 10);
$copy_data['message_folder'] = '2';
// Sent Message Folder
$copy_data['message_read'] = 'y';
// Already read automatically
$DB->query($DB->insert_string('exp_message_copies', $copy_data));
}
/** -------------------------------------
/** Replying or Forwarding?
/** -------------------------------------*/
if ($status == 'sent' && ($IN->GBL('replying') !== FALSE or $IN->GBL('forwarding') !== FALSE)) {
$copy_id = $IN->GBL('replying') !== FALSE ? $IN->GBL('replying') : $IN->GBL('forwarding');
$status = $IN->GBL('replying') !== FALSE ? 'replied' : 'forwarded';
$DB->query("UPDATE exp_message_copies SET message_status = '{$status}' WHERE copy_id = '{$copy_id}'");
}
/** -------------------------------------
/** Correct Member ID for Attachments
/** -------------------------------------*/
if (sizeof($this->attachments) > 0) {
$DB->query("UPDATE exp_message_attachments SET message_id = '{$message_id}' \n\t\t\t\t\t\tWHERE attachment_id IN ('" . implode("','", $this->attachments) . "')");
}
/** -------------------------------------
/** Remove Temp Status for Attachments
/** -------------------------------------*/
if ($status == 'sent') {
$DB->query("UPDATE exp_message_attachments SET is_temp = 'n' WHERE message_id = '{$message_id}'");
}
/** -------------------------------------
/** Redirect Them
/** -------------------------------------*/
if ($status == 'preview') {
return $this->compose($message_id, $submission_error);
} elseif ($status == 'draft') {
$this->drafts();
} else {
$FNS->redirect($this->_create_path('inbox'));
}
}