$topiclimit = DB_getItem($_TABLES['topics'], 'limitnews', "tid = '{$topic}'"); if ($topiclimit >= $_CONF['minnews']) { $maxstories = $topiclimit; } } if ($maxstories == 0) { $maxstories = $_CONF['limitnews']; } $limit = $maxstories; if ($limit < 1) { $limit = 1; } // Geeklog now allows for articles to be published in the future. Because of // this, we need to check to see if we need to rebuild the RDF file in the case // that any such articles have now been published COM_rdfUpToDateCheck(); // For similar reasons, we need to see if there are currently two featured // articles. Can only have one but you can have one current featured article // and one for the future...this check will set the latest one as featured // solely COM_featuredCheck(); // Scan for any stories that have expired and should be archived or deleted $asql = "SELECT sid,tid,title,expire,statuscode FROM {$_TABLES['stories']} "; $asql .= 'WHERE (expire <= NOW()) AND (statuscode = ' . STORY_DELETE_ON_EXPIRE; if (empty($archivetid)) { $asql .= ')'; } else { $asql .= ' OR statuscode = ' . STORY_ARCHIVE_ON_EXPIRE . ") AND tid != '{$archivetid}'"; } $expiresql = DB_query($asql); while (list($sid, $expiretopic, $title, $expire, $statuscode) = DB_fetchArray($expiresql)) {
/** * Submit a new or updated story. The story is updated if it exists, or a new one is created * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @return int Response code as defined in lib-plugins.php */ function service_submit_story($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS; if (!SEC_hasRights('story.edit')) { $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30])); return PLG_RET_AUTH_FAILED; } require_once $_CONF['path_system'] . 'lib-comment.php'; if (!$_CONF['disable_webservices']) { require_once $_CONF['path_system'] . 'lib-webservices.php'; } $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit) { /* This is EDIT mode, so there should be an old sid */ if (empty($args['old_sid'])) { if (!empty($args['id'])) { $args['old_sid'] = $args['id']; } else { return PLG_RET_ERROR; } if (empty($args['sid'])) { $args['sid'] = $args['old_sid']; } } } else { if (empty($args['sid']) && !empty($args['id'])) { $args['sid'] = $args['id']; } } // Store the first CATEGORY as the Topic ID if (!empty($args['category'][0])) { $args['tid'] = $args['category'][0]; } $content = ''; if (!empty($args['content'])) { $content = $args['content']; } else { if (!empty($args['summary'])) { $content = $args['summary']; } } if (!empty($content)) { $parts = explode('[page_break]', $content); if (count($parts) == 1) { $args['introtext'] = $content; $args['bodytext'] = ''; } else { $args['introtext'] = array_shift($parts); $args['bodytext'] = implode('[page_break]', $parts); } } // Apply filters to the parameters passed by the webservice if ($args['gl_svc']) { if (isset($args['mode'])) { $args['mode'] = COM_applyBasicFilter($args['mode']); } if (isset($args['editopt'])) { $args['editopt'] = COM_applyBasicFilter($args['editopt']); } } // - START: Set all the defaults - /* if (empty($args['tid'])) { // see if we have a default topic $topic = DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND')); if (!empty($topic)) { $args['tid'] = $topic; } else { // otherwise, just use the first one $o = array(); $s = array(); if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) { $args['tid'] = $o[0]; } else { $svc_msg['error_desc'] = 'No topics available'; return PLG_RET_ERROR; } } } */ /* This is a solution for above but the above has issues if (!TOPIC_checkTopicSelectionControl()) { $svc_msg['error_desc'] = 'No topics selected or available'; return PLG_RET_ERROR; } */ if (empty($args['owner_id'])) { $args['owner_id'] = $_USER['uid']; } if (empty($args['group_id'])) { $args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']); } if (empty($args['postmode'])) { $args['postmode'] = $_CONF['postmode']; if (!empty($args['content_type'])) { if ($args['content_type'] == 'text') { $args['postmode'] = 'text'; } else { if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') { $args['postmode'] = 'html'; } } } } if ($args['gl_svc']) { // Permissions if (!isset($args['perm_owner'])) { $args['perm_owner'] = $_CONF['default_permissions_story'][0]; } else { $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true); } if (!isset($args['perm_group'])) { $args['perm_group'] = $_CONF['default_permissions_story'][1]; } else { $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true); } if (!isset($args['perm_members'])) { $args['perm_members'] = $_CONF['default_permissions_story'][2]; } else { $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true); } if (!isset($args['perm_anon'])) { $args['perm_anon'] = $_CONF['default_permissions_story'][3]; } else { $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true); } if (!isset($args['draft_flag'])) { $args['draft_flag'] = $_CONF['draft_flag']; } if (empty($args['frontpage'])) { $args['frontpage'] = $_CONF['frontpage']; } if (empty($args['show_topic_icon'])) { $args['show_topic_icon'] = $_CONF['show_topic_icon']; } } // - END: Set all the defaults - // TEST CODE /* foreach ($args as $k => $v) { if (!is_array($v)) { echo "$k => $v\r\n"; } else { echo "$k => $v\r\n"; foreach ($v as $k1 => $v1) { echo " $k1 => $v1\r\n"; } } }*/ // exit (); // END TEST CODE if (!isset($args['sid'])) { $args['sid'] = ''; } $args['sid'] = COM_sanitizeID($args['sid']); if (!$gl_edit) { if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) { $slug = ''; if (isset($args['slug'])) { $slug = $args['slug']; } if (function_exists('WS_makeId')) { $args['sid'] = WS_makeId($slug, STORY_MAX_ID_LENGTH); } else { $args['sid'] = COM_makeSid(); } } } $story = new Story(); $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit && !empty($args['gl_etag'])) { // First load the original story to check if it has been modified $result = $story->loadFromDatabase($args['sid']); if ($result == STORY_LOADED_OK) { if ($args['gl_etag'] != date('c', $story->_date)) { $svc_msg['error_desc'] = 'A more recent version of the story is available'; return PLG_RET_PRECONDITION_FAILED; } } else { $svc_msg['error_desc'] = 'Error loading story'; return PLG_RET_ERROR; } } // This function is also doing the security checks $result = $story->loadFromArgsArray($args); $sid = $story->getSid(); // Check if topics selected if not prompt required field if ($result == STORY_LOADED_OK) { if (!TOPIC_checkTopicSelectionControl()) { $result = STORY_EMPTY_REQUIRED_FIELDS; } } switch ($result) { case STORY_DUPLICATE_SID: $output .= COM_errorLog($LANG24[24], 2); if (!$args['gl_svc']) { $output .= storyeditor($sid); } $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[5])); return PLG_RET_ERROR; break; case STORY_EXISTING_NO_EDIT_PERMISSION: $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}."); return PLG_RET_PERMISSION_DENIED; break; case STORY_NO_ACCESS_PARAMS: $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}."); return PLG_RET_PERMISSION_DENIED; break; case STORY_EMPTY_REQUIRED_FIELDS: $output .= COM_errorLog($LANG24[31], 2); if (!$args['gl_svc']) { $output .= storyeditor($sid); } $output = COM_createHTMLDocument($output); return PLG_RET_ERROR; break; default: break; } /* Image upload is not supported by the web-service at present */ if (!$args['gl_svc']) { // Delete any images if needed if (array_key_exists('delete', $args)) { $delete = count($args['delete']); for ($i = 1; $i <= $delete; $i++) { $ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete'])); STORY_deleteImage($ai_filename); DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete'])); next($args['delete']); } } // OK, let's upload any pictures with the article if (DB_count($_TABLES['article_images'], 'ai_sid', $sid) > 0) { $index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '{$sid}'") + 1; } else { $index_start = 1; } if (count($_FILES) > 0 && $_CONF['maximagesperarticle'] > 0) { require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new Upload(); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } $upload->setMaxFileUploads($_CONF['maximagesperarticle']); if (!empty($_CONF['image_lib'])) { if ($_CONF['image_lib'] == 'imagemagick') { // Using imagemagick $upload->setMogrifyPath($_CONF['path_to_mogrify']); } elseif ($_CONF['image_lib'] == 'netpbm') { // using netPBM $upload->setNetPBM($_CONF['path_to_netpbm']); } elseif ($_CONF['image_lib'] == 'gdlib') { // using the GD library $upload->setGDLib(); } $upload->setAutomaticResize(true); if ($_CONF['keep_unscaled_image'] == 1) { $upload->keepOriginalImage(true); } else { $upload->keepOriginalImage(false); } if (isset($_CONF['jpeg_quality'])) { $upload->setJpegQuality($_CONF['jpeg_quality']); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); if (!$upload->setPath($_CONF['path_images'] . 'articles')) { $output = COM_showMessageText($upload->printErrors(false), $LANG24[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30])); echo $output; exit; } // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will // force any images bigger than the passed dimensions to be resized. // If mogrify is not set, any images larger than these dimensions // will get validation errors $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']); $upload->setMaxFileSize($_CONF['max_image_size']); // size in bytes, 1048576 = 1MB // Set file permissions on file after it gets uploaded (number is in octal) $upload->setPerms('0644'); $filenames = array(); $end_index = $index_start + $upload->numFiles() - 1; for ($z = $index_start; $z <= $end_index; $z++) { $curfile = current($_FILES); if (!empty($curfile['name'])) { $pos = strrpos($curfile['name'], '.') + 1; $fextension = substr($curfile['name'], $pos); $filenames[] = $sid . '_' . $z . '.' . $fextension; } next($_FILES); } $upload->setFileNames($filenames); reset($_FILES); $upload->uploadFiles(); if ($upload->areErrors()) { $retval = COM_showMessageText($upload->printErrors(false), $LANG24[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30])); echo $retval; exit; } reset($filenames); for ($z = $index_start; $z <= $end_index; $z++) { DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('{$sid}', {$z}, '" . current($filenames) . "')"); next($filenames); } } if ($_CONF['maximagesperarticle'] > 0) { $errors = $story->checkAttachedImages(); if (count($errors) > 0) { $output .= COM_startBlock($LANG24[54], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $LANG24[55] . LB . '<ul>' . LB; foreach ($errors as $err) { $output .= '<li>' . $err . '</li>' . LB; } $output .= '</ul>' . LB; $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= storyeditor($sid); $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[54])); echo $output; exit; } } } $result = $story->saveToDatabase(); if ($result == STORY_SAVED) { // see if any plugins want to act on that story if (!empty($args['old_sid']) && $args['old_sid'] != $sid) { PLG_itemSaved($sid, 'article', $args['old_sid']); } else { PLG_itemSaved($sid, 'article'); } // update feed(s) COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid); COM_rdfUpToDateCheck('comment'); STORY_updateLastArticlePublished(); CMT_updateCommentcodes(); if ($story->type == 'submission') { $output = COM_refresh($_CONF['site_admin_url'] . '/moderation.php?msg=9'); } else { $output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9); } /* @TODO Set the object id here */ $svc_msg['id'] = $sid; return PLG_RET_OK; } }
/** * Delete a topic * * @param string $tid Topic ID * @return string HTML redirect * */ function deleteTopic($tid) { global $_CONF, $_TABLES, $_USER; $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid ='{$tid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); if ($access < 3) { COM_accessLog("User {$_USER['username']} tried to illegally delete topic {$tid}."); return COM_refresh($_CONF['site_admin_url'] . '/topic.php'); } // don't delete topic blocks - assign them to 'all' and disable them DB_query("UPDATE {$_TABLES['blocks']} SET tid = 'all', is_enabled = 0 WHERE tid = '{$tid}'"); // same with feeds DB_query("UPDATE {$_TABLES['syndication']} SET topic = '::all', is_enabled = 0 WHERE topic = '{$tid}'"); // delete comments, trackbacks, images associated with stories in this topic $result = DB_query("SELECT sid FROM {$_TABLES['stories']} WHERE tid = '{$tid}'"); $numStories = DB_numRows($result); for ($i = 0; $i < $numStories; $i++) { $A = DB_fetchArray($result); STORY_deleteImages($A['sid']); DB_delete($_TABLES['comments'], array('sid', 'type'), array($A['sid'], 'article')); DB_delete($_TABLES['trackback'], array('sid', 'type'), array($A['sid'], 'article')); } // delete these DB_delete($_TABLES['stories'], 'tid', $tid); DB_delete($_TABLES['storysubmission'], 'tid', $tid); DB_delete($_TABLES['topics'], 'tid', $tid); // update feed(s) and Older Stories block COM_rdfUpToDateCheck('article'); COM_olderStuff(); return COM_refresh($_CONF['site_admin_url'] . '/topic.php?msg=14'); }
if ($dpm == 1) { PLG_deleteSubmission('story', $sid); } } else { $sql = "SELECT sid,date,uid,title,introtext,bodytext,hits " . "FROM {$_TABLES['stories']} WHERE sid='{$sid}'"; $result = DB_query($sql); list($sid, $storydate, $uid, $subject, $introtext, $bodytext, $hits) = DB_fetchArray($result); $num_posts = migratetopic($selforum, $sid, $storydate, $uid, $subject, $introtext, $bodytext, $hits) + $num_posts; $num_stories++; if ($dpm == 1) { STORY_doDeleteThisStoryNow($sid); } } } gf_resyncforum($selforum); COM_rdfUpToDateCheck('forum'); // forum rss feeds update echo COM_refresh($_CONF['site_admin_url'] . "/plugins/forum/migrate.php?num_stories=" . $num_stories . "&num_posts=" . $num_posts); exit; } function migratetopic($forum, $sid, $storydate, $uid, $subject, $introtext, $bodytext, $hits) { global $_TABLES; $comment = $introtext . $bodytext; $comment = prepareStringForDB($comment); $subject = prepareStringForDB($subject); $postmode = "HTML"; $name = DB_getItem($_TABLES['users'], 'username', "uid={$uid}"); $email = DB_getItem($_TABLES['users'], 'email', "uid={$uid}"); $website = DB_getItem($_TABLES['users'], 'homepage', "uid={$uid}"); $datetime = explode(" ", $storydate);
/** * Saves link to the database * * @param string $lid ID for link * @param string $old_lid old ID for link * @param string $cid cid of category link belongs to * @param string $categorydd Category links belong to * @param string $url URL of link to save * @param string $description Description of link * @param string $title Title of link * @param int $hits Number of hits for link * @param int $owner_id ID of owner * @param int $group_id ID of group link belongs to * @param int $perm_owner Permissions the owner has * @param int $perm_group Permissions the group has * @param int $perm_members Permissions members have * @param int $perm_anon Permissions anonymous users have * @return string HTML redirect or error message * @global array core config vars * @global array core group data * @global array core table data * @global array core user data * @global array core msg data * @global array links plugin lang admin vars * */ function savelink($lid, $old_lid, $cid, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF; $retval = ''; // Convert array values to numeric permission values if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } // Remove any autotags the user doesn't have permission to use $description = PLG_replaceTags($description, '', true); // clean 'em up $description = DB_escapeString(COM_checkHTML(COM_checkWords($description), 'links.edit')); $title = DB_escapeString(strip_tags(COM_checkWords($title))); $cid = DB_escapeString($cid); if (empty($owner_id)) { // this is new link from admin, set default values $owner_id = $_USER['uid']; if (isset($_GROUPS['Links Admin'])) { $group_id = $_GROUPS['Links Admin']; } else { $group_id = SEC_getFeatureGroup('links.edit'); } $perm_owner = 3; $perm_group = 2; $perm_members = 2; $perm_anon = 2; } $lid = COM_sanitizeID($lid); $old_lid = COM_sanitizeID($old_lid); if (empty($lid)) { if (empty($old_lid)) { $lid = COM_makeSid(); } else { $lid = $old_lid; } } // check for link id change if (!empty($old_lid) && $lid != $old_lid) { // check if new lid is already in use if (DB_count($_TABLES['links'], 'lid', $lid) > 0) { // TBD: abort, display editor with all content intact again $lid = $old_lid; // for now ... } } $access = 0; $old_lid = DB_escapeString($old_lid); if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}."); COM_output($display); exit; } elseif (!empty($title) && !empty($description) && !empty($url)) { if ($categorydd != $LANG_LINKS_ADMIN[7] && !empty($categorydd)) { $cid = DB_escapeString($categorydd); } else { if ($categorydd != $LANG_LINKS_ADMIN[7]) { echo COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php'); } } DB_delete($_TABLES['linksubmission'], 'lid', $old_lid); DB_delete($_TABLES['links'], 'lid', $old_lid); DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$lid}','{$cid}','{$url}','{$description}','{$title}',NOW(),'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"); if (empty($old_lid) || $old_lid == $lid) { PLG_itemSaved($lid, 'links'); } else { PLG_itemSaved($lid, 'links', $old_lid); } // Get category for rdf check $category = DB_getItem($_TABLES['linkcategories'], "category", "cid='{$cid}'"); COM_rdfUpToDateCheck('links', $category, $lid); return PLG_afterSaveSwitch($_LI_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/links/portal.php?what=link&item={$lid}"), 'links', 2); } else { // missing fields $retval .= COM_errorLog($LANG_LINKS_ADMIN[10], 2); if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) { $retval .= editlink('edit', $old_lid); } else { $retval .= editlink('edit', ''); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LINKS_ADMIN[1])); return $retval; } }
/** * Moderates a single item * * This will actually perform moderation (approve or delete) one or more items * * @param string $action Action to perform ('delete' or 'approve') * @param string $type Type of item ('user', 'draftstory', 'story', etc.) * @param string $id ID of item to approve or delete * @return string HTML for "command and control" page * */ function MODERATE_item($action = '', $type = '', $id = '') { global $_CONF, $_TABLES; $retval = ''; if (empty($action)) { // null action $retval .= COM_errorLog("Submissions Error: An attempt was made to moderate an item with a null action."); return $retval; } if (empty($type)) { // null item type $retval .= COM_errorLog("Submissions Error: An attempt was made to moderate a null item type."); return $retval; } if (empty($id)) { // null item type $retval .= COM_errorLog("Submissions Error: An attempt was made to moderate an item with a null id."); return $retval; } list($key, $table, $fields, $submissiontable) = PLG_getModerationValues($type); switch ($action) { case 'delete': switch ($type) { case 'user': // user if ($id > 1) { USER_deleteAccount($id); } break; case 'story': // story (needs to move to a plugin) DB_delete($submissiontable, "{$key}", $id); break; case 'draftstory': // draft story STORY_deleteStory($id); break; default: // plugin $retval .= PLG_deleteSubmission($type, $id); DB_delete($submissiontable, "{$key}", $id); break; } break; case 'approve': switch ($type) { case 'story': // story (needs to move to a plugin) $result = DB_query("SELECT * FROM {$submissiontable} WHERE {$key} = '{$id}'"); $A = DB_fetchArray($result); $A['related'] = DB_escapeString(implode("\n", STORY_extractLinks($A['introtext']))); $A['owner_id'] = $A['uid']; $A['title'] = DB_escapeString($A['title']); $A['introtext'] = DB_escapeString($A['introtext']); $A['bodytext'] = DB_escapeString($A['bodytext']); $result = DB_query("SELECT group_id,perm_owner,perm_group,perm_members,perm_anon,archive_flag FROM {$_TABLES['topics']} WHERE tid = '{$A['tid']}'"); $T = DB_fetchArray($result); if ($T['archive_flag'] == 1) { $frontpage = 0; } else { if (isset($_CONF['frontpage'])) { $frontpage = $_CONF['frontpage']; } else { $frontpage = 1; } } DB_save($table, 'sid,uid,tid,title,introtext,bodytext,related,date,show_topic_icon,commentcode,trackbackcode,postmode,frontpage,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$A['sid']}',{$A['uid']},'{$A['tid']}','{$A['title']}','{$A['introtext']}','{$A['bodytext']}','{$A['related']}','{$A['date']}','{$_CONF['show_topic_icon']}','{$_CONF['comment_code']}','{$_CONF['trackback_code']}','{$A['postmode']}',{$frontpage},{$A['owner_id']},{$T['group_id']},{$T['perm_owner']},{$T['perm_group']},{$T['perm_members']},{$T['perm_anon']}"); DB_delete($submissiontable, "{$key}", $id); PLG_itemSaved($A['sid'], 'article'); COM_rdfUpToDateCheck(); COM_olderStuff(); break; case 'draftstory': // draft story DB_query("UPDATE {$table} SET draft_flag = 0 WHERE {$key} = '{$id}'"); COM_rdfUpToDateCheck(); COM_olderStuff(); break; case 'user': // user $result = DB_query("SELECT {$fields} FROM {$table} WHERE {$key} = '{$id}'"); $nrows = DB_numRows($result); if ($nrows == 1) { $A = DB_fetchArray($result); if ($_CONF['registration_type'] == 1) { $sql = "UPDATE {$table} SET status=" . USER_ACCOUNT_AWAITING_VERIFICATION . " WHERE {$key} = '{$A['uid']}'"; } else { $sql = "UPDATE {$table} SET status=" . USER_ACCOUNT_AWAITING_ACTIVATION . " WHERE {$key} = '{$A['uid']}'"; } DB_query($sql); USER_createAndSendPassword($A['username'], $A['email'], $A['uid']); } break; default: // plugin DB_copy($table, $fields, $fields, $submissiontable, $key, $id); $retval .= PLG_approveSubmission($type, $id); break; } break; } // switch ($action) return $retval; }
$result = DB_query($sql); $A = DB_fetchArray($result); if (DB_getItem($_TABLES['vars'], 'value', "name='last_article_publish'") != $A['date']) { //Set new latest article published DB_query("UPDATE {$_TABLES['vars']} SET value='{$A['date']}' WHERE name='last_article_publish'"); // We need to see if there are currently two featured articles (because of future article). // Can only have one but you can have one current featured article // and one for the future...this check will set the latest one as featured // solely COM_featuredCheck(); // Geeklog now allows for articles to be published in the future. Because of // this, we need to check to see if we need to rebuild the RDF file in the case // that any such articles have now been published. Need to do this for comments // as well since article can have comments COM_rdfUpToDateCheck('article'); COM_rdfUpToDateCheck('comment'); } // +---------------------------------------------------------------------------+ // | HTML WIDGETS | // +---------------------------------------------------------------------------+ /** * Return the file to use for a block template. * * This returns the template needed to build the HTML for a block. This function * allows designers to give a block it's own custom look and feel. If no * templates for the block are specified, the default blockheader.html and * blockfooter.html will be used. * * @param string $blockname corresponds to name field in block table * @param string $which can be either 'header' or 'footer' for corresponding template * @param string $position can be 'left', 'right' or blank. If set, will be used to find a side specific override template.
/** * Moves comment from submission table to comments table * * @param int cid comment id * @copyright Jared Wenerd 2008 * @author Jared Wenerd, wenerd87 AT gmail DOT com * @param string $cid comment id * @return string of story id */ function CMT_approveModeration($cid) { global $_CONF, $_TABLES; $result = DB_query("SELECT type, sid, date, title, comment, uid, name, pid, ipaddress FROM {$_TABLES['commentsubmissions']} WHERE cid = '{$cid}'"); $A = DB_fetchArray($result); if ($A['pid'] > 0) { // get indent+1 of parent $indent = DB_getItem($_TABLES['comments'], 'indent+1', "cid = '{$A['pid']}'"); if (empty($indent)) { $indent = 0; } } else { $indent = 0; } $A['title'] = DB_escapeString($A['title']); $A['comment'] = DB_escapeString($A['comment']); if (isset($A['name'])) { // insert data $A['name'] = DB_escapeString($A['name']); DB_save($_TABLES['comments'], 'type,sid,date,title,comment,uid,name,pid,ipaddress,indent', "'{$A['type']}','{$A['sid']}','{$A['date']}','{$A['title']}','{$A['comment']}','{$A['uid']}'," . "'{$A['name']}','{$A['pid']}','{$A['ipaddress']}',{$indent}"); } else { // insert data, null automatically goes into name column DB_save($_TABLES['comments'], 'type,sid,date,title,comment,uid,pid,ipaddress,indent', "'{$A['type']}','{$A['sid']}','{$A['date']}','{$A['title']}','{$A['comment']}','{$A['uid']}'," . "'{$A['pid']}','{$A['ipaddress']}',{$indent}"); } $newcid = DB_insertId('', 'comments_cid_seq'); DB_delete($_TABLES['commentsubmissions'], 'cid', $cid); DB_change($_TABLES['commentnotifications'], 'cid', $newcid, 'mid', $cid); // notify of new published comment if ($_CONF['allow_reply_notifications'] == 1 && $A['pid'] > 0) { // $sql = "SELECT cid, uid, deletehash FROM {$_TABLES['commentnotifications']} WHERE cid = $pid"; // Used in Geeklog 2.0.0 and before. Notification sent only if someone directly replies to the comment (not a reply of a reply) $sql = "SELECT cn.cid, cn.uid, cn.deletehash " . "FROM {$_TABLES['comments']} AS c, {$_TABLES['comments']} AS c2, " . "{$_TABLES['commentnotifications']} AS cn " . "WHERE c2.cid = cn.cid AND (c.lft >= c2.lft AND c.lft <= c2.rht) " . "AND c.cid = {$A['pid']} GROUP BY cn.uid"; $result = DB_query($sql); $B = DB_fetchArray($result); if ($B !== false) { CMT_sendReplyNotification($B); } } // Update Comment Feeds COM_rdfUpToDateCheck('comment'); // Delete What's New block cache so it can get updated again if ($_CONF['whatsnew_cache_time'] > 0 and !$_CONF['hidenewcomments']) { $cacheInstance = 'whatsnew__'; // remove all whatsnew instances CACHE_remove_instance($cacheInstance); } return $A['sid']; }
/** * Saves an event to the database * * (parameters should be obvious - old list was incomplete anyway) * @return string HTML redirect or error message * */ function CALENDAR_saveEvent($eid, $title, $event_type, $url, $allday, $start_month, $start_day, $start_year, $start_hour, $start_minute, $start_ampm, $end_month, $end_day, $end_year, $end_hour, $end_minute, $end_ampm, $location, $address1, $address2, $city, $state, $zipcode, $description, $postmode, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $hour_mode) { global $_CONF, $_TABLES, $_USER, $LANG_CAL_ADMIN, $MESSAGE, $_CA_CONF; $retval = ''; // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $access = 0; if (DB_count($_TABLES['events'], 'eid', $eid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon FROM {$_TABLES['events']} " . "WHERE eid = '{$eid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit event {$eid}."); return $retval; } if ($hour_mode == 24) { // to avoid having to mess with the tried and tested code below, map // the 24-hour values onto their 12-hour counterparts and use those if ($start_hour >= 12) { $start_ampm = 'pm'; $start_hour = $start_hour - 12; } else { $start_ampm = 'am'; $start_hour = $start_hour; } if ($start_hour == 0) { $start_hour = 12; } if ($end_hour >= 12) { $end_ampm = 'pm'; $end_hour = $end_hour - 12; } else { $end_ampm = 'am'; $end_hour = $end_hour; } if ($end_hour == 0) { $end_hour = 12; } } if ($allday == 'on') { $allday = 1; } else { $allday = 0; } // Make sure start date is before end date if (checkdate($start_month, $start_day, $start_year)) { $datestart = sprintf('%4d-%02d-%02d', $start_year, $start_month, $start_day); $timestart = $start_hour . ':' . $start_minute . ':00'; } else { $retval .= COM_showMessageText($LANG_CAL_ADMIN[23], $LANG_CAL_ADMIN[2]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2])); return $retval; } if (checkdate($end_month, $end_day, $end_year)) { $dateend = sprintf('%4d-%02d-%02d', $end_year, $end_month, $end_day); $timeend = $end_hour . ':' . $end_minute . ':00'; } else { $retval .= COM_showMessageText($LANG_CAL_ADMIN[24], $LANG_CAL_ADMIN[2]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2])); return $retval; } if ($allday == 0) { if ($dateend < $datestart) { $retval .= COM_showMessageText($LANG_CAL_ADMIN[25], $LANG_CAL_ADMIN[2]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2])); return $retval; } } else { if ($dateend < $datestart) { // Force end date to be same as start date $dateend = $datestart; } } // Remove any autotags the user doesn't have permission to use $description = PLG_replaceTags($description, '', true); // clean 'em up if ($postmode == 'html') { $description = COM_checkHTML(COM_checkWords($description), 'calendar.edit'); } else { $postmode = 'plaintext'; $description = htmlspecialchars(COM_checkWords($description)); } $description = DB_escapeString($description); $title = DB_escapeString(strip_tags(COM_checkWords($title))); $location = DB_escapeString(COM_checkHTML(COM_checkWords($location), 'calendar.edit')); $address1 = DB_escapeString(strip_tags(COM_checkWords($address1))); $address2 = DB_escapeString(strip_tags(COM_checkWords($address2))); $city = DB_escapeString(strip_tags(COM_checkWords($city))); $zipcode = DB_escapeString(strip_tags(COM_checkWords($zipcode))); $event_type = DB_escapeString(strip_tags(COM_checkWords($event_type))); $url = DB_escapeString(strip_tags($url)); if ($allday == 0) { // Add 12 to make time on 24 hour clock if needed if ($start_ampm == 'pm' and $start_hour != 12) { $start_hour = $start_hour + 12; } // If 12AM set hour to 00 if ($start_ampm == 'am' and $start_hour == 12) { $start_hour = '00'; } // Add 12 to make time on 24 hour clock if needed if ($end_ampm == 'pm' and $end_hour != 12) { $end_hour = $end_hour + 12; } // If 12AM set hour to 00 if ($end_ampm == 'am' and $end_hour == 12) { $end_hour = '00'; } $timestart = $start_hour . ':' . $start_minute . ':00'; $timeend = $end_hour . ':' . $end_minute . ':00'; } if (!empty($eid) and !empty($description) and !empty($title)) { if (!SEC_checkToken()) { COM_accessLog("User {$_USER['username']} tried to save event {$eid} and failed CSRF checks."); COM_redirect($_CONF['site_admin_url'] . '/plugins/calendar/index.php'); } $hits = DB_getItem($_TABLES['events'], 'hits', "eid = '{$eid}'"); if (empty($hits)) { $hits = 0; } DB_delete($_TABLES['eventsubmission'], 'eid', $eid); DB_save($_TABLES['events'], 'eid,title,event_type,url,allday,datestart,dateend,timestart,' . 'timeend,location,address1,address2,city,state,zipcode,description,' . 'postmode,owner_id,group_id,perm_owner,perm_group,perm_members,' . 'perm_anon,hits', "'{$eid}','{$title}','{$event_type}','{$url}',{$allday},'{$datestart}'," . "'{$dateend}','{$timestart}','{$timeend}','{$location}','{$address1}'," . "'{$address2}','{$city}','{$state}','{$zipcode}','{$description}','{$postmode}'," . "{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$hits}"); if (DB_count($_TABLES['personal_events'], 'eid', $eid) > 0) { $result = DB_query("SELECT uid FROM {$_TABLES['personal_events']} " . "WHERE eid = '{$eid}'"); $numrows = DB_numRows($result); for ($i = 1; $i <= $numrows; $i++) { $P = DB_fetchArray($result); DB_save($_TABLES['personal_events'], 'eid,title,event_type,datestart,dateend,address1,address2,' . 'city,state,zipcode,allday,url,description,postmode,' . 'group_id,owner_id,perm_owner,perm_group,perm_members,' . 'perm_anon,uid,location,timestart,timeend', "'{$eid}','{$title}','{$event_type}','{$datestart}','{$dateend}'," . "'{$address1}','{$address2}','{$city}','{$state}','{$zipcode}'," . "{$allday},'{$url}','{$description}','{$postmode}',{$group_id}," . "{$owner_id},{$perm_owner},{$perm_group},{$perm_members}," . "{$perm_anon},{$P['uid']},'{$location}','{$timestart}','{$timeend}'"); } } PLG_itemSaved($eid, 'calendar'); COM_rdfUpToDateCheck('calendar', $event_type, $eid); return PLG_afterSaveSwitch($_CA_CONF['aftersave'], $_CONF['site_url'] . '/calendar/event.php?eid=' . $eid, 'calendar', 17); } else { $retval .= COM_showMessageText($LANG_CAL_ADMIN[10], $LANG_CAL_ADMIN[2]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2])); return $retval; } }
/** * Delete an event * * @param string $eid id of event to delete * @param string $type 'submission' when attempting to delete a submission * @param string HTML redirect */ function CALENDAR_delete($eid, $type = '') { global $_CONF, $_TABLES, $_USER; if (empty($type)) { // delete regular event $result = DB_query("SELECT * FROM {$_TABLES['events']} WHERE eid = '" . DB_escapeString($eid) . "'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); if ($access < 3) { COM_accessLog("User {$_USER['username']} tried to illegally delete event {$eid}."); return COM_refresh($_CONF['site_admin_url'] . '/plugins/calendar/index.php'); } DB_delete($_TABLES['events'], 'eid', DB_escapeString($eid)); DB_delete($_TABLES['personal_events'], 'eid', DB_escapeString($eid)); PLG_itemDeleted($eid, 'calendar'); COM_rdfUpToDateCheck('calendar', $A['event_type'], $A['eid']); return COM_refresh($_CONF['site_admin_url'] . '/plugins/calendar/index.php?msg=18'); } elseif ($type == 'submission') { if (plugin_ismoderator_calendar()) { DB_delete($_TABLES['eventsubmission'], 'eid', DB_escapeString($eid)); return COM_refresh($_CONF['site_admin_url'] . '/moderation.php'); } else { COM_accessLog("User {$_USER['username']} tried to illegally delete event submission {$eid}."); } } else { COM_accessLog("User {$_USER['username']} tried to illegally delete event {$eid} of type {$type}."); } return COM_refresh($_CONF['site_admin_url'] . '/plugins/calendar/index.php'); }
/** * Moderates an item * * This will actually perform moderation (approve or delete) one or more items * * @param array $mid Array of items * @param array $action Array of actions to perform on items * @param string $type Type of items ('story', etc.) * @param int $count Number of items to moderate * @return string HTML for "command and control" page * */ function moderation($mid, $action, $type, $count) { global $_CONF, $_TABLES; $retval = ''; switch ($type) { case 'story': $id = 'sid'; $table = $_TABLES['stories']; $submissiontable = $_TABLES['storysubmission']; $fields = 'sid,uid,tid,title,introtext,date,postmode'; break; case 'comment': $id = 'cid'; $submissiontable = $_TABLES['commentsubmissions']; $sidArray[] = ''; break; default: if (strlen($type) <= 0) { // something is terribly wrong, bail $retval .= COM_errorLog("Unable to find type of {$type} in moderation() in moderation.php"); return $retval; } list($id, $table, $fields, $submissiontable) = PLG_getModerationValues($type); } // Set true if an valid action other than delete_all is selected $formaction = false; for ($i = 0; $i < $count; $i++) { if (isset($action[$i]) and $action[$i] != '') { $formaction = true; } else { continue; } switch ($action[$i]) { case 'delete': if (!empty($type) && $type != 'story' && $type != 'draft') { // There may be some plugin specific processing that needs to // happen first. $retval .= PLG_deleteSubmission($type, $mid[$i]); } if (empty($mid[$i])) { $retval .= COM_errorLog("moderation.php just tried deleting everything in table {$submissiontable} because it got an empty id. Please report this immediately to your site administrator"); return $retval; } if ($type == 'draft') { STORY_deleteStory($mid[$i]); } else { DB_delete($submissiontable, "{$id}", $mid[$i]); } break; case 'approve': if ($type == 'story') { $result = DB_query("SELECT * FROM {$_TABLES['storysubmission']} WHERE sid = '{$mid[$i]}'"); $A = DB_fetchArray($result); $A['related'] = addslashes(implode("\n", STORY_extractLinks($A['introtext']))); $A['owner_id'] = $A['uid']; $A['title'] = addslashes($A['title']); $A['introtext'] = addslashes($A['introtext']); $A['bodytext'] = addslashes($A['bodytext']); $result = DB_query("SELECT group_id,perm_owner,perm_group,perm_members,perm_anon,archive_flag FROM {$_TABLES['topics']} WHERE tid = '{$A['tid']}'"); $T = DB_fetchArray($result); if ($T['archive_flag'] == 1) { $frontpage = 0; } else { if (isset($_CONF['frontpage'])) { $frontpage = $_CONF['frontpage']; } else { $frontpage = 1; } } DB_save($_TABLES['stories'], 'sid,uid,tid,title,introtext,bodytext,related,date,show_topic_icon,commentcode,trackbackcode,postmode,frontpage,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$A['sid']}',{$A['uid']},'{$A['tid']}','{$A['title']}','{$A['introtext']}','{$A['bodytext']}','{$A['related']}','{$A['date']}','{$_CONF['show_topic_icon']}','{$_CONF['comment_code']}','{$_CONF['trackback_code']}','{$A['postmode']}',{$frontpage},{$A['owner_id']},{$T['group_id']},{$T['perm_owner']},{$T['perm_group']},{$T['perm_members']},{$T['perm_anon']}"); DB_delete($_TABLES['storysubmission'], "{$id}", $mid[$i]); PLG_itemSaved($A['sid'], 'article'); COM_rdfUpToDateCheck(); COM_olderStuff(); } else { if ($type == 'draft') { DB_query("UPDATE {$_TABLES['stories']} SET draft_flag = 0 WHERE sid = '{$mid[$i]}'"); COM_rdfUpToDateCheck(); COM_olderStuff(); } else { if ($type == 'comment') { $sid = CMT_approveModeration($mid[$i]); if (!in_array($sid, $sidArray)) { $sidArray[$i] = $sid; } } else { // This is called in case this is a plugin. There may be some // plugin specific processing that needs to happen. DB_copy($table, $fields, $fields, $submissiontable, $id, $mid[$i]); $retval .= PLG_approveSubmission($type, $mid[$i]); } } } break; } } // after loop update comment tree and count for each story if (isset($sidArray)) { foreach ($sidArray as $sid) { CMT_rebuildTree($sid); //update comment count of stories; $comments = DB_count($_TABLES['comments'], 'sid', $sid); DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $sid); } } //Add new comment users to group comment.submit group if (isset($_POST['publishfuture'])) { for ($i = 0; $i < count($_POST['publishfuture']); $i++) { $uid = COM_applyFilter($_POST['publishfuture'][$i], true); if ($uid > 1 && !SEC_inGroup('Comment Submitters', $uid)) { SEC_addUserToGroup($uid, 'Comment Submitters'); } } } // Check if there was no direct action used on the form // and if the delete_all submit action was used if (!$formaction and isset($_POST['delitem'])) { foreach ($_POST['delitem'] as $delitem) { $delitem = COM_applyFilter($delitem); if (!empty($type) && $type != 'story' && $type != 'draft') { // There may be some plugin specific processing that needs to // happen first. $retval .= PLG_deleteSubmission($type, $delitem); } if ($type == 'draft') { STORY_deleteStory($delitem); } else { DB_delete($submissiontable, "{$id}", $delitem); } } } $retval .= commandcontrol(SEC_createToken()); return $retval; }
/** * Saves a story submission. * * @return integer result code explaining behaviour. */ public function saveSubmission() { global $_USER, $_CONF, $_TABLES; $this->_sid = COM_makeSid(); if (COM_isAnonUser()) { $this->_uid = 1; } else { $this->_uid = $_USER['uid']; } // Remove any autotags the user doesn't have permission to use $introText = PLG_replaceTags($this->_introtext, '', true); $bodyText = PLG_replaceTags($this->_bodytext, '', true); if (!TOPIC_hasMultiTopicAccess('topic')) { // user doesn't have access to one or more topics - bail return STORY_NO_ACCESS_TOPIC; } if ($_CONF['storysubmission'] == 1 && !SEC_hasRights('story.submit')) { $sid = DB_escapeString($this->_sid); $title = DB_escapeString($this->_title); $introText = DB_escapeString($introText); $bodyText = DB_escapeString($bodyText); $postMode = DB_escapeString($this->_postmode); DB_save($_TABLES['storysubmission'], 'sid,uid,title,introtext,bodytext,date,postmode,text_version', "{$sid},{$this->_uid},'{$title}'," . "'{$introText}','{$bodyText}',NOW(),'{$postMode}','{$this->_text_version}'"); // Save Topics selected TOPIC_saveTopicSelectionControl('article', $sid); return STORY_SAVED_SUBMISSION; } else { // post this story directly. First establish the necessary missing data. $this->sanitizeData(); if (!isset($_CONF['show_topic_icon'])) { $_CONF['show_topic_icon'] = 1; } /* if (DB_getItem($_TABLES['topics'], 'archive_flag', "tid = '{$tmptid}'") == 1) { // A bug using undefined variable $tmptid $this->_frontpage = 0; } elseif (isset($_CONF['frontpage'])) { $this->_frontpage = $_CONF['frontpage']; } else { $this->_frontpage = 1; } $this->_oldsid = $this->_sid; // dead code */ $this->_date = mktime(); $this->_featured = 0; $this->_commentcode = $_CONF['comment_code']; $this->_trackbackcode = $_CONF['trackback_code']; $this->_statuscode = 0; $this->_show_topic_icon = $_CONF['show_topic_icon']; $this->_cache_time = $_CONF['default_cache_time_article']; if (COM_isAnonUser()) { $this->_owner_id = 1; } else { $this->_owner_id = $_USER['uid']; } /* $this->_group_id = $T['group_id']; $this->_perm_owner = $T['perm_owner']; $this->_perm_group = $T['perm_group']; $this->_perm_members = $T['perm_members']; $this->_perm_anon = $T['perm_anon']; */ // Save Topics selected TOPIC_saveTopicSelectionControl('article', $this->_sid); $sql = "SELECT group_id,perm_owner,perm_group,perm_members,perm_anon,archive_flag " . "FROM {$_TABLES['topics']} t, {$_TABLES['topic_assignments']} ta " . "WHERE ta.type = 'article' AND ta.id = '{$this->_sid}' " . "AND ta.tdefault = 1 AND ta.tid = t.tid"; $result = DB_query($sql); $A = DB_fetchArray($result); if ($A['archive_flag'] == 1) { $this->_frontpage = 0; } elseif (isset($_CONF['frontpage'])) { $this->_frontpage = $_CONF['frontpage']; } else { $this->_frontpage = 1; } $this->_group_id = $A['group_id']; $this->_perm_owner = $A['perm_owner']; $this->_perm_group = $A['perm_group']; $this->_perm_members = $A['perm_members']; $this->_perm_anon = $A['perm_anon']; $this->saveToDatabase(); PLG_itemSaved($this->_sid, 'article'); COM_rdfUpToDateCheck('article'); COM_rdfUpToDateCheck('comment'); STORY_updateLastArticlePublished(); return STORY_SAVED; } }
/** * Delete an existing story * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @return int Response code as defined in lib-plugins.php */ function service_delete_story($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER; if (empty($args['sid']) && !empty($args['id'])) { $args['sid'] = $args['id']; } if ($args['gl_svc']) { $args['sid'] = COM_applyBasicFilter($args['sid']); } $sid = $args['sid']; $result = DB_query("SELECT tid,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '" . DB_escapeString($sid) . "'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); $access = min($access, SEC_hasTopicAccess($A['tid'])); if ($access < 3) { COM_accessLog("User {$_USER['username']} tried to illegally delete story {$sid}."); $output = COM_refresh($_CONF['site_admin_url'] . '/story.php'); if ($_USER['uid'] > 1) { return PLG_RET_PERMISSION_DENIED; } else { return PLG_RET_AUTH_FAILED; } } STORY_deleteImages($sid); DB_query("DELETE FROM {$_TABLES['comments']} WHERE sid = '" . DB_escapeString($sid) . "' AND type = 'article'"); DB_delete($_TABLES['stories'], 'sid', DB_escapeString($sid)); // delete Trackbacks DB_query("DELETE FROM {$_TABLES['trackback']} WHERE sid = '" . DB_escapeString($sid) . "' AND type = 'article';"); PLG_itemDeleted($sid, 'article'); // update RSS feed and Older Stories block COM_rdfUpToDateCheck(); COM_olderStuff(); COM_setMessage(10); $output = COM_refresh($_CONF['site_admin_url'] . '/story.php'); return PLG_RET_OK; }
/** * Saves banner to the database * * @param string $bid ID for banner * @param string $old_bid old ID for banner * @param string $cid cid of category banner belongs to * @param string $categorydd Category banner belong to * @param string $url URL of banner to save * @param string $description Description of banner * @param string $title Title of banner * @param int $hits Number of hits for banner * @param int $owner_id ID of owner * @param int $group_id ID of group banner belongs to * @param int $perm_owner Permissions the owner has * @param int $perm_group Permissions the group has * @param int $perm_members Permissions members have * @param int $perm_anon Permissions anonymous users have * @return string HTML redirect or error message * @global array core config vars * @global array core group data * @global array core table data * @global array core user data * @global array core msg data * @global array banner plugin lang admin vars * */ function savebanner($bid, $old_bid, $cid, $categorydd, $url, $description, $title, $publishstart, $publishend, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_BANNER_ADMIN, $_BAN_CONF; $retval = ''; // Convert array values to numeric permission values if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } // clean 'em up $description = addslashes(COM_checkHTML(COM_checkWords($description))); $title = addslashes(COM_checkHTML(COM_checkWords($title))); $cid = addslashes($cid); //$description = str_replace('<p>','',$description); //$description = str_replace('</p>','',$description); if (empty($owner_id)) { // this is new banner from admin, set default values $owner_id = $_USER['uid']; if (isset($_GROUPS['Banner Admin'])) { $group_id = $_GROUPS['Banner Admin']; } else { $group_id = SEC_getFeatureGroup('banner.edit'); } $perm_owner = 3; $perm_group = 2; $perm_members = 2; $perm_anon = 2; } if (empty($publishstart)) { $publishstart = 'NULL'; } else { $publishstart = "'" . $publishstart . "'"; } if (empty($publishend)) { $publishend = 'NULL'; } else { $publishend = "'" . $publishend . "'"; } $bid = COM_sanitizeID($bid); $old_bid = COM_sanitizeID($old_bid); if (empty($bid)) { if (empty($old_bid)) { $bid = COM_makeSid(); } else { $bid = $old_bid; } } // check for banner id change if (!empty($old_bid) && $bid != $old_bid) { // check if new bid is already in use if (DB_count($_TABLES['banner'], 'bid', $bid) > 0) { // TBD: abort, display editor with all content intact again $bid = $old_bid; // for now ... } } $access = 0; $old_bid = addslashes($old_bid); if (DB_count($_TABLES['banner'], 'bid', $old_bid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['banner']} WHERE bid = '{$old_bid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[31], $MESSAGE[30]) . COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit banner {$bid}."); echo $display; exit; } elseif (!empty($title) && !empty($description)) { if ($categorydd != $LANG_BANNER_ADMIN[7] && !empty($categorydd)) { $cid = addslashes($categorydd); } else { if ($categorydd != $LANG_BANNER_ADMIN[7]) { echo COM_refresh($_CONF['site_admin_url'] . '/plugins/banner/index.php'); } } DB_delete($_TABLES['bannersubmission'], 'bid', $old_bid); DB_delete($_TABLES['banner'], 'bid', $old_bid); DB_save($_TABLES['banner'], 'bid,cid,url,description,title,date,publishstart,publishend,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$bid}','{$cid}','{$url}','{$description}','{$title}',NOW(),{$publishstart},{$publishend},'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"); // Get category for rdf check $category = DB_getItem($_TABLES['bannercategories'], "category", "cid='{$cid}'"); COM_rdfUpToDateCheck('banner', $category, $bid); return PLG_afterSaveSwitch($_BAN_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/banner/portal.php?what=banner&item={$bid}"), 'banner', 2); } else { // missing fields $retval .= COM_siteHeader('menu', $LANG_BANNER_ADMIN[1]); $retval .= COM_errorLog($LANG_BANNER_ADMIN[10], 2); if (DB_count($_TABLES['banner'], 'bid', $old_bid) > 0) { $retval .= editbanner('edit', $old_bid); } else { $retval .= editbanner('edit', ''); } $retval .= COM_siteFooter(); return $retval; } }
/** * Delete a topic * * @param string $tid Topic ID * @return string HTML redirect */ function deleteTopic($tid) { global $_CONF, $_TABLES, $_USER, $_TOPICS; $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid ='{$tid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); if ($access < 3) { COM_accessLog("User {$_USER['username']} tried to illegally delete topic {$tid}."); COM_redirect($_CONF['site_admin_url'] . '/topic.php'); } // Update any child topics to root and un hide them DB_query("UPDATE {$_TABLES['topics']} SET parent_id = '" . TOPIC_ROOT . "', hidden = 0 WHERE parent_id = '{$tid}'"); // same with feeds DB_query("UPDATE {$_TABLES['syndication']} SET topic = '::all', is_enabled = 0 WHERE topic = '{$tid}'"); // Need to cycle through stories from topic // Only delete story if only this one topic // Make sure to check if this topic is default for story. If is make another topic default. $object_tables[] = $_TABLES['stories']; $object_tables[] = $_TABLES['storysubmission']; $object_tables[] = $_TABLES['blocks']; $object_tables_id[$_TABLES['stories']] = 'sid'; $object_tables_id[$_TABLES['storysubmission']] = 'sid'; $object_tables_id[$_TABLES['blocks']] = 'bid'; $object_type[$_TABLES['stories']] = 'article'; $object_type[$_TABLES['storysubmission']] = 'article'; $object_type[$_TABLES['blocks']] = 'block'; foreach ($object_tables as $object_table) { $sql = "SELECT {$object_tables_id[$object_table]}, ta.tdefault\n FROM {$object_table}, {$_TABLES['topic_assignments']} ta\n WHERE ta.type = '{$object_type[$object_table]}' AND ta.id = CAST({$object_tables_id[$object_table]} AS CHAR) AND ta.tid = '{$tid}'"; $result = DB_query($sql); $numStories = DB_numRows($result); for ($i = 0; $i < $numStories; $i++) { $A = DB_fetchArray($result); // Now check if another topic exists for this story $sql = "SELECT {$object_tables_id[$object_table]}, ta.tid\n FROM {$object_table}, {$_TABLES['topic_assignments']} ta\n WHERE ta.type = '{$object_type[$object_table]}' AND ta.id = {$object_tables_id[$object_table]}\n AND ta.tid <> '{$tid}' AND {$object_tables_id[$object_table]} = '{$A[$object_tables_id[$object_table]]}'"; $resultB = DB_query($sql); $numTopics = DB_numRows($resultB); if ($numTopics == 0) { // Delete comments, trackbacks, images associated with stories in this topic since only topic if ($object_table == $_TABLES['stories'] || $object_table == $_TABLES['storysubmission']) { STORY_deleteImages($A['sid']); DB_delete($_TABLES['comments'], array('sid', 'type'), array($A['sid'], 'article')); DB_delete($_TABLES['trackback'], array('sid', 'type'), array($A['sid'], 'article')); if ($object_table == $_TABLES['stories']) { PLG_itemDeleted($A['sid'], 'article'); } } DB_delete($object_table, $object_tables_id[$object_table], $A[$object_tables_id[$object_table]]); } else { // Story still exists for other topics so make sure one is default if ($object_table == $_TABLES['stories'] || $object_table == $_TABLES['storysubmission']) { if ($A['tdefault'] == 1) { $B = DB_fetchArray($resultB); $sql = "UPDATE {$_TABLES['topic_assignments']} SET tdefault = 1 WHERE type = 'article' AND tid = '{$B['tid']}' AND id = '{$B['sid']}'"; DB_query($sql); } } } } } // Notify of Delete topic so other plugins can deal with their items without topics PLG_itemDeleted($tid, 'topic'); // delete these DB_delete($_TABLES['topic_assignments'], 'tid', $tid); DB_delete($_TABLES['topics'], 'tid', $tid); // Reorder Topics, Delete topic cache and reload topic tree reorderTopics(); // update feed(s) COM_rdfUpToDateCheck('article'); COM_redirect($_CONF['site_admin_url'] . '/topic.php?msg=14'); }
/** * Saves a story submission. * * @return integer result code explaining behaviour. */ function saveSubmission() { global $_USER, $_CONF, $_TABLES; $this->_sid = COM_makeSid(); if (COM_isAnonUser()) { $this->_uid = 1; } else { $this->_uid = $_USER['uid']; } $tmptid = addslashes(COM_sanitizeID($this->_tid)); $result = DB_query('SELECT group_id,perm_owner,perm_group,perm_members,perm_anon FROM ' . "{$_TABLES['topics']} WHERE tid = '{$tmptid}'" . COM_getTopicSQL('AND')); if (DB_numRows($result) == 0) { // user doesn't have access to this topic - bail return STORY_NO_ACCESS_TOPIC; } $T = DB_fetchArray($result); if ($_CONF['storysubmission'] == 1 && !SEC_hasRights('story.submit')) { $this->_sid = addslashes($this->_sid); $this->_tid = $tmptid; $this->_title = addslashes($this->_title); $this->_introtext = addslashes($this->_introtext); $this->_bodytext = addslashes($this->_bodytext); $this->_postmode = addslashes($this->_postmode); DB_save($_TABLES['storysubmission'], 'sid,tid,uid,title,introtext,bodytext,date,postmode', "{$this->_sid},'{$this->_tid}',{$this->_uid},'{$this->_title}'," . "'{$this->_introtext}','{$this->_bodytext}',NOW(),'{$this->_postmode}'"); return STORY_SAVED_SUBMISSION; } else { // post this story directly. First establish the necessary missing data. $this->_sanitizeData(); if (!isset($_CONF['show_topic_icon'])) { $_CONF['show_topic_icon'] = 1; } if (DB_getItem($_TABLES['topics'], 'archive_flag', "tid = '{$tmptid}'") == 1) { $this->_frontpage = 0; } elseif (isset($_CONF['frontpage'])) { $this->_frontpage = $_CONF['frontpage']; } else { $this->_frontpage = 1; } $this->_oldsid = $this->_sid; $this->_date = mktime(); $this->_featured = 0; $this->_commentcode = $_CONF['comment_code']; $this->_trackbackcode = $_CONF['trackback_code']; $this->_statuscode = 0; $this->_show_topic_icon = $_CONF['show_topic_icon']; if (COM_isAnonUser()) { $this->_owner_id = 1; } else { $this->_owner_id = $_USER['uid']; } $this->_group_id = $T['group_id']; $this->_perm_owner = $T['perm_owner']; $this->_perm_group = $T['perm_group']; $this->_perm_members = $T['perm_members']; $this->_perm_anon = $T['perm_anon']; $this->saveToDatabase(); PLG_itemSaved($this->_sid, 'article'); COM_rdfUpToDateCheck(); COM_olderStuff(); return STORY_SAVED; } }
function migrate_deletestory($sid) { global $_TABLES, $_CONF; $result = DB_query("SELECT ai_filename FROM {$_TABLES['article_images']} WHERE ai_sid='" . DB_escapeString($sid) . "'"); $nrows = DB_numRows($result); for ($i = 1; $i <= $nrows; $i++) { $A = DB_fetchArray($result); $filename = $_CONF['path_html'] . 'images/articles/' . $A['ai_filename']; if (!@unlink($filename)) { // log the problem but don't abort the script COM_errorLog('Unable to remove the following image from the article: ' . $filename); } // remove unscaled image, if it exists $lFilename_large = substr_replace($A['ai_filename'], '_original.', strrpos($A['ai_filename'], '.'), 1); $lFilename_large_complete = $_CONF['path_html'] . 'images/articles/' . $lFilename_large; if (file_exists($lFilename_large_complete)) { if (!@unlink($lFilename_large_complete)) { // ;og the problem but don't abort the script COM_errorLog('Unable to remove the following image from the article: ' . $lFilename_large_complete); } } } DB_delete($_TABLES['article_images'], 'ai_sid', DB_escapeString($sid)); DB_delete($_TABLES['comments'], 'sid', DB_escapeString($sid)); DB_delete($_TABLES['stories'], 'sid', DB_escapeString($sid)); // update RSS feed and Older Stories block COM_rdfUpToDateCheck(); COM_olderStuff(); return; }
function _saveToDatabase($mode = '') { global $_CONF, $_TABLES; $sql_additions = ''; if (version_compare(VERSION, '2.1.0') >= 0) { $this->_text_version = GLTEXT_LATEST_VERSION; $text_version = $this->_text_version; $sql_additions = "text_version='{$text_version}', "; // Apply HTML filter to the text just before save // with the permissions of current editor require_once $_CONF['path_system'] . 'classes/gltext.class.php'; $description = GLText::applyHTMLFilter($this->_description, $this->_postmode, 'story.edit', $this->_text_version); $detail = GLText::applyHTMLFilter($this->_detail, $this->_postmode, 'story.edit', $this->_text_version); } else { $description = $this->_description; $detail = $this->_detail; } $lid = addslashes($this->_lid); $cid = addslashes($this->_cid); $title = addslashes($this->_title); $url = addslashes($this->_url); $homepage = addslashes($this->_homepage); $version = addslashes($this->_version); $size = (int) $this->_size; $md5 = addslashes($this->_md5); $logourl = addslashes($this->_logourl); $mg_autotag = addslashes($this->_mg_autotag); $tags = addslashes($this->_tags); $date = (int) $this->_date; $commentcode = (int) $this->_commentcode; $project = addslashes($this->_project); $description = addslashes($description); $detail = addslashes($detail); $owner_id = (int) $this->_owner_id; $postmode = addslashes($this->_postmode); $is_released = (int) $this->_is_released; $is_listing = (int) $this->_is_listing; $createddate = addslashes($this->_createddate); $table = empty($mode) ? $_TABLES['downloads'] : $_TABLES['downloadsubmission']; DB_query("UPDATE {$table} " . "SET lid='{$lid}', cid='{$cid}', title='{$title}', url='{$url}', mg_autotag='{$mg_autotag}', tags='{$tags}', " . "homepage='{$homepage}', project='{$project}', description='{$description}', detail='{$detail}', " . "version='{$version}', size={$size}, md5='{$md5}', commentcode={$commentcode}, owner_id={$owner_id}, " . "postmode='{$postmode}', logourl='{$logourl}', is_released={$is_released}, is_listing={$is_listing}, " . $sql_additions . "date={$date}, createddate='{$createddate}' " . "WHERE lid='{$this->_old_lid}'"); if ($this->_old_lid == $this->_lid) { PLG_itemSaved($this->_lid, 'downloads'); } else { DB_change($_TABLES['comments'], 'sid', addslashes($this->_lid), array('sid', 'type'), array(addslashes($this->_old_lid), 'downloads')); PLG_itemSaved($this->_lid, 'downloads', $this->_old_lid); } COM_rdfUpToDateCheck('downloads', $this->_cid, $this->_lid); }