/**
* Set a property's value.
*
* @param string $var Name of property to set.
* @param mixed $value New value for property.
*/
public function __set($var, $value = '')
{
switch ($var) {
case 'det_id':
$this->properties[$var] = (int) $value;
break;
case 'ev_id':
$this->properties[$var] = COM_sanitizeID($value, false);
break;
case 'title':
case 'summary':
case 'full_description':
case 'url':
case 'location':
case 'street':
case 'city':
case 'province':
case 'country':
case 'postal':
case 'contact':
case 'email':
case 'phone':
// String values
$this->properties[$var] = trim(COM_checkHTML($value));
break;
case 'lat':
case 'lng':
$this->properties[$var] = (double) $value;
break;
default:
// Undefined values (do nothing)
break;
}
}
/**
* Saves a poll
* Saves a poll topic and potential answers to the database
*
* @param string $pid Poll topic ID
* @param string $old_pid Previous poll topic ID
* @param array $Q Array of poll questions
* @param string $mainPage Checkbox: poll appears on homepage
* @param string $topic The text for the topic
* @param string $meta_description
* @param string $meta_keywords
* @param int $statusCode (unused)
* @param string $open Checkbox: poll open for voting
* @param string $hideResults Checkbox: hide results until closed
* @param int $commentCode Indicates if users can comment on poll
* @param array $A Array of possible answers
* @param array $V Array of vote per each answer
* @param array $R Array of remark per each answer
* @param int $owner_id ID of poll owner
* @param int $group_id ID of group poll belongs to
* @param int $perm_owner Permissions the owner has on poll
* @param int $perm_group Permissions the group has on poll
* @param int $perm_members Permissions logged in members have on poll
* @param int $perm_anon Permissions anonymous users have on poll
* @param bool $allow_multipleanswers
* @param string $topic_description
* @param string $description
* @return string|void
*/
function savepoll($pid, $old_pid, $Q, $mainPage, $topic, $meta_description, $meta_keywords, $statusCode, $open, $hideResults, $commentCode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $allow_multipleanswers, $topic_description, $description)
{
global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$topic = COM_stripslashes($topic);
$topic = COM_checkHTML($topic);
$topic_description = strip_tags(COM_stripslashes($topic_description));
$meta_description = strip_tags(COM_stripslashes($meta_description));
$meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
$pid = COM_sanitizeID($pid);
$old_pid = COM_sanitizeID($old_pid);
if (empty($pid)) {
if (empty($old_pid)) {
$pid = COM_makeSid();
} else {
$pid = $old_pid;
}
}
// check if any question was entered
if (empty($topic) || count($Q) === 0 || strlen($Q[0]) === 0 || strlen($A[0][0]) === 0) {
$retval .= COM_showMessageText($LANG25[2], $LANG21[32]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG25[5]));
return $retval;
}
if (!SEC_checkToken()) {
COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks.");
COM_redirect($_CONF['site_admin_url'] . '/plugins/polls/index.php');
}
// check for poll id change
if (!empty($old_pid) && $pid != $old_pid) {
// check if new pid is already in use
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
// TBD: abort, display editor with all content intact again
$pid = $old_pid;
// for now ...
}
}
// start processing the poll topic
if ($_POLL_VERBOSE) {
COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
}
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
$P = DB_fetchArray($result);
$access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$display = COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}.");
COM_output($display);
exit;
}
if ($_POLL_VERBOSE) {
COM_errorLog('owner permissions: ' . $perm_owner, 1);
COM_errorLog('group permissions: ' . $perm_group, 1);
COM_errorLog('member permissions: ' . $perm_members, 1);
COM_errorLog('anonymous permissions: ' . $perm_anon, 1);
}
// we delete everything and re-create it with the input from the form
$del_pid = $pid;
if (!empty($old_pid) && $pid != $old_pid) {
$del_pid = $old_pid;
// delete by old pid, create using new pid below
}
// Retrieve Created Date before delete
$created_date = DB_getItem($_TABLES['polltopics'], 'created', "pid = '{$del_pid}'");
if ($created_date == '') {
$created_date = date('Y-m-d H:i:s');
}
DB_delete($_TABLES['polltopics'], 'pid', $del_pid);
DB_delete($_TABLES['pollanswers'], 'pid', $del_pid);
DB_delete($_TABLES['pollquestions'], 'pid', $del_pid);
$topic = GLText::remove4byteUtf8Chars($topic);
$topic = DB_escapeString($topic);
$topic_description = GLText::remove4byteUtf8Chars($topic_description);
$topic_description = DB_escapeString($topic_description);
$meta_description = GLText::remove4byteUtf8Chars($meta_description);
$meta_description = DB_escapeString($meta_description);
$meta_keywords = GLText::remove4byteUtf8Chars($meta_keywords);
$meta_keywords = DB_escapeString($meta_keywords);
$k = 0;
// set up a counter to make sure we do assign a straight line of question id's
// first dimension of array are the questions
$num_questions = count($Q);
$num_total_votes = 0;
$num_questions_exist = 0;
for ($i = 0; $i < $num_questions; $i++) {
$Q[$i] = COM_stripslashes($Q[$i]);
$Q[$i] = COM_checkHTML($Q[$i]);
$Q[$i] = GLText::remove4byteUtf8Chars($Q[$i]);
$allow_multipleanswers[$i] = GLText::remove4byteUtf8Chars(COM_stripslashes($allow_multipleanswers[$i]));
$description[$i] = GLText::remove4byteUtf8Chars(COM_checkHTML(COM_stripslashes($description[$i])));
if ($allow_multipleanswers[$i] == 'on') {
$allow_multipleanswers[$i] = 1;
} else {
$allow_multipleanswers[$i] = 0;
}
if (strlen($Q[$i]) > 0) {
// only insert questions that exist
$num_questions_exist++;
$Q[$i] = DB_escapeString($Q[$i]);
DB_save($_TABLES['pollquestions'], 'qid, pid, question,allow_multipleanswers,description', "'{$k}', '{$pid}', '{$Q[$i]}','{$allow_multipleanswers[$i]}','{$description[$i]}'");
// within the questions, we have another dimensions with answers,
// votes and remarks
$num_answers = count($A[$i]);
for ($j = 0; $j < $num_answers; $j++) {
$A[$i][$j] = COM_stripslashes($A[$i][$j]);
$A[$i][$j] = COM_checkHTML($A[$i][$j]);
$A[$i][$j] = GLText::remove4byteUtf8Chars($A[$i][$j]);
$R[$i][$j] = COM_stripslashes($R[$i][$j]);
$R[$i][$j] = COM_checkHTML($R[$i][$j]);
$R[$i][$j] = GLText::remove4byteUtf8Chars($R[$i][$j]);
if (strlen($A[$i][$j]) > 0) {
// only insert answers etc that exist
if (!is_numeric($V[$i][$j])) {
$V[$i][$j] = "0";
}
$A[$i][$j] = DB_escapeString($A[$i][$j]);
$R[$i][$j] = DB_escapeString($R[$i][$j]);
$sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');";
DB_query($sql);
$num_total_votes = $num_total_votes + $V[$i][$j];
}
}
$k++;
}
}
// determine the number of voters (cannot use records in pollvoters table since they get deleted after a time $_PO_CONF['polladdresstime'])
if ($num_questions_exist > 0) {
$numVoters = $num_total_votes / $num_questions_exist;
} else {
// This shouldn't happen
$numVoters = $num_total_votes;
}
// save topics after the questions so we can include question count into table
$sql = "'{$pid}','{$topic}','{$meta_description}','{$meta_keywords}',{$numVoters}, {$k}, '{$created_date}', '" . date('Y-m-d H:i:s');
if ($mainPage == 'on') {
$sql .= "',1";
} else {
$sql .= "',0";
}
if ($open == 'on') {
$sql .= ",1";
} else {
$sql .= ",0";
}
if ($hideResults == 'on') {
$sql .= ",1";
} else {
$sql .= ",0";
}
$sql .= ",'{$statusCode}','{$commentCode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$topic_description}'";
// Save poll topic
DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, created, modified, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon,description", $sql);
if (empty($old_pid) || $old_pid == $pid) {
PLG_itemSaved($pid, 'polls');
} else {
DB_change($_TABLES['comments'], 'sid', DB_escapeString($pid), array('sid', 'type'), array(DB_escapeString($old_pid), 'polls'));
DB_change($_TABLES['pollvoters'], 'pid', DB_escapeString($pid), 'pid', DB_escapeString($old_pid));
PLG_itemSaved($pid, 'polls', $old_pid);
}
if ($_POLL_VERBOSE) {
COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
}
return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19);
}
/**
* Submit static page. The page is updated if it exists, or a new one is created
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_submit_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_GROUPS, $_SP_CONF;
$output = '';
if (!SEC_hasRights('staticpages.edit')) {
$output = COM_siteHeader('menu', $LANG_STATIC['access_denied']);
$output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied'], true);
$output .= COM_siteFooter();
return PLG_RET_AUTH_FAILED;
}
if (defined('DEMO_MODE')) {
$output = COM_siteHeader('menu');
$output .= COM_showMessageText('Option disabled in Demo Mode', 'Option disabled in Demo Mode', true);
$output .= COM_siteFooter();
return PLG_REG_AUTH_FAILED;
}
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit) {
// This is EDIT mode, so there should be an sp_old_id
if (empty($args['sp_old_id'])) {
if (!empty($args['id'])) {
$args['sp_old_id'] = $args['id'];
} else {
return PLG_RET_ERROR;
}
if (empty($args['sp_id'])) {
$args['sp_id'] = $args['sp_old_id'];
}
}
} else {
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
}
if (empty($args['sp_uid'])) {
$args['sp_uid'] = $_USER['uid'];
}
if (empty($args['sp_title']) && !empty($args['title'])) {
$args['sp_title'] = $args['title'];
}
if (empty($args['sp_content']) && !empty($args['content'])) {
$args['sp_content'] = $args['content'];
}
if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) {
$args['sp_tid'] = $args['category'][0];
}
if (!isset($args['owner_id'])) {
$args['owner_id'] = $_USER['uid'];
}
if (empty($args['group_id'])) {
$args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']);
}
$args['sp_id'] = COM_sanitizeID($args['sp_id']);
if (!$gl_edit) {
if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) {
if (function_exists('WS_makeId')) {
$args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH);
} else {
$args['sp_id'] = COM_makeSid();
}
}
}
// Apply filters to the parameters passed by the webservice
if ($args['gl_svc']) {
$par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode');
$par_num = array('sp_uid', 'sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode', 'sp_search', 'sp_status');
foreach ($par_str as $str) {
if (isset($args[$str])) {
$args[$str] = COM_applyBasicFilter($args[$str]);
} else {
$args[$str] = '';
}
}
foreach ($par_num as $num) {
if (isset($args[$num])) {
$args[$num] = COM_applyBasicFilter($args[$num], true);
} else {
$args[$num] = 0;
}
}
}
// START: Staticpages defaults
if ($args['sp_status'] != 1) {
$args['sp_status'] = 0;
}
if (empty($args['sp_format'])) {
$args['sp_format'] = 'allblocks';
}
if (empty($args['sp_tid'])) {
$args['sp_tid'] = 'all';
}
if ($args['sp_where'] < 0 || $args['sp_where'] > 4) {
$args['sp_where'] = 0;
}
if ($args['sp_php'] < 0 || $args['sp_php'] > 2) {
$args['sp_php'] = 0;
}
if ($args['commentcode'] < -1 || $args['commentcode'] > 1) {
$args['commentcode'] = $_CONF['comment_code'];
}
if ($args['sp_search'] != 1) {
$args['sp_search'] = 0;
}
if ($args['gl_svc']) {
// Permissions
if (!isset($args['perm_owner'])) {
$args['perm_owner'] = $_SP_CONF['default_permissions'][0];
} else {
$args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
}
if (!isset($args['perm_group'])) {
$args['perm_group'] = $_SP_CONF['default_permissions'][1];
} else {
$args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
}
if (!isset($args['perm_members'])) {
$args['perm_members'] = $_SP_CONF['default_permissions'][2];
} else {
$args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
}
if (!isset($args['perm_anon'])) {
$args['perm_anon'] = $_SP_CONF['default_permissions'][3];
} else {
$args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
}
if (!isset($args['sp_onmenu'])) {
$args['sp_onmenu'] = '';
} else {
if ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) {
$svc_msg['error_desc'] = 'Menu label missing';
return PLG_RET_ERROR;
}
}
if (empty($args['sp_content'])) {
$svc_msg['error_desc'] = 'No content';
return PLG_RET_ERROR;
}
if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') {
$args['sp_inblock'] = 'on';
}
if (empty($args['sp_centerblock'])) {
$args['sp_centerblock'] = '';
}
}
// END: Staticpages defaults
$sp_id = $args['sp_id'];
$sp_status = $args['sp_status'];
$sp_uid = $args['sp_uid'];
$sp_title = $args['sp_title'];
$sp_content = $args['sp_content'];
$sp_hits = $args['sp_hits'];
$sp_format = $args['sp_format'];
$sp_onmenu = $args['sp_onmenu'];
$sp_label = '';
if (!empty($args['sp_label'])) {
$sp_label = $args['sp_label'];
}
$commentcode = $args['commentcode'];
$owner_id = $args['owner_id'];
$group_id = $args['group_id'];
$perm_owner = $args['perm_owner'];
$perm_group = $args['perm_group'];
$perm_members = $args['perm_members'];
$perm_anon = $args['perm_anon'];
$sp_php = $args['sp_php'];
$sp_nf = '';
if (!empty($args['sp_nf'])) {
$sp_nf = $args['sp_nf'];
}
$sp_old_id = $args['sp_old_id'];
$sp_centerblock = $args['sp_centerblock'];
$sp_help = '';
if (!empty($args['sp_help'])) {
$sp_help = $args['sp_help'];
}
$sp_tid = $args['sp_tid'];
$sp_where = $args['sp_where'];
$sp_inblock = $args['sp_inblock'];
$postmode = $args['postmode'];
$sp_search = $args['sp_search'];
if ($gl_edit && !empty($args['gl_etag'])) {
// First load the original staticpage to check if it has been modified
$o = array();
$s = array();
$r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s);
if ($r == PLG_RET_OK) {
if ($args['gl_etag'] != $o['updated']) {
$svc_msg['error_desc'] = 'A more recent version of the staticpage is available';
return PLG_RET_PRECONDITION_FAILED;
}
} else {
$svc_msg['error_desc'] = 'The requested staticpage no longer exists';
return PLG_RET_ERROR;
}
}
// Check for unique page ID
$duplicate_id = false;
$delete_old_page = false;
if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) {
if ($sp_id != $sp_old_id) {
$duplicate_id = true;
}
} elseif (!empty($sp_old_id)) {
if ($sp_id != $sp_old_id) {
$delete_old_page = true;
}
}
if ($duplicate_id) {
$output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2);
if (!$args['gl_svc']) {
$output .= PAGE_edit($sp_id);
}
$output .= COM_siteFooter();
$svc_msg['error_desc'] = 'Duplicate ID';
return PLG_RET_ERROR;
} elseif (!empty($sp_title) && !empty($sp_content)) {
if (empty($sp_hits)) {
$sp_hits = 0;
}
if ($sp_onmenu == 'on') {
$sp_onmenu = 1;
} else {
$sp_onmenu = 0;
}
if ($sp_nf == 'on') {
$sp_nf = 1;
} else {
$sp_nf = 0;
}
if ($sp_centerblock == 'on') {
$sp_centerblock = 1;
} else {
$sp_centerblock = 0;
}
if ($sp_inblock == 'on') {
$sp_inblock = 1;
} else {
$sp_inblock = 0;
}
// Clean up the text
if ($_SP_CONF['censor'] == 1) {
$sp_content = COM_checkWords($sp_content);
$sp_title = COM_checkWords($sp_title);
}
if ($_SP_CONF['filter_html'] == 1) {
$sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
}
$sp_title = strip_tags($sp_title);
$sp_label = strip_tags($sp_label);
$sp_content = DB_escapeString($sp_content);
$sp_title = DB_escapeString($sp_title);
$sp_label = DB_escapeString($sp_label);
// If user does not have php edit perms, then set php flag to 0.
if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) {
$sp_php = 0;
}
// make sure there's only one "entire page" static page per topic
if ($sp_centerblock == 1 && $sp_where == 0) {
$sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE sp_centerblock = 1 AND sp_where = 0 AND sp_tid = '" . DB_escapeString($sp_tid) . "'";
// multi-language configuration - allow one entire page
// centerblock for all or none per language
if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) {
$ids = explode('_', $sp_id);
if (count($ids) > 1) {
$lang_id = array_pop($ids);
$sql .= " AND sp_id LIKE '%\\_" . DB_escapeString($lang_id) . "'";
}
}
DB_query($sql);
}
$formats = array('allblocks', 'blankpage', 'leftblocks', 'rightblocks', 'noblocks');
if (!in_array($sp_format, $formats)) {
$sp_format = 'allblocks';
}
if (!$args['gl_svc']) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
DB_save($_TABLES['staticpage'], 'sp_id,sp_status,sp_uid,sp_title,sp_content,sp_date,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode,sp_search', "'{$sp_id}',{$sp_status}, {$sp_uid},'{$sp_title}','{$sp_content}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}',{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}',{$sp_search}");
if ($delete_old_page && !empty($sp_old_id)) {
DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id);
DB_change($_TABLES['comments'], 'sid', DB_escapeString($sp_id), array('sid', 'type'), array(DB_escapeString($sp_old_id), 'staticpages'));
PLG_itemDeleted($sp_old_id, 'staticpages');
}
PLG_itemSaved($sp_id, 'staticpages');
$url = COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $sp_id);
$output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages');
$svc_msg['id'] = $sp_id;
return PLG_RET_OK;
} else {
$output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2);
if (!$args['gl_svc']) {
$output .= PAGE_edit($sp_id);
}
$output .= COM_siteFooter();
return PLG_RET_ERROR;
}
}
/**
* Submit static page. The page is updated if it exists, or a new one is created
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_submit_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_GROUPS, $_SP_CONF;
if (!$_CONF['disable_webservices']) {
require_once $_CONF['path_system'] . 'lib-webservices.php';
}
$output = '';
if (!SEC_hasRights('staticpages.edit')) {
$output = COM_siteHeader('menu', $LANG_STATIC['access_denied']);
$output .= COM_startBlock($LANG_STATIC['access_denied'], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= $LANG_STATIC['access_denied_msg'];
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$output .= COM_siteFooter();
return PLG_RET_AUTH_FAILED;
}
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit) {
// This is EDIT mode, so there should be an sp_old_id
if (empty($args['sp_old_id'])) {
if (!empty($args['id'])) {
$args['sp_old_id'] = $args['id'];
} else {
return PLG_RET_ERROR;
}
if (empty($args['sp_id'])) {
$args['sp_id'] = $args['sp_old_id'];
}
}
} else {
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
}
if (empty($args['sp_title']) && !empty($args['title'])) {
$args['sp_title'] = $args['title'];
}
if (empty($args['sp_content']) && !empty($args['content'])) {
$args['sp_content'] = $args['content'];
}
if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) {
$args['sp_tid'] = $args['category'][0];
}
if (!isset($args['owner_id'])) {
$args['owner_id'] = $_USER['uid'];
}
if (empty($args['group_id'])) {
$args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']);
}
$args['sp_id'] = COM_sanitizeID($args['sp_id']);
if (!$gl_edit) {
if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) {
$slug = '';
if (isset($args['slug'])) {
$slug = $args['slug'];
}
if (function_exists('WS_makeId')) {
$args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH);
} else {
$args['sp_id'] = COM_makeSid();
}
}
}
// Apply filters to the parameters passed by the webservice
if ($args['gl_svc']) {
$par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode');
$par_num = array('sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode');
foreach ($par_str as $str) {
if (isset($args[$str])) {
$args[$str] = COM_applyBasicFilter($args[$str]);
} else {
$args[$str] = '';
}
}
foreach ($par_num as $num) {
if (isset($args[$num])) {
$args[$num] = COM_applyBasicFilter($args[$num], true);
} else {
$args[$num] = 0;
}
}
}
// START: Staticpages defaults
if (empty($args['sp_format'])) {
$args['sp_format'] = 'allblocks';
}
if (empty($args['sp_tid'])) {
$args['sp_tid'] = 'all';
}
if ($args['sp_where'] < 0 || $args['sp_where'] > 3) {
$args['sp_where'] = 0;
}
if ($args['sp_php'] < 0 || $args['sp_php'] > 2) {
$args['sp_php'] = 0;
}
if ($args['commentcode'] < -1 || $args['commentcode'] > 1) {
$args['commentcode'] = $_CONF['comment_code'];
}
if ($args['gl_svc']) {
// Permissions
if (!isset($args['perm_owner'])) {
$args['perm_owner'] = $_SP_CONF['default_permissions'][0];
} else {
$args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
}
if (!isset($args['perm_group'])) {
$args['perm_group'] = $_SP_CONF['default_permissions'][1];
} else {
$args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
}
if (!isset($args['perm_members'])) {
$args['perm_members'] = $_SP_CONF['default_permissions'][2];
} else {
$args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
}
if (!isset($args['perm_anon'])) {
$args['perm_anon'] = $_SP_CONF['default_permissions'][3];
} else {
$args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
}
if (!isset($args['sp_onmenu'])) {
$args['sp_onmenu'] = '';
} elseif ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) {
$svc_msg['error_desc'] = 'Menu label missing';
return PLG_RET_ERROR;
}
if (empty($args['sp_content'])) {
$svc_msg['error_desc'] = 'No content';
return PLG_RET_ERROR;
}
if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') {
$args['sp_inblock'] = 'on';
}
if (empty($args['sp_centerblock'])) {
$args['sp_centerblock'] = '';
}
if (empty($args['draft_flag']) && $_SP_CONF['draft_flag'] == '1') {
$args['draft_flag'] = 'on';
}
if (empty($args['template_flag'])) {
$args['template_flag'] = '';
}
if (empty($args['template_id'])) {
$args['template_id'] = '';
}
}
// END: Staticpages defaults
$sp_id = $args['sp_id'];
$sp_title = $args['sp_title'];
$sp_page_title = $args['sp_page_title'];
$sp_content = $args['sp_content'];
$sp_hits = $args['sp_hits'];
$sp_format = $args['sp_format'];
$sp_onmenu = $args['sp_onmenu'];
$sp_label = '';
if (!empty($args['sp_label'])) {
$sp_label = $args['sp_label'];
}
$meta_description = $args['meta_description'];
$meta_keywords = $args['meta_keywords'];
$commentcode = $args['commentcode'];
$owner_id = $args['owner_id'];
$group_id = $args['group_id'];
$perm_owner = $args['perm_owner'];
$perm_group = $args['perm_group'];
$perm_members = $args['perm_members'];
$perm_anon = $args['perm_anon'];
$sp_php = $args['sp_php'];
$sp_nf = '';
if (!empty($args['sp_nf'])) {
$sp_nf = $args['sp_nf'];
}
$sp_old_id = $args['sp_old_id'];
$sp_centerblock = $args['sp_centerblock'];
$draft_flag = $args['draft_flag'];
$template_flag = $args['template_flag'];
$template_id = $args['template_id'];
$sp_help = '';
if (!empty($args['sp_help'])) {
$sp_help = $args['sp_help'];
}
$sp_tid = $args['sp_tid'];
$sp_where = $args['sp_where'];
$sp_inblock = $args['sp_inblock'];
$postmode = $args['postmode'];
if ($gl_edit && !empty($args['gl_etag'])) {
// First load the original staticpage to check if it has been modified
$o = array();
$s = array();
$r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s);
if ($r == PLG_RET_OK) {
if ($args['gl_etag'] != $o['updated']) {
$svc_msg['error_desc'] = 'A more recent version of the staticpage is available';
return PLG_RET_PRECONDITION_FAILED;
}
} else {
$svc_msg['error_desc'] = 'The requested staticpage no longer exists';
return PLG_RET_ERROR;
}
}
// Check for unique page ID
$duplicate_id = false;
$delete_old_page = false;
if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) {
if ($sp_id != $sp_old_id) {
$duplicate_id = true;
}
} elseif (!empty($sp_old_id)) {
if ($sp_id != $sp_old_id) {
$delete_old_page = true;
}
}
if ($duplicate_id) {
$output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2);
if (!$args['gl_svc']) {
$output .= staticpageeditor($sp_id);
}
$output .= COM_siteFooter();
$svc_msg['error_desc'] = 'Duplicate ID';
return PLG_RET_ERROR;
} elseif (!empty($sp_title) && !empty($sp_content)) {
if (empty($sp_hits)) {
$sp_hits = 0;
}
if ($sp_onmenu == 'on') {
$sp_onmenu = 1;
} else {
$sp_onmenu = 0;
}
if ($sp_nf == 'on') {
$sp_nf = 1;
} else {
$sp_nf = 0;
}
if ($sp_centerblock == 'on') {
$sp_centerblock = 1;
} else {
$sp_centerblock = 0;
}
if ($sp_inblock == 'on') {
$sp_inblock = 1;
} else {
$sp_inblock = 0;
}
if ($draft_flag == 'on') {
$draft_flag = 1;
} else {
$draft_flag = 0;
}
if ($template_flag == 'on') {
$template_flag = 1;
} else {
$template_flag = 0;
}
// Remove any autotags the user doesn't have permission to use
$sp_content = PLG_replaceTags($sp_content, '', true);
// Clean up the text
if ($_SP_CONF['censor'] == 1) {
$sp_content = COM_checkWords($sp_content);
$sp_title = COM_checkWords($sp_title);
}
if ($_SP_CONF['filter_html'] == 1) {
$sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
}
$sp_title = strip_tags($sp_title);
$sp_page_title = strip_tags($sp_page_title);
$sp_label = strip_tags($sp_label);
$meta_description = strip_tags($meta_description);
$meta_keywords = strip_tags($meta_keywords);
$sp_content = addslashes($sp_content);
$sp_title = addslashes($sp_title);
$sp_page_title = addslashes($sp_page_title);
$sp_label = addslashes($sp_label);
$meta_description = addslashes($meta_description);
$meta_keywords = addslashes($meta_keywords);
// If user does not have php edit perms, then set php flag to 0.
if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) {
$sp_php = 0;
}
// If marked as a template then set id to nothing and other default settings
if ($template_flag == 1) {
$template_id = '';
$sp_onmenu = 0;
$sp_label = "";
$sp_centerblock = 0;
$sp_php = 0;
$sp_inblock = 0;
$sp_nf = 0;
$sp_hits = 0;
$meta_description = "";
$meta_keywords = "";
} else {
// See if it was a template before, if so and option changed, remove use from other pages
if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$sp_old_id}'") == 1) {
$sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '' WHERE template_id = '{$sp_old_id}'";
$result = DB_query($sql);
}
if ($template_id != '') {
// If using a template, make sure php disabled
$sp_php = 0;
// Double check template id exists and is still a template
$perms = SP_getPerms();
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
if (DB_getItem($_TABLES['staticpage'], 'COUNT(sp_id)', "sp_id = '{$template_id}' AND template_flag = 1 AND (draft_flag = 0)" . $perms) == 0) {
$template_id = '';
}
}
}
// make sure there's only one "entire page" static page per topic
if ($sp_centerblock == 1 && $sp_where == 0) {
$sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE (sp_centerblock = 1) AND (sp_where = 0) AND (sp_tid = '{$sp_tid}') AND (draft_flag = 0)";
// if we're in a multi-language setup, we need to allow one "entire
// page" centerblock for 'all' or 'none' per language
if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) {
$ids = explode('_', $sp_id);
if (count($ids) > 1) {
$lang_id = array_pop($ids);
$sql .= " AND sp_id LIKE '%\\_{$lang_id}'";
}
}
DB_query($sql);
}
$formats = array('allblocks', 'blankpage', 'leftblocks', 'noblocks');
if (!in_array($sp_format, $formats)) {
$sp_format = 'allblocks';
}
if (!$args['gl_svc']) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
// Retrieve created date
$datecreated = DB_getItem($_TABLES['staticpage'], 'created', "sp_id = '{$sp_id}'");
if ($datecreated == '') {
$datecreated = date('Y-m-d H:i:s');
}
DB_save($_TABLES['staticpage'], 'sp_id,sp_title,sp_page_title, sp_content,created,modified,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode', "'{$sp_id}','{$sp_title}','{$sp_page_title}','{$sp_content}','{$datecreated}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}','{$meta_description}','{$meta_keywords}',{$template_flag},'{$template_id}',{$draft_flag},{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}'");
if ($delete_old_page && !empty($sp_old_id)) {
// If a template and the id changed, update any staticpages that use it
if ($template_flag == 1) {
$sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '{$sp_id}' WHERE template_id = '{$sp_old_id}'";
$result = DB_query($sql);
}
DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id);
}
if (empty($sp_old_id) || $sp_id == $sp_old_id) {
if (!$template_flag) {
PLG_itemSaved($sp_id, 'staticpages');
} else {
// If template then have to notify of all pages that use this template that a change to the page happened
$sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'";
$result = DB_query($sql);
while ($A = DB_fetchArray($result)) {
PLG_itemSaved($A['sp_id'], 'staticpages');
}
}
} else {
DB_change($_TABLES['comments'], 'sid', addslashes($sp_id), array('sid', 'type'), array(addslashes($sp_old_id), 'staticpages'));
if (!$template_flag) {
PLG_itemSaved($sp_id, 'staticpages', $sp_old_id);
} else {
// If template then have to notify of all pages that use this template that a change to the page happened
$sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'";
$result = DB_query($sql);
while ($A = DB_fetchArray($result)) {
PLG_itemSaved($A['sp_id'], 'staticpages');
}
}
}
$url = COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page=' . $sp_id);
$output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages', 19);
$svc_msg['id'] = $sp_id;
return PLG_RET_OK;
} else {
$output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2);
if (!$args['gl_svc']) {
$output .= staticpageeditor($sp_id);
}
$output .= COM_siteFooter();
return PLG_RET_ERROR;
}
}
}
// MAIN ========================================================================
$action = '';
$expected = array('update', 'delete', 'cancel', 'remove');
foreach ($expected as $provided) {
if (isset($_POST[$provided])) {
$action = $provided;
} elseif (isset($_GET[$provided])) {
$action = $provided;
}
}
$pi_name = '';
if (isset($_POST['pi_name'])) {
$pi_name = COM_sanitizeID(COM_applyFilter($_POST['pi_name']));
} elseif (isset($_GET['pi_name'])) {
$pi_name = COM_sanitizeID(COM_applyFilter($_GET['pi_name']));
}
if (isset($_POST['pluginenabler']) && SEC_checkToken()) {
$enabledplugins = array();
if (isset($_POST['enabledplugins'])) {
$enabledplugins = $_POST['enabledplugins'];
}
$pluginarray = array();
if (isset($_POST['pluginarray'])) {
$pluginarray = $_POST['pluginarray'];
}
PLUGINS_toggleStatus($enabledplugins, $pluginarray);
// force a refresh so that the information of the plugin that was just
// enabled / disabled (menu entries, etc.) is displayed properly
header('Location: ' . $_CONF['site_admin_url'] . '/plugins.php');
exit;
/**
* Save topic to the database
*
* @param string $tid Topic ID
* @param string $topic Name of topic (what the user sees)
* @param string $imageurl (partial) URL to topic image
* @param string $meta_description Topic meta description
* @param string $meta_keywords Topic meta keywords
* @param int $sortnum number for sort order in "Topics" block
* @param int $limitnews number of stories per page for this topic
* @param int $owner_id ID of owner
* @param int $group_id ID of group topic belongs to
* @param int $perm_owner Permissions the owner has
* @param int $perm_group Permissions the group has
* @param int $perm_member Permissions members have
* @param int $perm_anon Permissions anonymous users have
* @param string $is_default 'on' if this is the default topic
* @param string $is_archive 'on' if this is the archive topic
* @return string HTML redirect or error message
*/
function savetopic($tid, $topic, $imageurl, $meta_description, $meta_keywords, $sortnum, $limitnews, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_default, $is_archive)
{
global $_CONF, $_TABLES, $LANG27, $MESSAGE;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$tid = COM_sanitizeID($tid);
$access = 0;
if (DB_count($_TABLES['topics'], 'tid', $tid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$retval .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}.");
} elseif (!empty($tid) && !empty($topic)) {
if ($imageurl == '/images/topics/') {
$imageurl = '';
}
$topic = addslashes($topic);
$meta_description = addslashes(strip_tags($meta_description));
$meta_keywords = addslashes(strip_tags($meta_keywords));
if ($is_default == 'on') {
$is_default = 1;
DB_query("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1");
} else {
$is_default = 0;
}
$is_archive = $is_archive == 'on' ? 1 : 0;
$archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1");
if ($is_archive) {
// $tid is the archive topic
// - if it wasn't already, mark all its stories "archived" now
if ($archivetid != $tid) {
DB_query("UPDATE {$_TABLES['stories']} SET featured = 0, frontpage = 0, statuscode = " . STORY_ARCHIVE_ON_EXPIRE . " WHERE tid = '{$tid}'");
DB_query("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1");
}
} else {
// $tid is not the archive topic
// - if it was until now, reset the "archived" status of its stories
if ($archivetid == $tid) {
DB_query("UPDATE {$_TABLES['stories']} SET statuscode = 0 WHERE tid = '{$tid}'");
DB_query("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1");
}
}
DB_save($_TABLES['topics'], 'tid, topic, imageurl, meta_description, meta_keywords, sortnum, limitnews, is_default, archive_flag, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon', "'{$tid}', '{$topic}', '{$imageurl}', '{$meta_description}', '{$meta_keywords}','{$sortnum}','{$limitnews}',{$is_default},'{$is_archive}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
// update feed(s) and Older Stories block
COM_rdfUpToDateCheck('article', $tid);
COM_olderStuff();
$retval = COM_refresh($_CONF['site_admin_url'] . '/topic.php?msg=13');
} else {
$retval .= COM_siteHeader('menu', $LANG27[1]);
$retval .= COM_errorLog($LANG27[7], 2);
$retval .= COM_siteFooter();
}
return $retval;
}
$retval .= MG_staticSortMedia($album_id, $_MG_CONF['site_url'] . '/admin.php');
} else {
$retval .= MG_invalidRequest();
}
$display = MG_siteHeader();
$display .= $retval;
$display .= MG_siteFooter();
echo $display;
exit;
} else {
if ($mode == 'rotate') {
$retval = '';
if (isset($_GET['album_id']) && isset($_GET['media_id']) && isset($_GET['action'])) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/rotate.php';
$album_id = COM_applyFilter($_GET['album_id'], true);
$media_id = COM_sanitizeID(COM_applyFilter($_GET['media_id']));
$direction = COM_applyFilter($_GET['action']);
$queue = COM_applyFilter($_GET['queue'], true);
$srcFrom = isset($_GET['s']) ? COM_applyFilter($_GET['s'], true) : 0;
$srcURL = '';
if ($srcFrom) {
$srcURL = '&s=1';
}
$eMode = $queue == 0 ? 'mediaedit' : 'mediaeditq';
$actionURL = $_MG_CONF['site_url'] . '/admin.php?mode=' . $eMode . $srcURL . '&mid=' . $media_id . '&album_id=' . $album_id;
MG_rotateMedia($album_id, $media_id, $direction, $actionURL);
} else {
$display = MG_siteHeader();
$display .= MG_invalidRequest();
}
$display .= MG_siteFooter();
/**
* Display an ad's detail
* @param string $ad_id ID of ad to display
*/
function adDetail($ad_id = '')
{
global $_USER, $_TABLES, $_CONF, $LANG_ADVT, $_CONF_ADVT;
USES_lib_comments();
// Determind if this is an administrator
$admin = SEC_hasRights($_CONF_ADVT['pi_name'] . '.admin');
$ad_id = COM_sanitizeID($ad_id);
if ($ad_id == '') {
// An ad id is required for this function
return CLASSIFIEDS_errorMsg($LANG_ADVT['missing_id'], 'alert');
}
$srchval = isset($_GET['query']) ? trim($_GET['query']) : '';
// We use this in a few places here, so might as well just
// figure it out once and save it.
$perm_sql = COM_getPermSQL('AND', 0, 2, 'ad') . ' ' . COM_getPermSQL('AND', 0, 2, 'cat');
// get the ad information.
$sql = "SELECT ad.*\n FROM {$_TABLES['ad_ads']} ad\n LEFT JOIN {$_TABLES['ad_category']} cat\n ON ad.cat_id = cat.cat_id\n WHERE ad_id='{$ad_id}'";
if (!$admin) {
$sql .= $perm_sql;
}
$result = DB_query($sql);
if (!$result || DB_numRows($result) < 1) {
return CLASSIFIEDS_errorMsg($LANG_ADVT['no_ad_found'], 'note', 'Oops...');
}
$ad = DB_fetchArray($result, false);
// Check access to the ad. If granted, check that access isn't
// blocked by any category.
$my_access = CLASSIFIEDS_checkAccess($ad['ad_id'], $ad);
if ($my_access >= 2) {
$my_cat_access = CLASSIFIEDS_checkCatAccess($ad['cat_id'], false);
if ($my_cat_access < $my_access) {
$my_access = $my_cat_access;
}
}
if ($my_access < 2) {
return CLASSIFIEDS_errorMsg($LANG_ADVT['no_permission'], 'alert', $LANG_ADVT['access_denied']);
}
$cat = (int) $ad['cat_id'];
// Increment the views counter
$sql = "UPDATE {$_TABLES['ad_ads']} \n SET views = views + 1 \n WHERE ad_id='{$ad_id}'";
DB_query($sql);
// Get the previous and next ads
$condition = " AND ad.cat_id={$cat}";
if (!$admin) {
$condition .= $perm_sql;
}
$sql = "SELECT ad_id\n FROM {$_TABLES['ad_ads']} ad\n LEFT JOIN {$_TABLES['ad_category']} cat\n ON ad.cat_id = cat.cat_id\n WHERE ad_id < '{$ad_id}' \n {$condition}\n ORDER BY ad_id DESC\n LIMIT 1";
$r = DB_query($sql);
list($preAd_id) = DB_fetchArray($r, false);
$sql = "SELECT ad_id\n FROM {$_TABLES['ad_ads']} ad\n LEFT JOIN {$_TABLES['ad_category']} cat\n ON ad.cat_id = cat.cat_id\n WHERE ad_id > '{$ad_id}' \n {$condition}\n ORDER BY ad_id ASC\n LIMIT 1";
$r = DB_query($sql);
list($nextAd_id) = DB_fetchArray($r, false);
// Get the user contact info. If none, just show the email link
$sql = "SELECT * \n FROM {$_TABLES['ad_uinfo']} \n WHERE uid='{$ad['uid']}'";
//echo $sql;
$result = DB_query($sql);
$uinfo = array();
if ($result && DB_numRows($result) > 0) {
$uinfo = DB_fetchArray($result);
} else {
$uinfo['uid'] = '';
$uinfo['address'] = '';
$uinfo['city'] = '';
$uinfo['state'] = '';
$uinfo['postal'] = '';
$uinfo['tel'] = '';
$uinfo['fax'] = '';
}
// Get the hot results (most viewed ads)
$time = time();
$sql = "SELECT ad.ad_id, ad.cat_id, ad.subject,\n cat.cat_id, cat.fgcolor, cat.bgcolor\n FROM {$_TABLES['ad_ads']} ad\n LEFT JOIN {$_TABLES['ad_category']} cat\n ON ad.cat_id = cat.cat_id\n WHERE ad.exp_date > {$time} \n {$perm_sql}\n ORDER BY views DESC \n LIMIT 4";
//echo $sql;die;
$hotresult = DB_query($sql);
// convert line breaks & others to html
$patterns = array('/\\n/');
$replacements = array('<br />');
$ad['descript'] = PLG_replaceTags(COM_checkHTML($ad['descript']));
$ad['descript'] = preg_replace($patterns, $replacements, $ad['descript']);
$ad['subject'] = strip_tags($ad['subject']);
$ad['price'] = strip_tags($ad['price']);
$ad['url'] = COM_sanitizeUrl($ad['url']);
$ad['keywords'] = strip_tags($ad['keywords']);
// Highlight search terms, if any
if ($srchval != '') {
$ad['subject'] = COM_highlightQuery($ad['subject'], $srchval);
$ad['descript'] = COM_highlightQuery($ad['descript'], $srchval);
}
$detail = new Template(CLASSIFIEDS_PI_PATH . '/templates');
$detail->set_file('detail', 'detail.thtml');
if ($admin) {
$base_url = CLASSIFIEDS_ADMIN_URL . '/index.php';
$del_link = $base_url . '?delete=ad&ad_id=' . $ad_id;
$edit_link = $base_url . '?edit=ad&ad_id=' . $ad_id;
} else {
$base_url = CLASSIFIEDS_URL . '/index.php';
$del_link = $base_url . '?mode=Delete&id=' . $ad_id;
$edit_link = $base_url . '?mode=editad&id=' . $ad_id;
}
// Set up the "add days" form if this user is the owner
// or an admin
if ($my_access == 3) {
// How many days has the ad run?
$max_add_days = CLASSIFIEDS_calcMaxAddDays(($ad['exp_date'] - $ad['add_date']) / 86400);
if ($max_add_days > 0) {
$detail->set_var('max_add_days', $max_add_days);
}
}
if ($ad['exp_date'] < $time) {
$detail->set_var('is_expired', 'true');
}
USES_classifieds_class_category();
$detail->set_var(array('base_url' => $base_url, 'edit_link' => $edit_link, 'del_link' => $del_link, 'curr_loc' => adCategory::BreadCrumbs($cat, true), 'subject' => $ad['subject'], 'add_date' => date($_CONF['shortdate'], $ad['add_date']), 'exp_date' => date($_CONF['shortdate'], $ad['exp_date']), 'views_no' => $ad['views'], 'descript' => $ad['descript'], 'ad_type' => CLASSIFIEDS_getAdTypeString($ad['ad_type']), 'uinfo_address' => $uinfo['address'], 'uinfo_city' => $uinfo['city'], 'uinfo_state' => $uinfo['state'], 'uinfo_postcode' => $uinfo['postcode'], 'uinfo_tel' => $uinfo['tel'], 'uinfo_fax' => $uinfo['fax'], 'price' => $ad['price'], 'ad_id' => $ad_id, 'ad_url' => $ad['url'], 'username' => $_CONF_ADVT['disp_fullname'] == 1 ? COM_getDisplayName($ad['uid']) : DB_getItem($_TABLES['users'], 'username', "uid={$ad['uid']}"), 'fgcolor' => $ad['fgcolor'], 'bgcolor' => $ad['bgcolor'], 'cat_id' => $ad['cat_id']));
// Display a link to email the poster, or other message as needed
$emailfromuser = DB_getItem($_TABLES['userprefs'], 'emailfromuser', "uid={$ad['uid']}");
if ($_CONF['emailuserloginrequired'] == 1 && COM_isAnonUser() || $emailfromuser < 1) {
$detail->set_var('ad_uid', '');
} else {
$detail->set_var('ad_uid', $ad['uid']);
}
if ($my_access == 3) {
$detail->set_var('have_userlinks', 'true');
if ($admin || $_CONF_ADVT['usercanedit'] == 1) {
$detail->set_var('have_editlink', 'true');
} else {
$detail->set_var('have_editlink', '');
}
} else {
$detail->set_var('have_userlinks', '');
}
// Retrieve the photos and put into the template
$sql = "SELECT photo_id, filename\n FROM {$_TABLES['ad_photo']} \n WHERE ad_id='{$ad_id}'";
$photo = DB_query($sql);
$photo_detail = '';
$detail->set_var('have_photo', '');
// assume no photo available
if ($photo && DB_numRows($photo) >= 1) {
while ($prow = DB_fetchArray($photo)) {
$img_small = LGLIB_ImageUrl(CLASSIFIEDS_IMGPATH . '/' . $prow['filename'], $_CONF_ADVT['detail_img_width']);
$img_disp = CLASSIFIEDS_dispUrl($prow['filename']);
if (!empty($img_small)) {
$detail->set_block('detail', 'PhotoBlock', 'PBlock');
$detail->set_var(array('tn_width' => $_CONF_ADVT['detail_img_width'], 'small_url' => $img_small, 'disp_url' => $img_disp));
$detail->parse('PBlock', 'PhotoBlock', true);
$detail->set_var('have_photo', 'true');
}
}
}
if (DB_count($_TABLES['ad_ads'], 'owner_id', (int) $ad['owner_id']) > 1) {
$detail->set_var('byposter_url', CLASSIFIEDS_URL . '/index.php?' . "page=byposter&uid={$ad['owner_id']}");
}
// Show previous and next ads
if ($preAd_id != '') {
$detail->set_var('previous', '<a href="' . CLASSIFIEDS_makeURL('detail', $preAd_id) . "\"><<</a>");
}
if ($nextAd_id != '') {
$detail->set_var('next', '<a href="' . CLASSIFIEDS_makeURL('detail', $nextAd_id) . "\"> >></a>");
}
// Show the "hot results"
$hot_data = '';
if ($hotresult) {
$detail->set_block('detail', 'HotBlock', 'HBlock');
while ($hotrow = DB_fetchArray($hotresult)) {
$detail->set_var(array('hot_title' => $hotrow['subject'], 'hot_url' => CLASSIFIEDS_makeURL('detail', $hotrow['ad_id']), 'hot_cat' => displayCat($hotrow['cat_id'])));
/*$hot_data .= "<tr><td class=\"hottitle\"><a href=\"" .
CLASSIFIEDS_makeURL('detail', $hotrow['ad_id']) .
"\">{$hotrow['subject']}</a></small></td>\n";
$hot_data .= "<td class=\"hotcat\">( " . displayCat($hotrow['cat_id']) .
" )</td></tr>\n";*/
}
$detail->parse('HBlock', 'HotBlock', true);
}
$detail->set_var('whats_hot_row', $hot_data);
// Show the user comments
if (plugin_commentsupport_classifieds() && $ad['comments_enabled'] < 2) {
$detail->set_var('usercomments', CMT_userComments($ad_id, $ad['subject'], 'classifieds', '', '', 0, 1, false, false, $ad['comments_enabled']));
//$detail->set_var('usercomments', CMT_userComments($ad_id, $subject,
// 'classifieds'));
}
$detail->parse('output', 'detail');
$display = $detail->finish($detail->get_var('output'));
return $display;
}
$reply = '';
if (isset($_POST['mode'])) {
$sid = COM_sanitizeID(COM_applyFilter($_POST['story']));
$mode = COM_applyFilter($_POST['mode']);
if (isset($_POST['order'])) {
$order = COM_applyFilter($_POST['order']);
}
if (isset($_POST['query'])) {
$query = COM_applyFilter($_POST['query']);
}
if (isset($_POST['reply'])) {
$reply = COM_applyFilter($_POST['reply']);
}
} else {
COM_setArgNames(array('story', 'mode'));
$sid = COM_sanitizeID(COM_applyFilter(COM_getArgument('story')));
$mode = COM_applyFilter(COM_getArgument('mode'));
if (isset($_GET['order'])) {
$order = COM_applyFilter($_GET['order']);
}
if (isset($_GET['query'])) {
$query = COM_applyFilter($_GET['query']);
}
if (isset($_GET['reply'])) {
$reply = COM_applyFilter($_GET['reply']);
}
}
if (empty($sid)) {
COM_404();
}
if (strcasecmp($order, 'ASC') != 0 && strcasecmp($order, 'DESC') != 0) {
/**
* Loads the basic details of an article into the internal
* variables, cleaning them up nicely.
* @access Private
* @param $array Array of POST/GET data (by ref).
* @return Nothing.
*/
function _loadBasics(&$array)
{
/* For the really, really basic stuff, we can very easily load them
* based on an array that defines how to COM_applyFilter them.
*/
foreach ($this->_postFields as $key => $value) {
$vartype = $value[0];
$varname = $value[1];
// If we have a value
if (array_key_exists($key, $array)) {
// And it's alphanumeric or numeric, filter it and use it.
if ($vartype == STORY_AL_ALPHANUM || $vartype == STORY_AL_NUMERIC) {
$this->{$varname} = COM_applyFilter($array[$key], $vartype);
} elseif ($vartype == STORY_AL_ANYTHING) {
$this->{$varname} = $array[$key];
} elseif ($array[$key] === 'on' || $array[$key] === 1) {
// If it's a checkbox that is on
$this->{$varname} = 1;
} else {
// Otherwise, it must be a checkbox that is off:
$this->{$varname} = 0;
}
} elseif ($vartype == STORY_AL_NUMERIC || $vartype == STORY_AL_CHECKBOX) {
// If we don't have a value, and have a numeric or text box, default to 0
$this->{$varname} = 0;
}
}
// SID's are a special case:
$sid = COM_sanitizeID($array['sid']);
if (isset($array['old_sid'])) {
$oldsid = COM_sanitizeID($array['old_sid'], false);
} else {
$oldsid = '';
}
if (empty($sid)) {
$sid = $oldsid;
}
if (empty($sid)) {
$sid = COM_makeSid();
}
$this->_sid = $sid;
$this->_originalSid = $oldsid;
/* Need to deal with the postdate and expiry date stuff */
$publish_ampm = '';
if (isset($array['publish_ampm'])) {
$publish_ampm = COM_applyFilter($array['publish_ampm']);
}
$publish_hour = 0;
if (isset($array['publish_hour'])) {
$publish_hour = COM_applyFilter($array['publish_hour'], true);
}
$publish_minute = 0;
if (isset($array['publish_minute'])) {
$publish_minute = COM_applyFilter($array['publish_minute'], true);
}
$publish_second = 0;
if (isset($array['publish_second'])) {
$publish_second = COM_applyFilter($array['publish_second'], true);
}
if ($publish_ampm == 'pm') {
if ($publish_hour < 12) {
$publish_hour = $publish_hour + 12;
}
}
if ($publish_ampm == 'am' and $publish_hour == 12) {
$publish_hour = '00';
}
$publish_year = 0;
if (isset($array['publish_year'])) {
$publish_year = COM_applyFilter($array['publish_year'], true);
}
$publish_month = 0;
if (isset($array['publish_month'])) {
$publish_month = COM_applyFilter($array['publish_month'], true);
}
$publish_day = 0;
if (isset($array['publish_day'])) {
$publish_day = COM_applyFilter($array['publish_day'], true);
}
$this->_date = strtotime("{$publish_month}/{$publish_day}/{$publish_year} {$publish_hour}:{$publish_minute}:{$publish_second}");
$archiveflag = 0;
if (isset($array['archiveflag'])) {
$archiveflag = COM_applyFilter($array['archiveflag'], true);
}
/* Override status code if no archive flag is set: */
if ($archiveflag != 1) {
$this->_statuscode = 0;
}
if (array_key_exists('expire_ampm', $array)) {
$expire_ampm = COM_applyFilter($array['expire_ampm']);
$expire_hour = COM_applyFilter($array['expire_hour'], true);
$expire_minute = COM_applyFilter($array['expire_minute'], true);
$expire_second = COM_applyFilter($array['expire_second'], true);
$expire_year = COM_applyFilter($array['expire_year'], true);
$expire_month = COM_applyFilter($array['expire_month'], true);
$expire_day = COM_applyFilter($array['expire_day'], true);
if ($expire_ampm == 'pm') {
if ($expire_hour < 12) {
$expire_hour = $expire_hour + 12;
}
}
if ($expire_ampm == 'am' and $expire_hour == 12) {
$expire_hour = '00';
}
$expiredate = strtotime("{$expire_month}/{$expire_day}/{$expire_year} {$expire_hour}:{$expire_minute}:{$expire_second}");
} else {
$expiredate = time();
}
$this->_expire = $expiredate;
// comment expire time
if (isset($array['cmt_close_flag'])) {
$cmt_close_ampm = COM_applyFilter($array['cmt_close_ampm']);
$cmt_close_hour = COM_applyFilter($array['cmt_close_hour'], true);
$cmt_close_minute = COM_applyFilter($array['cmt_close_minute'], true);
$cmt_close_second = COM_applyFilter($array['cmt_close_second'], true);
$cmt_close_year = COM_applyFilter($array['cmt_close_year'], true);
$cmt_close_month = COM_applyFilter($array['cmt_close_month'], true);
$cmt_close_day = COM_applyFilter($array['cmt_close_day'], true);
if ($cmt_close_ampm == 'pm') {
if ($cmt_close_hour < 12) {
$cmt_close_hour = $cmt_close_hour + 12;
}
}
if ($cmt_close_ampm == 'am' and $cmt_close_hour == 12) {
$cmt_close_hour = '00';
}
$cmt_close_date = strtotime("{$cmt_close_month}/{$cmt_close_day}/{$cmt_close_year} {$cmt_close_hour}:{$cmt_close_minute}:{$cmt_close_second}");
$this->_comment_expire = $cmt_close_date;
} else {
$this->_comment_expire = 0;
}
/* Then grab the permissions */
// Convert array values to numeric permission values
if (is_array($array['perm_owner']) || is_array($array['perm_group']) || is_array($array['perm_members']) || is_array($array['perm_anon'])) {
list($this->_perm_owner, $this->_perm_group, $this->_perm_members, $this->_perm_anon) = SEC_getPermissionValues($array['perm_owner'], $array['perm_group'], $array['perm_members'], $array['perm_anon']);
} else {
$this->_perm_owner = $array['perm_owner'];
$this->_perm_group = $array['perm_group'];
$this->_perm_members = $array['perm_members'];
$this->_perm_anon = $array['perm_anon'];
}
}
$aid = 0;
if (isset($_REQUEST['pid'])) {
$pid = COM_sanitizeID(COM_applyFilter($_REQUEST['pid']));
if (isset($_GET['aid'])) {
$aid = -1;
// only for showing results instead of questions
} else {
if (isset($_POST['aid'])) {
$aid = COM_applyFilter($_POST['aid'], true);
}
}
} elseif (isset($_POST['id'])) {
// Refresh from comment tool bar
$pid = COM_sanitizeID(COM_applyFilter($_POST['id']));
} elseif (isset($_GET['id'])) {
$pid = COM_sanitizeID(COM_applyFilter($_GET['id']));
}
$order = '';
if (isset($_REQUEST['order'])) {
$order = COM_applyFilter($_REQUEST['order']);
}
$mode = '';
if (isset($_REQUEST['mode'])) {
$mode = COM_applyFilter($_REQUEST['mode']);
}
$msg = 0;
if (isset($_REQUEST['msg'])) {
$msg = COM_applyFilter($_REQUEST['msg'], true);
}
if (isset($pid)) {
$questions_sql = "SELECT question,qid FROM {$_TABLES['pollquestions']} " . "WHERE pid='" . DB_escapeString($pid) . "' ORDER BY qid";
// Print all tickets for an event, for all users
if ($_EV_CONF['enable_rsvp']) {
USES_evlist_class_ticket();
$eid = COM_sanitizeID($_GET['eid'], false);
$doc = evTicket::PrintTickets($eid);
echo $doc;
exit;
} else {
$content .= 'Function not available';
}
break;
case 'exporttickets':
// Print all tickets for an event, for all users
if ($_EV_CONF['enable_rsvp']) {
USES_evlist_class_ticket();
$eid = COM_sanitizeID($_GET['eid'], false);
$doc = evTicket::ExportTickets($eid);
header('Content-type: text/csv');
header('Content-Disposition: attachment; filename="event-' . $ev_id . '.csv');
echo $doc;
exit;
} else {
$content .= 'Function not available';
}
break;
default:
$view = $action;
break;
}
$page = $view;
// Default for menu creation
// to ensure compatibility with old plugins. the preferred
// edit (or create new) parameter format is now edit=x
echo COM_refresh($_CONF['site_admin_url'] . "/plugins/{$type}/index.php?mode=edit&edit=x");
exit;
}
} elseif (SEC_hasRights('story.edit')) {
$topic = '';
if (isset($_REQUEST['topic'])) {
$topic = '&topic=' . urlencode(COM_sanitizeID(COM_applyFilter($_REQUEST['topic'])));
}
echo COM_refresh($_CONF['site_admin_url'] . '/story.php?edit=x' . $topic);
exit;
}
$topic = '';
if (isset($_REQUEST['topic'])) {
$topic = COM_sanitizeID(COM_applyFilter($_REQUEST['topic']));
}
switch ($type) {
case 'story':
$pagetitle = $LANG12[6];
break;
default:
$pagetitle = '';
break;
}
$subForm = submissionform($type, $mode, $topic);
$display .= COM_siteHeader('menu', $pagetitle);
$display .= $subForm;
$display .= COM_siteFooter();
}
echo $display;
/**
* Handles a comment edit submission
*
* @copyright Jared Wenerd 2008
* @author Jared Wenerd <wenerd87 AT gmail DOT com>
* @return string HTML (possibly a refresh)
*/
function handleEditSubmit()
{
global $_CONF, $_TABLES, $_USER, $LANG03, $_PLUGINS;
$type = COM_applyFilter($_POST['type']);
$sid = COM_sanitizeID(COM_applyFilter($_POST['sid']));
$cid = COM_applyFilter($_POST['cid'], true);
$postmode = COM_applyFilter($_POST['postmode']);
if ($type != 'article') {
if (!in_array($type, $_PLUGINS)) {
$type = '';
}
}
$commentuid = DB_getItem($_TABLES['comments'], 'uid', "cid = " . (int) $cid);
if (COM_isAnonUser()) {
$uid = 1;
} else {
$uid = $_USER['uid'];
}
$comment = $_POST['comment_text'];
//check for bad input
if (empty($sid) || empty($_POST['title']) || empty($comment) || !is_numeric($cid) || $cid < 1) {
COM_errorLog("handleEditSubmit(): {{$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing values.');
return COM_refresh($_CONF['site_url'] . '/index.php');
} elseif ($uid != $commentuid && !SEC_inGroup('Root')) {
//check permissions
COM_errorLog("handleEditSubmit(): {{$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment without proper permission.');
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$comment = CMT_prepareText($comment, $postmode, true, $cid);
$title = COM_checkWords(strip_tags($_POST['title']));
if (!empty($title) && !empty($comment)) {
COM_updateSpeedlimit('comment');
$title = DB_escapeString($title);
$comment = DB_escapeString($comment);
// save the comment into the comment table
DB_query("UPDATE {$_TABLES['comments']} SET comment = '{$comment}', title = '{$title}'" . " WHERE cid=" . (int) $cid . " AND sid='" . DB_escapeString($sid) . "'");
if (DB_error()) {
//saving to non-existent comment or comment in wrong article
COM_errorLog("handleEditSubmit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit to a non-existent comment or the cid/sid did not match');
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$safecid = (int) $cid;
$safeuid = (int) $uid;
DB_save($_TABLES['commentedits'], 'cid,uid,time', "{$safecid},{$safeuid},NOW()");
} else {
COM_errorLog("handleEditSubmit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to submit a comment with invalid $title and/or $comment.');
return COM_refresh($_CONF['site_url'] . '/index.php');
}
PLG_commentEditSave($type, $cid, $sid);
$urlArray = PLG_getCommentUrlId($type);
if (is_array($urlArray)) {
$url = $urlArray[0] . '?' . $urlArray[1] . '=' . $sid;
echo COM_refresh($url);
exit;
}
return COM_refresh($_CONF['site_url'] . '/index.php');
}
/**
* Save topic to the database
*
* @param string $tid Topic ID
* @param string $topic Name of topic (what the user sees)
* @param string $imageurl (partial) URL to topic image
* @param int $sortnum number for sort order in "Topics" block
* @param int $limitnews number of stories per page for this topic
* @param int $owner_id ID of owner
* @param int $group_id ID of group topic belongs to
* @param int $perm_owner Permissions the owner has
* @param int $perm_group Permissions the group has
* @param int $perm_members Permissions members have
* @param int $perm_anon Permissions anonymous users have
* @param string $is_default 'on' if this is the default topic
* @param string $archive_flag 'on' if this is the archive topic
* @return string HTML redirect or error message
*/
function TOPIC_save($T)
{
global $_CONF, $_TABLES, $LANG27, $MESSAGE;
$retval = '';
$tid = isset($T['tid']) ? $T['tid'] : '';
$topic = $T['topic'];
$imageurl = $T['imageurl'];
$sortnum = $T['sortnum'];
$sort_by = $T['sort_by'];
$limitnews = $T['limitnews'];
$sort_dir = $T['sort_dir'];
$owner_id = $T['owner_id'];
$group_id = $T['group_id'];
$perm_owner = $T['perm_owner'];
$perm_group = $T['perm_group'];
$perm_members = $T['perm_members'];
$perm_anon = $T['perm_anon'];
$is_default = $T['is_default'];
$archive_flag = $T['archive_flag'];
// error checks...
if (empty($tid)) {
$msg = $LANG27[7];
$retval .= COM_siteHeader();
$retval .= TOPIC_edit('', $T, $msg);
$retval .= COM_siteFooter();
return $retval;
}
if (empty($topic)) {
$msg = $LANG27[7];
$retval .= COM_siteHeader();
$retval .= TOPIC_edit('', $T, $msg);
$retval .= COM_siteFooter();
return $retval;
}
if (strstr($tid, ' ')) {
$msg = $LANG27[42];
$retval .= COM_siteHeader();
$retval .= TOPIC_edit('', $T, $msg);
$retval .= COM_siteFooter();
return $retval;
}
if ($sortnum != '') {
$tidSortNumber = DB_getItem($_TABLES['topics'], 'sortnum', 'tid="' . DB_escapeString($sortnum) . '"');
$newSortNum = $tidSortNumber + 1;
} else {
$newSortNum = 0;
}
$T['sortnum'] = $newSortNum;
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$tid = COM_sanitizeID($tid);
$access = 0;
if (DB_count($_TABLES['topics'], 'tid', $tid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'");
$A = DB_fetchArray($result);
if (SEC_inGroup('Topic Admin')) {
$access = 3;
} else {
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
}
} else {
if (SEC_inGroup('Topic Admin')) {
$access = 3;
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$retval .= COM_siteHeader('menu', $MESSAGE[30]);
$retval .= COM_showMessageText($MESSAGE[32], $MESSAGE[30], true);
$retval .= COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}.");
} elseif (!empty($tid) && !empty($topic)) {
if ($imageurl == '/images/topics/') {
$imageurl = '';
}
$topic = DB_escapeString(strip_tags($topic));
if ($is_default == 'on') {
$is_default = 1;
DB_query("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1");
} else {
$is_default = 0;
}
$archive_flag = $archive_flag == 'on' ? 1 : 0;
$archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1");
if ($archive_flag) {
// $tid is the archive topic
// - if it wasn't already, mark all its stories "archived" now
if ($archivetid != $tid) {
DB_query("UPDATE {$_TABLES['stories']} SET featured = 0, frontpage = 0, statuscode = " . STORY_ARCHIVE_ON_EXPIRE . " WHERE tid = '{$tid}'");
DB_query("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1");
}
} else {
// $tid is not the archive topic
// - if it was until now, reset the "archived" status of its stories
if ($archivetid == $tid) {
DB_query("UPDATE {$_TABLES['stories']} SET statuscode = 0 WHERE tid = '{$tid}'");
DB_query("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1");
}
}
if ($sortnum != '') {
$tidSortNumber = DB_getItem($_TABLES['topics'], 'sortnum', 'tid="' . DB_escapeString($sortnum) . '"');
$newSortNum = $tidSortNumber + 1;
} else {
$newSortNum = 0;
}
DB_save($_TABLES['topics'], 'tid, topic, imageurl, sortnum, sort_by, sort_dir, limitnews, is_default, archive_flag, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon', "'{$tid}', '{$topic}', '{$imageurl}','{$newSortNum}',{$sort_by},'{$sort_dir}','{$limitnews}',{$is_default},'{$archive_flag}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
TOPIC_reorderTopics();
// update feed(s) and Older Stories block
COM_rdfUpToDateCheck('article', $tid);
COM_olderStuff();
CACHE_remove_instance('stmenu');
COM_setMessage(13);
$retval = COM_refresh($_CONF['site_admin_url'] . '/topic.php');
} else {
$retval .= COM_siteHeader('menu', $LANG27[1]);
$retval .= COM_errorLog($LANG27[7], 2);
$retval .= COM_siteFooter();
}
return $retval;
}
/**
* Sets the "enabled" field to the specified value.
*
* @param integer $id ID number of element to modify
* @param integer $value New value to set
* @return New value, or old value upon failure
*/
public function toggleEnabled($oldvalue, $ev_id = '')
{
$oldvalue = $oldvalue == 0 ? 0 : 1;
if ($ev_id == '') {
if (is_object($this)) {
$ev_id = $this->id;
} else {
return $oldvalue;
}
} else {
$ev_id = COM_sanitizeID($ev_id, false);
}
return evEvent::_toggle($oldvalue, 'status', $ev_id);
}
}
// Retrieve and sanitize input variables. Typically _GET, but may be _POSTed.
COM_setArgNames(array('mode', 'id', 'page', 'query'));
// Get any message ID
if (isset($_REQUEST['msg'])) {
$msg = COM_applyFilter($_REQUEST['msg']);
} else {
$msg = '';
}
if (isset($_REQUEST['mode'])) {
$mode = COM_applyFilter($_REQUEST['mode']);
} else {
$mode = COM_getArgument('mode');
}
if (isset($_REQUEST['id'])) {
$id = COM_sanitizeID($_REQUEST['id']);
} else {
$id = COM_applyFilter(COM_getArgument('id'));
}
$page = COM_getArgument('page');
// Assume that the 'mode' is also (or only) the desired page to display
//if (empty($mode)) $id='';
if (empty($page)) {
$page = $mode;
}
// Set up the basic menu for all users
$menu_opt = '';
USES_class_navbar();
$menu = new navbar();
$menu->add_menuitem($LANG_ADVT['mnu_home'], CLASSIFIEDS_makeURL('home'));
$menu->add_menuitem($LANG_ADVT['mnu_recent'], CLASSIFIEDS_makeURL('recent'));
your database or validates against hard-coded prices.
The cart data has already been sanitized and is available thru the
$cart->get_contents() function. For example:
foreach ($cart->get_contents() as $item)
{
$item_id = $item['id'];
$item_name = $item['name'];
$item_price = $item['price'];
$item_qty = $item['qty'];
}
*/
///////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////
$valid_prices = true;
foreach ($cart->get_contents() as $item) {
$realid = COM_sanitizeID(explode("|", $item['id']));
$item_id = $realid[0];
$item_price = $item['price'];
$A = DB_fetchArray(DB_query("SELECT * FROM {$_TABLES['paypal_products']} WHERE id = '{$item_id}' LIMIT 1"));
$price = $A['price'];
if ($A['discount_a'] != '' && $A['discount_a'] != 0) {
$price = number_format($A['price'] - $A['discount_a'], 2, '.', '');
}
if ($A['discount_p'] != '' && $A['discount_p'] != 0) {
$price = number_format($A['price'] - $A['price'] * ($A['discount_p'] / 100), 2, '.', '');
}
if ($item_price != $price || !SEC_hasAccess2($A) || $A['active'] != '1') {
$valid_prices = false;
}
}
///////////////////////////////////////////////////////////////////////
/**
* Create a new ID, preferrably from a provided 'Slug:' header
*
* For more information on the 'Slug:' header, see RFC 5023, section 9.7
*
* @param string $slug Content of the 'Slug:' header
* @param int $max_length max. length of the created ID
* @return string new ID
* @link http://tools.ietf.org/html/rfc5023#section-9.7
*
*/
function WS_makeId($slug = '', $max_length = 40)
{
$sid = COM_makeSid();
if (strpos($slug, '%') !== false) {
// we'll end up removing most of the %-encoded characters anyway ...
$slug = '';
}
$slug = trim($slug);
if (!empty($slug)) {
// make it more ID-like
$slug = str_replace(' ', '-', $slug);
$slug = strtolower($slug);
$id = COM_sanitizeID($slug . '-' . $sid);
if (strlen($id) > $max_length) {
// 'slug-sid' would make for nicer IDs but if we have to shorten
// them, they're probably not unique any more. So swap order.
$id = $sid . '-' . $slug;
}
} else {
$id = $sid;
}
return substr(COM_sanitizeID($id), 0, $max_length);
}
}
break;
case 'emailstory':
$sid = COM_sanitizeID(COM_applyFilter($_GET['sid']));
if (empty($sid)) {
$display = COM_refresh($_CONF['site_url'] . '/index.php');
} else {
if ($_CONF['hideemailicon'] == 1) {
$display = COM_refresh(COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid));
} else {
$display .= COM_siteHeader('menu', $LANG08[17]) . mailstoryform($sid) . COM_siteFooter();
}
}
break;
case 'sendstory':
$sid = COM_sanitizeID(COM_applyFilter($_POST['sid']));
if (empty($sid)) {
$display = COM_refresh($_CONF['site_url'] . '/index.php');
} else {
$html = 0;
if ($postmode == 'html') {
$html = 1;
}
$shortmessage = $_POST['shortmsg'];
if (empty($_POST['toemail']) || empty($_POST['fromemail']) || !COM_isEmail($_POST['toemail']) || !COM_isEmail($_POST['fromemail'])) {
$display .= COM_siteHeader('menu', $LANG08[17]) . mailstoryform($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), $shortmessage, 52) . COM_siteFooter();
} else {
if (empty($_POST['to']) || empty($_POST['from']) || empty($shortmessage)) {
$display .= COM_siteHeader('menu', $LANG08[17]) . mailstoryform($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), $shortmessage) . COM_siteFooter();
} else {
$msg = PLG_itemPreSave('emailstory', $shortmessage);
/**
* Submit a new or updated story. The story is updated if it exists, or a new one is created
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @return int Response code as defined in lib-plugins.php
*/
function service_submit_story($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS;
if (!SEC_hasRights('story.edit')) {
$output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
return PLG_RET_AUTH_FAILED;
}
require_once $_CONF['path_system'] . 'lib-comment.php';
if (!$_CONF['disable_webservices']) {
require_once $_CONF['path_system'] . 'lib-webservices.php';
}
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit) {
/* This is EDIT mode, so there should be an old sid */
if (empty($args['old_sid'])) {
if (!empty($args['id'])) {
$args['old_sid'] = $args['id'];
} else {
return PLG_RET_ERROR;
}
if (empty($args['sid'])) {
$args['sid'] = $args['old_sid'];
}
}
} else {
if (empty($args['sid']) && !empty($args['id'])) {
$args['sid'] = $args['id'];
}
}
// Store the first CATEGORY as the Topic ID
if (!empty($args['category'][0])) {
$args['tid'] = $args['category'][0];
}
$content = '';
if (!empty($args['content'])) {
$content = $args['content'];
} else {
if (!empty($args['summary'])) {
$content = $args['summary'];
}
}
if (!empty($content)) {
$parts = explode('[page_break]', $content);
if (count($parts) == 1) {
$args['introtext'] = $content;
$args['bodytext'] = '';
} else {
$args['introtext'] = array_shift($parts);
$args['bodytext'] = implode('[page_break]', $parts);
}
}
// Apply filters to the parameters passed by the webservice
if ($args['gl_svc']) {
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (isset($args['editopt'])) {
$args['editopt'] = COM_applyBasicFilter($args['editopt']);
}
}
// - START: Set all the defaults -
/*
if (empty($args['tid'])) {
// see if we have a default topic
$topic = DB_getItem($_TABLES['topics'], 'tid',
'is_default = 1' . COM_getPermSQL('AND'));
if (!empty($topic)) {
$args['tid'] = $topic;
} else {
// otherwise, just use the first one
$o = array();
$s = array();
if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) {
$args['tid'] = $o[0];
} else {
$svc_msg['error_desc'] = 'No topics available';
return PLG_RET_ERROR;
}
}
} */
/* This is a solution for above but the above has issues
if (!TOPIC_checkTopicSelectionControl()) {
$svc_msg['error_desc'] = 'No topics selected or available';
return PLG_RET_ERROR;
}
*/
if (empty($args['owner_id'])) {
$args['owner_id'] = $_USER['uid'];
}
if (empty($args['group_id'])) {
$args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']);
}
if (empty($args['postmode'])) {
$args['postmode'] = $_CONF['postmode'];
if (!empty($args['content_type'])) {
if ($args['content_type'] == 'text') {
$args['postmode'] = 'text';
} else {
if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') {
$args['postmode'] = 'html';
}
}
}
}
if ($args['gl_svc']) {
// Permissions
if (!isset($args['perm_owner'])) {
$args['perm_owner'] = $_CONF['default_permissions_story'][0];
} else {
$args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
}
if (!isset($args['perm_group'])) {
$args['perm_group'] = $_CONF['default_permissions_story'][1];
} else {
$args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
}
if (!isset($args['perm_members'])) {
$args['perm_members'] = $_CONF['default_permissions_story'][2];
} else {
$args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
}
if (!isset($args['perm_anon'])) {
$args['perm_anon'] = $_CONF['default_permissions_story'][3];
} else {
$args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
}
if (!isset($args['draft_flag'])) {
$args['draft_flag'] = $_CONF['draft_flag'];
}
if (empty($args['frontpage'])) {
$args['frontpage'] = $_CONF['frontpage'];
}
if (empty($args['show_topic_icon'])) {
$args['show_topic_icon'] = $_CONF['show_topic_icon'];
}
}
// - END: Set all the defaults -
// TEST CODE
/* foreach ($args as $k => $v) {
if (!is_array($v)) {
echo "$k => $v\r\n";
} else {
echo "$k => $v\r\n";
foreach ($v as $k1 => $v1) {
echo " $k1 => $v1\r\n";
}
}
}*/
// exit ();
// END TEST CODE
if (!isset($args['sid'])) {
$args['sid'] = '';
}
$args['sid'] = COM_sanitizeID($args['sid']);
if (!$gl_edit) {
if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) {
$slug = '';
if (isset($args['slug'])) {
$slug = $args['slug'];
}
if (function_exists('WS_makeId')) {
$args['sid'] = WS_makeId($slug, STORY_MAX_ID_LENGTH);
} else {
$args['sid'] = COM_makeSid();
}
}
}
$story = new Story();
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit && !empty($args['gl_etag'])) {
// First load the original story to check if it has been modified
$result = $story->loadFromDatabase($args['sid']);
if ($result == STORY_LOADED_OK) {
if ($args['gl_etag'] != date('c', $story->_date)) {
$svc_msg['error_desc'] = 'A more recent version of the story is available';
return PLG_RET_PRECONDITION_FAILED;
}
} else {
$svc_msg['error_desc'] = 'Error loading story';
return PLG_RET_ERROR;
}
}
// This function is also doing the security checks
$result = $story->loadFromArgsArray($args);
$sid = $story->getSid();
// Check if topics selected if not prompt required field
if ($result == STORY_LOADED_OK) {
if (!TOPIC_checkTopicSelectionControl()) {
$result = STORY_EMPTY_REQUIRED_FIELDS;
}
}
switch ($result) {
case STORY_DUPLICATE_SID:
$output .= COM_errorLog($LANG24[24], 2);
if (!$args['gl_svc']) {
$output .= storyeditor($sid);
}
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[5]));
return PLG_RET_ERROR;
break;
case STORY_EXISTING_NO_EDIT_PERMISSION:
$output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
return PLG_RET_PERMISSION_DENIED;
break;
case STORY_NO_ACCESS_PARAMS:
$output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
return PLG_RET_PERMISSION_DENIED;
break;
case STORY_EMPTY_REQUIRED_FIELDS:
$output .= COM_errorLog($LANG24[31], 2);
if (!$args['gl_svc']) {
$output .= storyeditor($sid);
}
$output = COM_createHTMLDocument($output);
return PLG_RET_ERROR;
break;
default:
break;
}
/* Image upload is not supported by the web-service at present */
if (!$args['gl_svc']) {
// Delete any images if needed
if (array_key_exists('delete', $args)) {
$delete = count($args['delete']);
for ($i = 1; $i <= $delete; $i++) {
$ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete']));
STORY_deleteImage($ai_filename);
DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete']));
next($args['delete']);
}
}
// OK, let's upload any pictures with the article
if (DB_count($_TABLES['article_images'], 'ai_sid', $sid) > 0) {
$index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '{$sid}'") + 1;
} else {
$index_start = 1;
}
if (count($_FILES) > 0 && $_CONF['maximagesperarticle'] > 0) {
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new Upload();
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
$upload->setMaxFileUploads($_CONF['maximagesperarticle']);
if (!empty($_CONF['image_lib'])) {
if ($_CONF['image_lib'] == 'imagemagick') {
// Using imagemagick
$upload->setMogrifyPath($_CONF['path_to_mogrify']);
} elseif ($_CONF['image_lib'] == 'netpbm') {
// using netPBM
$upload->setNetPBM($_CONF['path_to_netpbm']);
} elseif ($_CONF['image_lib'] == 'gdlib') {
// using the GD library
$upload->setGDLib();
}
$upload->setAutomaticResize(true);
if ($_CONF['keep_unscaled_image'] == 1) {
$upload->keepOriginalImage(true);
} else {
$upload->keepOriginalImage(false);
}
if (isset($_CONF['jpeg_quality'])) {
$upload->setJpegQuality($_CONF['jpeg_quality']);
}
}
$upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
if (!$upload->setPath($_CONF['path_images'] . 'articles')) {
$output = COM_showMessageText($upload->printErrors(false), $LANG24[30]);
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30]));
echo $output;
exit;
}
// NOTE: if $_CONF['path_to_mogrify'] is set, the call below will
// force any images bigger than the passed dimensions to be resized.
// If mogrify is not set, any images larger than these dimensions
// will get validation errors
$upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
$upload->setMaxFileSize($_CONF['max_image_size']);
// size in bytes, 1048576 = 1MB
// Set file permissions on file after it gets uploaded (number is in octal)
$upload->setPerms('0644');
$filenames = array();
$end_index = $index_start + $upload->numFiles() - 1;
for ($z = $index_start; $z <= $end_index; $z++) {
$curfile = current($_FILES);
if (!empty($curfile['name'])) {
$pos = strrpos($curfile['name'], '.') + 1;
$fextension = substr($curfile['name'], $pos);
$filenames[] = $sid . '_' . $z . '.' . $fextension;
}
next($_FILES);
}
$upload->setFileNames($filenames);
reset($_FILES);
$upload->uploadFiles();
if ($upload->areErrors()) {
$retval = COM_showMessageText($upload->printErrors(false), $LANG24[30]);
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30]));
echo $retval;
exit;
}
reset($filenames);
for ($z = $index_start; $z <= $end_index; $z++) {
DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('{$sid}', {$z}, '" . current($filenames) . "')");
next($filenames);
}
}
if ($_CONF['maximagesperarticle'] > 0) {
$errors = $story->checkAttachedImages();
if (count($errors) > 0) {
$output .= COM_startBlock($LANG24[54], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= $LANG24[55] . LB . '<ul>' . LB;
foreach ($errors as $err) {
$output .= '<li>' . $err . '</li>' . LB;
}
$output .= '</ul>' . LB;
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$output .= storyeditor($sid);
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[54]));
echo $output;
exit;
}
}
}
$result = $story->saveToDatabase();
if ($result == STORY_SAVED) {
// see if any plugins want to act on that story
if (!empty($args['old_sid']) && $args['old_sid'] != $sid) {
PLG_itemSaved($sid, 'article', $args['old_sid']);
} else {
PLG_itemSaved($sid, 'article');
}
// update feed(s)
COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid);
COM_rdfUpToDateCheck('comment');
STORY_updateLastArticlePublished();
CMT_updateCommentcodes();
if ($story->type == 'submission') {
$output = COM_refresh($_CONF['site_admin_url'] . '/moderation.php?msg=9');
} else {
$output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9);
}
/* @TODO Set the object id here */
$svc_msg['id'] = $sid;
return PLG_RET_OK;
}
}
if (!in_array('paypal', $_PLUGINS)) {
COM_404();
exit;
}
/* Ensure sufficient privs to read this page */
paypal_access_check();
// Import plugin-specific functions
USES_paypal_functions();
// Create a global shopping cart for our use. This allows the cart to be
// manipulated in an action and then displayed in a view, without necessarily
// having to revisit the database or create a new cart.
USES_paypal_class_cart();
$ppGCart = new ppCart();
COM_setArgNames(array('id'));
if (isset($_GET['id'])) {
$id = COM_sanitizeID($_GET['id']);
} else {
$id = COM_applyFilter(COM_getArgument('id'));
}
$display = PAYPAL_siteHeader();
$T = new Template(PAYPAL_PI_PATH . '/templates');
$T->set_file('title', 'paypal_title.thtml');
$T->set_var('title', $LANG_PP['main_title']);
$display .= $T->parse('', 'title');
if (!empty($msg)) {
//msg block
$display .= COM_startBlock('', '', 'blockheader-message.thtml');
$display .= $msg;
$display .= COM_endBlock('blockfooter-message.thtml');
}
$display .= PAYPAL_userMenu($LANG_PP['product_list']);
/**
* Saves a poll
*
* Saves a poll topic and potential answers to the database
*
* @param string $pid Poll topic ID
* @param string $old_pid Previous poll topic ID
* @param array $Q Array of poll questions
* @param string $mainpage Checkbox: poll appears on homepage
* @param string $topic The text for the topic
* @param string $meta_description
* @param string $meta_keywords
* @param int $statuscode (unused)
* @param string $open Checkbox: poll open for voting
* @param string $hideresults Checkbox: hide results until closed
* @param int $commentcode Indicates if users can comment on poll
* @param array $A Array of possible answers
* @param array $V Array of vote per each answer
* @param array $R Array of remark per each answer
* @param int $owner_id ID of poll owner
* @param int $group_id ID of group poll belongs to
* @param int $perm_owner Permissions the owner has on poll
* @param int $perm_grup Permissions the group has on poll
* @param int $perm_members Permissions logged in members have on poll
* @param int $perm_anon Permissions anonymous users have on poll
* @return string HTML redirect or error message
*
*/
function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $meta_keywords, $statuscode, $open, $hideresults, $commentcode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$topic = COM_stripslashes($topic);
$meta_description = strip_tags(COM_stripslashes($meta_description));
$meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
$pid = COM_sanitizeID($pid);
$old_pid = COM_sanitizeID($old_pid);
if (empty($pid)) {
if (empty($old_pid)) {
$pid = COM_makeSid();
} else {
$pid = $old_pid;
}
}
// check if any question was entered
if (empty($topic) or count($Q) == 0 or strlen($Q[0]) == 0 or strlen($A[0][0]) == 0) {
$retval .= COM_siteHeader('menu', $LANG25[5]);
$retval .= COM_startBlock($LANG21[32], '', COM_getBlockTemplate('_msg_block', 'header'));
$retval .= $LANG25[2];
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$retval .= COM_siteFooter();
return $retval;
}
if (!SEC_checkToken()) {
COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks.");
return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php');
}
// check for poll id change
if (!empty($old_pid) && $pid != $old_pid) {
// check if new pid is already in use
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
// TBD: abort, display editor with all content intact again
$pid = $old_pid;
// for now ...
}
}
// start processing the poll topic
if ($_POLL_VERBOSE) {
COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
}
$access = 0;
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
$P = DB_fetchArray($result);
$access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}.");
COM_output($display);
exit;
}
if (empty($voters)) {
$voters = 0;
}
if ($_POLL_VERBOSE) {
COM_errorLog('owner permissions: ' . $perm_owner, 1);
COM_errorLog('group permissions: ' . $perm_group, 1);
COM_errorLog('member permissions: ' . $perm_members, 1);
COM_errorLog('anonymous permissions: ' . $perm_anon, 1);
}
// we delete everything and re-create it with the input from the form
$del_pid = $pid;
if (!empty($old_pid) && $pid != $old_pid) {
$del_pid = $old_pid;
// delete by old pid, create using new pid below
}
DB_delete($_TABLES['polltopics'], 'pid', $del_pid);
DB_delete($_TABLES['pollanswers'], 'pid', $del_pid);
DB_delete($_TABLES['pollquestions'], 'pid', $del_pid);
$topic = addslashes($topic);
$meta_description = addslashes($meta_description);
$meta_keywords = addslashes($meta_keywords);
$k = 0;
// set up a counter to make sure we do assign a straight line of question id's
$v = 0;
// re-count votes sine they might have been changed
// first dimension of array are the questions
$num_questions = count($Q);
for ($i = 0; $i < $num_questions; $i++) {
$Q[$i] = COM_stripslashes($Q[$i]);
if (strlen($Q[$i]) > 0) {
// only insert questions that exist
$Q[$i] = addslashes($Q[$i]);
DB_save($_TABLES['pollquestions'], 'qid, pid, question', "'{$k}', '{$pid}', '{$Q[$i]}'");
// within the questions, we have another dimensions with answers,
// votes and remarks
$num_answers = count($A[$i]);
for ($j = 0; $j < $num_answers; $j++) {
$A[$i][$j] = COM_stripslashes($A[$i][$j]);
if (strlen($A[$i][$j]) > 0) {
// only insert answers etc that exist
if (!is_numeric($V[$i][$j])) {
$V[$i][$j] = "0";
}
$A[$i][$j] = addslashes($A[$i][$j]);
$R[$i][$j] = addslashes($R[$i][$j]);
$sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');";
DB_query($sql);
$v = $v + $V[$i][$j];
}
}
$k++;
}
}
// save topics after the questions so we can include question count into table
$sql = "'{$pid}','{$topic}','{$meta_description}','{$meta_keywords}',{$v}, {$k}, '" . date('Y-m-d H:i:s');
if ($mainpage == 'on') {
$sql .= "',1";
} else {
$sql .= "',0";
}
if ($open == 'on') {
$sql .= ",1";
} else {
$sql .= ",0";
}
if ($hideresults == 'on') {
$sql .= ",1";
} else {
$sql .= ",0";
}
$sql .= ",'{$statuscode}','{$commentcode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}";
// Save poll topic
DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, date, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon", $sql);
if (empty($old_pid) || $old_pid == $pid) {
PLG_itemSaved($pid, 'polls');
} else {
DB_change($_TABLES['comments'], 'sid', addslashes($pid), array('sid', 'type'), array(addslashes($old_pid), 'polls'));
PLG_itemSaved($pid, 'polls', $old_pid);
}
if ($_POLL_VERBOSE) {
COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
}
return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19);
return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=19');
}
function MG_sendPostCard()
{
global $MG_albums, $_MG_CONF, $_CONF, $_TABLES, $_USER, $LANG_MG00, $LANG_MG02, $LANG_MG03, $LANG_ACCESS, $_POST;
global $LANG_DIRECTION, $LANG_CHARSET;
$mid = COM_sanitizeID(COM_applyFilter($_POST['mid'], true));
$toname = COM_applyFilter($_POST['toname']);
$toemail = COM_applyFilter($_POST['toemail']);
$fromname = COM_applyFilter($_POST['fromname']);
$fromemail = COM_applyFilter($_POST['fromemail']);
$subject = strip_tags(COM_checkWords($_POST['subject']));
$message = htmlspecialchars(strip_tags(COM_checkWords($_POST['message'])));
$ccself = isset($_POST['ccself']) ? 1 : 0;
$errCount = 0;
$msg = '';
if (!COM_isEmail($toemail)) {
$errCount++;
}
if (!COM_isEmail($fromemail)) {
$errCount++;
}
if (empty($subject)) {
$errCount++;
}
if (empty($message)) {
$errCount++;
}
$captchaString = isset($_POST['captcha']) ? $_POST['captcha'] : '';
$msg = PLG_itemPreSave('mediagallery', $captchaString);
if ($msg != '') {
$errCount++;
}
if ($errCount > 0) {
return MG_editPostCard('edit', $mid, $msg);
}
$retval = '';
$aid = DB_getItem($_TABLES['mg_media_albums'], 'album_id', 'media_id="' . DB_escapeString($mid) . '"');
if ($MG_albums[$aid]->access == 0 || $MG_albums[$aid]->enable_postcard == 0 || COM_isAnonUser() && $MG_albums[$aid]->enable_postcard != 2) {
$retval = MG_siteHeader();
$retval .= COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true);
$retval .= MG_siteFooter();
echo $retval;
exit;
}
$sql = "SELECT * FROM {$_TABLES['mg_media_albums']} as ma LEFT JOIN " . $_TABLES['mg_media'] . " as m " . " ON ma.media_id=m.media_id WHERE m.media_id='" . DB_escapeString($mid) . "'";
$result = DB_query($sql);
$nRows = DB_numRows($result);
if ($nRows < 1) {
$retval = MG_siteHeader();
$retval .= COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true);
$retval .= MG_siteFooter();
echo $retval;
exit;
}
$M = DB_fetchArray($result);
// trim the database
$purgeDate = time() - $_MG_CONF['postcard_retention'] * 86400;
DB_query("DELETE FROM {$_TABLES['mg_postcard']} WHERE pc_time < " . $purgeDate);
// save this one in the database
$newsubject = DB_escapeString($subject);
$newmessage = DB_escapeString($message);
$pcId = COM_makesid();
$pc_time = time();
if (COM_isAnonUser()) {
$uid = 1;
} else {
$uid = (int) $_USER['uid'];
}
$sql = "INSERT INTO {$_TABLES['mg_postcard']} (pc_id,mid,to_name,to_email,from_name,from_email,subject,message,pc_time,uid) VALUES ('{$pcId}','" . DB_escapeString($mid) . "','" . DB_escapeString($toname) . "','" . DB_escapeString($toemail) . "','" . DB_escapeString($fromname) . "','" . DB_escapeString($fromemail) . "','{$newsubject}','{$newmessage}',{$pc_time},{$uid})";
$result = DB_query($sql);
if (DB_error()) {
COM_errorLog("Media Gallery: Error saving postcard");
}
COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'mgpostcard');
$last = COM_checkSpeedlimit('mgpostcard');
if ($last > 0) {
$msg = sprintf($LANG_MG02['postcard_speedlimit'], $last);
return MG_errorHandler($msg);
}
$alternate_link = $_MG_CONF['site_url'] . '/getcard.php?id=' . $pcId;
// build the template...
$T = new Template(MG_getTemplatePath($aid));
$T->set_file('postcard', 'postcard.thtml');
$media_size = @getimagesize($_MG_CONF['path_mediaobjects'] . 'tn/' . $M['media_filename'][0] . '/' . $M['media_filename'] . '.jpg');
if (empty($LANG_DIRECTION)) {
// default to left-to-right
$direction = 'ltr';
} else {
$direction = $LANG_DIRECTION;
}
if (empty($LANG_CHARSET)) {
$charset = $_CONF['default_charset'];
if (empty($charset)) {
$charset = 'iso-8859-1';
}
} else {
$charset = $LANG_CHARSET;
}
$T->set_var(array('s_form_action' => $_MG_CONF['site_url'] . '/postcard.php', 'direction' => $direction, 'charset' => $charset, 'mid' => $mid, 'media_title' => $M['media_title'], 'alt_media_title' => htmlspecialchars(strip_tags($M['media_title'])), 'media_description' => isset($M['media_description']) ? $M['media_description'] : '', 'media_url' => $_MG_CONF['site_url'] . '/media.php?s=' . $mid, 'media_image' => $_MG_CONF['mediaobjects_url'] . '/disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . '.jpg', 'site_url' => $_MG_CONF['site_url'] . '/', 'postcard_subject' => $subject, 'postcard_message' => nl2br($message), 'from_email' => $fromemail, 'site_name' => $_CONF['site_name'], 'site_slogan' => $_CONF['site_slogan'], 'to_name' => $toname, 'from_name' => $fromname, 'pc_id' => $pcId, 'lang_to_name' => $LANG_MG03['to_name'], 'lang_to_email' => $LANG_MG03['to_email'], 'lang_from_name' => $LANG_MG03['from_name'], 'lang_from_email' => $LANG_MG03['from_email'], 'lang_subject' => $LANG_MG03['subject'], 'lang_send' => $LANG_MG03['send'], 'lang_cancel' => $LANG_MG03['cancel'], 'lang_preview' => $LANG_MG03['preview'], 'lang_unable_view' => $LANG_MG03['unable_to_view_postcard'], 'lang_postcard_from' => $LANG_MG03['postcard_from'], 'lang_to' => $LANG_MG03['to'], 'lang_from' => $LANG_MG03['from'], 'lang_visit' => $LANG_MG03['visit']));
$T->parse('output', 'postcard');
$retval .= $T->finish($T->get_var('output'));
$msgData['subject'] = htmlspecialchars($subject);
$msgData['htmlmessage'] = $retval;
$msgData['textmessage'] = sprintf($LANG_MG03['text_body_email'], $fromname, $alternate_link);
$msgData['from']['email'] = $fromemail;
$msgData['from']['name'] = $fromname;
$msgData['to'][] = array('email' => $toemail, 'name' => $toname);
if ($ccself) {
$msgData['to'][] = array('email' => $fromemail, 'name' => $fromname);
}
foreach ($_MG_CONF['validExtensions'] as $tnext) {
if (file_exists($_MG_CONF['path_mediaobjects'] . 'disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . $tnext)) {
$msgData['embeddedImage'][] = array('file' => $_MG_CONF['path_mediaobjects'] . 'disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . $tnext, 'name' => "pc-image", 'filename' => $M['media_original_filename'], 'encoding' => 'base64', 'mime' => $M['mime_type']);
}
}
$msgData['embeddedImage'][] = array('file' => MG_getImageFilePath('stamp.gif'), 'name' => "stamp", 'filename' => 'stamp.gif', 'encoding' => 'base64', 'mime' => 'image/gif');
COM_emailNotification($msgData);
$msgNo = 8;
// update the sent post card database...Or maybe just log it in an error log?
$logentry = $fromname . " sent a postcard to " . $toname . " (" . $toemail . ") using media id " . $mid;
MG_postcardLog($logentry);
COM_updateSpeedlimit('mgpostcard');
header("Location: " . $_MG_CONF['site_url'] . '/media.php?msg=' . $msgNo . '&s=' . $mid);
exit;
}
function _validate()
{
global $_TABLES;
if (empty($this->_title)) {
$this->_errno[] = '1101';
}
if (empty($this->_cid)) {
$this->_errno[] = '1301';
} else {
if ($this->_cid != $this->_old_cid) {
$count = DB_count($_TABLES['downloadcategories'], 'cid', addslashes($this->_cid));
if ($count > 0) {
$this->_errno[] = '1302';
}
}
if ($this->_cid != COM_sanitizeID($this->_cid)) {
$this->_errno[] = '1303';
}
}
if (!empty($this->_errno)) {
$this->_retry = true;
$this->_reedit('showEditor', array($this->_cid, $this->_editor_mode));
}
}
/**
* Saves link to the database
*
* @param string $lid ID for link
* @param string $old_lid old ID for link
* @param string $cid cid of category link belongs to
* @param string $categorydd Category links belong to
* @param string $url URL of link to save
* @param string $description Description of link
* @param string $title Title of link
* @param int $hits Number of hits for link
* @param int $owner_id ID of owner
* @param int $group_id ID of group link belongs to
* @param int $perm_owner Permissions the owner has
* @param int $perm_group Permissions the group has
* @param int $perm_members Permissions members have
* @param int $perm_anon Permissions anonymous users have
* @return string HTML redirect or error message
* @global array core config vars
* @global array core group data
* @global array core table data
* @global array core user data
* @global array core msg data
* @global array links plugin lang admin vars
*
*/
function savelink($lid, $old_lid, $cid, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF;
$retval = '';
// Convert array values to numeric permission values
if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
// Remove any autotags the user doesn't have permission to use
$description = PLG_replaceTags($description, '', true);
// clean 'em up
$description = DB_escapeString(COM_checkHTML(COM_checkWords($description), 'links.edit'));
$title = DB_escapeString(strip_tags(COM_checkWords($title)));
$cid = DB_escapeString($cid);
if (empty($owner_id)) {
// this is new link from admin, set default values
$owner_id = $_USER['uid'];
if (isset($_GROUPS['Links Admin'])) {
$group_id = $_GROUPS['Links Admin'];
} else {
$group_id = SEC_getFeatureGroup('links.edit');
}
$perm_owner = 3;
$perm_group = 2;
$perm_members = 2;
$perm_anon = 2;
}
$lid = COM_sanitizeID($lid);
$old_lid = COM_sanitizeID($old_lid);
if (empty($lid)) {
if (empty($old_lid)) {
$lid = COM_makeSid();
} else {
$lid = $old_lid;
}
}
// check for link id change
if (!empty($old_lid) && $lid != $old_lid) {
// check if new lid is already in use
if (DB_count($_TABLES['links'], 'lid', $lid) > 0) {
// TBD: abort, display editor with all content intact again
$lid = $old_lid;
// for now ...
}
}
$access = 0;
$old_lid = DB_escapeString($old_lid);
if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}.");
COM_output($display);
exit;
} elseif (!empty($title) && !empty($description) && !empty($url)) {
if ($categorydd != $LANG_LINKS_ADMIN[7] && !empty($categorydd)) {
$cid = DB_escapeString($categorydd);
} else {
if ($categorydd != $LANG_LINKS_ADMIN[7]) {
echo COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php');
}
}
DB_delete($_TABLES['linksubmission'], 'lid', $old_lid);
DB_delete($_TABLES['links'], 'lid', $old_lid);
DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$lid}','{$cid}','{$url}','{$description}','{$title}',NOW(),'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
if (empty($old_lid) || $old_lid == $lid) {
PLG_itemSaved($lid, 'links');
} else {
PLG_itemSaved($lid, 'links', $old_lid);
}
// Get category for rdf check
$category = DB_getItem($_TABLES['linkcategories'], "category", "cid='{$cid}'");
COM_rdfUpToDateCheck('links', $category, $lid);
return PLG_afterSaveSwitch($_LI_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/links/portal.php?what=link&item={$lid}"), 'links', 2);
} else {
// missing fields
$retval .= COM_errorLog($LANG_LINKS_ADMIN[10], 2);
if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
$retval .= editlink('edit', $old_lid);
} else {
$retval .= editlink('edit', '');
}
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LINKS_ADMIN[1]));
return $retval;
}
}
function _userSetnewpwd()
{
global $_CONF, $_TABLES, $_USER, $LANG04;
$retval = '';
if (empty($_POST['passwd']) || $_POST['passwd'] != $_POST['passwd_conf']) {
echo COM_refresh($_CONF['site_url'] . '/users.php?mode=newpwd&uid=' . COM_applyFilter($_POST['uid'], true) . '&rid=' . COM_applyFilter($_POST['rid']));
} else {
$uid = COM_applyFilter($_POST['uid'], true);
$reqid = COM_sanitizeID(COM_applyFilter($_POST['rid']));
if (!empty($uid) && is_numeric($uid) && $uid > 1 && !empty($reqid) && strlen($reqid) == 16) {
$uid = (int) $uid;
$safereqid = DB_escapeString($reqid);
$valid = DB_count($_TABLES['users'], array('uid', 'pwrequestid'), array($uid, $safereqid));
if ($valid == 1) {
$passwd = SEC_encryptPassword($_POST['passwd']);
DB_change($_TABLES['users'], 'passwd', DB_escapeString($passwd), "uid", $uid);
DB_delete($_TABLES['sessions'], 'uid', $uid);
DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $uid);
echo COM_refresh($_CONF['site_url'] . '/users.php?msg=53');
} else {
// request invalid or expired
$retval .= COM_showMessage(54, '', '', 1, 'error');
$retval .= getpasswordform();
}
} else {
// this request doesn't make sense - ignore it
echo COM_refresh($_CONF['site_url']);
}
}
}
if ($_EV_CONF['enable_rsvp'] && !COM_isAnonUser()) {
USES_evlist_class_ticket();
$eid = COM_sanitizeID($_GET['eid'], false);
$doc = evTicket::PrintTickets($eid, 0, $_USER['uid']);
echo $doc;
exit;
} else {
$content .= 'Function not available';
}
break;
case 'view':
default:
if (empty($eid)) {
// Default action, view the calendar or event
COM_setArgNames(array('eid', 'ts', 'range', 'cat'));
$eid = COM_sanitizeID(COM_getArgument('eid'), false);
}
if (!empty($eid)) {
USES_evlist_class_repeat();
$Rep = new evRepeat($eid);
$pagetitle = COM_stripslashes($Rep->Event->title);
if ($view == 'print') {
$template = 'event_print';
$query = '';
}
$query = isset($_GET['query']) ? $_GET['query'] : '';
$content .= $Rep->Detail('', $query, $template);
} else {
// Shouldn't be in this file without an event ID to display or edit
echo COM_refresh(EVLIST_URL . '/index.php');
exit;
/**
* Save topic to the database
*
* @param string $tid Topic ID
* @param string $topic Name of topic (what the user sees)
* @param int $inherit whether to inherit
* @param int $hidden whether to hide
* @param string $parent_id Parent ID
* @param string $imageUrl (partial) URL to topic image
* @param string $meta_description Topic meta description
* @param string $meta_keywords Topic meta keywords
* @param int $sortNum number for sort order in "Topics" block
* @param int $limitNews number of stories per page for this topic
* @param int $owner_id ID of owner
* @param int $group_id ID of group topic belongs to
* @param int $perm_owner Permissions the owner has
* @param int $perm_group Permissions the group has
* @param int $perm_members Permissions members have
* @param int $perm_anon Permissions anonymous users have
* @param string $is_default 'on' if this is the default topic
* @param string $is_archive 'on' if this is the archive topic
* @return string HTML redirect or error message
*/
function savetopic($tid, $topic, $inherit, $hidden, $parent_id, $imageUrl, $meta_description, $meta_keywords, $sortNum, $limitNews, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_default, $is_archive)
{
global $_CONF, $_TABLES, $_USER, $LANG27, $MESSAGE;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$tid = COM_sanitizeID($tid);
// Check if tid is a restricted name
$restricted_tid = false;
if (!strcasecmp($tid, TOPIC_ALL_OPTION) || !strcasecmp($tid, TOPIC_NONE_OPTION) || !strcasecmp($tid, TOPIC_HOMEONLY_OPTION) || !strcasecmp($tid, TOPIC_SELECTED_OPTION) || !strcasecmp($tid, TOPIC_ROOT)) {
$restricted_tid = true;
}
// Check if tid is used by another topic
$duplicate_tid = false;
$old_tid = '';
if (isset($_POST['old_tid'])) {
$old_tid = COM_applyFilter($_POST['old_tid']);
if (!empty($old_tid)) {
$old_tid = COM_sanitizeID($old_tid);
// See if new topic id
if (strcasecmp($tid, $old_tid)) {
if (!strcasecmp($tid, DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'"))) {
$duplicate_tid = true;
}
}
} else {
if (!strcasecmp($tid, DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'"))) {
$duplicate_tid = true;
}
}
}
// Make sure parent id exists
$parent_id_found = false;
if ($parent_id == DB_getItem($_TABLES['topics'], 'tid', "tid = '{$parent_id}'") || $parent_id == TOPIC_ROOT) {
$parent_id_found = true;
}
// Check if parent archive topic, if so bail
$archive_parent = false;
$archive_tid = DB_getItem($_TABLES['topics'], 'tid', 'archive_flag = 1');
if ($parent_id == $archive_tid) {
$archive_parent = true;
}
// If archive topic, make sure no child topics else bail
$archive_child = false;
$is_archive = $is_archive == 'on' ? 1 : 0;
if ($is_archive) {
if ($tid == DB_getItem($_TABLES['topics'], 'parent_id', "parent_id = '{$tid}'")) {
$archive_child = true;
}
}
if (DB_count($_TABLES['topics'], 'tid', $tid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}.");
} else {
// Now check access to parent topic
if ($parent_id != TOPIC_ROOT) {
if (DB_count($_TABLES['topics'], 'tid', $parent_id) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$parent_id}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
}
$in_Group = SEC_inGroup($A['group_id']);
} else {
$access = 3;
$in_Group = true;
}
if ($access < 3 || !$in_Group) {
$retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally assign topic {$tid} to {$parent_id}.");
} elseif (!empty($tid) && !empty($topic) && !$restricted_tid && !$duplicate_tid && !$archive_parent && !$archive_child && $parent_id_found) {
if ($imageUrl === '/images/topics/') {
$imageUrl = '';
}
$topic = GLText::remove4byteUtf8Chars(strip_tags($topic));
$topic = DB_escapeString($topic);
$meta_description = GLText::remove4byteUtf8Chars(strip_tags($meta_description));
$meta_description = DB_escapeString($meta_description);
$meta_keywords = GLText::remove4byteUtf8Chars(strip_tags($meta_keywords));
$meta_keywords = DB_escapeString($meta_keywords);
if ($is_default == 'on') {
$is_default = 1;
DB_query("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1");
} else {
$is_default = 0;
}
if ($is_archive) {
// $tid is the archive topic
// - if it wasn't already, mark all its stories "archived" now
if ($archive_tid != $tid) {
$sql = "UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n SET s.featured = 0, s.frontpage = 0, s.statuscode = " . STORY_ARCHIVE_ON_EXPIRE . "\n WHERE ta.type = 'article' AND ta.tid = '{$tid}' AND ta.id = s.sid";
DB_query($sql);
$sql = "UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1";
DB_query($sql);
}
// Set hidden and inherit to false since archive topic now
$inherit = '';
$hidden = '';
} else {
// $tid is not the archive topic
// - if it was until now, reset the "archived" status of its stories
if ($archive_tid == $tid) {
$sql = "UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n SET s.statuscode = 0\n WHERE ta.type = 'article' AND ta.tid = '{$tid}' AND ta.id = s.sid";
DB_query($sql);
$sql = "UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1";
DB_query($sql);
}
}
$inherit = $inherit == 'on' ? 1 : 0;
$hidden = $hidden == 'on' ? 1 : 0;
// Cannot hide root topics so switch if needed
if ($parent_id == TOPIC_ROOT && $hidden == 1) {
$hidden = 0;
}
// If not a new topic and id change then...
if (!empty($old_tid)) {
if ($tid != $old_tid) {
changetopicid($tid, $old_tid);
$old_tid = DB_escapeString($old_tid);
DB_delete($_TABLES['topics'], 'tid', $old_tid);
}
}
DB_save($_TABLES['topics'], 'tid, topic, inherit, hidden, parent_id, imageurl, meta_description, meta_keywords, sortnum, limitnews, is_default, archive_flag, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon', "'{$tid}', '{$topic}', {$inherit}, {$hidden}, '{$parent_id}', '{$imageUrl}', '{$meta_description}', '{$meta_keywords}','{$sortNum}','{$limitNews}',{$is_default},'{$is_archive}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
if ($old_tid != $tid) {
PLG_itemSaved($tid, 'topic', $old_tid);
} else {
PLG_itemSaved($tid, 'topic');
}
// Reorder Topics, Delete topic cache and reload topic tree
reorderTopics();
// update feed(s)
COM_rdfUpToDateCheck('article', $tid);
COM_redirect($_CONF['site_admin_url'] . '/topic.php?msg=13');
} elseif ($restricted_tid) {
$retval .= COM_errorLog($LANG27[31], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} elseif ($duplicate_tid) {
$retval .= COM_errorLog($LANG27[49], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} elseif ($archive_parent) {
$retval .= COM_errorLog($LANG27[46], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} elseif ($archive_child) {
$retval .= COM_errorLog($LANG27[47], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} elseif (!$parent_id_found) {
$retval .= COM_errorLog($LANG27[48], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} else {
$retval .= COM_errorLog($LANG27[7], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
}
}
return $retval;
}
/**
* Override the post data to the data given in the parameter
*
* This is helper function for editblock function
*
* @param array $A Array of data by reference
* @return nothing
*/
function overridePostdata(&$A)
{
if (isset($_POST['name'])) {
$A['name'] = COM_sanitizeID($_POST['name']);
}
if (isset($_POST['title'])) {
$A['title'] = COM_stripslashes(strip_tags($_POST['title']));
}
if (isset($_POST['help'])) {
$A['help'] = COM_sanitizeUrl($_POST['help'], array('http', 'https'));
}
if (in_array($_POST['type'], array('normal', 'portal', 'phpblock', 'gldefault'))) {
$A['type'] = $_POST['type'];
}
if (isset($_POST['blockorder'])) {
$A['blockorder'] = COM_applyFilter($_POST['blockorder'], true);
}
if (isset($_POST['content'])) {
$A['content'] = $_POST['content'];
// to be sanitized when saving
}
if (isset($_POST['rdfurl'])) {
$A['rdfurl'] = $_POST['rdfurl'];
// to be sanitized when saving
}
if (isset($_POST['rdfupdated'])) {
$A['rdfupdated'] = COM_applyFilter($_POST['rdfupdated']);
}
if (isset($_POST['rdflimit'])) {
$A['rdflimit'] = COM_applyFilter($_POST['rdflimit'], true);
}
if (isset($_POST['phpblockfn'])) {
$A['phpblockfn'] = $_POST['phpblockfn'];
// to be sanitized when saving
}
if (isset($_POST['owner_id'])) {
$A['owner_id'] = COM_applyFilter($_POST['owner_id'], true);
}
if (isset($_POST['group_id'])) {
$A['group_id'] = COM_applyFilter($_POST['group_id'], true);
}
list($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) = SEC_getPermissionValues($_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon']);
$A['onleft'] = $_POST['onleft'] == 1 ? 1 : 0;
$A['is_enabled'] = $_POST['is_enabled'] == 'on' ? 1 : 0;
$A['allow_autotags'] = $_POST['allow_autotags'] == 'on' ? 1 : 0;
if (isset($_POST['cache_time'])) {
$A['cache_time'] = COM_applyFilter($_POST['cache_time'], true);
}
}
