/**
* Fiddle with the article's category selects
*/
function wet_article_partial_category_1($rs)
{
static $cats = null;
if ($cats == null) {
$cats = getTree('root', 'article');
}
// Make radio buttons, not drop-downs
$out = array();
if ($cats) {
foreach ($cats as $c) {
$c = doSpecial($c);
$id = 'wet_cat-' . $c['name'];
$out[] = radio('Category1', $c['name'], $rs['Category1'] == $c['name'] ? '1' : '', 'cat-' . $c['name']) . "<label for='{$id}'>{$c['title']}</label>";
}
}
return '<ul class="plain-list"><li>' . join('</li><li>', $out) . '</li></ul>';
}
/**
* Render a link element to hook up txpAsyncHref() with request parameters
*
* @param string $item Link text
* @param array $parms Request parameters; array keys are 'event', 'step', 'thing', 'property'
* @param string $atts HTML attributes
* @return string HTML
* @since 4.5.0
* @see textpattern.js: txpAsyncHref
*/
function asyncHref($item, $parms, $atts = '')
{
extract(doSpecial(lAtts(array('event' => $GLOBALS['event'], 'step' => $GLOBALS['step'], 'thing' => '', 'property' => ''), $parms)));
$class = "{$step} async";
$href = "?event={$event}&step={$step}&thing={$thing}&property={$property}";
if (AJAXALLY_CHALLENGED) {
$href .= '&value=' . txpspecialchars($item) . '&_txp_token=' . form_token();
}
return href($item, $href, $atts . " class=\"{$class}\"");
}
function linklist($atts)
{
global $thislink;
extract(lAtts(array('form' => 'plainlinks', 'sort' => 'linksort', 'label' => '', 'break' => '', 'limit' => '', 'wraptag' => '', 'category' => '', 'class' => __FUNCTION__), $atts));
$Form = fetch_form($form);
$qparts = array($category ? "category='{$category}'" : '1', "order by", $sort, $limit ? "limit {$limit}" : '');
$rs = safe_rows_start("*", "txp_link", join(' ', $qparts));
if ($rs) {
if ($label) {
$outlist[] = $label;
}
while ($a = nextRow($rs)) {
extract($a);
$linkname = str_replace("& ", "& ", $linkname);
$link = '<a href="' . doSpecial($url) . '">' . $linkname . '</a>';
$linkdesctitle = '<a href="' . doSpecial($url) . '" title="' . $description . '">' . $linkname . '</a>';
$thislink = $a;
$out = str_replace("<txp:link />", $link, $Form);
$out = str_replace("<txp:linkdesctitle />", $linkdesctitle, $out);
$out = str_replace("<txp:link_description />", $description, $out);
$outlist[] = parse($out);
}
if (!empty($outlist)) {
return doWrap($outlist, $wraptag, $break, $class);
}
}
return false;
}
function rss()
{
global $prefs, $txpac;
extract($prefs);
ob_start();
extract(doSlash(gpsa(array('category', 'section', 'limit', 'area'))));
// send a 304 if nothing has changed since the last visit
$last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
$last = gmdate("D, d M Y H:i:s \\G\\M\\T", $last);
header("Last-Modified: {$last}");
$hims = serverset('HTTP_IF_MODIFIED_SINCE');
if ($hims == $last) {
header("HTTP/1.1 304 Not Modified");
exit;
}
$area = gps('area');
$sitename .= $section ? ' - ' . $section : '';
$sitename .= $category ? ' - ' . $category : '';
$out[] = tag(doSpecial($sitename), 'title');
$out[] = tag('http://' . $siteurl . $path_from_root, 'link');
$out[] = tag(doSpecial($site_slogan), 'description');
if (!$area or $area == 'article') {
$sfilter = $section ? "and Section = '" . $section . "'" : '';
$cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : '';
$limit = $limit ? $limit : '5';
$frs = safe_column("name", "txp_section", "in_rss != '1'");
if ($frs) {
foreach ($frs as $f) {
$query[] = "and Section != '" . $f . "'";
}
}
$query[] = $sfilter;
$query[] = $cfilter;
$rs = safe_rows("*", "textpattern", "Status = 4 " . join(' ', $query) . "and Posted < now() order by Posted desc limit {$limit}");
if ($rs) {
foreach ($rs as $a) {
extract($a);
$Body = !$txpac['syndicate_body_or_excerpt'] ? $Body_html : $Excerpt;
$Body = !trim($Body) ? $Body_html : $Body;
$Body = str_replace('href="/', 'href="http://' . $siteurl . '/', $Body);
$Body = htmlspecialchars($Body, ENT_NOQUOTES);
$link = $url_mode == 0 ? 'http://' . $siteurl . $path_from_root . 'index.php?id=' . $ID : 'http://' . $siteurl . $path_from_root . $Section . '/' . $ID . '/';
if ($txpac['show_comment_count_in_feed']) {
$dc = getCount('txp_discuss', "parentid={$ID} and visible=1");
$count = $dc > 0 ? ' [' . $dc . ']' : '';
} else {
$count = '';
}
$Title = doSpecial($Title) . $count;
$item = tag(strip_tags($Title), 'title') . n . tag($Body, 'description') . n . tag($link, 'link');
$out[] = tag($item, 'item');
}
header("Content-Type: text/xml");
return '<rss version="0.92">' . tag(join(n, $out), 'channel') . '</rss>';
}
} elseif ($area == 'link') {
$cfilter = $category ? "category='{$category}'" : '1';
$limit = $limit ? $limit : 15;
$rs = safe_rows("*", "txp_link", "{$cfilter} order by date desc limit {$limit}");
if ($rs) {
foreach ($rs as $a) {
extract($a);
$item = tag(doSpecial($linkname), 'title') . n . tag(doSpecial($description), 'description') . n . tag($url, 'link');
$out[] = tag($item, 'item');
}
header("Content-Type: text/xml");
return '<rss version="0.92">' . tag(join(n, $out), 'channel') . '</rss>';
}
}
return 'no articles recorded yet';
}
function render_feed($rs, $area, $type, $feedtitle, $atom_self_ref, $atom_id_ext)
{
global $prefs, $thisarticle;
extract($prefs);
set_error_handler('tagErrorHandler');
$atom = $type == 'atom';
if ($atom) {
define("t_texthtml", ' type="text/html"');
define("t_text", ' type="text"');
define("t_html", ' type="html"');
define("t_xhtml", ' type="xhtml"');
define('t_appxhtml', ' type="xhtml"');
define("r_relalt", ' rel="alternate"');
define("r_relself", ' rel="self"');
} else {
define("t_texthtml", '');
define("t_text", '');
define("t_html", '');
define("t_xhtml", '');
define('t_appxhtml', '');
define("r_relalt", '');
define("r_relself", '');
}
$dn = explode('/', $siteurl);
$mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0];
$last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
if ($atom) {
$out[] = tag('Textpattern', 'generator', ' uri="http://textpattern.com/" version="' . $version . '"');
$out[] = tag(htmlspecialchars($feedtitle), 'title', t_text);
$out[] = tag(htmlspecialchars($site_slogan), 'subtitle', t_text);
$out[] = tag(safe_strftime("w3cdtf", $last), 'updated');
$out[] = '<link' . r_relself . ' href="' . $atom_self_ref . '" />';
$out[] = '<link' . r_relalt . t_texthtml . ' href="' . hu . '" />';
//Atom feeds with mail or domain name
$out[] = tag('tag:' . $mail_or_domain . ',' . $blog_time_uid . ':' . $blog_uid . $atom_id_ext, 'id');
$pub = safe_row("RealName, email", "txp_users", "privs=1");
$auth[] = tag($pub['RealName'], 'name');
$auth[] = $include_email_atom ? tag(eE($pub['email']), 'email') : '';
$auth[] = tag(hu, 'uri');
$out[] = tag(n . t . t . join(n . t . t, $auth) . n, 'author');
} else {
$out[] = tag('http://textpattern.com/?v=' . $version, 'generator');
$out[] = tag(doSpecial($feedtitle), 'title');
$out[] = tag(doSpecial($site_slogan), 'description');
$out[] = tag(safe_strftime('rfc822', $last), 'pubDate');
$out[] = tag(hu, 'link');
$out[] = '<atom:link href="' . $atom_self_ref . '" rel="self" type="application/rss+xml" />';
}
$out[] = callback_event($atom ? 'atom_head' : 'rss_head');
$articles = array();
if (!$area or $area == 'article') {
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
populateArticleData($a);
$cb = callback_event($atom ? 'atom_entry' : 'rss_entry');
$e = array();
$thisauthor = doSpecial(get_author_name($AuthorID));
$thisauthor = tag($thisauthor, $atom ? 'name' : 'dc:creator');
if ($atom) {
$thisauthor = tag(n . t . t . t . $thisauthor . n . t . t, 'author');
}
$e['thisauthor'] = $thisauthor;
if ($atom) {
$e['issued'] = tag(safe_strftime('w3cdtf', $uPosted), 'published');
} else {
$e['issued'] = tag(safe_strftime('rfc822', $uPosted), 'pubDate');
}
if ($atom) {
$e['modified'] = tag(safe_strftime('w3cdtf', $uLastMod), 'updated');
$e['category1'] = trim($Category1) ? '<category term="' . doSpecial($Category1) . '" />' : '';
$e['category2'] = trim($Category2) ? '<category term="' . doSpecial($Category2) . '" />' : '';
}
$count = '';
if ($show_comment_count_in_feed && $comments_count > 0) {
$count = ' [' . $comments_count . ']';
}
$escaped_title = $atom ? htmlspecialchars($Title) : htmlspecialchars(strip_tags($Title));
$e['title'] = tag($escaped_title . $count, 'title', t_html);
$a['posted'] = $uPosted;
$permlink = permlinkurl($a);
if ($atom) {
$e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $permlink . '" />';
} else {
$e['link'] = tag($permlink, 'link');
}
$e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, $atom ? 'id' : 'guid', $atom ? '' : ' isPermaLink="false"');
$summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink));
$content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink));
if ($syndicate_body_or_excerpt) {
# short feed: use body as summary if there's no excerpt
if (!trim($summary)) {
$summary = $content;
}
$content = '';
}
if (trim($summary)) {
$e['summary'] = tag(n . escape_cdata($summary) . n, $atom ? 'summary' : 'description', t_html);
}
if (trim($content)) {
$e['content'] = tag(n . escape_cdata($content) . n, $atom ? 'content' : 'content:encoded', t_html);
}
$articles[$ID] = tag(n . t . t . join(n . t . t, $e) . n . $cb, $atom ? 'entry' : 'item');
$etags[$ID] = strtoupper(dechex(crc32($articles[$ID])));
$dates[$ID] = $atom ? $uLastMod : $uPosted;
}
}
} elseif ($area == 'link') {
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
$e['title'] = tag(doSpecial($linkname), 'title', t_html);
if ($atom) {
$e['content'] = tag(n . doSpecial($description) . n, 'content', t_html);
$url = preg_replace("/^\\/(.*)/", "https?://{$siteurl}/\$1", $url);
$url = preg_replace("/&((?U).*)=/", "&\\1=", $url);
$e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $url . '" />';
$e['issued'] = tag(safe_strftime('w3cdtf', strtotime($date)), 'published');
$e['modified'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', strtotime($date)), 'updated');
$e['id'] = tag('tag:' . $mail_or_domain . ',' . safe_strftime('%Y-%m-%d', strtotime($date)) . ':' . $blog_uid . '/' . $id, 'id');
} else {
$e['content'] = tag(doSpecial($description), 'description');
$e['link'] = tag(doSpecial($url), 'link');
$e['issued'] = tag(safe_strftime('rfc822', $uDate), 'pubDate');
}
$articles[$id] = tag(n . t . t . join(n . t . t, $e) . n, $atom ? 'entry' : 'item');
$etags[$id] = strtoupper(dechex(crc32($articles[$id])));
$dates[$id] = $date;
}
}
}
if (!$articles) {
if ($section) {
if (safe_field('name', 'txp_section', "name = '{$section}'") == false) {
txp_die(gTxt('404_not_found'), '404');
}
} elseif ($category) {
switch ($area) {
case 'link':
if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'link'") == false) {
txp_die(gTxt('404_not_found'), '404');
}
break;
case 'article':
default:
if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'article'") == false) {
txp_die(gTxt('404_not_found'), '404');
}
break;
}
}
} else {
//turn on compression if we aren't using it already
if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) {
// make sure notices/warnings/errors don't
// fudge up the feed when compression is used
$buf = '';
while ($b = @ob_get_clean()) {
$buf .= $b;
}
@ob_start('ob_gzhandler');
echo $buf;
}
handle_lastmod();
$hims = serverset('HTTP_IF_MODIFIED_SINCE');
$imsd = $hims ? strtotime($hims) : 0;
if (is_callable('apache_request_headers')) {
$headers = apache_request_headers();
if (isset($headers["A-IM"])) {
$canaim = strpos($headers["A-IM"], "feed");
} else {
$canaim = false;
}
} else {
$canaim = false;
}
$hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH'));
$cutarticles = false;
if ($canaim !== false) {
foreach ($articles as $id => $thing) {
if (strpos($hinm, $etags[$id]) !== false) {
unset($articles[$id]);
$cutarticles = true;
$cut_etag = true;
}
if ($dates[$id] < $imsd) {
unset($articles[$id]);
$cutarticles = true;
$cut_time = true;
}
}
}
if (isset($cut_etag) && isset($cut_time)) {
header("Vary: If-None-Match, If-Modified-Since");
} else {
if (isset($cut_etag)) {
header("Vary: If-None-Match");
} else {
if (isset($cut_time)) {
header("Vary: If-Modified-Since");
}
}
}
$etag = @join("-", $etags);
if (strstr($hinm, $etag)) {
txp_status_header('304 Not Modified');
exit(0);
}
if ($etag) {
header('ETag: "' . $etag . '"');
}
if ($cutarticles) {
//header("HTTP/1.1 226 IM Used");
//This should be used as opposed to 200, but Apache doesn't like it.
//http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200.
header("Cache-Control: no-store, im");
header("IM: feed");
}
}
$out = array_merge($out, $articles);
header('Content-type: application/' . ($atom ? 'atom' : 'rss') . '+xml; charset=utf-8');
if ($atom) {
return chr(60) . '?xml version="1.0" encoding="UTF-8"?' . chr(62) . n . '<feed xml:lang="' . $language . '" xmlns="http://www.w3.org/2005/Atom">' . n . join(n, $out) . '</feed>';
} else {
return '<?xml version="1.0" encoding="utf-8"?>' . n . '<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom">' . n . tag(join(n, $out), 'channel') . n . '</rss>';
}
}
function author_list()
{
global $txp_user;
echo n . n . hed(gTxt('authors'), 3, ' style="text-align: center;"') . n . n . startTable('list') . n . tr(n . hCell(gTxt('real_name')) . n . hCell(gTxt('login_name')) . n . hCell(gTxt('email')) . n . hCell(gTxt('privileges')) . n . hCell() . n . hCell());
$rs = safe_rows_start('*', 'txp_users', '1 = 1 order by name asc');
if ($rs) {
if (has_privs('admin.edit')) {
while ($a = nextRow($rs)) {
extract($a);
echo n . n . '<tr>' . n . '<form method="post" action="index.php">' . n . td(fInput('text', 'RealName', $RealName, 'edit')) . td(htmlspecialchars($name)) . td(fInput('text', 'email', $email, 'edit'));
if ($name != $txp_user) {
echo td(privs($privs) . sp . popHelp('about_privileges'));
} else {
echo td(get_priv_level($privs) . sp . popHelp('about_privileges') . hInput('privs', $privs));
}
echo td(fInput('submit', 'save', gTxt('save'), 'smallerbox')) . n . hInput('user_id', $user_id) . n . eInput('admin') . n . sInput('author_save') . n . '</form>';
if ($name != $txp_user) {
echo td(dLink('admin', 'author_delete', 'user_id', $user_id));
} else {
echo td();
}
echo n . '</tr>';
}
} else {
while ($a = nextRow($rs)) {
extract(doSpecial($a));
echo tr(td($RealName) . td($name) . td('<a href="mailto:' . $email . '">' . $email . '</a>') . td(get_priv_level($privs) . sp . popHelp('about_privileges') . hInput('privs', $privs)) . td() . td());
}
}
echo n . endTable();
}
}
function rss()
{
global $prefs, $thisarticle;
set_error_handler('feedErrorHandler');
ob_clean();
extract($prefs);
extract(doSlash(gpsa(array('limit', 'area'))));
// build filter criteria from a comma-separated list of sections and categories
$feed_filter_limit = get_pref('feed_filter_limit', 10);
$section = gps('section');
$category = gps('category');
if (!is_scalar($section) || !is_scalar($category)) {
txp_die('Not Found', 404);
}
$section = $section ? array_slice(array_unique(do_list($section)), 0, $feed_filter_limit) : array();
$category = $category ? array_slice(array_unique(do_list($category)), 0, $feed_filter_limit) : array();
$st = array();
foreach ($section as $s) {
$st[] = fetch_section_title($s);
}
$ct = array();
foreach ($category as $c) {
$ct[] = fetch_category_title($c);
}
$sitename .= $section ? ' - ' . join(' - ', $st) : '';
$sitename .= $category ? ' - ' . join(' - ', $ct) : '';
$dn = explode('/', $siteurl);
$mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0];
// feed header
$out[] = tag('http://textpattern.com/?v=' . $version, 'generator');
$out[] = tag(doSpecial($sitename), 'title');
$out[] = tag(hu, 'link');
$out[] = '<atom:link href="' . pagelinkurl(array('rss' => 1, 'area' => $area, 'section' => $section, 'category' => $category, 'limit' => $limit)) . '" rel="self" type="application/rss+xml" />';
$out[] = tag(doSpecial($site_slogan), 'description');
$last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
$out[] = tag(safe_strftime('rfc822', $last), 'pubDate');
$out[] = callback_event('rss_head');
// feed items
$articles = array();
$section = doSlash($section);
$category = doSlash($category);
if (!$area or $area == 'article') {
$sfilter = !empty($section) ? "and Section in ('" . join("','", $section) . "')" : '';
$cfilter = !empty($category) ? "and (Category1 in ('" . join("','", $category) . "') or Category2 in ('" . join("','", $category) . "'))" : '';
$limit = $limit ? $limit : $rss_how_many;
$limit = intval(min($limit, max(100, $rss_how_many)));
$frs = safe_column("name", "txp_section", "in_rss != '1'");
if ($frs) {
foreach ($frs as $f) {
$query[] = "and Section != '" . doSlash($f) . "'";
}
}
$query[] = $sfilter;
$query[] = $cfilter;
$expired = $publish_expired_articles ? '' : ' and (now() <= Expires or Expires = ' . NULLDATETIME . ') ';
$rs = safe_rows_start("*, unix_timestamp(Posted) as uPosted, unix_timestamp(LastMod) as uLastMod, unix_timestamp(Expires) as uExpires, ID as thisid", "textpattern", "Status = 4 " . join(' ', $query) . "and Posted < now()" . $expired . "order by Posted desc limit {$limit}");
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
populateArticleData($a);
$cb = callback_event('rss_entry');
$a['posted'] = $uPosted;
$permlink = permlinkurl($a);
$summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink));
$content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink));
if ($syndicate_body_or_excerpt) {
# short feed: use body as summary if there's no excerpt
if (!trim($summary)) {
$summary = $content;
}
$content = '';
}
if ($show_comment_count_in_feed) {
$count = $comments_count > 0 ? ' [' . $comments_count . ']' : '';
} else {
$count = '';
}
$Title = escape_title(strip_tags($Title)) . $count;
$thisauthor = get_author_name($AuthorID);
$item = tag($Title, 'title') . n . (trim($summary) ? tag(n . escape_cdata($summary) . n, 'description') . n : '') . (trim($content) ? tag(n . escape_cdata($content) . n, 'content:encoded') . n : '') . tag($permlink, 'link') . n . tag(safe_strftime('rfc822', $a['posted']), 'pubDate') . n . tag(htmlspecialchars($thisauthor), 'dc:creator') . n . tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'guid', ' isPermaLink="false"') . n . $cb;
$articles[$ID] = tag($item, 'item');
$etags[$ID] = strtoupper(dechex(crc32($articles[$ID])));
$dates[$ID] = $uPosted;
}
}
} elseif ($area == 'link') {
$cfilter = $category ? "category in ('" . join("','", $category) . "')" : '1';
$limit = $limit ? $limit : $rss_how_many;
$limit = intval(min($limit, max(100, $rss_how_many)));
$rs = safe_rows_start("*, unix_timestamp(date) as uDate", "txp_link", "{$cfilter} order by date desc limit {$limit}");
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
$item = tag(doSpecial($linkname), 'title') . n . tag(doSpecial($description), 'description') . n . tag(doSpecial($url), 'link') . n . tag(safe_strftime('rfc822', $uDate), 'pubDate');
$articles[$id] = tag($item, 'item');
$etags[$id] = strtoupper(dechex(crc32($articles[$id])));
$dates[$id] = $date;
}
}
}
if (!$articles) {
if ($section) {
if (safe_field('name', 'txp_section', "name in ('" . join("','", $section) . "')") == false) {
txp_die(gTxt('404_not_found'), '404');
}
} elseif ($category) {
switch ($area) {
case 'link':
if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'link'") == false) {
txp_die(gTxt('404_not_found'), '404');
}
break;
case 'article':
default:
if (safe_field('id', 'txp_category', "name in ('" . join("','", $category) . "') and type = 'article'") == false) {
txp_die(gTxt('404_not_found'), '404');
}
break;
}
}
} else {
//turn on compression if we aren't using it already
if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) {
// make sure notices/warnings/errors don't fudge up the feed
// when compression is used
$buf = '';
while ($b = @ob_get_clean()) {
$buf .= $b;
}
@ob_start('ob_gzhandler');
echo $buf;
}
handle_lastmod();
$hims = serverset('HTTP_IF_MODIFIED_SINCE');
$imsd = $hims ? strtotime($hims) : 0;
if (is_callable('apache_request_headers')) {
$headers = apache_request_headers();
if (isset($headers["A-IM"])) {
$canaim = strpos($headers["A-IM"], "feed");
} else {
$canaim = false;
}
} else {
$canaim = false;
}
$hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH'));
$cutarticles = false;
if ($canaim !== false) {
foreach ($articles as $id => $thing) {
if (strpos($hinm, $etags[$id]) !== false) {
unset($articles[$id]);
$cutarticles = true;
$cut_etag = true;
}
if ($dates[$id] < $imsd) {
unset($articles[$id]);
$cutarticles = true;
$cut_time = true;
}
}
}
if (isset($cut_etag) && isset($cut_time)) {
header("Vary: If-None-Match, If-Modified-Since");
} else {
if (isset($cut_etag)) {
header("Vary: If-None-Match");
} else {
if (isset($cut_time)) {
header("Vary: If-Modified-Since");
}
}
}
$etag = @join("-", $etags);
if (strstr($hinm, $etag)) {
txp_status_header('304 Not Modified');
exit(0);
}
if ($cutarticles) {
//header("HTTP/1.1 226 IM Used");
//This should be used as opposed to 200, but Apache doesn't like it.
//http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200.
header("Cache-Control: no-store, im");
header("IM: feed");
}
}
$out = array_merge($out, $articles);
header("Content-Type: application/rss+xml; charset=utf-8");
if (isset($etag)) {
header('ETag: "' . $etag . '"');
}
return '<?xml version="1.0" encoding="utf-8"?>' . n . '<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom">' . n . tag(join(n, $out), 'channel') . n . '</rss>';
}
function author_list()
{
global $txp_user, $author_list_pageby;
extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
if (!in_array($sort, array('name', 'RealName', 'email', 'privs', 'last_login'))) {
$sort = 'name';
}
$dir = $dir == 'desc' ? 'desc' : 'asc';
$sort_sql = $sort . ' ' . $dir;
$switch_dir = $dir == 'desc' ? 'asc' : 'desc';
$total = getCount('txp_users', '1=1');
$limit = max($author_list_pageby, 15);
list($page, $offset, $numPages) = pager($total, $limit, $page);
$rs = safe_rows_start('*, unix_timestamp(last_access) as last_login', 'txp_users', '1 = 1 order by ' . $sort_sql . ' limit ' . $offset . ', ' . $limit);
if ($rs) {
echo '<form action="index.php" method="post" name="longform" onsubmit="return verify(\'' . gTxt('are_you_sure') . '\')">' . startTable('list') . tr(column_head('login_name', 'name', 'admin', true, $switch_dir, '', '', 'name' == $sort ? $dir : '') . column_head('real_name', 'RealName', 'admin', true, $switch_dir, '', '', 'RealName' == $sort ? $dir : '') . column_head('email', 'email', 'admin', true, $switch_dir, '', '', 'email' == $sort ? $dir : '') . column_head('privileges', 'privs', 'admin', true, $switch_dir, '', '', 'privs' == $sort ? $dir : '') . column_head('last_login', 'last_login', 'admin', true, $switch_dir, '', '', 'last_login' == $sort ? $dir : '') . hCell() . hCell());
while ($a = nextRow($rs)) {
extract(doSpecial($a));
echo tr(td($name) . td($RealName) . td('<a href="mailto:' . $email . '">' . $email . '</a>') . td(get_priv_level($privs)) . td($last_login ? safe_strftime('%b %Y', $last_login) : '') . td(has_privs('admin.edit') ? eLink('admin', 'author_edit', 'user_id', $user_id, gTxt('edit')) : '') . td((has_privs('admin.edit') and $txp_user != $a['name']) ? fInput('checkbox', 'selected[]', $a['name']) : ''));
}
echo n . n . tr(tda(select_buttons() . author_multiedit_form($page, $sort, $dir, $crit, $search_method), ' colspan="6" style="text-align: right; border: none;"')) . endTable() . '</form>' . nav_form('admin', $page, $numPages, $sort, $dir, $crit, $search_method) . pageby_form('admin', $author_list_pageby);
}
}
function link_url()
{
global $thislink;
assert_link();
return doSpecial($thislink['url']);
}
function makeConfig($ar)
{
define("nl", "';\n");
define("o", '$txpcfg[\'');
define("m", "'] = '");
$open = chr(60) . '?php';
$close = '?' . chr(62);
// Escape single quotes and backslashes in literal PHP strings
foreach ($ar as $k => $v) {
$ar[$k] = addcslashes($ar[$k], "'\\");
}
$ar = doSpecial($ar);
extract($ar);
return $open . "\n" . o . 'db' . m . $ddb . nl . o . 'user' . m . $duser . nl . o . 'pass' . m . $dpass . nl . o . 'host' . m . $dhost . nl . ($dclient_flags ? o . 'client_flags' . "'] = " . $dclient_flags . ";\n" : '') . o . 'table_prefix' . m . $dprefix . nl . o . 'txpath' . m . txpath . nl . o . 'dbcharset' . m . $dbcharset . nl . $close;
}
function atom()
{
global $thisarticle;
extract($GLOBALS['prefs']);
define("textplain", ' type="text/plain"');
define("texthtml", ' type="text/html"');
define("relalt", ' rel="alternate"');
define('appxhtml', ' type="application/xhtml+xml"');
define("divxhtml", '<div xmlns="http://www.w3.org/1999/xhtml">');
$area = doSlash(gps('area'));
extract(doSlash(gpsa(array('category', 'section', 'limit'))));
$last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
$sitename .= $section ? ' - ' . $section : '';
$sitename .= $category ? ' - ' . $category : '';
$pub = safe_row("RealName, email", "txp_users", "privs=1");
$out[] = tag($sitename, 'title', textplain);
$out[] = tag($site_slogan, 'tagline', textplain);
$out[] = '<link' . relalt . texthtml . ' href="' . hu . '" />';
$articles = array();
//Atom feeds with mail or domain name
$dn = explode('/', $siteurl);
$mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0];
$out[] = tag('tag:' . $mail_or_domain . ',' . $blog_time_uid . ':' . $blog_uid . ($section ? '/' . $section : '') . ($category ? '/' . $category : ''), 'id');
$out[] = tag('Textpattern', 'generator', ' url="http://textpattern.com" version="' . $version . '"');
$out[] = tag(date("Y-m-d\\TH:i:s\\Z", $last), 'modified');
$auth[] = tag($pub['RealName'], 'name');
$auth[] = $include_email_atom ? tag(eE($pub['email']), 'email') : '';
$auth[] = tag(hu, 'url');
$out[] = tag(n . t . t . join(n . t . t, $auth) . n, 'author');
if (!$area or $area == 'article') {
$sfilter = $section ? "and Section = '" . $section . "'" : '';
$cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : '';
$limit = $limit ? $limit : '5';
$frs = safe_column("name", "txp_section", "in_rss != '1'");
foreach ($frs as $f) {
$query[] = "and Section != '" . $f . "'";
}
$query[] = $sfilter;
$query[] = $cfilter;
$rs = safe_rows_start("*, \n\t\t\t\tID as thisid, \n\t\t\t\tunix_timestamp(Posted) as uPosted,\n\t\t\t\tunix_timestamp(LastMod) as uLastMod", "textpattern", "Status=4 and Posted <= now() " . join(' ', $query) . "order by Posted desc limit {$limit}");
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
populateArticleData($a);
$a['posted'] = $uPosted;
if ($show_comment_count_in_feed) {
$dc = getCount('txp_discuss', "parentid={$ID} and visible=1");
$count = $dc > 0 ? ' [' . $dc . ']' : '';
} else {
$count = '';
}
$thisauthor = safe_field("RealName", "txp_users", "name='{$AuthorID}'");
$e['thisauthor'] = tag(n . t . t . t . tag(htmlspecialchars($thisauthor), 'name') . n . t . t, 'author');
$e['issued'] = tag(gmdate("Y-m-d\\TH:i:s\\Z", $uPosted), 'issued');
$e['modified'] = tag(gmdate("Y-m-d\\TH:i:s\\Z", $uLastMod), 'modified');
$escaped_title = safe_hed($Title);
$escaped_title = preg_replace("/&(?![#a-z0-9]+;)/i", '&', $escaped_title);
$escaped_title = str_replace('<', '<', $escaped_title);
$escaped_title = str_replace('>', '>', $escaped_title);
$e['title'] = tag($escaped_title . $count, 'title');
$uTitle = $url_title ? $url_title : stripSpace($Title);
$uTitle = htmlspecialchars($uTitle, ENT_NOQUOTES);
$permlink = permlinkurl($a);
$e['link'] = '<link' . relalt . texthtml . ' href="' . $permlink . '" />';
$e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'id');
$e['subject'] = tag(htmlspecialchars($Category1), 'dc:subject');
// pull Body or Excerpt?
$Body = !$syndicate_body_or_excerpt ? $thisarticle['body'] : $thisarticle['excerpt'];
// if Excerpt is empty, switch back to Body_html
$Body = !trim($Body) ? $thisarticle['body'] : $Body;
// fix relative urls
$Body = str_replace('href="/', 'href="' . hu, $Body);
$Body = preg_replace("/href=\\\"#(.*)\"/", "href=\"" . permlinkurl($a) . "#\\1\"", $Body);
$Body = safe_hed($Body);
// encode and entify
$Body = preg_replace(array('/</', '/>/', "/'/", '/"/'), array('<', '>', ''', '"'), $Body);
// encode bare ampersands
$Body = preg_replace("/&(?![#0-9]+;|\\w+;)/i", '&', $Body);
$e['content'] = tag(n . $Body . n, 'content', ' type="text/html" mode="escaped"');
$articles[$ID] = tag(n . t . t . join(n . t . t, $e) . n, 'entry');
$etags[$ID] = strtoupper(dechex(crc32($articles[$ID])));
$dates[$ID] = $uLastMod;
}
}
} elseif ($area == 'link') {
$cfilter = $category ? "category='{$category}'" : '1';
$limit = $limit ? $limit : 15;
$rs = safe_rows_start("*", "txp_link", "{$cfilter} order by date desc limit {$limit}");
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
$e['title'] = tag(doSpecial($linkname), 'title');
$content = utf8_encode(htmlspecialchars($description));
$e['content'] = tag(n . $description . n, 'content', ' type="text/html" mode="escaped"');
$url = preg_replace("/^\\/(.*)/", "http://{$siteurl}/\$1", $url);
$url = preg_replace("/&((?U).*)=/", "&\\1=", $url);
$e['link'] = '<link' . relalt . texthtml . ' href="' . $url . '" />';
$e['issued'] = tag(gmdate("Y-m-d\\TH:i:s\\Z", $date), 'issued');
$e['modified'] = tag(gmdate("Y-m-d\\TH:i:s\\Z", $date), 'modified');
$e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $id, 'id');
$articles[$id] = tag(n . t . t . join(n . t . t, $e) . n, 'entry');
$etags[$id] = strtoupper(dechex(crc32($articles[$id])));
$dates[$id] = $date;
}
}
}
if (!empty($articles)) {
//turn on compression if we aren't using it already
if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) {
ob_start("ob_gzhandler");
}
$last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
$last = gmdate("D, d M Y H:i:s \\G\\M\\T", $last);
header("Last-Modified: {$last}");
$expires = gmdate('D, d M Y H:i:s \\G\\M\\T', time() + 3600 * 1);
header("Expires: {$expires}");
$hims = serverset('HTTP_IF_MODIFIED_SINCE');
if ($hims == $last) {
header("HTTP/1.1 304 Not Modified");
exit;
}
$imsd = @strtotime($hims);
if (is_callable('apache_request_headers')) {
$headers = apache_request_headers();
if (isset($headers["A-IM"])) {
$canaim = strpos($headers["A-IM"], "feed");
} else {
$canaim = false;
}
} else {
$canaim = false;
}
$hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH'));
$cutarticles = false;
if ($canaim !== false) {
foreach ($articles as $id => $thing) {
if (strpos($hinm, $etags[$id])) {
unset($articles[$id]);
$cutarticles = true;
$cut_etag = true;
}
if ($dates[$id] < $imsd) {
unset($articles[$id]);
$cutarticles = true;
$cut_time = true;
}
}
}
if (isset($cut_etag) && isset($cut_time)) {
header("Vary: If-None-Match, If-Modified-Since");
} else {
if (isset($cut_etag)) {
header("Vary: If-None-Match");
} else {
if (isset($cut_time)) {
header("Vary: If-Modified-Since");
}
}
}
$etag = @join("-", $etags);
if (strstr($hinm, $etag)) {
header("HTTP/1.1 304 Not Modified");
exit;
}
if ($etag) {
header('ETag: "' . $etag . '"');
}
if ($cutarticles) {
//header("HTTP/1.1 226 IM Used");
//This should be used as opposed to 200, but Apache doesn't like it.
//http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200.
header("Cache-Control: no-store, im");
header("IM: feed");
}
$out = array_merge($out, $articles);
ob_start();
header('Content-type: application/atom+xml; charset=utf-8');
return chr(60) . '?xml version="1.0" encoding="UTF-8"?' . chr(62) . n . '<feed version="0.3" xml:lang="' . $language . '" xmlns="http://purl.org/atom/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/">' . join(n, $out) . '</feed>';
}
}
function linkdesctitle($atts)
{
global $thislink;
extract(lAtts(array('rel' => ''), $atts));
$description = $thislink['description'] ? ' title="' . escape_output($thislink['description']) . '"' : '';
return tag(escape_output($thislink['linkname']), 'a', ($rel ? ' rel="' . $rel . '"' : '') . ' href="' . doSpecial($thislink['url']) . '"' . $description);
}
function atom()
{
global $txpac;
extract($GLOBALS['prefs']);
define("textplain", ' type="text/plain"');
define("texthtml", ' type="text/html"');
define("relalt", ' rel="alternate"');
define('appxhtml', ' type="application/xhtml+xml"');
define("divxhtml", '<div xmlns="http://www.w3.org/1999/xhtml">');
$area = gps('area');
extract(doSlash(gpsa(array('category', 'section', 'limit'))));
$last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
$sitename .= $section ? ' - ' . $section : '';
$sitename .= $category ? ' - ' . $category : '';
$out[] = tag($sitename, 'title', textplain);
$out[] = tag($site_slogan, 'tagline', textplain);
$out[] = '<link' . relalt . texthtml . ' href="http://' . $siteurl . $path_from_root . '" />';
$out[] = tag('tag:' . $siteurl . ',' . date("Y") . ':/', 'id');
$out[] = tag('Textpattern', 'generator', ' url="http://textpattern.com" version="g1.17"');
$out[] = tag(date("Y-m-d\\TH:i:s\\Z", $last), 'modified');
$pub = safe_row("RealName, email", "txp_users", "privs=1");
$auth[] = tag($pub['RealName'], 'name');
$auth[] = $txpac['include_email_atom'] ? tag(eE($pub['email']), 'email') : '';
$auth[] = tag('http://' . $siteurl . $path_from_root, 'url');
$out[] = tag(n . t . t . join(n . t . t, $auth) . n, 'author');
if (!$area or $area == 'article') {
$sfilter = $section ? "and Section = '" . $section . "'" : '';
$cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : '';
$limit = $limit ? $limit : '5';
$frs = safe_column("name", "txp_section", "in_rss != '1'");
foreach ($frs as $f) {
$query[] = "and Section != '" . $f . "'";
}
$query[] = $sfilter;
$query[] = $cfilter;
$rs = safe_rows("*, unix_timestamp(Posted) as uPosted,unix_timestamp(LastMod) as uLastMod", "textpattern", "Status=4 and Posted <= now() " . join(' ', $query) . "order by Posted desc limit {$limit}");
if ($rs) {
foreach ($rs as $a) {
extract($a);
if ($txpac['show_comment_count_in_feed']) {
$dc = getCount('txp_discuss', "parentid={$ID} and visible=1");
$count = $dc > 0 ? ' [' . $dc . ']' : '';
} else {
$count = '';
}
$e['issued'] = tag(date("Y-m-d\\TH:i:s\\Z", $uPosted), 'issued');
$e['modified'] = tag(date("Y-m-d\\TH:i:s\\Z", $uLastMod), 'modified');
$e['title'] = tag($Title . $count, 'title');
$elink = $url_mode == 0 ? 'http://' . $siteurl . $path_from_root . 'index.php?id=' . $ID : 'http://' . $siteurl . $path_from_root . $Section . '/' . $ID . '/';
$e['link'] = '<link' . relalt . texthtml . ' href="' . $elink . '" />';
$e['id'] = tag('tag:' . $siteurl . ',' . date("Y-m-d", $uPosted) . ':' . $ID, 'id');
$e['subject'] = tag(htmlspecialchars($Category1), 'dc:subject');
// pull Body or Excerpt?
$Body = !$txpac['syndicate_body_or_excerpt'] ? $Body_html : $Excerpt;
// if Excerpt is empty, switch back to Body_html
$Body = !trim($Body) ? $Body_html : $Body;
// fix relative urls
$Body = str_replace('href="/', 'href="http://' . $siteurl . '/', $Body);
// encode and entify
$Body = utf8_encode(htmlspecialchars($Body));
$e['content'] = tag(n . $Body . n, 'content', ' type="text/html" mode="escaped" xml:lang="en"');
$out[] = tag(n . t . t . join(n . t . t, $e) . n, 'entry');
}
}
} elseif ($area == 'link') {
$cfilter = $category ? "category='{$category}'" : '1';
$limit = $limit ? $limit : 15;
$rs = safe_rows("*", "txp_link", "{$cfilter} order by date desc limit {$limit}");
if ($rs) {
foreach ($rs as $a) {
extract($a);
$e['title'] = tag(doSpecial($linkname), 'title');
$content = utf8_encode(htmlspecialchars($description));
$e['content'] = tag(n . $description . n, 'content', ' type="text/html" mode="escaped" xml:lang="en"');
$url = preg_replace("/^\\/(.*)/", "http://{$siteurl}/\$1", $url);
$e['link'] = '<link' . relalt . texthtml . ' href="' . $url . '" />';
$out[] = tag(n . t . t . join(n . t . t, $e) . n, 'entry');
}
}
}
if (!empty($out)) {
ob_start();
header('Content-type: text/xml');
return chr(60) . '?xml version="1.0" encoding="UTF-8"?' . chr(62) . n . '<feed version="0.3" xmlns="http://purl.org/atom/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/">' . join(n, $out) . '</feed>';
}
}
function linkdesctitle($atts)
{
global $thislink;
assert_link();
extract(lAtts(array('rel' => ''), $atts));
$description = $thislink['description'] ? ' title="' . htmlspecialchars($thislink['description']) . '"' : '';
return tag(htmlspecialchars($thislink['linkname']), 'a', ($rel ? ' rel="' . $rel . '"' : '') . ' href="' . doSpecial($thislink['url']) . '"' . $description);
}
function atom()
{
global $thisarticle;
extract($GLOBALS['prefs']);
define("t_texthtml", ' type="text/html"');
define("t_text", ' type="text"');
define("t_html", ' type="html"');
define("t_xhtml", ' type="xhtml"');
define('t_appxhtml', ' type="xhtml"');
define("r_relalt", ' rel="alternate"');
define("r_relself", ' rel="self"');
$area = doSlash(gps('area'));
extract(doSlash(gpsa(array('category', 'section', 'limit'))));
$last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
$sitename .= $section ? ' - ' . $section : '';
$sitename .= $category ? ' - ' . $category : '';
$pub = safe_row("RealName, email", "txp_users", "privs=1");
$out[] = tag($sitename, 'title', t_text);
$out[] = tag($site_slogan, 'subtitle', t_text);
$out[] = '<link' . r_relself . ' href="' . pagelinkurl(array('atom' => 1)) . '" />';
$out[] = '<link' . r_relalt . t_texthtml . ' href="' . hu . '" />';
$articles = array();
//Atom feeds with mail or domain name
$dn = explode('/', $siteurl);
$mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0];
$out[] = tag('tag:' . $mail_or_domain . ',' . $blog_time_uid . ':' . $blog_uid . ($section ? '/' . $section : '') . ($category ? '/' . $category : ''), 'id');
$out[] = tag('Textpattern', 'generator', ' uri="http://textpattern.com/" version="' . $version . '"');
$out[] = tag(gmdate("Y-m-d\\TH:i:s\\Z", $last), 'updated');
$auth[] = tag($pub['RealName'], 'name');
$auth[] = $include_email_atom ? tag(eE($pub['email']), 'email') : '';
$auth[] = tag(hu, 'uri');
$out[] = tag(n . t . t . join(n . t . t, $auth) . n, 'author');
if (!$area or $area == 'article') {
$sfilter = $section ? "and Section = '" . $section . "'" : '';
$cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : '';
$limit = $limit ? $limit : $rss_how_many;
$limit = min($limit, max(100, $rss_how_many));
$frs = safe_column("name", "txp_section", "in_rss != '1'");
$query = array();
foreach ($frs as $f) {
$query[] = "and Section != '" . doSlash($f) . "'";
}
$query[] = $sfilter;
$query[] = $cfilter;
$rs = safe_rows_start("*, \n\t\t\t\tID as thisid, \n\t\t\t\tunix_timestamp(Posted) as uPosted,\n\t\t\t\tunix_timestamp(LastMod) as uLastMod", "textpattern", "Status=4 and Posted <= now() " . join(' ', $query) . "order by Posted desc limit {$limit}");
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
populateArticleData($a);
$e = array();
$a['posted'] = $uPosted;
if ($show_comment_count_in_feed) {
$count = $comments_count > 0 ? ' [' . $comments_count . ']' : '';
} else {
$count = '';
}
$thisauthor = get_author_name($AuthorID);
$e['thisauthor'] = tag(n . t . t . t . tag(htmlspecialchars($thisauthor), 'name') . n . t . t, 'author');
$e['issued'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', $uPosted), 'published');
$e['modified'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', $uLastMod), 'updated');
$escaped_title = escape_title($Title);
$escaped_title = preg_replace("/&(?![#a-z0-9]+;)/i", '&', $escaped_title);
$escaped_title = str_replace('<', '<', $escaped_title);
$escaped_title = str_replace('>', '>', $escaped_title);
$e['title'] = tag($escaped_title . $count, 'title');
$uTitle = $url_title ? $url_title : stripSpace($Title);
$uTitle = htmlspecialchars($uTitle, ENT_NOQUOTES);
$permlink = permlinkurl($a);
$e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $permlink . '" />';
$e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'id');
$e['category1'] = trim($Category1) ? '<category term="' . htmlspecialchars($Category1) . '" />' : '';
$e['category2'] = trim($Category2) ? '<category term="' . htmlspecialchars($Category2) . '" />' : '';
$Excerpt = fixup_for_feed($thisarticle['excerpt'], permlinkurl($a));
if ($syndicate_body_or_excerpt == 0) {
$Body = fixup_for_feed($thisarticle['body'], permlinkurl($a));
} else {
$Body = '';
// If there's no excerpt, use body as content instead of body as summary
if (!trim($Excerpt)) {
$Body = fixup_for_feed($thisarticle['body'], permlinkurl($a));
}
}
if (trim($Body)) {
$e['content'] = tag(n . $Body . n, 'content', t_html);
}
if (trim($Excerpt)) {
$e['summary'] = tag(n . $Excerpt . n, 'summary', t_html);
}
$articles[$ID] = tag(n . t . t . join(n . t . t, $e) . n, 'entry');
$etags[$ID] = strtoupper(dechex(crc32($articles[$ID])));
$dates[$ID] = $uLastMod;
}
}
} elseif ($area == 'link') {
$cfilter = $category ? "category='" . $category . "'" : '1';
$limit = $limit ? $limit : $rss_how_many;
$limit = min($limit, max(100, $rss_how_many));
$rs = safe_rows_start("*", "txp_link", "{$cfilter} order by date desc limit {$limit}");
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
$e['title'] = tag(doSpecial($linkname), 'title');
$content = utf8_encode(htmlspecialchars($description));
$e['content'] = tag(n . $description . n, 'content', t_texthtml);
$url = preg_replace("/^\\/(.*)/", "http://{$siteurl}/\$1", $url);
$url = preg_replace("/&((?U).*)=/", "&\\1=", $url);
$e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $url . '" />';
$e['issued'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', strtotime($date)), 'published');
$e['modified'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', strtotime($date)), 'updated');
$e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $id, 'id');
$articles[$id] = tag(n . t . t . join(n . t . t, $e) . n, 'entry');
$etags[$id] = strtoupper(dechex(crc32($articles[$id])));
$dates[$id] = $date;
}
}
}
if (!empty($articles)) {
//turn on compression if we aren't using it already
if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) {
@ob_start("ob_gzhandler");
}
$expires = gmdate('D, d M Y H:i:s \\G\\M\\T', time() + 3600 * 1);
header("Expires: {$expires}");
$hims = serverset('HTTP_IF_MODIFIED_SINCE');
$imsd = $hims ? strtotime($hims) : 0;
if ($imsd >= $last) {
txp_status_header("304 Not Modified");
exit;
}
header("Last-Modified: " . gmdate('D, d M Y H:i:s \\G\\M\\T', $last));
if (is_callable('apache_request_headers')) {
$headers = apache_request_headers();
if (isset($headers["A-IM"])) {
$canaim = strpos($headers["A-IM"], "feed");
} else {
$canaim = false;
}
} else {
$canaim = false;
}
$hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH'));
$cutarticles = false;
if ($canaim !== false) {
foreach ($articles as $id => $thing) {
if (strpos($hinm, $etags[$id])) {
unset($articles[$id]);
$cutarticles = true;
$cut_etag = true;
}
if ($dates[$id] < $imsd) {
unset($articles[$id]);
$cutarticles = true;
$cut_time = true;
}
}
}
if (isset($cut_etag) && isset($cut_time)) {
header("Vary: If-None-Match, If-Modified-Since");
} else {
if (isset($cut_etag)) {
header("Vary: If-None-Match");
} else {
if (isset($cut_time)) {
header("Vary: If-Modified-Since");
}
}
}
$etag = @join("-", $etags);
if (strstr($hinm, $etag)) {
header("HTTP/1.1 304 Not Modified");
exit;
}
if ($etag) {
header('ETag: "' . $etag . '"');
}
if ($cutarticles) {
//header("HTTP/1.1 226 IM Used");
//This should be used as opposed to 200, but Apache doesn't like it.
//http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200.
header("Cache-Control: no-store, im");
header("IM: feed");
}
$out = array_merge($out, $articles);
header('Content-type: application/atom+xml; charset=utf-8');
return chr(60) . '?xml version="1.0" encoding="UTF-8"?' . chr(62) . n . '<feed xml:lang="' . $language . '" xmlns="http://www.w3.org/2005/Atom">' . join(n, $out) . '</feed>';
}
}
function author_list()
{
global $txp_user, $author_list_pageby;
extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
if ($sort === '') {
$sort = get_pref('admin_sort_column', 'name');
}
if ($dir === '') {
$dir = get_pref('admin_sort_dir', 'asc');
}
$dir = $dir == 'desc' ? 'desc' : 'asc';
if (!in_array($sort, array('name', 'RealName', 'email', 'privs', 'last_login'))) {
$sort = 'name';
}
$sort_sql = $sort . ' ' . $dir;
set_pref('admin_sort_column', $sort, 'admin', 2, '', 0, PREF_PRIVATE);
set_pref('admin_sort_dir', $dir, 'admin', 2, '', 0, PREF_PRIVATE);
$switch_dir = $dir == 'desc' ? 'asc' : 'desc';
$total = getCount('txp_users', '1=1');
$limit = max($author_list_pageby, 15);
list($page, $offset, $numPages) = pager($total, $limit, $page);
$rs = safe_rows_start('*, unix_timestamp(last_access) as last_login', 'txp_users', '1 = 1 order by ' . $sort_sql . ' limit ' . $offset . ', ' . $limit);
if ($rs) {
echo n . '<div class="txp-list">';
echo '<form action="index.php" id="users_form" method="post" name="longform" onsubmit="return verify(\'' . gTxt('are_you_sure') . '\')">' . startTable('list', '', 'list') . n . '<thead>' . n . tr(column_head('login_name', 'name', 'admin', true, $switch_dir, '', '', ('name' == $sort ? "{$dir} " : '') . 'name login-name') . column_head('real_name', 'RealName', 'admin', true, $switch_dir, '', '', ('RealName' == $sort ? "{$dir} " : '') . 'name real-name') . column_head('email', 'email', 'admin', true, $switch_dir, '', '', ('email' == $sort ? "{$dir} " : '') . 'email') . column_head('privileges', 'privs', 'admin', true, $switch_dir, '', '', ('privs' == $sort ? "{$dir} " : '') . 'privs') . column_head('last_login', 'last_login', 'admin', true, $switch_dir, '', '', ('last_login' == $sort ? "{$dir} " : '') . 'date last-login modified') . hCell('', '', ' class="actions"') . hCell('', '', ' class="multi-edit"')) . n . '</thead>';
$tfoot = n . '<tfoot>' . tr(tda(has_privs('admin.edit') ? select_buttons() . author_multiedit_form($page, $sort, $dir, $crit, $search_method) : '', ' class="multi-edit" colspan="7" style="text-align: right; border: none;"')) . n . '</tfoot>';
echo $tfoot;
echo '<tbody>';
$ctr = 1;
while ($a = nextRow($rs)) {
extract(doSpecial($a));
echo tr(td($name, '', 'name login-name') . td($RealName, '', 'name real-name') . td('<a href="mailto:' . $email . '">' . $email . '</a>', '', 'email') . td(get_priv_level($privs), '', 'privs') . td($last_login ? safe_strftime('%b %Y', $last_login) : '', '', 'date last-login modified') . td(has_privs('admin.edit') ? eLink('admin', 'author_edit', 'user_id', $user_id, gTxt('edit')) : '', '', 'actions') . td((has_privs('admin.edit') and $txp_user != $a['name']) ? fInput('checkbox', 'selected[]', $a['name'], 'checkbox') : '', '', 'multi-edit'), ' class="' . ($ctr % 2 == 0 ? 'even' : 'odd') . '"');
$ctr++;
}
echo '</tbody>' . n . endTable() . n . '</form>' . n . '<div id="users_navigation" class="txp-navigation">' . nav_form('admin', $page, $numPages, $sort, $dir, $crit, $search_method) . pageby_form('admin', $author_list_pageby) . n . '</div>' . n . '</div>';
}
}
function rss()
{
global $prefs, $thisarticle;
extract($prefs);
ob_start();
extract(doSlash(gpsa(array('category', 'section', 'limit', 'area'))));
$area = gps('area');
$sitename .= $section ? ' - ' . $section : '';
$sitename .= $category ? ' - ' . $category : '';
$out[] = tag(doSpecial($sitename), 'title');
$out[] = tag(hu, 'link');
$out[] = tag(doSpecial($site_slogan), 'description');
$articles = array();
if (!$area or $area == 'article') {
$sfilter = $section ? "and Section = '" . $section . "'" : '';
$cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : '';
$limit = $limit ? $limit : '5';
$frs = safe_column("name", "txp_section", "in_rss != '1'");
if ($frs) {
foreach ($frs as $f) {
$query[] = "and Section != '" . $f . "'";
}
}
$query[] = $sfilter;
$query[] = $cfilter;
$rs = safe_rows_start("*, unix_timestamp(Posted) as uPosted, ID as thisid", "textpattern", "Status = 4 " . join(' ', $query) . "and Posted < now() order by Posted desc limit {$limit}");
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
populateArticleData($a);
$a['posted'] = $uPosted;
$Body = !$syndicate_body_or_excerpt ? $thisarticle['body'] : $thisarticle['excerpt'];
$Body = !trim($Body) ? $thisarticle['body'] : $Body;
$Body = str_replace('href="/', 'href="' . hu, $Body);
$Body = preg_replace("/href=\\\"#(.*)\"/", "href=\"" . permlinkurl($a) . "#\\1\"", $Body);
$Body = safe_hed($Body);
$Body = preg_replace(array('/</', '/>/', "/'/", '/"/'), array('<', '>', ''', '"'), $Body);
// encode bare ampersands
$Body = preg_replace("/&(?![#0-9]+;|\\w+;)/i", '&', $Body);
$uTitle = $url_title ? $url_title : stripSpace($Title);
$uTitle = htmlspecialchars($uTitle, ENT_NOQUOTES);
if ($show_comment_count_in_feed) {
$dc = getCount('txp_discuss', "parentid={$ID} and visible=1");
$count = $dc > 0 ? ' [' . $dc . ']' : '';
} else {
$count = '';
}
$Title = doSpecial($Title) . $count;
$permlink = permlinkurl($a);
$item = tag(strip_tags($Title), 'title') . n . tag($Body, 'description') . n . tag($permlink, 'link');
$articles[$ID] = tag($item, 'item');
$etags[$ID] = strtoupper(dechex(crc32($articles[$ID])));
$dates[$ID] = $uPosted;
}
}
} elseif ($area == 'link') {
$cfilter = $category ? "category='{$category}'" : '1';
$limit = $limit ? $limit : 15;
$rs = safe_rows_start("*", "txp_link", "{$cfilter} order by date desc limit {$limit}");
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
$item = tag(doSpecial($linkname), 'title') . n . tag(doSpecial($description), 'description') . n . tag(doSpecial($url), 'link');
$articles[$id] = tag($item, 'item');
$etags[$id] = strtoupper(dechex(crc32($articles[$id])));
$dates[$id] = $date;
}
}
}
//turn on compression if we aren't using it already
if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) {
ob_start("ob_gzhandler");
}
$last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
$last = gmdate("D, d M Y H:i:s \\G\\M\\T", $last);
header("Last-Modified: {$last}");
$expires = gmdate('D, d M Y H:i:s \\G\\M\\T', time() + 3600 * 1);
header("Expires: {$expires}");
$hims = serverset('HTTP_IF_MODIFIED_SINCE');
if ($hims == $last) {
header("HTTP/1.1 304 Not Modified");
exit;
}
$imsd = @strtotime($hims);
if (is_callable('apache_request_headers')) {
$headers = apache_request_headers();
if (isset($headers["A-IM"])) {
$canaim = strpos($headers["A-IM"], "feed");
} else {
$canaim = false;
}
} else {
$canaim = false;
}
$hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH'));
$cutarticles = false;
if ($canaim !== false) {
foreach ($articles as $id => $thing) {
if (strpos($hinm, $etags[$id]) !== false) {
unset($articles[$id]);
$cutarticles = true;
$cut_etag = true;
}
if ($dates[$id] < $imsd) {
unset($articles[$id]);
$cutarticles = true;
$cut_time = true;
}
}
}
if (isset($cut_etag) && isset($cut_time)) {
header("Vary: If-None-Match, If-Modified-Since");
} else {
if (isset($cut_etag)) {
header("Vary: If-None-Match");
} else {
if (isset($cut_time)) {
header("Vary: If-Modified-Since");
}
}
}
$etag = @join("-", $etags);
if (strstr($hinm, $etag)) {
header("HTTP/1.1 304 Not Modified");
exit;
}
if ($cutarticles) {
//header("HTTP/1.1 226 IM Used");
//This should be used as opposed to 200, but Apache doesn't like it.
//http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200.
header("Cache-Control: no-store, im");
header("IM: feed");
}
$out = array_merge($out, $articles);
header("Content-Type: application/rss+xml; charset=utf-8");
if ($etag) {
header('ETag: "' . $etag . '"');
}
return '<rss version="0.92">' . tag(join(n, $out), 'channel') . '</rss>';
}
/**
* The main panel listing all authors.
*
* @param string|array $message The activity message
*/
function author_list($message = '')
{
global $event, $txp_user, $author_list_pageby, $levels;
pagetop(gTxt('tab_site_admin'), $message);
if (is_disabled('mail')) {
echo graf(span(null, array('class' => 'ui-icon ui-icon-alert')) . ' ' . gTxt('warn_mail_unavailable'), array('class' => 'alert-block warning'));
}
$buttons = array();
// Change password button.
$buttons[] = sLink('admin', 'new_pass_form', gTxt('change_password'), 'txp-button');
if (!has_privs('admin.edit')) {
// Change email address button.
$buttons[] = sLink('admin', 'change_email_form', gTxt('change_email_address'), 'txp-button');
} else {
// New author button.
$buttons[] = sLink('admin', 'author_edit', gTxt('add_new_author'), 'txp-button');
}
// User list.
if (has_privs('admin.list')) {
extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
if ($sort === '') {
$sort = get_pref('admin_sort_column', 'name');
} else {
if (!in_array($sort, array('name', 'RealName', 'email', 'privs', 'last_login'))) {
$sort = 'name';
}
set_pref('admin_sort_column', $sort, 'admin', 2, '', 0, PREF_PRIVATE);
}
if ($dir === '') {
$dir = get_pref('admin_sort_dir', 'asc');
} else {
$dir = $dir == 'desc' ? "desc" : "asc";
set_pref('admin_sort_dir', $dir, 'admin', 2, '', 0, PREF_PRIVATE);
}
$sort_sql = $sort . ' ' . $dir;
$switch_dir = $dir == 'desc' ? 'asc' : 'desc';
$search = new Filter($event, array('login' => array('column' => 'txp_users.name', 'label' => gTxt('login_name')), 'RealName' => array('column' => 'txp_users.RealName', 'label' => gTxt('real_name')), 'email' => array('column' => 'txp_users.email', 'label' => gTxt('email')), 'privs' => array('column' => array('txp_users.privs'), 'label' => gTxt('privileges'), 'type' => 'boolean')));
$search->setAliases('privs', $levels);
list($criteria, $crit, $search_method) = $search->getFilter();
$search_render_options = array('placeholder' => 'search_users');
$total = getCount('txp_users', $criteria);
echo n . tag(hed(gTxt('tab_site_admin'), 1, array('class' => 'txp-heading')), 'div', array('class' => 'txp-layout-2col-cell-1'));
$searchBlock = n . tag($search->renderForm('author_list', $search_render_options), 'div', array('class' => 'txp-layout-2col-cell-2', 'id' => 'users_control'));
$createBlock = array();
$createBlock[] = n . tag(implode(n, $buttons), 'div', array('class' => 'txp-control-panel'));
$contentBlockStart = n . tag_start('div', array('class' => 'txp-layout-1col', 'id' => 'users_container'));
$createBlock = implode(n, $createBlock);
if ($total < 1) {
if ($criteria != 1) {
echo $searchBlock . $contentBlockStart . $createBlock . graf(span(null, array('class' => 'ui-icon ui-icon-info')) . ' ' . gTxt('no_results_found'), array('class' => 'alert-block information')) . n . tag_end('div');
}
return;
}
$limit = max($author_list_pageby, 15);
list($page, $offset, $numPages) = pager($total, $limit, $page);
$use_multi_edit = has_privs('admin.edit') && ($total > 1 or safe_count('txp_users', "1 = 1") > 1);
echo $searchBlock . $contentBlockStart . $createBlock;
$rs = safe_rows_start("*, UNIX_TIMESTAMP(last_access) AS last_login", 'txp_users', "{$criteria} ORDER BY {$sort_sql} LIMIT {$offset}, {$limit}");
if ($rs) {
echo n . tag_start('form', array('class' => 'multi_edit_form', 'id' => 'users_form', 'name' => 'longform', 'method' => 'post', 'action' => 'index.php')) . n . tag_start('div', array('class' => 'txp-listtables')) . n . tag_start('table', array('class' => 'txp-list')) . n . tag_start('thead') . tr(($use_multi_edit ? hCell(fInput('checkbox', 'select_all', 0, '', '', '', '', '', 'select_all'), '', ' class="txp-list-col-multi-edit" scope="col" title="' . gTxt('toggle_all_selected') . '"') : hCell('', '', ' class="txp-list-col-multi-edit" scope="col"')) . column_head('login_name', 'name', 'admin', true, $switch_dir, '', '', ('name' == $sort ? "{$dir} " : '') . 'txp-list-col-login-name name') . column_head('real_name', 'RealName', 'admin', true, $switch_dir, '', '', ('RealName' == $sort ? "{$dir} " : '') . 'txp-list-col-real-name name') . column_head('email', 'email', 'admin', true, $switch_dir, '', '', ('email' == $sort ? "{$dir} " : '') . 'txp-list-col-email') . column_head('privileges', 'privs', 'admin', true, $switch_dir, '', '', ('privs' == $sort ? "{$dir} " : '') . 'txp-list-col-privs') . column_head('last_login', 'last_login', 'admin', true, $switch_dir, '', '', ('last_login' == $sort ? "{$dir} " : '') . 'txp-list-col-last-login date')) . n . tag_end('thead') . n . tag_start('tbody');
while ($a = nextRow($rs)) {
extract(doSpecial($a));
echo tr(td((has_privs('admin.edit') and $txp_user != $a['name']) ? fInput('checkbox', 'selected[]', $a['name'], 'checkbox') : '', '', 'txp-list-col-multi-edit') . hCell(has_privs('admin.edit') ? eLink('admin', 'author_edit', 'user_id', $user_id, $name) : $name, '', ' class="txp-list-col-login-name name" scope="row"') . td($RealName, '', 'txp-list-col-real-name name') . td(href($email, 'mailto:' . $email), '', 'txp-list-col-email') . td(get_priv_level($privs), '', 'txp-list-col-privs') . td($last_login ? safe_strftime('%b %Y', $last_login) : '', '', 'txp-list-col-last-login date'));
}
echo n . tag_end('tbody') . n . tag_end('table') . n . tag_end('div') . ($use_multi_edit ? author_multiedit_form($page, $sort, $dir, $crit, $search_method) : '') . tInput() . n . tag_end('form') . n . tag_start('div', array('class' => 'txp-navigation', 'id' => 'users_navigation')) . pageby_form('admin', $author_list_pageby) . nav_form('admin', $page, $numPages, $sort, $dir, $crit, $search_method) . n . tag_end('div');
}
echo n . tag_end('div');
} else {
echo n . tag_start('div', array('class' => 'txp-layout-1col', 'id' => 'users_container')) . n . tag(implode(n, $buttons), 'div', array('class' => 'txp-control-panel')) . n . tag_end('div');
}
}
/**
* The main author list.
*
* @param string|array $message The activity message
*/
function author_list($message = '')
{
global $txp_user, $author_list_pageby;
pagetop(gTxt('tab_site_admin'), $message);
if (is_disabled('mail')) {
echo graf(span(null, array('class' => 'ui-icon ui-icon-alert')) . ' ' . gTxt('warn_mail_unavailable'), array('class' => 'alert-block warning'));
}
echo hed(gTxt('tab_site_admin'), 1, array('class' => 'txp-heading'));
echo n . '<div id="users_control" class="txp-control-panel">';
$buttons = array();
// Change password button.
$buttons[] = sLink('admin', 'new_pass_form', gTxt('change_password'));
if (!has_privs('admin.edit')) {
// Change email address button.
$buttons[] = sLink('admin', 'change_email_form', gTxt('change_email_address'));
} else {
// New author button.
$buttons[] = sLink('admin', 'author_edit', gTxt('add_new_author'));
}
echo graf(join(n, $buttons), array('class' => 'txp-buttons'));
// User list.
if (has_privs('admin.list')) {
extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
if ($sort === '') {
$sort = get_pref('admin_sort_column', 'name');
}
if ($dir === '') {
$dir = get_pref('admin_sort_dir', 'asc');
}
$dir = $dir == 'desc' ? 'desc' : 'asc';
if (!in_array($sort, array('name', 'RealName', 'email', 'privs', 'last_login'))) {
$sort = 'name';
}
$sort_sql = $sort . ' ' . $dir;
set_pref('admin_sort_column', $sort, 'admin', 2, '', 0, PREF_PRIVATE);
set_pref('admin_sort_dir', $dir, 'admin', 2, '', 0, PREF_PRIVATE);
$switch_dir = $dir == 'desc' ? 'asc' : 'desc';
$criteria = 1;
if ($search_method and $crit != '') {
$verbatim = preg_match('/^"(.*)"$/', $crit, $m);
$crit_escaped = $verbatim ? doSlash($m[1]) : doLike($crit);
$critsql = $verbatim ? array('id' => "user_id in ('" . join("','", do_list($crit_escaped)) . "')", 'login' => "name = '{$crit_escaped}'", 'real_name' => "RealName = '{$crit_escaped}'", 'email' => "email = '{$crit_escaped}'", 'privs' => "convert(privs, char) in ('" . join("','", do_list($crit_escaped)) . "')") : array('id' => "user_id in ('" . join("','", do_list($crit_escaped)) . "')", 'login' => "name like '%{$crit_escaped}%'", 'real_name' => "RealName like '%{$crit_escaped}%'", 'email' => "email like '%{$crit_escaped}%'", 'privs' => "convert(privs, char) in ('" . join("','", do_list($crit_escaped)) . "')");
if (array_key_exists($search_method, $critsql)) {
$criteria = $critsql[$search_method];
} else {
$search_method = '';
$crit = '';
}
} else {
$search_method = '';
$crit = '';
}
$criteria .= callback_event('admin_criteria', 'author_list', 0, $criteria);
$total = getCount('txp_users', $criteria);
if ($total < 1) {
if ($criteria != 1) {
echo n . author_search_form($crit, $search_method) . graf(gTxt('no_results_found'), ' class="indicator"') . '</div>';
}
return;
}
$limit = max($author_list_pageby, 15);
list($page, $offset, $numPages) = pager($total, $limit, $page);
$use_multi_edit = has_privs('admin.edit') && safe_count('txp_users', '1=1') > 1;
echo author_search_form($crit, $search_method) . '</div>';
$rs = safe_rows_start('*, unix_timestamp(last_access) as last_login', 'txp_users', "{$criteria} order by {$sort_sql} limit {$offset}, {$limit}");
if ($rs) {
echo n . tag_start('div', array('id' => 'users_container', 'class' => 'txp-container')) . n . tag_start('form', array('action' => 'index.php', 'id' => 'users_form', 'class' => 'multi_edit_form', 'method' => 'post', 'name' => 'longform')) . n . tag_start('div', array('class' => 'txp-listtables')) . n . tag_start('table', array('class' => 'txp-list')) . n . tag_start('thead') . tr(($use_multi_edit ? hCell(fInput('checkbox', 'select_all', 0, '', '', '', '', '', 'select_all'), '', ' scope="col" title="' . gTxt('toggle_all_selected') . '" class="txp-list-col-multi-edit"') : hCell('', '', ' scope="col" class="txp-list-col-multi-edit"')) . column_head('login_name', 'name', 'admin', true, $switch_dir, '', '', ('name' == $sort ? "{$dir} " : '') . 'txp-list-col-login-name name') . column_head('real_name', 'RealName', 'admin', true, $switch_dir, '', '', ('RealName' == $sort ? "{$dir} " : '') . 'txp-list-col-real-name name') . column_head('email', 'email', 'admin', true, $switch_dir, '', '', ('email' == $sort ? "{$dir} " : '') . 'txp-list-col-email') . column_head('privileges', 'privs', 'admin', true, $switch_dir, '', '', ('privs' == $sort ? "{$dir} " : '') . 'txp-list-col-privs') . column_head('last_login', 'last_login', 'admin', true, $switch_dir, '', '', ('last_login' == $sort ? "{$dir} " : '') . 'txp-list-col-last-login date')) . n . tag_end('thead') . n . tag_start('tbody');
while ($a = nextRow($rs)) {
extract(doSpecial($a));
echo tr(td((has_privs('admin.edit') and $txp_user != $a['name']) ? fInput('checkbox', 'selected[]', $a['name'], 'checkbox') : '', '', 'txp-list-col-multi-edit') . hCell(has_privs('admin.edit') ? eLink('admin', 'author_edit', 'user_id', $user_id, $name) : $name, '', ' scope="row" class="txp-list-col-login-name name"') . td($RealName, '', 'txp-list-col-real-name name') . td(href($email, 'mailto:' . $email), '', 'txp-list-col-email') . td(get_priv_level($privs), '', 'txp-list-col-privs') . td($last_login ? safe_strftime('%b %Y', $last_login) : '', '', 'txp-list-col-last-login date'));
}
echo n . tag_end('tbody') . n . tag_end('table') . n . tag_end('div') . ($use_multi_edit ? author_multiedit_form($page, $sort, $dir, $crit, $search_method) : '') . tInput() . n . tag_end('form') . n . tag_start('div', array('id' => 'users_navigation', 'class' => 'txp-navigation')) . pageby_form('admin', $author_list_pageby) . nav_form('admin', $page, $numPages, $sort, $dir, $crit, $search_method) . n . tag_end('div') . n . tag_end('div');
}
} else {
echo n . tag_end('div');
}
}
/**
* Outputs a diagnostics report.
*
* This is the main panel.
*/
function doDiagnostics()
{
global $prefs, $files, $txpcfg, $event, $step, $theme, $DB;
extract(get_prefs());
$urlparts = parse_url(hu);
$mydomain = $urlparts['host'];
$is_apache = stristr(serverSet('SERVER_SOFTWARE'), 'Apache') || is_callable('apache_get_version');
$real_doc_root = isset($_SERVER['DOCUMENT_ROOT']) ? realpath($_SERVER['DOCUMENT_ROOT']) : '';
// ini_get() returns string values passed via php_value as a string, not boolean.
$is_register_globals = (strcasecmp(ini_get('register_globals'), 'on') === 0 or ini_get('register_globals') === '1');
// Check for Textpattern updates, at most once every 24 hours.
$now = time();
$updateInfo = unserialize(get_pref('last_update_check', ''));
if (!$updateInfo || $now > $updateInfo['when'] + 60 * 60 * 24) {
$updates = checkUpdates();
$updateInfo['msg'] = $updates ? gTxt($updates['msg'], array('{version}' => $updates['version'])) : '';
$updateInfo['when'] = $now;
set_pref('last_update_check', serialize($updateInfo), 'publish', PREF_HIDDEN, 'text_input');
}
$fail = array();
if (!empty($updateInfo['msg'])) {
$fail['textpattern_version_update'] = diag_msg_wrap($updateInfo['msg'], 'information');
}
if (!is_callable('version_compare') || version_compare(PHP_VERSION, REQUIRED_PHP_VERSION, '<')) {
$fail['php_version_required'] = diag_msg_wrap(gTxt('php_version_required', array('{version}' => REQUIRED_PHP_VERSION)));
}
if (!isset($path_to_site)) {
$fail['path_to_site_missing'] = diag_msg_wrap(gTxt('path_to_site_missing'), 'warning');
}
if (@gethostbyname($mydomain) === $mydomain) {
$fail['dns_lookup_fails'] = diag_msg_wrap(gTxt('dns_lookup_fails') . cs . $mydomain, 'warning');
}
if (!@is_dir($path_to_site)) {
$fail['path_to_site_inacc'] = diag_msg_wrap(gTxt('path_to_site_inacc') . cs . $path_to_site);
}
if (rtrim($siteurl, '/') != $siteurl) {
$fail['site_trailing_slash'] = diag_msg_wrap(gTxt('site_trailing_slash') . cs . $path_to_site, 'warning');
}
if (!@is_file($path_to_site . "/index.php") || !@is_readable($path_to_site . "/index.php")) {
$fail['index_inaccessible'] = diag_msg_wrap("{$path_to_site}/index.php " . gTxt('is_inaccessible'));
}
$not_readable = array();
if (!@is_writable($path_to_site . '/' . $img_dir)) {
$not_readable[] = diag_msg_wrap(str_replace('{dirtype}', gTxt('img_dir'), gTxt('dir_not_writable')) . ": {$path_to_site}/{$img_dir}", 'warning');
}
if (!@is_writable($file_base_path)) {
$not_readable[] = diag_msg_wrap(str_replace('{dirtype}', gTxt('file_base_path'), gTxt('dir_not_writable')) . ": {$file_base_path}", 'warning');
}
if (!@is_writable($tempdir)) {
$not_readable[] = diag_msg_wrap(str_replace('{dirtype}', gTxt('tempdir'), gTxt('dir_not_writable')) . ": {$tempdir}", 'warning');
}
if ($not_readable) {
$fail['dir_not_writable'] = join(n, $not_readable);
}
if ($permlink_mode != 'messy' && !$is_apache) {
$fail['cleanurl_only_apache'] = diag_msg_wrap(gTxt('cleanurl_only_apache'), 'information');
}
if ($permlink_mode != 'messy' and !@is_readable($path_to_site . '/.htaccess')) {
$fail['htaccess_missing'] = diag_msg_wrap(gTxt('htaccess_missing'));
}
if ($permlink_mode != 'messy' and is_callable('apache_get_modules') and !apache_module('mod_rewrite')) {
$fail['mod_rewrite_missing'] = diag_msg_wrap(gTxt('mod_rewrite_missing'));
}
if (!ini_get('file_uploads')) {
$fail['file_uploads_disabled'] = diag_msg_wrap(gTxt('file_uploads_disabled'), 'information');
}
if (@is_dir(txpath . DS . 'setup')) {
$fail['setup_still_exists'] = diag_msg_wrap(txpath . DS . "setup" . DS . ' ' . gTxt('still_exists'), 'warning');
}
if (empty($tempdir)) {
$fail['no_temp_dir'] = diag_msg_wrap(gTxt('no_temp_dir'), 'warning');
}
if (is_disabled('mail')) {
$fail['warn_mail_unavailable'] = diag_msg_wrap(gTxt('warn_mail_unavailable'), 'warning');
}
if ($is_register_globals) {
$fail['warn_register_globals_or_update'] = diag_msg_wrap(gTxt('warn_register_globals_or_update'), 'warning');
}
if ($permlink_mode != 'messy') {
$rs = safe_column("name", "txp_section", "1");
foreach ($rs as $name) {
if ($name and @file_exists($path_to_site . '/' . $name)) {
$fail['old_placeholder_exists'] = diag_msg_wrap(gTxt('old_placeholder') . ": {$path_to_site}/{$name}");
}
}
}
$cs = check_file_integrity(INTEGRITY_REALPATH);
if (!$cs) {
$cs = array();
}
// Files that don't match their checksums.
if ($modified_files = array_keys($cs, INTEGRITY_MODIFIED)) {
$fail['modified_files'] = diag_msg_wrap(gTxt('modified_files') . cs . n . t . join(', ' . n . t, $modified_files), 'warning');
}
// Running development code in live mode is not recommended.
if (preg_match('/-dev$/', txp_version) and $production_status == 'live') {
$fail['dev_version_live'] = diag_msg_wrap(gTxt('dev_version_live'), 'warning');
}
// Missing files.
if ($missing = array_merge(array_keys($cs, INTEGRITY_MISSING), array_keys($cs, INTEGRITY_NOT_FILE), array_keys($cs, INTEGRITY_NOT_READABLE))) {
$fail['missing_files'] = diag_msg_wrap(gTxt('missing_files') . cs . n . t . join(', ' . n . t, $missing));
}
// Anything might break if arbitrary functions are disabled.
if (ini_get('disable_functions')) {
$disabled_funcs = array_map('trim', explode(',', ini_get('disable_functions')));
// Commonly disabled functions that we don't need.
$disabled_funcs = array_diff($disabled_funcs, array('imagefilltoborder', 'escapeshellarg', 'escapeshellcmd', 'exec', 'passthru', 'proc_close', 'proc_get_status', 'proc_nice', 'proc_open', 'proc_terminate', 'shell_exec', 'system', 'popen', 'dl', 'chown'));
if ($disabled_funcs) {
$fail['some_php_functions_disabled'] = diag_msg_wrap(gTxt('some_php_functions_disabled') . cs . join(', ', $disabled_funcs), 'warning');
}
}
// Not sure about this one.
// if (strncmp(php_sapi_name(), 'cgi', 3) == 0 and ini_get('cgi.rfc2616_headers'))
// $fail['cgi_header_config'] = gTxt('cgi_header_config');
$guess_site_url = $_SERVER['HTTP_HOST'] . preg_replace('#[/\\\\]$#', '', dirname(dirname($_SERVER['SCRIPT_NAME'])));
if ($siteurl and strip_prefix($siteurl, 'www.') != strip_prefix($guess_site_url, 'www.')) {
$fail['site_url_mismatch'] = diag_msg_wrap(gTxt('site_url_mismatch') . cs . $guess_site_url, 'warning');
}
// Test clean URL server vars.
if (hu) {
if (ini_get('allow_url_fopen') and $permlink_mode != 'messy') {
$s = md5(uniqid(rand(), true));
ini_set('default_socket_timeout', 10);
$pretext_data = @file(hu . $s . '/?txpcleantest=1');
if ($pretext_data) {
$pretext_req = trim(@$pretext_data[0]);
if ($pretext_req != md5('/' . $s . '/?txpcleantest=1')) {
$fail['clean_url_data_failed'] = diag_msg_wrap(gTxt('clean_url_data_failed') . cs . txpspecialchars($pretext_req), 'warning');
}
} else {
$fail['clean_url_test_failed'] = diag_msg_wrap(gTxt('clean_url_test_failed'), 'warning');
}
}
}
if ($tables = list_txp_tables()) {
$table_errors = check_tables($tables);
if ($table_errors) {
$fail['mysql_table_errors'] = diag_msg_wrap(gTxt('mysql_table_errors') . cs . n . t . join(', ' . n . t, $table_errors));
}
}
$active_plugins = array();
if ($rows = safe_rows('name, version, code_md5, md5(code) as md5', 'txp_plugin', 'status > 0')) {
foreach ($rows as $row) {
$n = $row['name'] . '-' . $row['version'];
if (strtolower($row['md5']) != strtolower($row['code_md5'])) {
$n .= 'm';
}
$active_plugins[] = $n;
}
}
$theme_manifest = $theme->manifest();
// Check GD info.
if (function_exists('gd_info')) {
$gd_info = gd_info();
$gd_support = array();
if ($gd_info['GIF Create Support']) {
$gd_support[] = 'GIF';
}
// Aside: In PHP 5.3, they chose to add a previously unemployed capital "E" to the array key.
if (!empty($gd_info['JPEG Support']) || !empty($gd_info['JPG Support'])) {
$gd_support[] = 'JPG';
}
if ($gd_info['PNG Support']) {
$gd_support[] = 'PNG';
}
if ($gd_support) {
$gd_support = join(', ', $gd_support);
} else {
$gd_support = gTxt('none');
}
$gd = gTxt('gd_info', array('{version}' => $gd_info['GD Version'], '{supported}' => $gd_support));
} else {
$gd = gTxt('gd_unavailable');
}
if (realpath($prefs['tempdir']) === realpath($prefs['plugin_cache_dir'])) {
$fail['tmp_plugin_paths_match'] = diag_msg_wrap(gTxt('tmp_plugin_paths_match'));
}
// Database server time.
extract(doSpecial(getRow('select @@global.time_zone as db_global_timezone, @@session.time_zone as db_session_timezone, now() as db_server_time, unix_timestamp(now()) as db_server_timestamp')));
$db_server_timeoffset = $db_server_timestamp - $now;
echo pagetop(gTxt('tab_diagnostics'), '');
echo hed(gTxt('tab_diagnostics'), 1, array('class' => 'txp-heading'));
echo n . '<div id="' . $event . '_container" class="txp-container">' . n . '<div id="pre_flight_check">' . hed(gTxt('preflight_check'), 2);
if ($fail) {
foreach ($fail as $help => $message) {
echo graf(nl2br($message) . popHelp($help));
}
} else {
echo graf(diag_msg_wrap(gTxt('all_checks_passed'), 'success'));
}
echo '</div>';
echo '<div id="diagnostics">', hed(gTxt('diagnostic_info'), 2);
$fmt_date = '%Y-%m-%d %H:%M:%S';
$out = array('<p><textarea class="code" id="diagnostics-detail" cols="' . INPUT_LARGE . '" rows="' . TEXTAREA_HEIGHT_LARGE . '" dir="ltr" readonly>', gTxt('txp_version') . cs . txp_version . ' (' . check_file_integrity(INTEGRITY_DIGEST) . ')' . n, gTxt('last_update') . cs . gmstrftime($fmt_date, $dbupdatetime) . '/' . gmstrftime($fmt_date, @filemtime(txpath . '/update/_update.php')) . n, gTxt('document_root') . cs . @$_SERVER['DOCUMENT_ROOT'] . ($real_doc_root != @$_SERVER['DOCUMENT_ROOT'] ? ' (' . $real_doc_root . ')' : '') . n, '$path_to_site' . cs . $path_to_site . n, gTxt('txp_path') . cs . txpath . n, gTxt('permlink_mode') . cs . $permlink_mode . n, ini_get('open_basedir') ? 'open_basedir: ' . ini_get('open_basedir') . n : '', ini_get('upload_tmp_dir') ? 'upload_tmp_dir: ' . ini_get('upload_tmp_dir') . n : '', gTxt('tempdir') . cs . $tempdir . n, gTxt('web_domain') . cs . $siteurl . n, gTxt('php_version') . cs . phpversion() . n, $is_register_globals ? gTxt('register_globals') . cs . $is_register_globals . n : '', gTxt('gd_library') . cs . $gd . n, gTxt('server') . ' TZ: ' . Txp::get('Textpattern_Date_Timezone')->getTimeZone() . n, gTxt('server_time') . cs . strftime('%Y-%m-%d %H:%M:%S') . n, strip_tags(gTxt('is_dst')) . cs . $is_dst . n, strip_tags(gTxt('auto_dst')) . cs . $auto_dst . n, strip_tags(gTxt('gmtoffset')) . cs . $timezone_key . sp . "({$gmtoffset})" . n, 'MySQL' . cs . mysql_get_server_info() . n, gTxt('db_server_time') . cs . $db_server_time . n, gTxt('db_server_timeoffset') . cs . $db_server_timeoffset . ' s' . n, gTxt('db_global_timezone') . cs . $db_global_timezone . n, gTxt('db_session_timezone') . cs . $db_session_timezone . n, gTxt('locale') . cs . $locale . n, isset($_SERVER['SERVER_SOFTWARE']) ? gTxt('server') . cs . $_SERVER['SERVER_SOFTWARE'] . n : '', is_callable('apache_get_version') ? gTxt('apache_version') . cs . @apache_get_version() . n : '', gTxt('php_sapi_mode') . cs . PHP_SAPI . n, gTxt('rfc2616_headers') . cs . ini_get('cgi.rfc2616_headers') . n, gTxt('os_version') . cs . php_uname('s') . ' ' . php_uname('r') . n, $active_plugins ? gTxt('active_plugins') . cs . join(', ', $active_plugins) . n : '', gTxt('theme_name') . cs . $theme_name . sp . $theme_manifest['version'] . n, $fail ? n . gTxt('preflight_check') . cs . n . ln . join("\n", doStripTags($fail)) . n . ln : '', is_readable($path_to_site . '/.htaccess') ? n . gTxt('htaccess_contents') . cs . n . ln . txpspecialchars(join('', file($path_to_site . '/.htaccess'))) . n . ln : '');
if ($step == 'high') {
$out[] = n . 'Charset (default/config)' . cs . $DB->default_charset . '/' . $DB->charset . n;
$result = safe_query("SHOW variables like 'character_se%'");
while ($row = mysql_fetch_row($result)) {
$out[] = $row[0] . cs . $row[1] . n;
if ($row[0] == 'character_set_connection') {
$conn_char = $row[1];
}
}
$table_names = array(PFX . 'textpattern');
$result = safe_query("SHOW TABLES LIKE '" . PFX . "txp\\_%'");
while ($row = mysql_fetch_row($result)) {
$table_names[] = $row[0];
}
$table_msg = array();
foreach ($table_names as $table) {
$ctr = safe_query("SHOW CREATE TABLE " . $table . "");
if (!$ctr) {
unset($table_names[$table]);
continue;
}
$ctcharset = preg_replace('#^CREATE TABLE.*SET=([^ ]+)[^)]*$#is', '\\1', mysql_result($ctr, 0, 'Create Table'));
if (isset($conn_char) && !stristr($ctcharset, 'CREATE') && $conn_char != $ctcharset) {
$table_msg[] = "{$table} is {$ctcharset}";
}
$ctr = safe_query("CHECK TABLE " . $table);
if (in_array(mysql_result($ctr, 0, 'Msg_type'), array('error', 'warning'))) {
$table_msg[] = $table . cs . mysql_result($ctr, 0, 'Msg_Text');
}
}
if ($table_msg == array()) {
$table_msg = count($table_names) < 17 ? array('-') : array('OK');
}
$out[] = count($table_names) . ' Tables' . cs . implode(', ', $table_msg) . n;
$cf = preg_grep('/^custom_\\d+/', getThings('describe `' . PFX . 'textpattern`'));
$out[] = n . get_pref('max_custom_fields', 10) . sp . gTxt('custom') . cs . implode(', ', $cf) . sp . '(' . count($cf) . ')' . n;
$extns = get_loaded_extensions();
$extv = array();
foreach ($extns as $e) {
$extv[] = $e . (phpversion($e) ? '/' . phpversion($e) : '');
}
$out[] = n . gTxt('php_extensions') . cs . join(', ', $extv) . n;
if (is_callable('apache_get_modules')) {
$out[] = n . gTxt('apache_modules') . cs . join(', ', apache_get_modules()) . n;
}
if (@is_array($pretext_data) and count($pretext_data) > 1) {
$out[] = n . gTxt('pretext_data') . cs . txpspecialchars(join('', array_slice($pretext_data, 1, 20))) . n;
}
$out[] = n;
if ($md5s = check_file_integrity(INTEGRITY_MD5)) {
foreach ($md5s as $f => $checksum) {
$out[] = $f . cs . n . t . (!$checksum ? gTxt('unknown') : $checksum) . n;
}
}
$out[] = n . ln;
}
$out[] = callback_event('diag_results', $step) . n;
$out[] = '</textarea></p>';
$dets = array('low' => gTxt('low'), 'high' => gTxt('high'));
$out[] = form(graf(eInput('diag') . n . '<label>' . gTxt('detail') . '</label>' . selectInput('step', $dets, $step, 0, 1)));
echo join('', $out), '</div>', '</div>';
}
function makeConfig()
{
define("nl", "';\n");
define("o", '$txpcfg[\'');
define("m", "'] = '");
$open = chr(60) . '?php';
$close = '?' . chr(62);
// Escape single quotes and backslashes in literal PHP strings
foreach ($_SESSION as $k => $v) {
$_SESSION[$k] = addcslashes($_SESSION[$k], "'\\");
}
$_SESSION = doSpecial($_SESSION);
return $open . "\n" . o . 'db' . m . $_SESSION['ddb'] . nl . o . 'user' . m . $_SESSION['duser'] . nl . o . 'pass' . m . $_SESSION['dpass'] . nl . o . 'host' . m . $_SESSION['dhost'] . nl . ($_SESSION['dclient_flags'] ? o . 'client_flags' . "'] = " . $_SESSION['dclient_flags'] . ";\n" : '') . o . 'table_prefix' . m . $_SESSION['dprefix'] . nl . o . 'txpath' . m . txpath . nl . o . 'dbcharset' . m . $_SESSION['dbcharset'] . nl . $close;
}
function author_list($message = '')
{
global $txp_user, $author_list_pageby;
pagetop(gTxt('tab_site_admin'), $message);
if (is_disabled('mail')) {
echo tag(gTxt('warn_mail_unavailable'), 'p', ' class="alert-block warning" ');
}
echo '<h1 class="txp-heading">' . gTxt('tab_site_admin') . '</h1>';
echo '<div id="users_control" class="txp-control-panel">';
// Change password button
echo '<p class="txp-buttons">';
echo sLink('admin', 'new_pass_form', gTxt('change_password'));
// Change email address button
if (!has_privs('admin.edit')) {
echo n . sLink('admin', 'change_email_form', gTxt('change_email_address'));
}
// User list
if (has_privs('admin.list')) {
extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
if ($sort === '') {
$sort = get_pref('admin_sort_column', 'name');
}
if ($dir === '') {
$dir = get_pref('admin_sort_dir', 'asc');
}
$dir = $dir == 'desc' ? 'desc' : 'asc';
if (!in_array($sort, array('name', 'RealName', 'email', 'privs', 'last_login'))) {
$sort = 'name';
}
$sort_sql = $sort . ' ' . $dir;
set_pref('admin_sort_column', $sort, 'admin', 2, '', 0, PREF_PRIVATE);
set_pref('admin_sort_dir', $dir, 'admin', 2, '', 0, PREF_PRIVATE);
$switch_dir = $dir == 'desc' ? 'asc' : 'desc';
$criteria = 1;
if ($search_method and $crit != '') {
$crit_escaped = doSlash(str_replace(array('\\', '%', '_', '\''), array('\\\\', '\\%', '\\_', '\\\''), $crit));
$critsql = array('id' => "user_id in ('" . join("','", do_list($crit_escaped)) . "')", 'login' => "name like '%{$crit_escaped}%'", 'real_name' => "RealName like '%{$crit_escaped}%'", 'email' => "email like '%{$crit_escaped}%'", 'privs' => "privs in ('" . join("','", do_list($crit_escaped)) . "')");
if (array_key_exists($search_method, $critsql)) {
$criteria = $critsql[$search_method];
} else {
$search_method = '';
$crit = '';
}
} else {
$search_method = '';
$crit = '';
}
$criteria .= callback_event('admin_criteria', 'author_list', 0, $criteria);
$total = getCount('txp_users', $criteria);
// New author button
if (has_privs('admin.edit')) {
echo n . sLink('admin', 'author_edit', gTxt('add_new_author'));
}
echo '</p>';
// end txp-buttons
if ($total < 1) {
if ($criteria != 1) {
echo n . author_search_form($crit, $search_method) . n . graf(gTxt('no_results_found'), ' class="indicator"') . '</div>';
}
return;
}
$limit = max($author_list_pageby, 15);
list($page, $offset, $numPages) = pager($total, $limit, $page);
$use_multi_edit = has_privs('admin.edit') && safe_count('txp_users', '1=1') > 1;
echo author_search_form($crit, $search_method) . '</div>';
$rs = safe_rows_start('*, unix_timestamp(last_access) as last_login', 'txp_users', "{$criteria} order by {$sort_sql} limit {$offset}, {$limit}");
if ($rs) {
echo n . '<div id="users_container" class="txp-container">';
echo '<form action="index.php" id="users_form" class="multi_edit_form" method="post" name="longform">' . n . '<div class="txp-listtables">' . n . startTable('', '', 'txp-list') . n . '<thead>' . n . tr(n . ($use_multi_edit ? hCell(fInput('checkbox', 'select_all', 0, '', '', '', '', '', 'select_all'), '', ' title="' . gTxt('toggle_all_selected') . '" class="multi-edit"') : hCell('', '', ' class="multi-edit"')) . n . column_head('login_name', 'name', 'admin', true, $switch_dir, '', '', ('name' == $sort ? "{$dir} " : '') . 'name login-name') . n . column_head('real_name', 'RealName', 'admin', true, $switch_dir, '', '', ('RealName' == $sort ? "{$dir} " : '') . 'name real-name') . n . column_head('email', 'email', 'admin', true, $switch_dir, '', '', ('email' == $sort ? "{$dir} " : '') . 'email') . n . column_head('privileges', 'privs', 'admin', true, $switch_dir, '', '', ('privs' == $sort ? "{$dir} " : '') . 'privs') . n . column_head('last_login', 'last_login', 'admin', true, $switch_dir, '', '', ('last_login' == $sort ? "{$dir} " : '') . 'date last-login modified')) . n . '</thead>';
echo '<tbody>';
while ($a = nextRow($rs)) {
extract(doSpecial($a));
echo tr(td((has_privs('admin.edit') and $txp_user != $a['name']) ? fInput('checkbox', 'selected[]', $a['name'], 'checkbox') : '', '', 'multi-edit') . td(has_privs('admin.edit') ? eLink('admin', 'author_edit', 'user_id', $user_id, $name) : $name, '', 'name login-name') . td($RealName, '', 'name real-name') . td('<a href="mailto:' . $email . '">' . $email . '</a>', '', 'email') . td(get_priv_level($privs), '', 'privs') . td($last_login ? safe_strftime('%b %Y', $last_login) : '', '', 'date last-login modified'));
}
echo '</tbody>', n, endTable(), n, '</div>', n, $use_multi_edit ? author_multiedit_form($page, $sort, $dir, $crit, $search_method) : '', n, tInput(), n, '</form>', n, '<div id="users_navigation" class="txp-navigation">', n, nav_form('admin', $page, $numPages, $sort, $dir, $crit, $search_method), n, pageby_form('admin', $author_list_pageby), n, '</div>', n, '</div>';
}
} else {
echo '</div>';
}
}
function send_xml_response($response = array())
{
ob_clean();
$default_response = array('http-status' => '200 OK');
// backfill default response properties
$response = $response + $default_response;
header('Content-Type: text/xml');
txp_status_header($response['http-status']);
$out[] = '<?xml version="1.0" encoding="utf-8" standalone="yes"?>';
$out[] = '<textpattern>';
foreach ($response as $element => $value) {
// element *names* must not contain <>&, *values* may.
$value = doSpecial($value);
if (is_array($value)) {
$out[] = t . "<{$element}>" . n;
foreach ($value as $e => $v) {
$out[] = t . t . "<{$e} value='{$v}' />" . n;
}
$out[] = t . "</{$element}>" . n;
} else {
$out[] = t . "<{$element} value='{$value}' />" . n;
}
}
$out[] = '</textpattern>';
echo join(n, $out);
exit;
}
function rss()
{
global $prefs, $thisarticle;
extract($prefs);
extract(doSlash(gpsa(array('category', 'section', 'limit', 'area'))));
$area = gps('area');
$sitename .= $section ? ' - ' . $section : '';
$sitename .= $category ? ' - ' . $category : '';
$dn = explode('/', $siteurl);
$mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0];
$out[] = tag('http://textpattern.com/?v=' . $version, 'generator');
$out[] = tag(doSpecial($sitename), 'title');
$out[] = tag(hu, 'link');
$out[] = tag(doSpecial($site_slogan), 'description');
$last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
$out[] = tag(safe_strftime('rfc822', $last), 'pubDate');
$articles = array();
if (!$area or $area == 'article') {
$sfilter = $section ? "and Section = '" . $section . "'" : '';
$cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : '';
$limit = $limit ? $limit : $rss_how_many;
$limit = intval(min($limit, max(100, $rss_how_many)));
$frs = safe_column("name", "txp_section", "in_rss != '1'");
if ($frs) {
foreach ($frs as $f) {
$query[] = "and Section != '" . doSlash($f) . "'";
}
}
$query[] = $sfilter;
$query[] = $cfilter;
$rs = safe_rows_start("*, unix_timestamp(Posted) as uPosted, ID as thisid", "textpattern", "Status = 4 " . join(' ', $query) . "and Posted < now() order by Posted desc limit {$limit}");
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
populateArticleData($a);
$cb = callback_event('rss_entry');
$a['posted'] = $uPosted;
$permlink = permlinkurl($a);
$summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink));
$content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink));
if ($syndicate_body_or_excerpt) {
# short feed: use body as summary if there's no excerpt
if (!trim($summary)) {
$summary = $content;
}
$content = '';
}
if ($show_comment_count_in_feed) {
$count = $comments_count > 0 ? ' [' . $comments_count . ']' : '';
} else {
$count = '';
}
$Title = escape_output(strip_tags($Title)) . $count;
$thisauthor = get_author_name($AuthorID);
$item = tag($Title, 'title') . n . (trim($summary) ? tag(n . escape_cdata($summary) . n, 'description') . n : '') . (trim($content) ? tag(n . escape_cdata($content) . n, 'content:encoded') . n : '') . tag($permlink, 'link') . n . tag(safe_strftime('rfc822', $a['posted']), 'pubDate') . n . tag(htmlspecialchars($thisauthor), 'dc:creator') . n . tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'guid', ' isPermaLink="false"') . n . $cb;
$articles[$ID] = tag($item, 'item');
$etags[$ID] = strtoupper(dechex(crc32($articles[$ID])));
$dates[$ID] = $uPosted;
}
}
} elseif ($area == 'link') {
$cfilter = $category ? "category='{$category}'" : '1';
$limit = $limit ? $limit : $rss_how_many;
$limit = intval(min($limit, max(100, $rss_how_many)));
$rs = safe_rows_start("*, unix_timestamp(date) as uDate", "txp_link", "{$cfilter} order by date desc limit {$limit}");
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
$item = tag(doSpecial($linkname), 'title') . n . tag(doSpecial($description), 'description') . n . tag(doSpecial($url), 'link') . n . tag(safe_strftime('rfc822', $uDate), 'pubDate');
$articles[$id] = tag($item, 'item');
$etags[$id] = strtoupper(dechex(crc32($articles[$id])));
$dates[$id] = $date;
}
}
}
//turn on compression if we aren't using it already
if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) {
@ob_start("ob_gzhandler");
}
handle_lastmod();
$hims = serverset('HTTP_IF_MODIFIED_SINCE');
$imsd = $hims ? strtotime($hims) : 0;
if (is_callable('apache_request_headers')) {
$headers = apache_request_headers();
if (isset($headers["A-IM"])) {
$canaim = strpos($headers["A-IM"], "feed");
} else {
$canaim = false;
}
} else {
$canaim = false;
}
$hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH'));
$cutarticles = false;
if ($canaim !== false) {
foreach ($articles as $id => $thing) {
if (strpos($hinm, $etags[$id]) !== false) {
unset($articles[$id]);
$cutarticles = true;
$cut_etag = true;
}
if ($dates[$id] < $imsd) {
unset($articles[$id]);
$cutarticles = true;
$cut_time = true;
}
}
}
if (isset($cut_etag) && isset($cut_time)) {
header("Vary: If-None-Match, If-Modified-Since");
} else {
if (isset($cut_etag)) {
header("Vary: If-None-Match");
} else {
if (isset($cut_time)) {
header("Vary: If-Modified-Since");
}
}
}
$etag = @join("-", $etags);
if (strstr($hinm, $etag)) {
header("HTTP/1.1 304 Not Modified");
exit;
}
if ($cutarticles) {
//header("HTTP/1.1 226 IM Used");
//This should be used as opposed to 200, but Apache doesn't like it.
//http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200.
header("Cache-Control: no-store, im");
header("IM: feed");
}
$out = array_merge($out, $articles);
header("Content-Type: application/rss+xml; charset=utf-8");
if ($etag) {
header('ETag: "' . $etag . '"');
}
return '<?xml version="1.0" encoding="utf-8"?>' . n . '<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/">' . n . tag(join(n, $out), 'channel') . n . '</rss>';
}