/**
 * Fiddle with the article's category selects
 */
function wet_article_partial_category_1($rs)
{
    static $cats = null;
    if ($cats == null) {
        $cats = getTree('root', 'article');
    }
    // Make radio buttons, not drop-downs
    $out = array();
    if ($cats) {
        foreach ($cats as $c) {
            $c = doSpecial($c);
            $id = 'wet_cat-' . $c['name'];
            $out[] = radio('Category1', $c['name'], $rs['Category1'] == $c['name'] ? '1' : '', 'cat-' . $c['name']) . "<label for='{$id}'>{$c['title']}</label>";
        }
    }
    return '<ul class="plain-list"><li>' . join('</li><li>', $out) . '</li></ul>';
}
示例#2
0
/**
 * Render a link element to hook up txpAsyncHref() with request parameters
 *
 * @param 	string 	$item	Link text
 * @param 	array	$parms	Request parameters; array keys are 'event', 'step', 'thing', 'property'
 * @param 	string 	$atts	HTML attributes
 * @return 	string 	HTML
 * @since 4.5.0
 * @see textpattern.js: txpAsyncHref
 */
function asyncHref($item, $parms, $atts = '')
{
    extract(doSpecial(lAtts(array('event' => $GLOBALS['event'], 'step' => $GLOBALS['step'], 'thing' => '', 'property' => ''), $parms)));
    $class = "{$step} async";
    $href = "?event={$event}&amp;step={$step}&amp;thing={$thing}&amp;property={$property}";
    if (AJAXALLY_CHALLENGED) {
        $href .= '&amp;value=' . txpspecialchars($item) . '&amp;_txp_token=' . form_token();
    }
    return href($item, $href, $atts . " class=\"{$class}\"");
}
示例#3
0
function linklist($atts)
{
    global $thislink;
    extract(lAtts(array('form' => 'plainlinks', 'sort' => 'linksort', 'label' => '', 'break' => '', 'limit' => '', 'wraptag' => '', 'category' => '', 'class' => __FUNCTION__), $atts));
    $Form = fetch_form($form);
    $qparts = array($category ? "category='{$category}'" : '1', "order by", $sort, $limit ? "limit {$limit}" : '');
    $rs = safe_rows_start("*", "txp_link", join(' ', $qparts));
    if ($rs) {
        if ($label) {
            $outlist[] = $label;
        }
        while ($a = nextRow($rs)) {
            extract($a);
            $linkname = str_replace("& ", "&#38; ", $linkname);
            $link = '<a href="' . doSpecial($url) . '">' . $linkname . '</a>';
            $linkdesctitle = '<a href="' . doSpecial($url) . '" title="' . $description . '">' . $linkname . '</a>';
            $thislink = $a;
            $out = str_replace("<txp:link />", $link, $Form);
            $out = str_replace("<txp:linkdesctitle />", $linkdesctitle, $out);
            $out = str_replace("<txp:link_description />", $description, $out);
            $outlist[] = parse($out);
        }
        if (!empty($outlist)) {
            return doWrap($outlist, $wraptag, $break, $class);
        }
    }
    return false;
}
示例#4
0
function rss()
{
    global $prefs, $txpac;
    extract($prefs);
    ob_start();
    extract(doSlash(gpsa(array('category', 'section', 'limit', 'area'))));
    // send a 304 if nothing has changed since the last visit
    $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
    $last = gmdate("D, d M Y H:i:s \\G\\M\\T", $last);
    header("Last-Modified: {$last}");
    $hims = serverset('HTTP_IF_MODIFIED_SINCE');
    if ($hims == $last) {
        header("HTTP/1.1 304 Not Modified");
        exit;
    }
    $area = gps('area');
    $sitename .= $section ? ' - ' . $section : '';
    $sitename .= $category ? ' - ' . $category : '';
    $out[] = tag(doSpecial($sitename), 'title');
    $out[] = tag('http://' . $siteurl . $path_from_root, 'link');
    $out[] = tag(doSpecial($site_slogan), 'description');
    if (!$area or $area == 'article') {
        $sfilter = $section ? "and Section = '" . $section . "'" : '';
        $cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : '';
        $limit = $limit ? $limit : '5';
        $frs = safe_column("name", "txp_section", "in_rss != '1'");
        if ($frs) {
            foreach ($frs as $f) {
                $query[] = "and Section != '" . $f . "'";
            }
        }
        $query[] = $sfilter;
        $query[] = $cfilter;
        $rs = safe_rows("*", "textpattern", "Status = 4 " . join(' ', $query) . "and Posted < now() order by Posted desc limit {$limit}");
        if ($rs) {
            foreach ($rs as $a) {
                extract($a);
                $Body = !$txpac['syndicate_body_or_excerpt'] ? $Body_html : $Excerpt;
                $Body = !trim($Body) ? $Body_html : $Body;
                $Body = str_replace('href="/', 'href="http://' . $siteurl . '/', $Body);
                $Body = htmlspecialchars($Body, ENT_NOQUOTES);
                $link = $url_mode == 0 ? 'http://' . $siteurl . $path_from_root . 'index.php?id=' . $ID : 'http://' . $siteurl . $path_from_root . $Section . '/' . $ID . '/';
                if ($txpac['show_comment_count_in_feed']) {
                    $dc = getCount('txp_discuss', "parentid={$ID} and visible=1");
                    $count = $dc > 0 ? ' [' . $dc . ']' : '';
                } else {
                    $count = '';
                }
                $Title = doSpecial($Title) . $count;
                $item = tag(strip_tags($Title), 'title') . n . tag($Body, 'description') . n . tag($link, 'link');
                $out[] = tag($item, 'item');
            }
            header("Content-Type: text/xml");
            return '<rss version="0.92">' . tag(join(n, $out), 'channel') . '</rss>';
        }
    } elseif ($area == 'link') {
        $cfilter = $category ? "category='{$category}'" : '1';
        $limit = $limit ? $limit : 15;
        $rs = safe_rows("*", "txp_link", "{$cfilter} order by date desc limit {$limit}");
        if ($rs) {
            foreach ($rs as $a) {
                extract($a);
                $item = tag(doSpecial($linkname), 'title') . n . tag(doSpecial($description), 'description') . n . tag($url, 'link');
                $out[] = tag($item, 'item');
            }
            header("Content-Type: text/xml");
            return '<rss version="0.92">' . tag(join(n, $out), 'channel') . '</rss>';
        }
    }
    return 'no articles recorded yet';
}
示例#5
0
function render_feed($rs, $area, $type, $feedtitle, $atom_self_ref, $atom_id_ext)
{
    global $prefs, $thisarticle;
    extract($prefs);
    set_error_handler('tagErrorHandler');
    $atom = $type == 'atom';
    if ($atom) {
        define("t_texthtml", ' type="text/html"');
        define("t_text", ' type="text"');
        define("t_html", ' type="html"');
        define("t_xhtml", ' type="xhtml"');
        define('t_appxhtml', ' type="xhtml"');
        define("r_relalt", ' rel="alternate"');
        define("r_relself", ' rel="self"');
    } else {
        define("t_texthtml", '');
        define("t_text", '');
        define("t_html", '');
        define("t_xhtml", '');
        define('t_appxhtml', '');
        define("r_relalt", '');
        define("r_relself", '');
    }
    $dn = explode('/', $siteurl);
    $mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0];
    $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
    if ($atom) {
        $out[] = tag('Textpattern', 'generator', ' uri="http://textpattern.com/" version="' . $version . '"');
        $out[] = tag(htmlspecialchars($feedtitle), 'title', t_text);
        $out[] = tag(htmlspecialchars($site_slogan), 'subtitle', t_text);
        $out[] = tag(safe_strftime("w3cdtf", $last), 'updated');
        $out[] = '<link' . r_relself . ' href="' . $atom_self_ref . '" />';
        $out[] = '<link' . r_relalt . t_texthtml . ' href="' . hu . '" />';
        //Atom feeds with mail or domain name
        $out[] = tag('tag:' . $mail_or_domain . ',' . $blog_time_uid . ':' . $blog_uid . $atom_id_ext, 'id');
        $pub = safe_row("RealName, email", "txp_users", "privs=1");
        $auth[] = tag($pub['RealName'], 'name');
        $auth[] = $include_email_atom ? tag(eE($pub['email']), 'email') : '';
        $auth[] = tag(hu, 'uri');
        $out[] = tag(n . t . t . join(n . t . t, $auth) . n, 'author');
    } else {
        $out[] = tag('http://textpattern.com/?v=' . $version, 'generator');
        $out[] = tag(doSpecial($feedtitle), 'title');
        $out[] = tag(doSpecial($site_slogan), 'description');
        $out[] = tag(safe_strftime('rfc822', $last), 'pubDate');
        $out[] = tag(hu, 'link');
        $out[] = '<atom:link href="' . $atom_self_ref . '" rel="self" type="application/rss+xml" />';
    }
    $out[] = callback_event($atom ? 'atom_head' : 'rss_head');
    $articles = array();
    if (!$area or $area == 'article') {
        if ($rs) {
            while ($a = nextRow($rs)) {
                extract($a);
                populateArticleData($a);
                $cb = callback_event($atom ? 'atom_entry' : 'rss_entry');
                $e = array();
                $thisauthor = doSpecial(get_author_name($AuthorID));
                $thisauthor = tag($thisauthor, $atom ? 'name' : 'dc:creator');
                if ($atom) {
                    $thisauthor = tag(n . t . t . t . $thisauthor . n . t . t, 'author');
                }
                $e['thisauthor'] = $thisauthor;
                if ($atom) {
                    $e['issued'] = tag(safe_strftime('w3cdtf', $uPosted), 'published');
                } else {
                    $e['issued'] = tag(safe_strftime('rfc822', $uPosted), 'pubDate');
                }
                if ($atom) {
                    $e['modified'] = tag(safe_strftime('w3cdtf', $uLastMod), 'updated');
                    $e['category1'] = trim($Category1) ? '<category term="' . doSpecial($Category1) . '" />' : '';
                    $e['category2'] = trim($Category2) ? '<category term="' . doSpecial($Category2) . '" />' : '';
                }
                $count = '';
                if ($show_comment_count_in_feed && $comments_count > 0) {
                    $count = ' [' . $comments_count . ']';
                }
                $escaped_title = $atom ? htmlspecialchars($Title) : htmlspecialchars(strip_tags($Title));
                $e['title'] = tag($escaped_title . $count, 'title', t_html);
                $a['posted'] = $uPosted;
                $permlink = permlinkurl($a);
                if ($atom) {
                    $e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $permlink . '" />';
                } else {
                    $e['link'] = tag($permlink, 'link');
                }
                $e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, $atom ? 'id' : 'guid', $atom ? '' : ' isPermaLink="false"');
                $summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink));
                $content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink));
                if ($syndicate_body_or_excerpt) {
                    # short feed: use body as summary if there's no excerpt
                    if (!trim($summary)) {
                        $summary = $content;
                    }
                    $content = '';
                }
                if (trim($summary)) {
                    $e['summary'] = tag(n . escape_cdata($summary) . n, $atom ? 'summary' : 'description', t_html);
                }
                if (trim($content)) {
                    $e['content'] = tag(n . escape_cdata($content) . n, $atom ? 'content' : 'content:encoded', t_html);
                }
                $articles[$ID] = tag(n . t . t . join(n . t . t, $e) . n . $cb, $atom ? 'entry' : 'item');
                $etags[$ID] = strtoupper(dechex(crc32($articles[$ID])));
                $dates[$ID] = $atom ? $uLastMod : $uPosted;
            }
        }
    } elseif ($area == 'link') {
        if ($rs) {
            while ($a = nextRow($rs)) {
                extract($a);
                $e['title'] = tag(doSpecial($linkname), 'title', t_html);
                if ($atom) {
                    $e['content'] = tag(n . doSpecial($description) . n, 'content', t_html);
                    $url = preg_replace("/^\\/(.*)/", "https?://{$siteurl}/\$1", $url);
                    $url = preg_replace("/&((?U).*)=/", "&amp;\\1=", $url);
                    $e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $url . '" />';
                    $e['issued'] = tag(safe_strftime('w3cdtf', strtotime($date)), 'published');
                    $e['modified'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', strtotime($date)), 'updated');
                    $e['id'] = tag('tag:' . $mail_or_domain . ',' . safe_strftime('%Y-%m-%d', strtotime($date)) . ':' . $blog_uid . '/' . $id, 'id');
                } else {
                    $e['content'] = tag(doSpecial($description), 'description');
                    $e['link'] = tag(doSpecial($url), 'link');
                    $e['issued'] = tag(safe_strftime('rfc822', $uDate), 'pubDate');
                }
                $articles[$id] = tag(n . t . t . join(n . t . t, $e) . n, $atom ? 'entry' : 'item');
                $etags[$id] = strtoupper(dechex(crc32($articles[$id])));
                $dates[$id] = $date;
            }
        }
    }
    if (!$articles) {
        if ($section) {
            if (safe_field('name', 'txp_section', "name = '{$section}'") == false) {
                txp_die(gTxt('404_not_found'), '404');
            }
        } elseif ($category) {
            switch ($area) {
                case 'link':
                    if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'link'") == false) {
                        txp_die(gTxt('404_not_found'), '404');
                    }
                    break;
                case 'article':
                default:
                    if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'article'") == false) {
                        txp_die(gTxt('404_not_found'), '404');
                    }
                    break;
            }
        }
    } else {
        //turn on compression if we aren't using it already
        if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) {
            // make sure notices/warnings/errors don't
            // fudge up the feed when compression is used
            $buf = '';
            while ($b = @ob_get_clean()) {
                $buf .= $b;
            }
            @ob_start('ob_gzhandler');
            echo $buf;
        }
        handle_lastmod();
        $hims = serverset('HTTP_IF_MODIFIED_SINCE');
        $imsd = $hims ? strtotime($hims) : 0;
        if (is_callable('apache_request_headers')) {
            $headers = apache_request_headers();
            if (isset($headers["A-IM"])) {
                $canaim = strpos($headers["A-IM"], "feed");
            } else {
                $canaim = false;
            }
        } else {
            $canaim = false;
        }
        $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH'));
        $cutarticles = false;
        if ($canaim !== false) {
            foreach ($articles as $id => $thing) {
                if (strpos($hinm, $etags[$id]) !== false) {
                    unset($articles[$id]);
                    $cutarticles = true;
                    $cut_etag = true;
                }
                if ($dates[$id] < $imsd) {
                    unset($articles[$id]);
                    $cutarticles = true;
                    $cut_time = true;
                }
            }
        }
        if (isset($cut_etag) && isset($cut_time)) {
            header("Vary: If-None-Match, If-Modified-Since");
        } else {
            if (isset($cut_etag)) {
                header("Vary: If-None-Match");
            } else {
                if (isset($cut_time)) {
                    header("Vary: If-Modified-Since");
                }
            }
        }
        $etag = @join("-", $etags);
        if (strstr($hinm, $etag)) {
            txp_status_header('304 Not Modified');
            exit(0);
        }
        if ($etag) {
            header('ETag: "' . $etag . '"');
        }
        if ($cutarticles) {
            //header("HTTP/1.1 226 IM Used");
            //This should be used as opposed to 200, but Apache doesn't like it.
            //http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200.
            header("Cache-Control: no-store, im");
            header("IM: feed");
        }
    }
    $out = array_merge($out, $articles);
    header('Content-type: application/' . ($atom ? 'atom' : 'rss') . '+xml; charset=utf-8');
    if ($atom) {
        return chr(60) . '?xml version="1.0" encoding="UTF-8"?' . chr(62) . n . '<feed xml:lang="' . $language . '" xmlns="http://www.w3.org/2005/Atom">' . n . join(n, $out) . '</feed>';
    } else {
        return '<?xml version="1.0" encoding="utf-8"?>' . n . '<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom">' . n . tag(join(n, $out), 'channel') . n . '</rss>';
    }
}
示例#6
0
function author_list()
{
    global $txp_user;
    echo n . n . hed(gTxt('authors'), 3, ' style="text-align: center;"') . n . n . startTable('list') . n . tr(n . hCell(gTxt('real_name')) . n . hCell(gTxt('login_name')) . n . hCell(gTxt('email')) . n . hCell(gTxt('privileges')) . n . hCell() . n . hCell());
    $rs = safe_rows_start('*', 'txp_users', '1 = 1 order by name asc');
    if ($rs) {
        if (has_privs('admin.edit')) {
            while ($a = nextRow($rs)) {
                extract($a);
                echo n . n . '<tr>' . n . '<form method="post" action="index.php">' . n . td(fInput('text', 'RealName', $RealName, 'edit')) . td(htmlspecialchars($name)) . td(fInput('text', 'email', $email, 'edit'));
                if ($name != $txp_user) {
                    echo td(privs($privs) . sp . popHelp('about_privileges'));
                } else {
                    echo td(get_priv_level($privs) . sp . popHelp('about_privileges') . hInput('privs', $privs));
                }
                echo td(fInput('submit', 'save', gTxt('save'), 'smallerbox')) . n . hInput('user_id', $user_id) . n . eInput('admin') . n . sInput('author_save') . n . '</form>';
                if ($name != $txp_user) {
                    echo td(dLink('admin', 'author_delete', 'user_id', $user_id));
                } else {
                    echo td();
                }
                echo n . '</tr>';
            }
        } else {
            while ($a = nextRow($rs)) {
                extract(doSpecial($a));
                echo tr(td($RealName) . td($name) . td('<a href="mailto:' . $email . '">' . $email . '</a>') . td(get_priv_level($privs) . sp . popHelp('about_privileges') . hInput('privs', $privs)) . td() . td());
            }
        }
        echo n . endTable();
    }
}
示例#7
0
function rss()
{
    global $prefs, $thisarticle;
    set_error_handler('feedErrorHandler');
    ob_clean();
    extract($prefs);
    extract(doSlash(gpsa(array('limit', 'area'))));
    // build filter criteria from a comma-separated list of sections and categories
    $feed_filter_limit = get_pref('feed_filter_limit', 10);
    $section = gps('section');
    $category = gps('category');
    if (!is_scalar($section) || !is_scalar($category)) {
        txp_die('Not Found', 404);
    }
    $section = $section ? array_slice(array_unique(do_list($section)), 0, $feed_filter_limit) : array();
    $category = $category ? array_slice(array_unique(do_list($category)), 0, $feed_filter_limit) : array();
    $st = array();
    foreach ($section as $s) {
        $st[] = fetch_section_title($s);
    }
    $ct = array();
    foreach ($category as $c) {
        $ct[] = fetch_category_title($c);
    }
    $sitename .= $section ? ' - ' . join(' - ', $st) : '';
    $sitename .= $category ? ' - ' . join(' - ', $ct) : '';
    $dn = explode('/', $siteurl);
    $mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0];
    // feed header
    $out[] = tag('http://textpattern.com/?v=' . $version, 'generator');
    $out[] = tag(doSpecial($sitename), 'title');
    $out[] = tag(hu, 'link');
    $out[] = '<atom:link href="' . pagelinkurl(array('rss' => 1, 'area' => $area, 'section' => $section, 'category' => $category, 'limit' => $limit)) . '" rel="self" type="application/rss+xml" />';
    $out[] = tag(doSpecial($site_slogan), 'description');
    $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
    $out[] = tag(safe_strftime('rfc822', $last), 'pubDate');
    $out[] = callback_event('rss_head');
    // feed items
    $articles = array();
    $section = doSlash($section);
    $category = doSlash($category);
    if (!$area or $area == 'article') {
        $sfilter = !empty($section) ? "and Section in ('" . join("','", $section) . "')" : '';
        $cfilter = !empty($category) ? "and (Category1 in ('" . join("','", $category) . "') or Category2 in ('" . join("','", $category) . "'))" : '';
        $limit = $limit ? $limit : $rss_how_many;
        $limit = intval(min($limit, max(100, $rss_how_many)));
        $frs = safe_column("name", "txp_section", "in_rss != '1'");
        if ($frs) {
            foreach ($frs as $f) {
                $query[] = "and Section != '" . doSlash($f) . "'";
            }
        }
        $query[] = $sfilter;
        $query[] = $cfilter;
        $expired = $publish_expired_articles ? '' : ' and (now() <= Expires or Expires = ' . NULLDATETIME . ') ';
        $rs = safe_rows_start("*, unix_timestamp(Posted) as uPosted, unix_timestamp(LastMod) as uLastMod, unix_timestamp(Expires) as uExpires, ID as thisid", "textpattern", "Status = 4 " . join(' ', $query) . "and Posted < now()" . $expired . "order by Posted desc limit {$limit}");
        if ($rs) {
            while ($a = nextRow($rs)) {
                extract($a);
                populateArticleData($a);
                $cb = callback_event('rss_entry');
                $a['posted'] = $uPosted;
                $permlink = permlinkurl($a);
                $summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink));
                $content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink));
                if ($syndicate_body_or_excerpt) {
                    # short feed: use body as summary if there's no excerpt
                    if (!trim($summary)) {
                        $summary = $content;
                    }
                    $content = '';
                }
                if ($show_comment_count_in_feed) {
                    $count = $comments_count > 0 ? ' [' . $comments_count . ']' : '';
                } else {
                    $count = '';
                }
                $Title = escape_title(strip_tags($Title)) . $count;
                $thisauthor = get_author_name($AuthorID);
                $item = tag($Title, 'title') . n . (trim($summary) ? tag(n . escape_cdata($summary) . n, 'description') . n : '') . (trim($content) ? tag(n . escape_cdata($content) . n, 'content:encoded') . n : '') . tag($permlink, 'link') . n . tag(safe_strftime('rfc822', $a['posted']), 'pubDate') . n . tag(htmlspecialchars($thisauthor), 'dc:creator') . n . tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'guid', ' isPermaLink="false"') . n . $cb;
                $articles[$ID] = tag($item, 'item');
                $etags[$ID] = strtoupper(dechex(crc32($articles[$ID])));
                $dates[$ID] = $uPosted;
            }
        }
    } elseif ($area == 'link') {
        $cfilter = $category ? "category in ('" . join("','", $category) . "')" : '1';
        $limit = $limit ? $limit : $rss_how_many;
        $limit = intval(min($limit, max(100, $rss_how_many)));
        $rs = safe_rows_start("*, unix_timestamp(date) as uDate", "txp_link", "{$cfilter} order by date desc limit {$limit}");
        if ($rs) {
            while ($a = nextRow($rs)) {
                extract($a);
                $item = tag(doSpecial($linkname), 'title') . n . tag(doSpecial($description), 'description') . n . tag(doSpecial($url), 'link') . n . tag(safe_strftime('rfc822', $uDate), 'pubDate');
                $articles[$id] = tag($item, 'item');
                $etags[$id] = strtoupper(dechex(crc32($articles[$id])));
                $dates[$id] = $date;
            }
        }
    }
    if (!$articles) {
        if ($section) {
            if (safe_field('name', 'txp_section', "name in ('" . join("','", $section) . "')") == false) {
                txp_die(gTxt('404_not_found'), '404');
            }
        } elseif ($category) {
            switch ($area) {
                case 'link':
                    if (safe_field('id', 'txp_category', "name = '{$category}' and type = 'link'") == false) {
                        txp_die(gTxt('404_not_found'), '404');
                    }
                    break;
                case 'article':
                default:
                    if (safe_field('id', 'txp_category', "name in ('" . join("','", $category) . "') and type = 'article'") == false) {
                        txp_die(gTxt('404_not_found'), '404');
                    }
                    break;
            }
        }
    } else {
        //turn on compression if we aren't using it already
        if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) {
            // make sure notices/warnings/errors don't fudge up the feed
            // when compression is used
            $buf = '';
            while ($b = @ob_get_clean()) {
                $buf .= $b;
            }
            @ob_start('ob_gzhandler');
            echo $buf;
        }
        handle_lastmod();
        $hims = serverset('HTTP_IF_MODIFIED_SINCE');
        $imsd = $hims ? strtotime($hims) : 0;
        if (is_callable('apache_request_headers')) {
            $headers = apache_request_headers();
            if (isset($headers["A-IM"])) {
                $canaim = strpos($headers["A-IM"], "feed");
            } else {
                $canaim = false;
            }
        } else {
            $canaim = false;
        }
        $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH'));
        $cutarticles = false;
        if ($canaim !== false) {
            foreach ($articles as $id => $thing) {
                if (strpos($hinm, $etags[$id]) !== false) {
                    unset($articles[$id]);
                    $cutarticles = true;
                    $cut_etag = true;
                }
                if ($dates[$id] < $imsd) {
                    unset($articles[$id]);
                    $cutarticles = true;
                    $cut_time = true;
                }
            }
        }
        if (isset($cut_etag) && isset($cut_time)) {
            header("Vary: If-None-Match, If-Modified-Since");
        } else {
            if (isset($cut_etag)) {
                header("Vary: If-None-Match");
            } else {
                if (isset($cut_time)) {
                    header("Vary: If-Modified-Since");
                }
            }
        }
        $etag = @join("-", $etags);
        if (strstr($hinm, $etag)) {
            txp_status_header('304 Not Modified');
            exit(0);
        }
        if ($cutarticles) {
            //header("HTTP/1.1 226 IM Used");
            //This should be used as opposed to 200, but Apache doesn't like it.
            //http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200.
            header("Cache-Control: no-store, im");
            header("IM: feed");
        }
    }
    $out = array_merge($out, $articles);
    header("Content-Type: application/rss+xml; charset=utf-8");
    if (isset($etag)) {
        header('ETag: "' . $etag . '"');
    }
    return '<?xml version="1.0" encoding="utf-8"?>' . n . '<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom">' . n . tag(join(n, $out), 'channel') . n . '</rss>';
}
示例#8
0
function author_list()
{
    global $txp_user, $author_list_pageby;
    extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
    if (!in_array($sort, array('name', 'RealName', 'email', 'privs', 'last_login'))) {
        $sort = 'name';
    }
    $dir = $dir == 'desc' ? 'desc' : 'asc';
    $sort_sql = $sort . ' ' . $dir;
    $switch_dir = $dir == 'desc' ? 'asc' : 'desc';
    $total = getCount('txp_users', '1=1');
    $limit = max($author_list_pageby, 15);
    list($page, $offset, $numPages) = pager($total, $limit, $page);
    $rs = safe_rows_start('*, unix_timestamp(last_access) as last_login', 'txp_users', '1 = 1 order by ' . $sort_sql . ' limit ' . $offset . ', ' . $limit);
    if ($rs) {
        echo '<form action="index.php" method="post" name="longform" onsubmit="return verify(\'' . gTxt('are_you_sure') . '\')">' . startTable('list') . tr(column_head('login_name', 'name', 'admin', true, $switch_dir, '', '', 'name' == $sort ? $dir : '') . column_head('real_name', 'RealName', 'admin', true, $switch_dir, '', '', 'RealName' == $sort ? $dir : '') . column_head('email', 'email', 'admin', true, $switch_dir, '', '', 'email' == $sort ? $dir : '') . column_head('privileges', 'privs', 'admin', true, $switch_dir, '', '', 'privs' == $sort ? $dir : '') . column_head('last_login', 'last_login', 'admin', true, $switch_dir, '', '', 'last_login' == $sort ? $dir : '') . hCell() . hCell());
        while ($a = nextRow($rs)) {
            extract(doSpecial($a));
            echo tr(td($name) . td($RealName) . td('<a href="mailto:' . $email . '">' . $email . '</a>') . td(get_priv_level($privs)) . td($last_login ? safe_strftime('%b&#160;%Y', $last_login) : '') . td(has_privs('admin.edit') ? eLink('admin', 'author_edit', 'user_id', $user_id, gTxt('edit')) : '') . td((has_privs('admin.edit') and $txp_user != $a['name']) ? fInput('checkbox', 'selected[]', $a['name']) : ''));
        }
        echo n . n . tr(tda(select_buttons() . author_multiedit_form($page, $sort, $dir, $crit, $search_method), ' colspan="6" style="text-align: right; border: none;"')) . endTable() . '</form>' . nav_form('admin', $page, $numPages, $sort, $dir, $crit, $search_method) . pageby_form('admin', $author_list_pageby);
    }
}
示例#9
0
function link_url()
{
    global $thislink;
    assert_link();
    return doSpecial($thislink['url']);
}
示例#10
0
function makeConfig($ar)
{
    define("nl", "';\n");
    define("o", '$txpcfg[\'');
    define("m", "'] = '");
    $open = chr(60) . '?php';
    $close = '?' . chr(62);
    // Escape single quotes and backslashes in literal PHP strings
    foreach ($ar as $k => $v) {
        $ar[$k] = addcslashes($ar[$k], "'\\");
    }
    $ar = doSpecial($ar);
    extract($ar);
    return $open . "\n" . o . 'db' . m . $ddb . nl . o . 'user' . m . $duser . nl . o . 'pass' . m . $dpass . nl . o . 'host' . m . $dhost . nl . ($dclient_flags ? o . 'client_flags' . "'] = " . $dclient_flags . ";\n" : '') . o . 'table_prefix' . m . $dprefix . nl . o . 'txpath' . m . txpath . nl . o . 'dbcharset' . m . $dbcharset . nl . $close;
}
示例#11
0
function atom()
{
    global $thisarticle;
    extract($GLOBALS['prefs']);
    define("textplain", ' type="text/plain"');
    define("texthtml", ' type="text/html"');
    define("relalt", ' rel="alternate"');
    define('appxhtml', ' type="application/xhtml+xml"');
    define("divxhtml", '<div xmlns="http://www.w3.org/1999/xhtml">');
    $area = doSlash(gps('area'));
    extract(doSlash(gpsa(array('category', 'section', 'limit'))));
    $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
    $sitename .= $section ? ' - ' . $section : '';
    $sitename .= $category ? ' - ' . $category : '';
    $pub = safe_row("RealName, email", "txp_users", "privs=1");
    $out[] = tag($sitename, 'title', textplain);
    $out[] = tag($site_slogan, 'tagline', textplain);
    $out[] = '<link' . relalt . texthtml . ' href="' . hu . '" />';
    $articles = array();
    //Atom feeds with mail or domain name
    $dn = explode('/', $siteurl);
    $mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0];
    $out[] = tag('tag:' . $mail_or_domain . ',' . $blog_time_uid . ':' . $blog_uid . ($section ? '/' . $section : '') . ($category ? '/' . $category : ''), 'id');
    $out[] = tag('Textpattern', 'generator', ' url="http://textpattern.com" version="' . $version . '"');
    $out[] = tag(date("Y-m-d\\TH:i:s\\Z", $last), 'modified');
    $auth[] = tag($pub['RealName'], 'name');
    $auth[] = $include_email_atom ? tag(eE($pub['email']), 'email') : '';
    $auth[] = tag(hu, 'url');
    $out[] = tag(n . t . t . join(n . t . t, $auth) . n, 'author');
    if (!$area or $area == 'article') {
        $sfilter = $section ? "and Section = '" . $section . "'" : '';
        $cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : '';
        $limit = $limit ? $limit : '5';
        $frs = safe_column("name", "txp_section", "in_rss != '1'");
        foreach ($frs as $f) {
            $query[] = "and Section != '" . $f . "'";
        }
        $query[] = $sfilter;
        $query[] = $cfilter;
        $rs = safe_rows_start("*, \n\t\t\t\tID as thisid, \n\t\t\t\tunix_timestamp(Posted) as uPosted,\n\t\t\t\tunix_timestamp(LastMod) as uLastMod", "textpattern", "Status=4 and Posted <= now() " . join(' ', $query) . "order by Posted desc limit {$limit}");
        if ($rs) {
            while ($a = nextRow($rs)) {
                extract($a);
                populateArticleData($a);
                $a['posted'] = $uPosted;
                if ($show_comment_count_in_feed) {
                    $dc = getCount('txp_discuss', "parentid={$ID} and visible=1");
                    $count = $dc > 0 ? ' [' . $dc . ']' : '';
                } else {
                    $count = '';
                }
                $thisauthor = safe_field("RealName", "txp_users", "name='{$AuthorID}'");
                $e['thisauthor'] = tag(n . t . t . t . tag(htmlspecialchars($thisauthor), 'name') . n . t . t, 'author');
                $e['issued'] = tag(gmdate("Y-m-d\\TH:i:s\\Z", $uPosted), 'issued');
                $e['modified'] = tag(gmdate("Y-m-d\\TH:i:s\\Z", $uLastMod), 'modified');
                $escaped_title = safe_hed($Title);
                $escaped_title = preg_replace("/&(?![#a-z0-9]+;)/i", '&amp;', $escaped_title);
                $escaped_title = str_replace('<', '&lt;', $escaped_title);
                $escaped_title = str_replace('>', '&gt;', $escaped_title);
                $e['title'] = tag($escaped_title . $count, 'title');
                $uTitle = $url_title ? $url_title : stripSpace($Title);
                $uTitle = htmlspecialchars($uTitle, ENT_NOQUOTES);
                $permlink = permlinkurl($a);
                $e['link'] = '<link' . relalt . texthtml . ' href="' . $permlink . '" />';
                $e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'id');
                $e['subject'] = tag(htmlspecialchars($Category1), 'dc:subject');
                // pull Body or Excerpt?
                $Body = !$syndicate_body_or_excerpt ? $thisarticle['body'] : $thisarticle['excerpt'];
                // if Excerpt is empty, switch back to Body_html
                $Body = !trim($Body) ? $thisarticle['body'] : $Body;
                // fix relative urls
                $Body = str_replace('href="/', 'href="' . hu, $Body);
                $Body = preg_replace("/href=\\\"#(.*)\"/", "href=\"" . permlinkurl($a) . "#\\1\"", $Body);
                $Body = safe_hed($Body);
                // encode and entify
                $Body = preg_replace(array('/</', '/>/', "/'/", '/"/'), array('&#60;', '&#62;', '&#039;', '&#34;'), $Body);
                // encode bare ampersands
                $Body = preg_replace("/&(?![#0-9]+;|\\w+;)/i", '&amp;', $Body);
                $e['content'] = tag(n . $Body . n, 'content', ' type="text/html" mode="escaped"');
                $articles[$ID] = tag(n . t . t . join(n . t . t, $e) . n, 'entry');
                $etags[$ID] = strtoupper(dechex(crc32($articles[$ID])));
                $dates[$ID] = $uLastMod;
            }
        }
    } elseif ($area == 'link') {
        $cfilter = $category ? "category='{$category}'" : '1';
        $limit = $limit ? $limit : 15;
        $rs = safe_rows_start("*", "txp_link", "{$cfilter} order by date desc limit {$limit}");
        if ($rs) {
            while ($a = nextRow($rs)) {
                extract($a);
                $e['title'] = tag(doSpecial($linkname), 'title');
                $content = utf8_encode(htmlspecialchars($description));
                $e['content'] = tag(n . $description . n, 'content', ' type="text/html" mode="escaped"');
                $url = preg_replace("/^\\/(.*)/", "http://{$siteurl}/\$1", $url);
                $url = preg_replace("/&((?U).*)=/", "&amp;\\1=", $url);
                $e['link'] = '<link' . relalt . texthtml . ' href="' . $url . '" />';
                $e['issued'] = tag(gmdate("Y-m-d\\TH:i:s\\Z", $date), 'issued');
                $e['modified'] = tag(gmdate("Y-m-d\\TH:i:s\\Z", $date), 'modified');
                $e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $id, 'id');
                $articles[$id] = tag(n . t . t . join(n . t . t, $e) . n, 'entry');
                $etags[$id] = strtoupper(dechex(crc32($articles[$id])));
                $dates[$id] = $date;
            }
        }
    }
    if (!empty($articles)) {
        //turn on compression if we aren't using it already
        if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) {
            ob_start("ob_gzhandler");
        }
        $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
        $last = gmdate("D, d M Y H:i:s \\G\\M\\T", $last);
        header("Last-Modified: {$last}");
        $expires = gmdate('D, d M Y H:i:s \\G\\M\\T', time() + 3600 * 1);
        header("Expires: {$expires}");
        $hims = serverset('HTTP_IF_MODIFIED_SINCE');
        if ($hims == $last) {
            header("HTTP/1.1 304 Not Modified");
            exit;
        }
        $imsd = @strtotime($hims);
        if (is_callable('apache_request_headers')) {
            $headers = apache_request_headers();
            if (isset($headers["A-IM"])) {
                $canaim = strpos($headers["A-IM"], "feed");
            } else {
                $canaim = false;
            }
        } else {
            $canaim = false;
        }
        $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH'));
        $cutarticles = false;
        if ($canaim !== false) {
            foreach ($articles as $id => $thing) {
                if (strpos($hinm, $etags[$id])) {
                    unset($articles[$id]);
                    $cutarticles = true;
                    $cut_etag = true;
                }
                if ($dates[$id] < $imsd) {
                    unset($articles[$id]);
                    $cutarticles = true;
                    $cut_time = true;
                }
            }
        }
        if (isset($cut_etag) && isset($cut_time)) {
            header("Vary: If-None-Match, If-Modified-Since");
        } else {
            if (isset($cut_etag)) {
                header("Vary: If-None-Match");
            } else {
                if (isset($cut_time)) {
                    header("Vary: If-Modified-Since");
                }
            }
        }
        $etag = @join("-", $etags);
        if (strstr($hinm, $etag)) {
            header("HTTP/1.1 304 Not Modified");
            exit;
        }
        if ($etag) {
            header('ETag: "' . $etag . '"');
        }
        if ($cutarticles) {
            //header("HTTP/1.1 226 IM Used");
            //This should be used as opposed to 200, but Apache doesn't like it.
            //http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200.
            header("Cache-Control: no-store, im");
            header("IM: feed");
        }
        $out = array_merge($out, $articles);
        ob_start();
        header('Content-type: application/atom+xml; charset=utf-8');
        return chr(60) . '?xml version="1.0" encoding="UTF-8"?' . chr(62) . n . '<feed version="0.3" xml:lang="' . $language . '" xmlns="http://purl.org/atom/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/">' . join(n, $out) . '</feed>';
    }
}
示例#12
0
function linkdesctitle($atts)
{
    global $thislink;
    extract(lAtts(array('rel' => ''), $atts));
    $description = $thislink['description'] ? ' title="' . escape_output($thislink['description']) . '"' : '';
    return tag(escape_output($thislink['linkname']), 'a', ($rel ? ' rel="' . $rel . '"' : '') . ' href="' . doSpecial($thislink['url']) . '"' . $description);
}
示例#13
0
function atom()
{
    global $txpac;
    extract($GLOBALS['prefs']);
    define("textplain", ' type="text/plain"');
    define("texthtml", ' type="text/html"');
    define("relalt", ' rel="alternate"');
    define('appxhtml', ' type="application/xhtml+xml"');
    define("divxhtml", '<div xmlns="http://www.w3.org/1999/xhtml">');
    $area = gps('area');
    extract(doSlash(gpsa(array('category', 'section', 'limit'))));
    $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
    $sitename .= $section ? ' - ' . $section : '';
    $sitename .= $category ? ' - ' . $category : '';
    $out[] = tag($sitename, 'title', textplain);
    $out[] = tag($site_slogan, 'tagline', textplain);
    $out[] = '<link' . relalt . texthtml . ' href="http://' . $siteurl . $path_from_root . '" />';
    $out[] = tag('tag:' . $siteurl . ',' . date("Y") . ':/', 'id');
    $out[] = tag('Textpattern', 'generator', ' url="http://textpattern.com" version="g1.17"');
    $out[] = tag(date("Y-m-d\\TH:i:s\\Z", $last), 'modified');
    $pub = safe_row("RealName, email", "txp_users", "privs=1");
    $auth[] = tag($pub['RealName'], 'name');
    $auth[] = $txpac['include_email_atom'] ? tag(eE($pub['email']), 'email') : '';
    $auth[] = tag('http://' . $siteurl . $path_from_root, 'url');
    $out[] = tag(n . t . t . join(n . t . t, $auth) . n, 'author');
    if (!$area or $area == 'article') {
        $sfilter = $section ? "and Section = '" . $section . "'" : '';
        $cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : '';
        $limit = $limit ? $limit : '5';
        $frs = safe_column("name", "txp_section", "in_rss != '1'");
        foreach ($frs as $f) {
            $query[] = "and Section != '" . $f . "'";
        }
        $query[] = $sfilter;
        $query[] = $cfilter;
        $rs = safe_rows("*, unix_timestamp(Posted) as uPosted,unix_timestamp(LastMod) as uLastMod", "textpattern", "Status=4 and Posted <= now() " . join(' ', $query) . "order by Posted desc limit {$limit}");
        if ($rs) {
            foreach ($rs as $a) {
                extract($a);
                if ($txpac['show_comment_count_in_feed']) {
                    $dc = getCount('txp_discuss', "parentid={$ID} and visible=1");
                    $count = $dc > 0 ? ' [' . $dc . ']' : '';
                } else {
                    $count = '';
                }
                $e['issued'] = tag(date("Y-m-d\\TH:i:s\\Z", $uPosted), 'issued');
                $e['modified'] = tag(date("Y-m-d\\TH:i:s\\Z", $uLastMod), 'modified');
                $e['title'] = tag($Title . $count, 'title');
                $elink = $url_mode == 0 ? 'http://' . $siteurl . $path_from_root . 'index.php?id=' . $ID : 'http://' . $siteurl . $path_from_root . $Section . '/' . $ID . '/';
                $e['link'] = '<link' . relalt . texthtml . ' href="' . $elink . '" />';
                $e['id'] = tag('tag:' . $siteurl . ',' . date("Y-m-d", $uPosted) . ':' . $ID, 'id');
                $e['subject'] = tag(htmlspecialchars($Category1), 'dc:subject');
                // pull Body or Excerpt?
                $Body = !$txpac['syndicate_body_or_excerpt'] ? $Body_html : $Excerpt;
                // if Excerpt is empty, switch back to Body_html
                $Body = !trim($Body) ? $Body_html : $Body;
                // fix relative urls
                $Body = str_replace('href="/', 'href="http://' . $siteurl . '/', $Body);
                // encode and entify
                $Body = utf8_encode(htmlspecialchars($Body));
                $e['content'] = tag(n . $Body . n, 'content', ' type="text/html" mode="escaped" xml:lang="en"');
                $out[] = tag(n . t . t . join(n . t . t, $e) . n, 'entry');
            }
        }
    } elseif ($area == 'link') {
        $cfilter = $category ? "category='{$category}'" : '1';
        $limit = $limit ? $limit : 15;
        $rs = safe_rows("*", "txp_link", "{$cfilter} order by date desc limit {$limit}");
        if ($rs) {
            foreach ($rs as $a) {
                extract($a);
                $e['title'] = tag(doSpecial($linkname), 'title');
                $content = utf8_encode(htmlspecialchars($description));
                $e['content'] = tag(n . $description . n, 'content', ' type="text/html" mode="escaped" xml:lang="en"');
                $url = preg_replace("/^\\/(.*)/", "http://{$siteurl}/\$1", $url);
                $e['link'] = '<link' . relalt . texthtml . ' href="' . $url . '" />';
                $out[] = tag(n . t . t . join(n . t . t, $e) . n, 'entry');
            }
        }
    }
    if (!empty($out)) {
        ob_start();
        header('Content-type: text/xml');
        return chr(60) . '?xml version="1.0" encoding="UTF-8"?' . chr(62) . n . '<feed version="0.3" xmlns="http://purl.org/atom/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/">' . join(n, $out) . '</feed>';
    }
}
示例#14
0
function linkdesctitle($atts)
{
    global $thislink;
    assert_link();
    extract(lAtts(array('rel' => ''), $atts));
    $description = $thislink['description'] ? ' title="' . htmlspecialchars($thislink['description']) . '"' : '';
    return tag(htmlspecialchars($thislink['linkname']), 'a', ($rel ? ' rel="' . $rel . '"' : '') . ' href="' . doSpecial($thislink['url']) . '"' . $description);
}
示例#15
0
function atom()
{
    global $thisarticle;
    extract($GLOBALS['prefs']);
    define("t_texthtml", ' type="text/html"');
    define("t_text", ' type="text"');
    define("t_html", ' type="html"');
    define("t_xhtml", ' type="xhtml"');
    define('t_appxhtml', ' type="xhtml"');
    define("r_relalt", ' rel="alternate"');
    define("r_relself", ' rel="self"');
    $area = doSlash(gps('area'));
    extract(doSlash(gpsa(array('category', 'section', 'limit'))));
    $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
    $sitename .= $section ? ' - ' . $section : '';
    $sitename .= $category ? ' - ' . $category : '';
    $pub = safe_row("RealName, email", "txp_users", "privs=1");
    $out[] = tag($sitename, 'title', t_text);
    $out[] = tag($site_slogan, 'subtitle', t_text);
    $out[] = '<link' . r_relself . ' href="' . pagelinkurl(array('atom' => 1)) . '" />';
    $out[] = '<link' . r_relalt . t_texthtml . ' href="' . hu . '" />';
    $articles = array();
    //Atom feeds with mail or domain name
    $dn = explode('/', $siteurl);
    $mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0];
    $out[] = tag('tag:' . $mail_or_domain . ',' . $blog_time_uid . ':' . $blog_uid . ($section ? '/' . $section : '') . ($category ? '/' . $category : ''), 'id');
    $out[] = tag('Textpattern', 'generator', ' uri="http://textpattern.com/" version="' . $version . '"');
    $out[] = tag(gmdate("Y-m-d\\TH:i:s\\Z", $last), 'updated');
    $auth[] = tag($pub['RealName'], 'name');
    $auth[] = $include_email_atom ? tag(eE($pub['email']), 'email') : '';
    $auth[] = tag(hu, 'uri');
    $out[] = tag(n . t . t . join(n . t . t, $auth) . n, 'author');
    if (!$area or $area == 'article') {
        $sfilter = $section ? "and Section = '" . $section . "'" : '';
        $cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : '';
        $limit = $limit ? $limit : $rss_how_many;
        $limit = min($limit, max(100, $rss_how_many));
        $frs = safe_column("name", "txp_section", "in_rss != '1'");
        $query = array();
        foreach ($frs as $f) {
            $query[] = "and Section != '" . doSlash($f) . "'";
        }
        $query[] = $sfilter;
        $query[] = $cfilter;
        $rs = safe_rows_start("*, \n\t\t\t\tID as thisid, \n\t\t\t\tunix_timestamp(Posted) as uPosted,\n\t\t\t\tunix_timestamp(LastMod) as uLastMod", "textpattern", "Status=4 and Posted <= now() " . join(' ', $query) . "order by Posted desc limit {$limit}");
        if ($rs) {
            while ($a = nextRow($rs)) {
                extract($a);
                populateArticleData($a);
                $e = array();
                $a['posted'] = $uPosted;
                if ($show_comment_count_in_feed) {
                    $count = $comments_count > 0 ? ' [' . $comments_count . ']' : '';
                } else {
                    $count = '';
                }
                $thisauthor = get_author_name($AuthorID);
                $e['thisauthor'] = tag(n . t . t . t . tag(htmlspecialchars($thisauthor), 'name') . n . t . t, 'author');
                $e['issued'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', $uPosted), 'published');
                $e['modified'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', $uLastMod), 'updated');
                $escaped_title = escape_title($Title);
                $escaped_title = preg_replace("/&(?![#a-z0-9]+;)/i", '&amp;', $escaped_title);
                $escaped_title = str_replace('<', '&lt;', $escaped_title);
                $escaped_title = str_replace('>', '&gt;', $escaped_title);
                $e['title'] = tag($escaped_title . $count, 'title');
                $uTitle = $url_title ? $url_title : stripSpace($Title);
                $uTitle = htmlspecialchars($uTitle, ENT_NOQUOTES);
                $permlink = permlinkurl($a);
                $e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $permlink . '" />';
                $e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'id');
                $e['category1'] = trim($Category1) ? '<category term="' . htmlspecialchars($Category1) . '" />' : '';
                $e['category2'] = trim($Category2) ? '<category term="' . htmlspecialchars($Category2) . '" />' : '';
                $Excerpt = fixup_for_feed($thisarticle['excerpt'], permlinkurl($a));
                if ($syndicate_body_or_excerpt == 0) {
                    $Body = fixup_for_feed($thisarticle['body'], permlinkurl($a));
                } else {
                    $Body = '';
                    // If there's no excerpt, use body as content instead of body as summary
                    if (!trim($Excerpt)) {
                        $Body = fixup_for_feed($thisarticle['body'], permlinkurl($a));
                    }
                }
                if (trim($Body)) {
                    $e['content'] = tag(n . $Body . n, 'content', t_html);
                }
                if (trim($Excerpt)) {
                    $e['summary'] = tag(n . $Excerpt . n, 'summary', t_html);
                }
                $articles[$ID] = tag(n . t . t . join(n . t . t, $e) . n, 'entry');
                $etags[$ID] = strtoupper(dechex(crc32($articles[$ID])));
                $dates[$ID] = $uLastMod;
            }
        }
    } elseif ($area == 'link') {
        $cfilter = $category ? "category='" . $category . "'" : '1';
        $limit = $limit ? $limit : $rss_how_many;
        $limit = min($limit, max(100, $rss_how_many));
        $rs = safe_rows_start("*", "txp_link", "{$cfilter} order by date desc limit {$limit}");
        if ($rs) {
            while ($a = nextRow($rs)) {
                extract($a);
                $e['title'] = tag(doSpecial($linkname), 'title');
                $content = utf8_encode(htmlspecialchars($description));
                $e['content'] = tag(n . $description . n, 'content', t_texthtml);
                $url = preg_replace("/^\\/(.*)/", "http://{$siteurl}/\$1", $url);
                $url = preg_replace("/&((?U).*)=/", "&amp;\\1=", $url);
                $e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $url . '" />';
                $e['issued'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', strtotime($date)), 'published');
                $e['modified'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', strtotime($date)), 'updated');
                $e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $id, 'id');
                $articles[$id] = tag(n . t . t . join(n . t . t, $e) . n, 'entry');
                $etags[$id] = strtoupper(dechex(crc32($articles[$id])));
                $dates[$id] = $date;
            }
        }
    }
    if (!empty($articles)) {
        //turn on compression if we aren't using it already
        if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) {
            @ob_start("ob_gzhandler");
        }
        $expires = gmdate('D, d M Y H:i:s \\G\\M\\T', time() + 3600 * 1);
        header("Expires: {$expires}");
        $hims = serverset('HTTP_IF_MODIFIED_SINCE');
        $imsd = $hims ? strtotime($hims) : 0;
        if ($imsd >= $last) {
            txp_status_header("304 Not Modified");
            exit;
        }
        header("Last-Modified: " . gmdate('D, d M Y H:i:s \\G\\M\\T', $last));
        if (is_callable('apache_request_headers')) {
            $headers = apache_request_headers();
            if (isset($headers["A-IM"])) {
                $canaim = strpos($headers["A-IM"], "feed");
            } else {
                $canaim = false;
            }
        } else {
            $canaim = false;
        }
        $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH'));
        $cutarticles = false;
        if ($canaim !== false) {
            foreach ($articles as $id => $thing) {
                if (strpos($hinm, $etags[$id])) {
                    unset($articles[$id]);
                    $cutarticles = true;
                    $cut_etag = true;
                }
                if ($dates[$id] < $imsd) {
                    unset($articles[$id]);
                    $cutarticles = true;
                    $cut_time = true;
                }
            }
        }
        if (isset($cut_etag) && isset($cut_time)) {
            header("Vary: If-None-Match, If-Modified-Since");
        } else {
            if (isset($cut_etag)) {
                header("Vary: If-None-Match");
            } else {
                if (isset($cut_time)) {
                    header("Vary: If-Modified-Since");
                }
            }
        }
        $etag = @join("-", $etags);
        if (strstr($hinm, $etag)) {
            header("HTTP/1.1 304 Not Modified");
            exit;
        }
        if ($etag) {
            header('ETag: "' . $etag . '"');
        }
        if ($cutarticles) {
            //header("HTTP/1.1 226 IM Used");
            //This should be used as opposed to 200, but Apache doesn't like it.
            //http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200.
            header("Cache-Control: no-store, im");
            header("IM: feed");
        }
        $out = array_merge($out, $articles);
        header('Content-type: application/atom+xml; charset=utf-8');
        return chr(60) . '?xml version="1.0" encoding="UTF-8"?' . chr(62) . n . '<feed xml:lang="' . $language . '" xmlns="http://www.w3.org/2005/Atom">' . join(n, $out) . '</feed>';
    }
}
示例#16
0
function author_list()
{
    global $txp_user, $author_list_pageby;
    extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
    if ($sort === '') {
        $sort = get_pref('admin_sort_column', 'name');
    }
    if ($dir === '') {
        $dir = get_pref('admin_sort_dir', 'asc');
    }
    $dir = $dir == 'desc' ? 'desc' : 'asc';
    if (!in_array($sort, array('name', 'RealName', 'email', 'privs', 'last_login'))) {
        $sort = 'name';
    }
    $sort_sql = $sort . ' ' . $dir;
    set_pref('admin_sort_column', $sort, 'admin', 2, '', 0, PREF_PRIVATE);
    set_pref('admin_sort_dir', $dir, 'admin', 2, '', 0, PREF_PRIVATE);
    $switch_dir = $dir == 'desc' ? 'asc' : 'desc';
    $total = getCount('txp_users', '1=1');
    $limit = max($author_list_pageby, 15);
    list($page, $offset, $numPages) = pager($total, $limit, $page);
    $rs = safe_rows_start('*, unix_timestamp(last_access) as last_login', 'txp_users', '1 = 1 order by ' . $sort_sql . ' limit ' . $offset . ', ' . $limit);
    if ($rs) {
        echo n . '<div class="txp-list">';
        echo '<form action="index.php" id="users_form" method="post" name="longform" onsubmit="return verify(\'' . gTxt('are_you_sure') . '\')">' . startTable('list', '', 'list') . n . '<thead>' . n . tr(column_head('login_name', 'name', 'admin', true, $switch_dir, '', '', ('name' == $sort ? "{$dir} " : '') . 'name login-name') . column_head('real_name', 'RealName', 'admin', true, $switch_dir, '', '', ('RealName' == $sort ? "{$dir} " : '') . 'name real-name') . column_head('email', 'email', 'admin', true, $switch_dir, '', '', ('email' == $sort ? "{$dir} " : '') . 'email') . column_head('privileges', 'privs', 'admin', true, $switch_dir, '', '', ('privs' == $sort ? "{$dir} " : '') . 'privs') . column_head('last_login', 'last_login', 'admin', true, $switch_dir, '', '', ('last_login' == $sort ? "{$dir} " : '') . 'date last-login modified') . hCell('', '', ' class="actions"') . hCell('', '', ' class="multi-edit"')) . n . '</thead>';
        $tfoot = n . '<tfoot>' . tr(tda(has_privs('admin.edit') ? select_buttons() . author_multiedit_form($page, $sort, $dir, $crit, $search_method) : '', ' class="multi-edit" colspan="7" style="text-align: right; border: none;"')) . n . '</tfoot>';
        echo $tfoot;
        echo '<tbody>';
        $ctr = 1;
        while ($a = nextRow($rs)) {
            extract(doSpecial($a));
            echo tr(td($name, '', 'name login-name') . td($RealName, '', 'name real-name') . td('<a href="mailto:' . $email . '">' . $email . '</a>', '', 'email') . td(get_priv_level($privs), '', 'privs') . td($last_login ? safe_strftime('%b&#160;%Y', $last_login) : '', '', 'date last-login modified') . td(has_privs('admin.edit') ? eLink('admin', 'author_edit', 'user_id', $user_id, gTxt('edit')) : '', '', 'actions') . td((has_privs('admin.edit') and $txp_user != $a['name']) ? fInput('checkbox', 'selected[]', $a['name'], 'checkbox') : '', '', 'multi-edit'), ' class="' . ($ctr % 2 == 0 ? 'even' : 'odd') . '"');
            $ctr++;
        }
        echo '</tbody>' . n . endTable() . n . '</form>' . n . '<div id="users_navigation" class="txp-navigation">' . nav_form('admin', $page, $numPages, $sort, $dir, $crit, $search_method) . pageby_form('admin', $author_list_pageby) . n . '</div>' . n . '</div>';
    }
}
示例#17
0
function rss()
{
    global $prefs, $thisarticle;
    extract($prefs);
    ob_start();
    extract(doSlash(gpsa(array('category', 'section', 'limit', 'area'))));
    $area = gps('area');
    $sitename .= $section ? ' - ' . $section : '';
    $sitename .= $category ? ' - ' . $category : '';
    $out[] = tag(doSpecial($sitename), 'title');
    $out[] = tag(hu, 'link');
    $out[] = tag(doSpecial($site_slogan), 'description');
    $articles = array();
    if (!$area or $area == 'article') {
        $sfilter = $section ? "and Section = '" . $section . "'" : '';
        $cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : '';
        $limit = $limit ? $limit : '5';
        $frs = safe_column("name", "txp_section", "in_rss != '1'");
        if ($frs) {
            foreach ($frs as $f) {
                $query[] = "and Section != '" . $f . "'";
            }
        }
        $query[] = $sfilter;
        $query[] = $cfilter;
        $rs = safe_rows_start("*, unix_timestamp(Posted) as uPosted, ID as thisid", "textpattern", "Status = 4 " . join(' ', $query) . "and Posted < now() order by Posted desc limit {$limit}");
        if ($rs) {
            while ($a = nextRow($rs)) {
                extract($a);
                populateArticleData($a);
                $a['posted'] = $uPosted;
                $Body = !$syndicate_body_or_excerpt ? $thisarticle['body'] : $thisarticle['excerpt'];
                $Body = !trim($Body) ? $thisarticle['body'] : $Body;
                $Body = str_replace('href="/', 'href="' . hu, $Body);
                $Body = preg_replace("/href=\\\"#(.*)\"/", "href=\"" . permlinkurl($a) . "#\\1\"", $Body);
                $Body = safe_hed($Body);
                $Body = preg_replace(array('/</', '/>/', "/'/", '/"/'), array('&lt;', '&gt;', '&#039;', '&quot;'), $Body);
                // encode bare ampersands
                $Body = preg_replace("/&(?![#0-9]+;|\\w+;)/i", '&amp;', $Body);
                $uTitle = $url_title ? $url_title : stripSpace($Title);
                $uTitle = htmlspecialchars($uTitle, ENT_NOQUOTES);
                if ($show_comment_count_in_feed) {
                    $dc = getCount('txp_discuss', "parentid={$ID} and visible=1");
                    $count = $dc > 0 ? ' [' . $dc . ']' : '';
                } else {
                    $count = '';
                }
                $Title = doSpecial($Title) . $count;
                $permlink = permlinkurl($a);
                $item = tag(strip_tags($Title), 'title') . n . tag($Body, 'description') . n . tag($permlink, 'link');
                $articles[$ID] = tag($item, 'item');
                $etags[$ID] = strtoupper(dechex(crc32($articles[$ID])));
                $dates[$ID] = $uPosted;
            }
        }
    } elseif ($area == 'link') {
        $cfilter = $category ? "category='{$category}'" : '1';
        $limit = $limit ? $limit : 15;
        $rs = safe_rows_start("*", "txp_link", "{$cfilter} order by date desc limit {$limit}");
        if ($rs) {
            while ($a = nextRow($rs)) {
                extract($a);
                $item = tag(doSpecial($linkname), 'title') . n . tag(doSpecial($description), 'description') . n . tag(doSpecial($url), 'link');
                $articles[$id] = tag($item, 'item');
                $etags[$id] = strtoupper(dechex(crc32($articles[$id])));
                $dates[$id] = $date;
            }
        }
    }
    //turn on compression if we aren't using it already
    if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) {
        ob_start("ob_gzhandler");
    }
    $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
    $last = gmdate("D, d M Y H:i:s \\G\\M\\T", $last);
    header("Last-Modified: {$last}");
    $expires = gmdate('D, d M Y H:i:s \\G\\M\\T', time() + 3600 * 1);
    header("Expires: {$expires}");
    $hims = serverset('HTTP_IF_MODIFIED_SINCE');
    if ($hims == $last) {
        header("HTTP/1.1 304 Not Modified");
        exit;
    }
    $imsd = @strtotime($hims);
    if (is_callable('apache_request_headers')) {
        $headers = apache_request_headers();
        if (isset($headers["A-IM"])) {
            $canaim = strpos($headers["A-IM"], "feed");
        } else {
            $canaim = false;
        }
    } else {
        $canaim = false;
    }
    $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH'));
    $cutarticles = false;
    if ($canaim !== false) {
        foreach ($articles as $id => $thing) {
            if (strpos($hinm, $etags[$id]) !== false) {
                unset($articles[$id]);
                $cutarticles = true;
                $cut_etag = true;
            }
            if ($dates[$id] < $imsd) {
                unset($articles[$id]);
                $cutarticles = true;
                $cut_time = true;
            }
        }
    }
    if (isset($cut_etag) && isset($cut_time)) {
        header("Vary: If-None-Match, If-Modified-Since");
    } else {
        if (isset($cut_etag)) {
            header("Vary: If-None-Match");
        } else {
            if (isset($cut_time)) {
                header("Vary: If-Modified-Since");
            }
        }
    }
    $etag = @join("-", $etags);
    if (strstr($hinm, $etag)) {
        header("HTTP/1.1 304 Not Modified");
        exit;
    }
    if ($cutarticles) {
        //header("HTTP/1.1 226 IM Used");
        //This should be used as opposed to 200, but Apache doesn't like it.
        //http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200.
        header("Cache-Control: no-store, im");
        header("IM: feed");
    }
    $out = array_merge($out, $articles);
    header("Content-Type: application/rss+xml; charset=utf-8");
    if ($etag) {
        header('ETag: "' . $etag . '"');
    }
    return '<rss version="0.92">' . tag(join(n, $out), 'channel') . '</rss>';
}
示例#18
0
/**
 * The main panel listing all authors.
 *
 * @param string|array $message The activity message
 */
function author_list($message = '')
{
    global $event, $txp_user, $author_list_pageby, $levels;
    pagetop(gTxt('tab_site_admin'), $message);
    if (is_disabled('mail')) {
        echo graf(span(null, array('class' => 'ui-icon ui-icon-alert')) . ' ' . gTxt('warn_mail_unavailable'), array('class' => 'alert-block warning'));
    }
    $buttons = array();
    // Change password button.
    $buttons[] = sLink('admin', 'new_pass_form', gTxt('change_password'), 'txp-button');
    if (!has_privs('admin.edit')) {
        // Change email address button.
        $buttons[] = sLink('admin', 'change_email_form', gTxt('change_email_address'), 'txp-button');
    } else {
        // New author button.
        $buttons[] = sLink('admin', 'author_edit', gTxt('add_new_author'), 'txp-button');
    }
    // User list.
    if (has_privs('admin.list')) {
        extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
        if ($sort === '') {
            $sort = get_pref('admin_sort_column', 'name');
        } else {
            if (!in_array($sort, array('name', 'RealName', 'email', 'privs', 'last_login'))) {
                $sort = 'name';
            }
            set_pref('admin_sort_column', $sort, 'admin', 2, '', 0, PREF_PRIVATE);
        }
        if ($dir === '') {
            $dir = get_pref('admin_sort_dir', 'asc');
        } else {
            $dir = $dir == 'desc' ? "desc" : "asc";
            set_pref('admin_sort_dir', $dir, 'admin', 2, '', 0, PREF_PRIVATE);
        }
        $sort_sql = $sort . ' ' . $dir;
        $switch_dir = $dir == 'desc' ? 'asc' : 'desc';
        $search = new Filter($event, array('login' => array('column' => 'txp_users.name', 'label' => gTxt('login_name')), 'RealName' => array('column' => 'txp_users.RealName', 'label' => gTxt('real_name')), 'email' => array('column' => 'txp_users.email', 'label' => gTxt('email')), 'privs' => array('column' => array('txp_users.privs'), 'label' => gTxt('privileges'), 'type' => 'boolean')));
        $search->setAliases('privs', $levels);
        list($criteria, $crit, $search_method) = $search->getFilter();
        $search_render_options = array('placeholder' => 'search_users');
        $total = getCount('txp_users', $criteria);
        echo n . tag(hed(gTxt('tab_site_admin'), 1, array('class' => 'txp-heading')), 'div', array('class' => 'txp-layout-2col-cell-1'));
        $searchBlock = n . tag($search->renderForm('author_list', $search_render_options), 'div', array('class' => 'txp-layout-2col-cell-2', 'id' => 'users_control'));
        $createBlock = array();
        $createBlock[] = n . tag(implode(n, $buttons), 'div', array('class' => 'txp-control-panel'));
        $contentBlockStart = n . tag_start('div', array('class' => 'txp-layout-1col', 'id' => 'users_container'));
        $createBlock = implode(n, $createBlock);
        if ($total < 1) {
            if ($criteria != 1) {
                echo $searchBlock . $contentBlockStart . $createBlock . graf(span(null, array('class' => 'ui-icon ui-icon-info')) . ' ' . gTxt('no_results_found'), array('class' => 'alert-block information')) . n . tag_end('div');
            }
            return;
        }
        $limit = max($author_list_pageby, 15);
        list($page, $offset, $numPages) = pager($total, $limit, $page);
        $use_multi_edit = has_privs('admin.edit') && ($total > 1 or safe_count('txp_users', "1 = 1") > 1);
        echo $searchBlock . $contentBlockStart . $createBlock;
        $rs = safe_rows_start("*, UNIX_TIMESTAMP(last_access) AS last_login", 'txp_users', "{$criteria} ORDER BY {$sort_sql} LIMIT {$offset}, {$limit}");
        if ($rs) {
            echo n . tag_start('form', array('class' => 'multi_edit_form', 'id' => 'users_form', 'name' => 'longform', 'method' => 'post', 'action' => 'index.php')) . n . tag_start('div', array('class' => 'txp-listtables')) . n . tag_start('table', array('class' => 'txp-list')) . n . tag_start('thead') . tr(($use_multi_edit ? hCell(fInput('checkbox', 'select_all', 0, '', '', '', '', '', 'select_all'), '', ' class="txp-list-col-multi-edit" scope="col" title="' . gTxt('toggle_all_selected') . '"') : hCell('', '', ' class="txp-list-col-multi-edit" scope="col"')) . column_head('login_name', 'name', 'admin', true, $switch_dir, '', '', ('name' == $sort ? "{$dir} " : '') . 'txp-list-col-login-name name') . column_head('real_name', 'RealName', 'admin', true, $switch_dir, '', '', ('RealName' == $sort ? "{$dir} " : '') . 'txp-list-col-real-name name') . column_head('email', 'email', 'admin', true, $switch_dir, '', '', ('email' == $sort ? "{$dir} " : '') . 'txp-list-col-email') . column_head('privileges', 'privs', 'admin', true, $switch_dir, '', '', ('privs' == $sort ? "{$dir} " : '') . 'txp-list-col-privs') . column_head('last_login', 'last_login', 'admin', true, $switch_dir, '', '', ('last_login' == $sort ? "{$dir} " : '') . 'txp-list-col-last-login date')) . n . tag_end('thead') . n . tag_start('tbody');
            while ($a = nextRow($rs)) {
                extract(doSpecial($a));
                echo tr(td((has_privs('admin.edit') and $txp_user != $a['name']) ? fInput('checkbox', 'selected[]', $a['name'], 'checkbox') : '', '', 'txp-list-col-multi-edit') . hCell(has_privs('admin.edit') ? eLink('admin', 'author_edit', 'user_id', $user_id, $name) : $name, '', ' class="txp-list-col-login-name name" scope="row"') . td($RealName, '', 'txp-list-col-real-name name') . td(href($email, 'mailto:' . $email), '', 'txp-list-col-email') . td(get_priv_level($privs), '', 'txp-list-col-privs') . td($last_login ? safe_strftime('%b&#160;%Y', $last_login) : '', '', 'txp-list-col-last-login date'));
            }
            echo n . tag_end('tbody') . n . tag_end('table') . n . tag_end('div') . ($use_multi_edit ? author_multiedit_form($page, $sort, $dir, $crit, $search_method) : '') . tInput() . n . tag_end('form') . n . tag_start('div', array('class' => 'txp-navigation', 'id' => 'users_navigation')) . pageby_form('admin', $author_list_pageby) . nav_form('admin', $page, $numPages, $sort, $dir, $crit, $search_method) . n . tag_end('div');
        }
        echo n . tag_end('div');
    } else {
        echo n . tag_start('div', array('class' => 'txp-layout-1col', 'id' => 'users_container')) . n . tag(implode(n, $buttons), 'div', array('class' => 'txp-control-panel')) . n . tag_end('div');
    }
}
示例#19
0
/**
 * The main author list.
 *
 * @param string|array $message The activity message
 */
function author_list($message = '')
{
    global $txp_user, $author_list_pageby;
    pagetop(gTxt('tab_site_admin'), $message);
    if (is_disabled('mail')) {
        echo graf(span(null, array('class' => 'ui-icon ui-icon-alert')) . ' ' . gTxt('warn_mail_unavailable'), array('class' => 'alert-block warning'));
    }
    echo hed(gTxt('tab_site_admin'), 1, array('class' => 'txp-heading'));
    echo n . '<div id="users_control" class="txp-control-panel">';
    $buttons = array();
    // Change password button.
    $buttons[] = sLink('admin', 'new_pass_form', gTxt('change_password'));
    if (!has_privs('admin.edit')) {
        // Change email address button.
        $buttons[] = sLink('admin', 'change_email_form', gTxt('change_email_address'));
    } else {
        // New author button.
        $buttons[] = sLink('admin', 'author_edit', gTxt('add_new_author'));
    }
    echo graf(join(n, $buttons), array('class' => 'txp-buttons'));
    // User list.
    if (has_privs('admin.list')) {
        extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
        if ($sort === '') {
            $sort = get_pref('admin_sort_column', 'name');
        }
        if ($dir === '') {
            $dir = get_pref('admin_sort_dir', 'asc');
        }
        $dir = $dir == 'desc' ? 'desc' : 'asc';
        if (!in_array($sort, array('name', 'RealName', 'email', 'privs', 'last_login'))) {
            $sort = 'name';
        }
        $sort_sql = $sort . ' ' . $dir;
        set_pref('admin_sort_column', $sort, 'admin', 2, '', 0, PREF_PRIVATE);
        set_pref('admin_sort_dir', $dir, 'admin', 2, '', 0, PREF_PRIVATE);
        $switch_dir = $dir == 'desc' ? 'asc' : 'desc';
        $criteria = 1;
        if ($search_method and $crit != '') {
            $verbatim = preg_match('/^"(.*)"$/', $crit, $m);
            $crit_escaped = $verbatim ? doSlash($m[1]) : doLike($crit);
            $critsql = $verbatim ? array('id' => "user_id in ('" . join("','", do_list($crit_escaped)) . "')", 'login' => "name = '{$crit_escaped}'", 'real_name' => "RealName = '{$crit_escaped}'", 'email' => "email = '{$crit_escaped}'", 'privs' => "convert(privs, char) in ('" . join("','", do_list($crit_escaped)) . "')") : array('id' => "user_id in ('" . join("','", do_list($crit_escaped)) . "')", 'login' => "name like '%{$crit_escaped}%'", 'real_name' => "RealName like '%{$crit_escaped}%'", 'email' => "email like '%{$crit_escaped}%'", 'privs' => "convert(privs, char) in ('" . join("','", do_list($crit_escaped)) . "')");
            if (array_key_exists($search_method, $critsql)) {
                $criteria = $critsql[$search_method];
            } else {
                $search_method = '';
                $crit = '';
            }
        } else {
            $search_method = '';
            $crit = '';
        }
        $criteria .= callback_event('admin_criteria', 'author_list', 0, $criteria);
        $total = getCount('txp_users', $criteria);
        if ($total < 1) {
            if ($criteria != 1) {
                echo n . author_search_form($crit, $search_method) . graf(gTxt('no_results_found'), ' class="indicator"') . '</div>';
            }
            return;
        }
        $limit = max($author_list_pageby, 15);
        list($page, $offset, $numPages) = pager($total, $limit, $page);
        $use_multi_edit = has_privs('admin.edit') && safe_count('txp_users', '1=1') > 1;
        echo author_search_form($crit, $search_method) . '</div>';
        $rs = safe_rows_start('*, unix_timestamp(last_access) as last_login', 'txp_users', "{$criteria} order by {$sort_sql} limit {$offset}, {$limit}");
        if ($rs) {
            echo n . tag_start('div', array('id' => 'users_container', 'class' => 'txp-container')) . n . tag_start('form', array('action' => 'index.php', 'id' => 'users_form', 'class' => 'multi_edit_form', 'method' => 'post', 'name' => 'longform')) . n . tag_start('div', array('class' => 'txp-listtables')) . n . tag_start('table', array('class' => 'txp-list')) . n . tag_start('thead') . tr(($use_multi_edit ? hCell(fInput('checkbox', 'select_all', 0, '', '', '', '', '', 'select_all'), '', ' scope="col" title="' . gTxt('toggle_all_selected') . '" class="txp-list-col-multi-edit"') : hCell('', '', ' scope="col" class="txp-list-col-multi-edit"')) . column_head('login_name', 'name', 'admin', true, $switch_dir, '', '', ('name' == $sort ? "{$dir} " : '') . 'txp-list-col-login-name name') . column_head('real_name', 'RealName', 'admin', true, $switch_dir, '', '', ('RealName' == $sort ? "{$dir} " : '') . 'txp-list-col-real-name name') . column_head('email', 'email', 'admin', true, $switch_dir, '', '', ('email' == $sort ? "{$dir} " : '') . 'txp-list-col-email') . column_head('privileges', 'privs', 'admin', true, $switch_dir, '', '', ('privs' == $sort ? "{$dir} " : '') . 'txp-list-col-privs') . column_head('last_login', 'last_login', 'admin', true, $switch_dir, '', '', ('last_login' == $sort ? "{$dir} " : '') . 'txp-list-col-last-login date')) . n . tag_end('thead') . n . tag_start('tbody');
            while ($a = nextRow($rs)) {
                extract(doSpecial($a));
                echo tr(td((has_privs('admin.edit') and $txp_user != $a['name']) ? fInput('checkbox', 'selected[]', $a['name'], 'checkbox') : '', '', 'txp-list-col-multi-edit') . hCell(has_privs('admin.edit') ? eLink('admin', 'author_edit', 'user_id', $user_id, $name) : $name, '', ' scope="row" class="txp-list-col-login-name name"') . td($RealName, '', 'txp-list-col-real-name name') . td(href($email, 'mailto:' . $email), '', 'txp-list-col-email') . td(get_priv_level($privs), '', 'txp-list-col-privs') . td($last_login ? safe_strftime('%b&#160;%Y', $last_login) : '', '', 'txp-list-col-last-login date'));
            }
            echo n . tag_end('tbody') . n . tag_end('table') . n . tag_end('div') . ($use_multi_edit ? author_multiedit_form($page, $sort, $dir, $crit, $search_method) : '') . tInput() . n . tag_end('form') . n . tag_start('div', array('id' => 'users_navigation', 'class' => 'txp-navigation')) . pageby_form('admin', $author_list_pageby) . nav_form('admin', $page, $numPages, $sort, $dir, $crit, $search_method) . n . tag_end('div') . n . tag_end('div');
        }
    } else {
        echo n . tag_end('div');
    }
}
示例#20
0
/**
 * Outputs a diagnostics report.
 *
 * This is the main panel.
 */
function doDiagnostics()
{
    global $prefs, $files, $txpcfg, $event, $step, $theme, $DB;
    extract(get_prefs());
    $urlparts = parse_url(hu);
    $mydomain = $urlparts['host'];
    $is_apache = stristr(serverSet('SERVER_SOFTWARE'), 'Apache') || is_callable('apache_get_version');
    $real_doc_root = isset($_SERVER['DOCUMENT_ROOT']) ? realpath($_SERVER['DOCUMENT_ROOT']) : '';
    // ini_get() returns string values passed via php_value as a string, not boolean.
    $is_register_globals = (strcasecmp(ini_get('register_globals'), 'on') === 0 or ini_get('register_globals') === '1');
    // Check for Textpattern updates, at most once every 24 hours.
    $now = time();
    $updateInfo = unserialize(get_pref('last_update_check', ''));
    if (!$updateInfo || $now > $updateInfo['when'] + 60 * 60 * 24) {
        $updates = checkUpdates();
        $updateInfo['msg'] = $updates ? gTxt($updates['msg'], array('{version}' => $updates['version'])) : '';
        $updateInfo['when'] = $now;
        set_pref('last_update_check', serialize($updateInfo), 'publish', PREF_HIDDEN, 'text_input');
    }
    $fail = array();
    if (!empty($updateInfo['msg'])) {
        $fail['textpattern_version_update'] = diag_msg_wrap($updateInfo['msg'], 'information');
    }
    if (!is_callable('version_compare') || version_compare(PHP_VERSION, REQUIRED_PHP_VERSION, '<')) {
        $fail['php_version_required'] = diag_msg_wrap(gTxt('php_version_required', array('{version}' => REQUIRED_PHP_VERSION)));
    }
    if (!isset($path_to_site)) {
        $fail['path_to_site_missing'] = diag_msg_wrap(gTxt('path_to_site_missing'), 'warning');
    }
    if (@gethostbyname($mydomain) === $mydomain) {
        $fail['dns_lookup_fails'] = diag_msg_wrap(gTxt('dns_lookup_fails') . cs . $mydomain, 'warning');
    }
    if (!@is_dir($path_to_site)) {
        $fail['path_to_site_inacc'] = diag_msg_wrap(gTxt('path_to_site_inacc') . cs . $path_to_site);
    }
    if (rtrim($siteurl, '/') != $siteurl) {
        $fail['site_trailing_slash'] = diag_msg_wrap(gTxt('site_trailing_slash') . cs . $path_to_site, 'warning');
    }
    if (!@is_file($path_to_site . "/index.php") || !@is_readable($path_to_site . "/index.php")) {
        $fail['index_inaccessible'] = diag_msg_wrap("{$path_to_site}/index.php " . gTxt('is_inaccessible'));
    }
    $not_readable = array();
    if (!@is_writable($path_to_site . '/' . $img_dir)) {
        $not_readable[] = diag_msg_wrap(str_replace('{dirtype}', gTxt('img_dir'), gTxt('dir_not_writable')) . ": {$path_to_site}/{$img_dir}", 'warning');
    }
    if (!@is_writable($file_base_path)) {
        $not_readable[] = diag_msg_wrap(str_replace('{dirtype}', gTxt('file_base_path'), gTxt('dir_not_writable')) . ": {$file_base_path}", 'warning');
    }
    if (!@is_writable($tempdir)) {
        $not_readable[] = diag_msg_wrap(str_replace('{dirtype}', gTxt('tempdir'), gTxt('dir_not_writable')) . ": {$tempdir}", 'warning');
    }
    if ($not_readable) {
        $fail['dir_not_writable'] = join(n, $not_readable);
    }
    if ($permlink_mode != 'messy' && !$is_apache) {
        $fail['cleanurl_only_apache'] = diag_msg_wrap(gTxt('cleanurl_only_apache'), 'information');
    }
    if ($permlink_mode != 'messy' and !@is_readable($path_to_site . '/.htaccess')) {
        $fail['htaccess_missing'] = diag_msg_wrap(gTxt('htaccess_missing'));
    }
    if ($permlink_mode != 'messy' and is_callable('apache_get_modules') and !apache_module('mod_rewrite')) {
        $fail['mod_rewrite_missing'] = diag_msg_wrap(gTxt('mod_rewrite_missing'));
    }
    if (!ini_get('file_uploads')) {
        $fail['file_uploads_disabled'] = diag_msg_wrap(gTxt('file_uploads_disabled'), 'information');
    }
    if (@is_dir(txpath . DS . 'setup')) {
        $fail['setup_still_exists'] = diag_msg_wrap(txpath . DS . "setup" . DS . ' ' . gTxt('still_exists'), 'warning');
    }
    if (empty($tempdir)) {
        $fail['no_temp_dir'] = diag_msg_wrap(gTxt('no_temp_dir'), 'warning');
    }
    if (is_disabled('mail')) {
        $fail['warn_mail_unavailable'] = diag_msg_wrap(gTxt('warn_mail_unavailable'), 'warning');
    }
    if ($is_register_globals) {
        $fail['warn_register_globals_or_update'] = diag_msg_wrap(gTxt('warn_register_globals_or_update'), 'warning');
    }
    if ($permlink_mode != 'messy') {
        $rs = safe_column("name", "txp_section", "1");
        foreach ($rs as $name) {
            if ($name and @file_exists($path_to_site . '/' . $name)) {
                $fail['old_placeholder_exists'] = diag_msg_wrap(gTxt('old_placeholder') . ": {$path_to_site}/{$name}");
            }
        }
    }
    $cs = check_file_integrity(INTEGRITY_REALPATH);
    if (!$cs) {
        $cs = array();
    }
    // Files that don't match their checksums.
    if ($modified_files = array_keys($cs, INTEGRITY_MODIFIED)) {
        $fail['modified_files'] = diag_msg_wrap(gTxt('modified_files') . cs . n . t . join(', ' . n . t, $modified_files), 'warning');
    }
    // Running development code in live mode is not recommended.
    if (preg_match('/-dev$/', txp_version) and $production_status == 'live') {
        $fail['dev_version_live'] = diag_msg_wrap(gTxt('dev_version_live'), 'warning');
    }
    // Missing files.
    if ($missing = array_merge(array_keys($cs, INTEGRITY_MISSING), array_keys($cs, INTEGRITY_NOT_FILE), array_keys($cs, INTEGRITY_NOT_READABLE))) {
        $fail['missing_files'] = diag_msg_wrap(gTxt('missing_files') . cs . n . t . join(', ' . n . t, $missing));
    }
    // Anything might break if arbitrary functions are disabled.
    if (ini_get('disable_functions')) {
        $disabled_funcs = array_map('trim', explode(',', ini_get('disable_functions')));
        // Commonly disabled functions that we don't need.
        $disabled_funcs = array_diff($disabled_funcs, array('imagefilltoborder', 'escapeshellarg', 'escapeshellcmd', 'exec', 'passthru', 'proc_close', 'proc_get_status', 'proc_nice', 'proc_open', 'proc_terminate', 'shell_exec', 'system', 'popen', 'dl', 'chown'));
        if ($disabled_funcs) {
            $fail['some_php_functions_disabled'] = diag_msg_wrap(gTxt('some_php_functions_disabled') . cs . join(', ', $disabled_funcs), 'warning');
        }
    }
    // Not sure about this one.
    //    if (strncmp(php_sapi_name(), 'cgi', 3) == 0 and ini_get('cgi.rfc2616_headers'))
    //    $fail['cgi_header_config'] = gTxt('cgi_header_config');
    $guess_site_url = $_SERVER['HTTP_HOST'] . preg_replace('#[/\\\\]$#', '', dirname(dirname($_SERVER['SCRIPT_NAME'])));
    if ($siteurl and strip_prefix($siteurl, 'www.') != strip_prefix($guess_site_url, 'www.')) {
        $fail['site_url_mismatch'] = diag_msg_wrap(gTxt('site_url_mismatch') . cs . $guess_site_url, 'warning');
    }
    // Test clean URL server vars.
    if (hu) {
        if (ini_get('allow_url_fopen') and $permlink_mode != 'messy') {
            $s = md5(uniqid(rand(), true));
            ini_set('default_socket_timeout', 10);
            $pretext_data = @file(hu . $s . '/?txpcleantest=1');
            if ($pretext_data) {
                $pretext_req = trim(@$pretext_data[0]);
                if ($pretext_req != md5('/' . $s . '/?txpcleantest=1')) {
                    $fail['clean_url_data_failed'] = diag_msg_wrap(gTxt('clean_url_data_failed') . cs . txpspecialchars($pretext_req), 'warning');
                }
            } else {
                $fail['clean_url_test_failed'] = diag_msg_wrap(gTxt('clean_url_test_failed'), 'warning');
            }
        }
    }
    if ($tables = list_txp_tables()) {
        $table_errors = check_tables($tables);
        if ($table_errors) {
            $fail['mysql_table_errors'] = diag_msg_wrap(gTxt('mysql_table_errors') . cs . n . t . join(', ' . n . t, $table_errors));
        }
    }
    $active_plugins = array();
    if ($rows = safe_rows('name, version, code_md5, md5(code) as md5', 'txp_plugin', 'status > 0')) {
        foreach ($rows as $row) {
            $n = $row['name'] . '-' . $row['version'];
            if (strtolower($row['md5']) != strtolower($row['code_md5'])) {
                $n .= 'm';
            }
            $active_plugins[] = $n;
        }
    }
    $theme_manifest = $theme->manifest();
    // Check GD info.
    if (function_exists('gd_info')) {
        $gd_info = gd_info();
        $gd_support = array();
        if ($gd_info['GIF Create Support']) {
            $gd_support[] = 'GIF';
        }
        // Aside: In PHP 5.3, they chose to add a previously unemployed capital "E" to the array key.
        if (!empty($gd_info['JPEG Support']) || !empty($gd_info['JPG Support'])) {
            $gd_support[] = 'JPG';
        }
        if ($gd_info['PNG Support']) {
            $gd_support[] = 'PNG';
        }
        if ($gd_support) {
            $gd_support = join(', ', $gd_support);
        } else {
            $gd_support = gTxt('none');
        }
        $gd = gTxt('gd_info', array('{version}' => $gd_info['GD Version'], '{supported}' => $gd_support));
    } else {
        $gd = gTxt('gd_unavailable');
    }
    if (realpath($prefs['tempdir']) === realpath($prefs['plugin_cache_dir'])) {
        $fail['tmp_plugin_paths_match'] = diag_msg_wrap(gTxt('tmp_plugin_paths_match'));
    }
    // Database server time.
    extract(doSpecial(getRow('select @@global.time_zone as db_global_timezone, @@session.time_zone as db_session_timezone, now() as db_server_time, unix_timestamp(now()) as db_server_timestamp')));
    $db_server_timeoffset = $db_server_timestamp - $now;
    echo pagetop(gTxt('tab_diagnostics'), '');
    echo hed(gTxt('tab_diagnostics'), 1, array('class' => 'txp-heading'));
    echo n . '<div id="' . $event . '_container" class="txp-container">' . n . '<div id="pre_flight_check">' . hed(gTxt('preflight_check'), 2);
    if ($fail) {
        foreach ($fail as $help => $message) {
            echo graf(nl2br($message) . popHelp($help));
        }
    } else {
        echo graf(diag_msg_wrap(gTxt('all_checks_passed'), 'success'));
    }
    echo '</div>';
    echo '<div id="diagnostics">', hed(gTxt('diagnostic_info'), 2);
    $fmt_date = '%Y-%m-%d %H:%M:%S';
    $out = array('<p><textarea class="code" id="diagnostics-detail" cols="' . INPUT_LARGE . '" rows="' . TEXTAREA_HEIGHT_LARGE . '" dir="ltr" readonly>', gTxt('txp_version') . cs . txp_version . ' (' . check_file_integrity(INTEGRITY_DIGEST) . ')' . n, gTxt('last_update') . cs . gmstrftime($fmt_date, $dbupdatetime) . '/' . gmstrftime($fmt_date, @filemtime(txpath . '/update/_update.php')) . n, gTxt('document_root') . cs . @$_SERVER['DOCUMENT_ROOT'] . ($real_doc_root != @$_SERVER['DOCUMENT_ROOT'] ? ' (' . $real_doc_root . ')' : '') . n, '$path_to_site' . cs . $path_to_site . n, gTxt('txp_path') . cs . txpath . n, gTxt('permlink_mode') . cs . $permlink_mode . n, ini_get('open_basedir') ? 'open_basedir: ' . ini_get('open_basedir') . n : '', ini_get('upload_tmp_dir') ? 'upload_tmp_dir: ' . ini_get('upload_tmp_dir') . n : '', gTxt('tempdir') . cs . $tempdir . n, gTxt('web_domain') . cs . $siteurl . n, gTxt('php_version') . cs . phpversion() . n, $is_register_globals ? gTxt('register_globals') . cs . $is_register_globals . n : '', gTxt('gd_library') . cs . $gd . n, gTxt('server') . ' TZ: ' . Txp::get('Textpattern_Date_Timezone')->getTimeZone() . n, gTxt('server_time') . cs . strftime('%Y-%m-%d %H:%M:%S') . n, strip_tags(gTxt('is_dst')) . cs . $is_dst . n, strip_tags(gTxt('auto_dst')) . cs . $auto_dst . n, strip_tags(gTxt('gmtoffset')) . cs . $timezone_key . sp . "({$gmtoffset})" . n, 'MySQL' . cs . mysql_get_server_info() . n, gTxt('db_server_time') . cs . $db_server_time . n, gTxt('db_server_timeoffset') . cs . $db_server_timeoffset . ' s' . n, gTxt('db_global_timezone') . cs . $db_global_timezone . n, gTxt('db_session_timezone') . cs . $db_session_timezone . n, gTxt('locale') . cs . $locale . n, isset($_SERVER['SERVER_SOFTWARE']) ? gTxt('server') . cs . $_SERVER['SERVER_SOFTWARE'] . n : '', is_callable('apache_get_version') ? gTxt('apache_version') . cs . @apache_get_version() . n : '', gTxt('php_sapi_mode') . cs . PHP_SAPI . n, gTxt('rfc2616_headers') . cs . ini_get('cgi.rfc2616_headers') . n, gTxt('os_version') . cs . php_uname('s') . ' ' . php_uname('r') . n, $active_plugins ? gTxt('active_plugins') . cs . join(', ', $active_plugins) . n : '', gTxt('theme_name') . cs . $theme_name . sp . $theme_manifest['version'] . n, $fail ? n . gTxt('preflight_check') . cs . n . ln . join("\n", doStripTags($fail)) . n . ln : '', is_readable($path_to_site . '/.htaccess') ? n . gTxt('htaccess_contents') . cs . n . ln . txpspecialchars(join('', file($path_to_site . '/.htaccess'))) . n . ln : '');
    if ($step == 'high') {
        $out[] = n . 'Charset (default/config)' . cs . $DB->default_charset . '/' . $DB->charset . n;
        $result = safe_query("SHOW variables like 'character_se%'");
        while ($row = mysql_fetch_row($result)) {
            $out[] = $row[0] . cs . $row[1] . n;
            if ($row[0] == 'character_set_connection') {
                $conn_char = $row[1];
            }
        }
        $table_names = array(PFX . 'textpattern');
        $result = safe_query("SHOW TABLES LIKE '" . PFX . "txp\\_%'");
        while ($row = mysql_fetch_row($result)) {
            $table_names[] = $row[0];
        }
        $table_msg = array();
        foreach ($table_names as $table) {
            $ctr = safe_query("SHOW CREATE TABLE " . $table . "");
            if (!$ctr) {
                unset($table_names[$table]);
                continue;
            }
            $ctcharset = preg_replace('#^CREATE TABLE.*SET=([^ ]+)[^)]*$#is', '\\1', mysql_result($ctr, 0, 'Create Table'));
            if (isset($conn_char) && !stristr($ctcharset, 'CREATE') && $conn_char != $ctcharset) {
                $table_msg[] = "{$table} is {$ctcharset}";
            }
            $ctr = safe_query("CHECK TABLE " . $table);
            if (in_array(mysql_result($ctr, 0, 'Msg_type'), array('error', 'warning'))) {
                $table_msg[] = $table . cs . mysql_result($ctr, 0, 'Msg_Text');
            }
        }
        if ($table_msg == array()) {
            $table_msg = count($table_names) < 17 ? array('-') : array('OK');
        }
        $out[] = count($table_names) . ' Tables' . cs . implode(', ', $table_msg) . n;
        $cf = preg_grep('/^custom_\\d+/', getThings('describe `' . PFX . 'textpattern`'));
        $out[] = n . get_pref('max_custom_fields', 10) . sp . gTxt('custom') . cs . implode(', ', $cf) . sp . '(' . count($cf) . ')' . n;
        $extns = get_loaded_extensions();
        $extv = array();
        foreach ($extns as $e) {
            $extv[] = $e . (phpversion($e) ? '/' . phpversion($e) : '');
        }
        $out[] = n . gTxt('php_extensions') . cs . join(', ', $extv) . n;
        if (is_callable('apache_get_modules')) {
            $out[] = n . gTxt('apache_modules') . cs . join(', ', apache_get_modules()) . n;
        }
        if (@is_array($pretext_data) and count($pretext_data) > 1) {
            $out[] = n . gTxt('pretext_data') . cs . txpspecialchars(join('', array_slice($pretext_data, 1, 20))) . n;
        }
        $out[] = n;
        if ($md5s = check_file_integrity(INTEGRITY_MD5)) {
            foreach ($md5s as $f => $checksum) {
                $out[] = $f . cs . n . t . (!$checksum ? gTxt('unknown') : $checksum) . n;
            }
        }
        $out[] = n . ln;
    }
    $out[] = callback_event('diag_results', $step) . n;
    $out[] = '</textarea></p>';
    $dets = array('low' => gTxt('low'), 'high' => gTxt('high'));
    $out[] = form(graf(eInput('diag') . n . '<label>' . gTxt('detail') . '</label>' . selectInput('step', $dets, $step, 0, 1)));
    echo join('', $out), '</div>', '</div>';
}
示例#21
0
function makeConfig()
{
    define("nl", "';\n");
    define("o", '$txpcfg[\'');
    define("m", "'] = '");
    $open = chr(60) . '?php';
    $close = '?' . chr(62);
    // Escape single quotes and backslashes in literal PHP strings
    foreach ($_SESSION as $k => $v) {
        $_SESSION[$k] = addcslashes($_SESSION[$k], "'\\");
    }
    $_SESSION = doSpecial($_SESSION);
    return $open . "\n" . o . 'db' . m . $_SESSION['ddb'] . nl . o . 'user' . m . $_SESSION['duser'] . nl . o . 'pass' . m . $_SESSION['dpass'] . nl . o . 'host' . m . $_SESSION['dhost'] . nl . ($_SESSION['dclient_flags'] ? o . 'client_flags' . "'] = " . $_SESSION['dclient_flags'] . ";\n" : '') . o . 'table_prefix' . m . $_SESSION['dprefix'] . nl . o . 'txpath' . m . txpath . nl . o . 'dbcharset' . m . $_SESSION['dbcharset'] . nl . $close;
}
示例#22
0
function author_list($message = '')
{
    global $txp_user, $author_list_pageby;
    pagetop(gTxt('tab_site_admin'), $message);
    if (is_disabled('mail')) {
        echo tag(gTxt('warn_mail_unavailable'), 'p', ' class="alert-block warning" ');
    }
    echo '<h1 class="txp-heading">' . gTxt('tab_site_admin') . '</h1>';
    echo '<div id="users_control" class="txp-control-panel">';
    // Change password button
    echo '<p class="txp-buttons">';
    echo sLink('admin', 'new_pass_form', gTxt('change_password'));
    // Change email address button
    if (!has_privs('admin.edit')) {
        echo n . sLink('admin', 'change_email_form', gTxt('change_email_address'));
    }
    // User list
    if (has_privs('admin.list')) {
        extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
        if ($sort === '') {
            $sort = get_pref('admin_sort_column', 'name');
        }
        if ($dir === '') {
            $dir = get_pref('admin_sort_dir', 'asc');
        }
        $dir = $dir == 'desc' ? 'desc' : 'asc';
        if (!in_array($sort, array('name', 'RealName', 'email', 'privs', 'last_login'))) {
            $sort = 'name';
        }
        $sort_sql = $sort . ' ' . $dir;
        set_pref('admin_sort_column', $sort, 'admin', 2, '', 0, PREF_PRIVATE);
        set_pref('admin_sort_dir', $dir, 'admin', 2, '', 0, PREF_PRIVATE);
        $switch_dir = $dir == 'desc' ? 'asc' : 'desc';
        $criteria = 1;
        if ($search_method and $crit != '') {
            $crit_escaped = doSlash(str_replace(array('\\', '%', '_', '\''), array('\\\\', '\\%', '\\_', '\\\''), $crit));
            $critsql = array('id' => "user_id in ('" . join("','", do_list($crit_escaped)) . "')", 'login' => "name like '%{$crit_escaped}%'", 'real_name' => "RealName like '%{$crit_escaped}%'", 'email' => "email like '%{$crit_escaped}%'", 'privs' => "privs in ('" . join("','", do_list($crit_escaped)) . "')");
            if (array_key_exists($search_method, $critsql)) {
                $criteria = $critsql[$search_method];
            } else {
                $search_method = '';
                $crit = '';
            }
        } else {
            $search_method = '';
            $crit = '';
        }
        $criteria .= callback_event('admin_criteria', 'author_list', 0, $criteria);
        $total = getCount('txp_users', $criteria);
        // New author button
        if (has_privs('admin.edit')) {
            echo n . sLink('admin', 'author_edit', gTxt('add_new_author'));
        }
        echo '</p>';
        // end txp-buttons
        if ($total < 1) {
            if ($criteria != 1) {
                echo n . author_search_form($crit, $search_method) . n . graf(gTxt('no_results_found'), ' class="indicator"') . '</div>';
            }
            return;
        }
        $limit = max($author_list_pageby, 15);
        list($page, $offset, $numPages) = pager($total, $limit, $page);
        $use_multi_edit = has_privs('admin.edit') && safe_count('txp_users', '1=1') > 1;
        echo author_search_form($crit, $search_method) . '</div>';
        $rs = safe_rows_start('*, unix_timestamp(last_access) as last_login', 'txp_users', "{$criteria} order by {$sort_sql} limit {$offset}, {$limit}");
        if ($rs) {
            echo n . '<div id="users_container" class="txp-container">';
            echo '<form action="index.php" id="users_form" class="multi_edit_form" method="post" name="longform">' . n . '<div class="txp-listtables">' . n . startTable('', '', 'txp-list') . n . '<thead>' . n . tr(n . ($use_multi_edit ? hCell(fInput('checkbox', 'select_all', 0, '', '', '', '', '', 'select_all'), '', ' title="' . gTxt('toggle_all_selected') . '" class="multi-edit"') : hCell('', '', ' class="multi-edit"')) . n . column_head('login_name', 'name', 'admin', true, $switch_dir, '', '', ('name' == $sort ? "{$dir} " : '') . 'name login-name') . n . column_head('real_name', 'RealName', 'admin', true, $switch_dir, '', '', ('RealName' == $sort ? "{$dir} " : '') . 'name real-name') . n . column_head('email', 'email', 'admin', true, $switch_dir, '', '', ('email' == $sort ? "{$dir} " : '') . 'email') . n . column_head('privileges', 'privs', 'admin', true, $switch_dir, '', '', ('privs' == $sort ? "{$dir} " : '') . 'privs') . n . column_head('last_login', 'last_login', 'admin', true, $switch_dir, '', '', ('last_login' == $sort ? "{$dir} " : '') . 'date last-login modified')) . n . '</thead>';
            echo '<tbody>';
            while ($a = nextRow($rs)) {
                extract(doSpecial($a));
                echo tr(td((has_privs('admin.edit') and $txp_user != $a['name']) ? fInput('checkbox', 'selected[]', $a['name'], 'checkbox') : '', '', 'multi-edit') . td(has_privs('admin.edit') ? eLink('admin', 'author_edit', 'user_id', $user_id, $name) : $name, '', 'name login-name') . td($RealName, '', 'name real-name') . td('<a href="mailto:' . $email . '">' . $email . '</a>', '', 'email') . td(get_priv_level($privs), '', 'privs') . td($last_login ? safe_strftime('%b&#160;%Y', $last_login) : '', '', 'date last-login modified'));
            }
            echo '</tbody>', n, endTable(), n, '</div>', n, $use_multi_edit ? author_multiedit_form($page, $sort, $dir, $crit, $search_method) : '', n, tInput(), n, '</form>', n, '<div id="users_navigation" class="txp-navigation">', n, nav_form('admin', $page, $numPages, $sort, $dir, $crit, $search_method), n, pageby_form('admin', $author_list_pageby), n, '</div>', n, '</div>';
        }
    } else {
        echo '</div>';
    }
}
示例#23
0
function send_xml_response($response = array())
{
    ob_clean();
    $default_response = array('http-status' => '200 OK');
    // backfill default response properties
    $response = $response + $default_response;
    header('Content-Type: text/xml');
    txp_status_header($response['http-status']);
    $out[] = '<?xml version="1.0" encoding="utf-8" standalone="yes"?>';
    $out[] = '<textpattern>';
    foreach ($response as $element => $value) {
        // element *names* must not contain <>&, *values* may.
        $value = doSpecial($value);
        if (is_array($value)) {
            $out[] = t . "<{$element}>" . n;
            foreach ($value as $e => $v) {
                $out[] = t . t . "<{$e} value='{$v}' />" . n;
            }
            $out[] = t . "</{$element}>" . n;
        } else {
            $out[] = t . "<{$element} value='{$value}' />" . n;
        }
    }
    $out[] = '</textpattern>';
    echo join(n, $out);
    exit;
}
示例#24
0
function rss()
{
    global $prefs, $thisarticle;
    extract($prefs);
    extract(doSlash(gpsa(array('category', 'section', 'limit', 'area'))));
    $area = gps('area');
    $sitename .= $section ? ' - ' . $section : '';
    $sitename .= $category ? ' - ' . $category : '';
    $dn = explode('/', $siteurl);
    $mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0];
    $out[] = tag('http://textpattern.com/?v=' . $version, 'generator');
    $out[] = tag(doSpecial($sitename), 'title');
    $out[] = tag(hu, 'link');
    $out[] = tag(doSpecial($site_slogan), 'description');
    $last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
    $out[] = tag(safe_strftime('rfc822', $last), 'pubDate');
    $articles = array();
    if (!$area or $area == 'article') {
        $sfilter = $section ? "and Section = '" . $section . "'" : '';
        $cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : '';
        $limit = $limit ? $limit : $rss_how_many;
        $limit = intval(min($limit, max(100, $rss_how_many)));
        $frs = safe_column("name", "txp_section", "in_rss != '1'");
        if ($frs) {
            foreach ($frs as $f) {
                $query[] = "and Section != '" . doSlash($f) . "'";
            }
        }
        $query[] = $sfilter;
        $query[] = $cfilter;
        $rs = safe_rows_start("*, unix_timestamp(Posted) as uPosted, ID as thisid", "textpattern", "Status = 4 " . join(' ', $query) . "and Posted < now() order by Posted desc limit {$limit}");
        if ($rs) {
            while ($a = nextRow($rs)) {
                extract($a);
                populateArticleData($a);
                $cb = callback_event('rss_entry');
                $a['posted'] = $uPosted;
                $permlink = permlinkurl($a);
                $summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink));
                $content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink));
                if ($syndicate_body_or_excerpt) {
                    # short feed: use body as summary if there's no excerpt
                    if (!trim($summary)) {
                        $summary = $content;
                    }
                    $content = '';
                }
                if ($show_comment_count_in_feed) {
                    $count = $comments_count > 0 ? ' [' . $comments_count . ']' : '';
                } else {
                    $count = '';
                }
                $Title = escape_output(strip_tags($Title)) . $count;
                $thisauthor = get_author_name($AuthorID);
                $item = tag($Title, 'title') . n . (trim($summary) ? tag(n . escape_cdata($summary) . n, 'description') . n : '') . (trim($content) ? tag(n . escape_cdata($content) . n, 'content:encoded') . n : '') . tag($permlink, 'link') . n . tag(safe_strftime('rfc822', $a['posted']), 'pubDate') . n . tag(htmlspecialchars($thisauthor), 'dc:creator') . n . tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'guid', ' isPermaLink="false"') . n . $cb;
                $articles[$ID] = tag($item, 'item');
                $etags[$ID] = strtoupper(dechex(crc32($articles[$ID])));
                $dates[$ID] = $uPosted;
            }
        }
    } elseif ($area == 'link') {
        $cfilter = $category ? "category='{$category}'" : '1';
        $limit = $limit ? $limit : $rss_how_many;
        $limit = intval(min($limit, max(100, $rss_how_many)));
        $rs = safe_rows_start("*, unix_timestamp(date) as uDate", "txp_link", "{$cfilter} order by date desc limit {$limit}");
        if ($rs) {
            while ($a = nextRow($rs)) {
                extract($a);
                $item = tag(doSpecial($linkname), 'title') . n . tag(doSpecial($description), 'description') . n . tag(doSpecial($url), 'link') . n . tag(safe_strftime('rfc822', $uDate), 'pubDate');
                $articles[$id] = tag($item, 'item');
                $etags[$id] = strtoupper(dechex(crc32($articles[$id])));
                $dates[$id] = $date;
            }
        }
    }
    //turn on compression if we aren't using it already
    if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) {
        @ob_start("ob_gzhandler");
    }
    handle_lastmod();
    $hims = serverset('HTTP_IF_MODIFIED_SINCE');
    $imsd = $hims ? strtotime($hims) : 0;
    if (is_callable('apache_request_headers')) {
        $headers = apache_request_headers();
        if (isset($headers["A-IM"])) {
            $canaim = strpos($headers["A-IM"], "feed");
        } else {
            $canaim = false;
        }
    } else {
        $canaim = false;
    }
    $hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH'));
    $cutarticles = false;
    if ($canaim !== false) {
        foreach ($articles as $id => $thing) {
            if (strpos($hinm, $etags[$id]) !== false) {
                unset($articles[$id]);
                $cutarticles = true;
                $cut_etag = true;
            }
            if ($dates[$id] < $imsd) {
                unset($articles[$id]);
                $cutarticles = true;
                $cut_time = true;
            }
        }
    }
    if (isset($cut_etag) && isset($cut_time)) {
        header("Vary: If-None-Match, If-Modified-Since");
    } else {
        if (isset($cut_etag)) {
            header("Vary: If-None-Match");
        } else {
            if (isset($cut_time)) {
                header("Vary: If-Modified-Since");
            }
        }
    }
    $etag = @join("-", $etags);
    if (strstr($hinm, $etag)) {
        header("HTTP/1.1 304 Not Modified");
        exit;
    }
    if ($cutarticles) {
        //header("HTTP/1.1 226 IM Used");
        //This should be used as opposed to 200, but Apache doesn't like it.
        //http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200.
        header("Cache-Control: no-store, im");
        header("IM: feed");
    }
    $out = array_merge($out, $articles);
    header("Content-Type: application/rss+xml; charset=utf-8");
    if ($etag) {
        header('ETag: "' . $etag . '"');
    }
    return '<?xml version="1.0" encoding="utf-8"?>' . n . '<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/">' . n . tag(join(n, $out), 'channel') . n . '</rss>';
}