function blocks_topic_block($row) { //global $topic, $catid; list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $currentlang = pnUserGetLang(); if (!pnSecAuthAction(0, 'Topicblock::', "{$row['title']}::", ACCESS_READ)) { return; } $language = pnConfigGetVar('language'); $topic = ""; $catid = ""; if (pnConfigGetVar('multilingual') == 1) { $column =& $pntable['stories_column']; $querylang = "AND ({$column['alanguage']}='{$currentlang}' OR {$column['alanguage']}='')"; /* the OR is needed to display stories who are posted to ALL languages */ } else { $querylang = ''; } $column =& $pntable['topics_column']; $result = $dbconn->Execute("SELECT {$column['topicid']} AS topicid, {$column['topicname']} as topicname FROM {$pntable['topics']} ORDER BY topicname"); if ($result->EOF) { return; } else { $boxstuff = '<span class="pn-normal">'; if ($topic == "") { $boxstuff .= "<strong><big>·</big></strong> <b><a href=\"modules.php?op=modload&name=Topics&file=index\">" . _ALL_TOPICS . "</a></b><br>"; } else { $boxstuff .= "<strong><big>·</big></strong> <a href=\"modules.php?op=modload&name=News&file=index&catid={$catid}\">" . _ALL_TOPICS . "</a><br>"; } while (!$result->EOF) { $srow = $result->GetRowAssoc(false); $result->MoveNext(); if (pnSecAuthAction(0, 'Topics::Topic', "{$srow['topicname']}::{$srow['topicid']}", ACCESS_READ)) { $column =& $pntable['stories_column']; $result2 = $dbconn->Execute("SELECT {$column['time']} AS unixtime FROM {$pntable['stories']} WHERE {$column['topic']}={$srow['topicid']} {$querylang} ORDER BY {$column['time']} DESC"); if (!$result2->EOF) { $story = $result2->GetRowAssoc(false); $story['unixtime'] = $result2->UnixTimeStamp($story['unixtime']); $sdate = ml_ftime(_DATEBRIEF, $story['unixtime']); if ($topic == $srow['topicid']) { $boxstuff .= "<strong><big>·</big></strong> <span class=\"pn-title\"><b>{$srow['topicname']}</b></span> <span class=\"pn-sub\">({$sdate})</span><br>"; } else { $boxstuff .= "<strong><big>·</big></strong> <a class=\"pn-normal\" href=\"modules.php?op=modload&name=News&file=index&catid={$catid}&topic={$srow['topicid']}\">{$srow['topicname']}</a> <span class=\"pn-sub\">({$sdate})</span><br>"; } } } } } $boxstuff .= '</span>'; if (empty($row['title'])) { $row['title'] = _TOPICS; } $row['content'] = $boxstuff; return themesideblock($row); }
function blocks_category_block($row) { global $topic, $catid; list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!pnSecAuthAction(0, 'Categoryblock::', "{$row['title']}::", ACCESS_READ)) { return; } if (pnConfigGetVar('multilingual') == 1) { $column =& $pntable['stories_column']; $querylang = "AND ({$column['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$column['alanguage']}='')"; /* the OR is needed to display stories who are posted to ALL languages */ } else { $querylang = ''; } $column =& $pntable['stories_cat_column']; $result = $dbconn->Execute("SELECT {$column['catid']} as catid, {$column['title']} as title FROM {$pntable['stories_cat']} ORDER BY {$column['title']}"); if ($result->EOF) { return; } else { $boxstuff = '<span class="pn-normal">'; if ($catid == "") { // $boxstuff .= '<strong><big>·</big></strong> <b>'._ALL_CATEGORIES.'</b><br />'; $boxstuff .= ""; } else { $boxstuff .= "<strong><big>·</big></strong> <a href=\"modules.php?op=modload&name=News&file=index&topic={$topic}\">" . _ALL_CATEGORIES . "</a><br />"; } for (; !$result->EOF; $result->MoveNext()) { $srow = $result->GetRowAssoc(false); if (pnSecAuthAction(0, 'Stories::Category', "{$srow['title']}::{$srow['catid']}", ACCESS_READ)) { $column =& $pntable['stories_column']; $result2 = $dbconn->Execute("SELECT {$column['time']} AS unixtime\n FROM {$pntable['stories']}\n WHERE {$column['catid']}=" . pnVarPrepForStore($srow['catid']) . " {$querylang}\n ORDER BY {$column['time']} DESC"); if (!$result2->EOF) { $story = $result2->GetRowAssoc(false); $story['unixtime'] = $result2->UnixTimeStamp($story['unixtime']); $sdate = ml_ftime(_DATEBRIEF, $story['unixtime']); if ($catid == $srow['catid']) { $boxstuff .= "<strong><big>·</big></strong> <span class=\"pn-title\"><b>" . pnVarPrepForDisplay($srow['title']) . "</b></span> <span class=\"pn-sub\">(" . pnVarPrepForDisplay($sdate) . ")</span><br />"; } else { $boxstuff .= "<strong><big>·</big></strong> <a class=\"pn-normal\" href=\"modules.php?op=modload&name=News&file=index&catid={$srow['catid']}&topic={$topic}\">" . pnVarPrepForDisplay($srow['title']) . "</a> <span class=\"pn-sub\">(" . pnVarPrepForDisplay($sdate) . ")</span><br />"; } } } } } $boxstuff .= '</span>'; if (empty($row['title'])) { $row['title'] = _CATEGORIES; } $row['content'] = $boxstuff; return themesideblock($row); }
function send_email() { $adminmail = pnConfigGetVar('adminmail'); $subject = "" . _ERROR404_MAILSUBJECT . ""; $sitename = pnConfigGetVar('sitename'); $remote_addr = pnServerGetVar('REMOTE_ADDR'); $http_referer = pnServerGetVar('HTTP_REFERER'); $redirect_url = pnServerGetVar('REDIRECT_URL'); $server = pnServerGetVar('HTTP_HOST'); $errordoc = "http://{$server}{$redirect_url}"; $errortime = ml_ftime(_DATETIMEBRIEF, date(time())); $message = "{$subject}\n\n"; $message .= "TIME: {$errortime}\n"; $message .= "REMOTE_ADDR: {$remote_addr}\n"; $message .= "ERRORDOC: " . pnVarPrepForDisplay($errordoc) . "\n"; $message .= "HTTP_REFERER: {$http_referer}\n"; pnMail($adminmail, $subject, $message, "From: \"{$sitename}\" <{$adminmail}>\nX-Mailer: PHP/" . phpversion()); echo "<br /><br /><strong>" . _ERROR404_MAILED . "</strong>\n"; }
function pnMailHackAttempt($detecting_file = "(no filename available)", $detecting_line = "(no line number available)", $hack_type = "(no type given)", $message = "(no message given)") { # Backwards compatibility fix with php 4.0.x and 4.1.x or greater Neo if (phpversion() >= "4.2.0") { $_pv = $_POST; $_gv = $_GET; $_rv = $_REQUEST; $_sv = $_SERVER; $_ev = $_ENV; $_cv = $_COOKIE; $_fv = $_FILES; $_snv = $_SESSION; } else { global $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_SERVER_VARS, $HTTP_ENV_VARS, $HTTP_COOKIE_VARS, $HTTP_POST_FILES, $HTTP_SESSION_VARS; $_pv = $HTTP_POST_VARS; $_gv = $HTTP_GET_VARS; $_rv = array(); $_sv = $HTTP_SERVER_VARS; $_ev = $HTTP_ENV_VARS; $_cv = $HTTP_COOKIE_VARS; $_fv = $HTTP_POST_FILES; $_snv = $HTTP_SESSION_VARS; } $output = "Attention site admin of " . pnConfigGetVar('sitename') . ",\n"; $output .= "On " . ml_ftime(_DATEBRIEF, GetUserTime(time())); $output .= " at " . ml_ftime(_TIMEBRIEF, GetUserTime(time())); $output .= " the Postnuke code has detected that somebody tried to" . " send information to your site that may have been intended" . " as a hack. Do not panic, it may be harmless: maybe this" . " detection was triggered by something you did! Anyway, it" . " was detected and blocked. \n"; $output .= "The suspicious activity was recognized in {$detecting_file} " . "on line {$detecting_line}, and is of the type {$hack_type}. \n"; $output .= "Additional information given by the code which detected this: " . $message; $output .= "\n\nBelow you will find a lot of information obtained about " . "this attempt, that may help you to find what happened and " . "maybe who did it.\n\n"; $output .= "\n=====================================\n"; $output .= "Information about this user:\n"; $output .= "=====================================\n"; if (!pnUserLoggedIn()) { $output .= "This person is not logged in.\n"; } else { $output .= "Postnuke username: "******"\n" . "Registered email of this Postnuke user: "******"\n" . "Registered real name of this Postnuke user: "******"\n"; } $output .= "IP numbers: [note: when you are dealing with a real cracker " . "these IP numbers might not be from the actual computer he is " . "working on]" . "\n\t IP according to HTTP_CLIENT_IP: " . getenv('HTTP_CLIENT_IP') . "\n\t IP according to REMOTE_ADDR: " . getenv('REMOTE_ADDR') . "\n\t IP according to GetHostByName(\$REMOTE_ADDR): " . GetHostByName($REMOTE_ADDR) . "\n\n"; $output .= "\n=====================================\n"; $output .= "Information in the \$_REQUEST array\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_rv)) { $output .= "REQUEST * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_GET array\n"; $output .= "This is about variables that may have been "; $output .= "in the URL string or in a 'GET' type form.\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_gv)) { $output .= "GET * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_POST array\n"; $output .= "This is about visible and invisible form elements.\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_pv)) { $output .= "POST * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Browser information\n"; $output .= "=====================================\n"; global $HTTP_USER_AGENT; $output .= "HTTP_USER_AGENT: " . $HTTP_USER_AGENT . "\n"; $browser = (array) get_browser(); while (list($key, $value) = each($browser)) { $output .= "BROWSER * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_SERVER array\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_sv)) { $output .= "SERVER * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_ENV array\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_ev)) { $output .= "ENV * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_COOKIE array\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_cv)) { $output .= "COOKIE * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_FILES array\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_fv)) { $output .= "FILES * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_SESSION array\n"; $output .= "This is session info. The variables\n"; $output .= " starting with PNSV are PostNukeSessionVariables.\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_snv)) { $output .= "SESSION * {$key} : {$value}\n"; } $sitename = pnConfigGetVar('sitename'); $adminmail = pnConfigGetVar('adminmail'); $headers = "From: {$sitename} <{$adminmail}>\n" . "X-Priority: 1 (Highest)\n"; pnMail($adminmail, 'Attempted hack on your site? (type: ' . $hack_type . ')', $output, $headers); return; }
function search_stories() { list($startnum, $active_stories, $total, $stories_topics, $stories_cat, $stories_author, $q, $bool) = pnVarCleanFromInput('startnum', 'active_stories', 'total', 'stories_topics', 'stories_cat', 'stories_author', 'q', 'bool'); if (!isset($active_stories) || !$active_stories) { return; } if (!pnModAvailable('News')) { return; } $output =& new pnHTML(); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); if (empty($bool)) { $bool = 'OR'; } $flag = false; $storcol =& $pntable['stories_column']; $stcatcol =& $pntable['stories_cat_column']; $topcol =& $pntable['topics_column']; $query = ''; $query1 = "SELECT {$storcol['sid']} as sid,\n {$topcol['tid']} as topicid,\n {$topcol['topicname']} as topicname,\n {$topcol['topictext']} as topictext,\n {$storcol['catid']} as catid,\n {$storcol['time']} AS fdate,\n {$storcol['title']} AS story_title,\n {$storcol['aid']} AS aid,\n {$stcatcol['title']} AS cat_title\n FROM {$pntable['stories']}\n LEFT JOIN {$pntable['stories_cat']} ON ({$storcol['catid']}={$stcatcol['catid']})\n LEFT JOIN {$pntable['topics']} ON ({$storcol['topic']}={$topcol['tid']})\n WHERE "; // hack to get this to work, but much better than what we had before //$query .= " 1 = 1 "; // words $w = search_split_query($q); if (isset($w)) { foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; $query .= "{$storcol['title']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$storcol['hometext']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$storcol['bodytext']} LIKE '" . pnVarPrepForStore($word) . "' OR "; //$query .= "$storcol[comments] LIKE '".pnVarPrepForStore($word)."' OR "; $query .= "{$storcol['informant']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$storcol['notes']} LIKE '" . pnVarPrepForStore($word) . "'"; $query .= ')'; $flag = true; $no_flag = false; } } else { $no_flag = true; } // topics if (isset($stories_topics) && !empty($stories_topics)) { $flag = false; $start_flag = false; // dont set AND/OR if nothing is in front foreach ($stories_topics as $v) { if (empty($v)) { continue; } if (!$no_flag and !$start_flag) { $query .= ' AND ('; $start_flag = true; } if ($flag) { $query .= ' OR '; } $query .= "{$storcol['topic']}='" . pnVarPrepForStore($v) . "'"; $flag = true; } if (!$no_flag and $start_flag) { $query .= ') '; $no_flag = false; } } // categories if (!is_array($stories_cat)) { $stories_cat[0] = ''; } if (isset($stories_cat[0]) && !empty($stories_cat[0])) { if (!$no_flag) { $query .= ' AND ('; } $flag = false; foreach ($stories_cat as $v) { if ($flag) { $query .= ' OR '; } $query .= "{$stcatcol['catid']}='" . pnVarPrepForStore($v) . "'"; $flag = true; } if (!$no_flag) { $query .= ') '; $no_flag = false; } } // authors if (isset($stories_author) && $stories_author != '') { if (!$no_flag) { $query .= ' AND ('; } $query .= "{$storcol['informant']}='" . pnVarPrepForStore($stories_author) . "'"; $result =& $dbconn->Execute("SELECT {$pntable['users_column']['uid']} as pn_uid FROM {$pntable['users']} WHERE {$pntable['users_column']['uname']} LIKE '%" . pnVarPrepForStore($stories_author) . "%' OR {$pntable['users_column']['name']} LIKE '%" . pnVarPrepForStore($stories_author) . "%'"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); $query .= " OR {$storcol['aid']}={$row['pn_uid']}"; $result->MoveNext(); } if (!$no_flag) { $query .= ') '; $no_flag = false; } } else { $stories_author = ''; } if (pnConfigGetVar('multilingual') == 1) { if (!empty($query)) { $query .= ' AND'; } $query .= " ({$storcol['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$storcol['alanguage']}='')"; } if (empty($query)) { $query = '1'; } $query .= " ORDER BY {$storcol['time']} DESC"; $query = $query1 . $query; // get the total count with permissions! if (empty($total)) { $total = 0; $countres =& $dbconn->Execute($query); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } if (!$result->EOF) { $output->Text(_STORIES_TOPICS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = 'index.php?name=Search&action=search&active_stories=1&stories_author=' . pnVarPrepForDisplay($stories_author); if (isset($stories_cat) && $stories_cat) { foreach ($stories_cat as $v) { $url .= "&stories_cat%5B%5D={$v}"; } } if (isset($stories_topics) && $stories_topics) { foreach ($stories_topics as $v) { $url .= "&stories_topics%5B%5D={$v}"; } } $url .= '&bool=' . pnVarPrepForDisplay($bool); if (isset($q)) { $url .= '&q=' . pnVarPrepForDisplay($q); } $output->Text('<dl>'); while (!$result->EOF) { $row = $result->GetRowAssoc(false); if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) { $row['fdate'] = ml_ftime(_DATELONG, $result->UnixTimeStamp($row['fdate'])); $output->Text('<dt><a href="index.php?name=News&file=article&sid=' . pnVarPrepForDisplay($row['sid']) . '">' . pnVarPrepHTMLDisplay($row['story_title']) . '</a></dt>'); $output->Text('<dd>'); $output->Text(pnVarPrepForDisplay($row['fdate']) . ' ('); if (!empty($row['topicid'])) { $output->Text($row['topictext']); } if (!empty($row['catid'])) { $output->Text(' - ' . pnVarPrepHTMLDisplay($row['cat_title'])); } $output->Text(')</dd>'); } $result->MoveNext(); } $output->Text('</dl>'); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text(_SEARCH_NO_STORIES_TOPICS); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function advheadlines2($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $past = time() - $row['refresh']; if ($row['unix_update'] < $past && $row['url']) { // if(true) { // remove comment for testing purposes // read proxy settings from database $column =& $pntable['headlines_column']; $result = $dbconn->Execute("SELECT {$column['options']} as options, {$column['maxrows']} as maxrows FROM {$pntable['headlines']} WHERE {$column['rssurl']}='{$row['url']}'"); $setting = $result->GetRowAssoc(false); $result->MoveNext(); // Check if the 'P'roxy parameter is set in the options for this url. $use_proxy = stristr($setting['options'], "P") != false; // connect to the rss host $fp = rss_connect($row, $use_proxy); if ($fp) { $rdf = ""; // skip header improves regexp performance (TRICKY CODE!) while (!feof($fp) && fgets($fp, 128) != "\r\n") { } // start reading after the header while (!feof($fp)) { // read fixed blocks of data $rdf[] .= fgets($fp, 128); } // nicely close the connection fputs($fp, "Connection: close\r\n\r\n"); fclose($fp); // for timing purposes $starttime = getmicrotime(); // 'parse' the rdf file $html = parse_rdf2html($rdf, $setting['maxrows'], $setting['options']); // build the contents of the display block $row['hdr_comment'] = "\n<!-- RSS Block start -->\n"; $row['content'] = $html; $time = getmicrotime() - $starttime; $row['ftr_comment'] .= "<-- RSS2 Block end (age: {$age} of {$row['refresh']})[{$stat}] -- runtime: {$time} -->\n\n"; // update block in db $sql_content = addslashes($row['content']); $column =& $pntable['blocks_column']; $sql = "UPDATE {$pntable['blocks']} SET {$column['content']}='{$sql_content}',{$column['last_update']}=NOW() WHERE {$column['bid']}={$row['bid']}"; $result = $dbconn->Execute($sql); if ($dbconn->ErrorNo() != 0) { $row['title'] .= ' *'; $row['content'] .= "<!--\n\n\n" . $dbconn->ErrorMsg() . "\n\n\n{$sql}\n\n\n-->"; exit(0); } } else { // no connection could be established! $content = addslashes('<font class=\\"pn-normal">' . _RSSPROBLEM . '</font>'); $next_try = time() + 600; $column =& $pntable['blocks_column']; $result = $dbconn->Execute("UPDATE {$pntable['blocks']} SET {$column['content']}='{$content}',{$column['last_update']}=FROM_UNIXTIME({$next_try}) WHERE {$column['bid']}={$bid}"); $row['title'] = "{$row['title']} !"; $row['content'] = "{$row['content']}\n\n\n<!--\n\n\n\n\n\n\n" . ml_ftime(_DATETIMELONG, $row['unix_update']) . "\n\n\n\n\n-->\n\n\n\n"; } } else { $row['title'] = $row['title'] . " +"; // chached version indicator } return themesideblock($row); }
function blocks_past_block($row) { $catid = pnVarCleanFromInput('catid'); list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $oldnum = pnConfigGetVar('perpage'); if (!pnSecAuthAction(0, 'Pastblock::', "{$row['title']}::", ACCESS_READ)) { return; } if (pnUserLoggedIn()) { $storyhome = pnUserGetVar('storynum'); } else { $storyhome = pnConfigGetVar('storyhome'); } // Break out options from our content field $vars = pnBlockVarsFromContent($row['content']); // Defaults if (empty($storynum)) { $storynum = 10; } if (empty($vars['limit'])) { $vars['limit'] = 10; } $storynum = $vars['limit']; $column =& $pntable['stories_column']; if (!isset($catid) || $catid == '') { $articles = getArticles("{$column['ihome']}=0", "{$column['time']} DESC", $storynum, $storyhome); } else { $articles = getArticles("{$column['catid']}={$catid}", "{$column['time']} DESC", $storynum, $storyhome); } $time2 = ""; setlocale(LC_TIME, pnConfigGetVar('locale')); $boxstuff = "<table width=\"100%\" cellpadding=\"1\" cellspacing=\"0\" border=\"0\" class=\"pn-normal\">\n"; $vari = 0; $see = 0; foreach ($articles as $article) { $info = genArticleInfo($article); $links = genArticleLinks($info); $preformat = genArticlePreformat($info, $links); // a little bit tricky to remove the bold property from link description // (2001-11-15, hdonner) $preformat['title'] = str_replace("pn-title", "pn-normal", $preformat['title']); if (!pnSecAuthAction(0, 'Stories::Story', "{$info['aid']}:{$info['cattitle']}:{$info['sid']}", ACCESS_READ) || !pnSecAuthAction(0, 'Topics::Topic', "{$info['topicname']}::{$info['tid']}", ACCESS_READ)) { continue; } $see = 1; ereg("([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})", $info['time'], $datetime2); $datetime2 = ml_ftime("" . _DATESTRING2 . "", mktime($datetime2[4], $datetime2[5], $datetime2[6], $datetime2[2], $datetime2[3], $datetime2[1])); $datetime2 = ucfirst($datetime2); if ($time2 == $datetime2) { $boxstuff .= "<tr><td valign=\"top\"><big><strong>·</strong></big></td>" . "<td valign=\"top\" width=\"100%\"><span class=\"pn-normal\">" . $preformat['title'] . " ({$info['comments']})</span></td></tr>\n"; } else { $boxstuff .= "<tr><td colspan=\"2\"><b>{$datetime2}</b></td></tr>\n" . "<tr><td valign=\"top\"><big><strong>·</strong></big></td>" . "<td valign=\"top\" width=\"100%\"><span class=\"pn-normal\">{$preformat['title']} ({$info['comments']})</span></td></tr>\n"; $time2 = $datetime2; } $vari++; if ($vari == $vars['limit']) { $usernum = pnUserGetVar('storynum'); if (!empty($usernum)) { $storynum = $usernum; } else { $storynum = pnConfigGetVar('storyhome'); } $min = $oldnum + $storynum; $boxstuff .= "<tr><td> </td><td valign=\"top\"><a class=\"pn-normal\""; if (!isset($catid)) { $boxstuff .= "href=\"modules.php?op=modload&name=Search&file=index&action=search&overview=1&active_stories=1\"><b>" . _OLDERARTICLES . "</b></a></td></tr>\n"; } else { $boxstuff .= "href=\"modules.php?op=modload&name=Search&file=index&action=search&overview=1&active_stories=1&stories_cat[0]={$catid}\"><b>" . _OLDERARTICLES . "</b></a></td></tr>\n"; } } } $boxstuff .= "</table>"; if ($see == 1) { if (empty($row['title'])) { $row['title'] = _PASTARTICLES; } $row['content'] = $boxstuff; return themesideblock($row); } }
function blocks_stories_block($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $currentlang = pnUserGetLang(); if (!pnSecAuthAction(0, 'Storiesblock::', "{$row['title']}::", ACCESS_READ)) { return; } // Break out options from our content field $vars = pnBlockVarsFromContent($row['content']); // Defaults if (!isset($vars['storiestype'])) { $vars['storiestype'] = 2; } if (!isset($vars['topic'])) { $vars['topic'] = -1; } if (!isset($vars['category'])) { $vars['category'] = -1; } if (!isset($vars['limit'])) { $vars['limit'] = 10; } $row['content'] = ""; $query_started = false; // Base query $storiescolumn = $pntable['stories_column']; $storiescatcolumn = $pntable['stories_cat_column']; $topicscolumn = $pntable['topics_column']; $query = "SELECT {$storiescolumn['aid']} AS \"aid\",\n {$storiescolumn['catid']} AS \"cid\",\n {$storiescatcolumn['title']} AS \"cattitle\",\n {$storiescolumn['sid']} AS \"sid\",\n {$topicscolumn['topicid']} AS \"tid\",\n {$storiescolumn['time']} AS \"time\",\n {$storiescolumn['title']} AS \"title\",\n {$topicscolumn['topicname']} AS \"topicname\"\n\t\t\tFROM \t{$pntable['stories']}"; // Assume mysql start $query .= " LEFT JOIN {$pntable['stories_cat']} ON {$storiescolumn['catid']} = {$storiescatcolumn['catid']}\n\t\t\t\tLEFT JOIN {$pntable['topics']} ON {$storiescolumn['topic']} = {$topicscolumn['topicid']}"; // Assume mysql end // $query .= " WHERE"; $wherearray = array(); // check language if (pnConfigGetVar('multilingual') == 1) { // $query_started = true; // $query .= " ($storiescolumn[alanguage]='" . pnUserGetLang() . "' OR $storiescolumn[alanguage]='')"; $wherearray[] = " ({$storiescolumn['alanguage']}='" . pnUserGetLang() . "' OR {$storiescolumn['alanguage']}='')"; } // Qualifier for front-page/not front-page news // storiestype = 3 - front-page news // storiestype = 1 - not front-page news // storiestype = 2 - all news if ($vars['storiestype'] == '1') { // where clause already started? // if ($query_started == true) { // $query .= " AND"; // } // $query_started = true; // $query .= " $storiescolumn[ihome]=1"; $wherearray[] = " {$storiescolumn['ihome']}=1"; } if ($vars['storiestype'] == '3') { // where clause already started? // if ($query_started == true) { // $query .= " AND"; // } // $query_started = true; // $query .= " $storiescolumn[ihome]=0"; $wherearray[] = " {$storiescolumn['ihome']}=0"; } // Qualifier for particular topic // topic = -1 - all topics? if ($vars['topic'] != -1) { // where clause already started? // if ($query_started == true) { // $query .= " AND"; // } // $query_started = true; // $query .= " $storiescolumn[topic]=" . pnVarPrepForStore($vars['topic']); $wherearray[] = " {$storiescolumn['topic']}=" . pnVarPrepForStore($vars['topic']); } // Qualifier for particular category // category = -1 - all categories if ($vars['category'] != -1) { // where clause already started? // if ($query_started = true) { // $query .= " AND"; // } // $query .= " $storiescolumn[cid]=" . pnVarPrepForStore($vars['category']); $wherearray[] = " {$storiescolumn['cid']}=" . pnVarPrepForStore($vars['category']); } if ($wherearray) { $query .= " WHERE " . implode(" AND ", $wherearray); } // Qualifier for how many stories $query .= " ORDER BY {$storiescolumn['time']} DESC"; // we can't use a limit query since permissions might take effect... //$result = $dbconn->SelectLimit($query, pnVarPrepForStore($vars['limit'])); $result = $dbconn->Execute($query); // Error checking -- jn if ($dbconn->ErrorNo() != 0) { return false; } $shown_results = 0; $postmax = $vars['limit']; while ((list($aid, $cid, $cattitle, $sid, $tid, $time, $title, $topicname) = $result->FetchRow()) && $shown_results < $postmax) { $time = $result->UnixTimeStamp($time); if (!isset($aid)) { $aid = ''; } if ($catid == 0) { // Default category $cattitle = "" . _ARTICLES . ""; } if (pnSecAuthAction(0, 'Stories::Story', "{$aid}:{$cattitle}:{$sid}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$topicname}::{$tid}", ACCESS_READ)) { $row['content'] .= "<strong><big>·</big></strong> <font class=\"pn-sub\"><a class=\"pn-normal\" href=\"modules.php?op=modload&name=News&file=article&sid=" . pnVarPrepForDisplay($sid) . "\">" . pnVarPrepForDisplay($title) . "</a>\n (" . ml_ftime(_DATEBRIEF, $time) . ")</font><br>\n"; $shown_results++; } // removed uncessary MoveNext; FetchRow() from above moves the record set pointer - markwest // Credit rembert http://forums.postnuke.com/index.php?name=PNphpBB2&file=viewtopic&t=14182 // $result->MoveNext(); } if (!empty($row['content'])) { return themesideblock($row); } }
/** * view items * @author Mark West * @param int $startnum the start item id for the pager * @return string HTML output string */ function Admin_Messages_admin_view() { // Security check if (!SecurityUtil::checkPermission('Admin_Messages::', '::', ACCESS_EDIT)) { return LogUtil::registerPermissionError(); } $startnum = FormUtil::getPassedValue('startnum', isset($args['startnum']) ? $args['startnum'] : null, 'GET'); // Create output object $view = Zikula_View::getInstance('Admin_Messages', false); // The user API function is called. This takes the number of items // required and the first number in the list of all items, which we // obtained from the input and gets us the information on the appropriate // items. $items = ModUtil::apiFunc('Admin_Messages', 'user', 'getall', array('startnum' => $startnum, 'numitems' => ModUtil::getVar('Admin_Messages', 'itemsperpage'))); if (!$items) { $items = array(); } $rows = array(); foreach ($items as $item) { if (SecurityUtil::checkPermission('Admin_Messages::', "{$item['title']}::{$item['mid']}", ACCESS_READ)) { $fullitem = ModUtil::apiFunc('Admin_Messages', 'user', 'get', array('mid' => $item['mid'])); if ($fullitem['language'] == '') { $fullitem['language'] = __('All'); } $row[] = $fullitem['language']; if (!isset($fullitem['view'])) { $fullitem['view'] = __('All visitors'); } switch ($fullitem['view']) { case '1': $fullitem['view'] = __('All visitors'); break; case '2': $fullitem['view'] = __('Registered users only'); break; case '3': $fullitem['view'] = __('Anonymous guests only'); break; case '4': $fullitem['view'] = __('Administrators only'); break; } $row[] = $fullitem['view']; if ($fullitem['active'] == 1) { $active = __('Yes'); } else { $active = __('No'); } if ($fullitem['expire'] == 0) { $expire = __('Never'); } else { if ($fullitem['expire'] / 86400 == 1) { $expire = $fullitem['expire'] / 86400 . ' ' . __('day'); } else { $expire = $fullitem['expire'] / 86400 . ' ' . __('days'); } } if ($fullitem['expire'] == 0) { $expiredate = __('No expiration date'); } else { $expiredate = ml_ftime(__('%b %d, %Y - %I:%M %p'), $fullitem['date'] + $fullitem['expire']); } // Options for the item. Note that each item has the appropriate // levels of authentication checked to ensure that it is suitable // for display $options = array(); if (SecurityUtil::checkPermission('Admin_Messages::', "{$item['title']}::{$item['mid']}", ACCESS_EDIT)) { $options[] = array('url' => ModUtil::url('Admin_Messages', 'admin', 'modify', array('mid' => $item['mid'])), 'image' => 'xedit.gif', 'title' => __('Edit')); if (SecurityUtil::checkPermission('Admin_Messages::', "{$item['title']}::{$item['mid']}", ACCESS_DELETE)) { $options[] = array('url' => ModUtil::url('Admin_Messages', 'admin', 'delete', array('mid' => $item['mid'])), 'image' => '14_layer_deletelayer.gif', 'title' => __('Delete')); } } $rows[] = array('mid' => $item['mid'], 'title' => $item['title'], 'language' => $fullitem['language'], 'view' => $fullitem['view'], 'active' => $active, 'expire' => $expire, 'expiredate' => $expiredate, 'options' => $options); } } $view->assign('items', $rows); // Assign the information required to create the pager $view->assign('pager', array('numitems' => ModUtil::apiFunc('Admin_Messages', 'user', 'countitems'), 'itemsperpage' => ModUtil::getVar('Admin_Messages', 'itemsperpage'))); // Return the output that has been generated by this function return $view->fetch('admin_messages_admin_view.htm'); }
function PrintPage($sid) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); // grab the actual story from the database $column =& $pntable['stories_column']; $result = $dbconn->Execute("SELECT {$column['title']},\n {$column['time']},\n {$column['hometext']},\n {$column['bodytext']},\n {$column['topic']},\n {$column['notes']},\n {$column['cid']},\n {$column['aid']}\n FROM {$pntable['stories']} where {$column['sid']} = '" . pnVarPrepForStore($sid) . "'"); list($title, $time, $hometext, $bodytext, $topic, $notes, $cid, $aid) = $result->fields; if (!isset($title) || $title == '') { include 'header.php'; echo _DBSELECTERROR; include 'footer.php'; exit; } if ($dbconn->ErrorNo() != 0) { include 'header.php'; echo _DBSELECTERROR; include 'footer.php'; exit; } // Get data for "autorise check" // Just a temp. solution; // Print.php needs completely redesign by using getArticles() and genArticleInfo() // fix for Stories::Story, Topics::Topic [larsneo] // find out the cattitle if ($cid == 0) { // Default category $cattitle = "" . _ARTICLES . ""; } else { $catcolumn =& $pntable['stories_cat_column']; $catquery = buildSimpleQuery('stories_cat', array('title'), "{$catcolumn['catid']} = {$cid}"); $catresult = $dbconn->Execute($catquery); list($cattitle) = $catresult->fields; } // find out the topictext $topicscolumn =& $pntable['topics_column']; $topicquery = buildSimpleQuery('topics', array('topictext', 'topicname'), "{$topicscolumn['topicid']} = {$topic}"); $topicresult = $dbconn->Execute($topicquery); list($topictext, $topicname) = $topicresult->fields; if (pnSecAuthAction(0, 'Stories::Story', "{$aid}:{$cattitle}:{$sid}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$topicname}::{$topic}", ACCESS_READ)) { // user is authorised to view Stories::Story and Topics::Topic // Increment the read counter $column =& $pntable['stories_column']; $dbconn->Execute("UPDATE {$pntable['stories']} SET {$column['counter']}={$column['counter']}+1 WHERE {$column['sid']}='" . pnVarPrepForStore($sid) . "'"); $time = $result->UnixTimeStamp($time); $cWhereIsPerso = WHERE_IS_PERSO; if (!empty($cWhereIsPerso)) { include "modules/NS-Multisites/print.inc.php"; } else { $themesarein = ""; $ThemeSel = pnUserGetTheme(); } /* with this code there's no output if wiki is removed [larsneo] pnModAPILoad('Wiki', 'user'); list($title, $hometext, $bodytext, $notes) = pnModAPIFunc('wiki', 'user', 'transform', array('objectid' => $sid, 'extrainfo' => array($title, $hometext, $bodytext, $notes))); */ // call hooks list($title, $hometext, $bodytext, $notes) = pnModCallHooks('item', 'transform', '', array($title, $hometext, $bodytext, $notes)); echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n" . "<html>\n" . "<head><title>" . pnConfigGetVar('sitename') . "</title>\n"; if (defined("_CHARSET") && _CHARSET != "") { echo "<META HTTP-EQUIV=\"Content-Type\" " . "CONTENT=\"text/html; charset=" . _CHARSET . "\">\n"; } //changed to local stylesheet //echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"".$themesarein."themes/$ThemeSel/style/style.css\">"; echo "<style type=\"text/css\">\n" . "<!--\n" . ".print-title {\n" . "background-color: transparent;\n" . "color: #990000;\n" . "font-family: Verdana, Arial, sans-serif;\n" . "font-size: 14px;\n" . "font-weight: bold;\n" . "text-decoration: none;\n" . "}\n" . ".print-sub {\n" . "background-color: transparent;\n" . "color: #000000;\n" . "font-family: Verdana, Arial, sans-serif;\n" . "font-size: 11px;\n" . "font-weight: normal;\n" . "text-decoration: none;\n" . "}\n" . ".print-normal {\n" . "background-color: transparent;\n" . "color: #000000;\n" . "font-family: Verdana, Arial, sans-serif;\n" . "font-size: 12px;\n" . "font-weight: normal;\n" . "text-decoration: none;\n" . "}\n" . ".print {\n" . "color: #000000;\n" . "background-color: #FFFFFF;\n" . "}\n" . "-->\n" . "</style>\n"; echo "</head>\n" . "<body class=\"print\" bgcolor=\"#FFFFFF\" text=\"#000000\">\n" . "\n<table border=\"0\" width=\"85%\" cellpadding=\"0\" cellspacing=\"1\" bgcolor=\"#FFFFFF\">\n" . "<tr><td>\n" . "<table border=\"0\" width=\"100%\" cellpadding=\"5\" cellspacing=\"1\" bgcolor=\"#FFFFFF\">\n" . "<tr><td>\n" . "<img src=\"" . WHERE_IS_PERSO . "images/" . pnConfigGetVar('site_logo') . "\" border=\"0\" alt=\"" . pnConfigGetVar('sitename') . "\">\n" . "<br /><br />\n" . "<b><font class=\"print-title\">" . pnVarPrepHTMLDisplay($title) . "</font></b><br /><br />\n" . "<font class=\"print-sub\">" . pnVarPrepHTMLDisplay($cattitle) . " / " . pnVarPrepHTMLDisplay($topictext) . "<br />\n" . "<b>" . _DATE . ":</b> " . ml_ftime(_DATETIMEBRIEF, $time) . "</font>\n" . "</td></tr>\n" . "<tr><td>\n" . "<font class=\"print-normal\">" . pnVarPrepHTMLDisplay($hometext) . "<br /><br />\n"; if (!empty($bodytext)) { echo pnVarPrepHTMLDisplay($bodytext) . "<br />\n"; } if (!empty($notes)) { echo pnVarPrepHTMLDisplay($notes) . "<br />\n"; } else { echo "<br />\n"; } echo "</font>\n" . "</td></tr>\n" . "<tr><td>\n" . "<hr size=\"1\"><font class=\"print-normal\">\n" . "" . _COMESFROM . " " . pnConfigGetVar('sitename') . "<br />\n" . "<a class=\"print-normal\" href=\"" . pnGetBaseURL() . "\">" . pnGetBaseURL() . "</a>\n" . "<br /><br />\n" . "" . _THEURL . "" . "<br />\n" . "<a class=\"print-normal\" href=\"" . pnGetBaseURL() . "modules.php?op=modload&name=News&file=article&sid={$sid}\">" . pnGetBaseURL() . "modules.php?op=modload&name=News&file=article&sid={$sid}" . "</a>\n" . "</font>\n" . "</td></tr>\n" . "</table>\n</td></tr>\n</table>\n" . "</body>\n" . "</html>\n"; } else { // user is not authorised to view Stories::Story and Topics::Topic include 'header.php'; echo _BADAUTHKEY; include 'footer.php'; exit; } }
function search_reviews() { list($active_reviews, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_reviews', 'startnum', 'total', 'bool', 'q'); if (empty($active_reviews)) { return; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $revcol =& $pntable['reviews_column']; $comcol =& $pntable['reviews_comments_column']; $query = "SELECT DISTINCT {$revcol['id']} as id, {$revcol['title']} as title, {$revcol['score']} as score, {$revcol['hits']} as hits, {$revcol['reviewer']} as reviewer, {$revcol['date']} AS fdate\n FROM {$pntable['reviews']} LEFT JOIN {$pntable['reviews_comments']} ON {$comcol['rid']}={$revcol['id']}\n WHERE \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; // reviews $query .= "{$revcol['title']} LIKE '{$word}' OR \n"; $query .= "{$revcol['text']} LIKE '{$word}' OR \n"; $query .= "{$revcol['reviewer']} LIKE '{$word}' OR \n"; $query .= "{$revcol['cover']} LIKE '{$word}' OR \n"; $query .= "{$revcol['url']} LIKE '{$word}' OR \n"; $query .= "{$revcol['url_title']} LIKE '{$word}' OR \n"; // reviews_comments $query .= "{$comcol['comments']} LIKE '{$word}'\n"; $query .= ')'; $flag = true; } if (pnConfigGetVar('multilingual') == 1) { $query .= " AND ({$revcol['rlanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$revcol['rlanguage']}='')"; } $query .= " ORDER BY {$revcol['date']}"; // get the total count with permissions! if (empty($total)) { $total = 0; $countres = $dbconn->Execute($query); while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); if (pnSecAuthAction(0, "Reviews::", "{$row['title']}::{$row['id']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text(_REVIEWS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "modules.php?op=modload&name=Search&file=index&action=search&active_reviews=1&bool={$bool}&q={$q}"; $output->Text("<ul>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); $row['fdate'] = ml_ftime(_DATELONG, $result->UnixTimeStamp($row['fdate'])); if (pnSecAuthAction(0, "Reviews::", "{$row['title']}::{$row['id']}", ACCESS_READ)) { $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=Reviews&file=index&req=showcontent&id={$row['id']}\">{$row['title']}</a> <font class=\"pn-sub\">(score: {$row['score']} - hits: {$row['hits']})</font><br>{$row['reviewer']}<br>{$row['fdate']}</li>"); } $result->MoveNext(); } $output->Text("</ul>"); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text('<font class="pn-normal">' . _SEARCH_NO_REVIEWS . '</font>'); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function blocks_fxp_display($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!pnSecAuthAction(0, 'fxpblock::', "{$row['title']}::", ACCESS_READ)) { return; } $blocktable = $pntable['blocks']; $blockscolumn =& $pntable['blocks_column']; $fxp_port = 5011; $past = time() - $row['refresh']; if ($row['unix_update'] < $past) { // if (true) { $fp = fsockopen('www.oanda.com', $fxp_port, $errno, $errstr, 5); if (!$fp) { if (!isset($bid)) { $bid = ''; } $content = addslashes(_FXPPROBLEM); $next_try = time() + 600; $result = mysql_query("UPDATE {$blocktable} SET {$blockscolumn['content']}='{$content}',{$blockscolumn['last_update']}=FROM_UNIXTIME({$next_try}) WHERE {$blockscolumn['bid']}=" . pnVarPrepForStore($bid) . ""); $row['title'] = "{$row['title']} *"; $row['content'] = "{$row['content']}\n\n\n<!--\n\n\n\n\n\n\n" . ml_ftime(_DATESTRING, $row['unix_update']) . "\n\n\n\n\n-->\n\n\n\n"; return themesideblock($row); } // get an array of currencies $request = "fxp/1.1\r\n" . "Query: currencies\r\n" . "\r\n"; fputs($fp, $request); if (trim(fgets($fp, 128)) == "fxp/1.1 200 ok") { while (trim(fgets($fp, 128))) { // nothing here but us chickens... } // ok, here we go... while ($response = trim(fgets($fp, 128))) { $fxp[] = $response; } } foreach ($fxp as $v) { $iso = substr($v, 0, 3); $desc = substr($v, 4); $currencies[$iso] = $desc; } asort($currencies); // get quotes $rates = explode("\n", trim($row['url'])); usort($rates, 'blocks_fxp_sort'); foreach ($rates as $v) { $temp = explode('|', $v); $request = "fxp/1.1\r\n" . "Query: quote\r\n" . "Quotecurrency: {$temp['1']}\r\n" . "Basecurrency: {$temp['0']}\r\n" . "\r\n"; fputs($fp, $request); if (trim(fgets($fp, 128)) == "fxp/1.1 200 ok") { while (trim(fgets($fp, 128))) { // nothing here but us chickens... } // ok, here we go... if (!isset($cur_cur)) { $cur_cur = ''; } while ($response = trim(fgets($fp, 128))) { if ($cur_cur != $temp[1]) { $quotes[] = '<b>' . $currencies[$temp[1]] . ':</b><br>'; $cur_cur = $temp[1]; } $quotes[] = '<font class="pn-sub"> ' . $currencies[$temp[0]] . ": {$response}</font><br>"; } } else { $content = addslashes(_FXPPROBLEM2); $next_try = time() + 600; if (!isset($bid)) { $bid = ''; } $result = mysql_query("UPDATE {$blocktable} SET {$blockscolumn['content']}='" . pnVarPrepForStore($content) . "',{$blockscolumn['last_update']}=FROM_UNIXTIME({$next_try}) WHERE {$blockscolumn['bid']}=" . pnVarPrepForStore($bid) . ""); $row['title'] = "{$row['title']} *"; $row['content'] = "{$row['content']}\n\n\n<!--\n\n\n\n\n\n\n" . ml_ftime(_DATESTRING, $row['unix_update']) . "\n\n\n\n\n-->\n\n\n\n"; return themesideblock($row); } } fclose($fp); $row['content'] = implode("\n", $quotes); $sql_content = addslashes($row['content']); $sql = "UPDATE {$blocktable} SET {$blockscolumn['content']}='" . pnVarPrepForStore($sql_content) . "',{$blockscolumn['last_update']}=NOW() WHERE {$blockscolumn['bid']}=" . pnVarPrepForStore($row['bid']) . ""; if (!mysql_query($sql)) { $row['title'] .= ' *'; $row['content'] .= "<!--\n\n\n" . mysql_error() . "\n\n\n{$sql}\n\n\n-->"; } } return themesideblock($row); }