function sec_section_list($message = '')
{
pagetop(gTxt('sections'), $message);
global $wlink;
$pageslist = safe_column("name", "txp_page", "1=1");
$styleslist = safe_column("name", "txp_css", "1=1");
$out[] = tr(tdcs(strong(gTxt('section_head')) . popHelp('section_category'), 3));
$out[] = tr(tdcs(form(fInput('text', 'name', '', 'edit', '', '', 10) . fInput('submit', '', gTxt('Create'), 'smallerbox') . eInput('section') . sInput('section_create')), 3));
$defrow = safe_row("page, css", "txp_section", "name like 'default'");
$out[] = form(tr(td(gTxt('default')) . td(startTable('edit', 'left', '') . tr(fLabelCell(gTxt('uses_page') . ':') . td(selectInput('page', $pageslist, $defrow['page']) . popHelp('section_uses_page'), '', 'noline')) . tr(fLabelCell(gTxt('uses_style') . ':') . td(selectInput('css', $styleslist, $defrow['css']) . popHelp('section_uses_css'), '', 'noline')) . tr(tda(fInput('submit', '', gTxt('save_button'), 'smallerbox'), ' colspan="2" style="border:0"')) . endTable()) . td()) . eInput('section') . sInput('section_save') . hInput('name', 'default'));
$rs = safe_rows_start("*", "txp_section", "name!='' order by name");
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
if ($name == 'default') {
continue;
}
$deletelink = dLink('section', 'section_delete', 'name', $name, '', 'type', 'section');
$form = startTable('edit') . stackRows(fLabelCell(gTxt('section_name') . ':') . fInputCell('name', $name, 1, 20), fLabelCell(gTxt('section_longtitle') . ':') . fInputCell('title', $title, 1, 20), fLabelCell(gTxt('uses_page') . ':') . td(selectInput('page', $pageslist, $page) . popHelp('section_uses_page'), '', 'noline'), fLabelCell(gTxt('uses_style') . ':') . td(selectInput('css', $styleslist, $css) . popHelp('section_uses_css'), '', 'noline'), fLabelCell(gTxt('selected_by_default') . '?') . td(yesnoradio('is_default', $is_default) . popHelp('section_is_default'), '', 'noline'), fLabelCell(gTxt('on_front_page') . '?') . td(yesnoradio('on_frontpage', $on_frontpage) . popHelp('section_on_frontpage'), '', 'noline'), fLabelCell(gTxt('syndicate') . '?') . td(yesnoradio('in_rss', $in_rss) . popHelp('section_syndicate'), '', 'noline'), fLabelCell(gTxt('include_in_search') . '?') . td(yesnoradio('searchable', $searchable) . popHelp('section_searchable'), '', 'noline'), tda(fInput('submit', '', gTxt('save_button'), 'smallerbox'), ' colspan="2" style="border:0"')) . endTable() . eInput('section') . sInput('section_save') . hInput('old_name', $name);
$form = form($form);
$out[] = tr(td($name) . td($form) . td($deletelink));
}
}
echo startTable('list') . join('', $out) . endTable();
}
function section_create()
{
global $txpcfg;
$name = ps('name');
//Prevent non url chars on section names
include_once txpath . '/lib/classTextile.php';
$textile = new Textile();
$title = $textile->TextileThis($name, 1);
$name = strtolower(sanitizeForUrl($name));
$chk = fetch('name', 'txp_section', 'name', $name);
if (!$chk) {
if ($name) {
$default = doSlash(safe_row('page, css', 'txp_section', "name = 'default'"));
$rs = safe_insert("txp_section", "name = '" . doSlash($name) . "',\n\t\t\t\t\ttitle = '" . doSlash($title) . "',\n\t\t\t\t\tpage = '" . $default['page'] . "',\n\t\t\t\t\tcss = '" . $default['css'] . "',\n\t\t\t\t\tis_default = 0,\n\t\t\t\t\tin_rss = 1,\n\t\t\t\t\ton_frontpage = 1");
if ($rs) {
update_lastmod();
$message = gTxt('section_created', array('{name}' => $name));
sec_section_list($message);
}
} else {
sec_section_list();
}
} else {
$message = array(gTxt('section_name_already_exists', array('{name}' => $name)), E_ERROR);
sec_section_list($message);
}
}
function form_edit($message = '')
{
global $step, $essential_forms;
pagetop(gTxt('edit_forms'), $message);
extract(gpsa(array('Form', 'name', 'type')));
if ($step == 'form_create') {
$Form = '';
$name = '';
$type = '';
$inputs = fInput('submit', 'savenew', gTxt('save_new'), 'publish') . eInput("form") . sInput('form_save');
} else {
$name = (!$name or $step == 'form_delete') ? 'default' : $name;
$rs = safe_row("*", "txp_form", "name='{$name}'");
if ($rs) {
extract($rs);
$inputs = fInput('submit', 'save', gTxt('save'), 'publish') . eInput("form") . sInput('form_save') . hInput('oldname', $name);
}
}
if (!in_array($name, $essential_forms)) {
$changename = graf(gTxt('form_name') . br . fInput('text', 'name', $name, 'edit', '', '', 15));
} else {
$changename = graf(gTxt('form_name') . br . "<i>{$name}</i>" . hInput('name', $name));
}
$out = startTable('edit') . tr(tdtl(hed(gTxt('useful_tags'), 2) . graf(gTxt('articles') . sp . popHelp('form_place_article') . br . popTagLinks('article')) . graf(gTxt('links') . sp . popHelp('form_place_link') . br . popTagLinks('link')) . graf(gTxt('displayed_comments') . sp . popHelp('form_place_comment') . br . popTagLinks('comment')) . graf(gTxt('comment_form') . sp . popHelp('form_place_input') . br . popTagLinks('comment_form')) . graf(gTxt('search_input_form') . sp . popHelp('form_place_search_input') . br . popTagLinks('search_input')) . graf(gTxt('search_results_form') . sp . popHelp('form_place_search_results') . br . popTagLinks('search_result')) . graf(tag('<strong>' . gTxt('file_download_tags') . '</strong>', 'a', ' href="#" onclick="toggleDisplay(\'downloadtags\');"') . sp . popHelp('form_file_download_tags')) . graf(popTagLinks('file_download'), ' style="display:none;" id="downloadtags"')) . tdtl('<form action="index.php" method="post">' . input_textarea($Form) . $changename . graf(gTxt('form_type') . br . formtypes($type)) . graf(gTxt('only_articles_can_be_previewed')) . fInput('submit', 'preview', gTxt('preview'), 'smallbox') . graf($inputs) . '</form>') . tdtl(form_list($name))) . endTable();
echo $out;
}
function _tc_price_format($price)
{
$result = safe_row("store_currency", "store_settings", "1");
if (count($result) == 0) {
$currency = safe_row("*", "currencies", "currency_code = 'USD'");
} else {
$currency = safe_row("*", "currencies", "currency_code = '" . $result['store_currency'] . "'");
}
$return = $currency['currency_symbol'] . number_format(intval($price), 2);
return $return;
}
function tree_insert_space($table, $parent, $where = '1=1')
{
$root = doSlash($parent);
$row = safe_row("lft as l, rgt as r", $table, "id='{$root}' and {$where}");
if (empty($row)) {
trigger_error('no such node ' . $parent);
return false;
}
extract($row);
safe_update($table, "rgt=rgt+2", "rgt >= '{$r}' and {$where}");
safe_update($table, "lft=lft+2", "lft >= '{$r}' and {$where}");
return array($r, $r + 1);
}
function discuss_edit()
{
$discussid = gps('discussid');
extract(safe_row("*", "txp_discuss", "discussid='{$discussid}'"));
$ta = '<textarea name="message" cols="60" rows="15">' . preg_replace(array('/</', '/>/'), array('<', '>'), $message) . '</textarea>';
if (fetch('ip', 'txp_discuss_ipban', 'ip', $ip)) {
$banstep = 'ipban_unban';
$bantext = gTxt('unban');
} else {
$banstep = 'ipban_add';
$bantext = gTxt('ban');
}
$banlink = '[<a href="?event=discuss' . a . 'step=' . $banstep . a . 'ip=' . $ip . a . 'name=' . urlencode($name) . a . 'discussid=' . $discussid . '">' . $bantext . '</a>]';
pagetop(gTxt('edit_comment'));
echo form(startTable('edit') . stackRows(fLabelCell('name') . fInputCell('name', $name), fLabelCell('email') . fInputCell('email', $email), fLabelCell('website') . fInputCell('web', $web), td() . td($ta), fLabelCell('visible') . td(checkbox('visible', 1, $visible)), fLabelCell('IP') . td($ip . sp . $banlink), td() . td(fInput('submit', 'step', gTxt('save'), 'publish')), hInput("discussid", $discussid) . hInput('ip', $ip) . hInput('parentid', $parentid) . eInput('discuss') . sInput('discuss_save')) . endTable());
}
function sec_section_list($message = '')
{
global $wlink;
pagetop(gTxt('sections'), $message);
$default = safe_row('page, css', 'txp_section', "name = 'default'");
$pages = safe_column('name', 'txp_page', "1 = 1");
$styles = safe_column('name', 'txp_css', "1 = 1");
echo n . n . startTable('list') . n . n . tr(tda(n . n . hed(gTxt('section_head') . sp . popHelp('section_category'), 1) . n . n . form(fInput('text', 'name', '', 'edit', '', '', 10) . fInput('submit', '', gTxt('create'), 'smallerbox') . eInput('section') . sInput('section_create')), ' colspan="3"')) . n . n . tr(td(gTxt('default')) . td(form('<table>' . tr(fLabelCell(gTxt('uses_page') . ':') . td(selectInput('page', $pages, $default['page']) . sp . popHelp('section_uses_page'), '', 'noline')) . tr(fLabelCell(gTxt('uses_style') . ':') . td(selectInput('css', $styles, $default['css']) . sp . popHelp('section_uses_css'), '', 'noline')) . tr(tda(fInput('submit', '', gTxt('save_button'), 'smallerbox') . eInput('section') . sInput('section_save') . hInput('name', 'default'), ' colspan="2" class="noline"')) . endTable())) . td());
$rs = safe_rows_start('*', 'txp_section', "name != 'default' order by name");
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
echo n . n . tr(n . td($name) . n . td(form('<table>' . n . n . tr(fLabelCell(gTxt('section_name') . ':') . fInputCell('name', $name, 1, 20)) . n . n . tr(fLabelCell(gTxt('section_longtitle') . ':') . fInputCell('title', $title, 1, 20)) . n . n . tr(fLabelCell(gTxt('uses_page') . ':') . td(selectInput('page', $pages, $page) . sp . popHelp('section_uses_page'), '', 'noline')) . n . n . tr(fLabelCell(gTxt('uses_style') . ':') . td(selectInput('css', $styles, $css) . sp . popHelp('section_uses_css'), '', 'noline')) . n . n . tr(fLabelCell(gTxt('selected_by_default')) . td(yesnoradio('is_default', $is_default, '', $name) . sp . popHelp('section_is_default'), '', 'noline')) . n . n . tr(fLabelCell(gTxt('on_front_page')) . td(yesnoradio('on_frontpage', $on_frontpage, '', $name) . sp . popHelp('section_on_frontpage'), '', 'noline')) . n . n . tr(fLabelCell(gTxt('syndicate')) . td(yesnoradio('in_rss', $in_rss, '', $name) . sp . popHelp('section_syndicate'), '', 'noline')) . n . n . tr(fLabelCell(gTxt('include_in_search')) . td(yesnoradio('searchable', $searchable, '', $name) . sp . popHelp('section_searchable'), '', 'noline')) . n . n . tr(tda(fInput('submit', '', gTxt('save_button'), 'smallerbox') . eInput('section') . sInput('section_save') . hInput('old_name', $name), ' colspan="2" class="noline"')) . endTable(), '', '', 'post', '', 'section-' . $name)) . td(dLink('section', 'section_delete', 'name', $name, '', 'type', 'section')), " id=\"section-{$name}\"");
}
}
echo n . n . endTable();
}
function send_reset_confirmation_request($name)
{
global $sitename;
$rs = safe_row('email, nonce', 'txp_users', "name = '" . doSlash($name) . "'");
if ($rs) {
extract($rs);
$confirm = bin2hex(pack('H*', substr(md5($nonce), 0, 10)) . $name);
$message = gTxt('greeting') . ' ' . $name . ',' . n . n . gTxt('password_reset_confirmation') . ': ' . n . hu . 'textpattern/index.php?confirm=' . $confirm;
if (txpMail($email, "[{$sitename}] " . gTxt('password_reset_confirmation_request'), $message)) {
return gTxt('password_reset_confirmation_request_sent');
} else {
return gTxt('could_not_mail');
}
} else {
return gTxt('unknown_author', array('{name}' => htmlspecialchars($name)));
}
}
function sec_section_list($message = '')
{
global $wlink;
pagetop(gTxt('sections'), $message);
$default = safe_row('page, css', 'txp_section', "name = 'default'");
$home = safe_row('page, css', 'txp_section', "name = 'home'");
$pages = safe_column('name', 'txp_page', "1 = 1");
$styles = safe_column('name', 'txp_css', "1 = 1");
echo n . n . startTable('list') . n . n . tr(tda(n . n . hed(gTxt('section_head') . sp . popHelp('section_category'), 1) . n . n . form(fInput('text', 'name', '', 'edit', '', '', 10) . fInput('submit', '', gTxt('create'), 'smallerbox') . eInput('section') . sInput('section_create')), ' colspan="3"')) . n . n . tr(tda(gTxt('home'), ' onclick="toggleDisplay(\'section_home\'); return false;"') . td(form('<table id="section_home">' . tr(fLabelCell(gTxt('uses_page') . ':') . td(selectInput('page', $pages, $home['page']) . sp . popHelp('section_uses_page'), '', 'noline')) . tr(fLabelCell(gTxt('uses_style') . ':') . td(selectInput('css', $styles, $home['css']) . sp . popHelp('section_uses_css'), '', 'noline')) . pluggable_ui('section_ui', 'extend_detail_form', '', $home) . tr(tda(fInput('submit', '', gTxt('save_button'), 'smallerbox') . eInput('section') . sInput('section_save') . hInput('name', 'home'), ' colspan="2" class="noline"')) . endTable())) . td()) . n . n . tr(tda(gTxt('default'), ' onclick="toggleDisplay(\'section_default\'); return false;"') . td(form('<table id="section_default">' . tr(fLabelCell(gTxt('uses_page') . ':') . td(selectInput('page', $pages, $default['page']) . sp . popHelp('section_uses_page'), '', 'noline')) . tr(fLabelCell(gTxt('uses_style') . ':') . td(selectInput('css', $styles, $default['css']) . sp . popHelp('section_uses_css'), '', 'noline')) . pluggable_ui('section_ui', 'extend_detail_form', '', $default) . tr(tda(fInput('submit', '', gTxt('save_button'), 'smallerbox') . eInput('section') . sInput('section_save') . hInput('name', 'default'), ' colspan="2" class="noline"')) . endTable())) . td());
$rs = safe_rows_start('*', 'txp_section', "name != 'default' AND name != 'home' order by name");
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
echo n . n . tr(n . tda($name, ' onclick="toggleDisplay(\'section_' . $name . '\'); return false;"') . n . td(form('<table id="section_' . $name . '">' . n . n . tr(fLabelCell(gTxt('section_name') . ':') . fInputCell('name', $name, 1, 20)) . n . n . tr(fLabelCell(gTxt('section_longtitle') . ':') . fInputCell('title', $title, 1, 20)) . n . n . tr(fLabelCell(gTxt('uses_page') . ':') . td(selectInput('page', $pages, $page) . sp . popHelp('section_uses_page'), '', 'noline')) . n . n . tr(fLabelCell(gTxt('uses_style') . ':') . td(selectInput('css', $styles, $css) . sp . popHelp('section_uses_css'), '', 'noline')) . n . n . tr(fLabelCell(gTxt('selected_by_default')) . td(yesnoradio('is_default', $is_default, '', $name) . sp . popHelp('section_is_default'), '', 'noline')) . n . n . tr(fLabelCell(gTxt('on_front_page')) . td(yesnoradio('on_frontpage', $on_frontpage, '', $name) . sp . popHelp('section_on_frontpage'), '', 'noline')) . n . n . tr(fLabelCell(gTxt('syndicate')) . td(yesnoradio('in_rss', $in_rss, '', $name) . sp . popHelp('section_syndicate'), '', 'noline')) . n . n . tr(fLabelCell(gTxt('include_in_search')) . td(yesnoradio('searchable', $searchable, '', $name) . sp . popHelp('section_searchable'), '', 'noline')) . n . n . tr(fLabelCell(gTxt('section_descr') . ':') . fTextCell('descr', $descr, 1, 4, 20)) . n . n . tr(fLabelCell(gTxt('section_metakey') . ':') . fInputCell('metakey', $metakey, 1, 20)) . n . n . tr(fLabelCell(gTxt('section_metadesc') . ':') . fTextCell('metadesc', $metadesc, 1, 4, 20)) . pluggable_ui('section_ui', 'extend_detail_form', '', $a) . n . n . tr(tda(fInput('submit', '', gTxt('save_button'), 'smallerbox') . eInput('section') . sInput('section_save') . hInput('old_name', $name), ' colspan="2" class="noline"')) . endTable(), '', '', 'post', '', 'section-' . $name)) . td(dLink('section', 'section_delete', 'name', $name, '', 'type', 'section')), " id=\"section-{$name}\" class=\"jsection\" ");
}
}
echo n . n . endTable();
}
function send_reset_confirmation_request($name)
{
global $sitename;
$rs = safe_row('email, nonce', 'txp_users', "name = '" . doSlash($name) . "'");
if ($rs) {
extract($rs);
$confirm = bin2hex(pack('H*', substr(md5($nonce), 0, 10)) . $name);
$message = gTxt('greeting') . ' ' . $name . ',' . n . n . gTxt('password_reset_confirmation') . ': ' . n . hu . 'textpattern/index.php?confirm=' . $confirm;
if (txpMail($email, "[{$sitename}] " . gTxt('password_reset_confirmation_request'), $message)) {
return gTxt('password_reset_confirmation_request_sent');
} else {
return array(gTxt('could_not_mail'), E_ERROR);
}
} else {
// Though 'unknown_author' could be thrown, send generic 'request_sent' message
// instead so that (non-)existence of account names are not leaked
return gTxt('password_reset_confirmation_request_sent');
}
}
function link_edit($message = "")
{
global $vars, $step;
extract(gpsa($vars));
pagetop(gTxt('edit_links', $message));
$id = gps('id');
if ($id && $step == 'link_edit') {
extract(safe_row("*", "txp_link", "id = {$id}"));
}
if ($step == 'link_save' or $step == 'link_post') {
foreach ($vars as $var) {
${$var} = '';
}
}
$textarea = '<textarea name="description" cols="40" rows="7" tabindex="4">' . $description . '</textarea>';
$selects = linkcategory_popup($category);
$editlink = ' [' . eLink('category', 'list', '', '', gTxt('edit')) . ']';
$out = startTable('edit') . tr(fLabelCell('title') . fInputCell('linkname', $linkname, 1, 30)) . tr(fLabelCell('sort_value') . fInputCell('linksort', $linksort, 2, 15)) . tr(fLabelCell('url', 'link_url') . fInputCell('url', $url, 3, 30)) . tr(fLabelCell('link_category', 'link_category') . td($selects . $editlink)) . tr(fLabelCell('description', 'link_description') . tda($textarea, ' valign="top"')) . tr(td() . td(fInput("submit", '', gTxt('save'), "publish"))) . endTable() . eInput('link') . sInput($step == 'link_edit' ? 'link_save' : 'link_post') . hInput('id', $id);
echo form($out);
echo link_list();
}
function form_edit($message = '')
{
global $step;
pagetop(gTxt('edit_forms'), $message);
extract(gpsa(array('Form', 'name', 'type')));
if ($step == 'form_create') {
$Form = '';
$name = '';
$type = '';
$inputs = fInput('submit', 'savenew', gTxt('save_new'), 'smallbox') . eInput("form") . sInput('form_save');
} else {
$name = (!$name or $step == 'form_delete') ? 'default' : $name;
$rs = safe_row("*", "txp_form", "name='{$name}'");
if ($rs) {
extract($rs);
$inputs = fInput('submit', 'save', gTxt('save'), 'smallbox') . eInput("form") . sInput('form_save') . hInput('oldname', $name);
}
}
$out = startTable('edit') . tr(tdtl(hed(gTxt('useful_tags'), 2) . graf(gTxt('articles') . sp . popHelp('form_place_article') . br . popTagLinks('article')) . graf(gTxt('links') . sp . popHelp('form_place_link') . br . popTagLinks('link')) . graf(gTxt('displayed_comments') . sp . popHelp('form_place_comment') . br . popTagLinks('comment')) . graf(gTxt('comment_form') . sp . popHelp('form_place_input') . br . popTagLinks('comment_form')) . graf(gTxt('search_input_form') . sp . popHelp('form_place_search_input') . br . popTagLinks('search_input')) . graf(gTxt('search_results_form') . sp . popHelp('form_place_search_results') . br . popTagLinks('search_result'))) . tdtl('<form action="index.php" method="post">' . input_textarea($Form) . graf(gTxt('form_name') . br . fInput('text', 'name', $name, 'edit', '', '', 15)) . graf(gTxt('form_type') . br . formtypes($type)) . graf(gTxt('only_articles_can_be_previewed')) . fInput('submit', 'preview', gTxt('preview'), 'smallbox') . graf($inputs) . '</form>') . tdtl(form_list($name))) . endTable();
echo $out;
}
function form_edit($message = '')
{
global $step, $essential_forms;
pagetop(gTxt('edit_forms'), $message);
extract(gpsa(array('Form', 'name', 'type')));
$name = trim(preg_replace('/[<>&"\']/', '', $name));
if ($step == 'form_create') {
$inputs = fInput('submit', 'savenew', gTxt('save_new'), 'publish') . eInput("form") . sInput('form_save');
} else {
$name = (!$name or $step == 'form_delete') ? 'default' : $name;
$rs = safe_row("*", "txp_form", "name='" . doSlash($name) . "'");
extract($rs);
$inputs = fInput('submit', 'save', gTxt('save'), 'publish') . eInput("form") . sInput('form_save') . hInput('oldname', $name);
}
if (!in_array($name, $essential_forms)) {
$changename = graf(gTxt('form_name') . br . fInput('text', 'name', $name, 'edit', '', '', 15));
} else {
$changename = graf(gTxt('form_name') . br . tag($name, 'em') . hInput('name', $name));
}
$out = startTable('edit') . tr(tdtl(hed(gTxt('tagbuilder'), 2) . hed('<a href="#article-tags" onclick="toggleDisplay(\'article-tags\'); return false;">' . gTxt('articles') . '</a>' . sp . popHelp('form_articles'), 3, ' class="plain"') . '<div id="article-tags" class="toggle on" style="display:block">' . popTagLinks('article') . '</div>' . hed('<a href="#link-tags" onclick="toggleDisplay(\'link-tags\'); return false;">' . gTxt('links') . '</a>' . sp . popHelp('form_place_link'), 3, ' class="plain"') . '<div id="link-tags" class="toggle" style="display:none">' . popTagLinks('link') . '</div>' . hed('<a href="#comment-tags" onclick="toggleDisplay(\'comment-tags\'); return false;">' . gTxt('comments') . '</a>' . sp . popHelp('form_comments'), 3, ' class="plain"') . '<div id="comment-tags" class="toggle" style="display:none">' . popTagLinks('comment') . '</div>' . hed('<a href="#comment-detail-tags" onclick="toggleDisplay(\'comment-detail-tags\'); return false;">' . gTxt('comment_details') . '</a>' . sp . popHelp('form_comment_details'), 3, ' class="plain"') . '<div id="comment-detail-tags" class="toggle" style="display:none">' . popTagLinks('comment_details') . '</div>' . hed('<a href="#comment-form-tags" onclick="toggleDisplay(\'comment-form-tags\'); return false;">' . gTxt('comment_form') . '</a>' . sp . popHelp('form_comment_form'), 3, ' class="plain"') . '<div id="comment-form-tags" class="toggle" style="display:none">' . popTagLinks('comment_form') . '</div>' . hed('<a href="#search-result-tags" onclick="toggleDisplay(\'search-result-tags\'); return false;">' . gTxt('search_results_form') . '</a>' . sp . popHelp('form_search_results'), 3, ' class="plain"') . '<div id="search-result-tags" class="toggle" style="display:none">' . popTagLinks('search_result') . '</div>' . hed('<a href="#file-tags" onclick="toggleDisplay(\'file-tags\'); return false;">' . gTxt('file_download_tags') . '</a>' . sp . popHelp('form_file_download_tags'), 3, ' class="plain"') . '<div id="file-tags" class="toggle" style="display:none">' . popTagLinks('file_download') . '</div>' . hed('<a href="#category-tags" onclick="toggleDisplay(\'category-tags\'); return false;">' . gTxt('category_tags') . '</a>' . sp . popHelp('form_category_tags'), 3, ' class="plain"') . '<div id="category-tags" class="toggle" style="display:none">' . popTagLinks('category') . '</div>' . hed('<a href="#section-tags" onclick="toggleDisplay(\'section-tags\'); return false;">' . gTxt('section_tags') . '</a>' . sp . popHelp('form_section_tags'), 3, ' class="plain"') . '<div id="section-tags" class="toggle" style="display:none">' . popTagLinks('section') . '</div>') . tdtl('<form action="index.php" method="post">' . '<textarea id="form" class="code" name="Form" cols="60" rows="20">' . htmlspecialchars($Form) . '</textarea>' . $changename . graf(gTxt('form_type') . br . formtypes($type)) . graf(gTxt('only_articles_can_be_previewed')) . fInput('submit', 'form_preview', gTxt('preview'), 'smallbox') . graf($inputs) . '</form>') . tdtl(form_list($name))) . endTable();
echo $out;
}
/**
* Emails a new user with account details and requests they set a password.
*
* @param string $name The login name
* @return bool FALSE on error.
*/
function send_account_activation($name)
{
global $sitename;
require_privs('admin.edit');
$rs = safe_row("user_id, email, nonce, RealName, pass", 'txp_users', "name = '" . doSlash($name) . "'");
if ($rs) {
extract($rs);
$uid = assert_int($user_id);
// The selector becomes an indirect reference to the txp_users row,
// which does not leak information.
$selector = Txp::get('\\Textpattern\\Password\\Random')->generate(12);
$expiryTimestamp = time() + 60 * 60 * ACTIVATION_EXPIRY_HOURS;
$expiryYear = safe_strftime('%Y', $expiryTimestamp);
$expiryMonth = safe_strftime('%B', $expiryTimestamp);
$expiryDay = safe_strftime('%Oe', $expiryTimestamp);
$expiryTime = safe_strftime('%H:%M', $expiryTimestamp);
$expiry = strftime('%Y-%m-%d %H:%M:%S', $expiryTimestamp);
// Use a hash of the nonce, selector and (temporary, already discarded) password.
// This ensures that activation requests expire automatically when:
// a) The person logs in, or
// b) They successfully set their password
// Using the selector in the hash just injects randomness, otherwise two requests
// back-to-back would generate the same activation code.
// Old activation tokens for the same user id are purged when password is set.
$token = bin2hex(pack('H*', substr(hash(HASHING_ALGORITHM, $nonce . $selector . $pass), 0, SALT_LENGTH)));
$activation_code = $token . $selector;
// Remove any previous activation tokens and insert the new one.
safe_delete("txp_token", "reference_id = {$uid} AND type = 'account_activation'");
safe_insert("txp_token", "reference_id = {$uid},\n type = 'account_activation',\n selector = '" . doSlash($selector) . "',\n token = '" . doSlash($token) . "',\n expires = '" . doSlash($expiry) . "'\n ");
$message = gTxt('salutation', array('{name}' => $RealName)) . n . n . gTxt('you_have_been_registered') . ' ' . $sitename . n . n . gTxt('your_login_is') . ': ' . $name . n . n . gTxt('account_activation_confirmation') . n . hu . 'textpattern/index.php?activate=' . $activation_code . n . n . gTxt('link_expires', array('{year}' => $expiryYear, '{month}' => $expiryMonth, '{day}' => $expiryDay, '{time}' => $expiryTime));
if (txpMail($email, "[{$sitename}] " . gTxt('account_activation'), $message)) {
return gTxt('login_sent_to', array('{email}' => $email));
} else {
return array(gTxt('could_not_mail'), E_ERROR);
}
}
}
function getTree($root, $type)
{
$root = doSlash($root);
extract(safe_row("lft as l, rgt as r", "txp_category", "name='{$root}' and type = '{$type}'"));
$right = array();
$rs = safe_rows_start("id, name, lft, rgt, parent, title", "txp_category", "lft between {$l} and {$r} and type = '{$type}' order by lft asc");
while ($row = nextRow($rs)) {
extract($row);
while (count($right) > 0 && $right[count($right) - 1] < $rgt) {
array_pop($right);
}
$out[] = array('id' => $id, 'name' => $name, 'title' => $title, 'level' => count($right), 'children' => ($rgt - $lft - 1) / 2);
$right[] = $rgt;
}
return $out;
}
function set_pref($name, $val, $event = 'publish', $type = 0, $html = 'text_input', $position = 0, $is_private = PREF_GLOBAL)
{
global $txp_user;
extract(doSlash(func_get_args()));
$user_name = '';
if ($is_private == PREF_PRIVATE) {
if (empty($txp_user)) {
return false;
}
$user_name = 'user_name = \'' . doSlash($txp_user) . '\'';
}
if (!safe_row('name', 'txp_prefs', "name = '{$name}'" . ($user_name ? " AND {$user_name}" : ''))) {
$user_name = $user_name ? "{$user_name}," : '';
return safe_insert('txp_prefs', "\n\t\t\t\tname = '{$name}',\n\t\t\t\tval = '{$val}',\n\t\t\t\tevent = '{$event}',\n\t\t\t\thtml = '{$html}',\n\t\t\t\ttype = '{$type}',\n\t\t\t\tposition = '{$position}',\n\t\t\t\t{$user_name}\n\t\t\t\tprefs_id = 1");
} else {
return safe_update('txp_prefs', "val = '{$val}'", "name like '{$name}'" . ($user_name ? " AND {$user_name}" : ''));
}
}
function article_edit($message = '', $concurrent = FALSE)
{
global $vars, $txp_user, $comments_disabled_after, $txpcfg, $prefs;
extract($prefs);
extract(gpsa(array('view', 'from_view', 'step')));
if (!empty($GLOBALS['ID'])) {
// newly-saved article
$ID = $GLOBALS['ID'];
$step = 'edit';
} else {
$ID = gps('ID');
}
include_once txpath . '/lib/classTextile.php';
$textile = new Textile();
// switch to 'text' view upon page load and after article post
if (!$view || gps('save') || gps('publish')) {
$view = 'text';
}
if (!$step) {
$step = "create";
}
if ($step == "edit" && $view == "text" && !empty($ID) && $from_view != 'preview' && $from_view != 'html' && !$concurrent) {
$pull = true;
//-- it's an existing article - off we go to the db
$ID = assert_int($ID);
$rs = safe_row("*, unix_timestamp(Posted) as sPosted,\n\t\t\t\tunix_timestamp(Expires) as sExpires,\n\t\t\t\tunix_timestamp(LastMod) as sLastMod", "textpattern", "ID={$ID}");
extract($rs);
$reset_time = $publish_now = $Status < 4;
} else {
$pull = false;
//-- assume they came from post
if ($from_view == 'preview' or $from_view == 'html') {
$store_out = array();
$store = unserialize(base64_decode(ps('store')));
foreach ($vars as $var) {
if (isset($store[$var])) {
$store_out[$var] = $store[$var];
}
}
} else {
$store_out = gpsa($vars);
if ($concurrent) {
$store_out['sLastMod'] = safe_field('unix_timestamp(LastMod) as sLastMod', 'textpattern', 'ID=' . $ID);
}
}
extract($store_out);
}
$GLOBALS['step'] = $step;
if ($step == 'create') {
$textile_body = $use_textile;
$textile_excerpt = $use_textile;
}
if ($step != 'create') {
// Previous record?
$prev_id = checkIfNeighbour('prev', $sPosted);
// Next record?
$next_id = checkIfNeighbour('next', $sPosted);
}
$page_title = $Title ? $Title : gTxt('write');
pagetop($page_title, $message);
echo n . n . '<form name="article" method="post" action="index.php">';
if (!empty($store_out)) {
echo hInput('store', base64_encode(serialize($store_out)));
}
echo hInput('ID', $ID) . eInput('article') . sInput($step) . '<input type="hidden" name="view" />' . startTable('edit') . '<tr>' . n . '<td id="article-col-1">';
if ($view == 'text') {
//-- markup help --------------
echo side_help($textile_body, $textile_excerpt) . '<h3 class="plain"><a href="#advanced" onclick="toggleDisplay(\'advanced\'); return false;">' . gTxt('advanced_options') . '</a></h3>', '<div id="advanced" class="toggle" style="display:none">', n . graf('<label for="markup-body">' . gTxt('article_markup') . '</label>' . br . pref_text('textile_body', $textile_body, 'markup-body')), n . graf('<label for="markup-excerpt">' . gTxt('excerpt_markup') . '</label>' . br . pref_text('textile_excerpt', $textile_excerpt, 'markup-excerpt')), $allow_form_override ? graf('<label for="override-form">' . gTxt('override_default_form') . '</label>' . sp . popHelp('override_form') . br . form_pop($override_form, 'override-form')) : '', $custom_1_set ? custField(1, $custom_1_set, $custom_1) : '', $custom_2_set ? custField(2, $custom_2_set, $custom_2) : '', $custom_3_set ? custField(3, $custom_3_set, $custom_3) : '', $custom_4_set ? custField(4, $custom_4_set, $custom_4) : '', $custom_5_set ? custField(5, $custom_5_set, $custom_5) : '', $custom_6_set ? custField(6, $custom_6_set, $custom_6) : '', $custom_7_set ? custField(7, $custom_7_set, $custom_7) : '', $custom_8_set ? custField(8, $custom_8_set, $custom_8) : '', $custom_9_set ? custField(9, $custom_9_set, $custom_9) : '', $custom_10_set ? custField(10, $custom_10_set, $custom_10) : '', n . graf('<label for="keywords">' . gTxt('keywords') . '</label>' . sp . popHelp('keywords') . br . n . '<textarea id="keywords" name="Keywords" cols="18" rows="5">' . htmlspecialchars(str_replace(',', ', ', $Keywords)) . '</textarea>'), n . graf('<label for="article-image">' . gTxt('article_image') . '</label>' . sp . popHelp('article_image') . br . fInput('text', 'Image', $Image, 'edit', '', '', 22, '', 'article-image')), n . graf('<label for="url-title">' . gTxt('url_title') . '</label>' . sp . popHelp('url_title') . br . fInput('text', 'url_title', $url_title, 'edit', '', '', 22, '', 'url-title')), '</div>
<h3 class="plain"><a href="#recent" onclick="toggleDisplay(\'recent\'); return false;">' . gTxt('recent_articles') . '</a>' . '</h3>' . '<div id="recent" class="toggle" style="display:none">';
$recents = safe_rows_start("Title, ID", 'textpattern', "1=1 order by LastMod desc limit 10");
if ($recents) {
echo '<ul class="plain-list">';
while ($recent = nextRow($recents)) {
if (!$recent['Title']) {
$recent['Title'] = gTxt('untitled') . sp . $recent['ID'];
}
echo n . t . '<li><a href="?event=article' . a . 'step=edit' . a . 'ID=' . $recent['ID'] . '">' . escape_title($recent['Title']) . '</a></li>';
}
echo '</ul>';
}
echo '</div>';
} else {
echo sp;
}
echo '</td>' . n . '<td id="article-main">';
//-- title input --------------
if ($view == 'preview') {
echo hed(gTxt('preview'), 2) . hed($Title, 1);
} elseif ($view == 'html') {
echo hed('XHTML', 2) . hed($Title, 1);
} elseif ($view == 'text') {
echo n . '<p><label for="title">' . gTxt('title') . '</label>' . sp . popHelp('title') . br . '<input type="text" id="title" name="Title" value="' . escape_title($Title) . '" class="edit" size="40" tabindex="1" />';
if ($step != 'create') {
include_once txpath . '/publish/taghandlers.php';
$url = permlinkurl_id($ID);
if ($Status != 4 and $Status != 5) {
$url .= (strpos($url, '?') === FALSE ? '?' : '&') . 'txpreview=' . intval($ID) . '.' . time();
}
echo sp . sp . '<a href="' . $url . '" class="article-view">' . gTxt('view') . '</a>';
}
echo '</p>';
}
//-- body --------------------
if ($view == 'preview') {
if ($textile_body == USE_TEXTILE) {
echo $textile->TextileThis($Body);
} else {
if ($textile_body == CONVERT_LINEBREAKS) {
echo nl2br($Body);
} else {
if ($textile_body == LEAVE_TEXT_UNTOUCHED) {
echo $Body;
}
}
}
} elseif ($view == 'html') {
if ($textile_body == USE_TEXTILE) {
$bod = $textile->TextileThis($Body);
} else {
if ($textile_body == CONVERT_LINEBREAKS) {
$bod = nl2br($Body);
} else {
if ($textile_body == LEAVE_TEXT_UNTOUCHED) {
$bod = $Body;
}
}
}
echo tag(str_replace(array(n, t), array(br, sp . sp . sp . sp), htmlspecialchars($bod)), 'code');
} else {
echo n . graf('<label for="body">' . gTxt('body') . '</label>' . sp . popHelp('body') . br . '<textarea id="body" name="Body" cols="55" rows="31" tabindex="2">' . htmlspecialchars($Body) . '</textarea>');
}
//-- excerpt --------------------
if ($articles_use_excerpts) {
if ($view == 'text') {
echo n . graf('<label for="excerpt">' . gTxt('excerpt') . '</label>' . sp . popHelp('excerpt') . br . '<textarea id="excerpt" name="Excerpt" cols="55" rows="5" tabindex="3">' . htmlspecialchars($Excerpt) . '</textarea>');
} else {
echo n . '<hr width="50%" />';
echo $textile_excerpt == USE_TEXTILE ? $view == 'preview' ? graf($textile->textileThis($Excerpt)) : tag(str_replace(array(n, t), array(br, sp . sp . sp . sp), htmlspecialchars($textile->TextileThis($Excerpt))), 'code') : graf($Excerpt);
}
}
//-- author --------------
if ($view == "text" && $step != "create") {
echo '<p class="small">' . gTxt('posted_by') . ': ' . htmlspecialchars($AuthorID) . ' · ' . safe_strftime('%d %b %Y · %X', $sPosted);
if ($sPosted != $sLastMod) {
echo br . gTxt('modified_by') . ': ' . htmlspecialchars($LastModID) . ' · ' . safe_strftime('%d %b %Y · %X', $sLastMod);
}
echo '</p>';
}
echo hInput('from_view', $view), '</td>';
echo '<td id="article-tabs">';
//-- layer tabs -------------------
echo $use_textile == USE_TEXTILE || $textile_body == USE_TEXTILE ? '<ul>' . (tab('text', $view) . tab('html', $view) . tab('preview', $view)) . '</ul>' : ' ';
echo '</td>';
echo '<td id="article-col-2">';
if ($view == 'text') {
if ($step != 'create') {
echo n . graf(href(gtxt('create_new'), 'index.php?event=article'));
}
//-- prev/next article links --
if ($step != 'create' and ($prev_id or $next_id)) {
echo '<p>', $prev_id ? prevnext_link('‹' . gTxt('prev'), 'article', 'edit', $prev_id, gTxt('prev')) : '', $next_id ? prevnext_link(gTxt('next') . '›', 'article', 'edit', $next_id, gTxt('next')) : '', '</p>';
}
//-- status radios --------------
echo n . n . '<fieldset id="write-status">' . n . '<legend>' . gTxt('status') . '</legend>' . n . status_radio($Status) . n . '</fieldset>';
//-- category selects -----------
echo n . n . '<fieldset id="write-sort">' . n . '<legend>' . gTxt('sort_display') . '</legend>' . n . graf('<label for="category-1">' . gTxt('category1') . '</label> ' . '<span class="small">[' . eLink('category', '', '', '', gTxt('edit')) . ']</span>' . br . n . category_popup('Category1', $Category1, 'category-1')) . n . graf('<label for="category-2">' . gTxt('category2') . '</label>' . br . n . category_popup('Category2', $Category2, 'category-2'));
//-- section select --------------
if (!$from_view && !$pull) {
$Section = getDefaultSection();
}
echo n . graf('<label for="section">' . gTxt('section') . '</label> ' . '<span class="small">[' . eLink('section', '', '', '', gTxt('edit')) . ']</span>' . br . section_popup($Section, 'section')) . n . '</fieldset>' . n . n . '<h3 class="plain"><a href="#more" onclick="toggleDisplay(\'more\'); return false;">' . gTxt('more') . '</a></h3>', '<div id="more" class="toggle" style="display:none">';
//-- comments stuff --------------
if ($step == "create") {
//Avoiding invite disappear when previewing
$AnnotateInvite = !empty($store_out['AnnotateInvite']) ? $store_out['AnnotateInvite'] : $comments_default_invite;
if ($comments_on_default == 1) {
$Annotate = 1;
}
}
if ($use_comments == 1) {
echo n . n . '<fieldset id="write-comments">' . n . '<legend>' . gTxt('comments') . '</legend>';
$comments_expired = false;
if ($step != 'create' && $comments_disabled_after) {
$lifespan = $comments_disabled_after * 86400;
$time_since = time() - $sPosted;
if ($time_since > $lifespan) {
$comments_expired = true;
}
}
if ($comments_expired) {
echo n . n . graf(gTxt('expired'));
} else {
echo n . n . graf(onoffRadio('Annotate', $Annotate)) . n . n . graf('<label for="comment-invite">' . gTxt('comment_invitation') . '</label>' . br . fInput('text', 'AnnotateInvite', $AnnotateInvite, 'edit', '', '', '', '', 'comment-invite'));
}
echo n . n . '</fieldset>';
}
if ($step == "create" and empty($GLOBALS['ID'])) {
//-- timestamp -------------------
//Avoiding modified date to disappear
$persist_timestamp = !empty($store_out['year']) ? safe_strtotime($store_out['year'] . '-' . $store_out['month'] . '-' . $store_out['day'] . ' ' . $store_out['hour'] . ':' . $store_out['minute'] . ':' . $store_out['second']) : time();
echo n . n . '<fieldset id="write-timestamp">' . n . '<legend>' . gTxt('timestamp') . '</legend>' . n . graf(checkbox('publish_now', '1', $publish_now, '', 'publish_now') . '<label for="publish_now">' . gTxt('set_to_now') . '</label>') . n . graf(gTxt('or_publish_at') . sp . popHelp('timestamp')) . n . graf(gtxt('date') . sp . tsi('year', '%Y', $persist_timestamp) . ' / ' . tsi('month', '%m', $persist_timestamp) . ' / ' . tsi('day', '%d', $persist_timestamp)) . n . graf(gTxt('time') . sp . tsi('hour', '%H', $persist_timestamp) . ' : ' . tsi('minute', '%M', $persist_timestamp) . ' : ' . tsi('second', '%S', $persist_timestamp)) . n . '</fieldset>';
//-- expires -------------------
$persist_timestamp = !empty($store_out['exp_year']) ? safe_strtotime($store_out['exp_year'] . '-' . $store_out['exp_month'] . '-' . $store_out['exp_day'] . ' ' . $store_out['exp_hour'] . ':' . $store_out['exp_minute'] . ':' . $store_out['second']) : NULLDATETIME;
echo n . n . '<fieldset id="write-expires">' . n . '<legend>' . gTxt('expires') . '</legend>' . n . graf(gtxt('date') . sp . tsi('exp_year', '%Y', $persist_timestamp) . ' / ' . tsi('exp_month', '%m', $persist_timestamp) . ' / ' . tsi('exp_day', '%d', $persist_timestamp)) . n . graf(gTxt('time') . sp . tsi('exp_hour', '%H', $persist_timestamp) . ' : ' . tsi('exp_minute', '%M', $persist_timestamp) . ' : ' . tsi('exp_second', '%S', $persist_timestamp)) . n . '</fieldset>' . n . n . '</div>';
//-- publish button --------------
echo has_privs('article.publish') ? fInput('submit', 'publish', gTxt('publish'), "publish", '', '', '', 4) : fInput('submit', 'publish', gTxt('save'), "publish", '', '', '', 4);
} else {
//-- timestamp -------------------
if (!empty($year)) {
$sPosted = safe_strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second);
}
echo n . n . '<fieldset id="write-timestamp">' . n . '<legend>' . gTxt('timestamp') . '</legend>' . n . graf(checkbox('reset_time', '1', $reset_time, '', 'reset_time') . '<label for="reset_time">' . gTxt('reset_time') . '</label>') . n . graf(gTxt('published_at') . sp . popHelp('timestamp')) . n . graf(gtxt('date') . sp . tsi('year', '%Y', $sPosted) . ' / ' . tsi('month', '%m', $sPosted) . ' / ' . tsi('day', '%d', $sPosted)) . n . graf(gTxt('time') . sp . tsi('hour', '%H', $sPosted) . ' : ' . tsi('minute', '%M', $sPosted) . ' : ' . tsi('second', '%S', $sPosted)) . n . hInput('sPosted', $sPosted), n . hInput('sLastMod', $sLastMod), n . hInput('AuthorID', $AuthorID), n . hInput('LastModID', $LastModID), n . '</fieldset>';
//-- expires -------------------
if (!empty($exp_year)) {
if (empty($exp_month)) {
$exp_month = 1;
}
if (empty($exp_day)) {
$exp_day = 1;
}
if (empty($exp_hour)) {
$exp_hour = 0;
}
if (empty($exp_minute)) {
$exp_minute = 0;
}
if (empty($exp_second)) {
$exp_second = 0;
}
$sExpires = safe_strtotime($exp_year . '-' . $exp_month . '-' . $exp_day . ' ' . $exp_hour . ':' . $exp_minute . ':' . $exp_second);
}
echo n . n . '<fieldset id="write-expires">' . n . '<legend>' . gTxt('expires') . '</legend>' . n . graf(gtxt('date') . sp . tsi('exp_year', '%Y', $sExpires) . ' / ' . tsi('exp_month', '%m', $sExpires) . ' / ' . tsi('exp_day', '%d', $sExpires)) . n . graf(gTxt('time') . sp . tsi('exp_hour', '%H', $sExpires) . ' : ' . tsi('exp_minute', '%M', $sExpires) . ' : ' . tsi('exp_second', '%S', $sExpires)) . n . hInput('sExpires', $sExpires) . n . '</fieldset>' . n . n . '</div>';
//-- save button --------------
if ($Status >= 4 and has_privs('article.edit.published') or $Status >= 4 and $AuthorID == $txp_user and has_privs('article.edit.own.published') or $Status < 4 and has_privs('article.edit') or $Status < 4 and $AuthorID == $txp_user and has_privs('article.edit.own')) {
echo fInput('submit', 'save', gTxt('save'), "publish", '', '', '', 4);
}
}
}
echo '</td></tr></table></form>';
}
function atom()
{
global $thisarticle;
extract($GLOBALS['prefs']);
define("t_texthtml", ' type="text/html"');
define("t_text", ' type="text"');
define("t_html", ' type="html"');
define("t_xhtml", ' type="xhtml"');
define('t_appxhtml', ' type="xhtml"');
define("r_relalt", ' rel="alternate"');
define("r_relself", ' rel="self"');
$area = doSlash(gps('area'));
extract(doSlash(gpsa(array('category', 'section', 'limit'))));
$last = fetch('unix_timestamp(val)', 'txp_prefs', 'name', 'lastmod');
$sitename .= $section ? ' - ' . $section : '';
$sitename .= $category ? ' - ' . $category : '';
$pub = safe_row("RealName, email", "txp_users", "privs=1");
$out[] = tag(escape_output($sitename), 'title', t_text);
$out[] = tag(escape_output($site_slogan), 'subtitle', t_text);
$out[] = '<link' . r_relself . ' href="' . pagelinkurl(array('atom' => 1, 'area' => $area, 'section' => $section, 'category' => $category, 'limit' => $limit)) . '" />';
$out[] = '<link' . r_relalt . t_texthtml . ' href="' . hu . '" />';
$articles = array();
//Atom feeds with mail or domain name
$dn = explode('/', $siteurl);
$mail_or_domain = $use_mail_on_feeds_id ? eE($blog_mail_uid) : $dn[0];
$out[] = tag('tag:' . $mail_or_domain . ',' . $blog_time_uid . ':' . $blog_uid . ($section ? '/' . $section : '') . ($category ? '/' . $category : ''), 'id');
$out[] = tag('Textpattern', 'generator', ' uri="http://textpattern.com/" version="' . $version . '"');
$out[] = tag(safe_strftime("w3cdtf", $last), 'updated');
$auth[] = tag($pub['RealName'], 'name');
$auth[] = $include_email_atom ? tag(eE($pub['email']), 'email') : '';
$auth[] = tag(hu, 'uri');
$out[] = tag(n . t . t . join(n . t . t, $auth) . n, 'author');
if (!$area or $area == 'article') {
$sfilter = $section ? "and Section = '" . $section . "'" : '';
$cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : '';
$limit = $limit ? $limit : $rss_how_many;
$limit = intval(min($limit, max(100, $rss_how_many)));
$frs = safe_column("name", "txp_section", "in_rss != '1'");
$query = array();
foreach ($frs as $f) {
$query[] = "and Section != '" . doSlash($f) . "'";
}
$query[] = $sfilter;
$query[] = $cfilter;
$rs = safe_rows_start("*, \n\t\t\t\tID as thisid, \n\t\t\t\tunix_timestamp(Posted) as uPosted,\n\t\t\t\tunix_timestamp(LastMod) as uLastMod", "textpattern", "Status=4 and Posted <= now() " . join(' ', $query) . "order by Posted desc limit {$limit}");
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
populateArticleData($a);
$cb = callback_event('atom_entry');
$e = array();
$a['posted'] = $uPosted;
if ($show_comment_count_in_feed) {
$count = $comments_count > 0 ? ' [' . $comments_count . ']' : '';
} else {
$count = '';
}
$thisauthor = get_author_name($AuthorID);
$e['thisauthor'] = tag(n . t . t . t . tag(htmlspecialchars($thisauthor), 'name') . n . t . t, 'author');
$e['issued'] = tag(safe_strftime('w3cdtf', $uPosted), 'published');
$e['modified'] = tag(safe_strftime('w3cdtf', $uLastMod), 'updated');
$escaped_title = escape_output($Title);
$e['title'] = tag($escaped_title . $count, 'title', t_html);
$permlink = permlinkurl($a);
$e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $permlink . '" />';
$e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $blog_uid . '/' . $uid, 'id');
$e['category1'] = trim($Category1) ? '<category term="' . htmlspecialchars($Category1) . '" />' : '';
$e['category2'] = trim($Category2) ? '<category term="' . htmlspecialchars($Category2) . '" />' : '';
$summary = trim(replace_relative_urls(parse($thisarticle['excerpt']), $permlink));
$content = trim(replace_relative_urls(parse($thisarticle['body']), $permlink));
if ($syndicate_body_or_excerpt) {
# short feed: use body as summary if there's no excerpt
if (!trim($summary)) {
$summary = $content;
}
$content = '';
}
if (trim($content)) {
$e['content'] = tag(n . escape_cdata($content) . n, 'content', t_html);
}
if (trim($summary)) {
$e['summary'] = tag(n . escape_cdata($summary) . n, 'summary', t_html);
}
$articles[$ID] = tag(n . t . t . join(n . t . t, $e) . n . $cb, 'entry');
$etags[$ID] = strtoupper(dechex(crc32($articles[$ID])));
$dates[$ID] = $uLastMod;
}
}
} elseif ($area == 'link') {
$cfilter = $category ? "category='" . $category . "'" : '1';
$limit = $limit ? $limit : $rss_how_many;
$limit = intval(min($limit, max(100, $rss_how_many)));
$rs = safe_rows_start("*", "txp_link", "{$cfilter} order by date desc, id desc limit {$limit}");
if ($rs) {
while ($a = nextRow($rs)) {
extract($a);
$e['title'] = tag(htmlspecialchars($linkname), 'title', t_html);
$e['content'] = tag(n . htmlspecialchars($description) . n, 'content', t_html);
$url = preg_replace("/^\\/(.*)/", "https?://{$siteurl}/\$1", $url);
$url = preg_replace("/&((?U).*)=/", "&\\1=", $url);
$e['link'] = '<link' . r_relalt . t_texthtml . ' href="' . $url . '" />';
$e['issued'] = tag(safe_strftime('w3cdtf', strtotime($date)), 'published');
$e['modified'] = tag(gmdate('Y-m-d\\TH:i:s\\Z', strtotime($date)), 'updated');
$e['id'] = tag('tag:' . $mail_or_domain . ',' . $feed_time . ':' . $id, 'id');
$articles[$id] = tag(n . t . t . join(n . t . t, $e) . n, 'entry');
$etags[$id] = strtoupper(dechex(crc32($articles[$id])));
$dates[$id] = $date;
}
}
}
if (!empty($articles)) {
//turn on compression if we aren't using it already
if (extension_loaded('zlib') && ini_get("zlib.output_compression") == 0 && ini_get('output_handler') != 'ob_gzhandler' && !headers_sent()) {
@ob_start("ob_gzhandler");
}
handle_lastmod();
$hims = serverset('HTTP_IF_MODIFIED_SINCE');
$imsd = $hims ? strtotime($hims) : 0;
if ($imsd >= $last) {
txp_status_header("304 Not Modified");
exit;
}
header("Last-Modified: " . gmdate('D, d M Y H:i:s \\G\\M\\T', $last));
if (is_callable('apache_request_headers')) {
$headers = apache_request_headers();
if (isset($headers["A-IM"])) {
$canaim = strpos($headers["A-IM"], "feed");
} else {
$canaim = false;
}
} else {
$canaim = false;
}
$hinm = stripslashes(serverset('HTTP_IF_NONE_MATCH'));
$cutarticles = false;
if ($canaim !== false) {
foreach ($articles as $id => $thing) {
if (strpos($hinm, $etags[$id])) {
unset($articles[$id]);
$cutarticles = true;
$cut_etag = true;
}
if ($dates[$id] < $imsd) {
unset($articles[$id]);
$cutarticles = true;
$cut_time = true;
}
}
}
if (isset($cut_etag) && isset($cut_time)) {
header("Vary: If-None-Match, If-Modified-Since");
} else {
if (isset($cut_etag)) {
header("Vary: If-None-Match");
} else {
if (isset($cut_time)) {
header("Vary: If-Modified-Since");
}
}
}
$etag = @join("-", $etags);
if (strstr($hinm, $etag)) {
header("HTTP/1.1 304 Not Modified");
exit;
}
if ($etag) {
header('ETag: "' . $etag . '"');
}
if ($cutarticles) {
//header("HTTP/1.1 226 IM Used");
//This should be used as opposed to 200, but Apache doesn't like it.
//http://intertwingly.net/blog/2004/09/11/Vary-ETag/ says that the status code should be 200.
header("Cache-Control: no-store, im");
header("IM: feed");
}
$out = array_merge($out, $articles);
header('Content-type: application/atom+xml; charset=utf-8');
return chr(60) . '?xml version="1.0" encoding="UTF-8"?' . chr(62) . n . '<feed xml:lang="' . $language . '" xmlns="http://www.w3.org/2005/Atom">' . join(n, $out) . '</feed>';
}
}
/**
* Lookup live article by date and URL title
*
* @param string $when date wildcard
* @param string $title URL title
* @param string $debug
* @return array|bool
*/
function lookupByDateTitle($when, $title, $debug = '')
{
return safe_row("ID,Section", "textpattern", "posted like '" . doSlash($when) . "%' and url_title like '" . doSlash($title) . "' and Status >= 4 limit 1");
}
function doImportMTDB($mt_dblogin, $mt_db, $mt_dbpass, $mt_dbhost, $blog_id, $insert_into_section, $insert_with_status, $default_comment_invite)
{
global $txpcfg;
//Keep some response on some part
$results = array();
//Avoid left joins
$authors_map = array();
$categories_map = array();
// let's go - Dean says ;-).
$mtlink = mysql_connect($mt_dbhost, $mt_dblogin, $mt_dbpass, true);
if (!$mtlink) {
return 'mt database values don’t work. Please replace them and try again';
}
mysql_select_db($mt_db, $mtlink);
$results[] = 'connected to mt database. Importing Data';
sleep(2);
$a = mysql_query("\n\t\t\tselect\n\t\t\tauthor_id as user_id,\n\t\t\tauthor_nickname as name,\n\t\t\tauthor_name as RealName,\n\t\t\tauthor_email as email,\n\t\t\tauthor_password as pass\n\t\t\tfrom mt_author\n\t\t", $mtlink);
while ($b = mysql_fetch_assoc($a)) {
$authors[] = $b;
}
$a = mysql_query("\n\t\t\tselect\n\t\t\tmt_entry.entry_id as ID,\n\t\t\tmt_entry.entry_text as Body,\n\t\t\tmt_entry.entry_text_more as Body2,\n\t\t\tmt_entry.entry_title as Title,\n\t\t\tmt_entry.entry_excerpt as Excerpt,\n\t\t\tmt_entry.entry_keywords as Keywords,\n\t\t\tmt_entry.entry_created_on as Posted,\n\t\t\tmt_entry.entry_modified_on as LastMod,\n\t\t\tmt_entry.entry_author_id as AuthorID\n\t\t\tfrom mt_entry\n\t\t\twhere entry_blog_id = '{$blog_id}'\n\t\t", $mtlink);
$results[] = mysql_error();
while ($b = mysql_fetch_assoc($a)) {
$cat = mysql_query("select placement_category_id as category_id from mt_placement where placement_entry_id='{$b['ID']}'");
while ($cat_id = mysql_fetch_row($cat)) {
$categories[] = $cat_id[0];
}
if (!empty($categories[0])) {
$b['Category1'] = $categories[0];
}
if (!empty($categories[1])) {
$b['Category2'] = $categories[1];
}
unset($categories);
//Trap comments for each article
$comments = array();
$q = "\n\t\t\t\tselect\n\t\t\t\tmt_comment.comment_id as discussid,\n\t\t\t\tmt_comment.comment_ip as ip,\n\t\t\t\tmt_comment.comment_author as name,\n\t\t\t\tmt_comment.comment_email as email,\n\t\t\t\tmt_comment.comment_url as web,\n\t\t\t\tmt_comment.comment_text as message,\n\t\t\t\tmt_comment.comment_created_on as posted\n\t\t\t\tfrom mt_comment where comment_blog_id = '{$blog_id}' AND comment_entry_id='{$b['ID']}'\n\t\t\t";
$c = mysql_query($q, $mtlink);
while ($d = mysql_fetch_assoc($c)) {
$comments[] = $d;
}
//Attach comments to article
$b['comments'] = $comments;
unset($comments);
//Article finished
$articles[] = $b;
}
$a = mysql_query("\n\t\t\tselect category_id,category_label from mt_category where category_blog_id='{$blog_id}'\n\t\t", $mtlink);
while ($b = mysql_fetch_assoc($a)) {
$categories_map[$b['category_id']] = $b['category_label'];
}
mysql_close($mtlink);
//Yes, we have to make a new connection
//otherwise doArray complains
$DB = new DB();
include txpath . '/lib/classTextile.php';
$textile = new Textile();
if (!empty($authors)) {
foreach ($authors as $author) {
extract($author);
$name = empty($name) ? $RealName : $name;
$authors_map[$user_id] = $name;
$authorid = safe_field('user_id', 'txp_users', "name = '" . doSlash($name) . "'");
if (!$authorid) {
//Add new authors
$q = safe_insert("txp_users", "\n\t\t\t\t\t\tname = '" . doSlash($RealName) . "',\n\t\t\t\t\t\temail = '" . doSlash($email) . "',\n\t\t\t\t\t\tpass = '******',\n\t\t\t\t\t\tRealName = '" . doSlash($RealName) . "',\n\t\t\t\t\t\tprivs='1'");
if ($q) {
$results[] = 'inserted ' . $RealName . ' into txp_users';
} else {
$results[] = mysql_error();
}
}
}
}
if (!empty($categories_map)) {
foreach ($categories_map as $category) {
$category = doSlash($category);
$rs = safe_row('id', 'txp_category', "name='{$category}' and type='article'");
if (!$rs) {
$q = safe_insert("txp_category", "name='{$category}',type='article',parent='root'");
if ($q) {
$results[] = 'inserted ' . stripslashes($category) . ' into txp_category';
} else {
$results[] = mysql_error();
}
}
}
}
if (!empty($articles)) {
foreach ($articles as $article) {
extract($article);
$Body .= trim($Body2) ? "\n\n" . $Body2 : '';
$Body_html = $textile->textileThis($Body);
$Excerpt_html = $textile->textileThis($Excerpt);
$Title = $textile->textileThis($Title, 1);
$Category1 = !empty($Category1) ? doSlash($Category1) : '';
$AuthorID = !empty($authors_map[$AuthorID]) ? doSlash($authors_map[$AuthorID]) : '';
$insertID = safe_insert("textpattern", "\n\t\t\t\t\tID \t = '{$ID}',\n\t\t\t\t\tPosted = '{$Posted}',\n\t\t\t\t\tLastMod = '{$LastMod}',\n\t\t\t\t\tTitle = '" . doSlash($Title) . "',\n\t\t\t\t\tBody = '" . doSlash($Body) . "',\n\t\t\t\t\tExcerpt\t\t = '" . doSlash($Excerpt) . "',\n\t\t\t\t\tExcerpt_html = '" . doSlash($Excerpt_html) . "',\n\t\t\t\t\tKeywords\t = '" . doSlash($Keywords) . "',\n\t\t\t\t\tBody_html = '" . doSlash($Body_html) . "',\n\t\t\t\t\tAuthorID = '{$AuthorID}',\n\t\t\t\t\tCategory1 = '{$Category1}',\n\t\t\t\t\tAnnotateInvite = '" . doSlash($default_comment_invite) . "',\n\t\t\t\t\tSection = '" . doSlash($insert_into_section) . "',\n\t\t\t\t\tuid = '" . md5(uniqid(rand(), true)) . "',\n\t\t\t\t\tfeed_time = '" . substr($Posted, 0, 10) . "',\n\t\t\t\t\tStatus = '{$insert_with_status}'\n\t\t\t\t");
if ($insertID) {
$results[] = 'inserted MT entry ' . strong($Title) . ' into Textpattern as article ' . strong($insertID) . '';
//Do coment for article
if (!empty($comments) && is_array($comments)) {
foreach ($comments as $comment) {
extract($comment);
$message = nl2br($message);
$commentID = safe_insert("txp_discuss", "\n\t\t\t\t\t\t\t\tdiscussid = {$discussid},\n\t\t\t\t\t\t\t\tparentid = {$insertID},\n\t\t\t\t\t\t\t\tname = '" . doSlash($name) . "',\n\t\t\t\t\t\t\t\temail = '" . doSlash($email) . "',\n\t\t\t\t\t\t\t\tweb = '" . doSlash($web) . "',\n\t\t\t\t\t\t\t\tmessage = '" . doSlash($message) . "',\n\t\t\t\t\t\t\t\tip = '{$ip}',\n\t\t\t\t\t\t\t\tposted = '{$posted}',\n\t\t\t\t\t\t\t\tvisible = 1");
if ($commentID) {
$results[] = 'inserted MT comment ' . $commentID . ' for article ' . $insertID . ' into txp_discuss';
} else {
$results[] = mysql_error();
}
}
}
} else {
$results[] = mysql_error();
}
}
}
return join('<br />', $results);
}
function ignMail($to_address, $subject, $body, $reply_to = null, $from = '')
{
global $txp_user, $prefs, $ign_user_db;
if (isset($txp_user)) {
// Likely sending passwords
extract(safe_row("RealName, email", "txp_users", "name = '{$txp_user}'"));
} else {
// Likely sending comments -> "to" equals "from"
// extract(safe_row("RealName, email", $ign_user_db, "email = '$to_address'"));
$RealName = "Site Administrator";
$h = parse_url(hu);
$email = 'no-reply@' . $h['host'];
}
if ($prefs['override_emailcharset']) {
$charset = 'ISO-8599-1';
if (is_callable('utf8_decode')) {
$RealName = utf8_decode($RealName);
$subject = utf8_decode($subject);
$body = utf8_decode($body);
$to_address = utf8_decode($to_address);
if (!is_null($reply_to)) {
$reply_to = utf8_decode($reply_to);
}
}
} else {
$charset = 'UTF-8';
}
$RealName = strip_rn($RealName);
$subject = strip_rn($subject);
$email = strip_rn($email);
if (!is_null($reply_to)) {
$reply_to = strip_rn($reply_to);
}
if (!is_callable('mail')) {
if (txpinterface == 'admin' && $GLOBALS['production_status'] != 'live') {
echo tag(gTxt('warn_mail_unavailable'), 'p', ' style="color:red;" ');
}
return false;
} else {
return mail($to_address, $subject, $body, "From: {$RealName} <{$email}>\r\n" . "Reply-To: " . (isset($reply_to) ? $reply_to : "{$RealName} <{$email}>") . "\r\n" . "X-Mailer: Textpattern\r\n" . "Content-Transfer-Encoding: 8bit\r\n" . "Content-Type: text/plain; charset=\"{$charset}\"\r\n");
}
}
/**
* User editor panel.
*
* Accessing requires 'admin.edit' privileges.
*/
function author_edit()
{
global $step, $txp_user;
require_privs('admin.edit');
pagetop(gTxt('tab_site_admin'), '');
$vars = array('user_id', 'name', 'RealName', 'email', 'privs');
$rs = array();
$out = array();
extract(gpsa($vars));
$is_edit = $user_id && $step == 'author_edit';
if ($is_edit) {
$user_id = assert_int($user_id);
$rs = safe_row('*', 'txp_users', "user_id = {$user_id}");
extract($rs);
}
if ($is_edit) {
$out[] = hed(gTxt('edit_author'), 2);
} else {
$out[] = hed(gTxt('add_new_author'), 2);
}
if ($is_edit) {
$out[] = inputLabel('login_name', strong(txpspecialchars($name)));
} else {
$out[] = inputLabel('login_name', fInput('text', 'name', $name, '', '', '', INPUT_REGULAR, '', 'login_name'), 'login_name', 'add_new_author');
}
$out[] = inputLabel('real_name', fInput('text', 'RealName', $RealName, '', '', '', INPUT_REGULAR, '', 'real_name'), 'real_name') . inputLabel('login_email', fInput('email', 'email', $email, '', '', '', INPUT_REGULAR, '', 'login_email'), 'email');
if ($txp_user != $name) {
$out[] = inputLabel('privileges', privs($privs), 'privileges', 'about_privileges');
} else {
$out[] = inputLabel('privileges', strong(get_priv_level($privs))) . hInput('privs', $privs);
}
$out[] = pluggable_ui('author_ui', 'extend_detail_form', '', $rs) . graf(fInput('submit', '', gTxt('save'), 'publish')) . eInput('admin');
if ($user_id) {
$out[] = hInput('user_id', $user_id) . hInput('name', $name) . sInput('author_save');
} else {
$out[] = sInput('author_save_new');
}
echo form(n . tag(join('', $out) . n, 'section', array('class' => 'txp-edit')), '', '', 'post', 'edit-form', '', 'user_edit');
}
function author_form()
{
global $step, $txp_user;
$vars = array('user_id', 'name', 'RealName', 'email', 'privs');
extract(gpsa($vars));
if ($user_id && $step == 'author_edit') {
$user_id = assert_int($user_id);
extract(safe_row('*', 'txp_users', "user_id = {$user_id}"));
}
if ($step == 'author_save' or $step == 'author_save_new') {
foreach ($vars as $var) {
${$var} = '';
}
}
$caption = gTxt($step == 'author_edit' ? 'edit_author' : 'add_new_author');
return form(hed($caption, 3, ' style="text-align: center;"') . startTable('edit') . tr(fLabelCell('login_name') . ($user_id && $step == 'author_edit' ? td(strong($name)) : fInputCell('name', $name))) . tr(fLabelCell('real_name') . fInputCell('RealName', $RealName)) . tr(fLabelCell('email') . fInputCell('email', $email)) . tr(fLabelCell('privileges') . td(($txp_user != $name ? privs($privs) : hInput('privs', $privs) . strong(get_priv_level($privs))) . sp . popHelp('about_privileges'))) . tr(td() . td(fInput('submit', '', gTxt('save'), 'publish') . ($user_id ? '' : sp . popHelp('add_new_author')))) . endTable() . eInput('admin') . ($user_id ? hInput('user_id', $user_id) . sInput('author_save') : sInput('author_save_new')));
}
function txp_thumb($id)
{
$rs = safe_row("*", "txp_image", "id='{$id}' limit 1");
if ($rs) {
// dmp ($rs);
extract($rs);
$this->m_ext = $ext;
$this->m_id = $id;
}
$this->wet_thumb();
// construct base class instance
}
function article_edit($message = "")
{
global $txpcfg, $txp_user, $vars;
extract(get_prefs());
extract(gpsa(array('view', 'from_view', 'step')));
if (!empty($GLOBALS['ID'])) {
// newly-saved article
$ID = intval($GLOBALS['ID']);
$step = 'edit';
} else {
$ID = gps('ID');
}
include_once $txpcfg['txpath'] . '/lib/classTextile.php';
$textile = new Textile();
if (!$view) {
$view = "text";
}
if (!$step) {
$step = "create";
}
if ($step == "edit" && $view == "text" && !empty($ID) && $from_view != "preview" && $from_view != 'html') {
$pull = true;
//-- it's an existing article - off we go to the db
$rs = safe_row("*, unix_timestamp(Posted) as sPosted,\n\t\t\t\tunix_timestamp(LastMod) as sLastMod", "textpattern", "ID={$ID}");
extract($rs);
if ($AnnotateInvite != $comments_default_invite) {
$AnnotateInvite = $AnnotateInvite;
} else {
$AnnotateInvite = $comments_default_invite;
}
} else {
$pull = false;
//-- assume they came from post
if (!$from_view or $from_view == 'text') {
extract(gpsa($vars));
} elseif ($from_view == 'preview' or $from_view == 'html') {
// coming from either html or preview
if (isset($_POST['store'])) {
$store = unserialize(base64_decode($_POST['store']));
extract($store);
}
}
foreach ($vars as $var) {
if (isset(${$var})) {
$store_out[$var] = ${$var};
}
}
}
$GLOBALS['step'] = $step;
if ($step == 'create') {
$textile_body = 1;
$textile_excerpt = 1;
}
if ($step != 'create') {
// Previous record?
$prev_id = checkIfNeighbour('prev', $sPosted);
// Next record?
$next_id = checkIfNeighbour('next', $sPosted);
}
pagetop($Title, $message);
echo '<form action="index.php" method="post" name="article">';
if (!empty($store_out)) {
echo hInput('store', base64_encode(serialize($store_out)));
}
echo hInput('ID', $ID), eInput('article'), sInput($step);
echo '<input type="hidden" name="view" />', startTable('edit');
echo '<tr><td> </td><td colspan="3">', $view == 'preview' ? hed(ucfirst(gTxt('preview')), 2) . graf($Title) : '', $view == 'html' ? hed('XHTML', 2) . graf($Title) : '', $view == 'text' ? br . '<input type="text" name="Title" value="' . cleanfInput($Title) . '" class="edit" size="40" tabindex="1" />' : '', '</td></tr>';
//-- article input --------------
echo '<tr>
<td valign="top">', $view == 'text' && $use_textile == 2 ? '<p><a href="#" onclick="toggleDisplay(\'textile_help\');">' . gTxt('textile_help') . '</a></p>
<div id="textile_help" style="display:none;">' . sidehelp() . '</div>' : sp;
if ($view == 'text') {
echo '<p><a href="#" onclick="toggleDisplay(\'advanced\');">' . gTxt('advanced_options') . '</a></p>', '<div id="advanced" style="display:none;">', graf(gTxt('use_textile') . br . tag(checkbox2('textile_body', $textile_body) . gTxt('article'), 'label') . br . tag(checkbox2('textile_excerpt', $textile_excerpt) . gTxt('excerpt'), 'label')), $allow_form_override ? graf(gTxt('override_default_form') . br . form_pop($override_form) . popHelp('override_form')) : '', $custom_1_set ? custField(1, $custom_1_set, $custom_1) : '', $custom_2_set ? custField(2, $custom_2_set, $custom_2) : '', $custom_3_set ? custField(3, $custom_3_set, $custom_3) : '', $custom_4_set ? custField(4, $custom_4_set, $custom_4) : '', $custom_5_set ? custField(5, $custom_5_set, $custom_5) : '', $custom_6_set ? custField(6, $custom_6_set, $custom_6) : '', $custom_7_set ? custField(7, $custom_7_set, $custom_7) : '', $custom_8_set ? custField(8, $custom_8_set, $custom_8) : '', $custom_9_set ? custField(9, $custom_9_set, $custom_9) : '', $custom_10_set ? custField(10, $custom_10_set, $custom_10) : '', graf(gTxt('keywords') . popHelp('keywords') . br . '<textarea name="Keywords" style="width:100px;height:80px" rows="1" cols="1">' . $Keywords . '</textarea>'), graf(gTxt('article_image') . popHelp('article_image') . br . fInput('text', 'Image', $Image, 'edit')), graf(gTxt('url_title') . popHelp('url_title') . br . fInput('text', 'url_title', $url_title, 'edit')) . '</div>
<p><a href="#" onclick="toggleDisplay(\'recent\');">' . gTxt('recent_articles') . '</a>' . '</p>' . '<div id="recent" style="display:none;">';
$recents = safe_rows_start("Title, ID", 'textpattern', "1 order by LastMod desc limit 10");
if ($recents) {
echo '<p>';
while ($recent = nextRow($recents)) {
extract($recent);
if (!$Title) {
$Title = gTxt('untitled') . sp . $ID;
}
echo '<a href="?event=article' . a . 'step=edit' . a . 'ID=' . $ID . '">' . $Title . '</a>' . br . n;
}
echo '</p>';
}
echo '</div>';
} else {
echo sp;
}
echo '</td>
<td valign="top" style="width:400px">';
if ($view == "preview") {
if ($use_textile == 2) {
echo $textile->TextileThis($Body);
} else {
if ($use_textile == 1) {
echo nl2br($Body);
} else {
if ($use_textile == 0) {
echo $Body;
}
}
}
} elseif ($view == "html") {
if ($use_textile == 2) {
$bod = $textile->TextileThis($Body);
} else {
if ($use_textile == 1) {
$bod = nl2br($Body);
} else {
if ($use_textile == 0) {
$bod = $Body;
}
}
}
echo tag(str_replace(array(n, t), array(br, sp . sp . sp . sp), htmlspecialchars($bod)), 'code');
} else {
echo '<textarea style="width:400px;height:420px" rows="1" cols="1" name="Body" tabindex="2">', htmlspecialchars($Body), '</textarea>';
}
//-- excerpt --------------------
if ($articles_use_excerpts) {
if ($view == 'text') {
$Excerpt = str_replace("&", "&", htmlspecialchars($Excerpt));
echo graf(gTxt('excerpt') . popHelp('excerpt') . br . '<textarea style="width:400px;height:50px" rows="1" cols="1" name="Excerpt" tabindex="3">' . $Excerpt . '</textarea>');
} else {
echo '<hr width="50%" />';
echo $textile_excerpt ? $view == 'preview' ? graf($textile->textileThis($Excerpt), 1) : tag(str_replace(array(n, t), array(br, sp . sp . sp . sp), htmlspecialchars($textile->TextileThis($Excerpt), 1)), 'code') : graf($Excerpt);
}
}
//-- author --------------
if ($view == "text" && $step != "create") {
echo "<p><small>" . gTxt('posted_by') . " {$AuthorID}: ", date("H:i, d M y", $sPosted + tz_offset());
if ($sPosted != $sLastMod) {
echo br . gTxt('modified_by') . " {$LastModID}: ", date("H:i, d M y", $sLastMod + tz_offset());
}
echo '</small></p>';
}
echo hInput('from_view', $view), '</td>';
echo '<td valign="top" align="left" width="20">';
//-- layer tabs -------------------
echo $use_textile == 2 ? tab('text', $view) . tab('html', $view) . tab('preview', $view) : ' ';
echo '</td>';
?>
<td width="200" valign="top" style="padding-left:10px" align="left" id="articleside">
<?php
//-- prev/next article links --
if ($view == 'text') {
if ($step != 'create' and ($prev_id or $next_id)) {
echo '<p>', $prev_id ? prevnext_link('‹' . gTxt('prev'), 'article', 'edit', $prev_id, gTxt('prev')) : '', $next_id ? prevnext_link(gTxt('next') . '›', 'article', 'edit', $next_id, gTxt('next')) : '', '</p>';
}
}
//-- status radios --------------
echo $view == 'text' ? n . graf(status_radio($Status)) . n : '';
//-- category selects -----------
echo $view == 'text' ? graf(gTxt('categorize') . ' [' . eLink('category', '', '', '', gTxt('edit')) . ']' . br . category_popup('Category1', $Category1) . category_popup('Category2', $Category2)) : '';
//-- section select --------------
if (!$from_view && !$pull) {
$Section = getDefaultSection();
}
echo $view == 'text' ? graf(gTxt('section') . ' [' . eLink('section', '', '', '', gTxt('edit')) . ']' . br . section_popup($Section)) : '';
//-- comments stuff --------------
if ($step == "create") {
//Avoiding invite disappear when previewing
$AnnotateInvite = !empty($store_out['AnnotateInvite']) ? $store_out['AnnotateInvite'] : $comments_default_invite;
if ($comments_on_default == 1) {
$Annotate = 1;
}
}
echo $use_comments == 1 && $view == 'text' ? graf(gTxt('comments') . onoffRadio("Annotate", $Annotate) . '<br />' . gTxt('comment_invitation') . '<br />' . fInput('text', 'AnnotateInvite', $AnnotateInvite, 'edit')) : '';
//-- timestamp -------------------
if ($step == "create" and empty($GLOBALS['ID'])) {
if ($view == 'text') {
//Avoiding modified date to disappear
$persist_timestamp = !empty($store_out['year']) ? mktime($store_out['hour'], $store_out['minute'], '00', $store_out['month'], $store_out['day'], $store_out['year']) : time();
echo graf(tag(checkbox('publish_now', '1') . gTxt('set_to_now'), 'label')), '<p>', gTxt('or_publish_at'), popHelp("timestamp"), br, tsi('year', 'Y', $persist_timestamp), tsi('month', 'm', $persist_timestamp), tsi('day', 'd', $persist_timestamp), sp, tsi('hour', 'H', $persist_timestamp), ':', tsi('minute', 'i', $persist_timestamp), '</p>';
}
//-- publish button --------------
if ($view == 'text') {
echo has_privs('article.publish') ? fInput('submit', 'publish', gTxt('publish'), "publish") : fInput('submit', 'publish', gTxt('save'), "publish");
}
} else {
if ($view == 'text') {
echo '<p>', gTxt('published_at'), popHelp("timestamp"), br, tsi('year', 'Y', $sPosted, 5), tsi('month', 'm', $sPosted, 6), tsi('day', 'd', $sPosted, 7), sp, tsi('hour', 'H', $sPosted, 8), ':', tsi('minute', 'i', $sPosted, 9), '</p>', hInput('sPosted', $sPosted), hInput('sLastMod', $sLastMod), hInput('AuthorID', $AuthorID), hInput('LastModID', $LastModID), graf(checkbox('reset_time', '1', 0) . gTxt('reset_time'));
}
//-- save button --------------
if ($view == 'text') {
if ($Status >= 4 and has_privs('article.edit.published') or $Status >= 4 and $AuthorID == $txp_user and has_privs('article.edit.own.published') or $Status < 4 and has_privs('article.edit') or $Status < 4 and $AuthorID == $txp_user and has_privs('article.edit.own')) {
echo fInput('submit', 'save', gTxt('save'), "publish");
}
}
}
echo '</td></tr></table></form>';
}
/**
* Constructor.
*
* @param int $id The Image id.
*/
public function __construct($id)
{
$id = assert_int($id);
$rs = safe_row("*", 'txp_image', "id = {$id} LIMIT 1");
if ($rs) {
extract($rs);
$this->m_ext = $ext;
$this->m_id = $id;
}
parent::__construct();
}
function mail_comment($message, $cname, $cemail, $cweb, $parentid, $discussid)
{
global $sitename;
$parentid = assert_int($parentid);
$discussid = assert_int($discussid);
$article = safe_row("Section, Posted, ID, url_title, AuthorID, Title", "textpattern", "ID = {$parentid}");
extract($article);
extract(safe_row("RealName, email", "txp_users", "name = '" . doSlash($AuthorID) . "'"));
$evaluator =& get_comment_evaluator();
$out = gTxt('greeting') . " {$RealName}," . n . n;
$out .= str_replace('{title}', $Title, gTxt('comment_recorded')) . n;
$out .= permlinkurl_id($parentid) . n;
if (has_privs('discuss', $AuthorID)) {
$out .= hu . 'textpattern/index.php?event=discuss&step=discuss_edit&discussid=' . $discussid . n;
}
$out .= gTxt('status') . ": " . $evaluator->get_result('text') . '. ' . implode(',', $evaluator->get_result_message()) . n;
$out .= n;
$out .= gTxt('comment_name') . ": {$cname}" . n;
$out .= gTxt('comment_email') . ": {$cemail}" . n;
$out .= gTxt('comment_web') . ": {$cweb}" . n;
$out .= gTxt('comment_comment') . ": {$message}";
$subject = strtr(gTxt('comment_received'), array('{site}' => $sitename, '{title}' => $Title));
$success = txpMail($email, $subject, $out, $cemail);
}
function fetch_section_description($name)
{
static $sections = array();
if (isset($sections[$name])) {
$f = $sectionss[$name];
} else {
$row = safe_row('descr', 'txp_section', "name='" . doSlash($name) . "'");
if (!$row) {
return;
}
$f = $row['descr'];
$sectionss[$name] = $f;
}
trace_add('[' . gTxt('section') . ': ' . $name . ']');
return $f;
}
function customer_edit($event, $step)
{
global $statuses, $comments_disabled_after, $step, $txp_user;
pagetop("Customer", $message);
//CSS FOR CUSTOMER EDIT
//==================================
echo n . '<style type="text/css">' . n . '.customerEdit legend{' . n . ' font-size: 11px;' . n . ' font-weight: bold;' . n . '}' . n . '.customerEdit label{' . n . ' float: left;' . n . ' width: 100px;' . n . ' text-align: right;' . n . ' padding: 5px;' . n . '}' . n . '.customerEdit br{' . n . ' clear: both;' . n . '}' . n . '.customerEdit input{' . n . ' margin: 5px 0 5px 0;' . n . ' font-size: 11px;' . n . '}' . n . '</style>';
doJS();
if (isset($_REQUEST['user_id'])) {
$user_id = $_REQUEST['user_id'];
$customer = safe_row("*", "txp_users", "user_id = {$user_id}");
extract($customer);
$step = "update_customer";
} else {
$step = "save_customer";
}
//DELETE CUSTOMER FORM
//====================================
echo n . n . '<form name="product" method="post" action="index.php" enctype="multipart/form-data" id="customerDelete">';
echo n . "<input type='hidden' name='user_id' value='{$user_id}'/>" . eInput('customers') . sInput('delete_customer');
echo n . n . '</form>';
echo n . n . '<form name="product" method="post" action="index.php" enctype="multipart/form-data">';
echo hInput('user_id', $user_id) . eInput('customers') . sInput($step) . '<input type="hidden" name="view" />' . startTable('edit') . '<tr>' . n;
//if ($view == 'text')
//{
//-- markup help --------------
echo '<td id="article-main">' . n;
echo "<fieldset class='customerEdit'>" . n . "<legend>Customer Details</legend>" . n . '<label for="name">Username</label>' . n . '<input id="name" name="name" value="' . $name . '"/>' . br . n . '<label for="email">Email</label>' . n . '<input id="email" name="email" value="' . $email . '"/>' . n . '<label for="billing_firstname">First name</label>' . n . '<input type="text" id="billing_firstname" name="billing_firstname" value="' . $billing_firstname . '"/>' . br . n . '<label for="billing_lastname">Last name</label>' . n . '<input type="text" id="billing_lastname" name="billing_lastname" value="' . $billing_lastname . '"/>' . br . n . '</fieldset>';
echo "<fieldset class='customerEdit'>" . n . "<legend>Billing Information</legend>" . n . '<label for="billing_company">Company</label>' . n . '<input type="text" id="billing_company" name="billing_company" value="' . $billing_company . '"/>' . br . n . '<label for="billing_address1">Address 1</label>' . n . '<input type="text" id="billing_address1" name="billing_address1" value="' . $billing_address1 . '"/>' . br . n . '<label for="billing_address2">Address 2</label>' . n . '<input type="text" id="billing_address2" name="billing_address2" value="' . $billing_address2 . '"/>' . br . n . '<label for="billing_city">City</label>' . n . '<input type="text" id="billing_city" name="billing_city" value="' . $billing_city . '"/>' . br . n . '<label for="billing_state">State</label>' . n . '<input type="text" id="billing_state" name="billing_state" value="' . $billing_state . '"/>' . br . n . '<label for="billing_zip">Zip/Postal Code</label>' . n . '<input type="text" id="billing_zip" name="billing_zip" value="' . $billing_zip . '"/>' . br . n . '<label for="billing_country">Country</label>' . n . '<input type="text" id="billing_country" name="billing_country" value="' . $billing_country . '"/>' . br . n . '<label for="billing_fax">Fax Number</label>' . n . '<input type="text" id="billing_fax" name="billing_fax" value="' . $billing_fax . '"/>' . br . n . '<label for="billing_phone">Phone Number</label>' . n . '<input type="text" id="billing_phone" name="billing_phone" value="' . $billing_phone . '"/>' . br . n . '<label for="shipping_same"> </label>';
if ($shipping_same_as_billing == "1") {
$checked = "checked='checked'";
} else {
$checked = '';
}
echo n . '<input type="checkbox" id="shipping_same" name="shipping_same_as_billing" value="' . $shipping_same_as_billing . '" ' . $checked . ' onclick="toggleShipping()"/> Shipping info same as billing' . br . n . '</fieldset>';
doJS();
if ($shipping_same_as_billing == "1") {
$display = "none";
} else {
$display = "block";
}
echo "<fieldset class='customerEdit' id='shippingInfo' style='display: {$display}'>" . n . "<legend>Shipping Information</legend>" . n . '<label for="shipping_company">Company</label>' . n . '<input type="text" id="shipping_company" name="shipping_company" value="' . $shipping_company . '"/>' . br . n . '<label for="shipping_firstname">First name</label>' . n . '<input type="text" id="shipping_firstname" name="shipping_firstname" value="' . $shipping_firstname . '"/>' . br . n . '<label for="shipping_lastname">Last name</label>' . n . '<input type="text" id="shipping_lastname" name="shipping_lastname" value="' . $shipping_lastname . '"/>' . br . n . '<label for="shipping_address1">Address 1</label>' . n . '<input type="text" id="shipping_address1" name="shipping_address1" value="' . $shipping_address1 . '"/>' . br . n . '<label for="shipping_address2">Address 2</label>' . n . '<input type="text" id="shipping_address2" name="shipping_address2" value="' . $shipping_address2 . '"/>' . br . n . '<label for="shipping_city">City</label>' . n . '<input type="text" id="shipping_city" name="shipping_city" value="' . $shipping_city . '"/>' . br . n . '<label for="shipping_state">State</label>' . n . '<input type="text" id="shipping_state" name="shipping_state" value="' . $shipping_state . '"/>' . br . n . '<label for="shipping_zip">Zip/Postal Code</label>' . n . '<input type="text" id="shipping_zip" name="shipping_zip" value="' . $shipping_zip . '"/>' . br . n . '<label for="shipping_country">Country</label>' . n . '<input type="text" id="shipping_country" name="shipping_country" value="' . $shipping_country . '"/>' . br . n . '<label for="shipping_fax">Fax Number</label>' . n . '<input type="text" id="shipping_fax" name="shipping_fax" value="' . $shipping_fax . '"/>' . br . n . '<label for="shipping_phone">Phone Number</label>' . n . '<input type="text" id="shipping_phone" name="shipping_phone" value="' . $shipping_phone . '"/>' . br . n . '</fieldset>';
echo '</td>';
echo '<td id="article-col-2" style="padding-top: 13px;">';
//start article-col-2
echo '<a href="?event=customers&step=edit_customer" class="navlink">Add new customer</a>';
if (isset($user_id)) {
echo n . br . br . '<a href="javascript:deleteCustomer()" style="color:#990000">Delete this customer</a>' . br . br;
} else {
echo br . br;
}
//-- publish button --------------
echo has_privs('article.publish') ? fInput('submit', 'publish', gTxt('save'), "publish", '', '', '', 4) : fInput('submit', 'publish', gTxt('save'), "publish", '', '', '', 4);
if ($user_id) {
$orders = safe_rows("*", "orders", "user_id = {$user_id} ORDER BY last_updated DESC");
if (count($orders) > 0) {
echo br . br . "<fieldset>" . n . '<legend>Order History</legend>' . n . '<ul class="plain-list">';
foreach ($orders as $order) {
echo n . '<li><a href="?event=orders&step=edit_order&id=' . $order['id'] . '">ORDER #' . $order['id'] . '</a></li>';
}
n . '</ul>';
echo '</fieldset>';
}
}
echo '</td></tr></table></form>';
}
function section_edit()
{
global $event, $step, $txp_user, $all_pages, $all_styles;
$name = gps('name');
$is_edit = $name && $step == 'section_edit';
if ($is_edit) {
$name = assert_string($name);
$rs = safe_row('*', 'txp_section', "name = '" . doSlash($name) . "'");
} else {
$rs = array_flip(getThings('describe `' . PFX . 'txp_section`'));
}
if ($rs) {
if (!has_privs('section.edit')) {
sec_section_list(gTxt('restricted_area'));
return;
}
pagetop(gTxt('tab_sections'));
extract($rs, EXTR_PREFIX_ALL, 'sec');
extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
$is_default_section = $is_edit && $sec_name == 'default';
$caption = gTxt($is_default_section ? 'edit_default_section' : ($is_edit ? 'edit_section' : 'create_section'));
if (!$is_edit) {
// Pulling out the radio items from the default entry might seem pointless since they can't be directly
// edited, but they will take on either:
// a) the default (SQL) values as defined at table creation time, or
// b) the values set when a multi-edit was performed that included the default section (because the values are silently updated then)
$default = doSlash(safe_row('page, css, on_frontpage, in_rss, searchable', 'txp_section', "name = 'default'"));
$sec_name = $sec_title = '';
$sec_page = $default['page'];
$sec_css = $default['css'];
$sec_on_frontpage = $default['on_frontpage'];
$sec_in_rss = $default['in_rss'];
$sec_searchable = $default['searchable'];
}
echo '<div id="' . $event . '_container" class="txp-container">';
echo form('<div class="txp-edit">' . hed($caption, 2) . ($is_default_section ? hInput('name', 'default') : inputLabel('section_name', fInput('text', 'name', $sec_name, '', '', '', INPUT_REGULAR, '', 'section_name'), 'section_name')) . ($is_default_section ? '' : inputLabel('section_title', fInput('text', 'title', $sec_title, '', '', '', INPUT_REGULAR, '', 'section_title'), 'section_longtitle')) . inputLabel('section_page', selectInput('section_page', $all_pages, $sec_page, '', '', 'section_page'), 'uses_page', 'section_uses_page') . inputLabel('section_css', selectInput('css', $all_styles, $sec_css, '', '', 'section_css'), 'uses_style', 'section_uses_css') . ($is_default_section ? '' : inputLabel('on_front_page', yesnoradio('on_frontpage', $sec_on_frontpage, '', $sec_name), '', 'section_on_frontpage')) . ($is_default_section ? '' : inputLabel('syndicate', yesnoradio('in_rss', $sec_in_rss, '', $sec_name), '', 'section_syndicate')) . ($is_default_section ? '' : inputLabel('include_in_search', yesnoradio('searchable', $sec_searchable, '', $sec_name), '', 'section_searchable')) . pluggable_ui('section_ui', 'extend_detail_form', '', $rs) . graf(fInput('submit', '', gTxt('save'), 'publish')) . eInput('section') . sInput('section_save') . hInput('old_name', $sec_name) . hInput('search_method', $search_method) . hInput('crit', $crit) . hInput('page', $page) . hInput('sort', $sort) . hInput('dir', $dir) . '</div>', '', '', 'post', 'edit-form', '', 'section_details');
echo '</div>';
}
}
