function staticpage_display($params, &$smarty)
{
global $serendipity;
if (empty($params['template'])) {
$params['template'] = 'plugin_staticpage.tpl';
}
if (empty($params['pagevar'])) {
$params['pagevar'] = 'staticpage_';
}
if (!empty($params['id'])) {
$where = "id = '" . serendipity_db_escape_string($params['id']) . "'";
} elseif (!empty($params['pagetitle'])) {
$where = "pagetitle = '" . serendipity_db_escape_string($params['pagetitle']) . "'";
} elseif (!empty($params['permalink'])) {
$where = "permalink = '" . serendipity_db_escape_string($params['permalink']) . "'";
} else {
$smarty->trigger_error(__FUNCTION__ . ": missing 'id', 'permalink' or 'pagetitle' parameter");
return;
}
if (!empty($params['authorid'])) {
$where .= " AND authorid = " . (int) $params['authorid'];
}
if (empty($params['query'])) {
$params['query'] = "SELECT *\n FROM {$serendipity['dbPrefix']}staticpages\n WHERE {$where}\n LIMIT 1";
}
$page = serendipity_db_query($params['query'], true, 'assoc');
if (is_array($page)) {
$old_staticpage = $serendipity['staticpage_plugin']->staticpage;
$serendipity['staticpage_plugin']->staticpage =& $page;
$serendipity['staticpage_plugin']->checkPage();
echo $serendipity['staticpage_plugin']->parseStaticPage($params['pagevar'], $params['template']);
$serendipity['staticpage_plugin']->staticpage = $old_staticpage;
return;
}
}
static function addEntryProperties($entryId, $supported_properties, &$properties, $deleteMissing = true)
{
global $serendipity;
// Get existing data
$property = serendipity_fetchEntryProperties($entryId);
foreach ($supported_properties as $prop_key) {
$prop_val = isset($properties[$prop_key]) ? $properties[$prop_key] : null;
if (!$deleteMissing && empty($prop_val)) {
continue;
}
// Don't clear data if not allowed.
$q = '';
if (!isset($property[$prop_key]) && !empty($prop_val)) {
if ($prop_val != '#') {
$q = "INSERT INTO {$serendipity['dbPrefix']}entryproperties (entryid, property, value) VALUES (" . (int) $entryId . ", '" . serendipity_db_escape_string($prop_key) . "', '" . serendipity_db_escape_string($prop_val) . "')";
}
} elseif ($property[$prop_key] != $prop_val && !empty($prop_val)) {
if ($prop_val == '#') {
$q = "DELETE FROM {$serendipity['dbPrefix']}entryproperties WHERE entryid = " . (int) $entryId . " AND property = '" . serendipity_db_escape_string($prop_key) . "'";
} else {
$q = "UPDATE {$serendipity['dbPrefix']}entryproperties SET value = '" . serendipity_db_escape_string($prop_val) . "' WHERE entryid = " . (int) $entryId . " AND property = '" . serendipity_db_escape_string($prop_key) . "'";
}
} elseif (empty($property[$prop_key])) {
$q = "DELETE FROM {$serendipity['dbPrefix']}entryproperties WHERE entryid = " . (int) $entryId . " AND property = '" . serendipity_db_escape_string($prop_key) . "'";
}
if (!empty($q)) {
serendipity_db_query($q);
}
}
}
function set_config($item, $value)
{
global $serendipity;
serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}options\n WHERE okey = 't_" . serendipity_db_escape_string($serendipity['template']) . "'\n AND name = '" . serendipity_db_escape_string($item) . "'");
serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}options (okey, name, value)\n VALUES ('t_" . serendipity_db_escape_string($serendipity['template']) . "', '" . serendipity_db_escape_string($item) . "', '" . serendipity_db_escape_string($value) . "')");
return true;
}
function generate_content(&$title)
{
global $serendipity;
$number = $this->get_config('number');
$showpicsonly = $this->get_config('showpicsonly');
if (!$number || !is_numeric($number) || $number < 1) {
$number = 5;
}
$title = PLUGIN_PHOTOBLOG_TITLE;
if (!isset($serendipity['GET']['id']) || !is_numeric($serendipity['GET']['id'])) {
$number = $number * $number + 1;
$entries = serendipity_db_query("SELECT id,\n title,\n timestamp\n FROM {$serendipity['dbPrefix']}entries\n WHERE isdraft = 'false'\n ORDER BY timestamp DESC\n LIMIT {$number}");
} else {
$id = serendipity_db_escape_string($serendipity['GET']['id']);
$entries1 = serendipity_db_query("SELECT id,\n title,\n timestamp\n FROM {$serendipity['dbPrefix']}entries\n WHERE isdraft = 'false'\n AND id > {$id}\n ORDER BY timestamp ASC\n LIMIT {$number}");
$number++;
$entries2 = serendipity_db_query("SELECT id,\n title,\n timestamp\n FROM {$serendipity['dbPrefix']}entries\n WHERE isdraft = 'false'\n AND id <= {$id}\n ORDER BY timestamp DESC\n LIMIT {$number}");
if (isset($entries1) && is_array($entries1) && isset($entries2) && is_array($entries2)) {
$entries = array_merge(array_reverse($entries1), $entries2);
} elseif (isset($entries1) && is_array($entries1)) {
$entries = array_reverse($entries1);
} elseif (isset($entries2) && is_array($entries2)) {
$entries = $entries2;
}
}
if (isset($entries) && is_array($entries)) {
foreach ($entries as $k => $entry) {
$entryLink = serendipity_archiveURL($entry['id'], $entry['title'], 'serendipityHTTPPath', true, array('timestamp' => $entry['timestamp']));
$photo = $this->getPhoto($entry['id']);
if ($showpicsonly == 'true' && isset($photo) || $showpicsonly != 'true') {
if (isset($photo)) {
$file = serendipity_fetchImageFromDatabase($photo['photoid']);
$imgsrc = $serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $file['path'] . $file['name'] . '.' . $file['thumbnail_name'] . '.' . $file['extension'];
$thumbbasename = $file['path'] . $file['name'] . '.' . $file['thumbnail_name'] . '.' . $file['extension'];
$thumbName = $serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $thumbbasename;
$thumbsize = @getimagesize($serendipity['serendipityPath'] . $serendipity['uploadPath'] . $thumbbasename);
}
echo '<a href="' . $entryLink . '" title="' . (function_exists('serendipity_specialchars') ? serendipity_specialchars($entry['title']) : htmlspecialchars($entry['title'], ENT_COMPAT, LANG_CHARSET)) . '">';
if (isset($photo)) {
echo '<img style="margin:5px;" src="' . $imgsrc . '" width=' . $thumbsize[0] . ' height=' . $thumbsize[1];
if (isset($id) && $id == $entry['id']) {
echo ' border=4';
}
echo ' />';
} else {
if (isset($id) && $id == $entry['id']) {
echo '<b>';
}
echo $entry['title'];
if (isset($id) && $id == $entry['id']) {
echo '</b>';
}
}
echo '</a><br />';
}
}
}
}
/**
* Create default groups, when migrating.
*
* @access private
*/
function serendipity_addDefaultGroups()
{
global $serendipity;
serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}groups");
serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}groupconfig");
serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}authorgroups");
serendipity_addDefaultGroup(USERLEVEL_EDITOR_DESC, USERLEVEL_EDITOR);
serendipity_addDefaultGroup(USERLEVEL_CHIEF_DESC, USERLEVEL_CHIEF);
serendipity_addDefaultGroup(USERLEVEL_ADMIN_DESC, USERLEVEL_ADMIN);
}
function showSearch()
{
global $serendipity;
$this->setupDB();
$term = serendipity_db_escape_string($serendipity['GET']['searchTerm']);
if ($serendipity['dbType'] == 'postgres') {
$group = '';
$distinct = 'DISTINCT';
$find_part = "(c.title ILIKE '%{$term}%' OR c.body ILIKE '%{$term}%')";
} elseif ($serendipity['dbType'] == 'sqlite') {
$group = 'GROUP BY id';
$distinct = '';
$term = serendipity_mb('strtolower', $term);
$find_part = "(lower(c.title) LIKE '%{$term}%' OR lower(c.body) LIKE '%{$term}%')";
} else {
$group = 'GROUP BY id';
$distinct = '';
$term = str_replace('"', '"', $term);
if (preg_match('@["\\+\\-\\*~<>\\(\\)]+@', $term)) {
$find_part = "MATCH(c.title,c.body) AGAINST('{$term}' IN BOOLEAN MODE)";
} else {
$find_part = "MATCH(c.title,c.body) AGAINST('{$term}')";
}
}
$querystring = "SELECT c.title AS ctitle, c.body, c.author, c.entry_id, c.timestamp AS ctimestamp, c.url, c.type,\n e.id, e.title, e.timestamp\n FROM {$serendipity['dbPrefix']}comments AS c\n LEFT OUTER JOIN {$serendipity['dbPrefix']}entries AS e\n ON e.id = c.entry_id\n WHERE c.status = 'approved'\n AND {$find_part}\n {$group}\n ORDER BY c.timestamp DESC";
$results = serendipity_db_query($querystring, false, 'assoc');
if (!is_array($results)) {
if ($results !== 1 && $results !== true) {
echo function_exists('serendipity_specialchars') ? serendipity_specialchars($results) : htmlspecialchars($results, ENT_COMPAT, LANG_CHARSET);
}
$results = array();
}
$myAddData = array("from" => "serendipity_plugin_commentsearch:generate_content");
foreach ($results as $idx => $result) {
$results[$idx]['permalink'] = serendipity_archiveURL($result['id'], $result['title'], 'baseURL', true, $result);
$results[$idx]['comment'] = $result['body'];
//(function_exists('serendipity_specialchars') ? serendipity_specialchars(strip_tags($result['body'])) : htmlspecialchars(strip_tags($result['body']), ENT_COMPAT, LANG_CHARSET));
serendipity_plugin_api::hook_event('frontend_display', $results[$idx], $myAddData);
// let the template decide, if we want to have tags or not
$results[$idx]['commenthtml'] = $results[$idx]['comment'];
$results[$idx]['comment'] = strip_tags($results[$idx]['comment']);
}
$serendipity['smarty']->assign(array('comment_searchresults' => count($results), 'comment_results' => $results));
$filename = 'plugin_commentsearch_searchresults.tpl';
$tfile = serendipity_getTemplateFile($filename, 'serendipityPath');
if (!$tfile) {
$tfile = dirname(__FILE__) . '/' . $filename;
}
$inclusion = $serendipity['smarty']->security_settings[INCLUDE_ANY];
$serendipity['smarty']->security_settings[INCLUDE_ANY] = true;
$content = $serendipity['smarty']->fetch('file:' . $tfile);
$serendipity['smarty']->security_settings[INCLUDE_ANY] = $inclusion;
echo $content;
}
static function table_created($table = PLUGIN_OEMBED_DATABASEVNAME)
{
global $serendipity;
$q = "select count(*) from {$serendipity['dbPrefix']}" . $table;
$row = serendipity_db_query($q, true, 'num');
if (!is_numeric($row[0])) {
// if the response we got back was an SQL error.. :P
return false;
} else {
return true;
}
}
/**
* Update table for re-ordering
*
* @access public
* @author Falk Doering
* @param string Name of the table
* @param string The direction ('up' or 'down')
* @param array The update array
* @param array The array containing the where clause
* @return boolean
*/
function doReorder($table, $moveto, $update_array, $where_array)
{
global $serendipity;
if (is_array($update_array) && is_array($where_array)) {
$where = '';
foreach ($where_array as $key => $value) {
if (strlen($where)) {
$where .= ' AND ';
}
$where .= $key . ' = ' . $value;
}
$q = 'SELECT ' . implode(", ", array_keys($update_array)) . '
FROM ' . $serendipity['dbPrefix'] . $table . '
WHERE ' . $where;
$old = serendipity_db_query($q, true, 'assoc');
if (is_array($old)) {
$where = array();
$update = array();
switch ($moveto) {
case 'up':
foreach ($update_array as $key => $value) {
if ($value) {
$where[$key] = $old[$key] - 1;
$update[$key] = $old[$key];
$update_1[$key] = $old[$key] - 1;
} else {
$where[$key] = $old[$key];
}
}
break;
case 'down':
foreach ($update_array as $key => $value) {
if ($value) {
$where[$key] = $old[$key] + 1;
$update[$key] = $old[$key];
$update_1[$key] = $old[$key] + 1;
} else {
$where[$key] = $old[$key];
}
}
break;
default:
return false;
}
serendipity_db_update($table, $where, $update);
serendipity_db_update($table, $where_array, $update_1);
return true;
}
}
return false;
}
function generate_content(&$title)
{
global $serendipity;
$title = THUMBPAGE_TITLE;
if ($serendipity['GET']['page'] != 'thumbs') {
return true;
}
if (!headers_sent()) {
header('HTTP/1.0 200');
header('Status: 200 OK');
}
$entries = serendipity_db_query("SELECT id,\n title,\n timestamp\n FROM {$serendipity['dbPrefix']}entries\n WHERE isdraft = 'false'\n ORDER BY timestamp DESC");
if (isset($entries) && is_array($entries)) {
$count = 0;
echo '<table><tr>';
foreach ($entries as $k => $entry) {
echo '<td align="center">';
$entryLink = serendipity_archiveURL($entry['id'], $entry['title'], 'serendipityHTTPPath', true, array('timestamp' => $entry['timestamp']));
$photo = $this->getPhoto($entry['id']);
if (isset($photo)) {
$file = serendipity_fetchImageFromDatabase($photo['photoid']);
$imgsrc = $serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $file['path'] . $file['name'] . '.' . $file['thumbnail_name'] . '.' . $file['extension'];
$thumbbasename = $file['path'] . $file['name'] . '.' . $file['thumbnail_name'] . '.' . $file['extension'];
$thumbName = $serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $thumbbasename;
$thumbsize = @getimagesize($serendipity['serendipityPath'] . $serendipity['uploadPath'] . $thumbbasename);
}
echo '<a href="' . $entryLink . '" title="' . (function_exists('serendipity_specialchars') ? serendipity_specialchars($entry['title']) : htmlspecialchars($entry['title'], ENT_COMPAT, LANG_CHARSET)) . '">';
if (isset($photo)) {
echo '<img style="margin:5px;" src="' . $imgsrc . '" width=' . $thumbsize[0] . ' height=' . $thumbsize[1];
if (isset($id) && $id == $entry['id']) {
echo ' border=4';
}
echo ' />';
} else {
if (isset($id) && $id == $entry['id']) {
echo '<b>';
}
echo $entry['title'];
if (isset($id) && $id == $entry['id']) {
echo '</b>';
}
}
echo '</a></td>';
if ($count++ >= $this->get_config('number') - 1) {
$count = 0;
echo "</tr><tr>";
}
}
echo "</tr></table>";
}
}
function event_hook($event, &$bag, &$eventData, $addData = null)
{
global $serendipity;
$hooks =& $bag->get('event_hooks');
if (isset($hooks[$event])) {
switch ($event) {
case 'frontend_display':
if ($bag->get('scrambles_true_content') && is_array($addData) && isset($addData['no_scramble'])) {
return true;
}
case 'frontend_display_cache':
$serendipity['encodeExitsCallback_entry_id'] = (int) (isset($eventData['entry_id']) ? $eventData['entry_id'] : $eventData['id']);
// Fetch all existing links from the database. They have been inserted there by our trackback-discovery.
if (empty($serendipity['encodeExitsCallback_entry_id'])) {
$this->links = array();
} else {
#echo "SELECT id, link FROM {$serendipity['dbPrefix']}references WHERE entry_id = {$serendipity['encodeExitsCallback_entry_id']} AND type = ''<br />\n";
$this->links = serendipity_db_query("SELECT id, link FROM {$serendipity['dbPrefix']}references WHERE entry_id = {$serendipity['encodeExitsCallback_entry_id']} AND (type = '' OR type IS NULL)", false, 'both', false, 'link', 'id');
#echo "<pre>" . print_r($this->links, true) . "</pre><br />\n";
}
foreach ($this->markup_elements as $temp) {
if (serendipity_db_bool($this->get_config($temp['name'], true)) && isset($eventData[$temp['element']]) && !$eventData['properties']['ep_disable_markup_' . $this->instance] && !isset($serendipity['POST']['properties']['disable_markup_' . $this->instance])) {
$element = $temp['element'];
$eventData[$element] = preg_replace_callback("#<a(.*)href=(\"|')http(s?)://([^\"']+)(\"|')([^>]*)>#isUm", array($this, '_encodeExitsCallback'), $eventData[$element]);
if ($temp['element'] == 'comment' && !empty($eventData['url'])) {
switch (trim($this->get_config('commentredirection'))) {
case 'bmi':
$eventData['url'] = 'http://bmi.pifo.biz/?' . $eventData['url'];
break;
case 's9y':
$eventData['url'] = $this->_encodeExitsCallback(array(1 => ' ', 2 => '"', 3 => '', 4 => $eventData['url'], 5 => '"'), true);
break;
case 'google':
$eventData['url'] = 'http://www.google.com/url?sa=D&q=' . $eventData['url'];
break;
default:
break;
}
}
}
}
return true;
break;
default:
return false;
}
} else {
return false;
}
}
function order_to_first()
{
global $serendipity;
// Fetch minimum sort_order value. This will be the new value of our current plugin.
$q = "SELECT MIN(sort_order) as sort_order_min FROM {$serendipity['dbPrefix']}plugins WHERE placement = '" . $addData['default_placement'] . "'";
$rs = serendipity_db_query($q, true, 'num');
// Fetch current sort_order of current plugin.
$q = "SELECT sort_order FROM {$serendipity['dbPrefix']}plugins WHERE name = '" . $this->instance . "'";
$cur = serendipity_db_query($q, true, 'num');
// Increase sort_order of all plugins before current plugin by one.
$q = "UPDATE {$serendipity['dbPrefix']}plugins SET sort_order = sort_order + 1 WHERE placement = '" . $addData['default_placement'] . "' AND sort_order < " . intval($cur[0]);
serendipity_db_query($q);
// Set current plugin as first plugin in queue.
$q = "UPDATE {$serendipity['dbPrefix']}plugins SET sort_order = " . intval($rs[0]) . " WHERE name = '" . $this->instance . "'";
serendipity_db_query($q);
}
/**
* Fetch a list of trackbacks for an entry
*
* @access public
* @param int The ID of the entry
* @param string How many trackbacks to show
* @param boolean If true, also non-approved trackbacks will be shown
* @return
*/
function &serendipity_fetchTrackbacks($id, $limit = null, $showAll = false)
{
global $serendipity;
if (!$showAll) {
$and = "AND status = 'approved'";
}
$query = "SELECT * FROM {$serendipity['dbPrefix']}comments WHERE entry_id = '" . (int) $id . "' AND (type = 'TRACKBACK' OR type = 'PINGBACK') {$and} ORDER BY id";
if (isset($limit)) {
$limit = serendipity_db_limit_sql($limit);
$query .= " {$limit}";
}
$comments = serendipity_db_query($query);
if (!is_array($comments)) {
return array();
}
return $comments;
}
function generate_content(&$title)
{
global $serendipity;
$title = $this->get_config('title', $this->title);
$authors_query = "SELECT realname, username, authorid FROM {$serendipity['dbPrefix']}authors";
$row_authors = serendipity_db_query($authors_query);
echo '<ul class="plainList">';
foreach ($row_authors as $entry) {
if (function_exists('serendipity_authorURL')) {
$entryLink = serendipity_authorURL($entry);
} else {
$entryLink = serendipity_rewriteURL(PATH_AUTHORS . '/' . serendipity_makePermalink(PERM_AUTHORS, array('id' => $entry['authorid'], 'title' => $entry['realname'])));
}
echo '<li><a href="' . $entryLink . '">' . $entry['realname'] . '</a></li>';
}
echo '</ul>';
}
/**
* Perform a query to insert an associative array into a specific SQL table
*
* You can pass a tablename and an array of input data to insert into an array.
*
* @access public
* @param string Name of the SQL table
* @param array Associative array of keys/values to insert into the table. Escaping is done automatically.
* @param string What do do with the SQL query (execute, display)
* @return array Returns the result of the SQL query
*/
function serendipity_db_insert($table, $values, $action = 'execute')
{
global $serendipity;
$names = implode(',', array_keys($values));
$vals = '';
foreach ($values as $k => $v) {
if (strlen($vals)) {
$vals .= ', ';
}
$vals .= '\'' . serendipity_db_escape_string($v) . '\'';
}
$q = "INSERT INTO {$serendipity['dbPrefix']}{$table} ({$names}) values ({$vals})";
if ($action == 'execute') {
return serendipity_db_query($q);
} else {
return $q;
}
}
function generate_content(&$title)
{
global $serendipity;
$title = $this->get_config('title');
$count = $this->get_config('count');
if ($count < 1) {
$count = 1;
}
$rows = serendipity_db_query("select {$serendipity['dbPrefix']}authors.username,\nSUM({$serendipity['dbPrefix']}karma.points) as score, SUM({$serendipity['dbPrefix']}karma.votes) as\nvotes,SUM({$serendipity['dbPrefix']}karma.points) / SUM({$serendipity['dbPrefix']}karma.votes) as overall FROM\n{$serendipity['dbPrefix']}entries, {$serendipity['dbPrefix']}karma, {$serendipity['dbPrefix']}authors WHERE {$serendipity['dbPrefix']}entries.id = {$serendipity['dbPrefix']}karma.entryid\nAND {$serendipity['dbPrefix']}authors.authorid = {$serendipity['dbPrefix']}entries.authorid " . "GROUP BY {$serendipity['dbPrefix']}authors.username ORDER BY score DESC; ");
echo "<table>";
echo "<tr><th style='background-color: #DDDDDD'>" . PLUGIN_KARMARANKING_AUTHOR . "</th>";
echo "<th style='background-color: #DDDDDD'>" . PLUGIN_KARMARANKING_TOTAL . "</th></tr>";
#var_dump($rows);
foreach ($rows as $row) {
echo "<tr><td>" . $row[0] . "</td><td style='text-align: center'>" . $row[1] . "</td></tr>";
}
echo "</table>";
}
function generate_content(&$title)
{
global $serendipity;
$title = $this->get_config('title', $this->title);
$timespan = $this->get_config('timespan', 30);
$type = $this->get_config('type', 'IMDB');
$q = "SELECT ep.entryid AS id, e.title, e.timestamp, ep.value as rating\n\n\t\t\t\t FROM {$serendipity['dbPrefix']}entryproperties AS ep\n\t\t\t\t JOIN {$serendipity['dbPrefix']}entries AS e\n\t\t\t\t ON e.id = ep.entryid\n\n\t\t\t\t WHERE ep.property = 'cr_{$type}_rating'\n\t\t\t\t AND e.timestamp > " . (time() - 86700 * (int) $timespan) . "\n\t\t\t\t ORDER BY ep.value DESC\n\t\t\t\t LIMIT 5";
$rows = serendipity_db_query($q);
if (!is_array($rows)) {
echo "No movies during the last {$timespan} days! Maybe I dropped dead.";
}
echo '<ol class="movie {$type}">';
foreach ($rows as $row) {
$url = serendipity_archiveURL($row['id'], $row['title'], 'serendipityHTTPPath', true, array('timestamp' => $row['timestamp']));
echo '<li><a href="' . $url . '">' . (function_exists('serendipity_specialchars') ? serendipity_specialchars($row['title']) : htmlspecialchars($row['title'], ENT_COMPAT, LANG_CHARSET)) . '</a> (' . $row['rating'] . ')</li>';
}
echo '</ol>';
}
<input type="hidden" name="serendipity[getstep]" value="3">
<?php
$config = serendipity_parseTemplate(S9Y_CONFIG_TEMPLATE);
serendipity_printConfigTemplate($config, $from, true, false, false);
?>
<div align="center"><input name="submit" type="submit" value="<?php
echo COMPLETE_INSTALLATION;
?>
" class="serendipityPrettyButton input_button"></div>
</form>
<?php
} elseif ((int) $serendipity['GET']['step'] == 3) {
$serendipity['dbPrefix'] = $_POST['dbPrefix'];
echo CHECK_DATABASE_EXISTS . '...';
$t = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}authors", false, 'both', false, false, false, true);
if (is_array($t)) {
echo ' <strong>' . THEY_DO . '</strong>, ' . WONT_INSTALL_DB_AGAIN;
echo '<br />';
echo '<br />';
} else {
echo ' <strong>' . THEY_DONT . '</strong>';
echo '<br />';
echo CREATE_DATABASE;
serendipity_installDatabase();
echo ' <strong>' . DONE . '</strong><br />';
echo sprintf(CREATING_PRIMARY_AUTHOR, htmlspecialchars($_POST['user'])) . '...';
$authorid = serendipity_addAuthor($_POST['user'], $_POST['pass'], $_POST['realname'], $_POST['email'], USERLEVEL_ADMIN, 1);
$mail_comments = serendipity_db_bool($_POST['want_mail']) ? 1 : 0;
serendipity_set_user_var('mail_comments', $mail_comments, $authorid);
serendipity_set_user_var('mail_trackbacks', $mail_comments, $authorid);
function event_hook($event, &$bag, &$eventData, $addData = null)
{
global $serendipity;
static $login_url = null;
if ($login_url === null) {
$login_url = $serendipity['baseURL'] . $serendipity['indexFile'] . '?/plugin/loginbox';
}
$hooks =& $bag->get('event_hooks');
if (isset($hooks[$event])) {
switch ($event) {
case 'frontend_saveComment':
if (!isset($serendipity['csuccess'])) {
$serendipity['csuccess'] = 'true';
}
if (serendipity_db_bool($this->get_config('registered_only')) && !serendipity_userLoggedIn() && $addData['source2'] != 'adduser') {
$eventData = array('allow_comments' => false);
$serendipity['messagestack']['comments'][] = PLUGIN_ADDUSER_REGISTERED_ONLY_REASON;
return false;
}
if (serendipity_db_bool($this->get_config('registered_only')) && !$this->inGroup() && $addData['source2'] != 'adduser') {
$eventData = array('allow_comments' => false);
$serendipity['messagestack']['comments'][] = PLUGIN_ADDUSER_REGISTERED_ONLY_REASON;
return false;
}
if (serendipity_db_bool($this->get_config('true_identities')) && !serendipity_userLoggedIn()) {
$user = str_replace(" b", '', $addData['name']);
$user = serendipity_db_escape_string(preg_replace('@\\s+@', ' ', trim($user)));
$user = trim($user);
$authors = serendipity_db_query("SELECT authorid FROM {$serendipity['dbPrefix']}authors WHERE realname = '" . $user . "'");
if (is_array($authors) && isset($authors[0]['authorid'])) {
$eventData = array('allow_comments' => false);
$serendipity['messagestack']['comments'][] = sprintf(PLUGIN_ADDUSER_REGISTERED_CHECK_REASON, $login_url, 'onclick="javascript:loginbox = window.open(this.href, \'loginbox\', \'width=300,height=300,locationbar=no,menubar=no,personalbar=no,statusbar=yes,status=yes,toolbar=no\'); return false;"');
}
}
break;
case 'external_plugin':
if ($eventData != 'loginbox') {
return true;
}
$out = array();
serendipity_plugin_api::hook_event('backend_login_page', $out);
serendipity_smarty_init();
$serendipity['smarty']->assign(array('loginform_add' => $out, 'loginform_url' => $login_url, 'loginform_user' => $_SESSION['serendipityUser'], 'loginform_mail' => $_SESSION['serendipityEmail'], 'close_window' => defined('LOGIN_ACTION'), 'is_logged_in' => serendipity_userLoggedIn(), 'is_error' => defined('LOGIN_ERROR')));
$filename = 'loginbox.tpl';
$tfile = serendipity_getTemplateFile($filename, 'serendipityPath');
if (!$tfile || $tfile == $filename) {
$tfile = dirname(__FILE__) . '/' . $filename;
}
$inclusion = $serendipity['smarty']->security_settings[INCLUDE_ANY];
$serendipity['smarty']->security_settings[INCLUDE_ANY] = true;
$serendipity['smarty']->display($tfile);
break;
case 'frontend_display':
if (serendipity_db_bool($this->get_config('registered_only')) && !serendipity_userLoggedIn()) {
$serendipity['messagestack']['comments'][] = sprintf(PLUGIN_ADDUSER_REGISTERED_ONLY_REASON, $serendipity['baseURL'] . $serendipity['indexFile'] . '?serendipity[subpage]=adduser', $serendipity['baseURL'] . 'serendipity_admin.php');
$eventData['allow_comments'] = false;
}
break;
case 'frontend_configure':
if (isset($serendipity['POST']['action']) && isset($serendipity['POST']['user']) && isset($serendipity['POST']['pass'])) {
serendipity_login();
if (serendipity_userLoggedIn()) {
define('LOGIN_ACTION', 'login');
header('X-s9y-auth: Login');
} else {
define('LOGIN_ERROR', true);
}
} elseif (isset($serendipity['POST']['action']) && isset($serendipity['POST']['logout'])) {
serendipity_logout();
if (!serendipity_userLoggedIn()) {
header('X-s9y-auth: Logout');
define('LOGIN_ACTION', 'logout');
}
}
if ((serendipity_db_bool($this->get_config('registered_only')) || serendipity_db_bool($this->get_config('true_identities'))) && $_SESSION['serendipityAuthedUser']) {
if (defined('IN_serendipity_admin') && $serendipity['GET']['adminAction'] == 'doEdit') {
// void
} else {
$serendipity['COOKIE']['name'] = isset($_SESSION['serendipityRealname']) ? $_SESSION['serendipityRealname'] : $_SESSION['serendipityUser'];
$serendipity['COOKIE']['email'] = $_SESSION['serendipityEmail'];
if ($serendipity['POST']['comment']) {
$serendipity['POST']['name'] = $serendipity['COOKIE']['name'];
$serendipity['POST']['email'] = $serendipity['COOKIE']['email'];
}
}
}
return true;
break;
case 'entry_display':
if ($serendipity['GET']['subpage'] == 'adduser' || $serendipity['POST']['subpage'] == 'adduser' || !empty($serendipity['GET']['adduser_activation']) || !empty($this->clean_page)) {
if (is_array($eventData)) {
$eventData['clean_page'] = true;
}
}
break;
case 'entries_header':
if ($serendipity['GET']['subpage'] == 'adduser' || $serendipity['POST']['subpage'] == 'adduser' || !empty($serendipity['GET']['adduser_activation'])) {
$this->clean_page = true;
$url = $serendipity['baseURL'] . $serendipity['indexFile'];
$hidden['subpage'] = 'adduser';
$username = substr($serendipity['POST']['adduser_user'], 0, 40);
$password = substr($serendipity['POST']['adduser_pass'], 0, 32);
$email = $serendipity['POST']['adduser_email'];
echo '<div id="adduser_form" style="padding-left: 4px; padding-right: 10px"><a id="adduser"></a>';
// Get the config from the sidebar plugin
$pair_config = array('userlevel' => USERLEVEL_EDITOR, 'no_create' => false, 'right_publish' => false, 'instructions' => $this->get_config('instructions', ''), 'usergroups' => array(), 'straight_insert' => false, 'approve' => false, 'use_captcha' => false);
$config = serendipity_db_query("SELECT name, value FROM {$serendipity['dbPrefix']}config WHERE name LIKE 'serendipity_plugin_adduser:%'");
if (is_array($config)) {
foreach ($config as $conf) {
$names = explode('/', $conf['name']);
if ($names[1] == 'instructions' && !empty($pair_config['instructions'])) {
continue;
}
if ($names[1] == 'usergroups') {
$ug = (array) explode(',', $conf['value']);
foreach ($ug as $cid) {
if ($cid === false || empty($cid)) {
continue;
}
$pair_config[$names[1]][$cid] = $cid;
}
} else {
$pair_config[$names[1]] = serendipity_get_bool($conf['value']);
}
}
}
if (!serendipity_common_adduser::adduser($username, $password, $email, $pair_config['userlevel'], $pair_config['usergroups'], $pair_config['no_create'], $pair_config['right_publish'], $pair_config['straight_insert'], $pair_config['approve'], $pair_config['use_captcha'])) {
serendipity_common_adduser::loginform($url, $hidden, $pair_config['instructions'], $username, $password, $email, $pair_config['use_captcha']);
}
echo '</div>';
}
return true;
break;
default:
return false;
}
} else {
return false;
}
}
function generate_content(&$title)
{
global $serendipity;
$title = $this->get_config('title', $this->title);
$max_entries = $this->get_config('max_entries');
$max_chars = $this->get_config('max_chars');
$wordwrap = $this->get_config('wordwrap');
$dateformat = $this->get_config('dateformat');
if (!$max_entries || !is_numeric($max_entries) || $max_entries < 1) {
$max_entries = 15;
}
if (!$max_chars || !is_numeric($max_chars) || $max_chars < 1) {
$max_chars = 120;
}
if (!$wordwrap || !is_numeric($wordwrap) || $wordwrap < 1) {
$wordwrap = 30;
}
if (!$dateformat || strlen($dateformat) < 1) {
$dateformat = '%a, %d.%m.%Y %H:%M';
}
$viewtype = '';
if ($this->get_config('viewmode') == 'comments') {
$viewtype .= ' AND co.type = \'NORMAL\'';
} elseif ($this->get_config('viewmode') == 'trackbacks') {
$viewtype .= ' AND (co.type = \'TRACKBACK\' OR co.type = \'PINGBACK\')';
}
$cond = array();
$cond['and'] = ' AND e.isdraft = \'false\' ';
if ($this->get_config('authorid') == 'login') {
serendipity_ACL_SQL($cond, true);
serendipity_plugin_api::hook_event('frontend_fetchentries', $cond, array('source' => 'entries'));
}
$q = 'SELECT co.body AS comment,
co.timestamp AS stamp,
co.author AS user,
e.title AS subject,
e.timestamp AS entrystamp,
e.id AS entry_id,
co.id AS comment_id,
co.type AS comment_type,
co.url AS comment_url,
co.title AS comment_title,
co.email AS comment_email
FROM ' . $serendipity['dbPrefix'] . 'comments AS co,
' . $serendipity['dbPrefix'] . 'entries AS e
' . $cond['joins'] . '
WHERE e.id = co.entry_id
AND NOT (co.type = \'TRACKBACK\' AND co.author = \'' . serendipity_db_escape_string($serendipity['blogTitle']) . '\' AND co.title != \'\')
AND co.status = \'approved\'
' . $viewtype . '
' . $cond['and'] . '
ORDER BY co.timestamp DESC
LIMIT ' . $max_entries;
$sql = serendipity_db_query($q);
// echo $q;
if ($sql && is_array($sql)) {
foreach ($sql as $key => $row) {
if (function_exists('mb_strimwidth')) {
$comment = mb_strimwidth(strip_tags($row['comment']), 0, $max_chars, " [...]", LANG_CHARSET);
} else {
$comments = wordwrap(strip_tags($row['comment']), $max_chars, '@@@', 1);
$aComment = explode('@@@', $comments);
$comment = $aComment[0];
if (count($aComment) > 1) {
$comment .= ' [...]';
}
}
$showurls = $this->get_config('showurls', 'trackbacks');
$isTrackBack = $row['comment_type'] == 'TRACKBACK' || $row['comment_type'] == 'PINGBACK';
if ($row['comment_url'] != '' && ($isTrackBack && ($showurls == 'trackbacks' || $showurls == 'all') || !$isTrackBack && ($showurls == 'comments' || $showurls == 'all'))) {
/* Fix invalid cases in protocoll part */
$row['comment_url'] = preg_replace('@^http://@i', 'http://', $row['comment_url']);
$row['comment_url'] = preg_replace('@^https://@i', 'https://', $row['comment_url']);
if (substr($row['comment_url'], 0, 7) != 'http://' && substr($row['comment_url'], 0, 8) != 'https://') {
$row['comment_url'] = 'http://' . $row['comment_url'];
}
$user = '******' . htmlspecialchars(strip_tags($row['comment_url'])) . '" title="' . htmlspecialchars(strip_tags($row['comment_title'])) . '">' . htmlspecialchars(strip_tags($row['user'])) . '</a>';
} else {
$user = htmlspecialchars(strip_tags($row['user']));
}
$user = trim($user);
if (empty($user)) {
$user = PLUGIN_COMMENTS_ANONYMOUS;
}
if (function_exists('mb_strimwidth')) {
$pos = 0;
$parts = array();
$enc = LANG_CHARSET;
$comment_len = mb_strlen($comment, $enc);
while ($pos < $comment_len) {
$part = mb_strimwidth($comment, $pos, $wordwrap, '', $enc);
$pos += mb_strlen($part, $enc);
$parts[] = $part;
}
$comment = implode("\n", $parts);
} else {
$comment = wordwrap($comment, $wordwrap, "\n", 1);
}
$entry = array('comment' => $comment, 'email' => $row['comment_email'], 'url' => $row['comment_url'], 'author' => $row['user']);
// Let's help the BBCOde plugin a bit:
if (class_exists('serendipity_event_bbcode')) {
$entry['comment'] = preg_replace('@((\\[.*)[\\n\\r]+(.*\\]))+@imsU', '\\2\\3', $entry['comment']);
$entry['comment'] = preg_replace('@((\\[.+\\].*)[\\r\\n]+(.*\\[/.+\\]))+@imsU', '\\2\\3', $entry['comment']);
}
$addData = array('from' => 'serendipity_plugin_comments:generate_content');
serendipity_plugin_api::hook_event('frontend_display', $entry, $addData);
printf('<div class="plugin_comment_wrap">' . PLUGIN_COMMENTS_ABOUT . '</div>', '<div class="plugin_comment_subject"><span class="plugin_comment_author">' . $user . '</span>', ' <a class="highlight" href="' . serendipity_archiveURL($row['entry_id'], $row['subject'], 'baseURL', true, array('timestamp' => $row['entrystamp'])) . '#c' . $row['comment_id'] . '" title="' . htmlspecialchars($row['subject']) . '">' . htmlspecialchars($row['subject']) . '</a></div>' . "\n" . '<div class="plugin_comment_date">' . htmlspecialchars(serendipity_strftime($dateformat, $row['stamp'])) . '</div>' . "\n" . '<div class="plugin_comment_body">' . strip_tags($entry['comment'], '<br /><img><a>') . '</div>' . "\n\n");
}
}
}
/**
* Send a comment notice to the admin/author of an entry
*
* @access public
* @param int ID of the comment that has been made
* @param string Author's email address to send the mail to
* @param string The name of the sender
* @param string The URL of the sender
* @param int The ID of the entry that has been commented
* @param string The title of the entry that has been commented
* @param string The text of the comment
* @param string The type of the comment (normal|trackback)
* @param boolean Toggle Whether comments to this entry need approval
* @return boolean Return success of sending the mails
*/
function serendipity_sendComment($comment_id, $to, $fromName, $fromEmail, $fromUrl, $id, $title, $comment, $type = 'NORMAL', $moderate_comment = false)
{
global $serendipity;
if (empty($fromName)) {
$fromName = ANONYMOUS;
}
$entryURI = serendipity_archiveURL($id, $title, 'baseURL');
$path = $type == 'TRACKBACK' ? 'trackback' : 'comment';
// Check for using Tokens
if ($serendipity['useCommentTokens']) {
$token = md5(uniqid(rand(), 1));
$path = $path . "_token_" . $token;
//Delete any comment tokens older than 1 week.
serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}options\n WHERE okey LIKE 'comment_%' AND name < " . (time() - 604800));
// Issue new comment moderation hash
serendipity_db_query("INSERT INTO {$serendipity['dbPrefix']}options (name, value, okey)\n VALUES ('" . time() . "', '" . $token . "', 'comment_" . $comment_id . "')");
}
$deleteURI = serendipity_rewriteURL(PATH_DELETE . '/' . $path . '/' . $comment_id . '/' . $id . '-' . serendipity_makeFilename($title) . '.html', 'baseURL');
$approveURI = serendipity_rewriteURL(PATH_APPROVE . '/' . $path . '/' . $comment_id . '/' . $id . '-' . serendipity_makeFilename($title) . '.html', 'baseURL');
if ($type == 'TRACKBACK') {
/******************* TRACKBACKS *******************/
$subject = ($moderate_comment ? '[' . REQUIRES_REVIEW . '] ' : '') . NEW_TRACKBACK_TO . ' ' . $title;
$text = sprintf(A_NEW_TRACKBACK_BLAHBLAH, $title) . "\n" . "\n" . REQUIRES_REVIEW . ': ' . ($moderate_comment ? YES : NO) . (isset($serendipity['moderate_reason']) ? ' (' . $serendipity['moderate_reason'] . ')' : '') . "\n" . LINK_TO_ENTRY . ': ' . $entryURI . "\n" . 'Weblog ' . NAME . ': ' . stripslashes($fromName) . "\n" . LINK_TO_REMOTE_ENTRY . ': ' . $fromUrl . "\n" . "\n" . EXCERPT . ':' . "\n" . strip_tags($comment) . "\n" . "\n" . '----' . "\n" . YOU_HAVE_THESE_OPTIONS . ($moderate_comment ? "\n" . str_repeat(' ', 2) . THIS_TRACKBACK_NEEDS_REVIEW : '') . "\n" . str_repeat(' ', 3) . str_pad(VIEW_ENTRY, 15) . ' -- ' . $entryURI . "\n" . str_repeat(' ', 3) . str_pad(DELETE_TRACKBACK, 15) . ' -- ' . $deleteURI . ($moderate_comment ? "\n" . str_repeat(' ', 3) . str_pad(APPROVE_TRACKBACK, 15) . ' -- ' . $approveURI : '');
} else {
/******************* COMMENTS *********************/
$subject = ($moderate_comment ? '[' . REQUIRES_REVIEW . '] ' : '') . NEW_COMMENT_TO . ' ' . $title;
$text = sprintf(A_NEW_COMMENT_BLAHBLAH, $serendipity['blogTitle'], $title) . "\n" . LINK_TO_ENTRY . ': ' . $entryURI . "\n" . "\n" . REQUIRES_REVIEW . ': ' . ($moderate_comment ? YES : NO) . (isset($serendipity['moderate_reason']) ? ' (' . $serendipity['moderate_reason'] . ')' : '') . "\n" . USER . ' ' . IP_ADDRESS . ': ' . $_SERVER['REMOTE_ADDR'] . "\n" . USER . ' ' . NAME . ': ' . $fromName . "\n" . USER . ' ' . EMAIL . ': ' . $fromEmail . "\n" . USER . ' ' . HOMEPAGE . ': ' . $fromUrl . "\n" . "\n" . COMMENTS . ': ' . "\n" . strip_tags($comment) . "\n" . "\n" . '----' . "\n" . YOU_HAVE_THESE_OPTIONS . ($moderate_comment ? "\n" . str_repeat(' ', 2) . THIS_COMMENT_NEEDS_REVIEW : '') . "\n" . str_repeat(' ', 3) . str_pad(VIEW_COMMENT, 15) . ' -- ' . $entryURI . '#c' . $comment_id . "\n" . str_repeat(' ', 3) . str_pad(DELETE_COMMENT, 15) . ' -- ' . $deleteURI . ($moderate_comment ? "\n" . str_repeat(' ', 3) . str_pad(APPROVE_COMMENT, 15) . ' -- ' . $approveURI : '');
}
return serendipity_sendMail($to, $subject, $text, $fromEmail, null, $fromName);
}
function generate_content(&$title)
{
global $serendipity;
$number = $this->get_config('number');
$dateformat = $this->get_config('dateformat');
$category = $this->get_config('category', 'none');
$show_where = $this->get_config('show_where', 'both');
if ($show_where == 'extended' && (!isset($serendipity['GET']['id']) || !is_numeric($serendipity['GET']['id']))) {
return false;
} else {
if ($show_where == 'overview' && isset($serendipity['GET']['id']) && is_numeric($serendipity['GET']['id'])) {
return false;
}
}
if ($category == '_cur') {
$category = $serendipity['GET']['category'];
if (empty($category) && !empty($serendipity['GET']['id'])) {
$entry = serendipity_fetchEntry('id', $serendipity['GET']['id']);
$category = $entry['categories'][0]['categoryid'];
}
}
$title = $this->get_config('title', $this->title);
$number_from_sw = $this->get_config('number_from');
$randomize = $this->get_config('randomize') == "yes" ? true : false;
$sql_condition = array();
$sql_condition['joins'] = '';
$sql_condition['and'] = '';
if ($category != 'none' && !empty($category)) {
$sql_categories = array();
if (is_numeric($category)) {
$sql_categories[] = $category;
} else {
$sql_categories = explode('^', $category);
}
$category_parts = array();
foreach ($sql_categories as $sql_category) {
$category_parts[] = "\n" . implode(' AND ', serendipity_fetchCategoryRange($sql_category));
}
$sql_condition['and'] .= ' AND (c.category_left BETWEEN ' . implode(' OR c.category_left BETWEEN ', $category_parts) . ')';
}
if (!$number || !is_numeric($number) || $number < 1) {
$number = 10;
}
$sql_number = serendipity_db_limit_sql($number);
$db = $serendipity['dbType'];
switch ($number_from_sw) {
case 'skip':
$sql_number = serendipity_db_limit_sql(serendipity_db_limit($serendipity['fetchLimit'], $number));
break;
}
if (!$dateformat || strlen($dateformat) < 1) {
$dateformat = '%A, %B %e %Y';
}
if ($randomize) {
if ($db == 'mysql' || $db == 'mysqli') {
$sql_order = "ORDER BY RAND()";
} else {
// SQLite and PostgreSQL support this, hooray.
$sql_order = "ORDER BY RANDOM()";
}
} else {
$sql_order = "ORDER BY timestamp DESC ";
}
$sql_condition['and'] .= "AND timestamp <= " . time();
serendipity_ACL_SQL($sql_condition, $category == 'none');
if (!stristr($sql_condition['joins'], $serendipity['dbPrefix'] . 'category')) {
$sql_condition['joins'] = ' LEFT OUTER JOIN ' . $serendipity['dbPrefix'] . 'category AS c ON ec.categoryid = c.categoryid ' . $sql_condition['joins'];
}
if (!stristr($sql_condition['joins'], $serendipity['dbPrefix'] . 'entrycat')) {
$sql_condition['joins'] = ' LEFT OUTER JOIN ' . $serendipity['dbPrefix'] . 'entrycat AS ec ON id = ec.entryid ' . $sql_condition['joins'];
}
$entries_query = "SELECT DISTINCT id,\n title,\n timestamp,\n epm.value AS multilingual_title\n FROM {$serendipity['dbPrefix']}entries AS e\n {$sql_condition['joins']}\n\n LEFT OUTER JOIN {$serendipity['dbPrefix']}entryproperties AS epm\n ON (epm.entryid = e.id AND epm.property = 'multilingual_title_" . $serendipity['lang'] . "')\n\n WHERE isdraft = 'false' {$sql_condition['and']}\n {$sql_order}\n {$sql_number}";
$entries = serendipity_db_query($entries_query);
if (is_string($entries)) {
echo $entries . "<br />\n";
echo $entries_query . "<br />\n";
}
if (isset($entries) && is_array($entries)) {
echo '<dl>' . "\n";
foreach ($entries as $k => $entry) {
if (!empty($entry['multilingual_title'])) {
$entry['title'] = $entry['multilingual_title'];
}
$entryLink = serendipity_archiveURL($entry['id'], $entry['title'], 'serendipityHTTPPath', true, array('timestamp' => $entry['timestamp']));
if (empty($entry['title'])) {
$entry['title'] = '#' . $entry['id'];
}
echo '<dt class="serendipity_recententries_entrylink"><a href="' . $entryLink . '" title="' . serendipity_specialchars($entry['title']) . '">' . serendipity_specialchars($entry['title']) . '</a></dt>' . "\n" . '<dd class="serendipity_recententries_entrydate serendipitySideBarDate">' . serendipity_specialchars(serendipity_strftime($dateformat, $entry['timestamp'])) . '</dd>' . "\n";
}
echo '</dl>' . "\n\n";
}
}
function log($logfile, $id, $switch, $reason, $comment)
{
global $serendipity;
$method = $this->get_config('logtype');
switch ($method) {
case 'file':
if (empty($logfile)) {
return;
}
if (strpos($logfile, '%') !== false) {
$logfile = strftime($logfile);
}
$fp = @fopen($logfile, 'a+');
if (!is_resource($fp)) {
return;
}
fwrite($fp, sprintf('[%s] - [%s: %s] - [#%s, Name "%s", E-Mail "%s", URL "%s", User-Agent "%s", IP %s] - [%s]' . "\n", date('Y-m-d H:i:s', serendipity_serverOffsetHour()), $switch, $reason, $id, str_replace("\n", ' ', $comment['name']), str_replace("\n", ' ', $comment['email']), str_replace("\n", ' ', $comment['url']), str_replace("\n", ' ', $_SERVER['HTTP_USER_AGENT']), $_SERVER['REMOTE_ADDR'], str_replace("\n", ' ', $comment['comment'])));
fclose($fp);
break;
case 'none':
return;
break;
case 'db':
default:
$q = sprintf("INSERT INTO {$serendipity['dbPrefix']}spamblocklog\n (timestamp, type, reason, entry_id, author, email, url, useragent, ip, referer, body)\n VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')", serendipity_serverOffsetHour(), serendipity_db_escape_string($switch), serendipity_db_escape_string($reason), serendipity_db_escape_string($id), serendipity_db_escape_string($comment['name']), serendipity_db_escape_string($comment['email']), serendipity_db_escape_string($comment['url']), substr(serendipity_db_escape_string($_SERVER['HTTP_USER_AGENT']), 0, 255), serendipity_db_escape_string($_SERVER['REMOTE_ADDR']), substr(serendipity_db_escape_string(isset($_SESSION['HTTP_REFERER']) ? $_SESSION['HTTP_REFERER'] : $_SERVER['HTTP_REFERER']), 0, 255), serendipity_db_escape_string($comment['comment']));
serendipity_db_query($q);
break;
}
}
function generate_content(&$title)
{
global $serendipity;
$title = $this->get_config('title', $this->title);
$to_lower = serendipity_db_bool($this->get_config('lowercase_tags', 'true'));
if ($this->get_config('max_tags', 0) != 0) {
$limit = "LIMIT " . $this->get_config('max_tags', 0);
} else {
$limit = '';
}
$query = "SELECT et.tag, count(et.tag) AS total\n FROM {$serendipity['dbPrefix']}entrytags AS et\n LEFT OUTER JOIN {$serendipity['dbPrefix']}entries AS e\n ON et.entryid = e.id\n WHERE e.isdraft = 'false' " . (!serendipity_db_bool($serendipity['showFutureEntries']) ? " AND e.timestamp <= " . time() : '') . "\n GROUP BY et.tag\n HAVING count(et.tag) >= " . $this->get_config('treshold_tag_count') . "\n ORDER BY total DESC {$limit}";
$rows = serendipity_db_query($query);
if (!is_array($rows)) {
return;
}
// not sure if we can optimize this loop... :/
// Probably through some SQL magick.
foreach ($rows as $r) {
if ($to_lower) {
// set to_lower for frontend sidebar list/clouds (new)
foreach ($r as &$t) {
if (function_exists('mb_strtolower')) {
$t = mb_strtolower($t);
} else {
$t = strtolower($t);
}
}
}
$tags[$r['tag']] = $r['total'];
}
if ($this->get_config('order_by') == 'tag') {
uksort($tags, 'strnatcasecmp');
serendipity_plugin_api::hook_event('sort', $tags);
} else {
if ($this->get_config('order_by') == 'total') {
serendipity_db_bool($this->get_config('sort_desc', 'false')) ? arsort($tags) : asort($tags);
}
}
$xml = serendipity_db_bool($this->get_config('show_xml', 'true'));
$nl = serendipity_db_bool($this->get_config('show_newline', 'true'));
$scaling = serendipity_db_bool($this->get_config('scale_tag', 'false'));
$useRotCanvas = serendipity_db_bool($this->get_config('use_rotacloud', 'false'));
$useWordCloud = serendipity_db_bool($this->get_config('use_wordcloud', 'false'));
serendipity_event_freetag::displayTags($tags, $xml, $nl, $scaling, $this->get_config('max_percent', 300), $this->get_config('min_percent', 100), serendipity_db_bool($this->get_config('use_flash')), serendipity_db_bool($this->get_config('flash_bg_trans', 'false')), $this->get_config('flash_tag_color', 'ff6600'), $this->get_config('flash_bg_color', 'ffffff'), $this->get_config('flash_width', 190), $this->get_config('flash_speed', 100), $this->get_config('taglink'), $this->get_config('template'), $this->get_config('xml_image', 'img/xml.gif'), $useRotCanvas, $this->get_config('rotacloud_tag_color', '3E5F81'), $this->get_config('rotacloud_tag_border_color', 'B1C1D1'), $this->get_config('rotacloud_width', '300'), $useWordCloud);
}
function import()
{
global $serendipity;
// Save this so we can return it to its original value at the end of this method.
$noautodiscovery = isset($serendipity['noautodiscovery']) ? $serendipity['noautodiscovery'] : false;
if ($this->data['autodiscovery'] == 'false') {
$serendipity['noautodiscovery'] = 1;
}
$this->getTransTable();
$this->data['prefix'] = serendipity_db_escape_string($this->data['prefix']);
$users = array();
$categories = array();
$entries = array();
if (!extension_loaded('pgsql')) {
return PGSQL_REQUIRED;
}
$wpdb = pg_connect("{$this->data}['host'], {$this->data}['port'], {$this->data}['user'], {$this->data}['pass'], {$this->data}['name']");
if (!$wpdb) {
return sprintf(PGSQL_COULDNT_CONNECT, $this->data['pass']);
}
/* Users */
$res = pg_query($wpdb, "SELECT ID, user_login, user_pass, user_email, user_level FROM {$this->data['prefix']}users;");
if (!$res) {
return sprintf(COULDNT_SELECT_USER_INFO, pg_last_error($wpdb));
}
for ($x = 0; $x < pg_num_rows($res); $x++) {
$users[$x] = pg_fetch_assoc($res);
$data = array('right_publish' => $users[$x]['user_level'] >= 1 ? 1 : 0, 'realname' => $users[$x]['user_login'], 'username' => $users[$x]['user_login'], 'password' => $users[$x]['user_pass']);
// WP uses md5, too.
if ($users[$x]['user_level'] <= 1) {
$data['userlevel'] = USERLEVEL_EDITOR;
} elseif ($users[$x]['user_level'] < 5) {
$data['userlevel'] = USERLEVEL_CHIEF;
} else {
$data['userlevel'] = USERLEVEL_ADMIN;
}
if ($serendipity['serendipityUserlevel'] < $data['userlevel']) {
$data['userlevel'] = $serendipity['serendipityUserlevel'];
}
serendipity_db_insert('authors', $this->strtrRecursive($data));
$users[$x]['authorid'] = serendipity_db_insert_id('authors', 'authorid');
}
/* Categories */
$res = @pg_query($wpdb, "SELECT cat_ID, cat_name, category_description, category_parent FROM {$this->data['prefix']}categories ORDER BY category_parent, cat_ID;");
if (!$res) {
return sprintf(COULDNT_SELECT_CATEGORY_INFO, pg_last_error($wpdb));
}
// Get all the info we need
for ($x = 0; $x < pg_num_rows($res); $x++) {
$categories[] = pg_fetch_assoc($res);
}
// Insert all categories as top level (we need to know everyone's ID before we can represent the hierarchy).
for ($x = 0; $x < sizeof($categories); $x++) {
$cat = array('category_name' => $categories[$x]['cat_name'], 'category_description' => $categories[$x]['category_description'], 'parentid' => 0, 'category_left' => 0, 'category_right' => 0);
serendipity_db_insert('category', $this->strtrRecursive($cat));
$categories[$x]['categoryid'] = serendipity_db_insert_id('category', 'categoryid');
}
// There has to be a more efficient way of doing this...
foreach ($categories as $cat) {
if ($cat['category_parent'] != 0) {
// Find the parent
$par_id = 0;
foreach ($categories as $possible_par) {
if ($possible_par['cat_ID'] == $cat['category_parent']) {
$par_id = $possible_par['categoryid'];
break;
}
}
if ($par_id != 0) {
serendipity_db_query("UPDATE {$serendipity['dbPrefix']}category SET parentid={$par_id} WHERE categoryid={$cat['categoryid']};");
}
// else { echo "D'oh! " . random_string_of_profanity(); }
}
}
serendipity_rebuildCategoryTree();
/* Entries */
$res = @pg_query($wpdb, "SELECT * FROM {$this->data['prefix']}posts ORDER BY post_date;");
if (!$res) {
return sprintf(COULDNT_SELECT_ENTRY_INFO, pg_last_error($wpdb));
}
for ($x = 0; $x < pg_num_rows($res); $x++) {
$entries[$x] = pg_fetch_assoc($res);
$entry = array('title' => $this->decode($entries[$x]['post_title']), 'isdraft' => $entries[$x]['post_status'] == 'publish' ? 'false' : 'true', 'allow_comments' => $entries[$x]['comment_status'] == 'open' ? 'true' : 'false', 'timestamp' => strtotime($entries[$x]['post_date']), 'body' => $this->strtr($entries[$x]['post_content']));
foreach ($users as $user) {
if ($user['ID'] == $entries[$x]['post_author']) {
$entry['authorid'] = $user['authorid'];
break;
}
}
if (!is_int($entries[$x]['entryid'] = serendipity_updertEntry($entry))) {
return $entries[$x]['entryid'];
}
}
/* Entry/category */
$res = @pg_query($wpdb, "SELECT * FROM {$this->data['prefix']}post2cat;");
if (!$res) {
return sprintf(COULDNT_SELECT_ENTRY_INFO, pg_last_error($wpdb));
}
while ($a = pg_fetch_assoc($res)) {
foreach ($categories as $category) {
if ($category['cat_ID'] == $a['category_id']) {
foreach ($entries as $entry) {
if ($a['post_id'] == $entry['ID']) {
$data = array('entryid' => $entry['entryid'], 'categoryid' => $category['categoryid']);
serendipity_db_insert('entrycat', $this->strtrRecursive($data));
break;
}
}
break;
}
}
}
/* Comments */
$res = @pg_query($wpdb, "SELECT * FROM {$this->data['prefix']}comments;");
if (!$res) {
return sprintf(COULDNT_SELECT_COMMENT_INFO, pg_last_error($wpdb));
}
while ($a = pg_fetch_assoc($res)) {
foreach ($entries as $entry) {
if ($entry['ID'] == $a['comment_post_ID']) {
$comment = array('entry_id ' => $entry['entryid'], 'parent_id' => 0, 'timestamp' => strtotime($a['comment_date']), 'author' => $a['comment_author'], 'email' => $a['comment_author_email'], 'url' => $a['comment_author_url'], 'ip' => $a['comment_author_IP'], 'status' => empty($a['comment_approved']) || $a['comment_approved'] == '1' ? 'approved' : 'pending', 'subscribed' => 'false', 'body' => $a['comment_content'], 'type' => 'NORMAL');
serendipity_db_insert('comments', $this->strtrRecursive($comment));
if ($comment['status'] == 'approved') {
$cid = serendipity_db_insert_id('comments', 'id');
serendipity_approveComment($cid, $entry['entryid'], true);
}
}
}
}
$serendipity['noautodiscovery'] = $noautodiscovery;
// That was fun.
return true;
}
/**
* Check if Honey Pot or Captcha have been filled correctly (or if any
* other indications for spam can be found).
*
* @param array $eventData
* @param array $addData
* @return bool
*/
function checkComment(&$eventData, &$addData)
{
global $serendipity;
if ("NORMAL" == $addData['type']) {
// only supported for normal comments
// Check for Honey Pot:
$phone = $serendipity['POST']['phone'];
if ($this->useHoneyPot && (!empty($phone) || $phone == '0')) {
if (mb_strlen($phone) > 40) {
$phone = mb_substr($phone, 0, 40) . '..';
}
$this->spamlog($eventData['id'], 'REJECTED', "BEE Honeypot [" . $phone . "]", $addData);
$eventData = array('allow_comments' => false);
return false;
}
// Check hidden Captcha
if (PLUGIN_EVENT_SPAMBLOCK_SWTCH_OFF != $this->hiddenCaptchaHandle) {
$answer = trim(strtolower($serendipity['POST']['beecaptcha']));
$correctAnswer = $this->getCaptchaAnswer();
$correctAnswer['answer'] = strtolower($correctAnswer['answer']);
$isCorrect = false;
// If provided answer is longer than 1000 characters and RegExp matching is on,
// reject comment for security reasons (minimize risk of ReDoS)
if ($this->useRegularExpressions && mb_strlen($answer) > 1000) {
$this->processComment($this->hiddenCaptchaHandle, $eventData, $addData, PLUGIN_EVENT_SPAMBLOCK_BEE_ERROR_HCAPTCHA, "BEE HiddenCaptcha [ Captcha input too long ]");
return false;
}
if ($this->captchaQuestionType == 'custom' && $this->useRegularExpressions) {
// Sanitize regular expression and remove answer part
$pattern = preg_replace('/^\\s*\\/(.*)\\/\\s*[imsxeADSUXJu]*\\s*$/s', '$1', $correctAnswer['pattern']);
// Try to match pattern with given answer
$match = @preg_match('/' . $pattern . '/si', $answer);
// If pattern contains errors, fall back to basic string comparison
if ($match === false) {
$this->useRegularExpressions = false;
} else {
$isCorrect = $match === 1;
}
}
if ($this->captchaQuestionType != 'custom' || !$this->useRegularExpressions) {
$isCorrect = $answer == $correctAnswer['answer'];
}
// Also allow numbers as words
if (!$isCorrect && $this->captchaQuestionType == 'math') {
$number = $this->generateNumberString($correctAnswer['answer']);
$isCorrect = $answer == $number && $number != 'ERROR';
}
if (!$isCorrect) {
if (mb_strlen($answer) > 40) {
$answer = mb_substr($answer, 0, 40) . '..';
}
$this->processComment($this->hiddenCaptchaHandle, $eventData, $addData, PLUGIN_EVENT_SPAMBLOCK_BEE_ERROR_HCAPTCHA, "BEE HiddenCaptcha [ {$correctAnswer['answer']} != {$answer} ]");
return $isCorrect;
}
}
// AntiSpam check, the general spamblock supports, too: Only if spamblock is not installed.
if (!class_exists('serendipity_event_spamblock')) {
// Check for required fields. Don't log but tell the user about the fields.
$required_fields = $this->get_config('required_fields', '');
if (!empty($required_fields)) {
$required_field_list = explode(',', $required_fields);
foreach ($required_field_list as $required_field) {
$required_field = trim($required_field);
if (empty($addData[$required_field])) {
$this->reject($eventData, $addData, sprintf(PLUGIN_EVENT_SPAMBLOCK_BEE_REASON_REQUIRED_FIELD, $required_field));
return false;
}
}
}
}
}
// AntiSpam check, the general spamblock supports, too: Only if spamblock is not installed.
if (!class_exists('serendipity_event_spamblock')) {
// Check if entry title is the same as comment body
$spamHandle = $this->get_config('entrytitle', PLUGIN_EVENT_SPAMBLOCK_SWTCH_REJECT);
if (PLUGIN_EVENT_SPAMBLOCK_SWTCH_OFF != $spamHandle) {
// Remove the blog name from the comment which might be in <title>
$comment = str_replace($serendipity['blogTitle'], '', $addData['comment']);
$comment = str_replace($eventData['title'], '', $comment);
// Now blog- and entry title was stripped from comment.
// Remove special letters, that might have been between them:
$comment = trim(preg_replace('@[\\s\\-_:\\(\\)\\|/]*@', '', $comment));
// Now that we stripped blog and entry title: Do we have an empty comment?
if (empty($comment)) {
$this->processComment($spamHandle, $eventData, $addData, PLUGIN_EVENT_SPAMBLOCK_BEE_ERROR_BODY, "BEE Body the same as title");
return false;
}
}
// This check loads from DB, so do it last!
// Check if we already have a comment with the same body. (it's a reload normaly)
$spamHandle = $this->get_config('samebody', PLUGIN_EVENT_SPAMBLOCK_SWTCH_REJECT);
if (PLUGIN_EVENT_SPAMBLOCK_SWTCH_OFF != $spamHandle) {
$query = "SELECT count(id) AS counter FROM {$serendipity['dbPrefix']}comments WHERE type = '" . $addData['type'] . "' AND body = '" . serendipity_db_escape_string($addData['comment']) . "'";
// This is a little different to the normal Spam Plugin:
// We allow the same comment, if it is a trackback, but never on the same article
// (One article sending trackbacks to more than one local article)
if ($addData['type'] == 'PINGBACK' || $addData['type'] == 'TRACKBACK') {
$query .= ' AND entry_id=' . $eventData['id'];
}
$row = serendipity_db_query($query, true);
if (is_array($row) && $row['counter'] > 0) {
$this->processComment($spamHandle, $eventData, $addData, PLUGIN_EVENT_SPAMBLOCK_BEE_ERROR_BODY, "BEE Body already saved");
return false;
}
}
}
return true;
}
/**
* Moves a media directory
*
* @param string The old directory
* @param string The new directory
* @param string The type of what to remove (dir|file|filedir)
* @param string An item id of a file
* @return boolean
*
*/
function serendipity_moveMediaDirectory($oldDir, $newDir, $type = 'dir', $item_id = null, $file = null)
{
global $serendipity;
$real_oldDir = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $oldDir;
$real_newDir = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $newDir;
if ($type == 'dir') {
if (!is_dir($real_oldDir)) {
printf(ERROR_FILE_NOT_EXISTS . '<br />', $oldDir);
return false;
}
if (is_dir($real_newDir)) {
printf(ERROR_FILE_EXISTS . '<br />', $newDir);
return false;
}
if (!rename($real_oldDir, $real_newDir)) {
printf(MEDIA_DIRECTORY_MOVE_ERROR . '<br />', $newDir);
return false;
}
printf(MEDIA_DIRECTORY_MOVED . '<br />', $newDir);
$dirs = serendipity_db_query("SELECT id, path\n FROM {$serendipity['dbPrefix']}images\n WHERE path LIKE '" . serendipity_db_escape_string($oldDir) . "%'", false, 'assoc');
if (is_array($dirs)) {
foreach ($dirs as $dir) {
$old = $dir['path'];
$new = preg_replace('@^(' . preg_quote($oldDir) . ')@i', $newDir, $old);
serendipity_db_query("UPDATE {$serendipity['dbPrefix']}images\n SET path = '" . serendipity_db_escape_string($new) . "'\n WHERE id = {$dir['id']}");
}
}
$dirs = serendipity_db_query("SELECT groupid, artifact_id, artifact_type, artifact_mode, artifact_index\n FROM {$serendipity['dbPrefix']}access\n WHERE artifact_type = 'directory'\n AND artifact_index LIKE '" . serendipity_db_escape_string($oldDir) . "%'", false, 'assoc');
if (is_array($dirs)) {
foreach ($dirs as $dir) {
$old = $dir['artifact_index'];
$new = preg_replace('@^(' . preg_quote($oldDir) . ')@i', $newDir, $old);
serendipity_db_query("UPDATE {$serendipity['dbPrefix']}access\n SET artifact_index = '" . serendipity_db_escape_string($new) . "'\n WHERE groupid = '" . serendipity_db_escape_string($dir['groupid']) . "'\n AND artifact_id = '" . serendipity_db_escape_string($dir['artifact_id']) . "'\n AND artifact_type = '" . serendipity_db_escape_string($dir['artifact_type']) . "'\n AND artifact_mode = '" . serendipity_db_escape_string($dir['artifact_mode']) . "'\n AND artifact_index = '" . serendipity_db_escape_string($dir['artifact_index']) . "'");
}
}
}
if ($type == 'file') {
if (serendipity_isActiveFile(basename($newDir))) {
printf(ERROR_FILE_FORBIDDEN, htmlspecialchars($newDir));
return false;
}
if ($file['hotlink']) {
serendipity_updateImageInDatabase(array('realname' => $newDir, 'name' => $newDir), $item_id);
} else {
$file_new = $file['path'] . $newDir . '.';
$file_old = $file['path'] . $file['name'] . '.';
$newfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $file_new . $file['extension'];
$oldfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $file_old . $file['extension'];
if ($newDir != '' && file_exists($oldfile) && !file_exists($newfile)) {
$renameValues = array(array('from' => $oldfile, 'to' => $newfile, 'thumb' => $serendipity['thumbSuffix'], 'fthumb' => $file['thumbnail_name'], 'oldDir' => $oldDir, 'newDir' => $newDir, 'type' => $type, 'item_id' => $item_id, 'file' => $file));
serendipity_plugin_api::hook_event('backend_media_rename', $renameValues);
// Rename file
rename($renameValues[0]['from'], $renameValues[0]['to']);
foreach ($renameValues as $renameData) {
// Rename thumbnail
rename($serendipity['serendipityPath'] . $serendipity['uploadPath'] . $file['path'] . $file['name'] . (!empty($renameData['fthumb']) ? '.' . $renameData['fthumb'] : '') . '.' . $file['extension'], $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $file['path'] . $newDir . '.' . $renameData['thumb'] . '.' . $file['extension']);
}
serendipity_updateImageInDatabase(array('thumbnail_name' => $renameValues[0]['thumb'], 'realname' => $newDir, 'name' => $newDir), $item_id);
$oldDir = $file_old;
$newDir = $file_new;
$real_oldDir = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $oldDir;
$real_newDir = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $newDir;
// Forward user to overview (we don't want the user's back button to rename things again)
} else {
if (!file_exists($oldfile)) {
echo ERROR_FILE_NOT_EXISTS;
} elseif (file_exists($newfile)) {
echo ERROR_FILE_EXISTS;
} else {
echo ERROR_SOMETHING;
}
return false;
}
}
} elseif ($type == 'filedir') {
serendipity_db_query("UPDATE {$serendipity['dbPrefix']}images\n SET path = '" . serendipity_db_escape_string($newDir) . "'\n WHERE id = " . (int) $item_id);
$pick = serendipity_db_query("SELECT * FROM {$serendipity['dbPrefix']}images\n WHERE id = " . (int) $item_id, true, 'assoc');
// Move thumbs
$oldfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $oldDir . $pick['name'] . '.' . $pick['extension'];
$newfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $newDir . $pick['name'] . '.' . $pick['extension'];
$renameValues = array(array('from' => $oldfile, 'to' => $newfile, 'thumb' => $serendipity['thumbSuffix'], 'fthumb' => $pick['thumbnail_name'], 'oldDir' => $oldDir, 'newDir' => $newDir, 'type' => $type, 'item_id' => $item_id, 'file' => $file, 'name' => $pick['name']));
serendipity_plugin_api::hook_event('backend_media_rename', $renameValues);
// Rename file
rename($renameValues[0]['from'], $renameValues[0]['to']);
foreach ($renameValues as $renameData) {
// Rename thumbnail
rename($serendipity['serendipityPath'] . $serendipity['uploadPath'] . $oldDir . $pick['name'] . (!empty($renameData['fthumb']) ? '.' . $renameData['fthumb'] : '') . '.' . $pick['extension'], $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $newDir . $pick['name'] . '.' . $renameData['thumb'] . '.' . $pick['extension']);
}
$oldDir .= $pick['name'];
$newDir .= $pick['name'];
} elseif ($type == 'dir') {
$renameValues = array(array('from' => $oldfile, 'to' => $newfile, 'thumb' => $serendipity['thumbSuffix'], 'fthumb' => $file['thumbnail_name'], 'oldDir' => $oldDir, 'newDir' => $newDir, 'type' => $type, 'item_id' => $item_id, 'file' => $file));
serendipity_plugin_api::hook_event('backend_media_rename', $renameValues);
}
// Only MySQL supported, since I don't know how to use REGEXPs differently.
if ($serendipity['dbType'] != 'mysql' && $serendipity['dbType'] != 'mysqli') {
echo MEDIA_DIRECTORY_MOVE_ENTRY . '<br />';
return true;
}
$q = "SELECT id, body, extended\n FROM {$serendipity['dbPrefix']}entries\n WHERE body REGEXP '(src=|href=|window.open.)(\\'|\")(" . serendipity_db_escape_String($serendipity['baseURL'] . $serendipity['uploadHTTPPath'] . $oldDir) . "|" . serendipity_db_escape_string($serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $oldDir) . ")'\n OR extended REGEXP '(src=|href=|window.open.)(\\'|\")(" . serendipity_db_escape_String($serendipity['baseURL'] . $serendipity['uploadHTTPPath'] . $oldDir) . "|" . serendipity_db_escape_string($serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $oldDir) . ")'\n ";
$dirs = serendipity_db_query($q);
if (is_array($dirs)) {
foreach ($dirs as $dir) {
$dir['body'] = preg_replace('@(src=|href=|window.open.)(\'|")(' . preg_quote($serendipity['baseURL'] . $serendipity['uploadHTTPPath'] . $oldDir) . '|' . preg_quote($serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $oldDir) . ')@', '\\1\\2' . $serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $newDir, $dir['body']);
$dir['extended'] = preg_replace('@(src=|href=|window.open.)(\'|")(' . preg_quote($serendipity['baseURL'] . $serendipity['uploadHTTPPath'] . $oldDir) . '|' . preg_quote($serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $oldDir) . ')@', '\\1\\2' . $serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $newDir, $dir['extended']);
$uq = "UPDATE {$serendipity['dbPrefix']}entries\n SET body = '" . serendipity_db_escape_string($dir['body']) . "' ,\n extended = '" . serendipity_db_escape_string($dir['extended']) . "'\n WHERE id = " . serendipity_db_escape_string($dir['id']);
serendipity_db_query($uq);
}
printf(MEDIA_DIRECTORY_MOVE_ENTRIES . '<br />', count($dirs));
}
return true;
}
function verify()
{
global $serendipity;
$url = 'https://browserid.org/verify';
$assert = $_POST['assert'];
$params = 'assertion=' . $assert . '&audience=' . urlencode($serendipity['baseURL']);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 2);
curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
$result = curl_exec($ch);
curl_close($ch);
$response = json_decode($result);
if (isset($response) && $response->status == 'okay') {
$email = $response->email;
$audience = $response->audience;
if ($audience != $serendipity['baseURL']) {
// The login has the wrong host!
$response->status = 'errorhost';
$response->message = "Internal error logging you in (wrong host: {$audience})";
$_SESSION['serendipityAuthedUser'] = false;
@session_destroy();
} else {
// host ist correct, check what we have with this email
$password = md5($email);
$query = "SELECT DISTINCT a.email, a.authorid, a.userlevel, a.right_publish, a.realname\r\n FROM\r\n {$serendipity['dbPrefix']}authors AS a\r\n WHERE\r\n a.email = '{$email}'";
$row = serendipity_db_query($query, true, 'assoc');
if (is_array($row)) {
serendipity_setCookie('old_session', session_id());
serendipity_setAuthorToken();
$_SESSION['serendipityUser'] = $serendipity['serendipityUser'] = $row['realname'];
$_SESSION['serendipityPassword'] = $serendipity['serendipityPassword'] = $password;
$_SESSION['serendipityEmail'] = $serendipity['serendipityEmail'] = $email;
$_SESSION['serendipityAuthorid'] = $serendipity['authorid'] = $row['authorid'];
$_SESSION['serendipityUserlevel'] = $serendipity['serendipityUserlevel'] = $row['userlevel'];
$_SESSION['serendipityAuthedUser'] = $serendipity['serendipityAuthedUser'] = true;
$_SESSION['serendipityRightPublish'] = $serendipity['serendipityRightPublish'] = $row['right_publish'];
// Prevent session manupulation:
$_SESSION['serendipityBrowserID'] = $this->get_install_token();
serendipity_load_configuration($serendipity['authorid']);
} else {
// No user found for that email!
$response->status = 's9yunknown';
$response->message = "Sorry, we don't have a user for {$email}";
$_SESSION['serendipityAuthedUser'] = false;
@session_destroy();
}
}
$result = json_encode($response);
}
echo $result;
}
function serveEntry($matches)
{
global $serendipity;
$serendipity['view'] = 'entry';
$uri = $_SERVER['REQUEST_URI'];
if (isset($serendipity['GET']['id'])) {
$matches[1] = (int) $serendipity['GET']['id'];
} elseif (isset($_GET['p'])) {
$matches[1] = $_GET['p'];
} else {
$matches[1] = serendipity_searchPermalink($serendipity['permalinkStructure'], $uri, !empty($matches[2]) ? $matches[2] : $matches[1], 'entry');
}
serendipity_rememberComment();
if (!empty($serendipity['POST']['submit']) && !isset($_REQUEST['serendipity']['csuccess'])) {
$comment['url'] = $serendipity['POST']['url'];
$comment['comment'] = trim($serendipity['POST']['comment']);
$comment['name'] = $serendipity['POST']['name'];
$comment['email'] = $serendipity['POST']['email'];
$comment['subscribe'] = $serendipity['POST']['subscribe'];
$comment['parent_id'] = $serendipity['POST']['replyTo'];
if (!empty($comment['comment'])) {
if (serendipity_saveComment($serendipity['POST']['entry_id'], $comment, 'NORMAL')) {
$sc_url = ($_SERVER['HTTPS'] == 'on' ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] . (strstr($_SERVER['REQUEST_URI'], '?') ? '&' : '?') . 'serendipity[csuccess]=' . (isset($serendipity['csuccess']) ? $serendipity['csuccess'] : 'true');
if (serendipity_isResponseClean($sc_url)) {
header('Status: 302 Found');
header('Location: ' . $sc_url);
}
exit;
} else {
$serendipity['messagestack']['comments'][] = COMMENT_NOT_ADDED;
}
} else {
$serendipity['messagestack']['comments'][] = sprintf(EMPTY_COMMENT, '', '');
}
}
$id = (int) $matches[1];
if ($id === 0) {
$id = false;
}
$_GET['serendipity']['action'] = 'read';
$_GET['serendipity']['id'] = $id;
$title = serendipity_db_query("SELECT title FROM {$serendipity['dbPrefix']}entries WHERE id={$id} AND isdraft = 'false' " . (!serendipity_db_bool($serendipity['showFutureEntries']) ? " AND timestamp <= " . serendipity_db_time() : ''), true);
if (is_array($title)) {
$serendipity['head_title'] = serendipity_specialchars($title[0]);
$serendipity['head_subtitle'] = serendipity_specialchars($serendipity['blogTitle']);
} else {
$serendipity['view'] = '404';
$serendipity['viewtype'] = '404_1';
header('HTTP/1.0 404 Not found');
header('Status: 404 Not found');
}
include S9Y_INCLUDE_PATH . 'include/genpage.inc.php';
}
/**
* Prepares a Serendipty query input to fully valid SQL. Replaces certain "template" variables.
*
* @access public
* @param string SQL query with template variables to convert
* @return ressource SQL ressource handle of the executed query
*/
function serendipity_db_schema_import($query)
{
static $search = array('{AUTOINCREMENT}', '{PRIMARY}', '{UNSIGNED}', '{FULLTEXT}', '{BOOLEAN}', '{UTF_8}', '{TEXT}');
static $replace = array('INTEGER', 'PRIMARY KEY', '', '', 'BOOLEAN NOT NULL', '', 'LONGTEXT');
if (stristr($query, '{FULLTEXT_MYSQL}')) {
return true;
}
$query = trim(str_replace($search, $replace, $query));
if ($query[0] == '@') {
// Errors are expected to happen (like duplicate index creation)
return serendipity_db_query(substr($query, 1), false, 'both', false, false, false, true);
} else {
return serendipity_db_query($query);
}
}
$data['updateCheck'] = $serendipity['updateCheck'];
$data['curVersion'] = serendipity_getCurrentVersion();
$data['update'] = version_compare($data['usedVersion'], $data['curVersion'], '<');
serendipity_plugin_api::hook_event('plugin_dashboard_updater', $output, $data['curVersion']);
$data['updateButton'] = $output;
// Can be set through serendipity_config_local.inc.php
if (!isset($serendipity['dashboardCommentsLimit'])) {
$serendipity['dashboardCommentsLimit'] = 5;
}
if (!isset($serendipity['dashboardLimit'])) {
$serendipity['dashboardLimit'] = 5;
}
if (!isset($serendipity['dashboardDraftLimit'])) {
$serendipity['dashboardDraftLimit'] = 5;
}
$comments = serendipity_db_query("SELECT c.*, e.title FROM {$serendipity['dbPrefix']}comments c\n LEFT JOIN {$serendipity['dbPrefix']}entries e ON (e.id = c.entry_id)\n ORDER BY c.id DESC LIMIT " . (int) $serendipity['dashboardCommentsLimit']);
if (is_array($comments) && count($comments) > 0) {
foreach ($comments as &$comment) {
$comment['entrylink'] = serendipity_archiveURL($comment['entry_id'], 'comments', 'serendipityHTTPPath', true) . '#c' . $comment['id'];
$comment['fullBody'] = $comment['body'];
$comment['summary'] = serendipity_mb('substr', $comment['body'], 0, 100);
if (strlen($comment['fullBody']) > strlen($comment['summary'])) {
$comment['excerpt'] = true;
// When summary is not the full body, strip HTML tags from summary, as it might break and leave unclosed HTML.
$comment['fullBody'] = nl2br(serendipity_specialchars($comment['fullBody']));
$comment['summary'] = nl2br(strip_tags($comment['summary']));
}
}
}
$data['comments'] = $comments;
$entries = serendipity_fetchEntries(false, false, (int) $serendipity['dashboardLimit'], true, false, 'timestamp DESC', 'e.timestamp >= ' . serendipity_serverOffsetHour());