function do_postchecks() { global $context, $txt, $settings, $boarddir, $smcFunc, $sourcedir; // If we have any setting changes add them to this array $updateArray = array(); // which screen do we come frm? if (!empty($_POST['tpadmin_form'])) { // get it $from = $_POST['tpadmin_form']; //news if ($from == 'news') { return 'news'; } elseif ($from == 'blockoverview') { checkSession('post'); isAllowedTo('tp_blocks'); $block = array(); foreach ($_POST as $what => $value) { if (substr($what, 5, 7) == 'tpblock') { // get the id $bid = substr($what, 12); if (!isset($block[$bid])) { $block[$bid] = array(); } if ($value != 'control' && !in_array($value, $block[$bid])) { $block[$bid][] = $value; } } } foreach ($block as $bl => $blo) { $request = $smcFunc['db_query']('', ' SELECT access FROM {db_prefix}tp_blocks WHERE id = {int:blockid}', array('blockid' => $bl)); if ($smcFunc['db_num_rows']($request) > 0) { $row = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); $request = $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET access = {string:access} WHERE id = {int:blockid}', array('access' => implode(',', $blo), 'blockid' => $bl)); } } return 'blocks;overview'; } elseif (in_array($from, array('settings', 'frontpage', 'artsettings', 'panels'))) { checkSession('post'); isAllowedTo('tp_settings'); $w = array(); $ssi = array(); foreach ($_POST as $what => $value) { if (substr($what, 0, 3) == 'tp_') { $where = substr($what, 3); $clean = $value; // for frontpage, do some extra if ($from == 'frontpage') { if (substr($what, 0, 20) == 'tp_frontpage_visual_') { $w[] = substr($what, 20); unset($clean); } elseif (substr($what, 0, 21) == 'tp_frontpage_usorting') { $w[] = 'sort_' . $value; unset($clean); } elseif (substr($what, 0, 26) == 'tp_frontpage_sorting_order') { $w[] = 'sortorder_' . $value; unset($clean); } elseif (substr($what, 0, 11) == 'tp_ssiboard') { if ($value != 0) { $ssi[$value] = $value; } } } if ($from == 'settings' && $what == 'tp_frontpage_title') { $updateArray['frontpage_title'] = $clean; } else { if (isset($clean)) { $updateArray[$where] = $clean; } } } } // check the frontpage visual setting.. if ($from == 'frontpage') { $updateArray['frontpage_visual'] = implode(',', $w); $updateArray['SSI_board'] = implode(',', $ssi); } updateTPSettings($updateArray); return $from; } elseif ($from == 'categories') { checkSession('post'); isAllowedTo('tp_articles'); foreach ($_POST as $what => $value) { if (substr($what, 0, 3) == 'tp_') { // for frontpage, do some extra if ($from == 'categories') { if (substr($what, 0, 19) == 'tp_category_value2_') { $where = tp_sanitize(substr($what, 19)); //make sure parent are not its own parent $request = $smcFunc['db_query']('', ' SELECT value2 FROM {db_prefix}tp_variables WHERE id = {string:varid} LIMIT 1', array('varid' => $value)); $row = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); if ($row['value2'] == $where) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value2 = {string:val2} WHERE id = {string:varid} LIMIT 1', array('val2' => '0', 'varid' => $value)); } $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value2 = {string:val2} WHERE id = {string:varid} LIMIT 1', array('val2' => $value, 'varid' => $where)); } } } } return $from; } elseif ($from == 'articles') { checkSession('post'); isAllowedTo('tp_articles'); foreach ($_POST as $what => $value) { if (substr($what, 0, 14) == 'tp_article_pos') { $where = tp_sanitize(substr($what, 14)); $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET parse = {int:parse} WHERE id = {int:artid} LIMIT 1', array('parse' => $value, 'artid' => $where)); } } if (isset($_POST['tpadmin_form_category']) && is_numeric($_POST['tpadmin_form_category'])) { return $from . ';cu=' . $_POST['tpadmin_form_category']; } else { return $from; } } elseif ($from == 'modules') { checkSession('post'); isAllowedTo('tp_settings'); foreach ($_POST as $what => $value) { if ($what == 'tp_show_download') { $updateArray['show_download'] = $value; } elseif (substr($what, 0, 14) == 'tpmodule_state') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_modules SET active = {int:active} WHERE id = {int:modid}', array('active' => $value, 'modid' => substr($what, 14))); } } updateTPSettings($updateArray); return $from; } elseif ($from == 'menuitems') { checkSession('post'); isAllowedTo('tp_blocks'); $all = explode(',', $context['TPortal']['sitemap_items']); foreach ($_POST as $what => $value) { if (substr($what, 0, 8) == 'menu_pos') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET subtype = {string:subtype} WHERE id = {int:varid}', array('subtype' => tp_sanitize($value), 'varid' => substr($what, 8))); } elseif (substr($what, 0, 8) == 'menu_sub') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value4 = {string:val4} WHERE id = {int:varid}', array('val4' => tp_sanitize($value), 'varid' => substr($what, 8))); } elseif (substr($what, 0, 15) == 'tp_menu_sitemap') { $new = substr($what, 15); if ($value == 0 && in_array($new, $all)) { foreach ($all as $key => $value) { if ($all[$key] == $new) { unset($all[$key]); } } } elseif ($value == 1 && !in_array($new, $all)) { $all[] = $new; } $updateArray['sitemap_items'] = implode(',', $all); } } updateTPSettings($updateArray); redirectexit('action=tpadmin;sa=menubox;mid=' . $_POST['tp_menuid']); } elseif ($from == 'menus') { checkSession('post'); isAllowedTo('tp_blocks'); foreach ($_POST as $what => $value) { if (substr($what, 0, 12) == 'tp_menu_name') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value1 = {string:val1} WHERE id = {int:varid}', array('val1' => tp_sanitize($value), 'varid' => substr($what, 12))); } } redirectexit('action=tpadmin;sa=menubox'); } elseif ($from == 'singlemenuedit') { checkSession('post'); isAllowedTo('tp_blocks'); $where = isset($_POST['tpadmin_form_id']) ? $_POST['tpadmin_form_id'] : 0; foreach ($_POST as $what => $value) { if ($what == 'tp_menu_name') { // make sure special charachters can't be done $value = preg_replace('~&#\\d+$~', '', $value); $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value1 = {string:val1} WHERE id = {int:varid}', array('val1' => $value, 'varid' => $where)); } elseif ($what == 'tp_menu_newlink') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value2 = {string:var2} WHERE id = {int:varid}', array('var2' => $value, 'varid' => $where)); } elseif ($what == 'tp_menu_menuid') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET subtype2 = {int:subtype2} WHERE id = {int:varid}', array('subtype2' => $value, 'varid' => $where)); } elseif ($what == 'tp_menu_type') { if ($value == 'cats') { $idtype = 'cats' . $_POST['tp_menu_category']; } elseif ($value == 'arti') { $idtype = 'arti' . $_POST['tp_menu_article']; } elseif ($value == 'link') { $idtype = $_POST['tp_menu_link']; } elseif ($value == 'head') { $idtype = 'head'; } elseif ($value == 'spac') { $idtype = 'spac'; } $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value3 = {string:val3} WHERE id = {int:varid}', array('val3' => $idtype, 'varid' => $where)); } elseif ($what == 'tp_menu_sub') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value4 = {string:val4} WHERE id = {int:varid}', array('val4' => $value, 'varid' => $where)); } elseif (substr($what, 0, 15) == 'tp_menu_newlink') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value2 = WHERE id = {int:varid}', array('val2' => $value, 'varid' => $where)); } } redirectexit('action=tpadmin;linkedit=' . $where . ';' . $context['session_var'] . '=' . $context['session_id']); } elseif ($from == 'addcategory') { checkSession('post'); isAllowedTo('tp_articles'); $name = !empty($_POST['tp_cat_name']) ? $_POST['tp_cat_name'] : $txt['tp-noname']; $parent = !empty($_POST['tp_cat_parent']) ? $_POST['tp_cat_parent'] : '0'; $smcFunc['db_insert']('INSERT', '{db_prefix}tp_variables', array('value1' => 'string', 'value2' => 'string', 'value3' => 'string', 'type' => 'string', 'value4' => 'string', 'value5' => 'int', 'subtype' => 'string', 'value7' => 'string', 'value8' => 'string', 'subtype2' => 'int'), array(strip_tags($name), $parent, '', 'category', '', 0, '', 'catlayout=1|layout=1', 0, 0), array('id')); $go = $smcFunc['db_insert_id']('{db_prefix}tp_variables', 'id'); redirectexit('action=tpadmin;sa=categories;cu=' . $go); } elseif ($from == 'clist') { checkSession('post'); isAllowedTo('tp_articles'); $cats = array(); foreach ($_POST as $what => $value) { if (substr($what, 0, 8) == 'tp_clist') { $cats[] = $value; } } if (sizeof($cats) > 0) { $catnames = implode(',', $cats); } else { $catnames = ''; } $updateArray['cat_list'] = $catnames; updateTPSettings($updateArray); return $from; } elseif ($from == 'editcategory') { checkSession('post'); isAllowedTo('tp_articles'); $options = array(); $groups = array(); $where = $_POST['tpadmin_form_id']; foreach ($_POST as $what => $value) { if (substr($what, 0, 3) == 'tp_') { $clean = tp_sanitize($value); $param = substr($what, 12); if (in_array($param, array('value5', 'value6', 'value8'))) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET ' . $param . ' = {string:val} WHERE id = {int:varid} LIMIT 1', array('val' => $value, 'varid' => $where)); } elseif ($param == 'value2') { //make sure parent are not its own parent $request = $smcFunc['db_query']('', ' SELECT value2 FROM {db_prefix}tp_variables WHERE id = {int:varid} LIMIT 1', array('varid' => $value)); $row = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); if ($row['value2'] == $where) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value2 = {string:val2} WHERE id = {int:varid} LIMIT 1', array('val2' => '0', 'varid' => $value)); } $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value2 = {string:val2} WHERE id = {int:varid} LIMIT 1', array('val2' => $value, 'varid' => $where)); } elseif ($param == 'value1') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value1 = {string:val1} WHERE id = {int:varid} LIMIT 1', array('val1' => strip_tags($value), 'varid' => $where)); } elseif ($param == 'value4') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value4 = {string:val4} WHERE id = {int:varid} LIMIT 1', array('val4' => $value, 'varid' => $where)); } elseif ($param == 'value9') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value9 = {string:val9} WHERE id = {int:varid} LIMIT 1', array('val9' => $value, 'varid' => $where)); } elseif (substr($param, 0, 6) == 'group_') { $groups[] = substr($param, 6); } else { $options[] = $param . '=' . $value; } } } $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value3 = {string:val3}, value7 = {string:val7} WHERE id = {int:varid} LIMIT 1', array('val3' => implode(',', $groups), 'val7' => implode('|', $options), 'varid' => $where)); $from = 'categories;cu=' . $where; return $from; } elseif ($from == 'strays') { checkSession('post'); isAllowedTo('tp_articles'); $ccats = array(); // check if we have some values foreach ($_POST as $what => $value) { if (substr($what, 0, 16) == 'tp_article_stray') { $ccats[] = substr($what, 16); } elseif ($what == 'tp_article_cat') { $straycat = $value; } elseif ($what == 'tp_article_new') { $straynewcat = $value; } } // update if (isset($straycat) && sizeof($ccats) > 0) { $category = $straycat; if ($category == 0 && !empty($straynewcat)) { $request = $smcFunc['db_insert']('INSERT', '{db_prefix}tp_variables', array('value1' => 'string', 'value2' => 'string', 'type' => 'string'), array(strip_tags($straynewcat), '0', 'category'), array('id')); $newcategory = $smcFunc['db_insert_id']('{db_prefix}tp_variables', 'id'); $smcFunc['db_free_result']($request); } $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET category = {int:cat} WHERE id IN ({array_int:artid})', array('cat' => !empty($newcategory) ? $newcategory : $category, 'artid' => $ccats)); } return $from; } elseif ($from == 'articons') { checkSession('post'); isAllowedTo('tp_articles'); // any icons sent? if (file_exists($_FILES['tp_article_newicon']['tmp_name'])) { TPuploadpicture('tp_article_newicon', '', '300', 'jpg,gif,png', 'tp-files/tp-articles/icons'); } if (file_exists($_FILES['tp_article_newillustration']['tmp_name'])) { $name = TPuploadpicture('tp_article_newillustration', '', '500', 'jpg,gif,png', 'tp-files/tp-articles/illustrations'); tp_createthumb('tp-files/tp-articles/illustrations/' . $name, 128, 128, 'tp-files/tp-articles/illustrations/s_' . $name); unlink('tp-files/tp-articles/illustrations/' . $name); } // how about deleted? foreach ($_POST as $what => $value) { if (substr($what, 0, 7) == 'articon') { unlink($boarddir . '/tp-files/tp-articles/icons/' . $value); } elseif (substr($what, 0, 15) == 'artillustration') { unlink($boarddir . '/tp-files/tp-articles/illustrations/' . $value); } } return $from; } elseif ($from == 'menuadd') { checkSession('post'); isAllowedTo('tp_blocks'); if (!empty($_POST['tp_menu_title'])) { $mtitle = strip_tags($_POST['tp_menu_title']); $smcFunc['db_insert']('INSERT', '{db_prefix}tp_variables', array('value1' => 'string', 'type' => 'string'), array($mtitle, 'menus'), array('id')); redirectexit('action=tpadmin;sa=menubox'); } } elseif ($from == 'menuaddsingle') { checkSession('post'); isAllowedTo('tp_blocks'); $mid = $_POST['tp_menu_menuid']; $mtitle = strip_tags($_POST['tp_menu_title']); if ($mtitle == '') { $mtitle = $txt['tp-no_title']; } $mtype = $_POST['tp_menu_type']; $mcat = isset($_POST['tp_menu_category']) ? $_POST['tp_menu_category'] : ''; $mart = isset($_POST['tp_menu_article']) ? $_POST['tp_menu_article'] : ''; $mlink = isset($_POST['tp_menu_link']) ? $_POST['tp_menu_link'] : ''; $mhead = isset($_POST['tp_menu_head']) ? $_POST['tp_menu_head'] : ''; $mnewlink = isset($_POST['tp_menu_newlink']) ? $_POST['tp_menu_newlink'] : '0'; if ($mtype == 'cats') { $mtype = 'cats' . $mcat; } elseif ($mtype == 'arti') { $mtype = 'arti' . $mart; } elseif ($mtype == 'head') { $mtype = 'head' . $mhead; } elseif ($mtype == 'spac') { $mtype = 'spac'; } else { $mtype = $mlink; } $msub = $_POST['tp_menu_sub']; $smcFunc['db_insert']('INSERT', '{db_prefix}tp_variables', array('value1' => 'string', 'value2' => 'string', 'value3' => 'string', 'type' => 'string', 'value4' => 'string', 'value5' => 'int', 'subtype2' => 'int'), array($mtitle, $mnewlink, $mtype, 'menubox', $msub, -1, $mid), array('id')); redirectexit('action=tpadmin;sa=menubox;mid=' . $mid); } elseif ($from == 'submission') { checkSession('post'); isAllowedTo('tp_articles'); $ccats = array(); // check if we have some values foreach ($_POST as $what => $value) { if (substr($what, 0, 21) == 'tp_article_submission') { $ccats[] = substr($what, 21); } elseif ($what == 'tp_article_cat') { $straycat = $value; } elseif ($what == 'tp_article_new') { $straynewcat = $value; } } // update if (isset($straycat) && sizeof($ccats) > 0) { $category = $straycat; if ($category == 0 && !empty($straynewcat)) { $request = $smcFunc['db_insert']('INSERT', '{db_prefix}tp_variables', array('value1' => 'string', 'value2' => 'string', 'type' => 'string'), array($straynewcat, '0', 'category'), array('id')); $newcategory = $smcFunc['db_insert_id']('{db_prefix}tp_variables', 'id'); $smcFunc['db_free_result']($request); } $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET approved = {int:approved}, category = {int:cat} WHERE id IN ({array_int:artid})', array('approved' => 1, 'cat' => !empty($newcategory) ? $newcategory : $category, 'artid' => $ccats)); $smcFunc['db_query']('', ' DELETE FROM {db_prefix}tp_variables WHERE type = {string:type} AND value5 IN ({array_int:val5})', array('type' => 'art_not_approved', 'val5' => $ccats)); } return $from; } elseif ($from == 'blocks') { checkSession('post'); isAllowedTo('tp_blocks'); foreach ($_POST as $what => $value) { if (substr($what, 0, 3) == 'pos') { $where = substr($what, 3); if (is_numeric($where)) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET pos = {int:pos} WHERE id = {int:blockid}', array('pos' => $value, 'blockid' => $where)); } } elseif (substr($what, 0, 6) == 'addpos') { $where = substr($what, 6); if (is_numeric($where)) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET pos = (pos + 11) WHERE id = {int:blockid}', array('blockid' => $where)); } } elseif (substr($what, 0, 6) == 'subpos') { $where = substr($what, 6); if (is_numeric($where)) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET pos = (pos - 11) WHERE id = {int:blockid}', array('blockid' => $where)); } } elseif (substr($what, 0, 4) == 'type') { $where = substr($what, 4); $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET type = {int:type} WHERE id = {int:blockid}', array('type' => $value, 'blockid' => $where)); } elseif (substr($what, 0, 5) == 'title') { $where = strip_tags(substr($what, 5)); $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET title = {string:title} WHERE id = {int:blockid}', array('title' => $value, 'blockid' => $where)); } elseif (substr($what, 0, 9) == 'blockbody') { $where = tp_sanitize(substr($what, 9)); $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET body = {string:body} WHERE id = {int:blockid}', array('body' => $value, 'blockid' => $where)); } } redirectexit('action=tpadmin;sa=blocks'); } elseif ($from == 'addblock') { checkSession('post'); isAllowedTo('tp_blocks'); $title = empty($_POST['tp_addblocktitle']) ? '-no title-' : $_POST['tp_addblocktitle']; $panel = $_POST['tp_addblockpanel']; $type = $_POST['tp_addblock']; if (!is_numeric($type)) { if (substr($type, 0, 3) == 'mb_') { $request = $smcFunc['db_query']('', ' SELECT * FROM {db_prefix}tp_blocks WHERE id = {int:blockid}', array('blockid' => substr($type, 3))); if ($smcFunc['db_num_rows']($request) > 0) { $cp = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); } } else { $od = TPparseModfile(file_get_contents($boarddir . '/tp-files/tp-blockcodes/' . $type . '.blockcode'), array('code')); } } if (isset($od['code'])) { $body = tp_convertphp($od['code']); $type = 10; } else { $body = ''; } if (isset($cp)) { $smcFunc['db_insert']('INSERT', '{db_prefix}tp_blocks', array('type' => 'int', 'frame' => 'string', 'title' => 'string', 'body' => 'string', 'access' => 'string', 'bar' => 'int', 'pos' => 'int', 'off' => 'int', 'visible' => 'string', 'var1' => 'int', 'var2' => 'int', 'lang' => 'string', 'access2' => 'string', 'editgroups' => 'string'), array($cp['type'], $cp['frame'], $title, $cp['body'], $cp['access'], $panel, 0, 1, 1, $cp['var1'], $cp['var2'], $cp['lang'], $cp['access2'], $cp['editgroups']), array('id')); } else { $smcFunc['db_insert']('INSERT', '{db_prefix}tp_blocks', array('type' => 'int', 'frame' => 'string', 'title' => 'string', 'body' => 'string', 'access' => 'string', 'bar' => 'int', 'pos' => 'int', 'off' => 'int', 'visible' => 'string', 'var1' => 'int', 'var2' => 'int', 'lang' => 'string', 'access2' => 'string', 'editgroups' => 'string'), array($type, 'theme', $title, $body, '-1,0,1', $panel, 0, 1, 1, 0, 0, '', 'actio=allpages', ''), array('id')); } $where = $smcFunc['db_insert_id']('{db_prefix}tp_blocks', 'id'); if (!empty($where)) { redirectexit('action=tpadmin;blockedit=' . $where . ';sesc=' . $context['session_id']); } else { redirectexit('action=tpadmin;sa=blocks'); } } elseif ($from == 'blockedit') { checkSession('post'); isAllowedTo('tp_blocks'); $where = is_numeric($_POST['tpadmin_form_id']) ? $_POST['tpadmin_form_id'] : 0; $tpgroups = array(); $editgroups = array(); $access = array(); $lang = array(); foreach ($_POST as $what => $value) { if (substr($what, 0, 9) == 'tp_block_') { $setting = substr($what, 9); if ($setting == 'body') { // If we came from WYSIWYG then turn it back into BBC regardless. if (!empty($_REQUEST['tp_block_body_mode']) && isset($_REQUEST['tp_block_body'])) { require_once $sourcedir . '/Subs-Editor.php'; $_REQUEST['tp_block_body'] = html_to_bbc($_REQUEST['tp_block_body']); // We need to unhtml it now as it gets done shortly. $_REQUEST['tp_block_body'] = un_htmlspecialchars($_REQUEST['tp_block_body']); // We need this for everything else. $value = $_POST['tp_block_body'] = $_REQUEST['tp_block_body']; } // PHP block? if ($_POST['tp_block_type'] == 10) { $value = tp_convertphp($value); } $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET ' . $setting . ' = {string:value} WHERE id = {int:blockid}', array('value' => $value, 'blockid' => $where)); } elseif ($setting == 'title') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET title = {string:title} WHERE id = {int:blockid}', array('title' => $value, 'blockid' => $where)); } elseif ($setting == 'body_mode' || $setting == 'body_choice' || $setting == 'body_pure') { $go = ''; } elseif ($setting == 'frame') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET frame = {string:val} WHERE id = {int:blockid}', array('val' => $value, 'blockid' => $where)); } else { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET ' . $setting . ' = {raw:val} WHERE id = {int:blockid}', array('val' => $value, 'blockid' => $where)); } } elseif (substr($what, 0, 8) == 'tp_group') { $tpgroups[] = substr($what, 8); } elseif (substr($what, 0, 12) == 'tp_editgroup') { $editgroups[] = substr($what, 12); } elseif (substr($what, 0, 10) == 'actiontype') { $access[] = 'actio=' . $value; } elseif (substr($what, 0, 9) == 'boardtype') { $access[] = 'board=' . $value; } elseif (substr($what, 0, 11) == 'articletype') { $access[] = 'tpage=' . $value; } elseif (substr($what, 0, 12) == 'categorytype') { $access[] = 'tpcat=' . $value; } elseif (substr($what, 0, 8) == 'langtype') { $access[] = 'tlang=' . $value; } elseif (substr($what, 0, 9) == 'dlcattype') { $access[] = 'dlcat=' . $value; } elseif (substr($what, 0, 9) == 'tpmodtype') { $access[] = 'tpmod=' . $value; } elseif (substr($what, 0, 9) == 'custotype' && !empty($value)) { $items = explode(',', $value); foreach ($items as $iti => $it) { $access[] = 'actio=' . $it; } } elseif (substr($what, 0, 8) == 'tp_lang_') { if (substr($what, 8) != '') { $lang[] = substr($what, 8) . '|' . $value; } } elseif (substr($what, 0, 18) == 'tp_userbox_options') { if (!isset($userbox)) { $userbox = array(); } $userbox[] = $value; } elseif (substr($what, 0, 8) == 'tp_theme') { $theme = substr($what, 8); if (!isset($themebox)) { $themebox = array(); } // get the path too if (isset($_POST['tp_path' . $theme])) { $tpath = $_POST['tp_path' . $theme]; } else { $tpath = ''; } $themebox[] = $theme . '|' . $value . '|' . $tpath; } } // construct the access++ $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET access2 = {string:acc2}, access = {string:acc}, lang = {string:lang}, editgroups = {string:editgrp} WHERE id = {int:blockid}', array('acc2' => implode(',', $access), 'acc' => implode(',', $tpgroups), 'lang' => implode('|', $lang), 'editgrp' => implode(',', $editgroups), 'blockid' => $where)); if (isset($userbox)) { $updateArray['userbox_options'] = implode(',', $userbox); } if (isset($themebox)) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET body = {string:body} WHERE id = {int:blockid}', array('body' => implode(',', $themebox), 'blockid' => $where)); } // anything from PHP block? if (isset($_POST['blockcode_overwrite'])) { // get the blockcode $newval = TPparseModfile(file_get_contents($boarddir . '/tp-files/tp-blockcodes/' . $_POST['tp_blockcode'] . '.blockcode'), array('code')); $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_blocks SET body = {string:body} WHERE id = {int:blockid}', array('body' => $newval['code'], 'blockid' => $where)); } // check if uploadad picture if (isset($_FILES['qup_blockbody']) && file_exists($_FILES['qup_blockbody']['tmp_name'])) { $name = TPuploadpicture('qup_blockbody', $context['user']['id'] . 'uid'); tp_createthumb('tp-images/' . $name, 50, 50, 'tp-images/thumbs/thumb_' . $name); } updateTPSettings($updateArray); redirectexit('action=tpadmin;blockedit=' . $where . ';' . $context['session_var'] . '=' . $context['session_id']); } elseif (substr($from, 0, 11) == 'editarticle') { checkSession('post'); isAllowedTo('tp_articles'); $new = false; $where = substr($from, 11); if (empty($where)) { // we need to create one first $smcFunc['db_insert']('INSERT', '{db_prefix}tp_articles', array('date' => 'int'), array(time()), array('id')); $where = $smcFunc['db_insert_id']('{db_prefix}tp_articles', 'id'); $new = true; $from = 'editarticle' . $where; } // check if uploads are there if (file_exists($_FILES['tp_article_illupload']['tmp_name'])) { $name = TPuploadpicture('tp_article_illupload', '', '180', 'jpg,gif,png', 'tp-files/tp-articles/illustrations'); tp_createthumb('tp-files/tp-articles/illustrations/' . $name, 128, 128, 'tp-files/tp-articles/illustrations/s_' . $name); $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET illustration = {string:ill} WHERE id = {int:artid} LIMIT 1', array('ill' => 's_' . $name, 'artid' => $where)); } // check if uploadad picture if (isset($_FILES['qup_tp_article_body']) && file_exists($_FILES['qup_tp_article_body']['tmp_name'])) { $name = TPuploadpicture('qup_tp_article_body', $context['user']['id'] . 'uid'); tp_createthumb('tp-images/' . $name, 50, 50, 'tp-images/thumbs/thumb_' . $name); } $options = array(); foreach ($_POST as $what => $value) { if (substr($what, 0, 11) == 'tp_article_' && !empty($where)) { $setting = substr($what, 11); if ($setting == 'authorid') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET author_id = {int:auth} WHERE id = {int:artid} LIMIT 1', array('auth' => $value, 'artid' => $where)); } elseif ($setting == 'idtheme') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET id_theme = {int:id_theme} WHERE id = {int:artid} LIMIT 1', array('id_theme' => $value, 'artid' => $where)); } elseif ($setting == 'subject') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET subject = {string:subject} WHERE id = {int:artid} LIMIT 1', array('subject' => $value, 'artid' => $where)); } elseif ($setting == 'shortname') { $value = htmlspecialchars(str_replace(' ', '-', $value), ENT_QUOTES); $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET shortname = {string:shortname} WHERE id = {int:artid} LIMIT 1', array('shortname' => $value, 'artid' => $where)); } elseif ($setting == 'category') { // for the event, get the allowed $request = $smcFunc['db_query']('', ' SELECT value3 FROM {db_prefix}tp_variables WHERE id = {int:varid} LIMIT 1', array('varid' => $value)); if ($smcFunc['db_num_rows']($request) > 0) { $row = $smcFunc['db_fetch_assoc']($request); $allowed = $row['value3']; $smcFunc['db_free_result']($request); } $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET category = {int:cat} WHERE id = {int:artid} LIMIT 1', array('cat' => $value, 'artid' => $where)); } elseif (in_array($setting, array('body', 'intro'))) { // If we came from WYSIWYG then turn it back into BBC regardless. if (!empty($_REQUEST['tp_article_body_mode']) && isset($_REQUEST['tp_article_body'])) { require_once $sourcedir . '/Subs-Editor.php'; $_REQUEST['tp_article_body'] = html_to_bbc($_REQUEST['tp_article_body']); // We need to unhtml it now as it gets done shortly. $_REQUEST['tp_article_body'] = un_htmlspecialchars($_REQUEST['tp_article_body']); // We need this for everything else. if ($setting == 'body') { $value = $_POST['tp_article_body'] = $_REQUEST['tp_article_body']; } elseif ($settings == 'intro') { $value = $_POST['tp_article_intro'] = $_REQUEST['tp_article_intro']; } } // in case of HTML article we need to check it if (isset($_POST['tp_article_body_pure']) && isset($_POST['tp_article_body_choice'])) { if ($_POST['tp_article_body_choice'] == 0) { if ($setting == 'body') { $value = $_POST['tp_article_body_pure']; } elseif ($setting == 'intro') { $value = $_POST['tp_article_intro']; } } // save the choice too $request = $smcFunc['db_query']('', ' SELECT id FROM {db_prefix}tp_variables WHERE subtype2 = {int:sub2} AND type = {string:type} LIMIT 1', array('sub2' => $where, 'type' => 'editorchoice')); if ($smcFunc['db_num_rows']($request) > 0) { $row = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value1 = {string:val1} WHERE subtype2 = {int:sub2} AND type = {string:type}', array('val1' => $_POST['tp_article_body_choice'], 'sub2' => $where, 'type' => 'editorchoice')); } else { $smcFunc['db_insert']('INSERT', '{db_prefix}tp_variables', array('value1' => 'string', 'type' => 'string', 'subtype2' => 'int'), array($_POST['tp_article_body_choice'], 'editorchoice', $where), array('id')); } } $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET ' . $setting . ' = {string:val} WHERE id = {int:artid} LIMIT 1', array('val' => $value, 'artid' => $where)); } elseif (in_array($setting, array('day', 'month', 'year', 'minute', 'hour', 'timestamp'))) { $timestamp = mktime($_POST['tp_article_hour'], $_POST['tp_article_minute'], 0, $_POST['tp_article_month'], $_POST['tp_article_day'], $_POST['tp_article_year']); if (!isset($savedtime)) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET date = {int:date} WHERE id = {int:artid} LIMIT 1', array('date' => $timestamp, 'artid' => $where)); } $savedtime = 1; } elseif (in_array($setting, array('pubstartday', 'pubstartmonth', 'pubstartyear', 'pubstartminute', 'pubstarthour', 'pub_start'))) { // are all zero? then skip if (empty($_POST['tp_article_pubstarthour']) && empty($_POST['tp_article_pubstartminute']) && empty($_POST['tp_article_pubstartmonth']) && empty($_POST['tp_article_pubstartday']) && empty($_POST['tp_article_pubstartyear'])) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET pub_start = {int:start} WHERE id = {int:artid} LIMIT 1', array('start' => 0, 'artid' => $where)); } else { $timestamp = mktime($_POST['tp_article_pubstarthour'], $_POST['tp_article_pubstartminute'], 0, $_POST['tp_article_pubstartmonth'], $_POST['tp_article_pubstartday'], $_POST['tp_article_pubstartyear']); } if (!isset($pubstart)) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET pub_start = {int:start} WHERE id = {int:artid} LIMIT 1', array('start' => $timestamp, 'artid' => $where)); } $pubstart = 1; } elseif (in_array($setting, array('pubendday', 'pubendmonth', 'pubendyear', 'pubendminute', 'pubendhour', 'pub_start'))) { // are all zero? then skip if (empty($_POST['tp_article_pubendhour']) && empty($_POST['tp_article_pubendminute']) && empty($_POST['tp_article_pubendmonth']) && empty($_POST['tp_article_pubendday']) && empty($_POST['tp_article_pubendyear'])) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET pub_end = {int:end} WHERE id = {int:artid} LIMIT 1', array('end' => 0, 'artid' => $where)); } else { $timestamp = mktime($_POST['tp_article_pubendhour'], $_POST['tp_article_pubendminute'], 0, $_POST['tp_article_pubendmonth'], $_POST['tp_article_pubendday'], $_POST['tp_article_pubendyear']); } if (!isset($pubend)) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET pub_end = {int:end} WHERE id = {int:artid} LIMIT 1', array('end' => $timestamp, 'artid' => $where)); } $pubend = 1; } elseif (substr($setting, 0, 8) == 'options_') { if (substr($setting, 0, 19) == 'options_lblockwidth' || substr($setting, 0, 19) == 'options_rblockwidth') { $options[] = substr($setting, 8) . $value; } else { $options[] = substr($setting, 8); } } elseif (in_array($setting, array('body_mode', 'intro_mode', 'illupload', 'body_pure', 'body_choice'))) { // ignore it continue; } elseif ($setting == 'approved') { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET approved = {int:approved} WHERE id = {int:artid} LIMIT 1', array('approved' => $value, 'artid' => $where)); if ($value == 1) { $smcFunc['db_query']('', ' DELETE FROM {db_prefix}tp_variables WHERE type = {string:type} AND value5 = {int:val5}', array('type' => 'art_not_approved', 'val5' => $where)); } elseif ($new) { $smcFunc['db_insert']('replace', '{db_prefix}tp_variables', array('type' => 'string', 'value5' => 'int'), array('art_not_approved', $where), array('id')); } } else { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET ' . $setting . ' = {string:val} WHERE id = {int:artid} LIMIT 1', array('val' => $value, 'artid' => $where)); } } } // if this was a new article if ($_POST['tp_article_approved'] == 1 && $_POST['tp_article_off'] == 0) { tp_recordevent($timestamp, $_POST['tp_article_authorid'], 'tp-createdarticle', 'page=' . $where, 'Creation of new article.', isset($allowed) ? $allowed : 0, $where); } $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET options = {string:opt} WHERE id = {int:artid} LIMIT 1', array('opt' => implode(',', $options), 'artid' => $where)); } } else { return; } }
function doTPcat() { //return if not quite a category if (isset($_GET['area']) && $_GET['area'] == 'manageboards' || isset($_GET['action'])) { return; } global $context, $scripturl, $txt, $modSettings, $smcFunc; $now = time(); // check validity and fetch it if (!empty($_GET['cat'])) { $cat = tp_sanitize($_GET['cat']); $catid = is_numeric($cat) ? 'id = {int:cat}' : 'value8 = {string:cat}'; // get the category first $request = $smcFunc['db_query']('', ' SELECT * FROM {db_prefix}tp_variables WHERE ' . $catid . ' LIMIT 1', array('cat' => is_numeric($cat) ? (int) $cat : $cat)); if ($smcFunc['db_num_rows']($request) > 0) { $category = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); // check permission if (get_perm($category['value3'])) { // get the sorting from the category $op = explode('|', $category['value7']); $options = array(); foreach ($op as $po => $val) { $a = explode('=', $val); if (isset($a[1])) { $options[$a[0]] = $a[1]; } } $catsort = isset($options['sort']) ? $options['sort'] : 'date'; if ($catsort == 'authorID') { $catsort = 'author_id'; } $catsort_order = isset($options['sortorder']) ? $options['sortorder'] : 'desc'; $max = empty($options['articlecount']) ? $context['TPortal']['frontpage_limit'] : $options['articlecount']; $start = $context['TPortal']['mystart']; // some swapping to avoid compability issues $options['catlayout'] = isset($options['catlayout']) ? $options['catlayout'] : 1; // make the template if ($options['catlayout'] == 7) { $context['TPortal']['frontpage_template'] = $category['value9']; } // allowed and all is well, go on with it. $context['TPortal']['category'] = $category; $context['TPortal']['category']['articles'] = array(); // copy over the options as well $context['TPortal']['category']['options'] = $options; // set bars on/off according to options, setting override $all = array('centerpanel', 'leftpanel', 'rightpanel', 'toppanel', 'bottompanel', 'lowerpanel'); for ($p = 0; $p < 5; $p++) { if (isset($options[$all[$p]]) && $context['TPortal'][$all[$p]] == 1) { $context['TPortal'][$all[$p]] = 1; } else { $context['TPortal'][$all[$p]] = 0; } } // fallback value if (!isset($context['TPortal']['category']['options']['catlayout'])) { $context['TPortal']['category']['options']['catlayout'] = 1; } $request = $smcFunc['db_query']('', ' SELECT art.id, IF(art.useintro > 0, art.intro, art.body) AS body, art.date, art.category, art.subject, art.author_id as authorID, art.frame, art.comments, art.options, art.comments_var, art.views, art.rating, art.voters, art.shortname, art.useintro, art.intro, art.fileimport, art.topic, art.illustration, IFNULL(art.type, "html") as rendertype ,IFNULL(art.type, "html") as type, IFNULL(mem.real_name, art.author) as realName, mem.avatar, mem.posts, mem.date_registered as dateRegistered,mem.last_login as lastLogin, IFNULL(a.id_attach, 0) AS ID_ATTACH, a.filename, a.attachment_type as attachmentType FROM {db_prefix}tp_articles AS art LEFT JOIN {db_prefix}members AS mem ON (art.author_id = mem.id_member) LEFT JOIN {db_prefix}attachments AS a ON (a.id_member = mem.id_member AND a.attachment_type != 3) WHERE art.category = {int:cat} AND ((art.pub_start = 0 AND art.pub_end = 0) OR (art.pub_start !=0 AND art.pub_start < ' . $now . ' AND art.pub_end = 0) OR (art.pub_start = 0 AND art.pub_end != 0 AND art.pub_end > ' . $now . ') OR (art.pub_start != 0 AND art.pub_end != 0 AND art.pub_end > ' . $now . ' AND art.pub_start < ' . $now . ')) AND art.off = 0 AND art.approved = 1 ORDER BY art.sticky desc, art.' . $catsort . ' ' . $catsort_order . ' LIMIT {int:start}, {int:max}', array('cat' => $category['id'], 'start' => $start, 'max' => $max)); if ($smcFunc['db_num_rows']($request) > 0) { $total = $smcFunc['db_num_rows']($request); $col1 = ceil($total / 2); $counter = 0; $context['TPortal']['category']['col1'] = array(); $context['TPortal']['category']['col2'] = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { // Add the rating together $row['rating'] = array_sum(explode(',', $row['rating'])); // expand the vislaoptions $row['visual_options'] = explode(',', $row['options']); $row['avatar'] = $row['avatar'] == '' ? $row['ID_ATTACH'] > 0 ? '<img src="' . (empty($row['attachmentType']) ? $scripturl . '?action=dlattach;attach=' . $row['ID_ATTACH'] . ';type=avatar' : $modSettings['custom_avatar_url'] . '/' . $row['filename']) . '" alt=" " />' : '' : (stristr($row['avatar'], 'http://') ? '<img src="' . $row['avatar'] . '" alt=" " />' : '<img src="' . $modSettings['avatar_url'] . '/' . $smcFunc['htmlspecialchars']($row['avatar'], ENT_QUOTES) . '" alt=" " />'); if ($counter == 0) { $context['TPortal']['category']['featured'] = $row; } elseif ($counter < $col1) { $context['TPortal']['category']['col1'][] = $row; } elseif ($counter > $col1 || $counter == $col1) { $context['TPortal']['category']['col2'][] = $row; } $counter++; } $smcFunc['db_free_result']($request); } // any children then? $allcats = array(); $context['TPortal']['category']['children'] = array(); $request = $smcFunc['db_query']('', ' SELECT cat.*, COUNT(art.id) as articlecount FROM ({db_prefix}tp_variables as cat) LEFT JOIN {db_prefix}tp_articles as art ON (art.category = cat.id) WHERE cat.type = {string:type} GROUP BY art.category', array('type' => 'category')); if ($smcFunc['db_num_rows']($request) > 0) { while ($row = $smcFunc['db_fetch_assoc']($request)) { // get any children if ($row['value2'] == $cat) { $context['TPortal']['category']['children'][] = $row; } $allcats[$row['id']] = $row; } $smcFunc['db_free_result']($request); } // get how many articles in all $request = $smcFunc['db_query']('', ' SELECT COUNT(*) FROM {db_prefix}tp_articles as art WHERE art.category = {int:cat} AND ((art.pub_start = 0 AND art.pub_end = 0) OR (art.pub_start != 0 AND art.pub_start < ' . $now . ' AND art.pub_end = 0) OR (art.pub_start = 0 AND art.pub_end != 0 AND art.pub_end > ' . $now . ') OR (art.pub_start !=0 AND art.pub_end != 0 AND art.pub_end > ' . $now . ' AND art.pub_start < ' . $now . ')) AND art.off = 0 AND art.approved = 1', array('cat' => $category['id'])); if ($smcFunc['db_num_rows']($request) > 0) { $row = $smcFunc['db_fetch_row']($request); $all_articles = $row[0]; } else { $all_articles = 0; } // make the pageindex! $context['TPortal']['pageindex'] = TPageIndex($scripturl . '?cat=' . $cat, $start, $all_articles, $max); // setup the linkree TPstrip_linktree(); // do the category have any parents? $parents = array(); $parent = $context['TPortal']['category']['value2']; // save the immediate for wireless if (WIRELESS) { if ($context['TPortal']['category']['value2'] > 0) { $context['TPortal']['category']['catname'] = $allcats[$context['TPortal']['category']['value2']]['value1']; } else { $context['TPortal']['category']['catname'] = $txt['tp-frontpage']; } } while ($parent != 0) { $parents[] = array('id' => $allcats[$parent], 'name' => $allcats[$parent]['value1'], 'shortname' => !empty($allcats[$parent]['value8']) ? $allcats[$parent]['value8'] : $allcats[$parent]['id']); $parent = $allcats[$parent]['value2']; } // make the linktree $parts = array_reverse($parents, TRUE); // add to the linktree foreach ($parts as $parent) { TPadd_linktree($scripturl . '?cat=' . $parent['shortname'], $parent['name']); } if (!empty($context['TPortal']['category']['shortname'])) { TPadd_linktree($scripturl . '?cat=' . $context['TPortal']['category']['value8'], $context['TPortal']['category']['value1']); } else { TPadd_linktree($scripturl . '?cat=' . $context['TPortal']['category']['id'], $context['TPortal']['category']['value1']); } // check clist $context['TPortal']['clist'] = array(); foreach (explode(',', $context['TPortal']['cat_list']) as $cl => $value) { if (isset($allcats[$value]) && is_numeric($value)) { $context['TPortal']['clist'][] = array('id' => $value, 'name' => $allcats[$value]['value1'], 'selected' => $value == $cat ? true : false); $txt['catlist' . $value] = $allcats[$value]['value1']; } } $context['TPortal']['show_catlist'] = sizeof($context['TPortal']['clist']) > 0 ? true : false; if (WIRELESS) { $context['TPortal']['single_article'] = false; loadtemplate('TPwireless'); // decide what subtemplate $context['sub_template'] = WIRELESS_PROTOCOL . '_tp_cat'; } $context['page_title'] = $context['TPortal']['category']['value1']; return $category['id']; } else { return; } } else { $context['cat_error'] = true; } } else { return; } }