function mw_post_form($edit = 0) { global $xoopsConfig, $xoopsUser, $xoopsSecurity; if (!$xoopsUser) { redirect_header(MWFunctions::get_url(), 1, __('You are not allowed to do this action!', 'mywords')); die; } // Check if user is a editor $author = new MWEditor(); if (!$author->from_user($xoopsUser->uid()) && !$xoopsUser->isAdmin()) { redirect_header(MWFunctions::get_url(), 1, __('You are not allowed to do this action!', 'mywords')); die; } RMTemplate::get()->add_script(RMCURL . '/include/js/jquery.min.js'); RMTemplate::get()->add_script(RMCURL . '/include/js/jquery-ui.min.js'); if ($edit) { $id = rmc_server_var($_GET, 'id', 0); if ($id <= 0) { redirect_header(MWFunctions::get_url(), __('Please, specify a valid post ID', 'mywords'), 1); die; } $post = new MWPost($id); if ($post->isNew()) { redirect_header(MWFunctions::get_url(), __('Specified post does not exists!', 'mywords'), 1); die; } // Check if user is the admin or a editor of this this post if ($author->id() != $post->getVar('author') && !$xoopsUser->isAdmin()) { redirect_header($post->permalink(), 1, __('You are not allowed to do this action!', 'mywords')); die; } } // Read privileges $perms = @$author->getVar('privileges'); $perms = is_array($perms) ? $perms : array(); $allowed_tracks = in_array("tracks", $perms) || $xoopsUser->isAdmin() ? true : false; $allowed_tags = in_array("tags", $perms) || $xoopsUser->isAdmin() ? true : false; $allowed_cats = in_array("cats", $perms) || $xoopsUser->isAdmin() ? true : false; $allowed_comms = in_array("comms", $perms) || $xoopsUser->isAdmin() ? true : false; $xoopsOption['module_subpage'] = 'submit'; include 'header.php'; $form = new RMForm('', '', ''); $editor = new RMFormEditor('', 'content', '99%', '300px', $edit ? $post->getVar('content') : ''); $meta_names = MWFunctions::get()->get_metas(); RMTemplate::get()->add_xoops_style('submit.css', 'mywords'); RMTemplate::get()->add_script(XOOPS_URL . '/modules/mywords/include/js/scripts.php?file=posts.js&front=1'); include RMTemplate::get()->get_template('mywords_submit_form.php', 'module', 'mywords'); include 'footer.php'; }
/** * Agregamos nuevos editores a la base de datos */ function save_editor($edit = false) { global $xoopsConfig, $xoopsSecurity; $page = rmc_server_var($_POST, 'page', 1); if (!$xoopsSecurity->check()) { redirectMsg('editors.php?page=' . $page, __('Operation not allowed!', 'mywords'), 1); die; } if ($edit) { $id = rmc_server_var($_POST, 'id', 0); if ($id <= 0) { redirectMsg('editors.php?page=' . $page, __('Editor ID has not been provided!', 'mywords'), 1); die; } $editor = new MWEditor($id); if ($editor->isNew()) { redirectMsg('editors.php?page=' . $page, __('Editor has not been found!', 'mywords'), 1); die; } } else { $editor = new MWEditor(); } $name = rmc_server_var($_POST, 'name', ''); $bio = rmc_server_var($_POST, 'bio', ''); $uid = rmc_server_var($_POST, 'new_user', 0); $perms = rmc_server_var($_POST, 'perms', array()); $short = rmc_server_var($_POST, 'short', ''); if (trim($name) == '') { redirectMsg('editors.php?page=' . $page, __('You must provide a display name for this editor!', 'mywords'), 1); die; } if ($uid <= 0) { redirectMsg('editors.php?page=' . $page, __('You must specify a registered user ID for this editor!', 'mywords'), 1); die; } // Check if XoopsUser is already register $db = XoopsDatabaseFactory::getDatabaseConnection(); $sql = "SELECT COUNT(*) FROM " . $db->prefix("mw_editors") . " WHERE uid={$uid}"; if ($edit) { $sql .= " AND id_editor<>" . $editor->id(); } list($num) = $db->fetchRow($db->query($sql)); if ($num > 0) { redirectMsg('editors.php?page=' . $page, __('This user has been registered as editor before.', 'mywords'), 1); die; } $editor->setVar('name', $name); $editor->setVar('shortname', TextCleaner::sweetstring($short != '' ? $short : $name)); $editor->setVar('bio', $bio); $editor->setVar('uid', $uid); $editor->setVar('privileges', $perms); if (!$editor->save()) { redirectMsg('editors.php?page=' . $page, __('Errors occurs while trying to save editor data', 'mywords') . '<br />' . $editor->errors(), 1); die; } else { redirectMsg('editors.php?page=' . $page, __('Database updated succesfully!', 'mywords'), 0); die; } }
$image = ''; } $item['description'] = XoopsLocal::convert_encoding(htmlspecialchars($image . $post->content(true), ENT_QUOTES)); $item['pubdate'] = formatTimestamp($post->getVar('pubdate'), 'rss'); $item['guid'] = $post->permalink(); $rss_items[] = $item; } break; case 'author': include_once XOOPS_ROOT_PATH . '/modules/mywords/class/mweditor.class.php'; $id = RMHttpRequest::get('author', 'integer', 0); if ($id <= 0) { redirect_header('backend.php', 1, __('Sorry, specified author was not foud!', 'mywords')); die; } $ed = new MWEditor($id); if ($ed->isNew()) { redirect_header('backend.php', 1, __('Sorry, specified author was not foud!', 'mywords')); die; } $rss_channel['title'] = sprintf(__('Posts by %s in %s', 'mywords'), $ed->name != '' ? $ed->name : $ed->shortname, $xoopsConfig['sitename']); $rss_channel['link'] = $ed->permalink(); $rss_channel['description'] = sprintf(__('Posts published by %s.', 'mywords'), $ed->getVar('name')) . ' ' . htmlspecialchars(strip_tags($ed->getVar('bio')), ENT_QUOTES); $rss_channel['lastbuild'] = formatTimestamp(time(), 'rss'); $rss_channel['webmaster'] = checkEmail($xoopsConfig['adminmail'], true); $rss_channel['editor'] = checkEmail($xoopsConfig['adminmail'], true); $rss_channel['category'] = "Blog"; $rss_channel['generator'] = 'Common Utilities'; $rss_channel['language'] = RMCLANG; $posts = MWFunctions::get_filtered_posts("author=" . $ed->uid, 0, 10); $rss_items = array();
/** * Verify if a user is a registered editor */ public function is_editor($uid = 0) { if ($uid <= 0) { return false; } $editor = new MWEditor(); $editor->from_user($uid); return !$editor->isNew(); }
header('Content-Type: text/xml'); require '../../mainfile.php'; load_mod_locale('mywords'); global $xoopsLogger; $xoopsLogger->renderingEnabled = false; error_reporting(0); $xoopsLogger->activated = false; $id = rmc_server_var($_REQUEST, 'trackback', 0); if ($id <= 0) { die; } $post = new MWPost($id); if ($post->isNew()) { die; } $editor = new MWEditor($post->getVar('author')); if ($editor->isNew()) { $user = new XoopsUser($post->getVar('author')); } $track = new MWTrackback($xoopsConfig['sitename'], $editor->getVar('name')); $id = $track->post_id; // The id of the item being trackbacked $url = $track->url; // The URL from which we got the trackback $title = $track->title; // Subject/title send by trackback $excerpt = $track->excerpt; // Short text send by trackback $blog_name = rmc_server_var($_POST, 'blog_name', ''); if ($url == '' || $title == '' || $excerpt == '') { echo $track->recieve(false, __('Sorry, your trackback seems to be invalid!', 'mywords'));
if (!$post->user_allowed()) { redirect_header(MWFunctions::get_url(), 2, __('Sorry, you are not allowed to view this post', 'mywords')); die; } // Check if post belong to some category if (count($post->get_categos()) <= 0) { $post->update(); } # Generamos los vínculos $day = date('d', $post->getVar('pubdate')); $month = date('m', $post->getVar('pubdate')); $year = date('Y', $post->getVar('pubdate')); // $page = isset($_REQUEST['page']) ? $_REQUEST['page'] : 0; # Generamos el vínculo para el autor $editor = new MWEditor($post->getVar('author')); # Texto de continuar leyendo $xoopsTpl->assign('xoops_pagetitle', $post->getVar('title')); # Cargamos los comentarios del Artículo if ($page <= 0) { $path = explode("/", $request); $srh = array_search('page', $path); if (isset($path[$srh]) && $path[$srh] == 'page') { if (!isset($path[$srh])) { $page = 1; } else { $page = $path[$srh + 1]; } } else { $page = 1; }
// Blogging System // Author: Eduardo Cortés <*****@*****.**> // Email: i.bitcero@gmail.com // License: GPL 2.0 // -------------------------------------------------------------- require '../../mainfile.php'; global $xoopsUser, $xoopsOption, $xoopsModuleConfig, $xoopsConfig, $rmTpl, $xoopsSecurity; if (!$xoopsModuleConfig['submit']) { RMUris::redirect_with_message(__('Posts submission is currently disabled', 'mywords'), XOOPS_URL, RMMSG_INFO); } if (!$xoopsUser) { redirect_header(MWFunctions::get_url(), 1, __('You are not allowed to do this action!', 'mywords')); die; } // Check if user is a editor $author = new MWEditor(); if (!$author->from_user($xoopsUser->uid()) && !$xoopsUser->isAdmin()) { redirect_header(MWFunctions::get_url(), 1, __('You are not allowed to do this action!', 'mywords')); die; } RMTemplate::get()->add_jquery(); $edit = isset($edit) ? $edit : 0; if ($edit > 0) { $id = $edit; if ($id <= 0) { redirect_header(MWFunctions::get_url(), __('Please, specify a valid post ID', 'mywords'), 1); die; } $post = new MWPost($id); if ($post->isNew()) { redirect_header(MWFunctions::get_url(), __('Specified post does not exists!', 'mywords'), 1);
$post->assignVars($row); $drafts[] = $post; } $pendings = array(); $result = $db->query("SELECT * FROM " . $db->prefix("mod_mywords_posts") . " WHERE status='waiting' ORDER BY id_post DESC LIMIT 0,8"); while ($row = $db->fetchArray($result)) { $post = new MWPost(); $post->assignVars($row); $pendings[] = $post; } // Editors $sql = "SELECT *, (SELECT COUNT(*) FROM " . $db->prefix("mod_mywords_posts") . " WHERE author=id_editor) as counter FROM " . $db->prefix("mod_mywords_editors") . " ORDER BY counter DESC LIMIT 0, 5"; $result = $db->query($sql); $editors = array(); while ($row = $db->fetchArray($result)) { $editor = new MWEditor(); $editor->assignVars($row); $editors[] = array('id' => $editor->id(), 'name' => $editor->getVar('name'), 'link' => $editor->permalink(), 'total' => $row['counter']); } unset($editor, $result, $sql); // URL rewriting $rule = "RewriteRule ^" . trim($xoopsModuleConfig['basepath'], '/') . "/?(.*)\$ modules/mywords/index.php [L]"; if ($xoopsModuleConfig['permalinks'] > 1) { $ht = new RMHtaccess('mywords'); $htResult = $ht->write($rule); if ($htResult !== true) { showMessage(__('An error ocurred while trying to write .htaccess file!', 'mywords'), RMMSG_ERROR); } } else { $ht = new RMHtaccess('mywords'); $ht->removeRule();
public static function get_editors($start, $limit, $where = '', $sort = 'name', $order = 'ASC') { $db = XoopsDatabaseFactory::getDatabaseConnection(); $sql = "SELECT * FROM " . $db->prefix("mod_mywords_editors"); if ($where != '') { $sql .= " WHERE {$where}"; } if ($sort != '') { $sql .= " ORDER BY {$sort} {$order}"; } $sql .= " LIMIT {$start}, {$limit}"; $editors = array(); $result = $db->query($sql); while ($row = $db->fetchArray($result)) { $editor = new MWEditor(); $editor->assignVars($row); $editors[] = $editor; } return $editors; }
/** * Determines if current or given user can read this post * @param int $id User ID * @return bool */ public function user_allowed($uid = null) { global $xoopsUser; if (!$xoopsUser) { $owner = false; } else { $user = $uid != null ? $uid : $xoopsUser->uid(); $editor = new MWEditor($this->getVar('author')); $owner = $user == $editor->getVar('uid'); } if ($owner) { return true; } if ($this->getVar('status') != 'publish') { return false; } if ($this->getVar('visibility') == 'public') { return true; } if ($this->getVar('visibility') == 'password') { $pass = rmc_server_var($_POST, 'password', ''); $pass = $pass == '' && isset($_SESSION['password-' . $this->id()]) ? $_SESSION['password-' . $this->id()] : $pass; if ($pass == '') { return false; } if ($pass != $this->getVar('password')) { return false; } $_SESSION['password-' . $this->id()] = $pass; return true; } return false; }
} // Categories if (!isset($categories) || empty($categories)) { $categories = array(MWFunctions::get()->default_category_id()); } // Check publish options if ($visibility == 'password' && $vis_password == '') { return_error(__('You must provide a password for this post or select another visibility option', 'mywords'), true); die; } $time = explode("-", $schedule); $schedule = mktime($time[3], $time[4], 0, $time[1], $time[0], $time[2]); if ($schedule <= time()) { $schedule = 0; } $editor = new MWEditor($xoopsUser->uid(), 'user'); if ($editor->isNew()) { $editor->setVar('uid', $xoopsUser->uid()); $editor->setVar('shortname', $xoopsUser->getVar('uname')); $editor->setVar('name', $xoopsUser->getVar('name')); $editor->setVar('bio', $xoopsUser->getVar('bio')); $editor->setVar('active', 0); $editor->save(); } // Add Data $post->setVar('title', $title); $post->setVar('shortname', $shortname); $post->setVar('content', $content); if ($editor->isNew() && !$xoopsUser->isAdmin()) { $status = 'pending'; } else {
global $xoopsLogger; $xoopsLogger->renderingEnabled = false; error_reporting(0); $xoopsLogger->activated = false; extract($_POST); /*if(!$xoopsSecurity->check() || !$xoopsSecurity->checkReferer()){ $ret = array( 'error'=>__('You are not allowed to do this operation!','mywords') ); echo json_encode($ret); die(); }*/ if (!isset($xoopsUser)) { return_error(__('You are not allowed to do this action!', 'mywords'), false, MW_URL); } $editor = new MWEditor(); $editor->from_user($author); if ($editor->isNew() && !$xoopsUser->isAdmin()) { return_error(__('You are not allowed to do this action!', 'mywords'), false, MW_URL); } if ($op == 'saveedit') { if (!isset($id) || $id <= 0) { return_error(__('You must provide a valid post ID', 'mywords'), 0, 'posts.php'); die; } $post = new MWPost($id); if ($post->isNew()) { return_error(__('You must provide an existing post ID', 'mywords'), 0, 'posts.php'); die; } if (!$editor->id() == $post->getVar('author') && !$xoopsUser->isAdmin()) {
* This file execute the pings for a given post */ require '../../mainfile.php'; global $xoopsLogger; $xoopsLogger->renderingEnabled = false; error_reporting(0); $xoopsLogger->activated = false; $id = rmc_server_var($_GET, 'post', 0); if ($id <= 0) { die; } $post = new MWPost($id); if ($post->isNew()) { die; } $editor = new MWEditor($post->getVar('author')); if ($editor->isNew()) { $user = new XoopsUser($post->getVar('author')); } $tracks = $post->getVar('toping'); if (empty($tracks)) { die; } $pinged = $post->getVar('pinged'); $toping = $post->getVar('toping'); $tp = array(); $tback = new MWTrackback($xoopsModuleConfig['blogname'], $editor->isNew() ? $user->getVar('uname') : $editor->getVar('name')); foreach ($tracks as $t) { if (!empty($pinged) && in_array($t, $pinged)) { continue; }
// Blogging System // Author: Eduardo Cortés <*****@*****.**> // Email: i.bitcero@gmail.com // License: GPL 2.0 // -------------------------------------------------------------- $xoopsOption['template_main'] = 'mywords_author.html'; $xoopsOption['module_subpage'] = 'author'; include 'header.php'; if (!is_numeric($editor)) { $sql = "SELECT id_editor FROM " . $db->prefix("mw_editors") . " WHERE shortname='{$editor}'"; list($editor) = $db->fetchRow($db->query($sql)); if ($editor == '') { $editor = 0; } } $ed = new MWEditor($editor); if ($ed->isNew()) { redirect_header(MWFunctions::get_url(), 2, __('Sorry, We don\'t know to this editor', 'admin_mywords')); die; } $page = isset($_REQUEST['page']) ? $_REQUEST['page'] : 0; if ($page <= 0) { $path = explode("/", $request); $srh = array_search('page', $path); if (isset($path[$srh]) && $path[$srh] == 'page') { if (!isset($path[$srh])) { $page = 0; } else { $page = $path[$srh + 1]; } }
// Blogging System // Author: Eduardo Cortés <*****@*****.**> // Email: i.bitcero@gmail.com // License: GPL 2.0 // -------------------------------------------------------------- $xoopsOption['template_main'] = 'mywords-author.tpl'; $xoopsOption['module_subpage'] = 'author'; include 'header.php'; if (!is_numeric($editor)) { $sql = "SELECT id_editor FROM " . $db->prefix("mod_mywords_editors") . " WHERE shortname='{$editor}'"; list($editor) = $db->fetchRow($db->query($sql)); if ($editor == '') { $editor = 0; } } $ed = new MWEditor($editor); if ($ed->isNew()) { $params = array('page' => 'author'); RMFunctions::error_404(__('Sorry, we don\'t know this editor', 'admin_mywords'), 'mywords', $params); die; } $xoopsTpl->assign('editor', array('id' => $ed->id(), 'uid' => $ed->uid, 'name' => $ed->name, 'email' => $ed->data('email'), 'uname' => $ed->uname)); $page = isset($_REQUEST['page']) ? $_REQUEST['page'] : 0; if ($page <= 0) { $path = explode("/", $request); $srh = array_search('page', $path); if (isset($path[$srh]) && $path[$srh] == 'page') { if (!isset($path[$srh])) { $page = 0; } else { $page = $path[$srh + 1];
if (!$post->user_allowed()) { redirect_header(MWFunctions::get_url(), 2, __('Sorry, you are not allowed to view this post', 'mywords')); die; } // Check if post belong to some category if (count($post->get_categos()) <= 0) { $post->update(); } # Generamos los vínculos $day = date('d', $post->getVar('pubdate')); $month = date('m', $post->getVar('pubdate')); $year = date('Y', $post->getVar('pubdate')); // $page = isset($_REQUEST['page']) ? $_REQUEST['page'] : 0; # Cargamos los datos del autor $editor = new MWEditor($post->getVar('author'), 'user'); if ($editor->isNew()) { if ($xoopsUser && $xoopsUser->uid() == $post->author) { $user = $xoopsUser; } else { $user = new RMUser($post->author); } $editor->uid = $user->uid(); $editor->name = $user->getVar('name'); $editor->shortname = $user->getVar('uname'); $editor->privileges = array('tags', 'tracks', 'comms'); $editor->save(); } # Texto de continuar leyendo $xoopsTpl->assign('xoops_pagetitle', $post->getVar('customtitle') != '' ? $post->getVar('customtitle') : $post->getVar('title')); # Cargamos los comentarios del Artículo