/** * Shows story editor * * Displays the story entry form * * @param string $sid ID of story to edit * @param string $mode 'preview', 'edit', 'editsubmission', 'clone' * @param string $errormsg a message to display on top of the page * @return string HTML for story editor * */ function storyeditor($sid = '', $mode = '', $errormsg = '') { global $_CONF, $_TABLES, $_USER, $LANG24, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $_SCRIPTS, $LANG_DIRECTION, $LANG_MONTH, $LANG_WEEK; $display = ''; if (!isset($_CONF['hour_mode'])) { $_CONF['hour_mode'] = 12; } if (!empty($errormsg)) { $display .= COM_showMessageText($errormsg, $LANG24[25]); } $story = new Story(); if ($mode == 'preview') { // Handle Magic GPC Garbage: while (list($key, $value) = each($_POST)) { if (!is_array($value)) { $_POST[$key] = COM_stripslashes($value); } else { while (list($subkey, $subvalue) = each($value)) { $value[$subkey] = COM_stripslashes($subvalue); } } } $result = $story->loadFromArgsArray($_POST); if ($_CONF['maximagesperarticle'] > 0) { $errors = $story->checkAttachedImages(); if (count($errors) > 0) { $msg = $LANG24[55] . LB . '<ul>' . LB; foreach ($errors as $err) { $msg .= '<li>' . $err . '</li>' . LB; } $msg .= '</ul>' . LB; $display .= COM_showMessageText($msg, $LANG24[54]); } } } else { $result = $story->loadFromDatabase($sid, $mode); } if ($result == STORY_PERMISSION_DENIED || $result == STORY_NO_ACCESS_PARAMS) { $display .= COM_showMessageText($LANG24[42], $LANG_ACCESS['accessdenied']); COM_accessLog("User {$_USER['username']} tried to illegally access story {$sid}."); return $display; } elseif ($result == STORY_EDIT_DENIED || $result == STORY_EXISTING_NO_EDIT_PERMISSION) { $display .= COM_showMessageText($LANG24[41], $LANG_ACCESS['accessdenied']); $display .= STORY_renderArticle($story, 'p'); COM_accessLog("User {$_USER['username']} tried to illegally edit story {$sid}."); return $display; } elseif ($result == STORY_INVALID_SID) { if ($mode == 'editsubmission') { // that submission doesn't seem to be there any more (may have been // handled by another Admin) - take us back to the moderation page return COM_refresh($_CONF['site_admin_url'] . '/moderation.php'); } else { return COM_refresh($_CONF['site_admin_url'] . '/story.php'); } } elseif ($result == STORY_DUPLICATE_SID) { $display .= COM_showMessageText($LANG24[24]); } // Load HTML templates $story_templates = COM_newTemplate($_CONF['path_layout'] . 'admin/story'); if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) { $story_templates->set_file(array('editor' => 'storyeditor_advanced.thtml')); $advanced_editormode = true; $story_templates->set_var('change_editormode', 'onchange="change_editmode(this);"'); require_once $_CONF['path_system'] . 'classes/navbar.class.php'; $story_templates->set_var('show_preview', 'none'); $story_templates->set_var('lang_expandhelp', $LANG24[67]); $story_templates->set_var('lang_reducehelp', $LANG24[68]); $story_templates->set_var('lang_publishdate', $LANG24[69]); $story_templates->set_var('lang_toolbar', $LANG24[70]); $story_templates->set_var('toolbar1', $LANG24[71]); $story_templates->set_var('toolbar2', $LANG24[72]); $story_templates->set_var('toolbar3', $LANG24[73]); $story_templates->set_var('toolbar4', $LANG24[74]); $story_templates->set_var('toolbar5', $LANG24[75]); if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') { $story_templates->set_var('show_texteditor', 'none'); $story_templates->set_var('show_htmleditor', ''); } else { $story_templates->set_var('show_texteditor', ''); $story_templates->set_var('show_htmleditor', 'none'); } } else { $story_templates->set_file(array('editor' => 'storyeditor.thtml')); $advanced_editormode = false; } $story_templates->set_var('hour_mode', $_CONF['hour_mode']); if ($story->hasContent()) { $previewContent = STORY_renderArticle($story, 'p'); if ($advanced_editormode and $previewContent != '') { $story_templates->set_var('preview_content', $previewContent); } elseif ($previewContent != '') { $display .= COM_startBlock($LANG24[26], '', COM_getBlockTemplate('_admin_block', 'header')); $display .= $previewContent; $display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); } } if ($advanced_editormode) { $navbar = new navbar(); if (!empty($previewContent)) { $navbar->add_menuitem($LANG24[79], 'showhideEditorDiv("preview",0);return false;', true); $navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",1);return false;', true); $navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",2);return false;', true); $navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",3);return false;', true); $navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",4);return false;', true); $navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",5);return false;', true); $navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",6);return false;', true); } else { $navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",0);return false;', true); $navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",1);return false;', true); $navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",2);return false;', true); $navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",3);return false;', true); $navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",4);return false;', true); $navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",5);return false;', true); } if ($mode == 'preview') { $story_templates->set_var('show_preview', ''); $story_templates->set_var('show_htmleditor', 'none'); $story_templates->set_var('show_texteditor', 'none'); $story_templates->set_var('show_submitoptions', 'none'); $navbar->set_selected($LANG24[79]); } else { $navbar->set_selected($LANG24[80]); } $story_templates->set_var('navbar', $navbar->generate()); } $oldsid = $story->EditElements('originalSid'); if (!empty($oldsid) && $mode != 'clone') { $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>'; $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; $story_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm)); $story_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, '')); } if ($mode == 'editsubmission' || $story->type == 'submission') { $story_templates->set_var('submission_option', '<input type="hidden" name="type" value="submission"' . XHTML . '>'); } $story_templates->set_var('lang_author', $LANG24[7]); $storyauthor = COM_getDisplayName($story->EditElements('uid')); $story_templates->set_var('story_author', $storyauthor); $story_templates->set_var('author', $storyauthor); $story_templates->set_var('story_uid', $story->EditElements('uid')); // user access info $story_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']); $story_templates->set_var('lang_owner', $LANG_ACCESS['owner']); $ownername = COM_getDisplayName($story->EditElements('owner_id')); $story_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', 'uid = ' . $story->EditElements('owner_id'))); $story_templates->set_var('owner_name', $ownername); $story_templates->set_var('owner', $ownername); $story_templates->set_var('owner_id', $story->EditElements('owner_id')); $story_templates->set_var('lang_group', $LANG_ACCESS['group']); $story_templates->set_var('group_dropdown', SEC_getGroupDropdown($story->EditElements('group_id'), 3)); $story_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']); $story_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']); $story_templates->set_var('permissions_editor', SEC_getPermissionsHTML($story->EditElements('perm_owner'), $story->EditElements('perm_group'), $story->EditElements('perm_members'), $story->EditElements('perm_anon'))); $story_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']); $story_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']); $curtime = COM_getUserDateTimeFormat($story->EditElements('date')); $story_templates->set_var('lang_date', $LANG24[15]); $story_templates->set_var('publish_second', $story->EditElements('publish_second')); $publish_ampm = ''; $publish_hour = $story->EditElements('publish_hour'); if ($publish_hour >= 12) { if ($publish_hour > 12) { $publish_hour = $publish_hour - 12; } $ampm = 'pm'; } else { $ampm = 'am'; } $ampm_select = COM_getAmPmFormSelection('publish_ampm', $ampm); $story_templates->set_var('publishampm_selection', $ampm_select); $month_options = COM_getMonthFormOptions($story->EditElements('publish_month')); $story_templates->set_var('publish_month_options', $month_options); $day_options = COM_getDayFormOptions($story->EditElements('publish_day')); $story_templates->set_var('publish_day_options', $day_options); $year_options = COM_getYearFormOptions($story->EditElements('publish_year')); $story_templates->set_var('publish_year_options', $year_options); if ($_CONF['hour_mode'] == 24) { $hour_options = COM_getHourFormOptions($story->EditElements('publish_hour'), 24); } else { $hour_options = COM_getHourFormOptions($publish_hour); } $story_templates->set_var('publish_hour_options', $hour_options); $minute_options = COM_getMinuteFormOptions($story->EditElements('publish_minute')); $story_templates->set_var('publish_minute_options', $minute_options); $story_templates->set_var('publish_date_explanation', $LANG24[46]); $story_templates->set_var('story_unixstamp', $story->EditElements('unixdate')); $story_templates->set_var('expire_second', $story->EditElements('expire_second')); $expire_ampm = ''; $expire_hour = $story->EditElements('expire_hour'); if ($expire_hour >= 12) { if ($expire_hour > 12) { $expire_hour = $expire_hour - 12; } $ampm = 'pm'; } else { $ampm = 'am'; } $ampm_select = COM_getAmPmFormSelection('expire_ampm', $ampm); if (empty($ampm_select)) { // have a hidden field to 24 hour mode to prevent JavaScript errors $ampm_select = '<input type="hidden" name="expire_ampm" value=""' . XHTML . '>'; } $story_templates->set_var('expireampm_selection', $ampm_select); $month_options = COM_getMonthFormOptions($story->EditElements('expire_month')); $story_templates->set_var('expire_month_options', $month_options); $day_options = COM_getDayFormOptions($story->EditElements('expire_day')); $story_templates->set_var('expire_day_options', $day_options); $year_options = COM_getYearFormOptions($story->EditElements('expire_year')); $story_templates->set_var('expire_year_options', $year_options); if ($_CONF['hour_mode'] == 24) { $hour_options = COM_getHourFormOptions($story->EditElements('expire_hour'), 24); } else { $hour_options = COM_getHourFormOptions($expire_hour); } $story_templates->set_var('expire_hour_options', $hour_options); $minute_options = COM_getMinuteFormOptions($story->EditElements('expire_minute')); $story_templates->set_var('expire_minute_options', $minute_options); $story_templates->set_var('expire_date_explanation', $LANG24[46]); $story_templates->set_var('story_unixstamp', $story->EditElements('expirestamp')); $atopic = DB_getItem($_TABLES['topics'], 'tid', "archive_flag = 1"); $have_archive_topic = empty($atopic) ? false : true; if ($story->EditElements('statuscode') == STORY_ARCHIVE_ON_EXPIRE) { $story_templates->set_var('is_checked2', 'checked="checked"'); $story_templates->set_var('is_checked3', 'checked="checked"'); $js_showarchivedisabled = 'false'; $have_archive_topic = true; // force display of auto archive option } elseif ($story->EditElements('statuscode') == STORY_DELETE_ON_EXPIRE) { $story_templates->set_var('is_checked2', 'checked="checked"'); $story_templates->set_var('is_checked4', 'checked="checked"'); if (!$have_archive_topic) { $story_templates->set_var('is_checked3', 'style="display:none;"'); } $js_showarchivedisabled = 'false'; } else { if (!$have_archive_topic) { $story_templates->set_var('is_checked3', 'style="display:none;"'); } $js_showarchivedisabled = 'true'; } $story_templates->set_var('lang_archivetitle', $LANG24[58]); $story_templates->set_var('lang_option', $LANG24[59]); $story_templates->set_var('lang_enabled', $LANG_ADMIN['enabled']); $story_templates->set_var('lang_story_stats', $LANG24[87]); if ($have_archive_topic) { $story_templates->set_var('lang_optionarchive', $LANG24[61]); } else { $story_templates->set_var('lang_optionarchive', ''); } $story_templates->set_var('lang_optiondelete', $LANG24[62]); $story_templates->set_var('lang_title', $LANG_ADMIN['title']); $story_templates->set_var('story_title', $story->EditElements('title')); $story_templates->set_var('lang_page_title', $LANG_ADMIN['page_title']); $story_templates->set_var('page_title', $story->EditElements('page_title')); $story_templates->set_var('lang_metadescription', $LANG_ADMIN['meta_description']); $story_templates->set_var('meta_description', $story->EditElements('meta_description')); $story_templates->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']); $story_templates->set_var('meta_keywords', $story->EditElements('meta_keywords')); if ($_CONF['meta_tags'] > 0) { $story_templates->set_var('hide_meta', ''); } else { $story_templates->set_var('hide_meta', ' style="display:none;"'); } $story_templates->set_var('lang_topic', $LANG_ADMIN['topic']); if ($mode == 'preview') { $tlist = TOPIC_getTopicSelectionControl('article', '', false, true, true); } else { $tlist = TOPIC_getTopicSelectionControl('article', $oldsid, false, true, true); } if (empty($tlist)) { $display .= COM_showMessage(101); return $display; } $story_templates->set_var('topic_selection', $tlist); $story_templates->set_var('lang_show_topic_icon', $LANG24[56]); if ($story->EditElements('show_topic_icon') == 1) { $story_templates->set_var('show_topic_icon_checked', 'checked="checked"'); } else { $story_templates->set_var('show_topic_icon_checked', ''); } $story_templates->set_var('lang_cachetime', $LANG24['cache_time']); $story_templates->set_var('lang_cachetime_desc', $LANG24['cache_time_desc']); $story_templates->set_var('cache_time', $story->EditElements('cache_time')); $story_templates->set_var('lang_draft', $LANG24[34]); if ($story->EditElements('draft_flag')) { $story_templates->set_var('is_checked', 'checked="checked"'); } $story_templates->set_var('lang_mode', $LANG24[3]); $story_templates->set_var('status_options', COM_optionList($_TABLES['statuscodes'], 'code,name', $story->EditElements('statuscode'))); $story_templates->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $story->EditElements('commentcode'))); $story_templates->set_var('trackback_options', COM_optionList($_TABLES['trackbackcodes'], 'code,name', $story->EditElements('trackbackcode'))); // comment expire $story_templates->set_var('lang_cmt_disable', $LANG24[63]); if ($story->EditElements('cmt_close')) { $story_templates->set_var('is_checked5', 'checked="checked"'); $js_showcmtclosedisabled = 'false'; } else { $js_showcmtclosedisabled = 'true'; } $month_options = COM_getMonthFormOptions($story->EditElements('cmt_close_month')); $story_templates->set_var('cmt_close_month_options', $month_options); $day_options = COM_getDayFormOptions($story->EditElements('cmt_close_day')); $story_templates->set_var('cmt_close_day_options', $day_options); // ensure that the year dropdown includes the close year $endtm = mktime(0, 0, 0, date('m'), date('d') + $_CONF['article_comment_close_days'], date('Y')); $yoffset = date('Y', $endtm) - date('Y'); $close_year = $story->EditElements('cmt_close_year'); if ($yoffset < -1) { $year_options = COM_getYearFormOptions($close_year, $yoffset); } elseif ($yoffset > 5) { $year_options = COM_getYearFormOptions($close_year, -1, $yoffset); } else { $year_options = COM_getYearFormOptions($close_year); } $story_templates->set_var('cmt_close_year_options', $year_options); $cmt_close_ampm = ''; $cmt_close_hour = $story->EditElements('cmt_close_hour'); //correct hour if ($cmt_close_hour >= 12) { if ($cmt_close_hour > 12) { $cmt_close_hour = $cmt_close_hour - 12; } $ampm = 'pm'; } else { $ampm = 'am'; } $ampm_select = COM_getAmPmFormSelection('cmt_close_ampm', $ampm); if (empty($ampm_select)) { // have a hidden field to 24 hour mode to prevent JavaScript errors $ampm_select = '<input type="hidden" name="cmt_close_ampm" value=""' . XHTML . '>'; } $story_templates->set_var('cmt_close_ampm_selection', $ampm_select); if ($_CONF['hour_mode'] == 24) { $hour_options = COM_getHourFormOptions($story->EditElements('cmt_close_hour'), 24); } else { $hour_options = COM_getHourFormOptions($cmt_close_hour); } $story_templates->set_var('cmt_close_hour_options', $hour_options); $minute_options = COM_getMinuteFormOptions($story->EditElements('cmt_close_minute')); $story_templates->set_var('cmt_close_minute_options', $minute_options); $story_templates->set_var('cmt_close_second', $story->EditElements('cmt_close_second')); if ($_CONF['onlyrootfeatures'] == 1 && SEC_inGroup('Root') or $_CONF['onlyrootfeatures'] !== 1) { $featured_options = "<select name=\"featured\">" . LB . COM_optionList($_TABLES['featurecodes'], 'code,name', $story->EditElements('featured')) . "</select>" . LB; } else { $featured_options = "<input type=\"hidden\" name=\"featured\" value=\"0\"" . XHTML . ">"; } $story_templates->set_var('featured_options', $featured_options); $story_templates->set_var('frontpage_options', COM_optionList($_TABLES['frontpagecodes'], 'code,name', $story->EditElements('frontpage'))); $story_templates->set_var('story_introtext', $story->EditElements('introtext')); $story_templates->set_var('story_bodytext', $story->EditElements('bodytext')); $story_templates->set_var('lang_introtext', $LANG24[16]); $story_templates->set_var('lang_bodytext', $LANG24[17]); $story_templates->set_var('lang_postmode', $LANG24[4]); $story_templates->set_var('lang_publishoptions', $LANG24[76]); $story_templates->set_var('noscript', COM_getNoScript(false, $LANG24[77], sprintf($LANG24[78], $_CONF['site_admin_url'], $sid))); $postmode = $story->EditElements('postmode'); if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) { if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') { $postmode = ''; } } $post_options = COM_optionList($_TABLES['postmodes'], 'code,name', $postmode); $postmode_list = 'plaintext,html'; // If Advanced Mode - add post option and set default if editing story created with Advanced Editor if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) { $postmode_list .= ',adveditor'; if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') { $post_options .= '<option value="adveditor" selected="selected">' . $LANG24[86] . '</option>'; } else { $post_options .= '<option value="adveditor">' . $LANG24[86] . '</option>'; } } if ($_CONF['wikitext_editor']) { $postmode_list .= ',wikitext'; if ($story->EditElements('postmode') == 'wikitext') { $post_options .= '<option value="wikitext" selected="selected">' . $LANG24[88] . '</option>'; } else { $post_options .= '<option value="wikitext">' . $LANG24[88] . '</option>'; } } $story_templates->set_var('post_options', $post_options); $postmode_array = explode(',', $postmode_list); $allowed_html = ''; foreach ($postmode_array as $pm) { $allowed_html .= COM_allowedHTML('story.edit', false, 1, $pm); } $allowed_tags = array('code', 'raw'); if ($_CONF['allow_page_breaks'] == 1) { $allowed_tags = array_merge($allowed_tags, array('page_break')); } $allowed_html .= COM_allowedAutotags(false, $allowed_tags); $story_templates->set_var('lang_allowed_html', $allowed_html); $fileinputs = ''; $saved_images = ''; if ($_CONF['maximagesperarticle'] > 0) { $story_templates->set_var('lang_images', $LANG24[47]); $icount = DB_count($_TABLES['article_images'], 'ai_sid', $story->getSid()); if ($icount > 0) { $result_articles = DB_query("SELECT * FROM {$_TABLES['article_images']} WHERE ai_sid = '" . $story->getSid() . "'"); for ($z = 1; $z <= $icount; $z++) { $I = DB_fetchArray($result_articles); $saved_images .= $z . ') ' . COM_createLink($I['ai_filename'], $_CONF['site_url'] . '/images/articles/' . $I['ai_filename']) . ' ' . $LANG_ADMIN['delete'] . ': <input type="checkbox" name="delete[' . $I['ai_img_num'] . ']"' . XHTML . '><br' . XHTML . '>'; } } $newallowed = $_CONF['maximagesperarticle'] - $icount; for ($z = $icount + 1; $z <= $_CONF['maximagesperarticle']; $z++) { $fileinputs .= $z . ') <input type="file" dir="ltr" name="file' . $z . '"' . XHTML . '>'; if ($z < $_CONF['maximagesperarticle']) { $fileinputs .= '<br' . XHTML . '>'; } } $fileinputs .= '<br' . XHTML . '>' . $LANG24[51]; if ($_CONF['allow_user_scaling'] == 1) { $fileinputs .= $LANG24[27]; } $fileinputs .= $LANG24[28] . '<br' . XHTML . '>'; } // Add JavaScript $_SCRIPTS->setJavaScriptFile('story_editor', '/javascript/story_editor.js'); if ($_CONF['titletoid']) { $_SCRIPTS->setJavaScriptFile('title_2_id', '/javascript/title_2_id.js'); $story_templates->set_var('titletoid', true); } $_SCRIPTS->setJavaScriptFile('postmode_control', '/javascript/postmode_control.js'); // Loads jQuery UI datepicker and timepicker-addon $_SCRIPTS->setJavaScriptLibrary('jquery.ui.slider'); // $_SCRIPTS->setJavaScriptLibrary('jquery.ui.button'); $_SCRIPTS->setJavaScriptLibrary('jquery.ui.datepicker'); $_SCRIPTS->setJavaScriptLibrary('jquery-ui-i18n'); $_SCRIPTS->setJavaScriptLibrary('jquery-ui-timepicker-addon'); $_SCRIPTS->setJavaScriptLibrary('jquery-ui-timepicker-addon-i18n'); // $_SCRIPTS->setJavaScriptLibrary('jquery-ui-slideraccess'); $_SCRIPTS->setJavaScriptFile('datetimepicker', '/javascript/datetimepicker.js'); $langCode = COM_getLangIso639Code(); $toolTip = $MESSAGE[118]; $imgUrl = $_CONF['site_url'] . '/images/calendar.png'; $_SCRIPTS->setJavaScript("jQuery(function () {" . " geeklog.hour_mode = {$_CONF['hour_mode']};" . " geeklog.datetimepicker.set('publish', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . " geeklog.datetimepicker.set('expire', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . " geeklog.datetimepicker.set('cmt_close', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . "});", TRUE, TRUE); // Setup Advanced Editor COM_setupAdvancedEditor('/javascript/storyeditor_adveditor.js'); $story_templates->set_var('saved_images', $saved_images); $story_templates->set_var('image_form_elements', $fileinputs); $story_templates->set_var('lang_hits', $LANG24[18]); $story_templates->set_var('story_hits', $story->EditElements('hits')); $story_templates->set_var('lang_comments', $LANG24[19]); $story_templates->set_var('story_comments', $story->EditElements('comments')); $story_templates->set_var('lang_trackbacks', $LANG24[29]); $story_templates->set_var('story_trackbacks', $story->EditElements('trackbacks')); $story_templates->set_var('lang_emails', $LANG24[39]); $story_templates->set_var('story_emails', $story->EditElements('numemails')); if ($mode == 'clone') { $story_templates->set_var('story_id', COM_makesid()); } else { $story_templates->set_var('story_id', $story->getSid()); $story_templates->set_var('old_story_id', $story->EditElements('originalSid')); } $story_templates->set_var('lang_sid', $LANG24[12]); $story_templates->set_var('lang_save', $LANG_ADMIN['save']); $story_templates->set_var('lang_preview', $LANG_ADMIN['preview']); $story_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']); $story_templates->set_var('lang_delete', $LANG_ADMIN['delete']); $story_templates->set_var('gltoken_name', CSRF_TOKEN); $token = SEC_createToken(); $story_templates->set_var('gltoken', $token); $story_templates->parse('output', 'editor'); $display .= COM_startBlock($LANG24[5], '', COM_getBlockTemplate('_admin_block', 'header')); $display .= SEC_getTokenExpiryNotice($token, $LANG24[91]); $display .= $story_templates->finish($story_templates->get_var('output')); $display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $display; }
/** * Shows story editor * * Displays the story entry form * * @param string $sid ID of story to edit * @param string $action 'preview', 'edit', 'moderate', 'draft' * @param string $errormsg a message to display on top of the page * @param string $currenttopic topic selection for drop-down menu * @return string HTML for story editor * */ function STORY_edit($sid = '', $action = '', $errormsg = '', $currenttopic = '') { global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG24, $LANG33, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $_IMAGE_TYPE; USES_lib_admin(); $display = ''; switch ($action) { case 'clone': case 'edit': case 'preview': case 'error': $title = $LANG24[5]; $saveoption = $LANG_ADMIN['save']; $submission = false; break; case 'moderate': $title = $LANG24[90]; $saveoption = $LANG_ADMIN['moderate']; $submission = true; break; case 'draft': $title = $LANG24[91]; $saveoption = $LANG_ADMIN['save']; $submission = true; $action = 'edit'; break; default: $title = $LANG24[5]; $saveoption = $LANG_ADMIN['save']; $submission = false; $action = 'edit'; break; } // Load HTML templates $story_templates = new Template($_CONF['path_layout'] . 'admin/story'); $story_templates->set_file(array('editor' => 'storyeditor.thtml')); if (!isset($_CONF['hour_mode'])) { $_CONF['hour_mode'] = 12; } if (!empty($errormsg)) { $display .= COM_showMessageText($errormsg, $LANG24[25], true); } if (!empty($currenttopic)) { $allowed = DB_getItem($_TABLES['topics'], 'tid', "tid = '" . DB_escapeString($currenttopic) . "'" . COM_getTopicSql('AND')); if ($allowed != $currenttopic) { $currenttopic = ''; } } $story = new Story(); if ($action == 'preview' || $action == 'error') { while (list($key, $value) = each($_POST)) { if (!is_array($value)) { $_POST[$key] = $value; } else { while (list($subkey, $subvalue) = each($value)) { $value[$subkey] = $subvalue; } } } $result = $story->loadFromArgsArray($_POST); } else { $result = $story->loadFromDatabase($sid, $action); } if ($result == STORY_PERMISSION_DENIED || $result == STORY_NO_ACCESS_PARAMS) { $display .= COM_showMessageText($LANG24[42], $LANG_ACCESS['accessdenied'], true); COM_accessLog("User {$_USER['username']} tried to access story {$sid}. - STORY_PERMISSION_DENIED or STORY_NO_ACCESS_PARAMS - " . $result); return $display; } elseif ($result == STORY_EDIT_DENIED || $result == STORY_EXISTING_NO_EDIT_PERMISSION) { $display .= COM_showMessageText($LANG24[41], $LANG_ACCESS['accessdenied'], true); $display .= STORY_renderArticle($story, 'p'); COM_accessLog("User {$_USER['username']} tried to illegally edit story {$sid}. - STORY_EDIT_DENIED or STORY_EXISTING_NO_EDIT_PERMISSION"); return $display; } elseif ($result == STORY_INVALID_SID) { if ($action == 'moderate') { // that submission doesn't seem to be there any more (may have been // handled by another Admin) - take us back to the moderation page echo COM_refresh($_CONF['site_admin_url'] . '/moderation.php'); } else { echo COM_refresh($_CONF['site_admin_url'] . '/story.php'); } } elseif ($result == STORY_DUPLICATE_SID) { $story_templates->set_var('error_message', $LANG24[24]); } elseif ($result == STORY_EMPTY_REQUIRED_FIELDS) { $story_templates->set_var('error_message', $LANG24[31]); } if (empty($currenttopic) && $story->EditElements('tid') == '') { $story->setTid(DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND'))); } else { if ($story->EditElements('tid') == '') { $story->setTid($currenttopic); } } if (SEC_hasRights('story.edit')) { $allowedTopicList = COM_topicList('tid,topic', $story->EditElements('tid'), 1, true, 0); $allowedAltTopicList = '<option value="">' . $LANG33[44] . '</option>' . COM_topicList('tid,topic', $story->EditElements('alternate_tid'), 1, true, 0); } else { $allowedTopicList = COM_topicList('tid,topic', $story->EditElements('tid'), 1, true, 3); $allowedAltTopicList = '<option value="">' . $LANG33[44] . '</option>' . COM_topicList('tid,topic', $story->EditElements('alternate_tid'), 1, true, 3); } if ($allowedTopicList == '') { $display .= COM_showMessageText($LANG24[42], $LANG_ACCESS['accessdenied'], true); COM_accessLog("User {$_USER['username']} tried to illegally access story {$sid}. No allowed topics."); return $display; } $menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/story.php', 'text' => $LANG_ADMIN['story_list']), array('url' => $_CONF['site_admin_url'] . '/moderation.php', 'text' => $LANG_ADMIN['submissions'])); if (SEC_inGroup('Root')) { $menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/story.php?global=x', 'text' => 'Global Settings'); } $menu_arr[] = array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']); require_once $_CONF['path_system'] . 'classes/navbar.class.php'; $story_templates->set_var('hour_mode', $_CONF['hour_mode']); if ($story->hasContent()) { $previewContent = STORY_renderArticle($story, 'p'); if ($previewContent != '') { $story_templates->set_var('preview_content', $previewContent); } } $navbar = new navbar(); if (!empty($previewContent)) { $navbar->add_menuitem($LANG24[79], 'showhideEditorDiv("preview",0);return false;', true); $navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",1);return false;', true); $navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",2);return false;', true); $navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",3);return false;', true); $navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",4);return false;', true); $navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",5);return false;', true); $navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",6);return false;', true); } else { $navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",0);return false;', true); $navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",1);return false;', true); $navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",2);return false;', true); $navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",3);return false;', true); $navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",4);return false;', true); $navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",5);return false;', true); } if ($action == 'preview') { $story_templates->set_var('show_preview', ''); $story_templates->set_var('show_htmleditor', 'none'); $story_templates->set_var('show_texteditor', 'none'); $story_templates->set_var('show_submitoptions', 'none'); $navbar->set_selected($LANG24[79]); } else { $navbar->set_selected($LANG24[80]); $story_templates->set_var('show_preview', 'none'); } $story_templates->set_var('navbar', $navbar->generate()); $story_templates->set_var('start_block', COM_startBlock($title, '', COM_getBlockTemplate('_admin_block', 'header'))); // start generating the story editor block $story_templates->set_var('block_start', COM_startBlock($title, '', COM_getBlockTemplate('_admin_block', 'header'))); $oldsid = $story->EditElements('originalSid'); if (!empty($oldsid)) { $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="deletestory"%s/>'; $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; $story_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm)); $story_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, '')); $story_templates->set_var('lang_delete_confirm', $MESSAGE[76]); } if ($submission || $story->type == 'submission') { $story_templates->set_var('submission_option', '<input type="hidden" name="type" value="submission"/>'); } $story_templates->set_var('admin_menu', ADMIN_createMenu($menu_arr, $LANG24[92], $_CONF['layout_url'] . '/images/icons/story.' . $_IMAGE_TYPE)); $story_templates->set_var('lang_author', $LANG24[7]); $storyauthor = COM_getDisplayName($story->EditElements('uid')); $storyauthor_select = COM_optionList($_TABLES['users'], 'uid,username', $story->EditElements('uid')); $story_templates->set_var('story_author', $storyauthor); $story_templates->set_var('story_author_select', $storyauthor_select); $story_templates->set_var('author', $storyauthor); $story_templates->set_var('story_uid', $story->EditElements('uid')); // user access info $story_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']); $story_templates->set_var('lang_owner', $LANG_ACCESS['owner']); $ownername = COM_getDisplayName($story->EditElements('owner_id')); $story_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', 'uid = ' . (int) $story->EditElements('owner_id'))); $story_templates->set_var('owner_name', $ownername); $story_templates->set_var('owner', $ownername); $story_templates->set_var('owner_id', $story->EditElements('owner_id')); if (SEC_hasRights('story.edit')) { $story_templates->set_var('owner_dropdown', COM_buildOwnerList('owner_id', $story->EditElements('owner_id'))); } else { $ownerInfo = '<input type="hidden" name="owner_id" value="' . $story->editElements('owner_id') . '" />' . $ownername; $story_templates->set_var('owner_dropdown', $ownerInfo); } $story_templates->set_var('lang_group', $LANG_ACCESS['group']); if (SEC_inGroup($story->EditElements('group_id'))) { $story_templates->set_var('group_dropdown', SEC_getGroupDropdown($story->EditElements('group_id'), 3)); } else { $gdrpdown = '<input type="hidden" name="group_id" value="' . $story->EditElements('group_id') . '"/>'; $grpddown .= DB_getItem($_TABLES['groups'], 'grp_name', 'grp_id=' . (int) $story->EditElements('group_id')); $story_templates->set_var('group_dropdown', $grpddown); } $story_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']); $story_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']); $story_templates->set_var('permissions_editor', SEC_getPermissionsHTML($story->EditElements('perm_owner'), $story->EditElements('perm_group'), $story->EditElements('perm_members'), $story->EditElements('perm_anon'))); $story_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']); $curtime = COM_getUserDateTimeFormat($story->EditElements('date')); $story_templates->set_var('lang_date', $LANG24[15]); $story_templates->set_var('publish_second', $story->EditElements('publish_second')); $publish_ampm = ''; $publish_hour = $story->EditElements('publish_hour'); if ($publish_hour >= 12) { if ($publish_hour > 12) { $publish_hour = $publish_hour - 12; } $ampm = 'pm'; } else { $ampm = 'am'; } $ampm_select = COM_getAmPmFormSelection('publish_ampm', $ampm); $story_templates->set_var('publishampm_selection', $ampm_select); $month_options = COM_getMonthFormOptions($story->EditElements('publish_month')); $story_templates->set_var('publish_month_options', $month_options); $day_options = COM_getDayFormOptions($story->EditElements('publish_day')); $story_templates->set_var('publish_day_options', $day_options); $year_options = COM_getYearFormOptions($story->EditElements('publish_year')); $story_templates->set_var('publish_year_options', $year_options); if ($_CONF['hour_mode'] == 24) { $hour_options = COM_getHourFormOptions($story->EditElements('publish_hour'), 24); } else { $hour_options = COM_getHourFormOptions($publish_hour); } $story_templates->set_var('publish_hour_options', $hour_options); $minute_options = COM_getMinuteFormOptions($story->EditElements('publish_minute')); $story_templates->set_var('publish_minute_options', $minute_options); $story_templates->set_var('publish_date_explanation', $LANG24[46]); $story_templates->set_var('story_unixstamp', $story->EditElements('unixdate')); $story_templates->set_var('expire_second', $story->EditElements('expire_second')); $expire_ampm = ''; $expire_hour = $story->EditElements('expire_hour'); if ($expire_hour >= 12) { if ($expire_hour > 12) { $expire_hour = $expire_hour - 12; } $ampm = 'pm'; } else { $ampm = 'am'; } $ampm_select = COM_getAmPmFormSelection('expire_ampm', $ampm); if (empty($ampm_select)) { // have a hidden field to 24 hour mode to prevent JavaScript errors $ampm_select = '<input type="hidden" name="expire_ampm" value=""/>'; } $story_templates->set_var('expireampm_selection', $ampm_select); $month_options = COM_getMonthFormOptions($story->EditElements('expire_month')); $story_templates->set_var('expire_month_options', $month_options); $day_options = COM_getDayFormOptions($story->EditElements('expire_day')); $story_templates->set_var('expire_day_options', $day_options); $year_options = COM_getYearFormOptions($story->EditElements('expire_year')); $story_templates->set_var('expire_year_options', $year_options); if ($_CONF['hour_mode'] == 24) { $hour_options = COM_getHourFormOptions($story->EditElements('expire_hour'), 24); } else { $hour_options = COM_getHourFormOptions($expire_hour); } $story_templates->set_var('expire_hour_options', $hour_options); $minute_options = COM_getMinuteFormOptions($story->EditElements('expire_minute')); $story_templates->set_var('expire_minute_options', $minute_options); $story_templates->set_var('expire_date_explanation', $LANG24[46]); $story_templates->set_var('story_unixstamp', $story->EditElements('expirestamp')); if ($story->EditElements('statuscode') == STORY_ARCHIVE_ON_EXPIRE) { $story_templates->set_var('is_checked2', 'checked="checked"'); $story_templates->set_var('is_checked3', 'checked="checked"'); $story_templates->set_var('showarchivedisabled', 'false'); } elseif ($story->EditElements('statuscode') == STORY_DELETE_ON_EXPIRE) { $story_templates->set_var('is_checked2', 'checked="checked"'); $story_templates->set_var('is_checked4', 'checked="checked"'); $story_templates->set_var('showarchivedisabled', 'false'); } else { $story_templates->set_var('showarchivedisabled', 'true'); } $story_templates->set_var('lang_archivetitle', $LANG24[58]); $story_templates->set_var('lang_option', $LANG24[59]); $story_templates->set_var('lang_enabled', $LANG_ADMIN['enabled']); $story_templates->set_var('lang_story_stats', $LANG24[87]); $story_templates->set_var('lang_optionarchive', $LANG24[61]); $story_templates->set_var('lang_optiondelete', $LANG24[62]); $story_templates->set_var('lang_title', $LANG_ADMIN['title']); $story_templates->set_var('story_title', $story->EditElements('title')); $story_templates->set_var('story_subtitle', $story->EditElements('subtitle')); $story_templates->set_var('lang_topic', $LANG_ADMIN['topic']); $story_templates->set_var('lang_alt_topic', $LANG_ADMIN['alt_topic']); $story_templates->set_var('topic_options', $allowedTopicList); $story_templates->set_var('alt_topic_options', $allowedAltTopicList); $story_templates->set_var('lang_show_topic_icon', $LANG24[56]); if ($story->EditElements('show_topic_icon') == 1) { $story_templates->set_var('show_topic_icon_checked', 'checked="checked"'); } else { $story_templates->set_var('show_topic_icon_checked', ''); } $story_templates->set_var('story_image_url', $story->EditElements('story_image')); $story_templates->set_var('lang_draft', $LANG24[34]); if ($story->EditElements('draft_flag')) { $story_templates->set_var('is_checked', 'checked="checked"'); $story_templates->set_var('unpublished_selected', 'selected="selected"'); } else { $story_templates->set_var('published_selected', 'selected="selected"'); } $story_templates->set_var('lang_mode', $LANG24[3]); $story_templates->set_var('status_options', COM_optionList($_TABLES['statuscodes'], 'code,name', $story->EditElements('statuscode'))); $story_templates->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $story->EditElements('commentcode'))); $story_templates->set_var('trackback_options', COM_optionList($_TABLES['trackbackcodes'], 'code,name', $story->EditElements('trackbackcode'))); // comment expire $story_templates->set_var('lang_cmt_disable', $LANG24[63]); if ($story->EditElements('cmt_close')) { $story_templates->set_var('is_checked5', 'checked="checked"'); //check box if enabled $story_templates->set_var('showcmtclosedisabled', 'false'); } else { $story_templates->set_var('showcmtclosedisabled', 'true'); } $month_options = COM_getMonthFormOptions($story->EditElements('cmt_close_month')); $story_templates->set_var('cmt_close_month_options', $month_options); $day_options = COM_getDayFormOptions($story->EditElements('cmt_close_day')); $story_templates->set_var('cmt_close_day_options', $day_options); $year_options = COM_getYearFormOptions($story->EditElements('cmt_close_year')); $story_templates->set_var('cmt_close_year_options', $year_options); $cmt_close_ampm = ''; $cmt_close_hour = $story->EditElements('cmt_close_hour'); //correct hour if ($cmt_close_hour >= 12) { if ($cmt_close_hour > 12) { $cmt_close_hour = $cmt_close_hour - 12; } $ampm = 'pm'; } else { $ampm = 'am'; } $ampm_select = COM_getAmPmFormSelection('cmt_close_ampm', $ampm); if (empty($ampm_select)) { // have a hidden field to 24 hour mode to prevent JavaScript errors $ampm_select = '<input type="hidden" name="cmt_close_ampm" value="" />'; } $story_templates->set_var('cmt_close_ampm_selection', $ampm_select); if ($_CONF['hour_mode'] == 24) { $hour_options = COM_getHourFormOptions($story->EditElements('cmt_close_hour'), 24); } else { $hour_options = COM_getHourFormOptions($cmt_close_hour); } $story_templates->set_var('cmt_close_hour_options', $hour_options); $minute_options = COM_getMinuteFormOptions($story->EditElements('cmt_close_minute')); $story_templates->set_var('cmt_close_minute_options', $minute_options); $story_templates->set_var('cmt_close_second', $story->EditElements('cmt_close_second')); if ($_CONF['onlyrootfeatures'] == 1 && SEC_inGroup('Root') or $_CONF['onlyrootfeatures'] !== 1) { $featured_options = "<select name=\"featured\">" . LB . COM_optionList($_TABLES['featurecodes'], 'code,name', $story->EditElements('featured')) . "</select>" . LB; $featured_options_data = COM_optionList($_TABLES['featurecodes'], 'code,name', $story->EditElements('featured')); $story_templates->set_var('featured_options_data', $featured_options_data); } else { $featured_options = "<input type=\"hidden\" name=\"featured\" value=\"0\"/>"; $story_templates->unset_var('featured_options_data'); } $story_templates->set_var('featured_options', $featured_options); $story_templates->set_var('frontpage_options', COM_optionList($_TABLES['frontpagecodes'], 'code,name', $story->EditElements('frontpage'))); $story_templates->set_var('story_introtext', $story->EditElements('introtext')); $story_templates->set_var('story_bodytext', $story->EditElements('bodytext')); $story_templates->set_var('lang_introtext', $LANG24[16]); $story_templates->set_var('lang_bodytext', $LANG24[17]); $story_templates->set_var('lang_postmode', $LANG24[4]); $story_templates->set_var('lang_publishoptions', $LANG24[76]); $story_templates->set_var('lang_publishdate', $LANG24[69]); $story_templates->set_var('lang_nojavascript', $LANG24[77]); $story_templates->set_var('postmode', $story->EditElements('postmode')); if ($story->EditElements('postmode') == 'plaintext' || $story->EditElements('postmode') == 'text') { $allowedHTML = ''; } else { $allowedHTML = COM_allowedHTML(SEC_getUserPermissions(), false, 'glfusion', 'story') . '<br/>'; } $allowedHTML .= COM_allowedAutotags(SEC_getUserPermissions(), false, 'glfusion', 'story'); $story_templates->set_var('lang_allowed_html', $allowedHTML); $fileinputs = ''; $saved_images = ''; if ($_CONF['maximagesperarticle'] > 0) { $story_templates->set_var('lang_images', $LANG24[47]); $icount = DB_count($_TABLES['article_images'], 'ai_sid', DB_escapeString($story->getSid())); if ($icount > 0) { $result_articles = DB_query("SELECT * FROM {$_TABLES['article_images']} WHERE ai_sid = '" . DB_escapeString($story->getSid()) . "'"); for ($z = 1; $z <= $icount; $z++) { $I = DB_fetchArray($result_articles); $saved_images .= $z . ') ' . COM_createLink($I['ai_filename'], $_CONF['site_url'] . '/images/articles/' . $I['ai_filename']) . ' ' . $LANG_ADMIN['delete'] . ': <input type="checkbox" name="delete[' . $I['ai_img_num'] . ']" /><br />'; } } $newallowed = $_CONF['maximagesperarticle'] - $icount; for ($z = $icount + 1; $z <= $_CONF['maximagesperarticle']; $z++) { $fileinputs .= $z . ') <input type="file" dir="ltr" name="file[]' . '" />'; if ($z < $_CONF['maximagesperarticle']) { $fileinputs .= '<br />'; } } $fileinputs .= '<br />' . $LANG24[51]; if ($_CONF['allow_user_scaling'] == 1) { $fileinputs .= $LANG24[27]; } $fileinputs .= $LANG24[28] . '<br />'; } $story_templates->set_var('saved_images', $saved_images); $story_templates->set_var('image_form_elements', $fileinputs); $story_templates->set_var('lang_hits', $LANG24[18]); $story_templates->set_var('story_hits', $story->EditElements('hits')); $story_templates->set_var('lang_comments', $LANG24[19]); $story_templates->set_var('story_comments', $story->EditElements('comments')); $story_templates->set_var('lang_trackbacks', $LANG24[29]); $story_templates->set_var('story_trackbacks', $story->EditElements('trackbacks')); $story_templates->set_var('lang_emails', $LANG24[39]); $story_templates->set_var('story_emails', $story->EditElements('numemails')); if ($_CONF['rating_enabled']) { $rating = @number_format($story->EditElements('rating'), 2); $votes = $story->EditElements('votes'); $story_templates->set_var('rating', $rating); $story_templates->set_var('votes', $votes); } $story_templates->set_var('attribution_url', $story->EditElements('attribution_url')); $story_templates->set_var('attribution_name', $story->EditElements('attribution_name')); $story_templates->set_var('attribution_author', $story->EditElements('attribution_author')); $story_templates->set_var('lang_attribution_url', $LANG24[105]); $story_templates->set_var('lang_attribution_name', $LANG24[106]); $story_templates->set_var('lang_attribution_author', $LANG24[107]); $story_templates->set_var('lang_attribution', $LANG24[108]); $sec_token_name = CSRF_TOKEN; $sec_token = SEC_createToken(); $story_templates->set_var('story_id', $story->getSid()); $story_templates->set_var('old_story_id', $story->EditElements('originalSid')); $story_templates->set_var('lang_sid', $LANG24[12]); $story_templates->set_var('lang_save', $saveoption); $story_templates->set_var('lang_preview', $LANG_ADMIN['preview']); $story_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']); $story_templates->set_var('lang_delete', $LANG_ADMIN['delete']); $story_templates->set_var('lang_timeout', $LANG_ADMIN['timeout_msg']); $story_templates->set_var('gltoken_name', CSRF_TOKEN); $story_templates->set_var('gltoken', $sec_token); $story_templates->set_var('security_token', $sec_token); $story_templates->set_var('security_token_name', $sec_token_name); $story_templates->set_var('end_block', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'))); PLG_templateSetVars('storyeditor', $story_templates); if ($story->EditElements('postmode') != 'html') { $story_templates->unset_var('wysiwyg'); } SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false); $story_templates->parse('output', 'editor'); $display .= $story_templates->finish($story_templates->get_var('output')); return $display; }
/** * Submit a new or updated story. The story is updated if it exists, or a new one is created * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @return int Response code as defined in lib-plugins.php */ function service_submit_story($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS; if (!SEC_hasRights('story.edit')) { $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30])); return PLG_RET_AUTH_FAILED; } require_once $_CONF['path_system'] . 'lib-comment.php'; if (!$_CONF['disable_webservices']) { require_once $_CONF['path_system'] . 'lib-webservices.php'; } $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit) { /* This is EDIT mode, so there should be an old sid */ if (empty($args['old_sid'])) { if (!empty($args['id'])) { $args['old_sid'] = $args['id']; } else { return PLG_RET_ERROR; } if (empty($args['sid'])) { $args['sid'] = $args['old_sid']; } } } else { if (empty($args['sid']) && !empty($args['id'])) { $args['sid'] = $args['id']; } } // Store the first CATEGORY as the Topic ID if (!empty($args['category'][0])) { $args['tid'] = $args['category'][0]; } $content = ''; if (!empty($args['content'])) { $content = $args['content']; } else { if (!empty($args['summary'])) { $content = $args['summary']; } } if (!empty($content)) { $parts = explode('[page_break]', $content); if (count($parts) == 1) { $args['introtext'] = $content; $args['bodytext'] = ''; } else { $args['introtext'] = array_shift($parts); $args['bodytext'] = implode('[page_break]', $parts); } } // Apply filters to the parameters passed by the webservice if ($args['gl_svc']) { if (isset($args['mode'])) { $args['mode'] = COM_applyBasicFilter($args['mode']); } if (isset($args['editopt'])) { $args['editopt'] = COM_applyBasicFilter($args['editopt']); } } // - START: Set all the defaults - /* if (empty($args['tid'])) { // see if we have a default topic $topic = DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND')); if (!empty($topic)) { $args['tid'] = $topic; } else { // otherwise, just use the first one $o = array(); $s = array(); if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) { $args['tid'] = $o[0]; } else { $svc_msg['error_desc'] = 'No topics available'; return PLG_RET_ERROR; } } } */ /* This is a solution for above but the above has issues if (!TOPIC_checkTopicSelectionControl()) { $svc_msg['error_desc'] = 'No topics selected or available'; return PLG_RET_ERROR; } */ if (empty($args['owner_id'])) { $args['owner_id'] = $_USER['uid']; } if (empty($args['group_id'])) { $args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']); } if (empty($args['postmode'])) { $args['postmode'] = $_CONF['postmode']; if (!empty($args['content_type'])) { if ($args['content_type'] == 'text') { $args['postmode'] = 'text'; } else { if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') { $args['postmode'] = 'html'; } } } } if ($args['gl_svc']) { // Permissions if (!isset($args['perm_owner'])) { $args['perm_owner'] = $_CONF['default_permissions_story'][0]; } else { $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true); } if (!isset($args['perm_group'])) { $args['perm_group'] = $_CONF['default_permissions_story'][1]; } else { $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true); } if (!isset($args['perm_members'])) { $args['perm_members'] = $_CONF['default_permissions_story'][2]; } else { $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true); } if (!isset($args['perm_anon'])) { $args['perm_anon'] = $_CONF['default_permissions_story'][3]; } else { $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true); } if (!isset($args['draft_flag'])) { $args['draft_flag'] = $_CONF['draft_flag']; } if (empty($args['frontpage'])) { $args['frontpage'] = $_CONF['frontpage']; } if (empty($args['show_topic_icon'])) { $args['show_topic_icon'] = $_CONF['show_topic_icon']; } } // - END: Set all the defaults - // TEST CODE /* foreach ($args as $k => $v) { if (!is_array($v)) { echo "$k => $v\r\n"; } else { echo "$k => $v\r\n"; foreach ($v as $k1 => $v1) { echo " $k1 => $v1\r\n"; } } }*/ // exit (); // END TEST CODE if (!isset($args['sid'])) { $args['sid'] = ''; } $args['sid'] = COM_sanitizeID($args['sid']); if (!$gl_edit) { if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) { $slug = ''; if (isset($args['slug'])) { $slug = $args['slug']; } if (function_exists('WS_makeId')) { $args['sid'] = WS_makeId($slug, STORY_MAX_ID_LENGTH); } else { $args['sid'] = COM_makeSid(); } } } $story = new Story(); $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit && !empty($args['gl_etag'])) { // First load the original story to check if it has been modified $result = $story->loadFromDatabase($args['sid']); if ($result == STORY_LOADED_OK) { if ($args['gl_etag'] != date('c', $story->_date)) { $svc_msg['error_desc'] = 'A more recent version of the story is available'; return PLG_RET_PRECONDITION_FAILED; } } else { $svc_msg['error_desc'] = 'Error loading story'; return PLG_RET_ERROR; } } // This function is also doing the security checks $result = $story->loadFromArgsArray($args); $sid = $story->getSid(); // Check if topics selected if not prompt required field if ($result == STORY_LOADED_OK) { if (!TOPIC_checkTopicSelectionControl()) { $result = STORY_EMPTY_REQUIRED_FIELDS; } } switch ($result) { case STORY_DUPLICATE_SID: $output .= COM_errorLog($LANG24[24], 2); if (!$args['gl_svc']) { $output .= storyeditor($sid); } $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[5])); return PLG_RET_ERROR; break; case STORY_EXISTING_NO_EDIT_PERMISSION: $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}."); return PLG_RET_PERMISSION_DENIED; break; case STORY_NO_ACCESS_PARAMS: $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}."); return PLG_RET_PERMISSION_DENIED; break; case STORY_EMPTY_REQUIRED_FIELDS: $output .= COM_errorLog($LANG24[31], 2); if (!$args['gl_svc']) { $output .= storyeditor($sid); } $output = COM_createHTMLDocument($output); return PLG_RET_ERROR; break; default: break; } /* Image upload is not supported by the web-service at present */ if (!$args['gl_svc']) { // Delete any images if needed if (array_key_exists('delete', $args)) { $delete = count($args['delete']); for ($i = 1; $i <= $delete; $i++) { $ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete'])); STORY_deleteImage($ai_filename); DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete'])); next($args['delete']); } } // OK, let's upload any pictures with the article if (DB_count($_TABLES['article_images'], 'ai_sid', $sid) > 0) { $index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '{$sid}'") + 1; } else { $index_start = 1; } if (count($_FILES) > 0 && $_CONF['maximagesperarticle'] > 0) { require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new Upload(); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } $upload->setMaxFileUploads($_CONF['maximagesperarticle']); if (!empty($_CONF['image_lib'])) { if ($_CONF['image_lib'] == 'imagemagick') { // Using imagemagick $upload->setMogrifyPath($_CONF['path_to_mogrify']); } elseif ($_CONF['image_lib'] == 'netpbm') { // using netPBM $upload->setNetPBM($_CONF['path_to_netpbm']); } elseif ($_CONF['image_lib'] == 'gdlib') { // using the GD library $upload->setGDLib(); } $upload->setAutomaticResize(true); if ($_CONF['keep_unscaled_image'] == 1) { $upload->keepOriginalImage(true); } else { $upload->keepOriginalImage(false); } if (isset($_CONF['jpeg_quality'])) { $upload->setJpegQuality($_CONF['jpeg_quality']); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); if (!$upload->setPath($_CONF['path_images'] . 'articles')) { $output = COM_showMessageText($upload->printErrors(false), $LANG24[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30])); echo $output; exit; } // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will // force any images bigger than the passed dimensions to be resized. // If mogrify is not set, any images larger than these dimensions // will get validation errors $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']); $upload->setMaxFileSize($_CONF['max_image_size']); // size in bytes, 1048576 = 1MB // Set file permissions on file after it gets uploaded (number is in octal) $upload->setPerms('0644'); $filenames = array(); $end_index = $index_start + $upload->numFiles() - 1; for ($z = $index_start; $z <= $end_index; $z++) { $curfile = current($_FILES); if (!empty($curfile['name'])) { $pos = strrpos($curfile['name'], '.') + 1; $fextension = substr($curfile['name'], $pos); $filenames[] = $sid . '_' . $z . '.' . $fextension; } next($_FILES); } $upload->setFileNames($filenames); reset($_FILES); $upload->uploadFiles(); if ($upload->areErrors()) { $retval = COM_showMessageText($upload->printErrors(false), $LANG24[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30])); echo $retval; exit; } reset($filenames); for ($z = $index_start; $z <= $end_index; $z++) { DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('{$sid}', {$z}, '" . current($filenames) . "')"); next($filenames); } } if ($_CONF['maximagesperarticle'] > 0) { $errors = $story->checkAttachedImages(); if (count($errors) > 0) { $output .= COM_startBlock($LANG24[54], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $LANG24[55] . LB . '<ul>' . LB; foreach ($errors as $err) { $output .= '<li>' . $err . '</li>' . LB; } $output .= '</ul>' . LB; $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= storyeditor($sid); $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[54])); echo $output; exit; } } } $result = $story->saveToDatabase(); if ($result == STORY_SAVED) { // see if any plugins want to act on that story if (!empty($args['old_sid']) && $args['old_sid'] != $sid) { PLG_itemSaved($sid, 'article', $args['old_sid']); } else { PLG_itemSaved($sid, 'article'); } // update feed(s) COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid); COM_rdfUpToDateCheck('comment'); STORY_updateLastArticlePublished(); CMT_updateCommentcodes(); if ($story->type == 'submission') { $output = COM_refresh($_CONF['site_admin_url'] . '/moderation.php?msg=9'); } else { $output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9); } /* @TODO Set the object id here */ $svc_msg['id'] = $sid; return PLG_RET_OK; } }
/** * Submit a new or updated story. The story is updated if it exists, or a new one is created * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @return int Response code as defined in lib-plugins.php */ function service_submit_story($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS; if (!SEC_hasRights('story.edit')) { $output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30], true); return PLG_RET_AUTH_FAILED; } $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit) { /* This is EDIT mode, so there should be an old sid */ if (empty($args['old_sid'])) { if (!empty($args['id'])) { $args['old_sid'] = $args['id']; } else { return PLG_RET_ERROR; } if (empty($args['sid'])) { $args['sid'] = $args['old_sid']; } } } else { if (empty($args['sid']) && !empty($args['id'])) { $args['sid'] = $args['id']; } } /* Store the first CATEGORY as the Topic ID */ if (!empty($args['category'][0])) { $args['tid'] = $args['category'][0]; } $content = ''; if (!empty($args['content'])) { $content = $args['content']; } else { if (!empty($args['summary'])) { $content = $args['summary']; } } if (!empty($content)) { $parts = explode('[page_break]', $content); if (count($parts) == 1) { $args['introtext'] = $content; $args['bodytext'] = ''; } else { $args['introtext'] = array_shift($parts); $args['bodytext'] = implode('[page_break]', $parts); } } /* Apply filters to the parameters passed by the webservice */ if ($args['gl_svc']) { if (isset($args['mode'])) { $args['mode'] = COM_applyBasicFilter($args['mode']); } if (isset($args['editopt'])) { $args['editopt'] = COM_applyBasicFilter($args['editopt']); } } /* - START: Set all the defaults - */ if (empty($args['tid'])) { // see if we have a default topic $topic = DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND')); if (!empty($topic)) { $args['tid'] = $topic; } else { // otherwise, just use the first one $o = array(); $s = array(); if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) { $args['tid'] = $o[0]; } else { $svc_msg['error_desc'] = 'No topics available'; return PLG_RET_ERROR; } } } if (empty($args['owner_id'])) { $args['owner_id'] = $_USER['uid']; } if (empty($args['group_id'])) { $args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']); } if (isset($args['alternate_id']) && $args['tid'] == $args['alternate_id']) { $args['alternate_id'] = NULL; } if (empty($args['postmode'])) { $args['postmode'] = $_CONF['postmode']; if (!empty($args['content_type'])) { if ($args['content_type'] == 'text') { $args['postmode'] = 'text'; } else { if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') { $args['postmode'] = 'html'; } } } } if ($args['gl_svc']) { /* Permissions */ if (!isset($args['perm_owner'])) { $args['perm_owner'] = $_CONF['default_permissions_story'][0]; } else { $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true); } if (!isset($args['perm_group'])) { $args['perm_group'] = $_CONF['default_permissions_story'][1]; } else { $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true); } if (!isset($args['perm_members'])) { $args['perm_members'] = $_CONF['default_permissions_story'][2]; } else { $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true); } if (!isset($args['perm_anon'])) { $args['perm_anon'] = $_CONF['default_permissions_story'][3]; } else { $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true); } if (!isset($args['draft_flag'])) { $args['draft_flag'] = $_CONF['draft_flag']; } if (empty($args['frontpage'])) { $args['frontpage'] = $_CONF['frontpage']; } if (empty($args['show_topic_icon'])) { $args['show_topic_icon'] = $_CONF['show_topic_icon']; } } /* - END: Set all the defaults - */ if (!isset($args['sid'])) { $args['sid'] = ''; } $args['sid'] = COM_sanitizeID($args['sid']); if (!$gl_edit) { if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) { $args['sid'] = WS_makeId($args['slug'], STORY_MAX_ID_LENGTH); } } $story = new Story(); $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit && !empty($args['gl_etag'])) { /* First load the original story to check if it has been modified */ $result = $story->loadFromDatabase($args['sid']); if ($result == STORY_LOADED_OK) { if ($args['gl_etag'] != date('c', $story->_date)) { $svc_msg['error_desc'] = 'A more recent version of the story is available'; return PLG_RET_PRECONDITION_FAILED; } } else { $svc_msg['error_desc'] = 'Error loading story'; return PLG_RET_ERROR; } } /* This function is also doing the security checks */ $result = $story->loadFromArgsArray($args); $sid = $story->getSid(); switch ($result) { case STORY_DUPLICATE_SID: if (!$args['gl_svc']) { if (isset($args['type']) && $args['type'] == 'submission') { $output .= STORY_edit($sid, 'moderate'); } else { $output .= STORY_edit($sid, 'error'); } } return PLG_RET_ERROR; case STORY_EXISTING_NO_EDIT_PERMISSION: $output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30]); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}."); return PLG_RET_PERMISSION_DENIED; case STORY_NO_ACCESS_PARAMS: $output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30]); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}."); return PLG_RET_PERMISSION_DENIED; case STORY_EMPTY_REQUIRED_FIELDS: if (!$args['gl_svc']) { $output .= STORY_edit($sid, 'error'); } return PLG_RET_ERROR; default: break; } /* Image upload is not supported by the web-service at present */ if (!$args['gl_svc']) { // Delete any images if needed if (array_key_exists('delete', $args)) { $delete = count($args['delete']); for ($i = 1; $i <= $delete; $i++) { $ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '" . DB_escapeString($sid) . "' AND ai_img_num = " . intval(key($args['delete']))); STORY_deleteImage($ai_filename); DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '" . DB_escapeString($sid) . "' AND ai_img_num = '" . intval(key($args['delete'])) . "'"); next($args['delete']); } } // OK, let's upload any pictures with the article if (DB_count($_TABLES['article_images'], 'ai_sid', DB_escapeString($sid)) > 0) { $index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '" . DB_escapeString($sid) . "'") + 1; } else { $index_start = 1; } if (count($_FILES) > 0 and $_CONF['maximagesperarticle'] > 0) { require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } $upload->setMaxFileUploads($_CONF['maximagesperarticle']); $upload->setAutomaticResize(true); if ($_CONF['keep_unscaled_image'] == 1) { $upload->keepOriginalImage(true); } else { $upload->keepOriginalImage(false); } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); $upload->setFieldName('file'); //@TODO - better error handling... if (!$upload->setPath($_CONF['path_images'] . 'articles')) { $output = COM_siteHeader('menu', $LANG24[30]); $output .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true); $output .= COM_siteFooter(); echo $output; exit; } // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will // force any images bigger than the passed dimensions to be resized. // If mogrify is not set, any images larger than these dimensions // will get validation errors $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']); $upload->setMaxFileSize($_CONF['max_image_size']); // size in bytes, 1048576 = 1MB // Set file permissions on file after it gets uploaded (number is in octal) $upload->setPerms('0644'); $filenames = array(); $sql = "SELECT MAX(ai_img_num) + 1 AS ai_img_num FROM " . $_TABLES['article_images'] . " WHERE ai_sid = '" . DB_escapeString($sid) . "'"; $result = DB_query($sql, 1); $row = DB_fetchArray($result); $ai_img_num = $row['ai_img_num']; if ($ai_img_num < 1) { $ai_img_num = 1; } for ($z = 0; $z < $_CONF['maximagesperarticle']; $z++) { $curfile['name'] = ''; if (isset($_FILES['file']['name'][$z])) { $curfile['name'] = $_FILES['file']['name'][$z]; } if (!empty($curfile['name'])) { $pos = strrpos($curfile['name'], '.') + 1; $fextension = substr($curfile['name'], $pos); $filenames[] = $sid . '_' . $ai_img_num . '.' . $fextension; $ai_img_num++; } else { $filenames[] = ''; } } $upload->setFileNames($filenames); $upload->uploadFiles(); //@TODO - better error handling if ($upload->areErrors()) { $retval = COM_siteHeader('menu', $LANG24[30]); $retval .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true); $retval .= STORY_edit($sid, 'error'); $retval .= COM_siteFooter(); echo $retval; exit; } for ($z = 0; $z < $_CONF['maximagesperarticle']; $z++) { if ($filenames[$z] != '') { $sql = "SELECT MAX(ai_img_num) + 1 AS ai_img_num FROM " . $_TABLES['article_images'] . " WHERE ai_sid = '" . DB_escapeString($sid) . "'"; $result = DB_query($sql, 1); $row = DB_fetchArray($result); $ai_img_num = $row['ai_img_num']; if ($ai_img_num < 1) { $ai_img_num = 1; } DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('" . DB_escapeString($sid) . "', {$ai_img_num}, '" . DB_escapeString($filenames[$z]) . "')"); } } } if ($_CONF['maximagesperarticle'] > 0) { $errors = $story->checkImages(); if (count($errors) > 0) { $output = COM_siteHeader('menu', $LANG24[54]); $eMsg = $LANG24[55] . '<p>'; for ($i = 1; $i <= count($errors); $i++) { $eMsg .= current($errors) . '<br />'; next($errors); } //@TODO - use return here... $output .= COM_showMessageText($eMsg, $LANG24[54], true); $output .= STORY_edit($sid, 'error'); $output .= COM_siteFooter(); echo $output; exit; } } } $result = $story->saveToDatabase(); if ($result == STORY_SAVED) { // see if any plugins want to act on that story if (!empty($args['old_sid']) && $args['old_sid'] != $sid) { PLG_itemSaved($sid, 'article', $args['old_sid']); } else { PLG_itemSaved($sid, 'article'); } // update feed(s) and Older Stories block COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid); COM_olderStuff(); if ($story->type == 'submission') { COM_setMessage(9); echo COM_refresh($_CONF['site_admin_url'] . '/moderation.php'); exit; } else { $output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9); } /* @TODO Set the object id here */ $svc_msg['id'] = $sid; return PLG_RET_OK; } }