| [ Index ] |
|
Code source de GeekLog 1.4.1 |
1 <?php 2 3 /* Reminder: always indent with 4 spaces (no tabs). */ 4 // +---------------------------------------------------------------------------+ 5 // | Geeklog 1.4 | 6 // +---------------------------------------------------------------------------+ 7 // | block.php | 8 // | | 9 // | Geeklog block administration. | 10 // +---------------------------------------------------------------------------+ 11 // | Copyright (C) 2000-2006 by the following authors: | 12 // | | 13 // | Authors: Tony Bibbs - tony AT tonybibbs DOT com | 14 // | Mark Limburg - mlimburg AT users DOT sourceforge DOT net | 15 // | Jason Whittenburg - jwhitten AT securitygeeks DOT com | 16 // | Dirk Haun - dirk AT haun-online DOT de | 17 // | Michael Jervis - mike AT fuckingbrit DOT com | 18 // +---------------------------------------------------------------------------+ 19 // | | 20 // | This program is free software; you can redistribute it and/or | 21 // | modify it under the terms of the GNU General Public License | 22 // | as published by the Free Software Foundation; either version 2 | 23 // | of the License, or (at your option) any later version. | 24 // | | 25 // | This program is distributed in the hope that it will be useful, | 26 // | but WITHOUT ANY WARRANTY; without even the implied warranty of | 27 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 28 // | GNU General Public License for more details. | 29 // | | 30 // | You should have received a copy of the GNU General Public License | 31 // | along with this program; if not, write to the Free Software Foundation, | 32 // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | 33 // | | 34 // +---------------------------------------------------------------------------+ 35 // 36 // $Id: block.php,v 1.108 2006/10/03 09:02:27 dhaun Exp $ 37 38 require_once ('../lib-common.php'); 39 require_once ('auth.inc.php'); 40 41 // Uncomment the line below if you need to debug the HTTP variables being passed 42 // to the script. This will sometimes cause errors but it will allow you to see 43 // the data being passed in a POST operation 44 // echo COM_debug($_POST); 45 46 if (!SEC_hasRights ('block.edit')) { 47 $display .= COM_siteHeader ('menu', $MESSAGE[30]) 48 . COM_startBlock ($MESSAGE[30], '', 49 COM_getBlockTemplate ('_msg_block', 'header')) 50 . $MESSAGE[33] 51 . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')) 52 . COM_siteFooter (); 53 COM_accessLog ("User {$_USER['username']} tried to illegally access the block administration screen"); 54 echo $display; 55 exit; 56 } 57 58 59 /** 60 * Check for block topic access (need to handle 'all' and 'homeonly' as 61 * special cases) 62 * 63 * @param string $tid ID for topic to check on 64 * @return int returns 3 for read/edit 2 for read only 0 for no access 65 * 66 */ 67 function hasBlockTopicAccess ($tid) 68 { 69 $access = 0; 70 71 if (($tid == 'all') || ($tid == 'homeonly')) { 72 $access = 3; 73 } else { 74 $access = SEC_hasTopicAccess ($tid); 75 } 76 77 return $access; 78 } 79 80 /** 81 * Shows default block editor 82 * 83 * Default blocks are those blocks that Geeklog requires to function 84 * properly. Because of their special role, they have restricted 85 * edit properties so this form shows that. 86 * 87 * @param array $A Array of data to show on form 88 * @param int $access Permissions this user has 89 * @return string HTML for default block editor 90 * 91 */ 92 function editdefaultblock ($A, $access) 93 { 94 global $_CONF, $_TABLES, $_USER, $LANG21, $LANG_ACCESS, $LANG_ADMIN; 95 96 $retval = ''; 97 98 $retval .= COM_startBlock ($LANG21[3], '', 99 COM_getBlockTemplate ('_admin_block', 'header')); 100 101 $block_templates = new Template($_CONF['path_layout'] . 'admin/block'); 102 $block_templates->set_file('editor','defaultblockeditor.thtml'); 103 $block_templates->set_var('site_url', $_CONF['site_url']); 104 $block_templates->set_var('site_admin_url', $_CONF['site_admin_url']); 105 $block_templates->set_var('layout_url', $_CONF['layout_url']); 106 $block_templates->set_var('block_id', $A['bid']); 107 // standard Admin strings 108 $block_templates->set_var('lang_blocktitle', $LANG_ADMIN['title']); 109 $block_templates->set_var('lang_enabled', $LANG_ADMIN['enabled']); 110 $block_templates->set_var('lang_blockhelpurl', $LANG_ADMIN['help_url']); 111 $block_templates->set_var('lang_topic', $LANG_ADMIN['topic']); 112 $block_templates->set_var('lang_save', $LANG_ADMIN['save']); 113 $block_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']); 114 $block_templates->set_var('lang_blocktype', $LANG_ADMIN['type']); 115 116 $block_templates->set_var('block_title', stripslashes ($A['title'])); 117 if ($A['is_enabled'] == 1) { 118 $block_templates->set_var('is_enabled', 'checked="checked"'); 119 } else { 120 $block_templates->set_var('is_enabled', ''); 121 } 122 $block_templates->set_var('block_help', $A['help']); 123 $block_templates->set_var('lang_includehttp', $LANG21[51]); 124 $block_templates->set_var('lang_explanation', $LANG21[52]); 125 $block_templates->set_var('block_name',$A['name']); 126 $block_templates->set_var('lang_blockname', $LANG21[48]); 127 $block_templates->set_var('lang_homeonly', $LANG21[43]); 128 if ($A['tid'] == 'all') { 129 $block_templates->set_var('all_selected', 'selected="selected"'); 130 } else if ($A['tid'] == 'homeonly') { 131 $block_templates->set_var('homeonly_selected', 'selected="selected"'); 132 } 133 $block_templates->set_var('topic_options', 134 COM_topicList ('tid,topic', $A['tid'], 1, true)); 135 $block_templates->set_var('lang_all', $LANG21[7]); 136 $block_templates->set_var('lang_side', $LANG21[39]); 137 $block_templates->set_var('lang_left', $LANG21[40]); 138 $block_templates->set_var('lang_right', $LANG21[41]); 139 140 if ($A['onleft'] == 1) { 141 $block_templates->set_var('left_selected', 'selected="selected"'); 142 } else if ($A['onleft'] == 0) { 143 $block_templates->set_var('right_selected', 'selected="selected"'); 144 } 145 $block_templates->set_var('lang_blockorder', $LANG21[9]); 146 $block_templates->set_var('block_order', $A['blockorder']); 147 $block_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']); 148 $block_templates->set_var('lang_owner', $LANG_ACCESS['owner']); 149 $ownername = COM_getDisplayName ($A['owner_id']); 150 $block_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 151 'username', "uid = '{$A['owner_id']}'")); 152 $block_templates->set_var('owner_name', $ownername); 153 $block_templates->set_var('owner', $ownername); 154 $block_templates->set_var('owner_id', $A['owner_id']); 155 156 $block_templates->set_var('lang_group', $LANG_ACCESS['group']); 157 $block_templates->set_var('group_dropdown', 158 SEC_getGroupDropdown ($A['group_id'], $access)); 159 $block_templates->set_var('group_name', DB_getItem ($_TABLES['groups'], 160 'grp_name', "grp_id = '{$A['group_id']}'")); 161 $block_templates->set_var('group_id', $A['group_id']); 162 $block_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']); 163 $block_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']); 164 $block_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon'])); 165 $block_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']); 166 $block_templates->parse('output','editor'); 167 $retval .= $block_templates->finish($block_templates->get_var('output')); 168 $retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer')); 169 170 return $retval; 171 } 172 173 /** 174 * Shows the block editor 175 * 176 * This will show a block edit form. If this is a Geeklog default block it will 177 * send it off to editdefaultblock. 178 * 179 * @param string $bid ID of block to edit 180 * @return string HTML for block editor 181 * 182 */ 183 function editblock ($bid = '') 184 { 185 global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG01, $LANG21, $LANG_ACCESS, 186 $LANG_ADMIN, $MESSAGE; 187 188 $retval = ''; 189 190 if (!empty($bid)) { 191 $result = DB_query("SELECT * FROM {$_TABLES['blocks']} WHERE bid ='$bid'"); 192 $A = DB_fetchArray($result); 193 $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']); 194 if ($access == 2 || $access == 0 || hasBlockTopicAccess ($A['tid']) < 3) { 195 $retval .= COM_startBlock ($LANG_ACCESS['accessdenied'], '', 196 COM_getBlockTemplate ('_msg_block', 'header')) 197 . $LANG21[45] 198 . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 199 COM_accessLog("User {$_USER['username']} tried to illegally create or edit block $bid."); 200 201 return $retval; 202 } 203 if ($A['type'] == 'gldefault') { 204 $retval .= editdefaultblock($A,$access); 205 return $retval; 206 } 207 } else { 208 $A['bid'] = 0; 209 $A['is_enabled'] = 1; 210 $A['name'] = ''; 211 $A['type'] = 'normal'; 212 $A['title'] = ''; 213 $A['tid'] = 'All'; 214 $A['blockorder'] = 0; 215 $A['content'] = ''; 216 $A['allow_autotags'] = 0; 217 $A['rdfurl'] = ''; 218 $A['rdfupdated'] = ''; 219 $A['rdflimit'] = 0; 220 $A['onleft'] = 0; 221 $A['phpblockfn'] = ''; 222 $A['help'] = ''; 223 $A['owner_id'] = $_USER['uid']; 224 if (isset ($_GROUPS['Block Admin'])) { 225 $A['group_id'] = $_GROUPS['Block Admin']; 226 } else { 227 $A['group_id'] = SEC_getFeatureGroup ('block.edit'); 228 } 229 SEC_setDefaultPermissions ($A, $_CONF['default_permissions_block']); 230 $access = 3; 231 } 232 233 $block_templates = new Template($_CONF['path_layout'] . 'admin/block'); 234 $block_templates->set_file('editor','blockeditor.thtml'); 235 $block_templates->set_var('site_url', $_CONF['site_url']); 236 $block_templates->set_var('site_admin_url', $_CONF['site_admin_url']); 237 $block_templates->set_var('layout_url', $_CONF['layout_url']); 238 $block_templates->set_var('start_block_editor', COM_startBlock ($LANG21[3], 239 '', COM_getBlockTemplate ('_admin_block', 'header'))); 240 241 if (!empty($bid) && SEC_hasrights('block.delete')) { 242 $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] 243 . '" name="mode"%s>'; 244 $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; 245 $block_templates->set_var ('delete_option', 246 sprintf ($delbutton, $jsconfirm)); 247 $block_templates->set_var ('delete_option_no_confirmation', 248 sprintf ($delbutton, '')); 249 } 250 251 $block_templates->set_var('block_bid', $A['bid']); 252 // standard Admin strings 253 $block_templates->set_var('lang_blocktitle', $LANG_ADMIN['title']); 254 $block_templates->set_var('lang_enabled', $LANG_ADMIN['enabled']); 255 $block_templates->set_var('lang_blockhelpurl', $LANG_ADMIN['help_url']); 256 $block_templates->set_var('lang_topic', $LANG_ADMIN['topic']); 257 $block_templates->set_var('lang_save', $LANG_ADMIN['save']); 258 $block_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']); 259 $block_templates->set_var('lang_blocktype', $LANG_ADMIN['type']); 260 $block_templates->set_var('lang_allowed_html', $LANG01[123]); 261 262 $block_templates->set_var('block_title', stripslashes ($A['title'])); 263 $block_templates->set_var('lang_enabled', $LANG21[53]); 264 if ($A['is_enabled'] == 1) { 265 $block_templates->set_var('is_enabled', 'checked="checked"'); 266 } else { 267 $block_templates->set_var('is_enabled', ''); 268 } 269 $block_templates->set_var('block_help', $A['help']); 270 $block_templates->set_var('lang_includehttp', $LANG21[51]); 271 $block_templates->set_var('lang_explanation', $LANG21[52]); 272 $block_templates->set_var('block_name', $A['name']); 273 $block_templates->set_var('lang_blockname', $LANG21[48]); 274 $block_templates->set_var('lang_nospaces', $LANG21[49]); 275 $block_templates->set_var('lang_all', $LANG21[7]); 276 $block_templates->set_var('lang_homeonly', $LANG21[43]); 277 if ($A['tid'] == 'all') { 278 $block_templates->set_var('all_selected', 'selected="selected"'); 279 } else if ($A['tid'] == 'homeonly') { 280 $block_templates->set_var('homeonly_selected', 'selected="selected"'); 281 } 282 $block_templates->set_var('topic_options', 283 COM_topicList('tid,topic', $A['tid'], 1, true)); 284 $block_templates->set_var('lang_side', $LANG21[39]); 285 $block_templates->set_var('lang_left', $LANG21[40]); 286 $block_templates->set_var('lang_right', $LANG21[41]); 287 if ($A['onleft'] == 1) { 288 $block_templates->set_var('left_selected', 'selected="selected"'); 289 } else if ($A['onleft'] == 0) { 290 $block_templates->set_var('right_selected', 'selected="selected"'); 291 } 292 $block_templates->set_var('lang_blockorder', $LANG21[9]); 293 $block_templates->set_var('block_order', $A['blockorder']); 294 $block_templates->set_var('lang_normalblock', $LANG21[12]); 295 $block_templates->set_var('lang_phpblock', $LANG21[27]); 296 $block_templates->set_var('lang_portalblock', $LANG21[11]); 297 if ($A['type'] == 'normal') { 298 $block_templates->set_var('normal_selected', 'selected="selected"'); 299 } else if ($A['type'] == 'phpblock') { 300 $block_templates->set_var('php_selected', 'selected="selected"'); 301 } else if ($A['type'] == 'portal') { 302 $block_templates->set_var('portal_selected', 'selected="selected"'); 303 } 304 $block_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']); 305 $block_templates->set_var('lang_owner', $LANG_ACCESS['owner']); 306 $ownername = COM_getDisplayName ($A['owner_id']); 307 $block_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 308 'username', "uid = '{$A['owner_id']}'")); 309 $block_templates->set_var('owner_name', $ownername); 310 $block_templates->set_var('owner', $ownername); 311 $block_templates->set_var('owner_id', $A['owner_id']); 312 313 $block_templates->set_var('lang_group', $LANG_ACCESS['group']); 314 $block_templates->set_var('group_dropdown', 315 SEC_getGroupDropdown ($A['group_id'], $access)); 316 $block_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']); 317 $block_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']); 318 $block_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon'])); 319 $block_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']); 320 $block_templates->set_var('lang_phpblockoptions', $LANG21[28]); 321 $block_templates->set_var('lang_blockfunction', $LANG21[29]); 322 $block_templates->set_var('block_phpblockfn', $A['phpblockfn']); 323 $block_templates->set_var('lang_phpblockwarning', $LANG21[30]); 324 $block_templates->set_var('lang_portalblockoptions', $LANG21[13]); 325 $block_templates->set_var('lang_rdfurl', $LANG21[14]); 326 $block_templates->set_var('max_url_length', 255); 327 $block_templates->set_var('block_rdfurl', $A['rdfurl']); 328 $block_templates->set_var('lang_rdflimit', $LANG21[62]); 329 $block_templates->set_var('block_rdflimit', $A['rdflimit']); 330 $block_templates->set_var('lang_lastrdfupdate', $LANG21[15]); 331 if ($A['rdfupdated'] == '0000-00-00 00:00:00') { 332 $block_templates->set_var ('block_rdfupdated', ''); 333 } else { 334 $block_templates->set_var ('block_rdfupdated', $A['rdfupdated']); 335 } 336 $block_templates->set_var ('lang_normalblockoptions', $LANG21[16]); 337 $block_templates->set_var ('lang_blockcontent', $LANG21[17]); 338 $block_templates->set_var ('lang_autotags', $LANG21[66]); 339 $block_templates->set_var ('lang_use_autotags', $LANG21[67]); 340 $block_templates->set_var ('block_content', 341 htmlspecialchars (stripslashes ($A['content']))); 342 if ($A['allow_autotags'] == 1) { 343 $block_templates->set_var ('allow_autotags', 'checked="checked"'); 344 } else { 345 $block_templates->set_var ('allow_autotags', ''); 346 } 347 $block_templates->set_var ('end_block', 348 COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer'))); 349 $block_templates->parse('output', 'editor'); 350 $retval .= $block_templates->finish($block_templates->get_var('output')); 351 352 return $retval; 353 } 354 355 function listblocks() 356 { 357 global $_CONF, $_TABLES, $LANG_ADMIN, $LANG21, $_IMAGE_TYPE; 358 359 require_once( $_CONF['path_system'] . 'lib-admin.php' ); 360 361 $retval = ''; 362 363 reorderblocks(); 364 365 $header_arr = array( # display 'text' and use table field 'field' 366 array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false), 367 array('text' => $LANG21[65], 'field' => 'blockorder', 'sort' => true), 368 array('text' => $LANG21[46], 'field' => 'move', 'sort' => false), 369 array('text' => $LANG_ADMIN['title'], 'field' => 'title', 'sort' => true), 370 array('text' => $LANG_ADMIN['type'], 'field' => 'type', 'sort' => true), 371 array('text' => $LANG_ADMIN['topic'], 'field' => 'tid', 'sort' => true), 372 array('text' => $LANG_ADMIN['enabled'], 'field' => 'is_enabled', 'sort' => true) 373 374 ); 375 376 $defsort_arr = array('field' => 'blockorder', 'direction' => 'asc'); 377 378 $menu_arr = array ( 379 array('url' => $_CONF['site_admin_url'] . '/block.php?mode=edit', 380 'text' => $LANG_ADMIN['create_new']), 381 array('url' => $_CONF['site_admin_url'], 382 'text' => $LANG_ADMIN['admin_home']) 383 ); 384 385 $text_arr = array('has_menu' => true, 386 'has_extras' => true, 387 'title' => $LANG21[19], 'instructions' => $LANG21[25], 388 'icon' => $_CONF['layout_url'] . '/images/icons/block.' 389 . $_IMAGE_TYPE, 390 'form_url' => $_CONF['site_admin_url'] . "/block.php"); 391 392 $query_arr = array('table' => 'blocks', 393 'sql' => "SELECT * FROM {$_TABLES['blocks']} WHERE onleft = 1", 394 'query_fields' => array('title', 'content'), 395 'default_filter' => COM_getPermSql ('AND')); 396 397 $retval .= ADMIN_list ("blocks", "ADMIN_getListField_blocks", $header_arr, $text_arr, 398 $query_arr, $menu_arr, $defsort_arr); 399 400 $query_arr = array('table' => 'blocks', 401 'sql' => "SELECT * FROM {$_TABLES['blocks']} WHERE onleft = 0", 402 'query_fields' => array('title', 'content'), 403 'default_filter' => COM_getPermSql ('AND')); 404 405 $text_arr = array('has_menu' => false, 406 'has_extras' => true, 407 'title' => "$LANG21[19] ($LANG21[41])", 'instructions' => $LANG21[25], 408 'icon' => $_CONF['layout_url'] . '/images/icons/block.' 409 . $_IMAGE_TYPE, 410 'form_url' => $_CONF['site_admin_url'] . '/block.php'); 411 412 $retval .= ADMIN_list ('blocks', 'ADMIN_getListField_blocks', $header_arr, $text_arr, 413 $query_arr, $menu_arr, $defsort_arr); 414 415 return $retval; 416 } 417 418 /** 419 * Saves a block 420 * 421 * @param string $bid Block ID 422 * @param string $title Block title 423 * @param string $type Type of block 424 * @param int $blockorder Order block appears relative to the others 425 * @param string $content Content of block 426 * @param string $tid Topic block should appear in 427 * @param string $rdfurl URL to headline feed for portal blocks 428 * @param string $rdfupdated Date RSS/RDF feed was last updated 429 * @param string $rdflimit max. number of entries to import from feed 430 * @param string $phpblockfn Name of php function to call to get content 431 * @param int $onleft Flag indicates if block shows up on left or right 432 * @param int $owner_id ID of owner 433 * @param int $group_id ID of group block belongs to 434 * @param array $perm_owner Permissions the owner has on the object 435 * @param array $perm_group Permissions the group has on the object 436 * @param array $perm_members Permissions the logged in members have 437 * @param array $perm_anon Permissinos anonymous users have 438 * @param int $is_enabled Flag, indicates if block is enabled or not 439 * @return string HTML redirect or error message 440 * 441 */ 442 function saveblock ($bid, $name, $title, $help, $type, $blockorder, $content, $tid, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags) 443 { 444 global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE; 445 446 $retval = ''; 447 448 $title = addslashes (COM_stripslashes (strip_tags ($title))); 449 $phpblockfn = addslashes (COM_stripslashes (trim ($phpblockfn))); 450 if (empty($title)) { 451 $retval .= COM_siteHeader ('menu', $LANG21[63]) 452 . COM_startBlock ($LANG21[63], '', 453 COM_getBlockTemplate ('_msg_block', 'header')) 454 . $LANG21[64] 455 . COM_endBlock (COM_getBlockTemplate ('_msg_block', 456 'footer')) 457 . editblock ($bid) 458 . COM_siteFooter (); 459 return $retval; 460 } 461 462 // Convert array values to numeric permission values 463 list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon); 464 465 $access = 0; 466 if (($bid > 0) && DB_count ($_TABLES['blocks'], 'bid', $bid) > 0) { 467 $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'"); 468 $A = DB_fetchArray ($result); 469 $access = SEC_hasAccess ($A['owner_id'], $A['group_id'], 470 $A['perm_owner'], $A['perm_group'], $A['perm_members'], 471 $A['perm_anon']); 472 } else { 473 $access = SEC_hasAccess ($owner_id, $group_id, $perm_owner, $perm_group, 474 $perm_members, $perm_anon); 475 } 476 if (($access < 3) || !hasBlockTopicAccess ($tid) || !SEC_inGroup ($group_id)) { 477 $retval .= COM_siteHeader('menu', $MESSAGE[30]); 478 $retval .= COM_startBlock ($MESSAGE[30], '', 479 COM_getBlockTemplate ('_msg_block', 'header')); 480 $retval .= $MESSAGE[33]; 481 $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 482 $retval .= COM_siteFooter(); 483 COM_accessLog("User {$_USER['username']} tried to illegally create or edit block $bid."); 484 485 return $retval; 486 } elseif (($type == 'normal' && !empty($title) && !empty($content)) OR ($type == 'portal' && !empty($title) && !empty($rdfurl)) OR ($type == 'gldefault' && (strlen($blockorder)>0)) OR ($type == 'phpblock' && !empty($phpblockfn) && !empty($title))) { 487 if ($is_enabled == 'on') { 488 $is_enabled = 1; 489 } else { 490 $is_enabled = 0; 491 } 492 if ($allow_autotags == 'on') { 493 $allow_autotags = 1; 494 } else { 495 $allow_autotags = 0; 496 } 497 498 if ($type == 'portal') { 499 $content = ''; 500 $rdfupdated = ''; 501 $phpblockfn = ''; 502 503 // get rid of possible extra prefixes (e.g. "feed://http://...") 504 if (substr ($rdfurl, 0, 4) == 'rss:') { 505 $rdfurl = substr ($rdfurl, 4); 506 } else if (substr ($rdfurl, 0, 5) == 'feed:') { 507 $rdfurl = substr ($rdfurl, 5); 508 } 509 if (substr ($rdfurl, 0, 2) == '//') { 510 $rdfurl = substr ($rdfurl, 2); 511 } 512 $rdfurl = COM_sanitizeUrl ($rdfurl, array ('http', 'https')); 513 } 514 if ($type == 'gldefault') { 515 if ($name != 'older_stories') { 516 $content = ''; 517 } 518 $rdfurl = ''; 519 $rdfupdated = ''; 520 $rdflimit = 0; 521 $phpblockfn = ''; 522 } 523 if ($type == 'phpblock') { 524 525 // NOTE: PHP Blocks must be within a function and the function 526 // must start with phpblock_ as the prefix. This will prevent 527 // the arbitrary execution of code 528 if (!(stristr($phpblockfn,'phpblock_'))) { 529 $retval .= COM_siteHeader ('menu', $LANG21[37]) 530 . COM_startBlock ($LANG21[37], '', 531 COM_getBlockTemplate ('_msg_block', 'header')) 532 . $LANG21[38] 533 . COM_endBlock (COM_getBlockTemplate ('_msg_block', 534 'footer')) 535 . editblock ($bid) 536 . COM_siteFooter (); 537 return $retval; 538 } 539 $content = ''; 540 $rdfurl = ''; 541 $rdfupdated = ''; 542 $rdflimit = 0; 543 } 544 if ($type == 'normal') { 545 $rdfurl = ''; 546 $rdfupdated = ''; 547 $rdflimit = 0; 548 $phpblockfn = ''; 549 $content = addslashes ($content); 550 } 551 if ($rdflimit < 0) { 552 $rdflimit = 0; 553 } 554 if (!empty ($rdfurl)) { 555 $rdfurl = addslashes ($rdfurl); 556 } 557 if (empty ($rdfupdated)) { 558 $rdfupdated = '0000-00-00 00:00:00'; 559 } 560 561 if ($bid > 0) 562 { 563 DB_save($_TABLES['blocks'],'bid,name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags',"$bid,'$name','$title','$help','$type','$blockorder','$content','$tid','$rdfurl','$rdfupdated','$rdflimit','$phpblockfn',$onleft,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon,$is_enabled,$allow_autotags"); 564 } else { 565 $sql = "INSERT INTO {$_TABLES['blocks']} " 566 .'(name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags) ' 567 ."VALUES ('$name','$title','$help','$type','$blockorder','$content','$tid','$rdfurl','$rdfupdated','$rdflimit','$phpblockfn',$onleft,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon,$is_enabled,$allow_autotags)"; 568 DB_query($sql); 569 $bid = DB_insertId(); 570 } 571 572 if (($type == 'gldefault') && ($name == 'older_stories')) { 573 COM_olderStuff (); 574 } 575 576 return COM_refresh ($_CONF['site_admin_url'] . '/block.php?msg=11'); 577 } else { 578 $retval .= COM_siteHeader ('menu', $LANG21[32]) 579 . COM_startBlock ($LANG21[32], '', 580 COM_getBlockTemplate ('_msg_block', 'header')); 581 if ($type == 'portal') { 582 // Portal block is missing fields 583 $retval .= $LANG21[33]; 584 } else if ($type == 'phpblock') { 585 // PHP Block is missing field 586 $retval .= $LANG21[34]; 587 } else if ($type == 'normal') { 588 // Normal block is missing field 589 $retval .= $LANG21[35]; 590 } else if ($type == 'gldefault') { 591 // Default geeklog field missing 592 $retval .= $LANG21[42]; 593 } else { 594 // Layout block missing content 595 $retval .= $LANG21[36]; 596 } 597 $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')) 598 . editblock ($bid) 599 . COM_siteFooter (); 600 } 601 602 return $retval; 603 } 604 /** 605 * 606 * Re-orders all blocks in steps of 10 607 * 608 */ 609 function reorderblocks() 610 { 611 global $_TABLES; 612 $sql = "SELECT * FROM {$_TABLES['blocks']} ORDER BY onleft asc, blockorder asc;"; 613 $result = DB_query($sql); 614 $nrows = DB_numRows($result); 615 616 $lastside = 0; 617 $blockOrd = 10; 618 $stepNumber = 10; 619 620 for ($i = 0; $i < $nrows; $i++) { 621 $A = DB_fetchArray($result); 622 623 if ($lastside != $A['onleft']) { // we are switching left/right blocks 624 $blockOrd = 10; // so start with 10 again 625 } 626 if ($A['blockorder'] != $blockOrd) { // only update incorrect ones 627 $q = "UPDATE " . $_TABLES['blocks'] . " SET blockorder = '" . 628 $blockOrd . "' WHERE bid = '" . $A['bid'] ."'"; 629 DB_query($q); 630 } 631 $blockOrd += $stepNumber; 632 $lastside = $A['onleft']; // save variable for next round 633 } 634 } 635 636 637 /** 638 * Move blocks UP, Down and Switch Sides - Left and Right 639 * 640 */ 641 function moveBlock() 642 { 643 global $_CONF, $_TABLES, $LANG21; 644 645 $retval = ''; 646 647 $bid = COM_applyFilter($_GET['bid']); 648 $where = COM_applyFilter($_GET['where']); 649 650 // if the block id exists 651 if (DB_count($_TABLES['blocks'], "bid", $bid) == 1) { 652 653 switch ($where) { 654 655 case ("up"): $q = "UPDATE " . $_TABLES['blocks'] . " SET blockorder = blockorder-11 WHERE bid = '" . $bid . "'"; 656 DB_query($q); 657 break; 658 659 case ("dn"): $q = "UPDATE " . $_TABLES['blocks'] . " SET blockorder = blockorder+11 WHERE bid = '" . $bid . "'"; 660 DB_query($q); 661 break; 662 663 case ("0"): $q = "UPDATE " . $_TABLES['blocks'] . " SET onleft = '1', blockorder = blockorder-1 WHERE bid = '" . $bid ."'"; 664 DB_query($q); 665 break; 666 667 case ("1"): $q = "UPDATE " . $_TABLES['blocks'] . " SET onleft = '0',blockorder = blockorder-1 WHERE bid = '" . $bid ."'"; 668 DB_query($q); 669 break; 670 } 671 672 } else { 673 COM_errorLOG("block admin error: Attempt to move an non existing block id: $bid"); 674 } 675 echo COM_refresh($_CONF['site_admin_url'] . "/block.php"); 676 exit; 677 return $retval; 678 } 679 680 681 /** 682 * Enable and Disable block 683 */ 684 function changeBlockStatus ($bid) 685 { 686 global $_CONF, $_TABLES; 687 688 $bid = COM_applyFilter($bid); 689 690 if (DB_getItem($_TABLES['blocks'],"is_enabled", "bid=$bid")) { 691 DB_query("UPDATE {$_TABLES['blocks']} set is_enabled = '0' WHERE bid=$bid"); 692 return; 693 } else { 694 DB_query("UPDATE {$_TABLES['blocks']} set is_enabled = '1' WHERE bid=$bid"); 695 return; 696 } 697 } 698 699 /** 700 * Delete a block 701 * 702 * @param string $bid id of block to delete 703 * @return string HTML redirect or error message 704 * 705 */ 706 function deleteBlock ($bid) 707 { 708 global $_CONF, $_TABLES, $_USER; 709 710 $result = DB_query ("SELECT tid,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid ='$bid'"); 711 $A = DB_fetchArray($result); 712 $access = SEC_hasAccess ($A['owner_id'], $A['group_id'], $A['perm_owner'], 713 $A['perm_group'], $A['perm_members'], $A['perm_anon']); 714 if (($access < 3) || (hasBlockTopicAccess ($A['tid']) < 3)) { 715 COM_accessLog ("User {$_USER['username']} tried to illegally delete block $bid."); 716 return COM_refresh ($_CONF['site_admin_url'] . '/block.php'); 717 } 718 719 DB_delete ($_TABLES['blocks'], 'bid', $bid); 720 721 return COM_refresh ($_CONF['site_admin_url'] . '/block.php?msg=12'); 722 } 723 724 // MAIN 725 $mode = ''; 726 if (!empty($_REQUEST['mode'])) { 727 $mode = $_REQUEST['mode']; 728 } 729 730 $bid = ''; 731 if (!empty($_REQUEST['bid'])) { 732 $bid = COM_applyFilter ($_REQUEST['bid']); 733 } 734 735 if (isset ($_POST['blkChange'])) { 736 changeBlockStatus ($_POST['blkChange']); 737 } 738 739 if (($mode == $LANG_ADMIN['delete']) && !empty ($LANG_ADMIN['delete'])) { 740 if (!isset ($bid) || empty ($bid) || ($bid == 0)) { 741 COM_errorLog ('Attempted to delete block, bid empty or null, value =' . $bid); 742 $display .= COM_refresh ($_CONF['site_admin_url'] . '/block.php'); 743 } else { 744 $display .= deleteBlock ($bid); 745 } 746 } else if (($mode == $LANG_ADMIN['save']) && !empty ($LANG_ADMIN['save'])) { 747 $help = ''; 748 if (isset ($_POST['help'])) { 749 $help = COM_sanitizeUrl ($_POST['help'], array ('http', 'https')); 750 } 751 $content = ''; 752 if (isset ($_POST['content'])) { 753 $content = $_POST['content']; 754 } 755 $rdfurl = ''; 756 if (isset ($_POST['rdfurl'])) { 757 $rdfurl = $_POST['rdfurl']; // to be sanitized later 758 } 759 $rdfupdated = ''; 760 if (isset ($_POST['rdfupdated'])) { 761 $rdfupdated = $_POST['rdfupdated']; 762 } 763 $rdflimit = 0; 764 if (isset ($_POST['rdflimit'])) { 765 $rdflimit = COM_applyFilter ($_POST['rdflimit'], true); 766 } 767 $phpblockfn = ''; 768 if (isset ($_POST['phpblockfn'])) { 769 $phpblockfn = $_POST['phpblockfn']; 770 } 771 $is_enabled = ''; 772 if (isset ($_POST['is_enabled'])) { 773 $is_enabled = $_POST['is_enabled']; 774 } 775 $allow_autotags = ''; 776 if (isset ($_POST['allow_autotags'])) { 777 $allow_autotags = $_POST['allow_autotags']; 778 } 779 $display .= saveblock ($bid, $_POST['name'], $_POST['title'], 780 $help, $_POST['type'], $_POST['blockorder'], $content, 781 COM_applyFilter ($_POST['tid']), $rdfurl, $rdfupdated, 782 $rdflimit, $phpblockfn, $_POST['onleft'], 783 COM_applyFilter ($_POST['owner_id'], true), 784 COM_applyFilter ($_POST['group_id'], true), 785 $_POST['perm_owner'], $_POST['perm_group'], 786 $_POST['perm_members'], $_POST['perm_anon'], 787 $is_enabled, $allow_autotags); 788 } else if ($mode == 'edit') { 789 $display .= COM_siteHeader ('menu', $LANG21[3]) 790 . editblock ($bid) 791 . COM_siteFooter (); 792 } else if ($mode == 'move') { 793 $display .= COM_siteHeader('menu', $LANG21[19]); 794 $display .= moveBlock(); 795 $display .= listblocks(); 796 $display .= COM_siteFooter(); 797 } else { // 'cancel' or no mode at all 798 $display .= COM_siteHeader ('menu', $LANG21[19]); 799 $msg = 0; 800 if (isset ($_POST['msg'])) { 801 $msg = COM_applyFilter ($_POST['msg'], true); 802 } else if (isset ($_GET['msg'])) { 803 $msg = COM_applyFilter ($_GET['msg'], true); 804 } 805 if ($msg > 0) { 806 $display .= COM_showMessage ($msg); 807 } 808 $display .= listblocks(); 809 810 $display .= COM_siteFooter(); 811 } 812 813 echo $display; 814 815 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Wed Nov 21 12:27:40 2007 | par Balluche grâce à PHPXref 0.7 |
|
|