| [ Index ] |
|
Code source de GeekLog 1.4.1 |
1 <?php 2 3 /* Reminder: always indent with 4 spaces (no tabs). */ 4 // +---------------------------------------------------------------------------+ 5 // | Geeklog 1.4 | 6 // +---------------------------------------------------------------------------+ 7 // | story.php | 8 // | | 9 // | Geeklog story administration page. | 10 // +---------------------------------------------------------------------------+ 11 // | Copyright (C) 2000-2006 by the following authors: | 12 // | | 13 // | Authors: Tony Bibbs - tony AT tonybibbs DOT com | 14 // | Mark Limburg - mlimburg AT users DOT sourceforge DOT net | 15 // | Jason Whittenburg - jwhitten AT securitygeeks DOT com | 16 // | Dirk Haun - dirk AT haun-online DOT de | 17 // +---------------------------------------------------------------------------+ 18 // | | 19 // | This program is free software; you can redistribute it and/or | 20 // | modify it under the terms of the GNU General Public License | 21 // | as published by the Free Software Foundation; either version 2 | 22 // | of the License, or (at your option) any later version. | 23 // | | 24 // | This program is distributed in the hope that it will be useful, | 25 // | but WITHOUT ANY WARRANTY; without even the implied warranty of | 26 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 27 // | GNU General Public License for more details. | 28 // | | 29 // | You should have received a copy of the GNU General Public License | 30 // | along with this program; if not, write to the Free Software Foundation, | 31 // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | 32 // | | 33 // +---------------------------------------------------------------------------+ 34 // 35 // $Id: story.php,v 1.248 2006/12/10 12:08:40 dhaun Exp $ 36 37 /** 38 * This is the Geeklog story administration page. 39 * 40 * @author Jason Whittenburg 41 * @author Tony Bibbs <tony AT tonybibbs DOT com> 42 * 43 */ 44 45 /** 46 * Geeklog commong function library 47 */ 48 require_once ('../lib-common.php'); 49 require_once ($_CONF['path_system'] . 'lib-story.php'); 50 51 /** 52 * Security check to ensure user even belongs on this page 53 */ 54 require_once ('auth.inc.php'); 55 56 // Set this to true if you want to have this code output debug messages to 57 // the error log 58 $_STORY_VERBOSE = false; 59 60 $display = ''; 61 62 if (!SEC_hasRights('story.edit')) { 63 $display .= COM_siteHeader ('menu', $MESSAGE[30]); 64 $display .= COM_startBlock ($MESSAGE[30], '', 65 COM_getBlockTemplate ('_msg_block', 'header')); 66 $display .= $MESSAGE[31]; 67 $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 68 $display .= COM_siteFooter (); 69 COM_accessLog("User {$_USER['username']} tried to illegally access the story administration screen."); 70 echo $display; 71 exit; 72 } 73 74 75 // Uncomment the line below if you need to debug the HTTP variables being passed 76 // to the script. This will sometimes cause errors but it will allow you to see 77 // the data being passed in a POST operation 78 // debug($_POST); 79 80 81 /** 82 * Returns a list of all users and their user ids, wrapped in <option> tags. 83 * 84 * @param int uid current user (to be displayed as selected) 85 * @return string string with <option> tags, to be wrapped in <select> 86 * 87 */ 88 function userlist ($uid = 0) 89 { 90 global $_TABLES; 91 92 $retval = ''; 93 94 $result = DB_query ("SELECT uid,username FROM {$_TABLES['users']} WHERE uid > 1 ORDER BY username"); 95 96 while ($A = DB_fetchArray ($result)) { 97 $retval .= '<option value="' . $A['uid'] . '"'; 98 if ($uid == $A['uid']) { 99 $retval .= ' selected="selected"'; 100 } 101 $retval .= '>' . $A['username'] . '</option>' . LB; 102 } 103 104 return $retval; 105 } 106 107 function liststories() 108 { 109 global $_CONF, $_TABLES, $_IMAGE_TYPE, 110 $LANG09, $LANG_ADMIN, $LANG_ACCESS, $LANG24; 111 112 require_once( $_CONF['path_system'] . 'lib-admin.php' ); 113 114 $retval = ''; 115 116 if (!empty ($_GET['tid'])) { 117 $current_topic = COM_applyFilter($_GET['tid']); 118 } elseif (!empty ($_POST['tid'])) { 119 $current_topic = COM_applyFilter($_POST['tid']); 120 } else { 121 $current_topic = $LANG09[9]; 122 } 123 124 if ($current_topic == $LANG09[9]) { 125 $excludetopics = ''; 126 $seltopics = ''; 127 $topicsql = "SELECT tid,topic FROM {$_TABLES['topics']}" . COM_getPermSQL (); 128 $tresult = DB_query( $topicsql ); 129 $trows = DB_numRows( $tresult ); 130 if( $trows > 0 ) 131 { 132 $excludetopics .= ' ('; 133 for( $i = 1; $i <= $trows; $i++ ) { 134 $T = DB_fetchArray ($tresult); 135 if ($i > 1) { 136 $excludetopics .= ' OR '; 137 } 138 $excludetopics .= "tid = '{$T['tid']}'"; 139 $seltopics .= '<option value="' .$T['tid']. '"'; 140 if ($current_topic == "{$T['tid']}") { 141 $seltopics .= ' selected="selected"'; 142 } 143 $seltopics .= '>' . $T['topic'] . '</option>' . LB; 144 } 145 $excludetopics .= ') '; 146 } 147 } else { 148 $excludetopics = " tid = '$current_topic' "; 149 $seltopics = COM_topicList ('tid,topic', $current_topic, 1, true); 150 } 151 152 $alltopics = '<option value="' .$LANG09[9]. '"'; 153 if ($current_topic == $LANG09[9]) { 154 $alltopics .= ' selected="selected"'; 155 } 156 $alltopics .= '>' .$LANG09[9]. '</option>' . LB; 157 $filter = $LANG_ADMIN['topic'] 158 . ': <select name="tid" style="width: 125px" onchange="this.form.submit()">' 159 . $alltopics . $seltopics . '</select>'; 160 161 $header_arr = array( 162 array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false)); 163 164 $header_arr[] = array('text' => $LANG_ADMIN['title'], 'field' => 'title', 'sort' => true); 165 $header_arr[] = array('text' => $LANG_ACCESS['access'], 'field' => 'access', 'sort' => false); 166 $header_arr[] = array('text' => $LANG24[34], 'field' => 'draft_flag', 'sort' => true); 167 $header_arr[] = array('text' => $LANG24[7], 'field' => 'username', 'sort' => true); //author 168 $header_arr[] = array('text' => $LANG24[15], 'field' => 'unixdate', 'sort' => true); //date 169 $header_arr[] = array('text' => $LANG_ADMIN['topic'], 'field' => 'tid', 'sort' => true); 170 $header_arr[] = array('text' => $LANG24[32], 'field' => 'featured', 'sort' => true); 171 172 if (SEC_hasRights ('story.ping') && ($_CONF['trackback_enabled'] || 173 $_CONF['pingback_enabled'] || $_CONF['ping_enabled'])) { 174 $header_arr[] = array('text' => $LANG24[20], 'field' => 'ping', 'sort' => false); 175 } 176 177 $defsort_arr = array('field' => 'unixdate', 'direction' => 'desc'); 178 179 $menu_arr = array ( 180 array('url' => $_CONF['site_admin_url'] . '/story.php?mode=edit', 181 'text' => $LANG_ADMIN['create_new']) 182 ); 183 184 $menu_arr[] = array('url' => $_CONF['site_admin_url'], 185 'text' => $LANG_ADMIN['admin_home']); 186 187 $text_arr = array('has_menu' => true, 188 'has_extras' => true, 189 'title' => $LANG24[22], 'instructions' => $LANG24[23], 190 'icon' => $_CONF['layout_url'] . '/images/icons/story.' . $_IMAGE_TYPE, 191 'form_url' => $_CONF['site_admin_url'] . "/story.php"); 192 193 $sql = "SELECT {$_TABLES['stories']}.*, {$_TABLES['users']}.username, {$_TABLES['users']}.fullname, " 194 ."UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} " 195 ."LEFT JOIN {$_TABLES['users']} ON {$_TABLES['stories']}.uid={$_TABLES['users']}.uid " 196 ."WHERE 1=1 "; 197 198 if (!empty ($excludetopics)) { 199 $excludetopics = 'AND ' . $excludetopics; 200 } 201 $query_arr = array('table' => 'stories', 202 'sql' => $sql, 203 'query_fields' => array('title', 'introtext', 'bodytext', 'sid', 'tid'), 204 'default_filter' => $excludetopics . COM_getPermSQL ('AND'),); 205 206 $retval .= ADMIN_list ("story", "ADMIN_getListField_stories", $header_arr, $text_arr, 207 $query_arr, $menu_arr, $defsort_arr, $filter); 208 return $retval; 209 } 210 211 /** 212 * Shows story editor 213 * 214 * Displays the story entry form 215 * 216 * @param string $sid ID of story to edit 217 * @param string $mode 'preview', 'edit', 'editsubmission' 218 * @param string $errormsg a message to display on top of the page 219 * @param string $currenttopic topic selection for drop-down menu 220 * @return string HTML for story editor 221 * 222 */ 223 function storyeditor($sid = '', $mode = '', $errormsg = '', $currenttopic = '') 224 { 225 global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG24, $LANG_ACCESS, 226 $LANG_ADMIN, $MESSAGE; 227 228 $display = ''; 229 230 if (!isset ($_CONF['hour_mode'])) { 231 $_CONF['hour_mode'] = 12; 232 } 233 234 if (!empty ($errormsg)) { 235 $display .= COM_startBlock($LANG24[25], '', 236 COM_getBlockTemplate ('_msg_block', 'header')); 237 $display .= $errormsg; 238 $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 239 } 240 241 if (!empty ($currenttopic)) { 242 $allowed = DB_getItem ($_TABLES['topics'], 'tid', 243 "tid = '" . addslashes ($currenttopic) . "'" . 244 COM_getTopicSql ('AND')); 245 246 if ($allowed != $currenttopic) { 247 $currenttopic = ''; 248 } 249 } 250 251 if (!empty ($sid) && ($mode == 'edit')) { 252 $msql = array(); 253 $msql['mysql'] = "SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, " 254 . "u.username, u.fullname, u.photo, t.topic, t.imageurl, UNIX_TIMESTAMP(s.expire) AS expiredate " 255 . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t " 256 . "WHERE (s.uid = u.uid) AND (s.tid = t.tid) AND (sid = '$sid')"; 257 258 $msql['mssql'] = "SELECT STRAIGHT_JOIN s.sid, s.uid, s.draft_flag, s.tid, s.date, s.title, CAST(s.introtext AS text) AS introtext, CAST(s.bodytext AS text) AS bodytext, s.hits, s.numemails, s.comments, s.trackbacks, s.related, s.featured, s.show_topic_icon, s.commentcode, s.trackbackcode, s.statuscode, s.expire, s.postmode, s.frontpage, s.in_transit, s.owner_id, s.group_id, s.perm_owner, s.perm_group, s.perm_members, s.perm_anon, s.advanced_editor_mode," 259 ." UNIX_TIMESTAMP(s.date) AS unixdate, " 260 . "u.username, u.fullname, u.photo, t.topic, t.imageurl, UNIX_TIMESTAMP(s.expire) AS expiredate " 261 . "FROM {$_TABLES['stories']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t " 262 . "WHERE (s.uid = u.uid) AND (s.tid = t.tid) AND (sid = '$sid')"; 263 264 $result = DB_query ($msql); 265 $A = DB_fetchArray ($result); 266 267 $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']); 268 $access = min ($access, SEC_hasTopicAccess ($A['tid'])); 269 if ($access == 2) { 270 $display .= COM_startBlock($LANG_ACCESS['accessdenied'], '', 271 COM_getBlockTemplate ('_msg_block', 'header')); 272 $display .= $LANG24[41]; 273 $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 274 $display .= STORY_renderArticle ($A, 'p'); 275 COM_accessLog("User {$_USER['username']} tried to illegally edit story $sid."); 276 return $display; 277 } else if ($access == 0) { 278 $display .= COM_startBlock($LANG_ACCESS['accessdenied'], '', 279 COM_getBlockTemplate ('_msg_block', 'header')); 280 $display .= $LANG24[42]; 281 $display .= COM_endBlock(COM_getBlockTemplate ('_msg_block', 'footer')); 282 COM_accessLog("User {$_USER['username']} tried to illegally access story $sid."); 283 return $display; 284 } 285 $A['old_sid'] = $A['sid']; 286 if ($A['postmode'] == 'plaintext') { 287 $A['introtext'] = COM_undoClickableLinks ($A['introtext']); 288 $A['bodytext'] = COM_undoClickableLinks ($A['bodytext']); 289 } 290 } elseif (!empty ($sid) && ($mode == 'editsubmission')) { 291 $result = DB_query ("SELECT STRAIGHT_JOIN s.*, UNIX_TIMESTAMP(s.date) AS unixdate, " 292 . "u.username, u.fullname, u.photo, t.topic, t.imageurl, t.group_id, " 293 . "t.perm_owner, t.perm_group, t.perm_members, t.perm_anon " 294 . "FROM {$_TABLES['storysubmission']} AS s, {$_TABLES['users']} AS u, {$_TABLES['topics']} AS t " 295 . "WHERE (s.uid = u.uid) AND (s.tid = t.tid) AND (sid = '$sid')"); 296 if (DB_numRows ($result) > 0) { 297 $A = DB_fetchArray($result); 298 if (isset ($_CONF['draft_flag'])) { 299 $A['draft_flag'] = $_CONF['draft_flag']; 300 } else { 301 $A['draft_flag'] = 0; 302 } 303 if (isset ($_CONF['show_topic_icon'])) { 304 $A['show_topic_icon'] = $_CONF['show_topic_icon']; 305 } else { 306 $A['show_topic_icon'] = 1; 307 } 308 $A['commentcode'] = $_CONF['comment_code']; 309 $A['trackbackcode'] = $_CONF['trackback_code']; 310 $A['featured'] = 0; 311 $A['expire'] = '0000-00-00 00:00:00'; 312 $A['expiredate'] = 0; 313 if (DB_getItem ($_TABLES['topics'], 'archive_flag', 314 "tid = '{$A['tid']}'") == 1) { 315 $A['frontpage'] = 0; 316 } else if (isset ($_CONF['frontpage'])) { 317 $A['frontpage'] = $_CONF['frontpage']; 318 } else { 319 $A['frontpage'] = 1; 320 } 321 $A['comments'] = 0; 322 $A['trackbacks'] = 0; 323 $A['numemails'] = 0; 324 $A['statuscode'] = 0; 325 $A['owner_id'] = $A['uid']; 326 $access = 3; 327 $A['old_sid'] = $A['sid']; 328 $A['title'] = htmlspecialchars ($A['title']); 329 if (!isset ($A['bodytext'])) { 330 $A['bodytext'] = ''; 331 } 332 if ($A['postmode'] == 'plaintext') { 333 $A['introtext'] = COM_undoClickableLinks ($A['introtext']); 334 if (!empty ($A['bodytext'])) { 335 $A['bodytext'] = COM_undoClickableLinks ($A['bodytext']); 336 } 337 } 338 } else { 339 // that submission doesn't seem to be there any more (may have been 340 // handled by another Admin) - take us back to the moderation page 341 return COM_refresh ($_CONF['site_admin_url'] . '/moderation.php'); 342 } 343 } elseif ($mode == 'edit') { 344 $A['sid'] = COM_makesid(); 345 $A['old_sid'] = ''; 346 if (isset ($_CONF['draft_flag'])) { 347 $A['draft_flag'] = $_CONF['draft_flag']; 348 } else { 349 $A['draft_flag'] = 0; 350 } 351 if (isset ($_CONF['show_topic_icon'])) { 352 $A['show_topic_icon'] = $_CONF['show_topic_icon']; 353 } else { 354 $A['show_topic_icon'] = 1; 355 } 356 $A['uid'] = $_USER['uid']; 357 $A['unixdate'] = time(); 358 $A['expiredate'] = time(); 359 $A['commentcode'] = $_CONF['comment_code']; 360 $A['trackbackcode'] = $_CONF['trackback_code']; 361 $A['title'] = ''; 362 $A['introtext'] = ''; 363 $A['bodytext'] = ''; 364 if (isset ($_CONF['frontpage'])) { 365 $A['frontpage'] = $_CONF['frontpage']; 366 } else { 367 $A['frontpage'] = 1; 368 } 369 $A['hits'] = 0; 370 $A['comments'] = 0; 371 $A['trackbacks'] = 0; 372 $A['numemails'] = 0; 373 374 if (isset ($_CONF['advanced_editor']) && $_CONF['advanced_editor'] && 375 ($_CONF['postmode'] != 'plaintext')) { 376 $A['advanced_editor_mode'] = 1; 377 $A['postmode'] = 'adveditor'; 378 } else { 379 $A['advanced_editor_mode'] = 0; 380 $A['postmode'] = $_CONF['postmode']; 381 } 382 383 $A['statuscode'] = 0; 384 $A['featured'] = 0; 385 $A['owner_id'] = $_USER['uid']; 386 if (isset ($_GROUPS['Story Admin'])) { 387 $A['group_id'] = $_GROUPS['Story Admin']; 388 } else { 389 $A['group_id'] = SEC_getFeatureGroup ('story.edit'); 390 } 391 SEC_setDefaultPermissions ($A, $_CONF['default_permissions_story']); 392 $access = 3; 393 } else { 394 $A = $_POST; 395 $res = DB_query("SELECT username, fullname, photo FROM {$_TABLES['users']} WHERE uid = {$A['uid']}"); 396 $A += DB_fetchArray($res); 397 $A['tid'] = COM_applyFilter ($A['tid']); 398 $res = DB_query("SELECT topic, imageurl FROM {$_TABLES['topics']} WHERE tid = '{$A['tid']}'"); 399 $A += DB_fetchArray($res); 400 if (empty ($A['ampm'])) { 401 $A['ampm'] = $A['publish_ampm']; 402 } 403 if (isset ($A['draft_flag']) && ($A['draft_flag'] == 'on')) { 404 $A['draft_flag'] = 1; 405 } else { 406 $A['draft_flag'] = 0; 407 } 408 if (isset ($A['show_topic_icon']) && ($A['show_topic_icon'] == 'on')) { 409 $A['show_topic_icon'] = 1; 410 } else { 411 $A['show_topic_icon'] = 0; 412 } 413 if (!isset ($A['statuscode'])) { 414 $A['statuscode'] = 0; 415 } 416 417 // Convert array values to numeric permission values 418 list($A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']) = SEC_getPermissionValues($A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']); 419 if ($A['postmode'] == 'html' OR $A['postmode'] == 'adveditor') { 420 $A['introtext'] = COM_checkHTML(COM_checkWords($A['introtext'])); 421 $A['bodytext'] = COM_checkHTML(COM_checkWords($A['bodytext'])); 422 $A['title'] = COM_checkHTML(htmlspecialchars(COM_checkWords($A['title']))); 423 } else { 424 $A['introtext'] = COM_undoClickableLinks (htmlspecialchars(COM_checkWords($A['introtext']))); 425 $A['bodytext'] = COM_undoClickableLinks (htmlspecialchars(COM_checkWords($A['bodytext']))); 426 $A['title'] = htmlspecialchars(COM_checkWords($A['title'])); 427 } 428 $A['title'] = strip_tags($A['title']); 429 $access = 3; 430 } 431 432 // Load HTML templates 433 $story_templates = new Template($_CONF['path_layout'] . 'admin/story'); 434 if ( isset ($_CONF['advanced_editor']) && ($_CONF['advanced_editor'] == 1 ) 435 && file_exists ($_CONF['path_layout'] . 'admin/story/storyeditor_advanced.thtml')) { 436 $advanced_editormode = true; 437 $story_templates->set_file(array('editor'=>'storyeditor_advanced.thtml')); 438 $story_templates->set_var ('change_editormode', 'onChange="change_editmode(this);"'); 439 440 require_once ($_CONF['path_system'] . 'classes/navbar.class.php'); 441 442 $story_templates->set_var ('show_preview', 'none'); 443 $story_templates->set_var ('lang_expandhelp', $LANG24[67]); 444 $story_templates->set_var ('lang_reducehelp', $LANG24[68]); 445 $story_templates->set_var ('lang_publishdate', $LANG24[69]); 446 $story_templates->set_var ('lang_toolbar', $LANG24[70]); 447 $story_templates->set_var ('toolbar1', $LANG24[71]); 448 $story_templates->set_var ('toolbar2', $LANG24[72]); 449 $story_templates->set_var ('toolbar3', $LANG24[73]); 450 $story_templates->set_var ('toolbar4', $LANG24[74]); 451 $story_templates->set_var ('toolbar5', $LANG24[75]); 452 453 if ($A['advanced_editor_mode'] == 1 OR $A['postmode'] == 'adveditor') { 454 $story_templates->set_var ('show_texteditor', 'none'); 455 $story_templates->set_var ('show_htmleditor', ''); 456 } else { 457 $story_templates->set_var ('show_texteditor', ''); 458 $story_templates->set_var ('show_htmleditor', 'none'); 459 } 460 } else { 461 $story_templates->set_file(array('editor'=>'storyeditor.thtml')); 462 $advanced_editormode = false; 463 } 464 $story_templates->set_var ('site_url', $_CONF['site_url']); 465 $story_templates->set_var ('site_admin_url', $_CONF['site_admin_url']); 466 $story_templates->set_var ('layout_url', $_CONF['layout_url']); 467 $story_templates->set_var ('hour_mode', $_CONF['hour_mode']); 468 469 if (empty ($A['unixdate'])) { 470 $publish_hour = $A['publish_hour']; 471 if ($publish_hour == 12) { 472 if ($A['ampm'] == 'am') { 473 $publish_hour = 0; 474 } 475 } else if ($A['ampm'] == 'pm') { 476 $publish_hour += 12; 477 } 478 $A['unixdate'] = strtotime ($A['publish_year'] . '-' 479 . $A['publish_month'] . '-' . $A['publish_day'] . ' ' 480 . $publish_hour . ':' . $A['publish_minute'] . ':00'); 481 } 482 483 if (!empty ($A['title'])) { 484 485 $A['day'] = $A['unixdate']; 486 if (empty ($A['hits'])) { 487 $A['hits'] = 0; 488 } 489 490 $tmpsid = addslashes ($A['sid']); 491 if (DB_count ($_TABLES['article_images'], 'ai_sid', $tmpsid) > 0) { 492 $has_images = true; 493 } else { 494 $has_images = false; 495 } 496 497 $previewContent = ''; 498 if ($A['postmode'] == 'plaintext') { 499 $B = $A; 500 501 // if the plain-text story has images embedded, we'll have to do 502 // some awkward back-and-forth conversion ... 503 if ($has_images) { 504 list ($B['introtext'], $B['bodytext']) = STORY_replace_images ($A['sid'], $B['introtext'], $B['bodytext']); 505 } 506 507 $B['introtext'] = COM_makeClickableLinks ($B['introtext']); 508 if (!empty ($B['bodytext'])) { 509 $B['bodytext'] = COM_makeClickableLinks ($B['bodytext']); 510 } 511 512 if ($has_images) { 513 list ($errors, $B['introtext'], $B['bodytext']) = STORY_insert_images ($A['sid'], $B['introtext'], $B['bodytext']); 514 } 515 $previewContent = STORY_renderArticle ($B, 'p'); 516 517 } else { 518 if ($has_images) { 519 list ($errors, $A['introtext'], $A['bodytext']) = STORY_insert_images ($A['sid'], $A['introtext'], $A['bodytext']); 520 } 521 $previewContent = STORY_renderArticle ($A, 'p'); 522 } 523 524 if ($advanced_editormode AND $previewContent != '' ) { 525 $story_templates->set_var('preview_content', $previewContent); 526 } else { 527 $display = COM_startBlock ($LANG24[26], '', 528 COM_getBlockTemplate ('_admin_block', 'header')); 529 $display .= $previewContent; 530 $display .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer')); 531 } 532 } 533 534 if ($advanced_editormode) { 535 $navbar = new navbar; 536 if (!empty ($previewContent)) { 537 $navbar->add_menuitem($LANG24[79],'showhideEditorDiv("preview",0);return false;',true); 538 $navbar->add_menuitem($LANG24[80],'showhideEditorDiv("editor",1);return false;',true); 539 $navbar->add_menuitem($LANG24[81],'showhideEditorDiv("publish",2);return false;',true); 540 $navbar->add_menuitem($LANG24[82],'showhideEditorDiv("images",3);return false;',true); 541 $navbar->add_menuitem($LANG24[83],'showhideEditorDiv("archive",4);return false;',true); 542 $navbar->add_menuitem($LANG24[84],'showhideEditorDiv("perms",5);return false;',true); 543 $navbar->add_menuitem($LANG24[85],'showhideEditorDiv("all",6);return false;',true); 544 } else { 545 $navbar->add_menuitem($LANG24[80],'showhideEditorDiv("editor",0);return false;',true); 546 $navbar->add_menuitem($LANG24[81],'showhideEditorDiv("publish",1);return false;',true); 547 $navbar->add_menuitem($LANG24[82],'showhideEditorDiv("images",2);return false;',true); 548 $navbar->add_menuitem($LANG24[83],'showhideEditorDiv("archive",3);return false;',true); 549 $navbar->add_menuitem($LANG24[84],'showhideEditorDiv("perms",4);return false;',true); 550 $navbar->add_menuitem($LANG24[85],'showhideEditorDiv("all",5);return false;',true); 551 } 552 553 $navbar->set_selected($LANG24[80]); 554 $story_templates->set_var ('navbar', $navbar->generate() ); 555 } 556 557 $display .= COM_startBlock ($LANG24[5], '', 558 COM_getBlockTemplate ('_admin_block', 'header')); 559 560 if (($access == 3) && !empty ($A['old_sid'])) { 561 $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] 562 . '" name="mode"%s>'; 563 $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; 564 $story_templates->set_var ('delete_option', 565 sprintf ($delbutton, $jsconfirm)); 566 $story_templates->set_var ('delete_option_no_confirmation', 567 sprintf ($delbutton, '')); 568 } 569 if ($mode == 'editsubmission') { 570 $story_templates->set_var ('submission_option', 571 '<input type="hidden" name="type" value="submission">'); 572 } 573 $story_templates->set_var ('lang_author', $LANG24[7]); 574 $storyauthor = COM_getDisplayName ($A['uid']); 575 $story_templates->set_var ('story_author', $storyauthor); 576 $story_templates->set_var ('author', $storyauthor); 577 $story_templates->set_var ('story_uid', $A['uid']); 578 579 // user access info 580 $story_templates->set_var('lang_accessrights',$LANG_ACCESS['accessrights']); 581 $story_templates->set_var('lang_owner', $LANG_ACCESS['owner']); 582 $ownername = COM_getDisplayName ($A['owner_id']); 583 $story_templates->set_var('owner_username', DB_getItem ($_TABLES['users'], 584 'username', "uid = {$A['owner_id']}")); 585 $story_templates->set_var('owner_name', $ownername); 586 $story_templates->set_var('owner', $ownername); 587 $story_templates->set_var('owner_id', $A['owner_id']); 588 $story_templates->set_var('lang_group', $LANG_ACCESS['group']); 589 $story_templates->set_var('group_dropdown', 590 SEC_getGroupDropdown ($A['group_id'], $access)); 591 $story_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']); 592 $story_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']); 593 $story_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon'])); 594 $story_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']); 595 $curtime = COM_getUserDateTimeFormat($A['unixdate']); 596 $story_templates->set_var('lang_date', $LANG24[15]); 597 598 $publish_month = date ('m', $A['unixdate']); 599 $publish_day = date ('d', $A['unixdate']); 600 $publish_year = date ('Y', $A['unixdate']); 601 $publish_hour = date ('H', $A['unixdate']); 602 $publish_minute = date ('i', $A['unixdate']); 603 $publish_second = date ('s', $A['unixdate']); 604 $story_templates->set_var('publish_second', $publish_second); 605 606 $publish_ampm = ''; 607 $publish_hour_24 = $publish_hour; 608 if ($publish_hour >= 12) { 609 if ($publish_hour > 12) { 610 $publish_hour = $publish_hour - 12; 611 } 612 $ampm = 'pm'; 613 } else { 614 $ampm = 'am'; 615 } 616 $ampm_select = COM_getAmPmFormSelection ('publish_ampm', $ampm); 617 $story_templates->set_var ('publishampm_selection', $ampm_select); 618 619 $month_options = COM_getMonthFormOptions($publish_month); 620 $story_templates->set_var('publish_month_options', $month_options); 621 622 $day_options = COM_getDayFormOptions($publish_day); 623 $story_templates->set_var('publish_day_options', $day_options); 624 625 $year_options = COM_getYearFormOptions($publish_year); 626 $story_templates->set_var('publish_year_options', $year_options); 627 628 if ($_CONF['hour_mode'] == 24) { 629 $hour_options = COM_getHourFormOptions ($publish_hour_24, 24); 630 } else { 631 $hour_options = COM_getHourFormOptions ($publish_hour); 632 } 633 $story_templates->set_var('publish_hour_options', $hour_options); 634 635 $minute_options = COM_getMinuteFormOptions($publish_minute); 636 $story_templates->set_var('publish_minute_options', $minute_options); 637 638 $story_templates->set_var('publish_date_explanation', $LANG24[46]); 639 $story_templates->set_var('story_unixstamp', $A['unixdate']); 640 641 // Auto Story Archive or Delete Feature 642 if (empty ($A['expiredate']) or date('Y', $A['expiredate']) < 2000) { 643 $A['expiredate'] = time(); 644 } 645 $expire_month = date('m', $A['expiredate']); 646 $expire_day = date('d', $A['expiredate']); 647 $expire_year = date('Y', $A['expiredate']); 648 $expire_hour = date('H', $A['expiredate']); 649 $expire_minute = date('i', $A['expiredate']); 650 $expire_second = date('s', $A['expiredate']); 651 $story_templates->set_var('expire_second', $expire_second); 652 653 $expire_ampm = ''; 654 $expire_hour_24 = $expire_hour; 655 if ($expire_hour >= 12) { 656 if ($expire_hour > 12) { 657 $expire_hour = $expire_hour - 12; 658 } 659 $ampm = 'pm'; 660 } else { 661 $ampm = 'am'; 662 } 663 $ampm_select = COM_getAmPmFormSelection ('expire_ampm', $ampm); 664 if (empty ($ampm_select)) { 665 // have a hidden field to 24 hour mode to prevent JavaScript errors 666 $ampm_select = '<input type="hidden" name="expire_ampm" value="">'; 667 } 668 $story_templates->set_var ('expireampm_selection', $ampm_select); 669 670 $month_options = COM_getMonthFormOptions($expire_month); 671 $story_templates->set_var('expire_month_options', $month_options); 672 673 $day_options = COM_getDayFormOptions($expire_day); 674 $story_templates->set_var('expire_day_options', $day_options); 675 676 $year_options = COM_getYearFormOptions($expire_year); 677 $story_templates->set_var('expire_year_options', $year_options); 678 679 if ($_CONF['hour_mode'] == 24) { 680 $hour_options = COM_getHourFormOptions ($expire_hour_24, 24); 681 } else { 682 $hour_options = COM_getHourFormOptions ($expire_hour); 683 } 684 $story_templates->set_var('expire_hour_options', $hour_options); 685 686 $minute_options = COM_getMinuteFormOptions($expire_minute); 687 $story_templates->set_var('expire_minute_options', $minute_options); 688 689 $story_templates->set_var('expire_date_explanation', $LANG24[46]); 690 $story_templates->set_var('story_unixstamp', $A['expiredate']); 691 if ($A['statuscode'] == STORY_ARCHIVE_ON_EXPIRE) { 692 $story_templates->set_var('is_checked2', 'checked="checked"'); 693 $story_templates->set_var('is_checked3', 'checked="checked"'); 694 $story_templates->set_var('showarchivedisabled', 'false'); 695 } elseif ($A['statuscode'] == STORY_DELETE_ON_EXPIRE) { 696 $story_templates->set_var('is_checked2', 'checked="checked"'); 697 $story_templates->set_var('is_checked4', 'checked="checked"'); 698 $story_templates->set_var('showarchivedisabled', 'false'); 699 } else { 700 $story_templates->set_var('showarchivedisabled', 'true'); 701 } 702 $story_templates->set_var('lang_archivetitle', $LANG24[58]); 703 $story_templates->set_var('lang_option', $LANG24[59]); 704 $story_templates->set_var('lang_enabled', $LANG_ADMIN['enabled']); 705 $story_templates->set_var('lang_story_stats', $LANG24[87]); 706 $story_templates->set_var('lang_optionarchive', $LANG24[61]); 707 $story_templates->set_var('lang_optiondelete', $LANG24[62]); 708 $story_templates->set_var('lang_title', $LANG_ADMIN['title']); 709 if ($A['postmode'] == 'plaintext') { 710 $A['title'] = str_replace ('$', '$', $A['title']); 711 } 712 713 $A['title'] = str_replace('{','{',$A['title']); 714 $A['title'] = str_replace('}','}',$A['title']); 715 $A['title'] = str_replace('"','"',$A['title']); 716 $story_templates->set_var('story_title', stripslashes ($A['title'])); 717 $story_templates->set_var('lang_topic', $LANG_ADMIN['topic']); 718 if (empty ($A['tid']) && !empty ($currenttopic)) { 719 $A['tid'] = $currenttopic; 720 } 721 if (empty ($A['tid'])) { 722 $A['tid'] = DB_getItem ($_TABLES['topics'], 'tid', 723 'is_default = 1' . COM_getPermSQL ('AND')); 724 } 725 $story_templates->set_var ('topic_options', 726 COM_topicList ('tid,topic', $A['tid'], 1, true)); 727 $story_templates->set_var('lang_show_topic_icon', $LANG24[56]); 728 if ($A['show_topic_icon'] == 1) { 729 $story_templates->set_var('show_topic_icon_checked', 'checked="checked"'); 730 } else { 731 $story_templates->set_var('show_topic_icon_checked', ''); 732 } 733 $story_templates->set_var('lang_draft', $LANG24[34]); 734 if (isset ($A['draft_flag']) && ($A['draft_flag'] == 1)) { 735 $story_templates->set_var('is_checked', 'checked="checked"'); 736 } 737 $story_templates->set_var ('lang_mode', $LANG24[3]); 738 $story_templates->set_var ('status_options', 739 COM_optionList ($_TABLES['statuscodes'], 'code,name', 740 $A['statuscode'])); 741 $story_templates->set_var ('comment_options', 742 COM_optionList ($_TABLES['commentcodes'], 'code,name', 743 $A['commentcode'])); 744 $story_templates->set_var ('trackback_options', 745 COM_optionList ($_TABLES['trackbackcodes'], 'code,name', 746 $A['trackbackcode'])); 747 748 if (($_CONF['onlyrootfeatures'] == 1 && SEC_inGroup('Root')) 749 or ($_CONF['onlyrootfeatures'] !== 1)) { 750 $featured_options = "<select name=\"featured\">" . LB 751 . COM_optionList ($_TABLES['featurecodes'], 'code,name', $A['featured']) 752 . "</select>" . LB; 753 } else { 754 $featured_options = '<input type="hidden" name="featured" value="0">'; 755 } 756 $story_templates->set_var ('featured_options',$featured_options); 757 $story_templates->set_var ('frontpage_options', 758 COM_optionList ($_TABLES['frontpagecodes'], 'code,name', 759 $A['frontpage'])); 760 761 if ($A['postmode'] == 'plaintext') { 762 $A['introtext'] = COM_undoClickableLinks ($A['introtext']); 763 if (!empty ($A['bodytext'])) { 764 $A['bodytext'] = COM_undoClickableLinks ($A['bodytext']); 765 } 766 } 767 768 list($newintro, $newbody) = STORY_replace_images ($A['sid'], 769 stripslashes ($A['introtext']), stripslashes ($A['bodytext'])); 770 771 if ($A['postmode'] == 'plaintext') { 772 $newintro = str_replace('$','$',$newintro); 773 $newbody = str_replace('$','$',$newbody); 774 } else { 775 // Insert [code] and [/code] if needed 776 $newintro = str_replace('<pre><code>','[code]',$newintro); 777 $newbody = str_replace('<pre><code>','[code]',$newbody); 778 $newintro = str_replace('</code></pre>','[/code]',$newintro); 779 $newbody = str_replace('</code></pre>','[/code]',$newbody); 780 781 $newintro = htmlspecialchars ($newintro); 782 $newbody = htmlspecialchars ($newbody); 783 } 784 785 $newintro = str_replace('{','{',$newintro); 786 $newintro = str_replace('}','}',$newintro); 787 $story_templates->set_var('story_introtext', $newintro); 788 789 $newbody = str_replace('{','{',$newbody); 790 $newbody = str_replace('}','}',$newbody); 791 $story_templates->set_var('story_bodytext', $newbody); 792 793 $story_templates->set_var('lang_introtext', $LANG24[16]); 794 $story_templates->set_var('lang_bodytext', $LANG24[17]); 795 $story_templates->set_var('lang_postmode', $LANG24[4]); 796 $story_templates->set_var('lang_publishoptions',$LANG24[76]); 797 $story_templates->set_var('lang_nojavascript',$LANG24[77]); 798 $story_templates->set_var('no_javascript_return_link',sprintf($LANG24[78],$_CONF['site_admin_url'], $sid)); 799 $post_options = COM_optionList($_TABLES['postmodes'],'code,name',$A['postmode']); 800 801 // If Advanced Mode - add post option and set default if editing story created with Advanced Editor 802 if ($_CONF['advanced_editor'] == 1) { 803 if ($A['advanced_editor_mode'] == 1 OR $A['postmode'] == 'adveditor') { 804 $post_options .= '<option value="adveditor" selected="selected">'.$LANG24[86].'</option>'; 805 } else { 806 $post_options .= '<option value="adveditor">'.$LANG24[86].'</option>'; 807 } 808 } 809 $story_templates->set_var('post_options',$post_options ); 810 $story_templates->set_var('lang_allowed_html', COM_allowedHTML()); 811 $fileinputs = ''; 812 $saved_images = ''; 813 if ($_CONF['maximagesperarticle'] > 0) { 814 $story_templates->set_var('lang_images', $LANG24[47]); 815 $icount = DB_count($_TABLES['article_images'],'ai_sid', $A['sid']); 816 if ($icount > 0) { 817 $result_articles = DB_query("SELECT * FROM {$_TABLES['article_images']} WHERE ai_sid = '{$A['sid']}'"); 818 for ($z = 1; $z <= $icount; $z++) { 819 $I = DB_fetchArray($result_articles); 820 $saved_images .= $z . ') <a href="' . $_CONF['site_url'] . '/images/articles/' . $I['ai_filename'] . '">' . $I['ai_filename'] . '</a>'; 821 $saved_images .= ' ' . $LANG_ADMIN['delete'] . ': <input type="checkbox" name="delete[' .$I['ai_img_num'] . ']"><br>'; 822 } 823 } 824 825 $newallowed = $_CONF['maximagesperarticle'] - $icount; 826 for ($z = $icount + 1; $z <= $_CONF['maximagesperarticle']; $z++) { 827 $fileinputs .= $z . ') <input type="file" name="file' . $z . '">'; 828 if ($z < $_CONF['maximagesperarticle']) { 829 $fileinputs .= '<br>'; 830 } 831 } 832 $fileinputs .= '<br>' . $LANG24[51]; 833 if ($_CONF['allow_user_scaling'] == 1) { 834 $fileinputs .= $LANG24[27]; 835 } 836 $fileinputs .= $LANG24[28] . '<br>'; 837 } 838 $story_templates->set_var('saved_images', $saved_images); 839 $story_templates->set_var('image_form_elements', $fileinputs); 840 $story_templates->set_var('lang_hits', $LANG24[18]); 841 $story_templates->set_var('story_hits', $A['hits']); 842 $story_templates->set_var('lang_comments', $LANG24[19]); 843 $story_templates->set_var('story_comments', $A['comments']); 844 $story_templates->set_var('lang_trackbacks', $LANG24[29]); 845 $story_templates->set_var('story_trackbacks', $A['trackbacks']); 846 $story_templates->set_var('lang_emails', $LANG24[39]); 847 $story_templates->set_var('story_emails', $A['numemails']); 848 $story_templates->set_var('story_id', $A['sid']); 849 $story_templates->set_var('old_story_id', $A['old_sid']); 850 $story_templates->set_var('lang_sid', $LANG24[12]); 851 $story_templates->set_var('lang_save', $LANG_ADMIN['save']); 852 $story_templates->set_var('lang_preview', $LANG_ADMIN['preview']); 853 $story_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']); 854 $story_templates->set_var('lang_delete', $LANG_ADMIN['delete']); 855 $story_templates->parse('output','editor'); 856 $display .= $story_templates->finish($story_templates->get_var('output')); 857 $display .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer')); 858 859 return $display; 860 } 861 862 /** 863 * Saves story to database 864 * 865 * @param string $type story submission or (new) story 866 * @param string $sid ID of story to save 867 * @param int $uid ID of user that wrote the story 868 * @param string $tid Topic ID story belongs to 869 * @param string $title Title of story 870 * @param string $introtext Introduction text 871 * @param string $bodytext Text of body 872 * @param int $hits Number of times story has been viewed 873 * @param string $unixdate Date story was originally saved 874 * @param int $featured Flag on whether or not this is a featured article 875 * @param string $commentcode Indicates if comments are allowed to be made to article 876 * @param string $trackbackcode Indicates if trackbacks are allowed to be made to article 877 * @param string $statuscode Status of the story 878 * @param string $postmode Is this HTML or plain text? 879 * @param string $frontpage Flag indicates if story will appear on front page and topic or just topic 880 * @param int $draft_flag Flag indicates if story is a draft or not 881 * @param int $numemails Number of times this story has been emailed to someone 882 * @param int $owner_id ID of owner (not necessarily the author) 883 * @param int $group_id ID of group story belongs to 884 * @param int $perm_owner Permissions the owner has on story 885 * @param int $perm_group Permissions the group has on story 886 * @param int $perm_member Permissions members have on story 887 * @param int $perm_anon Permissions anonymous users have on story 888 * @param int $delete String array of attached images to delete from article 889 * 890 */ 891 function submitstory($type='',$sid,$uid,$tid,$title,$introtext,$bodytext,$hits,$unixdate,$expiredate,$featured,$commentcode,$trackbackcode,$statuscode,$postmode,$frontpage,$draft_flag,$numemails,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon,$delete,$show_topic_icon,$old_sid) 892 { 893 global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE; 894 895 // Convert array values to numeric permission values 896 list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon); 897 898 // fix for bug in advanced editor 899 if ($_CONF['advanced_editor'] && ($bodytext == '<br>')) { 900 $bodytext = ''; 901 } 902 $sid = COM_sanitizeID ($sid); 903 904 $duplicate_sid = false; 905 $delete_old_story = false; 906 $access = 0; 907 if (DB_count ($_TABLES['stories'], 'sid', $sid) > 0) { 908 if ($sid != $old_sid) { 909 $duplicate_sid = true; 910 } 911 $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '{$sid}'"); 912 $A = DB_fetchArray ($result); 913 $access = SEC_hasAccess ($A['owner_id'], $A['group_id'], 914 $A['perm_owner'], $A['perm_group'], $A['perm_members'], 915 $A['perm_anon']); 916 } else { 917 if (!empty ($old_sid) && ($sid != $old_sid)) { 918 $delete_old_story = true; 919 } 920 $access = SEC_hasAccess ($owner_id, $group_id, $perm_owner, $perm_group, 921 $perm_members, $perm_anon); 922 } 923 if (($access < 3) || (SEC_hasTopicAccess ($tid) < 2) || !SEC_inGroup ($group_id)) { 924 $display .= COM_siteHeader ('menu', $MESSAGE[30]); 925 $display .= COM_startBlock ($MESSAGE[30], '', 926 COM_getBlockTemplate ('_msg_block', 'header')); 927 $display .= $MESSAGE[31]; 928 $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 929 $display .= COM_siteFooter (); 930 COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story $sid."); 931 echo $display; 932 exit; 933 } elseif ($duplicate_sid) { 934 $display .= COM_siteHeader ('menu', $LANG24[5]); 935 $display .= COM_errorLog ($LANG24[24], 2); 936 $display .= storyeditor ($sid); 937 $display .= COM_siteFooter (); 938 echo $display; 939 exit; 940 } elseif (!empty($title) && !empty($introtext)) { 941 $date = date ('Y-m-d H:i:s', $unixdate); 942 $expire = date ('Y-m-d H:i:s', $expiredate); 943 944 if (empty($hits)) { 945 $hits = 0; 946 } 947 948 // Get draft flag value 949 if ($draft_flag == 'on') { 950 $draft_flag = 1; 951 } else { 952 $draft_flag = 0; 953 } 954 955 if (DB_getItem ($_TABLES['topics'], 'tid', "archive_flag=1") == $tid) { 956 $featured = 0; 957 $frontpage = 0; 958 $statuscode = STORY_ARCHIVE_ON_EXPIRE; 959 } 960 961 if ($featured == '1') { 962 // there can only be one non-draft featured story 963 if ($draft_flag == 0 AND $unixdate <= time()) { 964 $id[1] = 'featured'; 965 $values[1] = 1; 966 $id[2] = 'draft_flag'; 967 $values[2] = 0; 968 DB_change($_TABLES['stories'],'featured','0',$id,$values); 969 } 970 } 971 972 if (empty($numemails)) { 973 $numemails = 0; 974 } 975 976 if ($show_topic_icon == 'on') { 977 $show_topic_icon = 1; 978 } else { 979 $show_topic_icon = 0; 980 } 981 982 // Clean up the text 983 if ($postmode == 'html' OR $postmode == 'adveditor') { 984 // Advanced Editor: Are you editing this story and switching mode from text to html 985 if ( (DB_count($_TABLES['stories'],'sid',$sid) == 1) AND 986 (DB_getItem($_TABLES['stories'], 'postmode',"sid='$sid'") == 'plaintext') AND 987 ($_CONF['advanced_editor'] == 1) ) { 988 $introtext = str_replace("\n",'<br>',$introtext); 989 } 990 $introtext = COM_checkHTML (COM_checkWords ($introtext)); 991 $bodytext = COM_checkHTML (COM_checkWords ($bodytext)); 992 } else { 993 $introtext = htmlspecialchars (COM_checkWords ($introtext)); 994 $bodytext = htmlspecialchars (COM_checkWords ($bodytext)); 995 } 996 997 $title = addslashes(htmlspecialchars(strip_tags(COM_checkWords($title)))); 998 $comments = DB_count ($_TABLES['comments'], array ('sid', 'type'), 999 array ($sid, 'article')); 1000 $trackbacks = DB_count ($_TABLES['trackback'], array ('sid', 'type'), 1001 array ($sid, 'article')); 1002 1003 // Delete any images if needed 1004 for ($i = 1; $i <= count($delete); $i++) { 1005 $ai_filename = DB_getItem ($_TABLES['article_images'],'ai_filename', "ai_sid = '$sid' AND ai_img_num = " . key ($delete)); 1006 STORY_deleteImage ($ai_filename); 1007 1008 DB_query ("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '$sid' AND ai_img_num = " . key ($delete)); 1009 next ($delete); 1010 } 1011 1012 // OK, let's upload any pictures with the article 1013 if (DB_count($_TABLES['article_images'], 'ai_sid', $sid) > 0) { 1014 $index_start = DB_getItem($_TABLES['article_images'],'max(ai_img_num)',"ai_sid = '$sid'") + 1; 1015 } else { 1016 $index_start = 1; 1017 } 1018 1019 if (count($_FILES) > 0 AND $_CONF['maximagesperarticle'] > 0) { 1020 require_once($_CONF['path_system'] . 'classes/upload.class.php'); 1021 $upload = new upload(); 1022 1023 if (isset ($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { 1024 $upload->setLogFile ($_CONF['path'] . 'logs/error.log'); 1025 $upload->setDebug (true); 1026 } 1027 $upload->setMaxFileUploads ($_CONF['maximagesperarticle']); 1028 if (!empty($_CONF['image_lib'])) { 1029 if ($_CONF['image_lib'] == 'imagemagick') { 1030 // Using imagemagick 1031 $upload->setMogrifyPath ($_CONF['path_to_mogrify']); 1032 } elseif ($_CONF['image_lib'] == 'netpbm') { 1033 // using netPBM 1034 $upload->setNetPBM ($_CONF['path_to_netpbm']); 1035 } elseif ($_CONF['image_lib'] == 'gdlib') { 1036 // using the GD library 1037 $upload->setGDLib (); 1038 } 1039 $upload->setAutomaticResize(true); 1040 if (isset ($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { 1041 $upload->setLogFile ($_CONF['path'] . 'logs/error.log'); 1042 $upload->setDebug (true); 1043 } 1044 if ($_CONF['keep_unscaled_image'] == 1) { 1045 $upload->keepOriginalImage (true); 1046 } else { 1047 $upload->keepOriginalImage (false); 1048 } 1049 } 1050 $upload->setAllowedMimeTypes (array ( 1051 'image/gif' => '.gif', 1052 'image/jpeg' => '.jpg,.jpeg', 1053 'image/pjpeg' => '.jpg,.jpeg', 1054 'image/x-png' => '.png', 1055 'image/png' => '.png' 1056 )); 1057 if (!$upload->setPath($_CONF['path_images'] . 'articles')) { 1058 $display = COM_siteHeader ('menu', $LANG24[30]); 1059 $display .= COM_startBlock ($LANG24[30], '', COM_getBlockTemplate ('_msg_block', 'header')); 1060 $display .= $upload->printErrors (false); 1061 $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 1062 $display .= COM_siteFooter (); 1063 echo $display; 1064 exit; 1065 } 1066 1067 // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will 1068 // force any images bigger than the passed dimensions to be resized. 1069 // If mogrify is not set, any images larger than these dimensions 1070 // will get validation errors 1071 $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']); 1072 $upload->setMaxFileSize($_CONF['max_image_size']); // size in bytes, 1048576 = 1MB 1073 1074 // Set file permissions on file after it gets uploaded (number is in octal) 1075 $upload->setPerms('0644'); 1076 $filenames = array(); 1077 $end_index = $index_start + $upload->numFiles() - 1; 1078 for ($z = $index_start; $z <= $end_index; $z++) { 1079 $curfile = current($_FILES); 1080 if (!empty($curfile['name'])) { 1081 $pos = strrpos($curfile['name'],'.') + 1; 1082 $fextension = substr($curfile['name'], $pos); 1083 $filenames[] = $sid . '_' . $z . '.' . $fextension; 1084 } 1085 next($_FILES); 1086 } 1087 $upload->setFileNames($filenames); 1088 reset($_FILES); 1089 $upload->setDebug(true); 1090 $upload->uploadFiles(); 1091 1092 if ($upload->areErrors()) { 1093 $retval = COM_siteHeader('menu', $LANG24[30]); 1094 $retval .= COM_startBlock ($LANG24[30], '', 1095 COM_getBlockTemplate ('_msg_block', 'header')); 1096 $retval .= $upload->printErrors(false); 1097 $retval .= COM_endBlock(COM_getBlockTemplate ('_msg_block', 'footer')); 1098 $retval .= COM_siteFooter(); 1099 echo $retval; 1100 exit; 1101 } 1102 1103 reset($filenames); 1104 for ($z = $index_start; $z <= $end_index; $z++) { 1105 DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('$sid', $z, '" . current($filenames) . "')"); 1106 next($filenames); 1107 } 1108 } 1109 1110 if ($postmode == 'plaintext') { 1111 $introtext = COM_makeClickableLinks ($introtext); 1112 $bodytext = COM_makeClickableLinks ($bodytext); 1113 } 1114 1115 if ($_CONF['maximagesperarticle'] > 0) { 1116 if ($delete_old_story) { 1117 // story id has changed - update article_images table first 1118 DB_query ("UPDATE {$_TABLES['article_images']} SET ai_sid = '{$sid}' WHERE ai_sid = '{$old_sid}'"); 1119 } 1120 list($errors, $introtext, $bodytext) = STORY_insert_images($sid, $introtext, $bodytext); 1121 if (count($errors) > 0) { 1122 $display = COM_siteHeader ('menu', $LANG24[54]); 1123 $display .= COM_startBlock ($LANG24[54], '', 1124 COM_getBlockTemplate ('_msg_block', 'header')); 1125 $display .= $LANG24[55] . '<p>'; 1126 for ($i = 1; $i <= count($errors); $i++) { 1127 $display .= current($errors) . '<br>'; 1128 next($errors); 1129 } 1130 $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 1131 $display .= storyeditor($sid); 1132 $display .= COM_siteFooter(); 1133 echo $display; 1134 exit; 1135 } 1136 } 1137 1138 // Get the related URLs 1139 $related = addslashes (implode ("\n", 1140 STORY_extractLinks ("$introtext $bodytext"))); 1141 1142 $introtext = addslashes ($introtext); 1143 $bodytext = addslashes ($bodytext); 1144 1145 // Set Advanced Editor Mode option but save it still has html mode 1146 if ($postmode == 'adveditor') { 1147 $postmode = 'html'; 1148 $advanced_editor_mode = 1; 1149 } else { 1150 $advanced_editor_mode = 0; 1151 } 1152 1153 DB_save ($_TABLES['stories'], 'sid,uid,tid,title,introtext,bodytext,hits,date,comments,trackbacks,related,featured,commentcode,trackbackcode,statuscode,expire,postmode,frontpage,draft_flag,numemails,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,show_topic_icon,in_transit,advanced_editor_mode', "'$sid',$uid,'$tid','$title','$introtext','$bodytext',$hits,FROM_UNIXTIME($unixdate),'$comments','$trackbacks','$related',$featured,'$commentcode','$trackbackcode','$statuscode',FROM_UNIXTIME($expiredate),'$postmode','$frontpage',$draft_flag,$numemails,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon,$show_topic_icon,1,$advanced_editor_mode"); 1154 1155 // If this is done as part of the moderation then delete the submission 1156 if (empty ($old_sid)) { 1157 $del_sid = $sid; 1158 } else { 1159 $del_sid = $old_sid; 1160 } 1161 DB_delete ($_TABLES['storysubmission'], 'sid', $del_sid); 1162 1163 // if the story id has changed, delete the story with the old id 1164 if ($delete_old_story && !empty ($old_sid)) { 1165 DB_delete ($_TABLES['stories'], 'sid', $old_sid); 1166 DB_query ("UPDATE {$_TABLES['comments']} SET sid = '$sid' WHERE type = 'article' AND sid = '$old_sid'"); 1167 DB_query ("UPDATE {$_TABLES['trackback']} SET sid = '$sid' WHERE type = 'article' AND sid = '$old_sid'"); 1168 } 1169 1170 // see if any plugins want to act on that story 1171 $plugin_error = PLG_itemSaved ($sid, 'article'); 1172 1173 // always clear 'in_transit' flag 1174 DB_change ($_TABLES['stories'], 'in_transit', 0, 'sid', $sid); 1175 1176 // in case of an error go back to the story editor 1177 if ($plugin_error !== false) { 1178 $display .= COM_siteHeader ('menu', $LANG24[5]); 1179 $display .= storyeditor ($sid, 'retry', $plugin_error); 1180 $display .= COM_siteFooter (); 1181 echo $display; 1182 exit; 1183 } 1184 1185 // update feed(s) and Older Stories block 1186 COM_rdfUpToDateCheck ('geeklog', $tid, $sid); 1187 COM_olderStuff (); 1188 1189 if ($type == 'submission') { 1190 echo COM_refresh ($_CONF['site_admin_url'] . '/moderation.php?msg=9'); 1191 } else { 1192 echo COM_refresh ($_CONF['site_admin_url'] . '/story.php?msg=9'); 1193 } 1194 exit; 1195 } else { 1196 $display .= COM_siteHeader('menu', $LANG24[5]); 1197 $display .= COM_errorLog($LANG24[31], 2); 1198 $display .= storyeditor($sid); 1199 $display .= COM_siteFooter(); 1200 echo $display; 1201 exit; 1202 } 1203 } 1204 1205 // MAIN 1206 $mode = ''; 1207 if (isset($_REQUEST['mode'])){ 1208 $mode = COM_applyFilter ($_REQUEST['mode']); 1209 } 1210 1211 if (isset($_REQUEST['editopt'])){ 1212 $editopt = COM_applyFilter ($_REQUEST['editopt']); 1213 if ($editopt == 'default') { 1214 $_CONF['advanced_editor'] = false; 1215 } 1216 } 1217 1218 $display = ''; 1219 if (($mode == $LANG_ADMIN['delete']) && !empty ($LANG_ADMIN['delete'])) { 1220 $sid = COM_applyFilter ($_POST['sid']); 1221 $type = ''; 1222 if (isset ($_POST['type'])) { 1223 $type = COM_applyFilter ($_POST['type']); 1224 } 1225 if (!isset ($sid) || empty ($sid)) { 1226 COM_errorLog ('Attempted to delete story sid=' . $sid); 1227 echo COM_refresh ($_CONF['site_admin_url'] . '/story.php'); 1228 } else if ($type == 'submission') { 1229 $tid = DB_getItem ($_TABLES['storysubmission'], 'tid', "sid = '$sid'"); 1230 if (SEC_hasTopicAccess ($tid) < 3) { 1231 COM_accessLog ("User {$_USER['username']} tried to illegally delete story submission $sid."); 1232 echo COM_refresh ($_CONF['site_admin_url'] . '/index.php'); 1233 } else { 1234 DB_delete ($_TABLES['storysubmission'], 'sid', $sid, 1235 $_CONF['site_admin_url'] . '/moderation.php'); 1236 } 1237 } else { 1238 echo STORY_deleteStory ($sid); 1239 } 1240 } else if (($mode == $LANG_ADMIN['preview']) && !empty ($LANG_ADMIN['preview'])) { 1241 $display .= COM_siteHeader('menu', $LANG24[5]); 1242 $editor = ''; 1243 if (!empty ($_GET['editor'])) { 1244 $editor = COM_applyFilter ($_GET['editor']); 1245 } 1246 $display .= storyeditor (COM_applyFilter ($_POST['sid']), 'preview', '', '', 1247 $editor); 1248 $display .= COM_siteFooter(); 1249 echo $display; 1250 } else if ($mode == 'edit') { 1251 $display .= COM_siteHeader('menu', $LANG24[5]); 1252 $sid = ''; 1253 if (isset ($_GET['sid'])) { 1254 $sid = COM_applyFilter ($_GET['sid']); 1255 } 1256 $topic = ''; 1257 if (isset ($_GET['topic'])) { 1258 $topic = COM_applyFilter ($_GET['topic']); 1259 } 1260 $editor = ''; 1261 if (isset ($_GET['editor'])) { 1262 $editor = COM_applyFilter ($_GET['editor']); 1263 } 1264 $display .= storyeditor ($sid, $mode, '', $topic, $editor); 1265 $display .= COM_siteFooter(); 1266 echo $display; 1267 } else if ($mode == 'editsubmission') { 1268 $display .= COM_siteHeader('menu', $LANG24[5]); 1269 $display .= storyeditor (COM_applyFilter ($_GET['id']), $mode); 1270 $display .= COM_siteFooter(); 1271 echo $display; 1272 } else if (($mode == $LANG_ADMIN['save']) && !empty ($LANG_ADMIN['save'])) { 1273 $publish_hour = COM_applyFilter ($_POST['publish_hour'], true); 1274 if (isset ($_CONF['hour_mode']) && ($_CONF['hour_mode'] == 24)) { 1275 if ($publish_hour >= 12) { 1276 if ($publish_hour > 12) { 1277 $publish_hour -= 12; 1278 } 1279 $publish_ampm = 'pm'; 1280 } else { 1281 if ($publish_hour == 0) { 1282 $publish_hour = 12; 1283 } 1284 $publish_ampm = 'am'; 1285 } 1286 } else { 1287 $publish_ampm = COM_applyFilter ($_POST['publish_ampm']); 1288 } 1289 $publish_minute = COM_applyFilter ($_POST['publish_minute'], true); 1290 $publish_second = COM_applyFilter ($_POST['publish_second'], true); 1291 if ($publish_ampm == 'pm') { 1292 if ($publish_hour < 12) { 1293 $publish_hour = $publish_hour + 12; 1294 } 1295 } 1296 if ($publish_ampm == 'am' AND $publish_hour == 12) { 1297 $publish_hour = '00'; 1298 } 1299 $publish_year = COM_applyFilter ($_POST['publish_year'], true); 1300 $publish_month = COM_applyFilter ($_POST['publish_month'], true); 1301 $publish_day = COM_applyFilter ($_POST['publish_day'], true); 1302 $unixdate = strtotime("$publish_month/$publish_day/$publish_year $publish_hour:$publish_minute:$publish_second"); 1303 1304 $archiveflag = 0; 1305 if (isset ($_POST['archiveflag'])) { 1306 $archiveflag = COM_applyFilter ($_POST['archiveflag'], true); 1307 } 1308 if ($archiveflag != 1) { 1309 $statuscode = 0; 1310 } 1311 1312 $expire_hour = COM_applyFilter ($_POST['expire_hour'], true); 1313 if (isset ($_CONF['hour_mode']) && ($_CONF['hour_mode'] == 24)) { 1314 if ($expire_hour >= 12) { 1315 if ($expire_hour > 12) { 1316 $expire_hour -= 12; 1317 } 1318 $expire_ampm = 'pm'; 1319 } else { 1320 if ($expire_hour == 0) { 1321 $expire_hour = 12; 1322 } 1323 $expire_ampm = 'am'; 1324 } 1325 } else { 1326 $expire_ampm = COM_applyFilter ($_POST['expire_ampm']); 1327 } 1328 $expire_minute = COM_applyFilter ($_POST['expire_minute'], true); 1329 $expire_second = COM_applyFilter ($_POST['expire_second'], true); 1330 $expire_year = COM_applyFilter ($_POST['expire_year'], true); 1331 $expire_month = COM_applyFilter ($_POST['expire_month'], true); 1332 $expire_day = COM_applyFilter ($_POST['expire_day'], true); 1333 1334 if (isset ($expire_hour)) { 1335 if ($expire_ampm == 'pm') { 1336 if ($expire_hour < 12) { 1337 $expire_hour = $expire_hour + 12; 1338 } 1339 } 1340 if ($expire_ampm == 'am' AND $expire_hour == 12) { 1341 $expire_hour = '00'; 1342 } 1343 $expiredate = strtotime("$expire_month/$expire_day/$expire_year $expire_hour:$expire_minute:$expire_second"); 1344 } else { 1345 $expiredate = time(); 1346 } 1347 $uid = COM_applyFilter ($_POST['uid'], true); 1348 $type = ''; 1349 if (isset ($_POST['type'])) { 1350 $type = COM_applyFilter ($_POST['type']); 1351 } 1352 1353 submitstory ($type, COM_applyFilter ($_POST['sid']), $uid, 1354 COM_applyFilter ($_POST['tid']), 1355 COM_stripslashes ($_POST['title']), 1356 COM_stripslashes ($_POST['introtext']), 1357 COM_stripslashes ($_POST['bodytext']), 1358 COM_applyFilter ($_POST['hits'], true), $unixdate, $expiredate, 1359 COM_applyFilter ($_POST['featured'], true), 1360 COM_applyFilter ($_POST['commentcode'], true), 1361 COM_applyFilter ($_POST['trackbackcode'], true), 1362 COM_applyFilter ($_POST['statuscode'], true), 1363 trim(COM_applyFilter ($_POST['postmode'])), 1364 COM_applyFilter ($_POST['frontpage'], true), 1365 COM_applyFilter ($_POST['draft_flag']), 1366 COM_applyFilter ($_POST['numemails'], true), 1367 COM_applyFilter ($_POST['owner_id'], true), 1368 COM_applyFilter ($_POST['group_id'], true), 1369 $_POST['perm_owner'], $_POST['perm_group'], 1370 $_POST['perm_members'], $_POST['perm_anon'], $_POST['delete'], 1371 COM_applyFilter ($_POST['show_topic_icon']), 1372 COM_applyFilter ($_POST['old_sid'])); 1373 } else { // 'cancel' or no mode at all 1374 $type = ''; 1375 if (isset($_POST['type'])){ 1376 $type = COM_applyFilter ($_POST['type']); 1377 } 1378 if (($mode == $LANG24[10]) && !empty ($LANG24[10]) && 1379 ($type == 'submission')) { 1380 $display = COM_refresh ($_CONF['site_admin_url'] . '/moderation.php'); 1381 } else { 1382 $display .= COM_siteHeader('menu', $LANG24[22]); 1383 $msg = ""; 1384 if (isset($_GET['msg'])) { 1385 $msg = COM_applyFilter($_GET['msg'], true); 1386 } 1387 $display .= COM_showMessage ($msg); 1388 $display .= liststories(); 1389 $display .= COM_siteFooter(); 1390 } 1391 echo $display; 1392 } 1393 1394 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Wed Nov 21 12:27:40 2007 | par Balluche grâce à PHPXref 0.7 |
|
|