| [ Index ] |
|
Code source de GeekLog 1.4.1 |
1 <?php 2 3 /* Reminder: always indent with 4 spaces (no tabs). */ 4 // +---------------------------------------------------------------------------+ 5 // | Geeklog 1.4 | 6 // +---------------------------------------------------------------------------+ 7 // | submit.php | 8 // | | 9 // | Let users submit stories and plugin stuff. | 10 // +---------------------------------------------------------------------------+ 11 // | Copyright (C) 2000-2006 by the following authors: | 12 // | | 13 // | Authors: Tony Bibbs - tony AT tonybibbs DOT com | 14 // | Mark Limburg - mlimburg AT users DOT sourceforge DOT net | 15 // | Jason Whittenburg - jwhitten AT securitygeeks DOT com | 16 // | Dirk Haun - dirk AT haun-online DOT de | 17 // +---------------------------------------------------------------------------+ 18 // | | 19 // | This program is free software; you can redistribute it and/or | 20 // | modify it under the terms of the GNU General Public License | 21 // | as published by the Free Software Foundation; either version 2 | 22 // | of the License, or (at your option) any later version. | 23 // | | 24 // | This program is distributed in the hope that it will be useful, | 25 // | but WITHOUT ANY WARRANTY; without even the implied warranty of | 26 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 27 // | GNU General Public License for more details. | 28 // | | 29 // | You should have received a copy of the GNU General Public License | 30 // | along with this program; if not, write to the Free Software Foundation, | 31 // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | 32 // | | 33 // +---------------------------------------------------------------------------+ 34 // 35 // $Id: submit.php,v 1.113 2006/12/09 21:46:27 dhaun Exp $ 36 37 require_once ('lib-common.php'); 38 require_once ($_CONF['path_system'] . 'lib-story.php'); 39 40 // Uncomment the line below if you need to debug the HTTP variables being passed 41 // to the script. This will sometimes cause errors but it will allow you to see 42 // the data being passed in a POST operation 43 // echo COM_debug($_POST); 44 45 /** 46 * Shows a given submission form 47 * 48 * This is the submission it is modular to allow us to write as little as 49 * possible. It takes a type and formats a form for the user. Currently the 50 * types is story. If no type is provided, Story is assumed. 51 * 52 * @param string $type type of submission ('story') 53 * @param string $mode calendar mode ('personal' or empty string) 54 * @param string $topic topic (for stories) 55 * @return string HTML for submission form 56 * 57 */ 58 function submissionform($type='story', $mode = '', $topic = '') 59 { 60 global $_CONF, $_TABLES, $_USER, $LANG12, $LANG_LOGIN; 61 62 $retval = ''; 63 64 COM_clearSpeedlimit ($_CONF['speedlimit'], 'submit'); 65 66 $last = COM_checkSpeedlimit ('submit'); 67 68 if ($last > 0) { 69 $retval .= COM_startBlock ($LANG12[26], '', 70 COM_getBlockTemplate ('_msg_block', 'header')) 71 . $LANG12[30] 72 . $last 73 . $LANG12[31] 74 . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 75 } else { 76 if (empty ($_USER['username']) && 77 (($_CONF['loginrequired'] == 1) || ($_CONF['submitloginrequired'] == 1))) { 78 $retval .= COM_startBlock ($LANG_LOGIN[1], '', 79 COM_getBlockTemplate ('_msg_block', 'header')); 80 $loginreq = new Template($_CONF['path_layout'] . 'submit'); 81 $loginreq->set_file('loginreq', 'submitloginrequired.thtml'); 82 $loginreq->set_var('login_message', $LANG_LOGIN[2]); 83 $loginreq->set_var('site_url', $_CONF['site_url']); 84 $loginreq->set_var('layout_url', $_CONF['layout_url']); 85 $loginreq->set_var('lang_login', $LANG_LOGIN[3]); 86 $loginreq->set_var('lang_newuser', $LANG_LOGIN[4]); 87 $loginreq->parse('errormsg', 'loginreq'); 88 $retval .= $loginreq->finish($loginreq->get_var('errormsg')); 89 $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 90 return $retval; 91 } else { 92 $retval .= COM_startBlock($LANG12[19]) 93 . $LANG12[9] 94 . COM_endBlock(); 95 96 if ((strlen($type) > 0) && ($type <> 'story')) { 97 $formresult = PLG_showSubmitForm($type); 98 if ($formresult == false) { 99 COM_errorLog("Someone tried to submit an item to the $type-plugin, which cannot be found.", 1); 100 COM_displayMessageAndAbort (79, '', 410, 'Gone'); 101 } else { 102 $retval .= $formresult; 103 } 104 } else { 105 $retval .= submitstory($topic); 106 } 107 } 108 } 109 110 return $retval; 111 } 112 113 /** 114 * Shows the story submission form 115 * 116 */ 117 function submitstory($topic = '') 118 { 119 global $_CONF, $_TABLES, $_USER, $LANG12, $LANG24; 120 121 $retval = ''; 122 123 if (isset ($_POST['mode']) && ($_POST['mode'] == $LANG12[32])) { // preview 124 $A = $_POST; 125 } else { 126 $A['sid'] = COM_makeSid(); 127 $A['unixdate'] = time(); 128 } 129 if (isset ($_USER['uid']) && ($_USER['uid'] > 1)) { 130 $A['uid'] = $_USER['uid']; 131 } else { 132 $A['uid'] = 1; 133 } 134 135 if (empty ($A['postmode'])) { 136 $A['postmode'] = $_CONF['postmode']; 137 } 138 139 if (!empty ($topic)) { 140 $allowed = DB_getItem ($_TABLES['topics'], 'tid', 141 "tid = '" . addslashes ($topic) . "'" . COM_getTopicSql ('AND')); 142 143 if ($allowed != $topic) { 144 $topic = ''; 145 } 146 } 147 148 $title = ''; 149 $introtext = ''; 150 151 if (!empty($A['title'])) { 152 $introtext = COM_stripslashes( $A['introtext'] ); 153 $introtext = htmlspecialchars ($introtext); 154 $introtext = str_replace('$','$',$introtext); 155 $title = stripslashes ($A['title']); 156 $title = str_replace('$','$',$title); 157 158 if ($A['postmode'] == 'html') { 159 $A['introtext'] = addslashes(COM_checkHTML(COM_checkWords($A['introtext']))); 160 $A['title'] = addslashes(COM_checkHTML(COM_checkWords($A['title']))); 161 } else { 162 $A['introtext'] = htmlspecialchars(COM_checkWords($A['introtext'])); 163 $A['introtext'] = str_replace('$','$',$A['introtext']); 164 165 $A['title'] = htmlspecialchars(COM_checkWords($A['title'])); 166 $A['title'] = str_replace('$','$',$A['title']); 167 } 168 $introtext = str_replace('{','{',$introtext); 169 $introtext = str_replace('}','}',$introtext); 170 $A['introtext'] = str_replace('{','{',$A['introtext']); 171 $A['introtext'] = str_replace('}','}',$A['introtext']); 172 $A['hits'] = 0; 173 $res = DB_query("SELECT username, fullname, photo FROM {$_TABLES['users']} WHERE uid = {$A['uid']}"); 174 $A += DB_fetchArray($res); 175 $A['tid'] = COM_applyFilter($A['tid']); 176 $res = DB_query("SELECT topic, imageurl FROM {$_TABLES['topics']} WHERE tid = '{$A['tid']}'"); 177 $A += DB_fetchArray($res); 178 if ($A['postmode'] == 'plaintext') { 179 $A['introtext'] = COM_makeClickableLinks ($A['introtext']); 180 } 181 $retval .= COM_startBlock($LANG12[32]) 182 . STORY_renderArticle ($A, 'p') 183 . COM_endBlock(); 184 } 185 186 $retval .= COM_startBlock($LANG12[6],'submitstory.html'); 187 188 $storyform = new Template($_CONF['path_layout'] . 'submit'); 189 if (isset ($_CONF['advanced_editor']) && ($_CONF['advanced_editor'] == 1) && 190 file_exists ($_CONF['path_layout'] . 'submit/submitstory_advanced.thtml')) { 191 $storyform->set_file('storyform','submitstory_advanced.thtml'); 192 $storyform->set_var ('change_editormode', 'onChange="change_editmode(this);"'); 193 $storyform->set_var ('lang_expandhelp', $LANG24[67]); 194 $storyform->set_var ('lang_reducehelp', $LANG24[68]); 195 if ($A['postmode'] == 'html') { 196 $storyform->set_var ('show_texteditor', 'none'); 197 $storyform->set_var ('show_htmleditor', ''); 198 } else { 199 $storyform->set_var ('show_texteditor', ''); 200 $storyform->set_var ('show_htmleditor', 'none'); 201 } 202 } else { 203 $storyform->set_file('storyform','submitstory.thtml'); 204 if ($A['postmode'] == 'html') { 205 $storyform->set_var ('show_texteditor', 'none'); 206 $storyform->set_var ('show_htmleditor', ''); 207 } else { 208 $storyform->set_var ('show_texteditor', ''); 209 $storyform->set_var ('show_htmleditor', 'none'); 210 } 211 } 212 $storyform->set_var ('site_url', $_CONF['site_url']); 213 $storyform->set_var ('layout_url', $_CONF['layout_url']); 214 $storyform->set_var ('lang_username', $LANG12[27]); 215 216 if (!empty($_USER['username'])) { 217 $storyform->set_var('story_username', $_USER['username']); 218 $storyform->set_var('author', COM_getDisplayName ()); 219 $storyform->set_var('status_url', $_CONF['site_url'] 220 . '/users.php?mode=logout'); 221 $storyform->set_var('lang_loginout', $LANG12[34]); 222 } else { 223 $storyform->set_var('status_url', $_CONF['site_url'] . '/users.php'); 224 $storyform->set_var('lang_loginout', $LANG12[2]); 225 $storyform->set_var('separator', ' | '); 226 $storyform->set_var('seperator', ' | '); 227 $storyform->set_var('create_account','<a href="' . $_CONF['site_url'] . '/users.php?mode=new" rel="nofollow">' . $LANG12[53] . '</a>'); 228 } 229 230 $storyform->set_var('lang_title', $LANG12[10]); 231 $storyform->set_var('story_title', htmlspecialchars ($title)); 232 $storyform->set_var('lang_topic', $LANG12[28]); 233 if (empty ($A['tid']) && !empty ($topic)) { 234 $A['tid'] = $topic; 235 } 236 if (empty ($A['tid'])) { 237 $A['tid'] = DB_getItem ($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL ('AND')); 238 } 239 $storyform->set_var('story_topic_options', COM_topicList('tid,topic',$A['tid'])); 240 $storyform->set_var('lang_story', $LANG12[29]); 241 $storyform->set_var('story_introtext', $introtext); 242 $storyform->set_var('lang_postmode', $LANG12[36]); 243 $storyform->set_var('story_postmode_options', COM_optionList($_TABLES['postmodes'],'code,name',$A['postmode'])); 244 $storyform->set_var('allowed_html', COM_allowedHTML()); 245 $storyform->set_var('story_uid', $A['uid']); 246 $storyform->set_var('story_sid', $A['sid']); 247 $storyform->set_var('story_date', $A['unixdate']); 248 249 if (($_CONF['skip_preview'] == 1) || ($A['mode'] == $LANG12[32])) { 250 PLG_templateSetVars ('story', $storyform); 251 $storyform->set_var('save_button', '<input name="mode" type="submit" value="' . $LANG12[8] . '">'); 252 } 253 254 $storyform->set_var('lang_preview', $LANG12[32]); 255 $storyform->parse('theform', 'storyform'); 256 $retval .= $storyform->finish($storyform->get_var('theform')); 257 $retval .= COM_endBlock(); 258 259 return $retval; 260 } 261 262 /** 263 * Send an email notification for a new submission. 264 * 265 * @param string $table Table where the new submission can be found 266 * @param string $id Id of the new submission 267 * 268 */ 269 function sendNotification ($table, $A) 270 { 271 global $_CONF, $_TABLES, $LANG01, $LANG08, $LANG24, $LANG29, $LANG_ADMIN; 272 273 $title = COM_undoSpecialChars (stripslashes ($A['title'])); 274 if ($A['postmode'] == 'html') { 275 $A['introtext'] = strip_tags ($A['introtext']); 276 } 277 $introtext = COM_undoSpecialChars (stripslashes ($A['introtext'])); 278 $storyauthor = COM_getDisplayName ($A['uid']); 279 $topic = stripslashes (DB_getItem ($_TABLES['topics'], 'topic', 280 "tid = '{$A['tid']}'")); 281 282 $mailbody = "$LANG08[31]: {$title}\n" 283 . "$LANG24[7]: {$storyauthor}\n" 284 . "$LANG08[32]: " . strftime ($_CONF['date']) . "\n" 285 . "{$LANG_ADMIN['topic']}: {$topic}\n\n"; 286 287 if ($_CONF['emailstorieslength'] > 0) { 288 if ($_CONF['emailstorieslength'] > 1) { 289 $introtext = MBYTE_substr ($introtext, 0, 290 $_CONF['emailstorieslength']) . '...'; 291 } 292 $mailbody .= $introtext . "\n\n"; 293 } 294 if ($table == $_TABLES['storysubmission']) { 295 $mailbody .= "$LANG01[10] <{$_CONF['site_admin_url']}/moderation.php>\n\n"; 296 } else { 297 $articleUrl = COM_buildUrl ($_CONF['site_url'] 298 . '/article.php?story=' . $A['sid']); 299 $mailbody .= $LANG08[33] . ' <' . $articleUrl . ">\n\n"; 300 } 301 $mailsubject = $_CONF['site_name'] . ' ' . $LANG29[35]; 302 $mailbody .= "\n------------------------------\n"; 303 $mailbody .= "\n$LANG08[34]\n"; 304 $mailbody .= "\n------------------------------\n"; 305 306 COM_mail ($_CONF['site_mail'], $mailsubject, $mailbody); 307 } 308 309 /** 310 * Saves a story submission 311 * 312 * @param array $A Data for that submission 313 * @return string HTML redirect 314 * 315 */ 316 function savestory ($A) 317 { 318 global $_CONF, $_TABLES, $_USER; 319 320 $retval = ''; 321 322 $A['title'] = COM_stripslashes ($A['title']); 323 $A['introtext'] = COM_stripslashes ($A['introtext']); 324 325 // pseudo-formatted story text for the spam check 326 $spamcheck = '<h1>' . $A['title'] . '</h1><p>' . $A['introtext'] . '</p>'; 327 $result = PLG_checkforSpam ($spamcheck, $_CONF['spamx']); 328 if ($result > 0) { 329 COM_updateSpeedlimit ('submit'); 330 COM_displayMessageAndAbort ($result, 'spamx', 403, 'Forbidden'); 331 } 332 333 $A['title'] = strip_tags (COM_checkWords ($A['title'])); 334 $A['title'] = addslashes (str_replace ('$', '$', $A['title'])); 335 336 if ($A['postmode'] == 'html') { 337 $introtext = COM_checkHTML (COM_checkWords ($A['introtext'])); 338 } else { 339 $introtext = COM_makeClickableLinks (htmlspecialchars (COM_checkWords ($A['introtext']))); 340 $A['postmode'] = 'plaintext'; 341 } 342 343 $A['sid'] = addslashes (COM_makeSid ()); 344 if (isset ($_USER['uid']) && ($_USER['uid'] > 1)) { 345 $A['uid'] = $_USER['uid']; 346 } else { 347 $A['uid'] = 1; 348 } 349 COM_updateSpeedlimit ('submit'); 350 351 $A['tid'] = addslashes (COM_sanitizeID ($A['tid'])); 352 353 $result = DB_query ("SELECT group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$A['tid']}'" . COM_getTopicSQL ('AND')); 354 if (DB_numRows ($result) == 0) { 355 // user doesn't have access to this topic - bail 356 return COM_refresh ($_CONF['site_url'] . '/index.php'); 357 } 358 $T = DB_fetchArray ($result); 359 360 if (($_CONF['storysubmission'] == 1) && !SEC_hasRights ('story.submit')) { 361 $introtext = addslashes ($introtext); 362 DB_save ($_TABLES['storysubmission'], 363 'sid,tid,uid,title,introtext,date,postmode', 364 "{$A['sid']},'{$A['tid']}',{$A['uid']},'{$A['title']}','$introtext',NOW(),'{$A['postmode']}'"); 365 366 if (isset ($_CONF['notification']) && 367 in_array ('story', $_CONF['notification'])) { 368 sendNotification ($_TABLES['storysubmission'], $A); 369 } 370 371 $retval .= COM_refresh ($_CONF['site_url'] . '/index.php?msg=2'); 372 } else { // post this story directly 373 $related = addslashes (implode ("\n", STORY_extractLinks ($introtext))); 374 375 $introtext = addslashes ($introtext); 376 if (!isset ($_CONF['show_topic_icon'])) { 377 $_CONF['show_topic_icon'] = 1; 378 } 379 if (DB_getItem ($_TABLES['topics'], 'archive_flag', 380 "tid = '{$A['tid']}'") == 1) { 381 $A['frontpage'] = 0; 382 } else if (isset ($_CONF['frontpage'])) { 383 $A['frontpage'] = $_CONF['frontpage']; 384 } else { 385 $A['frontpage'] = 1; 386 } 387 DB_save ($_TABLES['stories'], 'sid,uid,tid,title,introtext,related,date,commentcode,trackbackcode,postmode,show_topic_icon,frontpage,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "{$A['sid']},{$A['uid']},'{$A['tid']}','{$A['title']}','$introtext','{$related}',NOW(),'{$_CONF['comment_code']}','{$_CONF['trackback_code']}','{$A['postmode']}',{$_CONF['show_topic_icon']},{$A['frontpage']},{$A['uid']},{$T['group_id']},{$T['perm_owner']},{$T['perm_group']},{$T['perm_members']},{$T['perm_anon']}"); 388 389 COM_rdfUpToDateCheck (); 390 COM_olderStuff (); 391 392 if (isset ($_CONF['notification']) && 393 in_array ('story', $_CONF['notification'])) { 394 sendNotification ($_TABLES['stories'], $A); 395 } 396 397 $retval = COM_refresh (COM_buildUrl ($_CONF['site_url'] 398 . '/article.php?story=' . $A['sid'])); 399 } 400 401 return $retval; 402 } 403 404 /** 405 * This will save a submission 406 * 407 * @param string $type Type of submission we are dealing with 408 * @param array $A Data for that submission 409 * 410 */ 411 function savesubmission($type, $A) 412 { 413 global $_CONF, $_TABLES, $_USER, $LANG12; 414 415 $retval = COM_siteHeader (); 416 417 COM_clearSpeedlimit ($_CONF['speedlimit'], 'submit'); 418 419 $last = COM_checkSpeedlimit ('submit'); 420 421 if ($last > 0) { 422 $retval .= COM_startBlock ($LANG12[26], '', 423 COM_getBlockTemplate ('_msg_block', 'header')) 424 . $LANG12[30] 425 . $last 426 . $LANG12[31] 427 . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')) 428 . COM_siteFooter (); 429 430 return $retval; 431 } 432 433 if (!empty ($type) && ($type != 'story')) { 434 // Update the submitspeedlimit for user - assuming Plugin approves 435 // submission record 436 COM_updateSpeedlimit ('submit'); 437 438 // see if this is a submission that needs to be handled by a plugin 439 // and should include its own redirect 440 $retval = PLG_saveSubmission ($type, $A); 441 442 if ($retval === false) { 443 COM_errorLog ("Could not save your submission. Bad type: $type"); 444 } elseif (empty ($retval)) { 445 // plugin should include its own redirect - but in case handle 446 // it here and redirect to the main page 447 return COM_refresh ($_CONF['site_url'] . '/index.php'); 448 } else { 449 return $retval; 450 } 451 } 452 453 if (!empty ($A['title']) && !empty ($A['introtext'])) { 454 $retval = savestory ($A); 455 } else { 456 $retval .= COM_startBlock ($LANG12[22], '', 457 COM_getBlockTemplate ('_msg_block', 'header')) 458 . $LANG12[23] // return missing fields error 459 . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')) 460 . submissionform($type) 461 . COM_siteFooter (); 462 } 463 464 return $retval; 465 } 466 467 // MAIN 468 469 $display = ''; 470 471 // note that 'type' _may_ come in through $_GET even when the 472 // other parameters are in $_POST 473 if (isset ($_POST['type'])) { 474 $type = COM_applyFilter ($_POST['type']); 475 } else { 476 $type = COM_applyFilter ($_GET['type']); 477 } 478 479 $mode = ''; 480 if (isset ($_REQUEST['mode'])) { 481 $mode = COM_applyFilter ($_REQUEST['mode']); 482 } 483 484 if (($mode == $LANG12[8]) && !empty ($LANG12[8])) { // submit 485 if (empty ($_USER['username']) && 486 (($_CONF['loginrequired'] == 1) || ($_CONF['submitloginrequired'] == 1))) { 487 $display = COM_refresh ($_CONF['site_url'] . '/index.php'); 488 } else { 489 if ($type == 'story') { 490 $msg = PLG_itemPreSave ($type, $_POST); 491 if (!empty ($msg)) { 492 $_POST['mode'] = $LANG12[32]; 493 $display .= COM_siteHeader ('menu', $pagetitle) 494 . COM_errorLog ($msg, 2) 495 . submitstory ($topic) 496 . COM_siteFooter(); 497 echo $display; 498 exit; 499 } 500 } 501 $display .= savesubmission ($type, $_POST); 502 } 503 } else { 504 if ((strlen ($type) > 0) && ($type <> 'story')) { 505 if (SEC_hasRights ("$type.edit") || 506 SEC_hasRights ("$type.admin")) { 507 echo COM_refresh ($_CONF['site_admin_url'] 508 . "/plugins/$type/index.php?mode=edit"); 509 exit; 510 } 511 } elseif (SEC_hasRights ('story.edit')) { 512 $topic = ''; 513 if (isset ($_REQUEST['topic'])) { 514 $topic = '&topic=' . urlencode(COM_applyFilter($_REQUEST['topic'])); 515 } 516 echo COM_refresh ($_CONF['site_admin_url'] 517 . '/story.php?mode=edit' . $topic); 518 exit; 519 } 520 $topic = ''; 521 if (isset ($_REQUEST['topic'])) { 522 $topic = COM_applyFilter ($_REQUEST['topic']); 523 } 524 525 switch ($type) { 526 case 'story': 527 $pagetitle = $LANG12[6]; 528 break; 529 default: 530 $pagetitle = ''; 531 break; 532 } 533 $display .= COM_siteHeader ('menu', $pagetitle); 534 $display .= submissionform($type, $mode, $topic); 535 $display .= COM_siteFooter(); 536 } 537 538 echo $display; 539 540 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Wed Nov 21 12:27:40 2007 | par Balluche grâce à PHPXref 0.7 |
|
|