| [ Index ] |
|
Code source de Joomla 1.0.13 |
1 <?php 2 /** 3 * @version $Id: content.php 7443 2007-05-20 18:02:52Z robs $ 4 * @package Joomla 5 * @subpackage Content 6 * @copyright Copyright (C) 2005 Open Source Matters. All rights reserved. 7 * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php 8 * Joomla! is free software. This version may have been modified pursuant 9 * to the GNU General Public License, and as distributed it includes or 10 * is derivative of works licensed under the GNU General Public License or 11 * other free or open source software licenses. 12 * See COPYRIGHT.php for copyright notices and details. 13 */ 14 15 // no direct access 16 defined( '_VALID_MOS' ) or die( 'Restricted access' ); 17 18 require_once( $mainframe->getPath( 'front_html', 'com_content' ) ); 19 20 $id = intval( mosGetParam( $_REQUEST, 'id', 0 ) ); 21 $sectionid = intval( mosGetParam( $_REQUEST, 'sectionid', 0 ) ); 22 $pop = intval( mosGetParam( $_REQUEST, 'pop', 0 ) ); 23 $limit = intval( mosGetParam( $_REQUEST, 'limit', 0 ) ); 24 $limitstart = intval( mosGetParam( $_REQUEST, 'limitstart', 0 ) ); 25 $year = intval( mosGetParam( $_REQUEST, 'year', date( 'Y' ) ) ); 26 $month = intval( mosGetParam( $_REQUEST, 'month', date( 'm' ) ) ); 27 $module = intval( mosGetParam( $_REQUEST, 'module', 0 ) ); 28 29 // Editor usertype check 30 $access = new stdClass(); 31 $access->canEdit = $acl->acl_check( 'action', 'edit', 'users', $my->usertype, 'content', 'all' ); 32 $access->canEditOwn = $acl->acl_check( 'action', 'edit', 'users', $my->usertype, 'content', 'own' ); 33 $access->canPublish = $acl->acl_check( 'action', 'publish', 'users', $my->usertype, 'content', 'all' ); 34 35 // cache activation 36 $cache =& mosCache::getCache( 'com_content' ); 37 38 // loads function for frontpage component 39 if ( $option == 'com_frontpage' ) { 40 $cache->call( 'frontpage', $gid, $access, $pop, 0, $limit, $limitstart ); 41 return; 42 } 43 44 switch ( $task ) { 45 case 'findkey': 46 findKeyItem( $gid, $access, $pop, $option, 0 ); 47 break; 48 49 case 'view': 50 if ($mosConfig_enable_stats) { 51 showItem( $id, $gid, $access, $pop, $option, 0 ); 52 } else { 53 $cache->call( 'showItem', $id, $gid, $access, $pop, $option, 0, $limit, $limitstart ); 54 } 55 break; 56 57 case 'section': 58 $cache->call( 'showSection', $id, $gid, $access, 0 ); 59 break; 60 61 case 'category': 62 $selected = strval( mosGetParam( $_REQUEST, 'order', '' ) ); 63 $selected = preg_replace( '/[^a-z]/i', '', $selected ); 64 $filter = stripslashes( strval( mosGetParam( $_REQUEST, 'filter', '' ) ) ); 65 66 $cache->call( 'showCategory', $id, $gid, $access, $sectionid, $limit, NULL, $limitstart, 0, $selected, $filter ); 67 break; 68 69 case 'blogsection': 70 // Itemid is a dummy value to cater for caching 71 $cache->call('showBlogSection', $id, $gid, $access, $pop, $Itemid, $limit, $limitstart ); 72 break; 73 74 case 'blogcategorymulti': 75 case 'blogcategory': 76 // Itemid is a dummy value to cater for caching 77 $cache->call( 'showBlogCategory', $id, $gid, $access, $pop, $Itemid, $limit, $limitstart ); 78 break; 79 80 case 'archivesection': 81 // Itemid is a dummy value to cater for caching 82 $cache->call( 'showArchiveSection', $id, $gid, $access, $pop, $option, $year, $month, $limit, $limitstart, $Itemid ); 83 break; 84 85 case 'archivecategory': 86 // Itemid is a dummy value to cater for caching 87 $cache->call( 'showArchiveCategory', $id, $gid, $access, $pop, $option, $year, $month, $module, $limit, $limitstart, $Itemid ); 88 break; 89 90 case 'edit': 91 editItem( $id, $gid, $access, 0, $task, $Itemid ); 92 break; 93 94 case 'new': 95 editItem( 0, $gid, $access, $sectionid, $task, $Itemid ); 96 break; 97 98 case 'save': 99 case 'apply': 100 case 'apply_new': 101 mosCache::cleanCache( 'com_content' ); 102 saveContent( $access, $task ); 103 break; 104 105 case 'cancel': 106 cancelContent( $access ); 107 break; 108 109 case 'emailform': 110 emailContentForm( $id, $gid ); 111 break; 112 113 case 'emailsend': 114 emailContentSend( $id, $gid ); 115 break; 116 117 case 'vote': 118 recordVote (); 119 break; 120 121 default: 122 header("HTTP/1.0 404 Not Found"); 123 echo _NOT_EXIST; 124 break; 125 } 126 127 /** 128 * Searches for an item by a key parameter 129 * @param int The user access level 130 * @param object Actions this user can perform 131 * @param int 132 * @param string The url option 133 * @param string A timestamp 134 */ 135 function findKeyItem( $gid, $access, $pop, $option, $now ) { 136 global $database; 137 138 $keyref = stripslashes( strval( mosGetParam( $_REQUEST, 'keyref', '' ) ) ); 139 140 $query = "SELECT id" 141 . "\n FROM #__content" 142 . "\n WHERE attribs LIKE '%keyref=" . $database->getEscaped( $keyref ) . "\n%'" 143 ; 144 $database->setQuery( $query ); 145 $id = $database->loadResult(); 146 147 if ($id > 0) { 148 showItem( $id, $gid, $access, $pop, $option, 0 ); 149 } else { 150 echo _KEY_NOT_FOUND; 151 } 152 } 153 154 function frontpage( $gid, &$access, $pop, $now, $limit, $limitstart ) { 155 global $database, $mainframe; 156 157 $now = _CURRENT_SERVER_TIME; 158 $nullDate = $database->getNullDate(); 159 $noauth = !$mainframe->getCfg( 'shownoauth' ); 160 161 // Parameters 162 $menu = $mainframe->get( 'menu' ); 163 $params = new mosParameters( $menu->params ); 164 165 // Ordering control 166 $orderby_sec = $params->def( 'orderby_sec', '' ); 167 $orderby_pri = $params->def( 'orderby_pri', '' ); 168 $order_sec = _orderby_sec( $orderby_sec ); 169 $order_pri = _orderby_pri( $orderby_pri ); 170 171 // voting control 172 $voting = $params->def( 'rating', '' ); 173 $voting = votingQuery($voting); 174 175 $where = _where( 1, $access, $noauth, $gid, 0, $now, NULL, NULL, $params ); 176 $where = ( count( $where ) ? "\n WHERE ". implode( "\n AND ", $where ) : '' ); 177 178 // Limit & limitstart 179 $intro = $params->def( 'intro', 4 ); 180 $leading = $params->def( 'leading', 1 ); 181 $links = $params->def( 'link', 4 ); 182 183 $limit = $intro + $leading + $links; 184 185 // query to determine total number of records 186 $query = "SELECT COUNT(a.id)" 187 . "\n FROM #__content AS a" 188 . "\n INNER JOIN #__content_frontpage AS f ON f.content_id = a.id" 189 . "\n INNER JOIN #__categories AS cc ON cc.id = a.catid" 190 . "\n INNER JOIN #__sections AS s ON s.id = a.sectionid" 191 . "\n LEFT JOIN #__users AS u ON u.id = a.created_by" 192 . "\n LEFT JOIN #__groups AS g ON a.access = g.id" 193 . $where 194 ; 195 $database->setQuery( $query ); 196 $total = $database->loadResult(); 197 198 if ( $total <= $limit ) { 199 $limitstart = 0; 200 } 201 202 // query records 203 $query = "SELECT a.id, a.title, a.title_alias, a.introtext, a.sectionid, a.state, a.catid, a.created, a.created_by, a.created_by_alias, a.modified, a.modified_by," 204 . "\n a.checked_out, a.checked_out_time, a.publish_up, a.publish_down, a.images, a.urls, a.ordering, a.metakey, a.metadesc, a.access, a.hits," 205 . "\n CHAR_LENGTH( a.fulltext ) AS readmore, u.name AS author, u.usertype, s.name AS section, cc.name AS category, g.name AS groups" 206 . "\n, s.id AS sec_id, cc.id as cat_id" 207 . $voting['select'] 208 . "\n FROM #__content AS a" 209 . "\n INNER JOIN #__content_frontpage AS f ON f.content_id = a.id" 210 . "\n INNER JOIN #__categories AS cc ON cc.id = a.catid" 211 . "\n INNER JOIN #__sections AS s ON s.id = a.sectionid" 212 . "\n LEFT JOIN #__users AS u ON u.id = a.created_by" 213 . "\n LEFT JOIN #__groups AS g ON a.access = g.id" 214 . $voting['join'] 215 . $where 216 . "\n ORDER BY $order_pri $order_sec" 217 ; 218 $database->setQuery( $query, $limitstart, $limit ); 219 $rows = $database->loadObjectList(); 220 221 // Dynamic Page Title 222 $mainframe->SetPageTitle( $menu->name ); 223 224 BlogOutput( $rows, $params, $gid, $access, $pop, $menu, $limitstart, $limit, $total ); 225 } 226 227 228 function showSection( $id, $gid, &$access, $now ) { 229 global $database, $mainframe, $Itemid; 230 231 $section = new mosSection( $database ); 232 $section->load( (int)$id ); 233 234 /* 235 Check if section is published 236 */ 237 if(!$section->published) { 238 mosNotAuth(); 239 return; 240 } 241 /* 242 * check whether section access level allows access 243 */ 244 if( $section->access > $gid ) { 245 mosNotAuth(); 246 return; 247 } 248 249 $now = _CURRENT_SERVER_TIME; 250 $nullDate = $database->getNullDate(); 251 $noauth = !$mainframe->getCfg( 'shownoauth' ); 252 253 // Paramters 254 $params = new stdClass(); 255 if ( $Itemid ) { 256 $menu = $mainframe->get( 'menu' ); 257 $params = new mosParameters( $menu->params ); 258 } else { 259 $menu = ''; 260 $params = new mosEmpty(); 261 262 } 263 $orderby = $params->get( 'orderby', '' ); 264 265 $params->set( 'type', 'section' ); 266 267 $params->def( 'page_title', 1 ); 268 $params->def( 'pageclass_sfx', '' ); 269 $params->def( 'description_sec', 1 ); 270 $params->def( 'description_sec_image', 1 ); 271 $params->def( 'other_cat_section', 1 ); 272 $params->def( 'empty_cat_section', 0 ); 273 $params->def( 'other_cat', 1 ); 274 $params->def( 'empty_cat', 0 ); 275 $params->def( 'cat_items', 1 ); 276 $params->def( 'cat_description', 1 ); 277 $params->def( 'back_button', $mainframe->getCfg( 'back_button' ) ); 278 $params->def( 'pageclass_sfx', '' ); 279 // param controls whether unpublished items visible to publishers and above 280 $params->def( 'unpublished', 1 ); 281 282 // Ordering control 283 $orderby = _orderby_sec( $orderby ); 284 285 // Description & Description Image control 286 $params->def( 'description', $params->get( 'description_sec' ) ); 287 $params->def( 'description_image', $params->get( 'description_sec_image' ) ); 288 289 if ( $access->canEdit ) { 290 $xwhere = ''; 291 if ( $params->get( 'unpublished' ) ) { 292 // shows unpublished items for publishers and above 293 $xwhere2 = "\n AND (b.state >= 0 or b.state is null)"; 294 } else { 295 // unpublished items NOT shown for publishers and above 296 $xwhere2 = "\n AND (b.state = 1 or b.state is null)"; 297 } 298 } else { 299 $xwhere = "\n AND a.published = 1"; 300 $xwhere2 = "\n AND b.state = 1" 301 . "\n AND ( b.publish_up = " . $database->Quote( $nullDate ) . " OR b.publish_up <= " . $database->Quote( $now ) . " )" 302 . "\n AND ( b.publish_down = " . $database->Quote( $nullDate ) . " OR b.publish_down >= " . $database->Quote( $now ) . " )" 303 ; 304 } 305 306 $empty = ''; 307 $empty_sec = ''; 308 if ( $params->get( 'type' ) == 'category' ) { 309 // show/hide empty categories 310 if ( !$params->get( 'empty_cat' ) ) { 311 $empty = "\n HAVING numitems > 0"; 312 } 313 } 314 if ( $params->get( 'type' ) == 'section' ) { 315 // show/hide empty categories in section 316 if ( !$params->get( 'empty_cat_section' ) ) { 317 $empty_sec = "\n HAVING numitems > 0"; 318 } 319 } 320 321 $access_check = ''; 322 $access_check_content = ''; 323 if ($noauth) { 324 $access_check = "\n AND a.access <= " . (int) $gid; 325 $access_check_content = "\n AND b.access <= " . (int) $gid; 326 } 327 328 // Query of categories within section 329 $query = "SELECT a.*, COUNT( b.id ) AS numitems" 330 . "\n FROM #__categories AS a" 331 . "\n LEFT JOIN #__content AS b ON b.catid = a.id" 332 . $xwhere2 333 . "\n WHERE a.section = '" . (int) $section->id . "'" 334 . $xwhere 335 . $access_check 336 . $access_check_content 337 . "\n GROUP BY a.id" 338 . $empty 339 . $empty_sec 340 . "\n ORDER BY $orderby" 341 ; 342 $database->setQuery( $query ); 343 $categories = $database->loadObjectList(); 344 345 // If categories exist, the "new content" icon may be displayed 346 $categories_exist = false; 347 if ( $access->canEdit ) { 348 $query = "SELECT count(*) as numCategories" 349 . "\n FROM #__categories as a" 350 . "\n WHERE a.section = '" . (int) $section->id . "'" 351 . $access_check; 352 $database->setQuery ( $query ); 353 $categories_exist = ($database->loadResult()) > 0; 354 } 355 356 // remove slashes 357 $section->name = stripslashes($section->name); 358 359 // Dynamic Page Title 360 $mainframe->SetPageTitle( $menu->name ); 361 362 $null = null; 363 HTML_content::showContentList( $section, $null, $access, $id, $null, $gid, $params, $null, $categories, $null, $null, $categories_exist ); 364 } 365 366 367 /** 368 * @param int The category id 369 * @param int The group id of the user 370 * @param int The access level of the user 371 * @param int The section id 372 * @param int The number of items to dislpay 373 * @param int The offset for pagination 374 */ 375 function showCategory( $id, $gid, &$access, $sectionid, $limit, $selected, $limitstart, $now, $selected, $filter ) { 376 global $database, $mainframe, $Itemid, $mosConfig_list_limit; 377 378 $category = new mosCategory( $database ); 379 $category->load( (int)$id ); 380 381 /* 382 Check if category is published 383 */ 384 if(!$category->published) { 385 mosNotAuth(); 386 return; 387 } 388 /* 389 * check whether category access level allows access 390 */ 391 if( $category->access > $gid ) { 392 mosNotAuth(); 393 return; 394 } 395 396 $section = new mosSection( $database ); 397 $section->load( $category->section ); 398 399 /* 400 Check if category is published 401 */ 402 if(!$section->published) { 403 mosNotAuth(); 404 return; 405 } 406 /* 407 * check whether section access level allows access 408 */ 409 if( $section->access > $gid ) { 410 mosNotAuth(); 411 return; 412 } 413 414 $now = _CURRENT_SERVER_TIME; 415 $nullDate = $database->getNullDate(); 416 $noauth = !$mainframe->getCfg( 'shownoauth' ); 417 418 // Paramters 419 $params = new stdClass(); 420 if ( $Itemid ) { 421 $menu = $mainframe->get( 'menu' ); 422 $params = new mosParameters( $menu->params ); 423 } else { 424 $menu = ''; 425 $params = new mosParameters( '' ); 426 } 427 428 $lists['order_value'] = ''; 429 if ( $selected ) { 430 $orderby = $selected; 431 $lists['order_value'] = $selected; 432 } else { 433 $orderby = $params->get( 'orderby', 'rdate' ); 434 $selected = $orderby; 435 } 436 437 $params->set( 'type', 'category' ); 438 439 $params->def( 'description_cat', 1 ); 440 $params->def( 'description_cat_image', 1 ); 441 $params->def( 'page_title', 1 ); 442 $params->def( 'title', 1 ); 443 $params->def( 'hits', $mainframe->getCfg( 'hits' ) ); 444 $params->def( 'author', !$mainframe->getCfg( 'hideAuthor' ) ); 445 $params->def( 'date', !$mainframe->getCfg( 'hideCreateDate' ) ); 446 $params->def( 'date_format', _DATE_FORMAT_LC ); 447 $params->def( 'navigation', 2 ); 448 $params->def( 'display', 1 ); 449 $params->def( 'display_num', $mosConfig_list_limit ); 450 $params->def( 'other_cat', 1 ); 451 $params->def( 'empty_cat', 0 ); 452 $params->def( 'cat_items', 1 ); 453 $params->def( 'cat_description', 0 ); 454 $params->def( 'back_button', $mainframe->getCfg( 'back_button' ) ); 455 $params->def( 'pageclass_sfx', '' ); 456 $params->def( 'headings', 1 ); 457 $params->def( 'order_select', 1 ); 458 $params->def( 'filter', 1 ); 459 $params->def( 'filter_type', 'title' ); 460 // param controls whether unpublished items visible to publishers and above 461 $params->def( 'unpublished', 1 ); 462 463 // Ordering control 464 $orderby = _orderby_sec( $orderby ); 465 466 // Description & Description Image control 467 $params->def( 'description', $params->get( 'description_cat' ) ); 468 $params->def( 'description_image', $params->get( 'description_cat_image' ) ); 469 470 if ( $sectionid == 0 ) { 471 $sectionid = $category->section; 472 } 473 474 if ( $access->canEdit ) { 475 $xwhere = ''; 476 if ( $params->get( 'unpublished' ) ) { 477 // shows unpublished items for publishers and above 478 $xwhere2 = "\n AND b.state >= 0"; 479 } else { 480 // unpublished items NOT shown for publishers and above 481 $xwhere2 = "\n AND b.state = 1"; 482 } 483 } else { 484 $xwhere = "\n AND c.published = 1"; 485 $xwhere2 = "\n AND b.state = 1" 486 . "\n AND ( b.publish_up = " . $database->Quote( $nullDate ) . " OR b.publish_up <= " . $database->Quote( $now ) . " )" 487 . "\n AND ( b.publish_down = " . $database->Quote( $nullDate ) . " OR b.publish_down >= " . $database->Quote( $now ) . " )" 488 ; 489 } 490 491 $pagetitle = ''; 492 if ( $Itemid ) { 493 $pagetitle = $menu->name; 494 } 495 496 // show/hide empty categories 497 $empty = ''; 498 if ( !$params->get( 'empty_cat' ) ) 499 $empty = "\n HAVING COUNT( b.id ) > 0"; 500 501 // get the list of other categories 502 $query = "SELECT c.*, COUNT( b.id ) AS numitems" 503 . "\n FROM #__categories AS c" 504 . "\n LEFT JOIN #__content AS b ON b.catid = c.id " 505 . $xwhere2 506 . ( $noauth ? "\n AND b.access <= " . (int) $gid : '' ) 507 . "\n WHERE c.section = '" . (int) $category->section . "'" 508 . $xwhere 509 . ( $noauth ? "\n AND c.access <= " . (int) $gid : '' ) 510 . "\n GROUP BY c.id" 511 . $empty 512 . "\n ORDER BY c.ordering" 513 ; 514 $database->setQuery( $query ); 515 $other_categories = $database->loadObjectList(); 516 517 // get the total number of published items in the category 518 // filter functionality 519 $and = null; 520 if ( $params->get( 'filter' ) ) { 521 if ( $filter ) { 522 // clean filter variable 523 $filter = strtolower( $filter ); 524 525 switch ( $params->get( 'filter_type' ) ) { 526 case 'title': 527 $and = "\n AND LOWER( a.title ) LIKE '%" . $database->getEscaped( $filter ) . "%'"; 528 break; 529 530 case 'author': 531 $and = "\n AND ( ( LOWER( u.name ) LIKE '%" . $database->getEscaped( $filter ) . "%' ) OR ( LOWER( a.created_by_alias ) LIKE '%" . $database->getEscaped( $filter ) . "%' ) )"; 532 break; 533 534 case 'hits': 535 $and = "\n AND a.hits LIKE '%" . $database->getEscaped( $filter ) . "%'"; 536 break; 537 } 538 } 539 } 540 541 if ( $access->canEdit ) { 542 if ( $params->get( 'unpublished' ) ) { 543 // shows unpublished items for publishers and above 544 $xwhere = "\n AND a.state >= 0"; 545 } else { 546 // unpublished items NOT shown for publishers and above 547 $xwhere = "\n AND a.state = 1"; 548 } 549 } else { 550 $xwhere = "\n AND a.state = 1" 551 . "\n AND ( publish_up = " . $database->Quote( $nullDate ) . " OR publish_up <= " . $database->Quote( $now ) . " )" 552 . "\n AND ( publish_down = " . $database->Quote( $nullDate ) . " OR publish_down >= " . $database->Quote( $now ) . " )" 553 ; 554 } 555 556 // query to determine total number of records 557 $query = "SELECT COUNT(a.id) as numitems" 558 . "\n FROM #__content AS a" 559 . "\n LEFT JOIN #__users AS u ON u.id = a.created_by" 560 . "\n LEFT JOIN #__groups AS g ON a.access = g.id" 561 . "\n WHERE a.catid = " . (int) $category->id 562 . $xwhere 563 . ( $noauth ? "\n AND a.access <= " . (int) $gid : '' ) 564 . "\n AND " . (int) $category->access . " <= " . (int) $gid 565 . $and 566 . "\n ORDER BY $orderby" 567 ; 568 $database->setQuery( $query ); 569 $counter = $database->loadObjectList(); 570 $total = $counter[0]->numitems; 571 572 $limit = $limit ? $limit : $params->get( 'display_num' ) ; 573 if ( $total <= $limit ) { 574 $limitstart = 0; 575 } 576 577 require_once( $GLOBALS['mosConfig_absolute_path'] . '/includes/pageNavigation.php' ); 578 $pageNav = new mosPageNav( $total, $limitstart, $limit ); 579 580 // get the list of items for this category 581 $query = "SELECT a.id, a.title, a.hits, a.created_by, a.created_by_alias, a.created AS created, a.access, u.name AS author, a.state, g.name AS groups" 582 . "\n FROM #__content AS a" 583 . "\n LEFT JOIN #__users AS u ON u.id = a.created_by" 584 . "\n LEFT JOIN #__groups AS g ON a.access = g.id" 585 . "\n WHERE a.catid = " . (int) $category->id 586 . $xwhere 587 . ( $noauth ? "\n AND a.access <= " . (int) $gid : '' ) 588 . "\n AND " . (int) $category->access . " <= " . (int) $gid 589 . $and 590 . "\n ORDER BY $orderby" 591 ; 592 $database->setQuery( $query, $limitstart, $limit ); 593 $items = $database->loadObjectList(); 594 595 $check = 0; 596 if ( $params->get( 'date' ) ) { 597 $order[] = mosHTML::makeOption( 'date', _ORDER_DROPDOWN_DA ); 598 $order[] = mosHTML::makeOption( 'rdate', _ORDER_DROPDOWN_DD ); 599 $check .= 1; 600 } 601 if ( $params->get( 'title' ) ) { 602 $order[] = mosHTML::makeOption( 'alpha', _ORDER_DROPDOWN_TA ); 603 $order[] = mosHTML::makeOption( 'ralpha', _ORDER_DROPDOWN_TD ); 604 $check .= 1; 605 } 606 if ( $params->get( 'hits' ) ) { 607 $order[] = mosHTML::makeOption( 'hits', _ORDER_DROPDOWN_HA ); 608 $order[] = mosHTML::makeOption( 'rhits', _ORDER_DROPDOWN_HD ); 609 $check .= 1; 610 } 611 if ( $params->get( 'author' ) ) { 612 $order[] = mosHTML::makeOption( 'author', _ORDER_DROPDOWN_AUA ); 613 $order[] = mosHTML::makeOption( 'rauthor', _ORDER_DROPDOWN_AUD ); 614 $check .= 1; 615 } 616 $order[] = mosHTML::makeOption( 'order', _ORDER_DROPDOWN_O ); 617 $lists['order'] = mosHTML::selectList( $order, 'order', 'class="inputbox" size="1" onchange="document.adminForm.submit();"', 'value', 'text', $selected ); 618 if ( $check < 1 ) { 619 $lists['order'] = ''; 620 $params->set( 'order_select', 0 ); 621 } 622 623 $lists['task'] = 'category'; 624 $lists['filter'] = $filter; 625 626 // remove slashes 627 $category->name = stripslashes($category->name); 628 629 // Dynamic Page Title 630 $mainframe->SetPageTitle( $pagetitle ); 631 632 HTML_content::showContentList( $category, $items, $access, $id, $sectionid, $gid, $params, $pageNav, $other_categories, $lists, $selected, true ); 633 } // showCategory 634 635 636 function showBlogSection( $id=0, $gid, &$access, $pop, $now=NULL, $limit, $limitstart ) { 637 global $database, $mainframe, $Itemid; 638 639 // needed for check whether section is published 640 $check = ( $id ? $id : 0 ); 641 642 $now = _CURRENT_SERVER_TIME; 643 $noauth = !$mainframe->getCfg( 'shownoauth' ); 644 645 // Parameters 646 $params = new stdClass(); 647 if ( $Itemid ) { 648 $menu = $mainframe->get( 'menu' ); 649 $params = new mosParameters( $menu->params ); 650 } else { 651 $menu = ''; 652 $params = new mosParameters( '' ); 653 } 654 655 // new blog multiple section handling 656 if ( !$id ) { 657 $id = $params->def( 'sectionid', 0 ); 658 } 659 660 $where = _where( 1, $access, $noauth, $gid, $id, $now, NULL, NULL, $params ); 661 $where = ( count( $where ) ? "\n WHERE ". implode( "\n AND ", $where ) : '' ); 662 663 // Ordering control 664 $orderby_sec = $params->def( 'orderby_sec', 'rdate' ); 665 $orderby_pri = $params->def( 'orderby_pri', '' ); 666 $order_sec = _orderby_sec( $orderby_sec ); 667 $order_pri = _orderby_pri( $orderby_pri ); 668 669 // voting control 670 $voting = $params->def( 'rating', '' ); 671 $voting = votingQuery($voting); 672 673 // Limit & limitstart 674 $intro = $params->def( 'intro', 4 ); 675 $leading = $params->def( 'leading', 1 ); 676 $links = $params->def( 'link', 4 ); 677 678 $limit = $limit ? $limit : ( $intro + $leading + $links ); 679 680 // query to determine total number of records 681 $query = "SELECT COUNT(a.id)" 682 . "\n FROM #__content AS a" 683 . "\n INNER JOIN #__categories AS cc ON cc.id = a.catid" 684 . "\n LEFT JOIN #__users AS u ON u.id = a.created_by" 685 . "\n LEFT JOIN #__sections AS s ON a.sectionid = s.id" 686 . "\n LEFT JOIN #__groups AS g ON a.access = g.id" 687 . $where 688 ; 689 $database->setQuery( $query ); 690 $total = $database->loadResult(); 691 692 if ( $total <= $limit ) { 693 $limitstart = 0; 694 } 695 696 // Main data query 697 $query = "SELECT a.id, a.title, a.title_alias, a.introtext, a.sectionid, a.state, a.catid, a.created, a.created_by, a.created_by_alias, a.modified, a.modified_by," 698 . "\n a.checked_out, a.checked_out_time, a.publish_up, a.publish_down, a.images, a.urls, a.ordering, a.metakey, a.metadesc, a.access," 699 . "\n CHAR_LENGTH( a.fulltext ) AS readmore, u.name AS author, u.usertype, s.name AS section, cc.name AS category, g.name AS groups" 700 . $voting['select'] 701 . "\n FROM #__content AS a" 702 . "\n INNER JOIN #__categories AS cc ON cc.id = a.catid" 703 . "\n LEFT JOIN #__users AS u ON u.id = a.created_by" 704 . "\n LEFT JOIN #__sections AS s ON a.sectionid = s.id" 705 . "\n LEFT JOIN #__groups AS g ON a.access = g.id" 706 . $voting['join'] 707 . $where 708 . "\n ORDER BY $order_pri $order_sec" 709 ; 710 $database->setQuery( $query, $limitstart, $limit ); 711 $rows = $database->loadObjectList(); 712 713 // Dynamic Page Title 714 if ($menu) { 715 $mainframe->setPageTitle( $menu->name ); 716 } 717 718 // check whether section is published 719 if (!count($rows) && $check) { 720 $secCheck = new mosSection( $database ); 721 $secCheck->load( (int)$check ); 722 723 /* 724 * check whether section is published 725 */ 726 if (!$secCheck->published) { 727 mosNotAuth(); 728 return; 729 } 730 /* 731 * check whether section access level allows access 732 */ 733 if ($secCheck->access > $gid) { 734 mosNotAuth(); 735 return; 736 } 737 } 738 739 BlogOutput( $rows, $params, $gid, $access, $pop, $menu, $limitstart, $limit, $total ); 740 } 741 742 function showBlogCategory( $id=0, $gid, &$access, $pop, $now, $limit, $limitstart ) { 743 global $database, $mainframe, $Itemid; 744 745 $now = _CURRENT_SERVER_TIME; 746 $noauth = !$mainframe->getCfg( 'shownoauth' ); 747 748 // needed for check whether section & category is published 749 $check = ( $id ? $id : 0 ); 750 751 // Paramters 752 $params = new stdClass(); 753 if ( $Itemid ) { 754 $menu = $mainframe->get( 'menu' ); 755 $params = new mosParameters( $menu->params ); 756 } else { 757 $menu = ''; 758 $params = new mosParameters( '' ); 759 } 760 761 // new blog multiple section handling 762 if ( !$id ) { 763 $id = $params->def( 'categoryid', 0 ); 764 } 765 766 $where = _where( 2, $access, $noauth, $gid, $id, $now, NULL, NULL, $params ); 767 $where = ( count( $where ) ? "\n WHERE ". implode( "\n AND ", $where ) : '' ); 768 769 // Ordering control 770 $orderby_sec = $params->def( 'orderby_sec', 'rdate' ); 771 $orderby_pri = $params->def( 'orderby_pri', '' ); 772 $order_sec = _orderby_sec( $orderby_sec ); 773 $order_pri = _orderby_pri( $orderby_pri ); 774 775 // voting control 776 $voting = $params->def( 'rating', '' ); 777 $voting = votingQuery($voting); 778 779 // Limit & limitstart 780 $intro = $params->def( 'intro', 4 ); 781 $leading = $params->def( 'leading', 1 ); 782 $links = $params->def( 'link', 4 ); 783 784 $limit = $limit ? $limit : ( $intro + $leading + $links ); 785 786 // query to determine total number of records 787 $query = "SELECT COUNT(a.id)" 788 . "\n FROM #__content AS a" 789 . "\n LEFT JOIN #__categories AS cc ON cc.id = a.catid" 790 . "\n LEFT JOIN #__users AS u ON u.id = a.created_by" 791 . "\n LEFT JOIN #__sections AS s ON a.sectionid = s.id" 792 . "\n LEFT JOIN #__groups AS g ON a.access = g.id" 793 . $where 794 ; 795 $database->setQuery( $query ); 796 $total = $database->loadResult(); 797 798 if ( $total <= $limit ) { 799 $limitstart = 0; 800 } 801 802 // Main data query 803 $query = "SELECT a.id, a.title, a.title_alias, a.introtext, a.sectionid, a.state, a.catid, a.created, a.created_by, a.created_by_alias, a.modified, a.modified_by," 804 . "\n a.checked_out, a.checked_out_time, a.publish_up, a.publish_down, a.images, a.urls, a.ordering, a.metakey, a.metadesc, a.access," 805 . "\n CHAR_LENGTH( a.fulltext ) AS readmore, s.published AS sec_pub, cc.published AS sec_pub, u.name AS author, u.usertype, s.name AS section, cc.name AS category, g.name AS groups" 806 . $voting['select'] 807 . "\n FROM #__content AS a" 808 . "\n LEFT JOIN #__categories AS cc ON cc.id = a.catid" 809 . "\n LEFT JOIN #__users AS u ON u.id = a.created_by" 810 . "\n LEFT JOIN #__sections AS s ON a.sectionid = s.id" 811 . "\n LEFT JOIN #__groups AS g ON a.access = g.id" 812 . $voting['join'] 813 . $where 814 . "\n ORDER BY $order_pri $order_sec" 815 ; 816 $database->setQuery( $query, $limitstart, $limit ); 817 $rows = $database->loadObjectList(); 818 819 // check whether section & category is published 820 if (!count($rows) && $check) { 821 $catCheck = new mosCategory( $database ); 822 $catCheck->load( (int)$check ); 823 824 /* 825 * check whether category is published 826 */ 827 if (!$catCheck->published) { 828 mosNotAuth(); 829 return; 830 } 831 /* 832 * check whether category access level allows access 833 */ 834 if( $catCheck->access > $gid ) { 835 mosNotAuth(); 836 return; 837 } 838 839 $secCheck = new mosSection( $database ); 840 $secCheck->load( $catCheck->section ); 841 842 /* 843 * check whether section is published 844 */ 845 if (!$secCheck->published) { 846 mosNotAuth(); 847 return; 848 } 849 /* 850 * check whether category access level allows access 851 */ 852 if( $secCheck->access > $gid ) { 853 mosNotAuth(); 854 return; 855 } 856 } 857 858 // Dynamic Page Title 859 $mainframe->SetPageTitle( $menu->name ); 860 861 BlogOutput( $rows, $params, $gid, $access, $pop, $menu, $limitstart, $limit, $total ); 862 } 863 864 function showArchiveSection( $id=NULL, $gid, &$access, $pop, $option, $year, $month, $limit, $limitstart ) { 865 global $database, $mainframe; 866 global $Itemid; 867 868 $secID = ( $id ? $id : 0 ); 869 870 $noauth = !$mainframe->getCfg( 'shownoauth' ); 871 872 $params = new stdClass(); 873 if ( $Itemid ) { 874 $menu = $mainframe->get( 'menu' ); 875 $params = new mosParameters( $menu->params ); 876 } else { 877 $menu = ""; 878 $params = new mosParameters( '' ); 879 } 880 881 $params->set( 'intro_only', 1 ); 882 $params->set( 'year', $year ); 883 $params->set( 'month', $month ); 884 885 // Ordering control 886 $orderby_sec = $params->def( 'orderby_sec', 'rdate' ); 887 $orderby_pri = $params->def( 'orderby_pri', '' ); 888 $order_sec = _orderby_sec( $orderby_sec ); 889 $order_pri = _orderby_pri( $orderby_pri ); 890 891 // used in query 892 $where = _where( -1, $access, $noauth, $gid, $id, NULL, $year, $month ); 893 $where = ( count( $where ) ? "\n WHERE ". implode( "\n AND ", $where ) : '' ); 894 895 // checks to see if 'All Sections' options used 896 if ( $id == 0 ) { 897 $check = ''; 898 } else { 899 $check = "\n AND a.sectionid = " . (int) $id; 900 } 901 // query to determine if there are any archived entries for the section 902 $query = "SELECT a.id" 903 . "\n FROM #__content as a" 904 . "\n WHERE a.state = -1" 905 . $check 906 ; 907 $database->setQuery( $query ); 908 $items = $database->loadObjectList(); 909 $archives = count( $items ); 910 911 // voting control 912 $voting = $params->def( 'rating', '' ); 913 $voting = votingQuery($voting); 914 915 // Limit & limitstart 916 $intro = $params->def( 'intro', 4 ); 917 $leading = $params->def( 'leading', 1 ); 918 $links = $params->def( 'link', 4 ); 919 920 $limit = $limit ? $limit : ( $intro + $leading + $links ); 921 922 // query to determine total number of records 923 $query = "SELECT COUNT(a.id)" 924 . "\n FROM #__content AS a" 925 . "\n INNER JOIN #__categories AS cc ON cc.id = a.catid" 926 . "\n LEFT JOIN #__users AS u ON u.id = a.created_by" 927 . "\n LEFT JOIN #__sections AS s ON a.sectionid = s.id" 928 . "\n LEFT JOIN #__groups AS g ON a.access = g.id" 929 . $where 930 ; 931 $database->setQuery( $query ); 932 $total = $database->loadResult(); 933 934 if ( $total <= $limit ) { 935 $limitstart = 0; 936 } 937 938 // Main Query 939 $query = "SELECT a.id, a.title, a.title_alias, a.introtext, a.sectionid, a.state, a.catid, a.created, a.created_by, a.created_by_alias, a.modified, a.modified_by," 940 . "\n a.checked_out, a.checked_out_time, a.publish_up, a.publish_down, a.images, a.urls, a.ordering, a.metakey, a.metadesc, a.access," 941 . "\n CHAR_LENGTH( a.fulltext ) AS readmore, u.name AS author, u.usertype, s.name AS section, cc.name AS category, g.name AS groups" 942 . $voting['select'] 943 . "\n FROM #__content AS a" 944 . "\n INNER JOIN #__categories AS cc ON cc.id = a.catid" 945 . "\n LEFT JOIN #__users AS u ON u.id = a.created_by" 946 . "\n LEFT JOIN #__sections AS s ON a.sectionid = s.id" 947 . "\n LEFT JOIN #__groups AS g ON a.access = g.id" 948 . $voting['join'] 949 . $where 950 . "\n ORDER BY $order_pri $order_sec" 951 ; 952 $database->setQuery( $query, $limitstart, $limit ); 953 $rows = $database->loadObjectList(); 954 955 // check whether section is published 956 if (!count($rows) && $secID != 0) { 957 $secCheck = new mosSection( $database ); 958 $secCheck->load( (int)$secID ); 959 960 /* 961 * check whether section is published 962 */ 963 if (!$secCheck->published) { 964 mosNotAuth(); 965 return; 966 } 967 /* 968 * check whether section access level allows access 969 */ 970 if ($secCheck->access > $gid) { 971 mosNotAuth(); 972 return; 973 } 974 } 975 976 // initiate form 977 $link = 'index.php?option=com_content&task=archivesection&id='. $id .'&Itemid='. $Itemid; 978 echo '<form action="'.sefRelToAbs( $link ).'" method="post">'; 979 980 // Dynamic Page Title 981 $mainframe->SetPageTitle( $menu->name ); 982 983 if ( !$archives ) { 984 // if no archives for category, hides search and outputs empty message 985 echo '<br /><div align="center">'. _CATEGORY_ARCHIVE_EMPTY .'</div>'; 986 } else { 987 BlogOutput( $rows, $params, $gid, $access, $pop, $menu, $limitstart, $limit, $total, 1, 1 ); 988 } 989 990 echo '<input type="hidden" name="id" value="'. $id .'" />'; 991 echo '<input type="hidden" name="Itemid" value="'. $Itemid .'" />'; 992 echo '<input type="hidden" name="task" value="archivesection" />'; 993 echo '<input type="hidden" name="option" value="com_content" />'; 994 echo '</form>'; 995 } 996 997 998 function showArchiveCategory( $id=0, $gid, &$access, $pop, $option, $year, $month, $module, $limit, $limitstart ) { 999 global $database, $mainframe; 1000 global $Itemid; 1001 1002 $now = _CURRENT_SERVER_TIME; 1003 $noauth = !$mainframe->getCfg( 'shownoauth' ); 1004 1005 // needed for check whether section & category is published 1006 $catID = ( $id ? $id : 0 ); 1007 1008 // used by archive module 1009 if ( $module ) { 1010 $check = ''; 1011 } else { 1012 $check = "\n AND a.catid = " . (int) $id; 1013 } 1014 1015 if ( $Itemid ) { 1016 $menu = $mainframe->get( 'menu' ); 1017 $params = new mosParameters( $menu->params ); 1018 } else { 1019 $menu = ''; 1020 $params = new mosParameters( '' ); 1021 } 1022 1023 $params->set( 'year', $year ); 1024 $params->set( 'month', $month ); 1025 1026 // Ordering control 1027 $orderby_sec = $params->def( 'orderby', 'rdate' ); 1028 $order_sec = _orderby_sec( $orderby_sec ); 1029 1030 // used in query 1031 $where = _where( -2, $access, $noauth, $gid, $id, NULL, $year, $month ); 1032 $where = ( count( $where ) ? "\n WHERE ". implode( "\n AND ", $where ) : '' ); 1033 1034 // query to determine if there are any archived entries for the category 1035 $query = "SELECT a.id" 1036 . "\n FROM #__content as a" 1037 . "\n WHERE a.state = -1" 1038 . $check 1039 ; 1040 $database->setQuery( $query ); 1041 $items = $database->loadObjectList(); 1042 $archives = count( $items ); 1043 1044 // voting control 1045 $voting = $params->def( 'rating', '' ); 1046 $voting = votingQuery($voting); 1047 1048 // Limit & limitstart 1049 $intro = $params->def( 'intro', 4 ); 1050 $leading = $params->def( 'leading', 1 ); 1051 $links = $params->def( 'link', 4 ); 1052 1053 $limit = $limit ? $limit : ( $intro + $leading + $links ); 1054 1055 // query to determine total number of records 1056 $query = "SELECT COUNT(a.id)" 1057 . "\n FROM #__content AS a" 1058 . "\n INNER JOIN #__categories AS cc ON cc.id = a.catid" 1059 . "\n LEFT JOIN #__users AS u ON u.id = a.created_by" 1060 . "\n LEFT JOIN #__sections AS s ON a.sectionid = s.id" 1061 . "\n LEFT JOIN #__groups AS g ON a.access = g.id" 1062 . $where 1063 ; 1064 $database->setQuery( $query ); 1065 $total = $database->loadResult(); 1066 1067 if ( $total <= $limit ) { 1068 $limitstart = 0; 1069 } 1070 1071 // main query 1072 $query = "SELECT a.id, a.title, a.title_alias, a.introtext, a.sectionid, a.state, a.catid, a.created, a.created_by, a.created_by_alias, a.modified, a.modified_by," 1073 . "\n a.checked_out, a.checked_out_time, a.publish_up, a.publish_down, a.images, a.urls, a.ordering, a.metakey, a.metadesc, a.access," 1074 . "\n CHAR_LENGTH( a.fulltext ) AS readmore, u.name AS author, u.usertype, s.name AS section, cc.name AS category, g.name AS groups" 1075 . $voting['select'] 1076 . "\n FROM #__content AS a" 1077 . "\n INNER JOIN #__categories AS cc ON cc.id = a.catid" 1078 . "\n LEFT JOIN #__users AS u ON u.id = a.created_by" 1079 . "\n LEFT JOIN #__sections AS s ON a.sectionid = s.id" 1080 . "\n LEFT JOIN #__groups AS g ON a.access = g.id" 1081 . $voting['join'] 1082 . $where 1083 . "\n ORDER BY $order_sec" 1084 ; 1085 $database->setQuery( $query, $limitstart, $limit ); 1086 $rows = $database->loadObjectList(); 1087 1088 // check whether section & category is published 1089 if (!count($rows) && $catID != 0) { 1090 $catCheck = new mosCategory( $database ); 1091 $catCheck->load( (int)$catID ); 1092 1093 /* 1094 * check whether category is published 1095 */ 1096 if (!$catCheck->published) { 1097 mosNotAuth(); 1098 return; 1099 } 1100 /* 1101 * check whether category access level allows access 1102 */ 1103 if( $catCheck->access > $gid ) { 1104 mosNotAuth(); 1105 return; 1106 } 1107 1108 $secCheck = new mosSection( $database ); 1109 $secCheck->load( $catCheck->section ); 1110 1111 /* 1112 * check whether section is published 1113 */ 1114 if (!$secCheck->published) { 1115 mosNotAuth(); 1116 return; 1117 } 1118 /* 1119 * check whether category access level allows access 1120 */ 1121 if( $secCheck->access > $gid ) { 1122 mosNotAuth(); 1123 return; 1124 } 1125 } 1126 1127 // initiate form 1128 $link = ampReplace('index.php?option=com_content&task=archivecategory&id='. $id .'&Itemid='. $Itemid); 1129 echo '<form action="'.sefRelToAbs( $link ).'" method="post">'; 1130 1131 // Page Title 1132 $mainframe->SetPageTitle( $menu->name ); 1133 1134 if ( !$archives ) { 1135 // if no archives for category, hides search and outputs empty message 1136 echo '<br />'; 1137 echo '<div align="center">'. _CATEGORY_ARCHIVE_EMPTY .'</div>'; 1138 } else { 1139 // if coming from the Archive Module, the Archive Dropdown selector is not shown 1140 if ( $id ) { 1141 BlogOutput( $rows, $params, $gid, $access, $pop, $menu, $limitstart, $limit, $total, 1, 1 ); 1142 } else { 1143 BlogOutput( $rows, $params, $gid, $access, $pop, $menu, $limitstart, $limit, $total, 0, 1 ); 1144 } 1145 } 1146 1147 echo '<input type="hidden" name="id" value="'. $id .'" />'; 1148 echo '<input type="hidden" name="Itemid" value="'. $Itemid .'" />'; 1149 echo '<input type="hidden" name="task" value="archivecategory" />'; 1150 echo '<input type="hidden" name="option" value="com_content" />'; 1151 echo '</form>'; 1152 } 1153 1154 1155 function BlogOutput ( &$rows, &$params, $gid, &$access, $pop, &$menu, $limitstart, $limit, $total, $archive=NULL, $archive_page=NULL ) { 1156 global $mainframe, $Itemid, $task, $id, $option, $database, $mosConfig_live_site; 1157 // parameters 1158 if ( $params->get( 'page_title', 1 ) && $menu) { 1159 $header = $params->def( 'header', $menu->name ); 1160 } else { 1161 $header = ''; 1162 } 1163 $columns = $params->def( 'columns', 2 ); 1164 if ( $columns == 0 ) { 1165 $columns = 1; 1166 } 1167 $intro = $params->def( 'intro', 4 ); 1168 $leading = $params->def( 'leading', 1 ); 1169 $links = $params->def( 'link', 4 ); 1170 $pagination = $params->def( 'pagination', 2 ); 1171 $pagination_results = $params->def( 'pagination_results', 1 ); 1172 $pagination_results = $params->def( 'pagination_results', 1 ); 1173 $descrip = $params->def( 'description', 1 ); 1174 $descrip_image = $params->def( 'description_image', 1 ); 1175 // needed for back button for page 1176 $back = $params->get( 'back_button', $mainframe->getCfg( 'back_button' ) ); 1177 // needed to disable back button for item 1178 $params->set( 'back_button', 0 ); 1179 $params->def( 'pageclass_sfx', '' ); 1180 $params->set( 'intro_only', 1 ); 1181 1182 $i = 0; 1183 1184 // used to display section/catagory description text and images 1185 // currently not supported in Archives 1186 if ( $menu && $menu->componentid && ( $descrip || $descrip_image ) ) { 1187 switch ( $menu->type ) { 1188 case 'content_blog_section': 1189 $description = new mosSection( $database ); 1190 $description->load( (int)$menu->componentid ); 1191 break; 1192 1193 case 'content_blog_category': 1194 $description = new mosCategory( $database ); 1195 $description->load( (int)$menu->componentid ); 1196 break; 1197 1198 default: 1199 $menu->componentid = 0; 1200 break; 1201 } 1202 } 1203 1204 // Page Output 1205 // page header 1206 if ( $header ) { 1207 echo '<div class="componentheading'. $params->get( 'pageclass_sfx' ) .'">'. $header .'</div>'; 1208 } 1209 1210 if ( $archive ) { 1211 echo '<br />'; 1212 echo mosHTML::monthSelectList( 'month', 'size="1" class="inputbox"', $params->get( 'month' ) ); 1213 echo mosHTML::integerSelectList( 2000, 2010, 1, 'year', 'size="1" class="inputbox"', $params->get( 'year' ), "%04d" ); 1214 echo '<input type="submit" class="button" value="'._SUBMIT_BUTTON.'" />'; 1215 } 1216 1217 // checks to see if there are there any items to display 1218 if ( $total ) { 1219 $col_with = 100 / $columns; // width of each column 1220 $width = 'width="'. intval( $col_with ) .'%"'; 1221 1222 if ( $archive ) { 1223 // Search Success message 1224 $msg = sprintf( _ARCHIVE_SEARCH_SUCCESS, $params->get( 'month' ), $params->get( 'year' ) ); 1225 echo "<br /><br /><div align='center'>". $msg ."</div><br /><br />"; 1226 } 1227 echo '<table class="blog' . $params->get( 'pageclass_sfx' ) . '" cellpadding="0" cellspacing="0">'; 1228 1229 // Secrion/Category Description & Image 1230 if ( $menu && $menu->componentid && ( $descrip || $descrip_image ) ) { 1231 $link = $mosConfig_live_site .'/images/stories/'. $description->image; 1232 echo '<tr>'; 1233 echo '<td valign="top">'; 1234 if ( $descrip_image && $description->image ) { 1235 echo '<img src="'. $link .'" align="'. $description->image_position .'" hspace="6" alt="" />'; 1236 } 1237 if ( $descrip && $description->description ) { 1238 echo $description->description; 1239 } 1240 echo '<br/><br/>'; 1241 echo '</td>'; 1242 echo '</tr>'; 1243 } 1244 1245 // Leading story output 1246 if ( $leading ) { 1247 echo '<tr>'; 1248 echo '<td valign="top">'; 1249 for ( $z = 0; $z < $leading; $z++ ) { 1250 if ( $i >= ($total - $limitstart) ) { 1251 // stops loop if total number of items is less than the number set to display as leading 1252 break; 1253 } 1254 echo '<div>'; 1255 show( $rows[$i], $params, $gid, $access, $pop ); 1256 echo '</div>'; 1257 $i++; 1258 } 1259 echo '</td>'; 1260 echo '</tr>'; 1261 } 1262 1263 if ( $intro && ( $i < $total ) ) { 1264 echo '<tr>'; 1265 echo '<td valign="top">'; 1266 echo '<table width="100%" cellpadding="0" cellspacing="0">'; 1267 // intro story output 1268 for ( $z = 0; $z < $intro; $z++ ) { 1269 if ( $i >= ($total - $limitstart) ) { 1270 // stops loop if total number of items is less than the number set to display as intro + leading 1271 break; 1272 } 1273 1274 if ( !( $z % $columns ) || $columns == 1 ) { 1275 echo '<tr>'; 1276 } 1277 1278 echo '<td valign="top" '. $width .'>'; 1279 1280 // outputs either intro or only a link 1281 if ( $z < $intro ) { 1282 show( $rows[$i], $params, $gid, $access, $pop ); 1283 } else { 1284 echo '</td>'; 1285 echo '</tr>'; 1286 break; 1287 } 1288 1289 echo '</td>'; 1290 1291 $i++; 1292 1293 // this is required to output a closing </tr> tag if one of the 3 conditions are met 1294 // 1. No of intro story output = number of columns 1295 // 2. Total number of items is reached before the number set to display 1296 // 3. Reached the last item but it does not fully fill the last row of output - a blank column is left 1297 if ( !( ( $z + 1 ) % $columns ) || $columns == 1 ) { 1298 echo '</tr>'; 1299 } else if ($i >= $total) { 1300 echo '</tr>'; 1301 } else if ( ( ( $z + 1 )==$intro ) && ( $intro % $columns ) ) { 1302 echo '</tr>'; 1303 } 1304 1305 } 1306 1307 echo '</table>'; 1308 echo '</td>'; 1309 echo '</tr>'; 1310 } 1311 1312 // Links output 1313 if ( $links && ( $i < $total - $limitstart ) ) { 1314 $showmore = $leading + $intro; 1315 1316 echo '<tr>'; 1317 echo '<td valign="top">'; 1318 echo '<div class="blog_more'. $params->get( 'pageclass_sfx' ) .'">'; 1319 HTML_content::showLinks( $rows, $links, $total, $i, $showmore ); 1320 echo '</div>'; 1321 echo '</td>'; 1322 echo '</tr>'; 1323 } 1324 1325 // Pagination output 1326 if ( $pagination ) { 1327 if ( ( $pagination == 2 ) && ( $total <= $limit ) ) { 1328 // not visible when they is no 'other' pages to display 1329 } else { 1330 require_once( $GLOBALS['mosConfig_absolute_path'] . '/includes/pageNavigation.php' ); 1331 // get the total number of records 1332 $limitstart = $limitstart ? $limitstart : 0; 1333 $pageNav = new mosPageNav( $total, $limitstart, $limit ); 1334 1335 if ( $Itemid && $Itemid != 99999999 ) { 1336 // where Itemid value is returned, do not add Itemid to url 1337 $Itemid_link = '&Itemid='. $Itemid; 1338 } else { 1339 // where Itemid value is NOT returned, do not add Itemid to url 1340 $Itemid_link = ''; 1341 } 1342 1343 if ( $option == 'com_frontpage' ) { 1344 $link = 'index.php?option=com_frontpage'. $Itemid_link; 1345 } else if ( $archive_page ) { 1346 $year = $params->get( 'year' ); 1347 $month = $params->get( 'month' ); 1348 1349 if (!$archive) { 1350 // used when access via archive module 1351 $pid = '&id=0'; 1352 $module = '&module=1'; 1353 } else { 1354 // used when access via menu item 1355 $pid = '&id='. $id; 1356 $module = ''; 1357 } 1358 1359 $link = 'index.php?option=com_content&task='. $task . $pid . $Itemid_link .'&year='. $year .'&month='. $month . $module; 1360 } else { 1361 $link = 'index.php?option=com_content&task='. $task .'&id='. $id . $Itemid_link; 1362 } 1363 1364 echo '<tr>'; 1365 echo '<td valign="top" align="center">'; 1366 echo $pageNav->writePagesLinks( $link ); 1367 echo '<br /><br />'; 1368 echo '</td>'; 1369 echo '</tr>'; 1370 1371 if ( $pagination_results ) { 1372 echo '<tr>'; 1373 echo '<td valign="top" align="center">'; 1374 echo $pageNav->writePagesCounter(); 1375 echo '</td>'; 1376 echo '</tr>'; 1377 } 1378 } 1379 } 1380 1381 echo '</table>'; 1382 1383 } else if ( $archive && !$total ) { 1384 // Search Failure message for Archives 1385 $msg = sprintf( _ARCHIVE_SEARCH_FAILURE, $params->get( 'month' ), $params->get( 'year' ) ); 1386 echo '<br /><br /><div align="center">'. $msg .'</div><br />'; 1387 } else { 1388 // Generic blog empty display 1389 echo _EMPTY_BLOG; 1390 } 1391 1392 // Back Button 1393 $params->set( 'back_button', $back ); 1394 1395 mosHTML::BackButton ( $params ); 1396 } 1397 1398 1399 function showItem( $uid, $gid, &$access, $pop, $option='com_content', $now ) { 1400 global $database, $mainframe, $Itemid; 1401 global $mosConfig_MetaTitle, $mosConfig_MetaAuthor; 1402 1403 $now = _CURRENT_SERVER_TIME; 1404 $nullDate = $database->getNullDate(); 1405 1406 if ( $access->canEdit ) { 1407 $xwhere = ''; 1408 } else { 1409 $xwhere = " AND ( a.state = 1 OR a.state = -1 )" 1410 . "\n AND ( a.publish_up = " . $database->Quote( $nullDate ) . " OR a.publish_up <= " . $database->Quote( $now ) . " )" 1411 . "\n AND ( a.publish_down = " . $database->Quote( $nullDate ) . " OR a.publish_down >= " . $database->Quote( $now ) . " )" 1412 ; 1413 } 1414 1415 // main query 1416 $query = "SELECT a.*, u.name AS author, u.usertype, cc.name AS category, s.name AS section, g.name AS groups," 1417 . "\n s.published AS sec_pub, cc.published AS cat_pub, s.access AS sec_access, cc.access AS cat_access," 1418 . "\n s.id AS sec_id, cc.id as cat_id" 1419 . "\n FROM #__content AS a" 1420 . "\n LEFT JOIN #__categories AS cc ON cc.id = a.catid" 1421 . "\n LEFT JOIN #__sections AS s ON s.id = cc.section AND s.scope = 'content'" 1422 . "\n LEFT JOIN #__users AS u ON u.id = a.created_by" 1423 . "\n LEFT JOIN #__groups AS g ON a.access = g.id" 1424 . "\n WHERE a.id = " . (int) $uid 1425 . $xwhere 1426 . "\n AND a.access <= " . (int) $gid 1427 ; 1428 $database->setQuery( $query ); 1429 $row = NULL; 1430 1431 if ( $database->loadObject( $row ) ) { 1432 /* 1433 * check whether category is published 1434 */ 1435 if ( !$row->cat_pub && $row->catid ) { 1436 mosNotAuth(); 1437 return; 1438 } 1439 /* 1440 * check whether section is published 1441 */ 1442 if ( !$row->sec_pub && $row->sectionid ) { 1443 mosNotAuth(); 1444 return; 1445 } 1446 /* 1447 * check whether category access level allows access 1448 */ 1449 if ( ($row->cat_access > $gid) && $row->catid ) { 1450 mosNotAuth(); 1451 return; 1452 } 1453 /* 1454 * check whether section access level allows access 1455 */ 1456 if ( ($row->sec_access > $gid) && $row->sectionid ) { 1457 mosNotAuth(); 1458 return; 1459 } 1460 1461 $params = new mosParameters( $row->attribs ); 1462 $params->set( 'intro_only', 0 ); 1463 $params->def( 'back_button', $mainframe->getCfg( 'back_button' ) ); 1464 if ( $row->sectionid == 0) { 1465 $params->set( 'item_navigation', 0 ); 1466 } else { 1467 $params->set( 'item_navigation', $mainframe->getCfg( 'item_navigation' ) ); 1468 } 1469 1470 // loads the links for Next & Previous Button 1471 if ( $params->get( 'item_navigation' ) ) { 1472 // Paramters for menu item as determined by controlling Itemid 1473 $menu = $mainframe->get( 'menu' ); 1474 $mparams = new mosParameters( $menu->params ); 1475 1476 // the following is needed as different menu items types utilise a different param to control ordering 1477 // for Blogs the `orderby_sec` param is the order controlling param 1478 // for Table and List views it is the `orderby` param 1479 $mparams_list = $mparams->toArray(); 1480 if ( array_key_exists( 'orderby_sec', $mparams_list ) ) { 1481 $order_method = $mparams->get( 'orderby_sec', '' ); 1482 } else { 1483 $order_method = $mparams->get( 'orderby', '' ); 1484 } 1485 // additional check for invalid sort ordering 1486 if ( $order_method == 'front' ) { 1487 $order_method = ''; 1488 } 1489 $orderby = _orderby_sec( $order_method ); 1490 1491 // array of content items in same category correctly ordered 1492 $query = "SELECT a.id" 1493 . "\n FROM #__content AS a" 1494 . "\n WHERE a.catid = " . (int) $row->catid 1495 . "\n AND a.state = " . (int) $row->state 1496 . ($access->canEdit ? '' : "\n AND a.access <= " . (int) $gid ) 1497 . $xwhere 1498 . "\n ORDER BY $orderby" 1499 ; 1500 $database->setQuery( $query ); 1501 $list = $database->loadResultArray(); 1502 1503 // this check needed if incorrect Itemid is given resulting in an incorrect result 1504 if ( !is_array($list) ) { 1505 $list = array(); 1506 } 1507 // location of current content item in array list 1508 $location = array_search( $uid, $list ); 1509 1510 $row->prev = ''; 1511 $row->next = ''; 1512 if ( $location - 1 >= 0 ) { 1513 // the previous content item cannot be in the array position -1 1514 $row->prev = $list[$location - 1]; 1515 } 1516 if ( ( $location + 1 ) < count( $list ) ) { 1517 // the next content item cannot be in an array position greater than the number of array postions 1518 $row->next = $list[$location + 1]; 1519 } 1520 } 1521 1522 // page title 1523 $mainframe->setPageTitle( $row->title ); 1524 if ($mosConfig_MetaTitle=='1') { 1525 $mainframe->addMetaTag( 'title' , $row->title ); 1526 } 1527 if ($mosConfig_MetaAuthor=='1') { 1528 $mainframe->addMetaTag( 'author' , $row->author ); 1529 } 1530 1531 show( $row, $params, $gid, $access, $pop ); 1532 } else { 1533 mosNotAuth(); 1534 return; 1535 } 1536 } 1537 1538 1539 function show( $row, $params, $gid, &$access, $pop, $option='com_content', $ItemidCount=NULL ) { 1540 global $database, $mainframe; 1541 global $cache; 1542 1543 $noauth = !$mainframe->getCfg( 'shownoauth' ); 1544 1545 if ( $access->canEdit ) { 1546 if ( $row->id === null || $row->access > $gid ) { 1547 mosNotAuth(); 1548 return; 1549 } 1550 } else { 1551 if ( $row->id === null || $row->state == 0 ) { 1552 mosNotAuth(); 1553 return; 1554 } 1555 if ( $row->access > $gid ) { 1556 if ( $noauth ) { 1557 mosNotAuth(); 1558 return; 1559 } else { 1560 if ( !( $params->get( 'intro_only' ) ) ) { 1561 mosNotAuth(); 1562 return; 1563 } 1564 } 1565 } 1566 } 1567 1568 // GC Parameters 1569 $params->def( 'link_titles', $mainframe->getCfg( 'link_titles' ) ); 1570 $params->def( 'author', !$mainframe->getCfg( 'hideAuthor' ) ); 1571 $params->def( 'createdate', !$mainframe->getCfg( 'hideCreateDate' ) ); 1572 $params->def( 'modifydate', !$mainframe->getCfg( 'hideModifyDate' ) ); 1573 $params->def( 'print', !$mainframe->getCfg( 'hidePrint' ) ); 1574 $params->def( 'pdf', !$mainframe->getCfg( 'hidePdf' ) ); 1575 $params->def( 'email', !$mainframe->getCfg( 'hideEmail' ) ); 1576 $params->def( 'rating', $mainframe->getCfg( 'vote' ) ); 1577 $params->def( 'icons', $mainframe->getCfg( 'icons' ) ); 1578 $params->def( 'readmore', $mainframe->getCfg( 'readmore' ) ); 1579 // Other Params 1580 $params->def( 'image', 1 ); 1581 $params->def( 'section', 0 ); 1582 $params->def( 'section_link', 0 ); 1583 $params->def( 'category', 0 ); 1584 $params->def( 'category_link', 0 ); 1585 $params->def( 'introtext', 1 ); 1586 $params->def( 'pageclass_sfx', '' ); 1587 $params->def( 'item_title', 1 ); 1588 $params->def( 'url', 1 ); 1589 1590 // if a popup item (e.g. print page) set popup param to correct value 1591 if ( $pop ) { 1592 $params->set( 'popup', 1 ); 1593 } 1594 1595 // check if voting/rating enabled 1596 if ( $params->get( 'rating' ) ) { 1597 // voting query 1598 $query = "SELECT ROUND( v.rating_sum / v.rating_count ) AS rating, v.rating_count" 1599 . "\n FROM #__content AS a" 1600 . "\n LEFT JOIN #__content_rating AS v ON a.id = v.content_id" 1601 . "\n WHERE a.id = " . (int) $row->id 1602 ; 1603 $database->setQuery( $query ); 1604 $database->loadObject($voting); 1605 1606 // add to $row info 1607 $row->rating = $voting->rating; 1608 $row->rating_count = $voting->rating_count; 1609 } 1610 1611 $row->category = htmlspecialchars( stripslashes( $row->category ), ENT_QUOTES ); 1612 if ( $params->get( 'section_link' ) || $params->get( 'category_link' ) ) { 1613 // loads the link for Section name 1614 if ( $params->get( 'section_link' ) && $row->sectionid ) { 1615 // pull values from mainframe 1616 $secLinkID = $mainframe->get( 'secID_'. $row->sectionid, -1 ); 1617 $secLinkURL = $mainframe->get( 'secURL_'. $row->sectionid ); 1618 1619 // check if values have already been placed into mainframe memory 1620 if ( $secLinkID == -1 ) { 1621 $query = "SELECT id, link" 1622 . "\n FROM #__menu" 1623 . "\n WHERE published = 1" 1624 . "\n AND type IN ( 'content_section', 'content_blog_section' )" 1625 . "\n AND componentid = " . (int) $row->sectionid 1626 . "\n ORDER BY type DESC, ordering" 1627 ; 1628 $database->setQuery( $query ); 1629 //$secLinkID = $database->loadResult(); 1630 $result = $database->loadRow(); 1631 1632 $secLinkID = $result[0]; 1633 $secLinkURL = $result[1]; 1634 1635 if ($secLinkID == null) { 1636 $secLinkID = 0; 1637 // save 0 query result to mainframe 1638 $mainframe->set( 'secID_'. $row->sectionid, 0 ); 1639 } else { 1640 // save query result to mainframe 1641 $mainframe->set( 'secID_'. $row->sectionid, $secLinkID ); 1642 $mainframe->set( 'secURL_'. $row->sectionid, $secLinkURL ); 1643 } 1644 } 1645 1646 $_Itemid = ''; 1647 // use Itemid for section found in query 1648 if ($secLinkID != -1 && $secLinkID) { 1649 $_Itemid = '&Itemid='. $secLinkID; 1650 } 1651 if ($secLinkURL) { 1652 $secLinkURL = ampReplace($secLinkURL); 1653 $link = sefRelToAbs( $secLinkURL . $_Itemid ); 1654 } else { 1655 $link = sefRelToAbs( 'index.php?option=com_content&task=section&id='. $row->sectionid . $_Itemid ); 1656 } 1657 $row->section = '<a href="'. $link .'">'. $row->section .'</a>'; 1658 } 1659 1660 // loads the link for Category name 1661 if ( $params->get( 'category_link' ) && $row->catid ) { 1662 // pull values from mainframe 1663 $catLinkID = $mainframe->get( 'catID_'. $row->catid, -1 ); 1664 $catLinkURL = $mainframe->get( 'catURL_'. $row->catid ); 1665 1666 // check if values have already been placed into mainframe memory 1667 if ( $catLinkID == -1 ) { 1668 $query = "SELECT id, link" 1669 . "\n FROM #__menu" 1670 . "\n WHERE published = 1" 1671 . "\n AND type IN ( 'content_category', 'content_blog_category' )" 1672 . "\n AND componentid = " . (int) $row->catid 1673 . "\n ORDER BY type DESC, ordering" 1674 ; 1675 $database->setQuery( $query ); 1676 //$catLinkID = $database->loadResult(); 1677 $result = $database->loadRow(); 1678 1679 $catLinkID = $result[0]; 1680 $catLinkURL = $result[1]; 1681 1682 if ($catLinkID == null) { 1683 $catLinkID = 0; 1684 // save 0 query result to mainframe 1685 $mainframe->set( 'catID_'. $row->catid, 0 ); 1686 } else { 1687 // save query result to mainframe 1688 $mainframe->set( 'catID_'. $row->catid, $catLinkID ); 1689 $mainframe->set( 'catURL_'. $row->catid, $catLinkURL ); 1690 } 1691 } 1692 1693 $_Itemid = ''; 1694 // use Itemid for category found in query 1695 if ($catLinkID != -1 && $catLinkID) { 1696 $_Itemid = '&Itemid='. $catLinkID; 1697 } else if (isset( $secLinkID ) && $secLinkID != -1 && $secLinkID) { 1698 // use Itemid for section found in query 1699 $_Itemid = '&Itemid='. $secLinkID; 1700 } 1701 if ($catLinkURL) { 1702 $link = sefRelToAbs( $catLinkURL . $_Itemid ); 1703 } else { 1704 $link = sefRelToAbs( 'index.php?option=com_content&task=category&sectionid='. $row->sectionid .'&id='. $row->catid . $_Itemid ); 1705 } 1706 $row->category = '<a href="'. $link .'">'. $row->category .'</a>'; 1707 } 1708 } 1709 1710 // show/hides the intro text 1711 if ( $params->get( 'introtext' ) ) { 1712 $row->text = $row->introtext. ( $params->get( 'intro_only' ) ? '' : chr(13) . chr(13) . $row->fulltext); 1713 } else { 1714 $row->text = $row->fulltext; 1715 } 1716 1717 // deal with the {mospagebreak} mambots 1718 // only permitted in the full text area 1719 $page = intval( mosGetParam( $_REQUEST, 'limitstart', 0 ) ); 1720 1721 // record the hit 1722 if ( !$params->get( 'intro_only' ) && ($page == 0)) { 1723 $obj = new mosContent( $database ); 1724 $obj->hit( $row->id ); 1725 } 1726 1727 // needed for caching purposes to stop different cachefiles being created for same item 1728 // does not affect anything else as hits data not outputted 1729 $row->hits = 0; 1730 1731 $cache->call( 'HTML_content::show', $row, $params, $access, $page ); 1732 } 1733 1734 1735 function editItem( $uid, $gid, &$access, $sectionid=0, $task, $Itemid ){ 1736 global $database, $my, $mainframe; 1737 global $mosConfig_absolute_path, $mosConfig_live_site, $mosConfig_offset; 1738 1739 $nullDate = $database->getNullDate(); 1740 $row = new mosContent( $database ); 1741 // load the row from the db table 1742 $row->load( (int)$uid ); 1743 1744 // fail if checked out not by 'me' 1745 if ($row->isCheckedOut( $my->id )) { 1746 mosErrorAlert( "The module [ ".$row->title." ] is currently being edited by another person."); 1747 } 1748 1749 if ( $uid ) { 1750 // existing record 1751 if ( !( $access->canEdit || ( $access->canEditOwn && $row->created_by == $my->id ) ) ) { 1752 mosNotAuth(); 1753 return; 1754 } 1755 } else { 1756 // new record 1757 if (!($access->canEdit || $access->canEditOwn)) { 1758 mosNotAuth(); 1759 return; 1760 } 1761 1762 if ( $Itemid == 0 || $Itemid == 99999999 ) { 1763 // security check to see if link exists in a menu 1764 1765 $link = 'index.php?option=com_content&task=new§ionid=' . (int) $sectionid; 1766 $query = "SELECT id" 1767 . "\n FROM #__menu" 1768 . "\n WHERE (link LIKE '%$link' OR link LIKE '%$link&%')" 1769 . "\n AND published = 1" 1770 ; 1771 $database->setQuery( $query ); 1772 $exists = $database->loadResult(); 1773 if ( !$exists ) { 1774 mosNotAuth(); 1775 return; 1776 } 1777 } 1778 } 1779 1780 if ( $uid ) { 1781 $sectionid = $row->sectionid; 1782 } 1783 1784 $lists = array(); 1785 1786 // get the type name - which is a special category 1787 $query = "SELECT name FROM #__sections" 1788 . "\n WHERE id = " . (int) $sectionid 1789 ; 1790 $database->setQuery( $query ); 1791 $section = $database->loadResult(); 1792 1793 if ( $uid == 0 ) { 1794 $row->catid = 0; 1795 } 1796 1797 if ( $uid ) { 1798 $row->checkout( $my->id ); 1799 1800 if (trim( $row->images )) { 1801 $row->images = explode( "\n", $row->images ); 1802 } else { 1803 $row->images = array(); 1804 } 1805 1806 $row->created = mosFormatDate( $row->created, _CURRENT_SERVER_TIME_FORMAT ); 1807 $row->modified = $row->modified == $nullDate ? '' : mosFormatDate( $row->modified, _CURRENT_SERVER_TIME_FORMAT ); 1808 $row->publish_up = mosFormatDate( $row->publish_up, _CURRENT_SERVER_TIME_FORMAT ); 1809 1810 if (trim( $row->publish_down ) == $nullDate || trim( $row->publish_down ) == '' || trim( $row->publish_down ) == '-' ) { 1811 $row->publish_down = 'Never'; 1812 } 1813 $row->publish_down = mosFormatDate( $row->publish_down, _CURRENT_SERVER_TIME_FORMAT ); 1814 1815 $query = "SELECT name" 1816 . "\n FROM #__users" 1817 . "\n WHERE id = " . (int) $row->created_by 1818 ; 1819 $database->setQuery( $query ); 1820 $row->creator = $database->loadResult(); 1821 1822 // test to reduce unneeded query 1823 if ( $row->created_by == $row->modified_by ) { 1824 $row->modifier = $row->creator; 1825 } else { 1826 $query = "SELECT name" 1827 . "\n FROM #__users" 1828 . "\n WHERE id = " . (int) $row->modified_by 1829 ; 1830 $database->setQuery( $query ); 1831 $row->modifier = $database->loadResult(); 1832 } 1833 1834 $query = "SELECT content_id" 1835 . "\n FROM #__content_frontpage" 1836 . "\n WHERE content_id = " . (int) $row->id 1837 ; 1838 $database->setQuery( $query ); 1839 $row->frontpage = $database->loadResult(); 1840 } else { 1841 $row->sectionid = $sectionid; 1842 $row->version = 0; 1843 $row->state = 0; 1844 $row->ordering = 0; 1845 $row->images = array(); 1846 $row->publish_up = date( 'Y-m-d H:i:s', time() + ( $mosConfig_offset * 60 * 60 ) ); 1847 $row->publish_down = 'Never'; 1848 $row->creator = 0; 1849 $row->modifier = 0; 1850 $row->frontpage = 0; 1851 } 1852 1853 // pull param column from category info 1854 $query = "SELECT params" 1855 . "\n FROM #__categories" 1856 . "\n WHERE id = " . (int) $row->catid 1857 ; 1858 $database->setQuery( $query ); 1859 $categoryParam = $database->loadResult(); 1860 1861 $paramsCat = new mosParameters( $categoryParam, $mainframe->getPath( 'com_xml', 'com_categories' ), 'component' ); 1862 $selected_folders = $paramsCat->get( 'imagefolders', '' ); 1863 1864 if ( !$selected_folders ) { 1865 $selected_folders = '*2*'; 1866 } 1867 1868 // check if images utilizes settings from section 1869 if ( strpos( $selected_folders, '*2*' ) !== false ) { 1870 unset( $selected_folders ); 1871 // load param column from section info 1872 $query = "SELECT params" 1873 . "\n FROM #__sections" 1874 . "\n WHERE id = " . (int) $row->sectionid 1875 ; 1876 $database->setQuery( $query ); 1877 $sectionParam = $database->loadResult(); 1878 1879 $paramsSec = new mosParameters( $sectionParam, $mainframe->getPath( 'com_xml', 'com_sections' ), 'component' ); 1880 $selected_folders = $paramsSec->get( 'imagefolders', '' ); 1881 } 1882 1883 if ( trim( $selected_folders ) ) { 1884 $temps = explode( ',', $selected_folders ); 1885 foreach( $temps as $temp ) { 1886 $folders[] = mosHTML::makeOption( $temp, $temp ); 1887 } 1888 } else { 1889 $folders[] = mosHTML::makeOption( '*1*' ); 1890 } 1891 1892 // calls function to read image from directory 1893 $pathA = $mosConfig_absolute_path .'/images/stories'; 1894 $pathL = $mosConfig_live_site .'/images/stories'; 1895 $images = array(); 1896 1897 if ( $folders[0]->value == '*1*' ) { 1898 $folders = array(); 1899 $folders[] = mosHTML::makeOption( '/' ); 1900 mosAdminMenus::ReadImages( $pathA, '/', $folders, $images ); 1901 } else { 1902 mosAdminMenus::ReadImagesX( $folders, $images ); 1903 } 1904 1905 // list of folders in images/stories/ 1906 $lists['folders'] = mosAdminMenus::GetImageFolders( $folders, $pathL ); 1907 // list of images in specfic folder in images/stories/ 1908 $lists['imagefiles'] = mosAdminMenus::GetImages( $images, $pathL, $folders ); 1909 // list of saved images 1910 $lists['imagelist'] = mosAdminMenus::GetSavedImages( $row, $pathL ); 1911 1912 // make the select list for the states 1913 $states[] = mosHTML::makeOption( 0, _CMN_UNPUBLISHED ); 1914 $states[] = mosHTML::makeOption( 1, _CMN_PUBLISHED ); 1915 $lists['state'] = mosHTML::selectList( $states, 'state', 'class="inputbox" size="1"', 'value', 'text', intval( $row->state ) ); 1916 1917 // build the html select list for ordering 1918 $query = "SELECT ordering AS value, title AS text" 1919 . "\n FROM #__content" 1920 . "\n WHERE catid = " . (int) $row->catid 1921 . "\n ORDER BY ordering" 1922 ; 1923 $lists['ordering'] = mosAdminMenus::SpecificOrdering( $row, $uid, $query, 1 ); 1924 1925 // build list of categories 1926 $lists['catid'] = mosAdminMenus::ComponentCategory( 'catid', $sectionid, intval( $row->catid ) ); 1927 // build the select list for the image positions 1928 $lists['_align'] = mosAdminMenus::Positions( '_align' ); 1929 // build the html select list for the group access 1930 $lists['access'] = mosAdminMenus::Access( $row ); 1931 1932 // build the select list for the image caption alignment 1933 $lists['_caption_align'] = mosAdminMenus::Positions( '_caption_align' ); 1934 // build the html select list for the group access 1935 // build the select list for the image caption position 1936 $pos[] = mosHTML::makeOption( 'bottom', _CMN_BOTTOM ); 1937 $pos[] = mosHTML::makeOption( 'top', _CMN_TOP ); 1938 $lists['_caption_position'] = mosHTML::selectList( $pos, '_caption_position', 'class="inputbox" size="1"', 'value', 'text' ); 1939 1940 HTML_content::editContent( $row, $section, $lists, $images, $access, $my->id, $sectionid, $task, $Itemid ); 1941 } 1942 1943 1944 /** 1945 * Saves the content item an edit form submit 1946 */ 1947 function saveContent( &$access, $task ) { 1948 global $database, $mainframe, $my; 1949 global $mosConfig_absolute_path, $mosConfig_offset, $Itemid; 1950 1951 // simple spoof check security 1952 josSpoofCheck(); 1953 1954 $nullDate = $database->getNullDate(); 1955 1956 $row = new mosContent( $database ); 1957 if ( !$row->bind( $_POST ) ) { 1958 echo "<script> alert('".$row->getError()."'); window.history.go(-1); </script>\n"; 1959 exit(); 1960 } 1961 1962 // sanitise id field 1963 $row->id = (int) $row->id; 1964 1965 $isNew = $row->id < 1; 1966 if ( $isNew ) { 1967 // new record 1968 if ( !( $access->canEdit || $access->canEditOwn ) ) { 1969 mosNotAuth(); 1970 return; 1971 } 1972 1973 $row->created = date( 'Y-m-d H:i:s' ); 1974 $row->created_by = $my->id; 1975 } else { 1976 // existing record 1977 if ( !( $access->canEdit || ( $access->canEditOwn && $row->created_by == $my->id ) ) ) { 1978 mosNotAuth(); 1979 return; 1980 } 1981 1982 $row->modified = date( 'Y-m-d H:i:s' ); 1983 $row->modified_by = $my->id; 1984 } 1985 1986 if (strlen(trim( $row->publish_up )) <= 10) { 1987 $row->publish_up .= ' 00:00:00'; 1988 } 1989 $row->publish_up = mosFormatDate( $row->publish_up, _CURRENT_SERVER_TIME_FORMAT, -$mosConfig_offset ); 1990 1991 if (trim( $row->publish_down ) == 'Never' || trim( $row->publish_down ) == '') { 1992 $row->publish_down = $nullDate; 1993 } else { 1994 if (strlen(trim( $row->publish_down )) <= 10) { 1995 $row->publish_down .= ' 00:00:00'; 1996 } 1997 $row->publish_down = mosFormatDate( $row->publish_down, _CURRENT_SERVER_TIME_FORMAT, -$mosConfig_offset ); 1998 } 1999 2000 // code cleaner for xhtml transitional compliance 2001 $row->introtext = str_replace( '<br>', '<br />', $row->introtext ); 2002 $row->fulltext = str_replace( '<br>', '<br />', $row->fulltext ); 2003 2004 // remove <br /> take being automatically added to empty fulltext 2005 $length = strlen( $row->fulltext ) < 9; 2006 $search = strstr( $row->fulltext, '<br />'); 2007 if ( $length && $search ) { 2008 $row->fulltext = NULL; 2009 } 2010 2011 $row->title = ampReplace( $row->title ); 2012 2013 // Publishing state hardening for Authors 2014 if ( !$access->canPublish ) { 2015 if ( $isNew ) { 2016 // For new items - author is not allowed to publish - prevent them from doing so 2017 $row->state = 0; 2018 } else { 2019 // For existing items keep existing state - author is not allowed to change status 2020 $query = "SELECT state" 2021 . "\n FROM #__content" 2022 . "\n WHERE id = " . (int) $row->id 2023 ; 2024 $database->setQuery( $query); 2025 $state = $database->loadResult(); 2026 2027 if ( $state ) { 2028 $row->state = 1; 2029 } else { 2030 $row->state = 0; 2031 } 2032 } 2033 } 2034 2035 if (!$row->check()) { 2036 echo "<script> alert('".$row->getError()."'); window.history.go(-1); </script>\n"; 2037 exit(); 2038 } 2039 $row->version++; 2040 if (!$row->store()) { 2041 echo "<script> alert('".$row->getError()."'); window.history.go(-1); </script>\n"; 2042 exit(); 2043 } 2044 2045 // manage frontpage items 2046 require_once( $mainframe->getPath( 'class', 'com_frontpage' ) ); 2047 $fp = new mosFrontPage( $database ); 2048 2049 if ( intval( mosGetParam( $_REQUEST, 'frontpage', 0 ) ) ) { 2050 2051 // toggles go to first place 2052 if (!$fp->load( (int)$row->id )) { 2053 // new entry 2054 $query = "INSERT INTO #__content_frontpage" 2055 . "\n VALUES ( " . (int) $row->id . ", 1 )" 2056 ; 2057 $database->setQuery( $query ); 2058 if (!$database->query()) { 2059 echo "<script> alert('".$database->stderr()."');</script>\n"; 2060 exit(); 2061 } 2062 $fp->ordering = 1; 2063 } 2064 } else { 2065 // no frontpage mask 2066 if ( !$fp->delete( (int)$row->id ) ) { 2067 $msg .= $fp->stderr(); 2068 } 2069 $fp->ordering = 0; 2070 } 2071 $fp->updateOrder(); 2072 2073 $row->checkin(); 2074 $row->updateOrder( "catid = " . (int) $row->catid ); 2075 2076 // gets section name of item 2077 $query = "SELECT s.title" 2078 . "\n FROM #__sections AS s" 2079 . "\n WHERE s.scope = 'content'" 2080 . "\n AND s.id = " . (int) $row->sectionid 2081 ; 2082 $database->setQuery( $query ); 2083 // gets category name of item 2084 $section = $database->loadResult(); 2085 2086 $query = "SELECT c.title" 2087 . "\n FROM #__categories AS c" 2088 . "\n WHERE c.id = " . (int) $row->catid 2089 ; 2090 $database->setQuery( $query ); 2091 $category = $database->loadResult(); 2092 $category = stripslashes( $category ); 2093 2094 if ( $isNew ) { 2095 // messaging for new items 2096 require_once ( $mosConfig_absolute_path .'/components/com_messages/messages.class.php' ); 2097 2098 $query = "SELECT id" 2099 . "\n FROM #__users" 2100 . "\n WHERE sendEmail = 1" 2101 ; 2102 $database->setQuery( $query ); 2103 $users = $database->loadResultArray(); 2104 foreach ($users as $user_id) { 2105 $msg = new mosMessage( $database ); 2106 $msg->send( $my->id, $user_id, "New Item", sprintf( _ON_NEW_CONTENT, $my->username, $row->title, $section, $category ) ); 2107 } 2108 } 2109 2110 $msg = $isNew ? _THANK_SUB : _E_ITEM_SAVED; 2111 $msg = $my->usertype == 'Publisher' ? _THANK_SUB_PUB: $msg; 2112 switch ( $task ) { 2113 case 'apply': 2114 $link = $_SERVER['HTTP_REFERER']; 2115 break; 2116 2117 case 'apply_new': 2118 $Itemid = intval( mosGetParam( $_POST, 'Returnid', $Itemid ) ); 2119 $link = 'index.php?option=com_content&task=edit&id='. $row->id.'&Itemid='. $Itemid; 2120 break; 2121 2122 2123 case 'save': 2124 default: 2125 $Itemid = mosGetParam( $_POST, 'Returnid', '' ); 2126 if ( $Itemid ) { 2127 if ( $access->canEdit ) { 2128 $link = 'index.php?option=com_content&task=view&id='. $row->id.'&Itemid='. $Itemid; 2129 } else { 2130 $link = 'index.php'; 2131 } 2132 } else { 2133 $link = strval( mosGetParam( $_POST, 'referer', '' ) ); 2134 } 2135 break; 2136 } 2137 mosRedirect( $link, $msg ); 2138 } 2139 2140 2141 /** 2142 * Cancels an edit operation 2143 * @param database A database connector object 2144 */ 2145 function cancelContent( &$access ) { 2146 global $database, $my, $task; 2147 2148 $row = new mosContent( $database ); 2149 $row->bind( $_POST ); 2150 2151 if ( $access->canEdit || ( $access->canEditOwn && $row->created_by == $my->id ) ) { 2152 $row->checkin(); 2153 } 2154 2155 $Itemid = intval( mosGetParam( $_POST, 'Returnid', '0' ) ); 2156 2157 $referer = strval( mosGetParam( $_POST, 'referer', '' ) ); 2158 $parts = parse_url( $referer ); 2159 parse_str( $parts['query'], $query ); 2160 2161 if ( $task == 'edit' || $task == 'cancel' ) { 2162 $Itemid = mosGetParam( $_POST, 'Returnid', '' ); 2163 $referer = 'index.php?option=com_content&task=view&id='. $row->id.'&Itemid='. $Itemid; 2164 } 2165 2166 if ( $referer && $row->id ) { 2167 mosRedirect( $referer ); 2168 } else { 2169 mosRedirect( 'index.php' ); 2170 } 2171 } 2172 2173 /** 2174 * Shows the email form for a given content item. 2175 * @param int The content item id 2176 */ 2177 function emailContentForm( $uid, $gid ) { 2178 global $database, $mosConfig_hideEmail; 2179 2180 $id = intval( mosGetParam( $_REQUEST, 'id', 0 ) ); 2181 2182 if ( $id ) { 2183 $query = 'SELECT attribs FROM #__content WHERE `id`=' . $id; 2184 $database->setQuery( $query ); 2185 $params = new mosParameters( $database->loadResult() ); 2186 } else { 2187 $params = new mosParameters( '' ); 2188 } 2189 2190 $email = intval( $params->get( 'email', 0 ) ); 2191 2192 if ($mosConfig_hideEmail && !$email ) { 2193 echo _NOT_AUTH; 2194 return; 2195 } 2196 2197 $itemid = intval( mosGetParam( $_GET, 'itemid', 0 ) ); 2198 2199 $now = _CURRENT_SERVER_TIME; 2200 $nullDate = $database->getNullDate(); 2201 2202 // query to check for state and access levels 2203 $query = "SELECT a.*, cc.name AS category, s.name AS section, s.published AS sec_pub, cc.published AS cat_pub," 2204 . "\n s.access AS sec_access, cc.access AS cat_access, s.id AS sec_id, cc.id as cat_id" 2205 . "\n FROM #__content AS a" 2206 . "\n LEFT JOIN #__categories AS cc ON cc.id = a.catid" 2207 . "\n LEFT JOIN #__sections AS s ON s.id = cc.section AND s.scope = 'content'" 2208 . "\n WHERE a.id = " . (int) $uid 2209 . "\n AND a.state = 1" 2210 . "\n AND a.access <= " . (int) $gid 2211 . "\n AND ( a.publish_up = " . $database->Quote( $nullDate ) . " OR a.publish_up <= " . $database->Quote( $now ) . " )" 2212 . "\n AND ( a.publish_down = " . $database->Quote( $nullDate ) . " OR a.publish_down >= " . $database->Quote( $now ) . " )" 2213 ; 2214 $database->setQuery( $query ); 2215 $row = NULL; 2216 2217 if ( $database->loadObject( $row ) ) { 2218 /* 2219 * check whether category is published 2220 */ 2221 if ( !$row->cat_pub && $row->catid ) { 2222 mosNotAuth(); 2223 return; 2224 } 2225 /* 2226 * check whether section is published 2227 */ 2228 if ( !$row->sec_pub && $row->sectionid ) { 2229 mosNotAuth(); 2230 return; 2231 } 2232 /* 2233 * check whether category access level allows access 2234 */ 2235 if ( ($row->cat_access > $gid) && $row->catid ) { 2236 mosNotAuth(); 2237 return; 2238 } 2239 /* 2240 * check whether section access level allows access 2241 */ 2242 if ( ($row->sec_access > $gid) && $row->sectionid ) { 2243 mosNotAuth(); 2244 return; 2245 } 2246 2247 $query = "SELECT template" 2248 . "\n FROM #__templates_menu" 2249 . "\n WHERE client_id = 0" 2250 . "\n AND menuid = 0" 2251 ; 2252 $database->setQuery( $query ); 2253 $template = $database->loadResult(); 2254 2255 HTML_content::emailForm( $row->id, $row->title, $template, $itemid ); 2256 } else { 2257 mosNotAuth(); 2258 return; 2259 } 2260 } 2261 2262 /** 2263 * Shows the email form for a given content item. 2264 * @param int The content item id 2265 */ 2266 function emailContentSend( $uid, $gid ) { 2267 global $database, $mainframe; 2268 global $mosConfig_live_site, $mosConfig_sitename, $mosConfig_hideEmail; 2269 2270 $id = intval( mosGetParam( $_REQUEST, 'id', 0 ) ); 2271 2272 if ( $id ) { 2273 $query = 'SELECT attribs FROM #__content WHERE `id`=' . $id; 2274 $database->setQuery( $query ); 2275 $params = new mosParameters( $database->loadResult() ); 2276 } else { 2277 $params = new mosParameters( '' ); 2278 } 2279 2280 $paramEmail = intval( $params->get( 'email', 0 ) ); 2281 2282 if ($mosConfig_hideEmail && !$paramEmail ) { 2283 echo _NOT_AUTH; 2284 return; 2285 } 2286 2287 // simple spoof check security 2288 josSpoofCheck(1); 2289 2290 // check for session cookie 2291 // Session Cookie `name` 2292 $sessionCookieName = mosMainFrame::sessionCookieName(); 2293 // Get Session Cookie `value` 2294 $sessioncookie = mosGetParam( $_COOKIE, $sessionCookieName, null ); 2295 2296 if ( !(strlen($sessioncookie) == 32 || $sessioncookie == '-') ) { 2297 mosErrorAlert( _NOT_AUTH ); 2298 } 2299 2300 $itemid = intval( mosGetParam( $_POST, 'itemid', 0 ) ); 2301 $now = _CURRENT_SERVER_TIME; 2302 $nullDate = $database->getNullDate(); 2303 2304 // query to check for state and access levels 2305 $query = "SELECT a.*, cc.name AS category, s.name AS section, s.published AS sec_pub, cc.published AS cat_pub," 2306 . "\n s.access AS sec_access, cc.access AS cat_access, s.id AS sec_id, cc.id as cat_id" 2307 . "\n FROM #__content AS a" 2308 . "\n LEFT JOIN #__categories AS cc ON cc.id = a.catid" 2309 . "\n LEFT JOIN #__sections AS s ON s.id = cc.section AND s.scope = 'content'" 2310 . "\n WHERE a.id = " . (int) $uid 2311 . "\n AND a.state = 1" 2312 . "\n AND a.access <= " . (int) $gid 2313 . "\n AND ( a.publish_up = " . $database->Quote( $nullDate ) . " OR a.publish_up <= " . $database->Quote( $now ) . " )" 2314 . "\n AND ( a.publish_down = " . $database->Quote( $nullDate ) . " OR a.publish_down >= " . $database->Quote( $now ) . " )" 2315 ; 2316 $database->setQuery( $query ); 2317 $row = NULL; 2318 2319 if ( $database->loadObject( $row ) ) { 2320 /* 2321 * check whether category is published 2322 */ 2323 if ( !$row->cat_pub && $row->catid ) { 2324 mosNotAuth(); 2325 return; 2326 } 2327 /* 2328 * check whether section is published 2329 */ 2330 if ( !$row->sec_pub && $row->sectionid ) { 2331 mosNotAuth(); 2332 return; 2333 } 2334 /* 2335 * check whether category access level allows access 2336 */ 2337 if ( ($row->cat_access > $gid) && $row->catid ) { 2338 mosNotAuth(); 2339 return; 2340 } 2341 /* 2342 * check whether section access level allows access 2343 */ 2344 if ( ($row->sec_access > $gid) && $row->sectionid ) { 2345 mosNotAuth(); 2346 return; 2347 } 2348 2349 $email = strval( mosGetParam( $_POST, 'email', '' ) ); 2350 $yourname = strval( mosGetParam( $_POST, 'yourname', '' ) ); 2351 $youremail = strval( mosGetParam( $_POST, 'youremail', '' ) ); 2352 $subject = strval( mosGetParam( $_POST, 'subject', '' ) ); 2353 if (empty( $subject )) { 2354 $subject = _EMAIL_INFO . ' ' . $yourname; 2355 } 2356 2357 if ($uid < 1 || !$email || !$youremail || ( JosIsValidEmail( $email ) == false ) || (JosIsValidEmail( $youremail ) == false)) { 2358 mosErrorAlert( _EMAIL_ERR_NOINFO ); 2359 } 2360 2361 $query = "SELECT template" 2362 . "\n FROM #__templates_menu" 2363 . "\n WHERE client_id = 0" 2364 . "\n AND menuid = 0" 2365 ; 2366 $database->setQuery( $query ); 2367 $template = $database->loadResult(); 2368 2369 // determine Itemid for Item 2370 if ($itemid) { 2371 $_itemid = '&Itemid='. $itemid; 2372 } else { 2373 $itemid = $mainframe->getItemid( $uid, 0, 0 ); 2374 $_itemid = '&Itemid='. $itemid; 2375 } 2376 2377 // link sent in email 2378 $link = sefRelToAbs( 'index.php?option=com_content&task=view&id='. $uid . $_itemid ); 2379 2380 // message text 2381 $msg = sprintf( _EMAIL_MSG, html_entity_decode( $mosConfig_sitename, ENT_QUOTES ), $yourname, $youremail, $link ); 2382 2383 // mail function 2384 $success = mosMail( $youremail, $yourname, $email, $subject, $msg ); 2385 if (!$success) { 2386 mosErrorAlert( _EMAIL_ERR_NOINFO ); 2387 } 2388 2389 HTML_content::emailSent( $email, $template ); 2390 } else { 2391 mosNotAuth(); 2392 return; 2393 } 2394 } 2395 2396 function recordVote() { 2397 global $database; 2398 2399 $user_rating = intval( mosGetParam( $_REQUEST, 'user_rating', 0 ) ); 2400 $url = mosGetParam( $_REQUEST, 'url', '' ); 2401 $cid = intval( mosGetParam( $_REQUEST, 'cid', 0 ) ); 2402 2403 if (($user_rating >= 1) and ($user_rating <= 5)) { 2404 $currip = ( phpversion() <= '4.2.1' ? @getenv( 'REMOTE_ADDR' ) : $_SERVER['REMOTE_ADDR'] ); 2405 2406 $query = "SELECT *" 2407 . "\n FROM #__content_rating" 2408 . "\n WHERE content_id = " . (int) $cid 2409 ; 2410 $database->setQuery( $query ); 2411 $votesdb = NULL; 2412 if ( !( $database->loadObject( $votesdb ) ) ) { 2413 $query = "INSERT INTO #__content_rating ( content_id, lastip, rating_sum, rating_count )" 2414 . "\n VALUES ( " . (int) $cid . ", " . $database->Quote( $currip ) . ", " . (int) $user_rating . ", 1 )"; 2415 $database->setQuery( $query ); 2416 $database->query() or die( $database->stderr() );; 2417 } else { 2418 if ($currip != ($votesdb->lastip)) { 2419 $query = "UPDATE #__content_rating" 2420 . "\n SET rating_count = rating_count + 1, rating_sum = rating_sum + " . (int) $user_rating . ", lastip = " . $database->Quote( $currip ) 2421 . "\n WHERE content_id = " . (int) $cid 2422 ; 2423 $database->setQuery( $query ); 2424 $database->query() or die( $database->stderr() ); 2425 } else { 2426 mosRedirect ( $url, _ALREADY_VOTE ); 2427 } 2428 } 2429 mosRedirect ( $url, _THANKS ); 2430 } 2431 } 2432 2433 2434 function _orderby_pri( $orderby ) { 2435 switch ( $orderby ) { 2436 case 'alpha': 2437 $orderby = 'cc.title, '; 2438 break; 2439 2440 case 'ralpha': 2441 $orderby = 'cc.title DESC, '; 2442 break; 2443 2444 case 'order': 2445 $orderby = 'cc.ordering, '; 2446 break; 2447 2448 default: 2449 $orderby = ''; 2450 break; 2451 } 2452 2453 return $orderby; 2454 } 2455 2456 2457 function _orderby_sec( $orderby ) { 2458 switch ( $orderby ) { 2459 case 'date': 2460 $orderby = 'a.created'; 2461 break; 2462 2463 case 'rdate': 2464 $orderby = 'a.created DESC'; 2465 break; 2466 2467 case 'alpha': 2468 $orderby = 'a.title'; 2469 break; 2470 2471 case 'ralpha': 2472 $orderby = 'a.title DESC'; 2473 break; 2474 2475 case 'hits': 2476 $orderby = 'a.hits DESC'; 2477 break; 2478 2479 case 'rhits': 2480 $orderby = 'a.hits'; 2481 break; 2482 2483 case 'order': 2484 $orderby = 'a.ordering'; 2485 break; 2486 2487 case 'author': 2488 $orderby = 'a.created_by_alias, u.name'; 2489 break; 2490 2491 case 'rauthor': 2492 $orderby = 'a.created_by_alias DESC, u.name DESC'; 2493 break; 2494 2495 case 'front': 2496 $orderby = 'f.ordering'; 2497 break; 2498 2499 default: 2500 $orderby = 'a.ordering'; 2501 break; 2502 } 2503 2504 return $orderby; 2505 } 2506 2507 /* 2508 * @param int 0 = Archives, 1 = Section, 2 = Category 2509 */ 2510 function _where( $type=1, &$access, &$noauth, $gid, $id, $now=NULL, $year=NULL, $month=NULL, $params=NULL ) { 2511 global $database, $mainframe; 2512 2513 $noauth = !$mainframe->getCfg( 'shownoauth' ); 2514 $nullDate = $database->getNullDate(); 2515 $now = _CURRENT_SERVER_TIME; 2516 $where = array(); 2517 $unpublished = 0; 2518 2519 if ( isset($params) ) { 2520 // param controls whether unpublished items visible to publishers and above 2521 $unpublished = $params->def( 'unpublished', 0 ); 2522 } 2523 2524 // normal 2525 if ( $type > 0) { 2526 if ( isset($params) && $unpublished ) { 2527 // shows unpublished items for publishers and above 2528 if ( $access->canEdit ) { 2529 $where[] = "a.state >= 0"; 2530 } else { 2531 $where[] = "a.state = 1"; 2532 $where[] = "( a.publish_up = " . $database->Quote( $nullDate ) . " OR a.publish_up <= " . $database->Quote( $now ) . " )"; 2533 $where[] = "( a.publish_down = " . $database->Quote( $nullDate ) . " OR a.publish_down >= " . $database->Quote( $now ) . " )"; 2534 } 2535 } else { 2536 // unpublished items NOT shown for publishers and above 2537 $where[] = "a.state = 1"; 2538 //if ( !$access->canEdit ) { 2539 $where[] = "( a.publish_up = " . $database->Quote( $nullDate ) . " OR a.publish_up <= " . $database->Quote( $now ) . " )"; 2540 $where[] = "( a.publish_down = " . $database->Quote( $nullDate ) . " OR a.publish_down >= " . $database->Quote( $now ) . " )"; 2541 //} 2542 } 2543 2544 // add query checks for category or section ids 2545 if ( $id > 0 ) { 2546 $ids = explode( ',', $id ); 2547 mosArrayToInts( $ids ); 2548 if ( $type == 1 ) { 2549 $where[] = '( a.sectionid=' . implode( ' OR a.sectionid=', $ids ) . ' )'; 2550 } else if ( $type == 2 ) { 2551 $where[] = '( a.catid=' . implode( ' OR a.catid=', $ids ) . ' )'; 2552 } 2553 } 2554 } 2555 2556 // archive 2557 if ( $type < 0 ) { 2558 $where[] = "a.state = -1"; 2559 if ( $year ) { 2560 $where[] = "YEAR( a.created ) = " . $database->Quote( $year ); 2561 } 2562 if ( $month ) { 2563 $where[] = "MONTH( a.created ) = " . $database->Quote( $month ); 2564 } 2565 if ( $id > 0 ) { 2566 if ( $type == -1 ) { 2567 $where[] = "a.sectionid = " . (int) $id; 2568 } else if ( $type == -2) { 2569 $where[] = "a.catid = " . (int) $id; 2570 } 2571 } 2572 } 2573 2574 $where[] = "s.published = 1"; 2575 $where[] = "cc.published = 1"; 2576 if ( $noauth ) { 2577 $where[] = "a.access <= " . (int) $gid; 2578 $where[] = "s.access <= " . (int) $gid; 2579 $where[] = "cc.access <= " . (int) $gid; 2580 } 2581 2582 return $where; 2583 } 2584 2585 function votingQuery( $active=NULL ) { 2586 global $mainframe; 2587 2588 $voting = ( $active ? $active : $mainframe->getCfg( 'vote' ) ); 2589 2590 if ( $voting ) { 2591 // calculate voting count 2592 $select = "\n , ROUND( v.rating_sum / v.rating_count ) AS rating, v.rating_count"; 2593 $join = "\n LEFT JOIN #__content_rating AS v ON a.id = v.content_id"; 2594 } else { 2595 $select = ''; 2596 $join = ''; 2597 } 2598 2599 $results = array( 'select' => $select, 'join' => $join ); 2600 2601 return $results; 2602 } 2603 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Wed Nov 21 14:43:32 2007 | par Balluche grâce à PHPXref 0.7 |
|
|