diff -r 2b2084ca1e60 -r 0b3a0aedfd53 plugins/EnanoPress.php --- a/plugins/EnanoPress.php Wed Jun 13 16:59:00 2007 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,767 +0,0 @@ -attachHook('base_classes_initted', ' - $paths->add_page(Array( - \'name\'=>\'Site Blog\', - \'urlname\'=>\'Blog\', - \'namespace\'=>\'Special\', - \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', - )); - $paths->add_page(Array( - \'name\'=>\'Write blog post\', - \'urlname\'=>\'WriteBlogPost\', - \'namespace\'=>\'Special\', - \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', - )); - $paths->addAdminNode(\'Plugin configuration\', \'EnanoPress settings\', \'EnanoPress\'); - '); - -$plugins->attachHook('compile_template', 'global $template; $template->tpl_bool[\'in_blog\'] = false;'); -$plugins->attachHook('paths_init_before', 'global $paths; $paths->create_namespace("Blog", "BlogPost:");'); -$plugins->attachHook('page_not_found', 'return EnanoPress_BlogNamespaceHandler();'); -$plugins->attachHook('page_type_string_set', 'global $paths, $template; if($paths->namespace == "Blog") $template->namespace_string = "blog post";'); - -define('BLOG_POST_PUBLISHED', 1); -define('BLOG_POST_DRAFT', 0); -define('BLOG_POSTS_PER_PAGE', 20); - -function EnanoPress_BlogNamespaceHandler() -{ - global $db, $session, $paths, $template, $plugins; // Common objects - $pid = intval($paths->cpage['urlname_nons']); - if($pid == 0) return null; - $q = $db->sql_query('SELECT post_id, post_title, post_content, time, author FROM '.table_prefix.'blog WHERE status='.BLOG_POST_PUBLISHED.' AND post_id='.$pid.';'); - if(!$q) $db->_die(''); - if($db->numrows() < 1) return null; - $row = $db->fetchrow($q); - $paths->cpage['name'] = $row['post_title']; - $template->header(); - echo EnanoPress_FormatBlogPost($row['post_title'], RenderMan::render($row['post_content']), $row['time'], $row['author'], 0, $row['post_id']); - echo EnanoPress_Separator(); - $sub = ( isset ($_GET['sub']) ) ? $_GET['sub'] : false; - $act = ( isset ($_GET['action']) ) ? $_GET['action'] : false; - $id = ( isset ($_GET['id']) ) ? intval($_GET['id']) : -1; - $comments = EnanoPress_GetComments($id); - echo $comments; - $template->footer(); - return true; -} - -function page_Special_Blog() -{ - global $db, $session, $paths, $template, $plugins; // Common objects - if(!getConfig('blog_table_version')) - { - $q = $db->sql_query('CREATE TABLE '.table_prefix.'blog ( post_id mediumint(8) NOT NULL auto_increment, post_title text, post_content text, time int(12), status tinyint(1) NOT NULL DEFAULT 0, author varchar(63) NOT NULL, num_comments mediumint(8) NOT NULL DEFAULT 0, PRIMARY KEY ( post_id ) );'); - if(!$q) $db->_die('The blog table could not be created'); - setConfig('blog_table_version', '1'); - } - if($n = getConfig('blog_name')) $paths->cpage['name'] = $n; - if(!defined('ENANO_TEMPLATE_LOADED')) - $template->init_vars(); - $template->tpl_bool['in_blog'] = true; - $template->header(); - if($s = $paths->getParam(0)) - { - if($s == 'archive') - { - $y = (int)$paths->getParam(1); - $m = (int)$paths->getParam(2); - $d = (int)$paths->getParam(3); - $t = $paths->getParam(4); - if(!$y || !$m || !$d || !$t) - { - echo '

Invalid permalink syntax

'; - $template->footer(); - return false; - } - $t = $db->escape(str_replace(Array('-', '_'), Array('_', '_'), $t)); // It's impossible to reconstruct the title from the URL, so let MySQL do it for us using wildcards - // Determine the valid UNIX timestamp values - $lower_limit = mktime(0, 0, 0, $m, $d, $y); - // EnanoPress will officially stop working on February 29, 2052. To extend the date, add more leap years here. - $leapyears = Array(2000,2004,2008,2012,2016,2020,2024,2028,2032,2040,2044,2048); - // add one to the day - // 30 days hath September, April, June, and November, all the rest have 31, except el enano, February :-P - if (in_array($m, Array(4, 6, 9, 11)) && $d == 30) $m++; - elseif(in_array($m, Array(1, 3, 5, 7, 8, 10, 12)) && $d == 31) $m++; - elseif($m == 2 && in_array($y, $leapyears) && $d == 29) $m++; - elseif($m == 2 && !in_array($y, $leapyears) && $d == 28) $m++; - else $d++; - $upper_limit = mktime(0, 0, 0, $m, $d, $y); - $q = $db->sql_query('SELECT b.post_id, b.post_title, b.post_content, b.time, COUNT(c.comment_id) AS num_comments, b.author FROM '.table_prefix.'blog AS b LEFT JOIN '.table_prefix.'comments AS c ON (c.page_id=b.post_id AND c.namespace=\'Blog\' AND c.approved=1) WHERE b.status='.BLOG_POST_PUBLISHED.' AND b.post_title LIKE \''.$t.'\' AND b.time >= '.$lower_limit.' AND b.time <= '.$upper_limit.' GROUP BY b.post_id ORDER BY b.time DESC;'); - if(!$q) - { - echo $db->get_error(); - $template->footer(); - return; - } - if($db->numrows() < 1) - { - // Try it with no date specifiation - $q = $db->sql_query('SELECT b.post_id, b.post_title, b.post_content, b.time, COUNT(c.comment_id) AS num_comments, b.author FROM '.table_prefix.'blog AS b LEFT JOIN '.table_prefix.'comments AS c ON (c.page_id=b.post_id AND c.namespace=\'Blog\' AND c.approved=1) WHERE b.status='.BLOG_POST_PUBLISHED.' AND b.post_title LIKE \''.$t.'\' GROUP BY b.post_id ORDER BY b.time DESC;'); - if(!$q) - { - echo $db->get_error(); - $template->footer(); - return; - } - if($db->numrows() < 1) - { - echo '

No posts matching that permalink could be found.

'; - $template->footer(); - return; - } - } - $row = $db->fetchrow(); - echo EnanoPress_FormatBlogPost($row['post_title'], RenderMan::render($row['post_content']), $row['time'], $row['author'], (int)$row['num_comments'], (int)$row['post_id']); - echo EnanoPress_Separator(); - $sub = ( isset ($_GET['sub']) ) ? $_GET['sub'] : false; - $act = ( isset ($_GET['action']) ) ? $_GET['action'] : false; - $id = ( isset ($_GET['id']) ) ? intval($_GET['id']) : -1; - $comments = EnanoPress_GetComments((int)$row['post_id']); - if(is_array($comments)) - { - $comments = EnanoPress_FormatComments($comments); - echo $comments; - } - $template->footer(); - return; - } - else - { - $start = intval($s); - } - } - else $start = 0; - $end = $start + BLOG_POSTS_PER_PAGE + 1; - $q = $db->sql_query('SELECT b.post_id, b.post_title, b.post_content, b.time, b.author, COUNT(c.comment_id) AS num_comments FROM '.table_prefix.'blog AS b LEFT JOIN '.table_prefix.'comments AS c ON (c.page_id=b.post_id AND c.namespace=\'Blog\' AND c.approved=1) WHERE b.status='.BLOG_POST_PUBLISHED.' GROUP BY b.post_id ORDER BY b.time DESC LIMIT '.$start.','. $end .';'); - if(!$q) { echo $db->get_error('The blog data could not be selected'); $template->footer(); return false; } - $numrows = $db->numrows(); - if($numrows == BLOG_POSTS_PER_PAGE+1) - { - $nextpage = true; - $numrows = BLOG_POSTS_PER_PAGE; - } - if($numrows < 1) - { - echo '

No posts yet! Write a post...

'; - } - else - { - $i = 0; - while($row = $db->fetchrow()) - { - $i++; - if($i == BLOG_POSTS_PER_PAGE+1) break; - echo EnanoPress_FormatBlogPost($row['post_title'], RenderMan::render($row['post_content']), $row['time'], $row['author'], (int)$row['num_comments'], (int)$row['post_id']); - if($i < $numrows) echo EnanoPress_Separator(); - } - if($session->user_level >= USER_LEVEL_MOD) echo '

More actions

Write a post...

'; - } - $template->footer(); -} - -function page_Special_WriteBlogPost() -{ - global $db, $session, $paths, $template, $plugins; // Common objects - if($session->user_level < USER_LEVEL_MOD) die_friendly('Access denied', '

You are not authorized to post blog messages.

'); - $errors = Array(); - $template->header(); - $editing = false; - if(isset($_POST['__save'])) $status = BLOG_POST_DRAFT; - if(isset($_POST['__publish'])) $status = BLOG_POST_PUBLISHED; - if(isset($_POST['__save']) || isset($_POST['__publish'])) - { - $text = RenderMan::preprocess_text($_POST['content'], false, true); - $title = $db->escape(htmlspecialchars($_POST['title'])); - $author = $db->escape($session->username); - $time = time(); - if($text == '') $errors[] = 'You must enter a post.'; - if($title == '') $errors[] = 'You must enter a title for your post.'; - if(sizeof($errors) < 1) - { - if(isset($_POST['edit_id']) && preg_match('#^([0-9]+)$#', $_POST['edit_id'])) - { - $q = $db->sql_query('UPDATE '.table_prefix."blog SET post_title='{$title}',post_content='{$text}',time={$time},author='{$author}',status=".$status." WHERE post_id={$_POST['edit_id']};"); - } - else - { - $q = $db->sql_query('INSERT INTO '.table_prefix."blog(post_title,post_content,time,author,status) VALUES('{$title}', '{$text}', {$time}, '{$author}', ".$status.");"); - } - if(!$q) - { - echo $db->get_error(); - $template->footer(); - return; - } - $q = $db->sql_query('SELECT post_id FROM '.table_prefix.'blog WHERE time='.$time.' ORDER BY post_id DESC;'); - if(!$q) { echo $db->get_error(); $template->footer(); return false; } - if($db->numrows() > 0) - { - $row = $db->fetchrow(); - $editing = $row['post_id']; - } - switch($status): - case BLOG_POST_DRAFT: - echo '

Your post has been saved; however it will not appear on the main blog page until it is published.

'; - break; - case BLOG_POST_PUBLISHED: - echo '

Your post has been published to the main blog page.

'; - break; - endswitch; - } - - $text =& $_POST['content']; - $title =& $_POST['title']; - } - elseif(isset($_POST['__delete']) && isset($_POST['del_confirm'])) - { - $pid = intval($_POST['edit_id']); - if($pid > 0) - { - $q = $db->sql_query('DELETE FROM '.table_prefix.'blog WHERE post_id='.$pid.';'); - if(!$q) - { - echo $db->get_error(); - $template->footer(); - return; - } - else - echo '

Your post has been deleted.

'; - } - $text = ''; - $title = ''; - $editing = false; - } - elseif($t = $paths->getParam(0)) - { - $id = intval($t); - if($t == 0) die('SQL injection attempt'); - $q = $db->sql_query('SELECT post_title,post_content FROM '.table_prefix.'blog WHERE post_id='.$t.';'); - if(!$q) { echo $db->get_error(); $template->footer(); return false; } - if($db->numrows() > 0) - { - $row = $db->fetchrow(); - $text =& $row['post_content']; - $title =& $row['post_title']; - $editing = $t; - } - else - { - $text = ''; - $title = ''; - } - } - elseif(isset($_POST['__preview'])) - { - $text = RenderMan::preprocess_text($_POST['content'], false, false); - $text = RenderMan::render($text); - ob_start(); - eval('?>'.$text); - $text = ob_get_contents(); - ob_end_clean(); - echo '

Reminder:
This is only a preview - your changes to this post will not be saved until you click Save Draft or Save and Publish below.

' - . PageUtils::scrollBox(EnanoPress_FormatBlogPost($_POST['title'], $text, time(), $session->username, 0, false)); - $text =& $_POST['content']; - $title = $_POST['title']; - } - else - { - $text = ''; - $title = ''; - } - if(sizeof($errors) > 0) - { - echo '

The following errors were encountered:
' . implode('
', $errors) . '

'; - } - $q = $db->sql_query('SELECT post_id, post_title FROM '.table_prefix.'blog WHERE status='.BLOG_POST_DRAFT.' ORDER BY post_title ASC;'); - if(!$q) { echo $db->get_error('The blog data could not be selected'); $template->footer(); return false; } - $n = $db->numrows(); - if($n > 0) - { - echo '

Your drafts: '; - $posts = Array(); - while($r = $db->fetchrow()) - { - $posts[$r['post_id']] = $r['post_title']; - } - $i=0; - foreach($posts as $id => $t) - { - $i++; - echo ''.$t.''; - if($i < $n) echo ' » '; - } - echo '

'; - } - $idthing = ( $editing ) ? '' : ''; - $delbtn = ( $editing ) ? ' I\'m sure' : ''; - $textarea = $template->tinymce_textarea('content', $text); - echo ''; - $template->footer(); -} - -/** - * Convert a blog post to HTML - * @param string $title the name of the blog post - * @param string $text the content, needs to be HTML formatted as no renderer is called - * @param int $time UNIX timestamp for the time of the post - * @param string $author [user]name of the person who wrote the post - * @param int $num_comments The number of comments attached to the post - * @param int $post_id The numerical ID of the post - * @return string - */ - -function EnanoPress_FormatBlogPost($title, $text, $time, $author, $num_comments = 0, $post_id) -{ - global $db, $session, $paths, $template, $plugins; // Common objects - static $cached_template = false; - if(!$cached_template) - { - if(file_exists(ENANO_ROOT.'/themes/'.$session->theme.'/blogpost.tpl')) - $cached_template = file_get_contents(ENANO_ROOT.'/themes/'.$session->theme.'/blogpost.tpl', 'r'); - if(!$cached_template) - $cached_template = << -

{D} {j} {M} {Y}

{TITLE}

Posted by {AUTHOR}
{COMMENT_LINK_TEXT} | edit this post

- {CONTENT} -

- -TPLCODE; - } - $parser = $template->makeParserText($cached_template); - $datechars = 'dDjlSwzWFmMntLYyaABGhHisIOTZrU'; // A list of valid metacharacters for date() - $datechars = enano_str_split($datechars); - $datevals = Array(); - foreach($datechars as $d) - { - $datevals[$d] = date($d, $time); - } - unset($datechars); - $parser->assign_vars($datevals); - $parser->assign_bool(Array( - 'can_edit'=> ( $session->user_level >= USER_LEVEL_MOD ), - )); - $permalink = makeUrlNS('Special', 'Blog/archive/'.date('Y', $time).'/'.date('m', $time).'/'.date('d', $time).'/'.enanopress_sanitize_title($title)); - $commentlink = $permalink . '#post-comments'; - if($num_comments == 0) $ctext = 'No comments'; - elseif($num_comments == 1) $ctext = '1 comment'; - else $ctext = $num_comments . ' comments'; - $edit_link = ( is_int($post_id) ) ? makeUrlNS('Special', 'WriteBlogPost/'.$post_id) : '#" onclick="return false;'; - $parser->assign_vars(Array( - 'TITLE' => $title, - 'PERMALINK' => $permalink, - 'AUTHOR' => $author, - 'AUTHOR_LINK' => makeUrlNS('User', $author), - 'AUTHOR_USERPAGE_CLASS' => ( isset($paths->pages[$paths->nslist['User'].$author]) ) ? '' : ' class="wikilink-nonexistent" ', - 'COMMENT_LINK' => $commentlink, - 'COMMENT_LINK_TEXT' => $ctext, - 'CONTENT' => $text, - 'EDIT_LINK' => $edit_link, - )); - return $parser->run(); -} - -/** - * Draws a separator for use between blog posts - searches for the appropriate template file - * @return string - */ - -function EnanoPress_Separator() -{ - global $db, $session, $paths, $template, $plugins; // Common objects - static $cached_template = false; - if(!$cached_template) - { - if(file_exists(ENANO_ROOT.'/themes/'.$session->theme.'/blogseparator.tpl')) - $cached_template = file_get_contents(ENANO_ROOT.'/themes/'.$session->theme.'/blogseparator.tpl'); - if(!$cached_template) - $cached_template = << -TPLCODE; - } - $parser = $template->makeParserText($cached_template); - return $parser->run(); -} - -/** - * Make a blog post title acceptable for URLs - * @param string $text the input text - * @return string - */ - -function enanopress_sanitize_title($text) -{ - $text = strtolower(str_replace(' ', '_', $text)); - $badchars = '/*+-,.?!@#$%^&*|{}[];:\'"`~'; - $badchars = enano_str_split($badchars); - $dash = Array(); - foreach($badchars as $i => $b) $dash[] = "-"; - $text = str_replace($badchars, $dash, $text); - return $text; -} - -/** - * Fetch comments for a post - * @param int $post_id The numerical ID of the post to get comments for - * @return array A hierarchial array - numbered keys, each key is a subarray with keys "name", "subject", "text", "time", and "comment_id" with time being a UNIX timestamp - */ - -function EnanoPress_GetComments($post_id) -{ - global $db, $session, $paths, $template, $plugins; // Common objects - - if(!is_int($post_id)) return false; - - if(isset($_GET['sub'])) - { - $e = $db->sql_query('SELECT comment_id,name,subject,comment_data,user_id FROM '.table_prefix.'comments WHERE comment_id='.intval($_REQUEST['id']).';'); - if($e) - { - $comment = $db->fetchrow(); - $auth_edit = ( ( intval($comment['user_id']) == $session->user_id && $session->user_logged_in ) || $session->user_level >= USER_LEVEL_MOD ); - if($auth_edit) - { - switch($_GET['sub']) - { - case 'editcomment': - if(!isset($_GET['id']) || ( isset($_GET['id']) && !preg_match('#^([0-9]+)$#', $_GET['id']) )) { echo '

Invalid comment ID

'; break; } - $row =& $comment; - echo '

Edit comment

'; - return false; - break; - case 'savecomment': - if(empty($_POST['subj']) || empty($_POST['text'])) { echo '

Invalid request

'; break; } - $r = PageUtils::savecomment_neater((string)$post_id, 'Blog', $_POST['subj'], $_POST['text'], (int)$_POST['id']); - if($r != 'good') { echo "

$r

"; return false; } - break; - case 'deletecomment': - if(isset($_GET['id'])) - { - $q = 'DELETE FROM '.table_prefix.'comments WHERE comment_id='.intval($_GET['id']).' LIMIT 1;'; - $e=$db->sql_query($q); - if(!$e) - { - echo 'Error during query: '.mysql_error().'

Query:
'.$q; - return false; - } - $e=$db->sql_query('UPDATE '.table_prefix.'blog SET num_comments=num_comments-1 WHERE post_id='.$post_id.';'); - if(!$e) - { - echo 'Error during query: '.mysql_error().'

Query:
'.$q; - return false; - } - } - break; - case 'admin': - if(isset($_GET['action']) && $session->user_level >= USER_LEVEL_MOD) // Nip hacking attempts in the bud - { - switch($_GET['action']) { - case "delete": - if(isset($_GET['id'])) - { - $q = 'DELETE FROM '.table_prefix.'comments WHERE comment_id='.intval($_GET['id']).' LIMIT 1;'; - $e=$db->sql_query($q); - if(!$e) - { - echo 'Error during query: '.mysql_error().'

Query:
'.$q; - return false; - } - $e=$db->sql_query('UPDATE '.table_prefix.'blog SET num_comments=num_comments-1 WHERE post_id='.$post_id.';'); - if(!$e) - { - echo 'Error during query: '.mysql_error().'

Query:
'.$q; - return false; - } - } - break; - case "approve": - if(isset($_GET['id'])) - { - $where = 'comment_id='.intval($_GET['id']); - $q = 'SELECT approved FROM '.table_prefix.'comments WHERE '.$where.' LIMIT 1;'; - $e = $db->sql_query($q); - if(!$e) die('alert(unesape(\''.rawurlencode('Error selecting approval status: '.mysql_error().'\n\nQuery:\n'.$q).'\'));'); - $r = $db->fetchrow(); - $a = ( $r['approved'] ) ? '0' : '1'; - $q = 'UPDATE '.table_prefix.'comments SET approved='.$a.' WHERE '.$where.';'; - $e=$db->sql_query($q); - if(!$e) - { - echo 'Error during query: '.mysql_error().'

Query:
'.$q; - return false; - } - if($a == '1') - { - $q = 'UPDATE '.table_prefix.'blog SET num_comments=num_comments+1 WHERE post_id='.$post_id.';'; - } - else - { - $q = 'UPDATE '.table_prefix.'blog SET num_comments=num_comments-1 WHERE post_id='.$post_id.';'; - } - $e=$db->sql_query($q); - if(!$e) - { - echo 'Error during query: '.mysql_error().'

Query:
'.$q; - return false; - } - } - break; - } - } - break; - } - } - else - { - echo '

You are not authorized to perform this action.

'; - } - } - } - - if(isset($_POST['__doPostBack'])) - { - if(getConfig('comments_need_login') == '2' && !$session->user_logged_in) echo('Access denied to post comments: you need to be logged in first.'); - else - { - $cb=false; - if(getConfig('comments_need_login') == '1' && !$session->user_logged_in) - { - if(!isset($_POST['captcha_input']) || !isset($_POST['captcha_id'])) - { - echo('BUG: PageUtils::addcomment: no CAPTCHA data passed to method'); - $cb=true; - } - else - { - $result = $session->get_captcha($_POST['captcha_id']); - if($_POST['captcha_input'] != $result) { $cb=true; echo('The confirmation code you entered was incorrect.'); } - } - } - if(!$cb) - { - $text = RenderMan::preprocess_text($_POST['text']); - $name = $session->user_logged_in ? RenderMan::preprocess_text($session->username) : RenderMan::preprocess_text($_POST['name']); - $subj = RenderMan::preprocess_text($_POST['subj']); - if(getConfig('approve_comments')=='1') $appr = '0'; else $appr = '1'; - $q = 'INSERT INTO '.table_prefix.'comments(page_id,namespace,subject,comment_data,name,user_id,approved,time) VALUES(\''.$post_id.'\',\'Blog\',\''.$subj.'\',\''.$text.'\',\''.$name.'\','.$session->user_id.','.$appr.','.time().')'; - $e = $db->sql_query($q); - if(!$e) echo 'Error inserting comment data: '.mysql_error().'

Query:
'.$q; - else - { - echo '

Your comment has been posted.

'; - if(getConfig('approve_comments')=='1') - { - $e=$db->sql_query('UPDATE '.table_prefix.'blog SET num_comments=num_comments+1 WHERE post_id='.$post_id.';'); - if(!$e) - { - echo 'Error during query: '.mysql_error().'

Query:
'.$q; - return false; - } - } - } - } - } - } - - $apprv_clause = ( $session->user_level >= USER_LEVEL_MOD ) ? '' : 'AND approved=1'; - - $q = $db->sql_query('SELECT c.comment_id,c.subject,c.comment_data,c.name,c.time,c.approved,c.time,u.signature,u.user_level,u.user_id FROM '.table_prefix.'comments AS c - LEFT JOIN '.table_prefix.'users AS u - ON u.user_id=c.user_id - WHERE page_id='.$post_id.' - AND namespace=\'Blog\' - '.$apprv_clause.' - ORDER BY time DESC;'); - if(!$q) - { - echo $db->get_error(); - return false; - } - $posts = Array(); - while($row = $db->fetchrow()) - { - $row['text'] =& $row['comment_data']; - $posts[] = $row; - } - return $posts; -} - -/** - * Formats a comments array from EnanoPress_GetComments() as HTML - * @param array $comments The array of fetched comments - * @return string - */ - -function EnanoPress_FormatComments($comments) -{ - global $db, $session, $paths, $template, $plugins; // Common objects - - ob_start(); - $tpl = $template->makeParser('comment.tpl'); - - $seed = substr(md5(microtime() . mt_rand()), 0, 12); - - ?> - - Post comments"; - if ( count($comments) < 1 ) - { - $commentlink = ( getConfig('comments_need_login') == '2' && !$session->user_logged_in ) ? 'Log in to post a comment...' : 'Leave a comment...' ; - echo '

There are no comments on this post. Yours could be the first! '.$commentlink.'

'; - } - $i = -1; - - foreach($comments as $comment) - { - $auth_edit = ( ( intval($comment['user_id']) == $session->user_id && $session->user_logged_in ) || $session->user_level >= USER_LEVEL_MOD ); - $auth_mod = ( $session->user_level >= USER_LEVEL_MOD ); - - // Comment ID (used in the Javascript apps) - $strings['ID'] = (string)$i; - - // Determine the name, and whether to link to the user page or not - $name = ''; - if($comment['user_id'] > 0) $name .= ''; - $name .= $comment['name']; - if($comment['user_id'] > 0) $name .= ''; - $strings['NAME'] = $name; unset($name); - - // Subject - $s = $comment['subject']; - if(!$comment['approved']) $s .= ' (Unapproved)'; - $strings['SUBJECT'] = $s; - - // Date and time - $strings['DATETIME'] = date('F d, Y h:i a', $comment['time']); - - // User level - switch($comment['user_level']) - { - default: - case USER_LEVEL_GUEST: - $l = 'Guest'; - break; - case USER_LEVEL_MEMBER: - $l = 'Member'; - break; - case USER_LEVEL_MOD: - $l = 'Moderator'; - break; - case USER_LEVEL_ADMIN: - $l = 'Administrator'; - break; - } - $strings['USER_LEVEL'] = $l; unset($l); - - // The actual comment data - $strings['DATA'] = RenderMan::render($comment['text']); - - // Edit link - $strings['EDIT_LINK'] = 'edit'; - - // Delete link - $strings['DELETE_LINK'] = 'delete'; - - // Send PM link - $strings['SEND_PM_LINK'] = ( $session->user_logged_in && $comment['user_id'] > 0 ) ? 'Send private message' : ''; - - // Add Buddy link - $strings['ADD_BUDDY_LINK'] = ( $session->user_logged_in && $comment['user_id'] > 0 ) ? 'Add Buddy' : ''; - - // Mod links - $applink = ''; - $applink .= ''; - if($comment['approved']) $applink .= 'Unapprove'; - else $applink .= 'Approve'; - $applink .= ''; - $strings['MOD_APPROVE_LINK'] = $applink; - unset($applink); - $strings['MOD_DELETE_LINK'] = 'Delete'; - - // Signature - $strings['SIGNATURE'] = ''; - if($comment['signature'] != '') $strings['SIGNATURE'] = RenderMan::render($comment['signature']); - - $bool['auth_mod'] = $auth_mod; - $bool['can_edit'] = $auth_edit; - $bool['signature'] = ( $strings['SIGNATURE'] == '' ) ? false : true; - - $tpl->assign_vars($strings); - $tpl->assign_bool($bool); - echo $tpl->run(); - } - - $sn = $session->user_logged_in ? $session->username . '' : ''; - if(getConfig('comments_need_login') == '1') - { - $session->kill_captcha(); - $captcha = $session->make_captcha(); - } - $captcha = ( getConfig('comments_need_login') == '1' && !$session->user_logged_in ) ? 'Visual confirmation:
Please enter the code you see on the right.

Code:
' : ''; - - echo '

- '.EnanoPress_Separator().' - -

- -'; - - $ret = ob_get_contents(); - ob_end_clean(); - return $ret; -} - -function page_Admin_EnanoPress() -{ - global $db, $session, $paths, $template, $plugins; if($session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN) { header('Location: '.makeUrl($paths->nslist['Special'].'Administration'.urlSeparator.'noheaders')); die('Hacking attempt'); } - echo '

Coming soon!

'; -} - -?> \ No newline at end of file

Your name or screen name:	'.$sn.'
Comment subject:
Comment text: (most HTML will be stripped)

Subject:
Comment:	{$row['comment_data']}