diff -r 000000000000 -r 902822492a68 plugins/EnanoPress.php --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/plugins/EnanoPress.php Wed Jun 13 16:03:00 2007 -0400 @@ -0,0 +1,767 @@ +attachHook('base_classes_initted', ' + $paths->add_page(Array( + \'name\'=>\'Site Blog\', + \'urlname\'=>\'Blog\', + \'namespace\'=>\'Special\', + \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', + )); + $paths->add_page(Array( + \'name\'=>\'Write blog post\', + \'urlname\'=>\'WriteBlogPost\', + \'namespace\'=>\'Special\', + \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', + )); + $paths->addAdminNode(\'Plugin configuration\', \'EnanoPress settings\', \'EnanoPress\'); + '); + +$plugins->attachHook('compile_template', 'global $template; $template->tpl_bool[\'in_blog\'] = false;'); +$plugins->attachHook('paths_init_before', 'global $paths; $paths->create_namespace("Blog", "BlogPost:");'); +$plugins->attachHook('page_not_found', 'return EnanoPress_BlogNamespaceHandler();'); +$plugins->attachHook('page_type_string_set', 'global $paths, $template; if($paths->namespace == "Blog") $template->namespace_string = "blog post";'); + +define('BLOG_POST_PUBLISHED', 1); +define('BLOG_POST_DRAFT', 0); +define('BLOG_POSTS_PER_PAGE', 20); + +function EnanoPress_BlogNamespaceHandler() +{ + global $db, $session, $paths, $template, $plugins; // Common objects + $pid = intval($paths->cpage['urlname_nons']); + if($pid == 0) return null; + $q = $db->sql_query('SELECT post_id, post_title, post_content, time, author FROM '.table_prefix.'blog WHERE status='.BLOG_POST_PUBLISHED.' AND post_id='.$pid.';'); + if(!$q) $db->_die(''); + if($db->numrows() < 1) return null; + $row = $db->fetchrow($q); + $paths->cpage['name'] = $row['post_title']; + $template->header(); + echo EnanoPress_FormatBlogPost($row['post_title'], RenderMan::render($row['post_content']), $row['time'], $row['author'], 0, $row['post_id']); + echo EnanoPress_Separator(); + $sub = ( isset ($_GET['sub']) ) ? $_GET['sub'] : false; + $act = ( isset ($_GET['action']) ) ? $_GET['action'] : false; + $id = ( isset ($_GET['id']) ) ? intval($_GET['id']) : -1; + $comments = EnanoPress_GetComments($id); + echo $comments; + $template->footer(); + return true; +} + +function page_Special_Blog() +{ + global $db, $session, $paths, $template, $plugins; // Common objects + if(!getConfig('blog_table_version')) + { + $q = $db->sql_query('CREATE TABLE '.table_prefix.'blog ( post_id mediumint(8) NOT NULL auto_increment, post_title text, post_content text, time int(12), status tinyint(1) NOT NULL DEFAULT 0, author varchar(63) NOT NULL, num_comments mediumint(8) NOT NULL DEFAULT 0, PRIMARY KEY ( post_id ) );'); + if(!$q) $db->_die('The blog table could not be created'); + setConfig('blog_table_version', '1'); + } + if($n = getConfig('blog_name')) $paths->cpage['name'] = $n; + if(!defined('ENANO_TEMPLATE_LOADED')) + $template->init_vars(); + $template->tpl_bool['in_blog'] = true; + $template->header(); + if($s = $paths->getParam(0)) + { + if($s == 'archive') + { + $y = (int)$paths->getParam(1); + $m = (int)$paths->getParam(2); + $d = (int)$paths->getParam(3); + $t = $paths->getParam(4); + if(!$y || !$m || !$d || !$t) + { + echo '

Invalid permalink syntax

'; + $template->footer(); + return false; + } + $t = $db->escape(str_replace(Array('-', '_'), Array('_', '_'), $t)); // It's impossible to reconstruct the title from the URL, so let MySQL do it for us using wildcards + // Determine the valid UNIX timestamp values + $lower_limit = mktime(0, 0, 0, $m, $d, $y); + // EnanoPress will officially stop working on February 29, 2052. To extend the date, add more leap years here. + $leapyears = Array(2000,2004,2008,2012,2016,2020,2024,2028,2032,2040,2044,2048); + // add one to the day + // 30 days hath September, April, June, and November, all the rest have 31, except el enano, February :-P + if (in_array($m, Array(4, 6, 9, 11)) && $d == 30) $m++; + elseif(in_array($m, Array(1, 3, 5, 7, 8, 10, 12)) && $d == 31) $m++; + elseif($m == 2 && in_array($y, $leapyears) && $d == 29) $m++; + elseif($m == 2 && !in_array($y, $leapyears) && $d == 28) $m++; + else $d++; + $upper_limit = mktime(0, 0, 0, $m, $d, $y); + $q = $db->sql_query('SELECT b.post_id, b.post_title, b.post_content, b.time, COUNT(c.comment_id) AS num_comments, b.author FROM '.table_prefix.'blog AS b LEFT JOIN '.table_prefix.'comments AS c ON (c.page_id=b.post_id AND c.namespace=\'Blog\' AND c.approved=1) WHERE b.status='.BLOG_POST_PUBLISHED.' AND b.post_title LIKE \''.$t.'\' AND b.time >= '.$lower_limit.' AND b.time <= '.$upper_limit.' GROUP BY b.post_id ORDER BY b.time DESC;'); + if(!$q) + { + echo $db->get_error(); + $template->footer(); + return; + } + if($db->numrows() < 1) + { + // Try it with no date specifiation + $q = $db->sql_query('SELECT b.post_id, b.post_title, b.post_content, b.time, COUNT(c.comment_id) AS num_comments, b.author FROM '.table_prefix.'blog AS b LEFT JOIN '.table_prefix.'comments AS c ON (c.page_id=b.post_id AND c.namespace=\'Blog\' AND c.approved=1) WHERE b.status='.BLOG_POST_PUBLISHED.' AND b.post_title LIKE \''.$t.'\' GROUP BY b.post_id ORDER BY b.time DESC;'); + if(!$q) + { + echo $db->get_error(); + $template->footer(); + return; + } + if($db->numrows() < 1) + { + echo '

No posts matching that permalink could be found.

'; + $template->footer(); + return; + } + } + $row = $db->fetchrow(); + echo EnanoPress_FormatBlogPost($row['post_title'], RenderMan::render($row['post_content']), $row['time'], $row['author'], (int)$row['num_comments'], (int)$row['post_id']); + echo EnanoPress_Separator(); + $sub = ( isset ($_GET['sub']) ) ? $_GET['sub'] : false; + $act = ( isset ($_GET['action']) ) ? $_GET['action'] : false; + $id = ( isset ($_GET['id']) ) ? intval($_GET['id']) : -1; + $comments = EnanoPress_GetComments((int)$row['post_id']); + if(is_array($comments)) + { + $comments = EnanoPress_FormatComments($comments); + echo $comments; + } + $template->footer(); + return; + } + else + { + $start = intval($s); + } + } + else $start = 0; + $end = $start + BLOG_POSTS_PER_PAGE + 1; + $q = $db->sql_query('SELECT b.post_id, b.post_title, b.post_content, b.time, b.author, COUNT(c.comment_id) AS num_comments FROM '.table_prefix.'blog AS b LEFT JOIN '.table_prefix.'comments AS c ON (c.page_id=b.post_id AND c.namespace=\'Blog\' AND c.approved=1) WHERE b.status='.BLOG_POST_PUBLISHED.' GROUP BY b.post_id ORDER BY b.time DESC LIMIT '.$start.','. $end .';'); + if(!$q) { echo $db->get_error('The blog data could not be selected'); $template->footer(); return false; } + $numrows = $db->numrows(); + if($numrows == BLOG_POSTS_PER_PAGE+1) + { + $nextpage = true; + $numrows = BLOG_POSTS_PER_PAGE; + } + if($numrows < 1) + { + echo '

No posts yet! Write a post...

'; + } + else + { + $i = 0; + while($row = $db->fetchrow()) + { + $i++; + if($i == BLOG_POSTS_PER_PAGE+1) break; + echo EnanoPress_FormatBlogPost($row['post_title'], RenderMan::render($row['post_content']), $row['time'], $row['author'], (int)$row['num_comments'], (int)$row['post_id']); + if($i < $numrows) echo EnanoPress_Separator(); + } + if($session->user_level >= USER_LEVEL_MOD) echo '

More actions

Write a post...

'; + } + $template->footer(); +} + +function page_Special_WriteBlogPost() +{ + global $db, $session, $paths, $template, $plugins; // Common objects + if($session->user_level < USER_LEVEL_MOD) die_friendly('Access denied', '

You are not authorized to post blog messages.

'); + $errors = Array(); + $template->header(); + $editing = false; + if(isset($_POST['__save'])) $status = BLOG_POST_DRAFT; + if(isset($_POST['__publish'])) $status = BLOG_POST_PUBLISHED; + if(isset($_POST['__save']) || isset($_POST['__publish'])) + { + $text = RenderMan::preprocess_text($_POST['content'], false, true); + $title = $db->escape(htmlspecialchars($_POST['title'])); + $author = $db->escape($session->username); + $time = time(); + if($text == '') $errors[] = 'You must enter a post.'; + if($title == '') $errors[] = 'You must enter a title for your post.'; + if(sizeof($errors) < 1) + { + if(isset($_POST['edit_id']) && preg_match('#^([0-9]+)$#', $_POST['edit_id'])) + { + $q = $db->sql_query('UPDATE '.table_prefix."blog SET post_title='{$title}',post_content='{$text}',time={$time},author='{$author}',status=".$status." WHERE post_id={$_POST['edit_id']};"); + } + else + { + $q = $db->sql_query('INSERT INTO '.table_prefix."blog(post_title,post_content,time,author,status) VALUES('{$title}', '{$text}', {$time}, '{$author}', ".$status.");"); + } + if(!$q) + { + echo $db->get_error(); + $template->footer(); + return; + } + $q = $db->sql_query('SELECT post_id FROM '.table_prefix.'blog WHERE time='.$time.' ORDER BY post_id DESC;'); + if(!$q) { echo $db->get_error(); $template->footer(); return false; } + if($db->numrows() > 0) + { + $row = $db->fetchrow(); + $editing = $row['post_id']; + } + switch($status): + case BLOG_POST_DRAFT: + echo '

Your post has been saved; however it will not appear on the main blog page until it is published.

'; + break; + case BLOG_POST_PUBLISHED: + echo '

Your post has been published to the main blog page.

'; + break; + endswitch; + } + + $text =& $_POST['content']; + $title =& $_POST['title']; + } + elseif(isset($_POST['__delete']) && isset($_POST['del_confirm'])) + { + $pid = intval($_POST['edit_id']); + if($pid > 0) + { + $q = $db->sql_query('DELETE FROM '.table_prefix.'blog WHERE post_id='.$pid.';'); + if(!$q) + { + echo $db->get_error(); + $template->footer(); + return; + } + else + echo '

Your post has been deleted.

'; + } + $text = ''; + $title = ''; + $editing = false; + } + elseif($t = $paths->getParam(0)) + { + $id = intval($t); + if($t == 0) die('SQL injection attempt'); + $q = $db->sql_query('SELECT post_title,post_content FROM '.table_prefix.'blog WHERE post_id='.$t.';'); + if(!$q) { echo $db->get_error(); $template->footer(); return false; } + if($db->numrows() > 0) + { + $row = $db->fetchrow(); + $text =& $row['post_content']; + $title =& $row['post_title']; + $editing = $t; + } + else + { + $text = ''; + $title = ''; + } + } + elseif(isset($_POST['__preview'])) + { + $text = RenderMan::preprocess_text($_POST['content'], false, false); + $text = RenderMan::render($text); + ob_start(); + eval('?>'.$text); + $text = ob_get_contents(); + ob_end_clean(); + echo '

Reminder:
This is only a preview - your changes to this post will not be saved until you click Save Draft or Save and Publish below.

' + . PageUtils::scrollBox(EnanoPress_FormatBlogPost($_POST['title'], $text, time(), $session->username, 0, false)); + $text =& $_POST['content']; + $title = $_POST['title']; + } + else + { + $text = ''; + $title = ''; + } + if(sizeof($errors) > 0) + { + echo '

The following errors were encountered:
' . implode('
', $errors) . '

'; + } + $q = $db->sql_query('SELECT post_id, post_title FROM '.table_prefix.'blog WHERE status='.BLOG_POST_DRAFT.' ORDER BY post_title ASC;'); + if(!$q) { echo $db->get_error('The blog data could not be selected'); $template->footer(); return false; } + $n = $db->numrows(); + if($n > 0) + { + echo '

Your drafts: '; + $posts = Array(); + while($r = $db->fetchrow()) + { + $posts[$r['post_id']] = $r['post_title']; + } + $i=0; + foreach($posts as $id => $t) + { + $i++; + echo ''.$t.''; + if($i < $n) echo ' » '; + } + echo '

'; + } + $idthing = ( $editing ) ? '' : ''; + $delbtn = ( $editing ) ? ' I\'m sure' : ''; + $textarea = $template->tinymce_textarea('content', $text); + echo ''; + $template->footer(); +} + +/** + * Convert a blog post to HTML + * @param string $title the name of the blog post + * @param string $text the content, needs to be HTML formatted as no renderer is called + * @param int $time UNIX timestamp for the time of the post + * @param string $author [user]name of the person who wrote the post + * @param int $num_comments The number of comments attached to the post + * @param int $post_id The numerical ID of the post + * @return string + */ + +function EnanoPress_FormatBlogPost($title, $text, $time, $author, $num_comments = 0, $post_id) +{ + global $db, $session, $paths, $template, $plugins; // Common objects + static $cached_template = false; + if(!$cached_template) + { + if(file_exists(ENANO_ROOT.'/themes/'.$session->theme.'/blogpost.tpl')) + $cached_template = file_get_contents(ENANO_ROOT.'/themes/'.$session->theme.'/blogpost.tpl', 'r'); + if(!$cached_template) + $cached_template = << +

{D} {j} {M} {Y}

{TITLE}

Posted by {AUTHOR}
{COMMENT_LINK_TEXT} | edit this post

+ {CONTENT} +

+ +TPLCODE; + } + $parser = $template->makeParserText($cached_template); + $datechars = 'dDjlSwzWFmMntLYyaABGhHisIOTZrU'; // A list of valid metacharacters for date() + $datechars = enano_str_split($datechars); + $datevals = Array(); + foreach($datechars as $d) + { + $datevals[$d] = date($d, $time); + } + unset($datechars); + $parser->assign_vars($datevals); + $parser->assign_bool(Array( + 'can_edit'=> ( $session->user_level >= USER_LEVEL_MOD ), + )); + $permalink = makeUrlNS('Special', 'Blog/archive/'.date('Y', $time).'/'.date('m', $time).'/'.date('d', $time).'/'.enanopress_sanitize_title($title)); + $commentlink = $permalink . '#post-comments'; + if($num_comments == 0) $ctext = 'No comments'; + elseif($num_comments == 1) $ctext = '1 comment'; + else $ctext = $num_comments . ' comments'; + $edit_link = ( is_int($post_id) ) ? makeUrlNS('Special', 'WriteBlogPost/'.$post_id) : '#" onclick="return false;'; + $parser->assign_vars(Array( + 'TITLE' => $title, + 'PERMALINK' => $permalink, + 'AUTHOR' => $author, + 'AUTHOR_LINK' => makeUrlNS('User', $author), + 'AUTHOR_USERPAGE_CLASS' => ( isset($paths->pages[$paths->nslist['User'].$author]) ) ? '' : ' class="wikilink-nonexistent" ', + 'COMMENT_LINK' => $commentlink, + 'COMMENT_LINK_TEXT' => $ctext, + 'CONTENT' => $text, + 'EDIT_LINK' => $edit_link, + )); + return $parser->run(); +} + +/** + * Draws a separator for use between blog posts - searches for the appropriate template file + * @return string + */ + +function EnanoPress_Separator() +{ + global $db, $session, $paths, $template, $plugins; // Common objects + static $cached_template = false; + if(!$cached_template) + { + if(file_exists(ENANO_ROOT.'/themes/'.$session->theme.'/blogseparator.tpl')) + $cached_template = file_get_contents(ENANO_ROOT.'/themes/'.$session->theme.'/blogseparator.tpl'); + if(!$cached_template) + $cached_template = << +TPLCODE; + } + $parser = $template->makeParserText($cached_template); + return $parser->run(); +} + +/** + * Make a blog post title acceptable for URLs + * @param string $text the input text + * @return string + */ + +function enanopress_sanitize_title($text) +{ + $text = strtolower(str_replace(' ', '_', $text)); + $badchars = '/*+-,.?!@#$%^&*|{}[];:\'"`~'; + $badchars = enano_str_split($badchars); + $dash = Array(); + foreach($badchars as $i => $b) $dash[] = "-"; + $text = str_replace($badchars, $dash, $text); + return $text; +} + +/** + * Fetch comments for a post + * @param int $post_id The numerical ID of the post to get comments for + * @return array A hierarchial array - numbered keys, each key is a subarray with keys "name", "subject", "text", "time", and "comment_id" with time being a UNIX timestamp + */ + +function EnanoPress_GetComments($post_id) +{ + global $db, $session, $paths, $template, $plugins; // Common objects + + if(!is_int($post_id)) return false; + + if(isset($_GET['sub'])) + { + $e = $db->sql_query('SELECT comment_id,name,subject,comment_data,user_id FROM '.table_prefix.'comments WHERE comment_id='.intval($_REQUEST['id']).';'); + if($e) + { + $comment = $db->fetchrow(); + $auth_edit = ( ( intval($comment['user_id']) == $session->user_id && $session->user_logged_in ) || $session->user_level >= USER_LEVEL_MOD ); + if($auth_edit) + { + switch($_GET['sub']) + { + case 'editcomment': + if(!isset($_GET['id']) || ( isset($_GET['id']) && !preg_match('#^([0-9]+)$#', $_GET['id']) )) { echo '

Invalid comment ID

'; break; } + $row =& $comment; + echo '

Edit comment

'; + return false; + break; + case 'savecomment': + if(empty($_POST['subj']) || empty($_POST['text'])) { echo '

Invalid request

'; break; } + $r = PageUtils::savecomment_neater((string)$post_id, 'Blog', $_POST['subj'], $_POST['text'], (int)$_POST['id']); + if($r != 'good') { echo "

$r

"; return false; } + break; + case 'deletecomment': + if(isset($_GET['id'])) + { + $q = 'DELETE FROM '.table_prefix.'comments WHERE comment_id='.intval($_GET['id']).' LIMIT 1;'; + $e=$db->sql_query($q); + if(!$e) + { + echo 'Error during query: '.mysql_error().'

Query:
'.$q; + return false; + } + $e=$db->sql_query('UPDATE '.table_prefix.'blog SET num_comments=num_comments-1 WHERE post_id='.$post_id.';'); + if(!$e) + { + echo 'Error during query: '.mysql_error().'

Query:
'.$q; + return false; + } + } + break; + case 'admin': + if(isset($_GET['action']) && $session->user_level >= USER_LEVEL_MOD) // Nip hacking attempts in the bud + { + switch($_GET['action']) { + case "delete": + if(isset($_GET['id'])) + { + $q = 'DELETE FROM '.table_prefix.'comments WHERE comment_id='.intval($_GET['id']).' LIMIT 1;'; + $e=$db->sql_query($q); + if(!$e) + { + echo 'Error during query: '.mysql_error().'

Query:
'.$q; + return false; + } + $e=$db->sql_query('UPDATE '.table_prefix.'blog SET num_comments=num_comments-1 WHERE post_id='.$post_id.';'); + if(!$e) + { + echo 'Error during query: '.mysql_error().'

Query:
'.$q; + return false; + } + } + break; + case "approve": + if(isset($_GET['id'])) + { + $where = 'comment_id='.intval($_GET['id']); + $q = 'SELECT approved FROM '.table_prefix.'comments WHERE '.$where.' LIMIT 1;'; + $e = $db->sql_query($q); + if(!$e) die('alert(unesape(\''.rawurlencode('Error selecting approval status: '.mysql_error().'\n\nQuery:\n'.$q).'\'));'); + $r = $db->fetchrow(); + $a = ( $r['approved'] ) ? '0' : '1'; + $q = 'UPDATE '.table_prefix.'comments SET approved='.$a.' WHERE '.$where.';'; + $e=$db->sql_query($q); + if(!$e) + { + echo 'Error during query: '.mysql_error().'

Query:
'.$q; + return false; + } + if($a == '1') + { + $q = 'UPDATE '.table_prefix.'blog SET num_comments=num_comments+1 WHERE post_id='.$post_id.';'; + } + else + { + $q = 'UPDATE '.table_prefix.'blog SET num_comments=num_comments-1 WHERE post_id='.$post_id.';'; + } + $e=$db->sql_query($q); + if(!$e) + { + echo 'Error during query: '.mysql_error().'

Query:
'.$q; + return false; + } + } + break; + } + } + break; + } + } + else + { + echo '

You are not authorized to perform this action.

'; + } + } + } + + if(isset($_POST['__doPostBack'])) + { + if(getConfig('comments_need_login') == '2' && !$session->user_logged_in) echo('Access denied to post comments: you need to be logged in first.'); + else + { + $cb=false; + if(getConfig('comments_need_login') == '1' && !$session->user_logged_in) + { + if(!isset($_POST['captcha_input']) || !isset($_POST['captcha_id'])) + { + echo('BUG: PageUtils::addcomment: no CAPTCHA data passed to method'); + $cb=true; + } + else + { + $result = $session->get_captcha($_POST['captcha_id']); + if($_POST['captcha_input'] != $result) { $cb=true; echo('The confirmation code you entered was incorrect.'); } + } + } + if(!$cb) + { + $text = RenderMan::preprocess_text($_POST['text']); + $name = $session->user_logged_in ? RenderMan::preprocess_text($session->username) : RenderMan::preprocess_text($_POST['name']); + $subj = RenderMan::preprocess_text($_POST['subj']); + if(getConfig('approve_comments')=='1') $appr = '0'; else $appr = '1'; + $q = 'INSERT INTO '.table_prefix.'comments(page_id,namespace,subject,comment_data,name,user_id,approved,time) VALUES(\''.$post_id.'\',\'Blog\',\''.$subj.'\',\''.$text.'\',\''.$name.'\','.$session->user_id.','.$appr.','.time().')'; + $e = $db->sql_query($q); + if(!$e) echo 'Error inserting comment data: '.mysql_error().'

Query:
'.$q; + else + { + echo '

Your comment has been posted.

'; + if(getConfig('approve_comments')=='1') + { + $e=$db->sql_query('UPDATE '.table_prefix.'blog SET num_comments=num_comments+1 WHERE post_id='.$post_id.';'); + if(!$e) + { + echo 'Error during query: '.mysql_error().'

Query:
'.$q; + return false; + } + } + } + } + } + } + + $apprv_clause = ( $session->user_level >= USER_LEVEL_MOD ) ? '' : 'AND approved=1'; + + $q = $db->sql_query('SELECT c.comment_id,c.subject,c.comment_data,c.name,c.time,c.approved,c.time,u.signature,u.user_level,u.user_id FROM '.table_prefix.'comments AS c + LEFT JOIN '.table_prefix.'users AS u + ON u.user_id=c.user_id + WHERE page_id='.$post_id.' + AND namespace=\'Blog\' + '.$apprv_clause.' + ORDER BY time DESC;'); + if(!$q) + { + echo $db->get_error(); + return false; + } + $posts = Array(); + while($row = $db->fetchrow()) + { + $row['text'] =& $row['comment_data']; + $posts[] = $row; + } + return $posts; +} + +/** + * Formats a comments array from EnanoPress_GetComments() as HTML + * @param array $comments The array of fetched comments + * @return string + */ + +function EnanoPress_FormatComments($comments) +{ + global $db, $session, $paths, $template, $plugins; // Common objects + + ob_start(); + $tpl = $template->makeParser('comment.tpl'); + + $seed = substr(md5(microtime() . mt_rand()), 0, 12); + + ?> + + Post comments"; + if ( count($comments) < 1 ) + { + $commentlink = ( getConfig('comments_need_login') == '2' && !$session->user_logged_in ) ? 'Log in to post a comment...' : 'Leave a comment...' ; + echo '

There are no comments on this post. Yours could be the first! '.$commentlink.'

'; + } + $i = -1; + + foreach($comments as $comment) + { + $auth_edit = ( ( intval($comment['user_id']) == $session->user_id && $session->user_logged_in ) || $session->user_level >= USER_LEVEL_MOD ); + $auth_mod = ( $session->user_level >= USER_LEVEL_MOD ); + + // Comment ID (used in the Javascript apps) + $strings['ID'] = (string)$i; + + // Determine the name, and whether to link to the user page or not + $name = ''; + if($comment['user_id'] > 0) $name .= ''; + $name .= $comment['name']; + if($comment['user_id'] > 0) $name .= ''; + $strings['NAME'] = $name; unset($name); + + // Subject + $s = $comment['subject']; + if(!$comment['approved']) $s .= ' (Unapproved)'; + $strings['SUBJECT'] = $s; + + // Date and time + $strings['DATETIME'] = date('F d, Y h:i a', $comment['time']); + + // User level + switch($comment['user_level']) + { + default: + case USER_LEVEL_GUEST: + $l = 'Guest'; + break; + case USER_LEVEL_MEMBER: + $l = 'Member'; + break; + case USER_LEVEL_MOD: + $l = 'Moderator'; + break; + case USER_LEVEL_ADMIN: + $l = 'Administrator'; + break; + } + $strings['USER_LEVEL'] = $l; unset($l); + + // The actual comment data + $strings['DATA'] = RenderMan::render($comment['text']); + + // Edit link + $strings['EDIT_LINK'] = 'edit'; + + // Delete link + $strings['DELETE_LINK'] = 'delete'; + + // Send PM link + $strings['SEND_PM_LINK'] = ( $session->user_logged_in && $comment['user_id'] > 0 ) ? 'Send private message' : ''; + + // Add Buddy link + $strings['ADD_BUDDY_LINK'] = ( $session->user_logged_in && $comment['user_id'] > 0 ) ? 'Add Buddy' : ''; + + // Mod links + $applink = ''; + $applink .= ''; + if($comment['approved']) $applink .= 'Unapprove'; + else $applink .= 'Approve'; + $applink .= ''; + $strings['MOD_APPROVE_LINK'] = $applink; + unset($applink); + $strings['MOD_DELETE_LINK'] = 'Delete'; + + // Signature + $strings['SIGNATURE'] = ''; + if($comment['signature'] != '') $strings['SIGNATURE'] = RenderMan::render($comment['signature']); + + $bool['auth_mod'] = $auth_mod; + $bool['can_edit'] = $auth_edit; + $bool['signature'] = ( $strings['SIGNATURE'] == '' ) ? false : true; + + $tpl->assign_vars($strings); + $tpl->assign_bool($bool); + echo $tpl->run(); + } + + $sn = $session->user_logged_in ? $session->username . '' : ''; + if(getConfig('comments_need_login') == '1') + { + $session->kill_captcha(); + $captcha = $session->make_captcha(); + } + $captcha = ( getConfig('comments_need_login') == '1' && !$session->user_logged_in ) ? 'Visual confirmation:
Please enter the code you see on the right.

Code:
' : ''; + + echo '

+ '.EnanoPress_Separator().' + +

+ +'; + + $ret = ob_get_contents(); + ob_end_clean(); + return $ret; +} + +function page_Admin_EnanoPress() +{ + global $db, $session, $paths, $template, $plugins; if($session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN) { header('Location: '.makeUrl($paths->nslist['Special'].'Administration'.urlSeparator.'noheaders')); die('Hacking attempt'); } + echo '

Coming soon!

'; +} + +?> \ No newline at end of file

Your name or screen name:	'.$sn.'
Comment subject:
Comment text: (most HTML will be stripped)

Subject:
Comment:	{$row['comment_data']}