# HG changeset patch # User dan@fuhry # Date 1181775554 14400 # Node ID 0b3a0aedfd5389a8a599befb37242d6208112756 # Parent 2b2084ca1e607c722b3e477deaa55aa40383179c Fixed plugin hooks in pageprocess diff -r 2b2084ca1e60 -r 0b3a0aedfd53 includes/pageprocess.php --- a/includes/pageprocess.php Wed Jun 13 16:59:00 2007 -0400 +++ b/includes/pageprocess.php Wed Jun 13 18:59:14 2007 -0400 @@ -194,9 +194,9 @@ { $this->err_page_not_existent(); } - } + } /** @@ -222,7 +222,7 @@ } // Does the page "exist"? - if ( $paths->cpage['urlname_nons'] == $page_id && $paths->namespace == $namespace && !$paths->page_exists && ( $this->namespace == 'Admin' && !function_exists($fname) ) ) + if ( $paths->cpage['urlname_nons'] == $page_id && $paths->namespace == $namespace && !$paths->page_exists && ( $this->namespace != 'Admin' || ($this->namespace == 'Admin' && !function_exists($fname) ) ) ) { $this->page_exists = false; } diff -r 2b2084ca1e60 -r 0b3a0aedfd53 plugins/Decir.php --- a/plugins/Decir.php Wed Jun 13 16:59:00 2007 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,92 +0,0 @@ -attachHook('acl_rule_init', 'decir_early_init($this, $session);'); -$plugins->attachHook('base_classes_initted', ' - $paths->add_page(Array( - \'name\'=>\'Forum\', - \'urlname\'=>\'Forum\', - \'namespace\'=>\'Special\', - \'special\'=>0,\'visible\'=>0,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', - )); - '); - -function decir_early_init(&$paths, &$session) -{ - $paths->addAdminNode('Decir forum configuration', 'General settings', 'DecirGeneral'); - $paths->nslist['DecirForum'] = $paths->nslist['Special'] . 'Forum/ViewForum/'; - $paths->nslist['DecirPost'] = $paths->nslist['Special'] . 'Forum/Post/'; - $paths->nslist['DecirTopic'] = $paths->nslist['Special'] . 'Forum/Topic/'; - - $session->register_acl_type('decir_see_forum', AUTH_ALLOW, 'See forum in index', Array('read'), 'DecirForum'); - $session->register_acl_type('decir_view_forum', AUTH_ALLOW, 'View forum', Array('decir_see_forum'), 'DecirForum'); - $session->register_acl_type('decir_post', AUTH_ALLOW, 'Post new topics', Array('decir_view_forum'), 'DecirForum'); - $session->register_acl_type('decir_reply', AUTH_ALLOW, 'Reply to topics', Array('decir_post'), 'DecirTopic'); -} - -function page_Special_Forum() -{ - global $db, $session, $paths, $template, $plugins; // Common objects - - if ( getConfig('decir_version') != ENANO_DECIR_VERSION || isset($_POST['do_install_finish']) ) - { - require(DECIR_ROOT . '/install.php'); - } - - $act = strtolower( ( $n = $paths->getParam(0) ) ? $n : 'Index' ); - - $curdir = getcwd(); - chdir(DECIR_ROOT); - - switch($act) - { - case 'index': - default: - require('forum_index.php'); - break; - case 'viewforum': - require('viewforum.php'); - break; - case 'topic': - case 'post': - case 'viewtopic': - require('viewtopic.php'); - break; - case 'new': - require('posting.php'); - break; - } - - chdir($curdir); - -} - -function page_Admin_DecirGeneral() -{ - global $db, $session, $paths, $template, $plugins; if($session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN) { header('Location: '.makeUrl($paths->nslist['Special'].'Administration'.urlSeparator.'noheaders')); die('Hacking attempt'); } - echo 'Hello world!'; -} - -?> diff -r 2b2084ca1e60 -r 0b3a0aedfd53 plugins/EnanoPress.php --- a/plugins/EnanoPress.php Wed Jun 13 16:59:00 2007 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,767 +0,0 @@ -attachHook('base_classes_initted', ' - $paths->add_page(Array( - \'name\'=>\'Site Blog\', - \'urlname\'=>\'Blog\', - \'namespace\'=>\'Special\', - \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', - )); - $paths->add_page(Array( - \'name\'=>\'Write blog post\', - \'urlname\'=>\'WriteBlogPost\', - \'namespace\'=>\'Special\', - \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\', - )); - $paths->addAdminNode(\'Plugin configuration\', \'EnanoPress settings\', \'EnanoPress\'); - '); - -$plugins->attachHook('compile_template', 'global $template; $template->tpl_bool[\'in_blog\'] = false;'); -$plugins->attachHook('paths_init_before', 'global $paths; $paths->create_namespace("Blog", "BlogPost:");'); -$plugins->attachHook('page_not_found', 'return EnanoPress_BlogNamespaceHandler();'); -$plugins->attachHook('page_type_string_set', 'global $paths, $template; if($paths->namespace == "Blog") $template->namespace_string = "blog post";'); - -define('BLOG_POST_PUBLISHED', 1); -define('BLOG_POST_DRAFT', 0); -define('BLOG_POSTS_PER_PAGE', 20); - -function EnanoPress_BlogNamespaceHandler() -{ - global $db, $session, $paths, $template, $plugins; // Common objects - $pid = intval($paths->cpage['urlname_nons']); - if($pid == 0) return null; - $q = $db->sql_query('SELECT post_id, post_title, post_content, time, author FROM '.table_prefix.'blog WHERE status='.BLOG_POST_PUBLISHED.' AND post_id='.$pid.';'); - if(!$q) $db->_die(''); - if($db->numrows() < 1) return null; - $row = $db->fetchrow($q); - $paths->cpage['name'] = $row['post_title']; - $template->header(); - echo EnanoPress_FormatBlogPost($row['post_title'], RenderMan::render($row['post_content']), $row['time'], $row['author'], 0, $row['post_id']); - echo EnanoPress_Separator(); - $sub = ( isset ($_GET['sub']) ) ? $_GET['sub'] : false; - $act = ( isset ($_GET['action']) ) ? $_GET['action'] : false; - $id = ( isset ($_GET['id']) ) ? intval($_GET['id']) : -1; - $comments = EnanoPress_GetComments($id); - echo $comments; - $template->footer(); - return true; -} - -function page_Special_Blog() -{ - global $db, $session, $paths, $template, $plugins; // Common objects - if(!getConfig('blog_table_version')) - { - $q = $db->sql_query('CREATE TABLE '.table_prefix.'blog ( post_id mediumint(8) NOT NULL auto_increment, post_title text, post_content text, time int(12), status tinyint(1) NOT NULL DEFAULT 0, author varchar(63) NOT NULL, num_comments mediumint(8) NOT NULL DEFAULT 0, PRIMARY KEY ( post_id ) );'); - if(!$q) $db->_die('The blog table could not be created'); - setConfig('blog_table_version', '1'); - } - if($n = getConfig('blog_name')) $paths->cpage['name'] = $n; - if(!defined('ENANO_TEMPLATE_LOADED')) - $template->init_vars(); - $template->tpl_bool['in_blog'] = true; - $template->header(); - if($s = $paths->getParam(0)) - { - if($s == 'archive') - { - $y = (int)$paths->getParam(1); - $m = (int)$paths->getParam(2); - $d = (int)$paths->getParam(3); - $t = $paths->getParam(4); - if(!$y || !$m || !$d || !$t) - { - echo '

Invalid permalink syntax

'; - $template->footer(); - return false; - } - $t = $db->escape(str_replace(Array('-', '_'), Array('_', '_'), $t)); // It's impossible to reconstruct the title from the URL, so let MySQL do it for us using wildcards - // Determine the valid UNIX timestamp values - $lower_limit = mktime(0, 0, 0, $m, $d, $y); - // EnanoPress will officially stop working on February 29, 2052. To extend the date, add more leap years here. - $leapyears = Array(2000,2004,2008,2012,2016,2020,2024,2028,2032,2040,2044,2048); - // add one to the day - // 30 days hath September, April, June, and November, all the rest have 31, except el enano, February :-P - if (in_array($m, Array(4, 6, 9, 11)) && $d == 30) $m++; - elseif(in_array($m, Array(1, 3, 5, 7, 8, 10, 12)) && $d == 31) $m++; - elseif($m == 2 && in_array($y, $leapyears) && $d == 29) $m++; - elseif($m == 2 && !in_array($y, $leapyears) && $d == 28) $m++; - else $d++; - $upper_limit = mktime(0, 0, 0, $m, $d, $y); - $q = $db->sql_query('SELECT b.post_id, b.post_title, b.post_content, b.time, COUNT(c.comment_id) AS num_comments, b.author FROM '.table_prefix.'blog AS b LEFT JOIN '.table_prefix.'comments AS c ON (c.page_id=b.post_id AND c.namespace=\'Blog\' AND c.approved=1) WHERE b.status='.BLOG_POST_PUBLISHED.' AND b.post_title LIKE \''.$t.'\' AND b.time >= '.$lower_limit.' AND b.time <= '.$upper_limit.' GROUP BY b.post_id ORDER BY b.time DESC;'); - if(!$q) - { - echo $db->get_error(); - $template->footer(); - return; - } - if($db->numrows() < 1) - { - // Try it with no date specifiation - $q = $db->sql_query('SELECT b.post_id, b.post_title, b.post_content, b.time, COUNT(c.comment_id) AS num_comments, b.author FROM '.table_prefix.'blog AS b LEFT JOIN '.table_prefix.'comments AS c ON (c.page_id=b.post_id AND c.namespace=\'Blog\' AND c.approved=1) WHERE b.status='.BLOG_POST_PUBLISHED.' AND b.post_title LIKE \''.$t.'\' GROUP BY b.post_id ORDER BY b.time DESC;'); - if(!$q) - { - echo $db->get_error(); - $template->footer(); - return; - } - if($db->numrows() < 1) - { - echo '

No posts matching that permalink could be found.

'; - $template->footer(); - return; - } - } - $row = $db->fetchrow(); - echo EnanoPress_FormatBlogPost($row['post_title'], RenderMan::render($row['post_content']), $row['time'], $row['author'], (int)$row['num_comments'], (int)$row['post_id']); - echo EnanoPress_Separator(); - $sub = ( isset ($_GET['sub']) ) ? $_GET['sub'] : false; - $act = ( isset ($_GET['action']) ) ? $_GET['action'] : false; - $id = ( isset ($_GET['id']) ) ? intval($_GET['id']) : -1; - $comments = EnanoPress_GetComments((int)$row['post_id']); - if(is_array($comments)) - { - $comments = EnanoPress_FormatComments($comments); - echo $comments; - } - $template->footer(); - return; - } - else - { - $start = intval($s); - } - } - else $start = 0; - $end = $start + BLOG_POSTS_PER_PAGE + 1; - $q = $db->sql_query('SELECT b.post_id, b.post_title, b.post_content, b.time, b.author, COUNT(c.comment_id) AS num_comments FROM '.table_prefix.'blog AS b LEFT JOIN '.table_prefix.'comments AS c ON (c.page_id=b.post_id AND c.namespace=\'Blog\' AND c.approved=1) WHERE b.status='.BLOG_POST_PUBLISHED.' GROUP BY b.post_id ORDER BY b.time DESC LIMIT '.$start.','. $end .';'); - if(!$q) { echo $db->get_error('The blog data could not be selected'); $template->footer(); return false; } - $numrows = $db->numrows(); - if($numrows == BLOG_POSTS_PER_PAGE+1) - { - $nextpage = true; - $numrows = BLOG_POSTS_PER_PAGE; - } - if($numrows < 1) - { - echo '

No posts yet! Write a post...

'; - } - else - { - $i = 0; - while($row = $db->fetchrow()) - { - $i++; - if($i == BLOG_POSTS_PER_PAGE+1) break; - echo EnanoPress_FormatBlogPost($row['post_title'], RenderMan::render($row['post_content']), $row['time'], $row['author'], (int)$row['num_comments'], (int)$row['post_id']); - if($i < $numrows) echo EnanoPress_Separator(); - } - if($session->user_level >= USER_LEVEL_MOD) echo '

More actions

Write a post...

'; - } - $template->footer(); -} - -function page_Special_WriteBlogPost() -{ - global $db, $session, $paths, $template, $plugins; // Common objects - if($session->user_level < USER_LEVEL_MOD) die_friendly('Access denied', '

You are not authorized to post blog messages.

'); - $errors = Array(); - $template->header(); - $editing = false; - if(isset($_POST['__save'])) $status = BLOG_POST_DRAFT; - if(isset($_POST['__publish'])) $status = BLOG_POST_PUBLISHED; - if(isset($_POST['__save']) || isset($_POST['__publish'])) - { - $text = RenderMan::preprocess_text($_POST['content'], false, true); - $title = $db->escape(htmlspecialchars($_POST['title'])); - $author = $db->escape($session->username); - $time = time(); - if($text == '') $errors[] = 'You must enter a post.'; - if($title == '') $errors[] = 'You must enter a title for your post.'; - if(sizeof($errors) < 1) - { - if(isset($_POST['edit_id']) && preg_match('#^([0-9]+)$#', $_POST['edit_id'])) - { - $q = $db->sql_query('UPDATE '.table_prefix."blog SET post_title='{$title}',post_content='{$text}',time={$time},author='{$author}',status=".$status." WHERE post_id={$_POST['edit_id']};"); - } - else - { - $q = $db->sql_query('INSERT INTO '.table_prefix."blog(post_title,post_content,time,author,status) VALUES('{$title}', '{$text}', {$time}, '{$author}', ".$status.");"); - } - if(!$q) - { - echo $db->get_error(); - $template->footer(); - return; - } - $q = $db->sql_query('SELECT post_id FROM '.table_prefix.'blog WHERE time='.$time.' ORDER BY post_id DESC;'); - if(!$q) { echo $db->get_error(); $template->footer(); return false; } - if($db->numrows() > 0) - { - $row = $db->fetchrow(); - $editing = $row['post_id']; - } - switch($status): - case BLOG_POST_DRAFT: - echo '
Your post has been saved; however it will not appear on the main blog page until it is published.
'; - break; - case BLOG_POST_PUBLISHED: - echo '
Your post has been published to the main blog page.
'; - break; - endswitch; - } - - $text =& $_POST['content']; - $title =& $_POST['title']; - } - elseif(isset($_POST['__delete']) && isset($_POST['del_confirm'])) - { - $pid = intval($_POST['edit_id']); - if($pid > 0) - { - $q = $db->sql_query('DELETE FROM '.table_prefix.'blog WHERE post_id='.$pid.';'); - if(!$q) - { - echo $db->get_error(); - $template->footer(); - return; - } - else - echo '
Your post has been deleted.
'; - } - $text = ''; - $title = ''; - $editing = false; - } - elseif($t = $paths->getParam(0)) - { - $id = intval($t); - if($t == 0) die('SQL injection attempt'); - $q = $db->sql_query('SELECT post_title,post_content FROM '.table_prefix.'blog WHERE post_id='.$t.';'); - if(!$q) { echo $db->get_error(); $template->footer(); return false; } - if($db->numrows() > 0) - { - $row = $db->fetchrow(); - $text =& $row['post_content']; - $title =& $row['post_title']; - $editing = $t; - } - else - { - $text = ''; - $title = ''; - } - } - elseif(isset($_POST['__preview'])) - { - $text = RenderMan::preprocess_text($_POST['content'], false, false); - $text = RenderMan::render($text); - ob_start(); - eval('?>'.$text); - $text = ob_get_contents(); - ob_end_clean(); - echo '
Reminder:
This is only a preview - your changes to this post will not be saved until you click Save Draft or Save and Publish below.
' - . PageUtils::scrollBox(EnanoPress_FormatBlogPost($_POST['title'], $text, time(), $session->username, 0, false)); - $text =& $_POST['content']; - $title = $_POST['title']; - } - else - { - $text = ''; - $title = ''; - } - if(sizeof($errors) > 0) - { - echo '
The following errors were encountered:
' . implode('
', $errors) . '
'; - } - $q = $db->sql_query('SELECT post_id, post_title FROM '.table_prefix.'blog WHERE status='.BLOG_POST_DRAFT.' ORDER BY post_title ASC;'); - if(!$q) { echo $db->get_error('The blog data could not be selected'); $template->footer(); return false; } - $n = $db->numrows(); - if($n > 0) - { - echo '
Your drafts: '; - $posts = Array(); - while($r = $db->fetchrow()) - { - $posts[$r['post_id']] = $r['post_title']; - } - $i=0; - foreach($posts as $id => $t) - { - $i++; - echo ''.$t.''; - if($i < $n) echo ' » '; - } - echo '
'; - } - $idthing = ( $editing ) ? '' : ''; - $delbtn = ( $editing ) ? ' ' : ''; - $textarea = $template->tinymce_textarea('content', $text); - echo '
' - . '

Post title:


Post:
' - . $textarea - . '

The following information will be added to your post:

' - . '

' - . $delbtn - . '

' - . $idthing - . '
'; - $template->footer(); -} - -/** - * Convert a blog post to HTML - * @param string $title the name of the blog post - * @param string $text the content, needs to be HTML formatted as no renderer is called - * @param int $time UNIX timestamp for the time of the post - * @param string $author [user]name of the person who wrote the post - * @param int $num_comments The number of comments attached to the post - * @param int $post_id The numerical ID of the post - * @return string - */ - -function EnanoPress_FormatBlogPost($title, $text, $time, $author, $num_comments = 0, $post_id) -{ - global $db, $session, $paths, $template, $plugins; // Common objects - static $cached_template = false; - if(!$cached_template) - { - if(file_exists(ENANO_ROOT.'/themes/'.$session->theme.'/blogpost.tpl')) - $cached_template = file_get_contents(ENANO_ROOT.'/themes/'.$session->theme.'/blogpost.tpl', 'r'); - if(!$cached_template) - $cached_template = << -
-

{D} {j} {M} {Y}

-

{TITLE}

Posted by {AUTHOR}
{COMMENT_LINK_TEXT} | edit this post
-
-
- {CONTENT} -
- -TPLCODE; - } - $parser = $template->makeParserText($cached_template); - $datechars = 'dDjlSwzWFmMntLYyaABGhHisIOTZrU'; // A list of valid metacharacters for date() - $datechars = enano_str_split($datechars); - $datevals = Array(); - foreach($datechars as $d) - { - $datevals[$d] = date($d, $time); - } - unset($datechars); - $parser->assign_vars($datevals); - $parser->assign_bool(Array( - 'can_edit'=> ( $session->user_level >= USER_LEVEL_MOD ), - )); - $permalink = makeUrlNS('Special', 'Blog/archive/'.date('Y', $time).'/'.date('m', $time).'/'.date('d', $time).'/'.enanopress_sanitize_title($title)); - $commentlink = $permalink . '#post-comments'; - if($num_comments == 0) $ctext = 'No comments'; - elseif($num_comments == 1) $ctext = '1 comment'; - else $ctext = $num_comments . ' comments'; - $edit_link = ( is_int($post_id) ) ? makeUrlNS('Special', 'WriteBlogPost/'.$post_id) : '#" onclick="return false;'; - $parser->assign_vars(Array( - 'TITLE' => $title, - 'PERMALINK' => $permalink, - 'AUTHOR' => $author, - 'AUTHOR_LINK' => makeUrlNS('User', $author), - 'AUTHOR_USERPAGE_CLASS' => ( isset($paths->pages[$paths->nslist['User'].$author]) ) ? '' : ' class="wikilink-nonexistent" ', - 'COMMENT_LINK' => $commentlink, - 'COMMENT_LINK_TEXT' => $ctext, - 'CONTENT' => $text, - 'EDIT_LINK' => $edit_link, - )); - return $parser->run(); -} - -/** - * Draws a separator for use between blog posts - searches for the appropriate template file - * @return string - */ - -function EnanoPress_Separator() -{ - global $db, $session, $paths, $template, $plugins; // Common objects - static $cached_template = false; - if(!$cached_template) - { - if(file_exists(ENANO_ROOT.'/themes/'.$session->theme.'/blogseparator.tpl')) - $cached_template = file_get_contents(ENANO_ROOT.'/themes/'.$session->theme.'/blogseparator.tpl'); - if(!$cached_template) - $cached_template = << -TPLCODE; - } - $parser = $template->makeParserText($cached_template); - return $parser->run(); -} - -/** - * Make a blog post title acceptable for URLs - * @param string $text the input text - * @return string - */ - -function enanopress_sanitize_title($text) -{ - $text = strtolower(str_replace(' ', '_', $text)); - $badchars = '/*+-,.?!@#$%^&*|{}[];:\'"`~'; - $badchars = enano_str_split($badchars); - $dash = Array(); - foreach($badchars as $i => $b) $dash[] = "-"; - $text = str_replace($badchars, $dash, $text); - return $text; -} - -/** - * Fetch comments for a post - * @param int $post_id The numerical ID of the post to get comments for - * @return array A hierarchial array - numbered keys, each key is a subarray with keys "name", "subject", "text", "time", and "comment_id" with time being a UNIX timestamp - */ - -function EnanoPress_GetComments($post_id) -{ - global $db, $session, $paths, $template, $plugins; // Common objects - - if(!is_int($post_id)) return false; - - if(isset($_GET['sub'])) - { - $e = $db->sql_query('SELECT comment_id,name,subject,comment_data,user_id FROM '.table_prefix.'comments WHERE comment_id='.intval($_REQUEST['id']).';'); - if($e) - { - $comment = $db->fetchrow(); - $auth_edit = ( ( intval($comment['user_id']) == $session->user_id && $session->user_logged_in ) || $session->user_level >= USER_LEVEL_MOD ); - if($auth_edit) - { - switch($_GET['sub']) - { - case 'editcomment': - if(!isset($_GET['id']) || ( isset($_GET['id']) && !preg_match('#^([0-9]+)$#', $_GET['id']) )) { echo '

Invalid comment ID

'; break; } - $row =& $comment; - echo '

Edit comment

'; - echo "
- - - -
Subject:
Comment:
"; - echo '
'; - return false; - break; - case 'savecomment': - if(empty($_POST['subj']) || empty($_POST['text'])) { echo '

Invalid request

'; break; } - $r = PageUtils::savecomment_neater((string)$post_id, 'Blog', $_POST['subj'], $_POST['text'], (int)$_POST['id']); - if($r != 'good') { echo "
$r
"; return false; } - break; - case 'deletecomment': - if(isset($_GET['id'])) - { - $q = 'DELETE FROM '.table_prefix.'comments WHERE comment_id='.intval($_GET['id']).' LIMIT 1;'; - $e=$db->sql_query($q); - if(!$e) - { - echo 'Error during query: '.mysql_error().'

Query:
'.$q; - return false; - } - $e=$db->sql_query('UPDATE '.table_prefix.'blog SET num_comments=num_comments-1 WHERE post_id='.$post_id.';'); - if(!$e) - { - echo 'Error during query: '.mysql_error().'

Query:
'.$q; - return false; - } - } - break; - case 'admin': - if(isset($_GET['action']) && $session->user_level >= USER_LEVEL_MOD) // Nip hacking attempts in the bud - { - switch($_GET['action']) { - case "delete": - if(isset($_GET['id'])) - { - $q = 'DELETE FROM '.table_prefix.'comments WHERE comment_id='.intval($_GET['id']).' LIMIT 1;'; - $e=$db->sql_query($q); - if(!$e) - { - echo 'Error during query: '.mysql_error().'

Query:
'.$q; - return false; - } - $e=$db->sql_query('UPDATE '.table_prefix.'blog SET num_comments=num_comments-1 WHERE post_id='.$post_id.';'); - if(!$e) - { - echo 'Error during query: '.mysql_error().'

Query:
'.$q; - return false; - } - } - break; - case "approve": - if(isset($_GET['id'])) - { - $where = 'comment_id='.intval($_GET['id']); - $q = 'SELECT approved FROM '.table_prefix.'comments WHERE '.$where.' LIMIT 1;'; - $e = $db->sql_query($q); - if(!$e) die('alert(unesape(\''.rawurlencode('Error selecting approval status: '.mysql_error().'\n\nQuery:\n'.$q).'\'));'); - $r = $db->fetchrow(); - $a = ( $r['approved'] ) ? '0' : '1'; - $q = 'UPDATE '.table_prefix.'comments SET approved='.$a.' WHERE '.$where.';'; - $e=$db->sql_query($q); - if(!$e) - { - echo 'Error during query: '.mysql_error().'

Query:
'.$q; - return false; - } - if($a == '1') - { - $q = 'UPDATE '.table_prefix.'blog SET num_comments=num_comments+1 WHERE post_id='.$post_id.';'; - } - else - { - $q = 'UPDATE '.table_prefix.'blog SET num_comments=num_comments-1 WHERE post_id='.$post_id.';'; - } - $e=$db->sql_query($q); - if(!$e) - { - echo 'Error during query: '.mysql_error().'

Query:
'.$q; - return false; - } - } - break; - } - } - break; - } - } - else - { - echo '
You are not authorized to perform this action.
'; - } - } - } - - if(isset($_POST['__doPostBack'])) - { - if(getConfig('comments_need_login') == '2' && !$session->user_logged_in) echo('Access denied to post comments: you need to be logged in first.'); - else - { - $cb=false; - if(getConfig('comments_need_login') == '1' && !$session->user_logged_in) - { - if(!isset($_POST['captcha_input']) || !isset($_POST['captcha_id'])) - { - echo('BUG: PageUtils::addcomment: no CAPTCHA data passed to method'); - $cb=true; - } - else - { - $result = $session->get_captcha($_POST['captcha_id']); - if($_POST['captcha_input'] != $result) { $cb=true; echo('The confirmation code you entered was incorrect.'); } - } - } - if(!$cb) - { - $text = RenderMan::preprocess_text($_POST['text']); - $name = $session->user_logged_in ? RenderMan::preprocess_text($session->username) : RenderMan::preprocess_text($_POST['name']); - $subj = RenderMan::preprocess_text($_POST['subj']); - if(getConfig('approve_comments')=='1') $appr = '0'; else $appr = '1'; - $q = 'INSERT INTO '.table_prefix.'comments(page_id,namespace,subject,comment_data,name,user_id,approved,time) VALUES(\''.$post_id.'\',\'Blog\',\''.$subj.'\',\''.$text.'\',\''.$name.'\','.$session->user_id.','.$appr.','.time().')'; - $e = $db->sql_query($q); - if(!$e) echo 'Error inserting comment data: '.mysql_error().'

Query:
'.$q; - else - { - echo '
Your comment has been posted.
'; - if(getConfig('approve_comments')=='1') - { - $e=$db->sql_query('UPDATE '.table_prefix.'blog SET num_comments=num_comments+1 WHERE post_id='.$post_id.';'); - if(!$e) - { - echo 'Error during query: '.mysql_error().'

Query:
'.$q; - return false; - } - } - } - } - } - } - - $apprv_clause = ( $session->user_level >= USER_LEVEL_MOD ) ? '' : 'AND approved=1'; - - $q = $db->sql_query('SELECT c.comment_id,c.subject,c.comment_data,c.name,c.time,c.approved,c.time,u.signature,u.user_level,u.user_id FROM '.table_prefix.'comments AS c - LEFT JOIN '.table_prefix.'users AS u - ON u.user_id=c.user_id - WHERE page_id='.$post_id.' - AND namespace=\'Blog\' - '.$apprv_clause.' - ORDER BY time DESC;'); - if(!$q) - { - echo $db->get_error(); - return false; - } - $posts = Array(); - while($row = $db->fetchrow()) - { - $row['text'] =& $row['comment_data']; - $posts[] = $row; - } - return $posts; -} - -/** - * Formats a comments array from EnanoPress_GetComments() as HTML - * @param array $comments The array of fetched comments - * @return string - */ - -function EnanoPress_FormatComments($comments) -{ - global $db, $session, $paths, $template, $plugins; // Common objects - - ob_start(); - $tpl = $template->makeParser('comment.tpl'); - - $seed = substr(md5(microtime() . mt_rand()), 0, 12); - - ?> - - Post comments"; - if ( count($comments) < 1 ) - { - $commentlink = ( getConfig('comments_need_login') == '2' && !$session->user_logged_in ) ? 'Log in to post a comment...' : 'Leave a comment...' ; - echo '

There are no comments on this post. Yours could be the first! '.$commentlink.'

'; - } - $i = -1; - - foreach($comments as $comment) - { - $auth_edit = ( ( intval($comment['user_id']) == $session->user_id && $session->user_logged_in ) || $session->user_level >= USER_LEVEL_MOD ); - $auth_mod = ( $session->user_level >= USER_LEVEL_MOD ); - - // Comment ID (used in the Javascript apps) - $strings['ID'] = (string)$i; - - // Determine the name, and whether to link to the user page or not - $name = ''; - if($comment['user_id'] > 0) $name .= ''; - $name .= $comment['name']; - if($comment['user_id'] > 0) $name .= ''; - $strings['NAME'] = $name; unset($name); - - // Subject - $s = $comment['subject']; - if(!$comment['approved']) $s .= ' (Unapproved)'; - $strings['SUBJECT'] = $s; - - // Date and time - $strings['DATETIME'] = date('F d, Y h:i a', $comment['time']); - - // User level - switch($comment['user_level']) - { - default: - case USER_LEVEL_GUEST: - $l = 'Guest'; - break; - case USER_LEVEL_MEMBER: - $l = 'Member'; - break; - case USER_LEVEL_MOD: - $l = 'Moderator'; - break; - case USER_LEVEL_ADMIN: - $l = 'Administrator'; - break; - } - $strings['USER_LEVEL'] = $l; unset($l); - - // The actual comment data - $strings['DATA'] = RenderMan::render($comment['text']); - - // Edit link - $strings['EDIT_LINK'] = 'edit'; - - // Delete link - $strings['DELETE_LINK'] = 'delete'; - - // Send PM link - $strings['SEND_PM_LINK'] = ( $session->user_logged_in && $comment['user_id'] > 0 ) ? 'Send private message' : ''; - - // Add Buddy link - $strings['ADD_BUDDY_LINK'] = ( $session->user_logged_in && $comment['user_id'] > 0 ) ? 'Add Buddy' : ''; - - // Mod links - $applink = ''; - $applink .= ''; - if($comment['approved']) $applink .= 'Unapprove'; - else $applink .= 'Approve'; - $applink .= ''; - $strings['MOD_APPROVE_LINK'] = $applink; - unset($applink); - $strings['MOD_DELETE_LINK'] = 'Delete'; - - // Signature - $strings['SIGNATURE'] = ''; - if($comment['signature'] != '') $strings['SIGNATURE'] = RenderMan::render($comment['signature']); - - $bool['auth_mod'] = $auth_mod; - $bool['can_edit'] = $auth_edit; - $bool['signature'] = ( $strings['SIGNATURE'] == '' ) ? false : true; - - $tpl->assign_vars($strings); - $tpl->assign_bool($bool); - echo $tpl->run(); - } - - $sn = $session->user_logged_in ? $session->username . '' : ''; - if(getConfig('comments_need_login') == '1') - { - $session->kill_captcha(); - $captcha = $session->make_captcha(); - } - $captcha = ( getConfig('comments_need_login') == '1' && !$session->user_logged_in ) ? 'Visual confirmation:
Please enter the code you see on the right.Visual confirmation
Code:
' : ''; - - echo '
- '.EnanoPress_Separator().' -
- - - - '.$captcha.' - - -
Your name or screen name:'.$sn.'
Comment subject:
Comment text:
(most HTML will be stripped)
-
-
- -'; - - $ret = ob_get_contents(); - ob_end_clean(); - return $ret; -} - -function page_Admin_EnanoPress() -{ - global $db, $session, $paths, $template, $plugins; if($session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN) { header('Location: '.makeUrl($paths->nslist['Special'].'Administration'.urlSeparator.'noheaders')); die('Hacking attempt'); } - echo '

Coming soon!

'; -} - -?> \ No newline at end of file diff -r 2b2084ca1e60 -r 0b3a0aedfd53 plugins/Newsboy.php --- a/plugins/Newsboy.php Wed Jun 13 16:59:00 2007 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1033 +0,0 @@ -attachHook('acl_rule_init', 'NewsBoy_namespace_setup($this);'); - -// Hook into page rendering -$plugins->attachHook('page_not_found', 'NewsBoy_namespace_handler();'); -$plugins->attachHook('send_page_footers', 'NewsBoy_PortalLink();'); - -// String to determine page type string -$plugins->attachHook('page_type_string_set', 'NewsBoy_set_page_string();'); - -// Attach to the Feed Me plugin, if it's loaded (if not, the feed handler simply won't get called) -$plugins->attachHook('feed_me_request', 'NewsBoy_feed_handler($mode);'); - -function NewsBoy_namespace_setup(&$paths) -{ - $paths->create_namespace('NewsBoy', 'News:'); - $paths->addAdminNode('Newsboy portal', 'Configuration', 'NewsboyConfiguration'); - $paths->addAdminNode('Newsboy portal', 'Manage news items', 'NewsboyItemManager'); - - global $db, $session, $paths, $template, $plugins; // Common objects - - $session->acl_extend_scope('read', 'NewsBoy', $paths); - $session->acl_extend_scope('post_comments', 'NewsBoy', $paths); - $session->acl_extend_scope('edit_comments', 'NewsBoy', $paths); - $session->acl_extend_scope('edit_page', 'NewsBoy', $paths); - $session->acl_extend_scope('view_source', 'NewsBoy', $paths); - $session->acl_extend_scope('mod_comments', 'NewsBoy', $paths); - $session->acl_extend_scope('history_view', 'NewsBoy', $paths); - $session->acl_extend_scope('history_rollback', 'NewsBoy', $paths); - $session->acl_extend_scope('history_rollback_extra', 'NewsBoy', $paths); - $session->acl_extend_scope('protect', 'NewsBoy', $paths); - $session->acl_extend_scope('rename', 'NewsBoy', $paths); - $session->acl_extend_scope('clear_logs', 'NewsBoy', $paths); - $session->acl_extend_scope('vote_delete', 'NewsBoy', $paths); - $session->acl_extend_scope('vote_reset', 'NewsBoy', $paths); - $session->acl_extend_scope('delete_page', 'NewsBoy', $paths); - $session->acl_extend_scope('set_wiki_mode', 'NewsBoy', $paths); - $session->acl_extend_scope('password_set', 'NewsBoy', $paths); - $session->acl_extend_scope('password_reset', 'NewsBoy', $paths); - $session->acl_extend_scope('mod_misc', 'NewsBoy', $paths); - $session->acl_extend_scope('edit_cat', 'NewsBoy', $paths); - $session->acl_extend_scope('even_when_protected', 'NewsBoy', $paths); - $session->acl_extend_scope('upload_files', 'NewsBoy', $paths); - $session->acl_extend_scope('upload_new_version', 'NewsBoy', $paths); - $session->acl_extend_scope('create_page', 'NewsBoy', $paths); - $session->acl_extend_scope('php_in_pages', 'NewsBoy', $paths); - $session->acl_extend_scope('edit_acl', 'NewsBoy', $paths); - -} - -function NewsBoy_namespace_handler() -{ - global $db, $session, $paths, $template, $plugins; // Common objects - - if ( defined('ENANO_FEEDBURNER_INCLUDED') ) - { - $template->add_header(''); - } - - if ( $paths->namespace != 'NewsBoy' ) - return; - - $chk = $paths->page; - $chk1 = substr($chk, 0, ( strlen($paths->nslist['NewsBoy']) + 8 )); - $chk2 = substr($chk, 0, ( strlen($paths->nslist['NewsBoy']) + 7 )); - - if ( $paths->cpage['urlname_nons'] == 'Portal' || $paths->cpage['urlname_nons'] == 'Archive' || $chk1 == $paths->nslist['NewsBoy'] . 'Archive/' || $chk2 == $paths->nslist['NewsBoy'] . 'Archive' ) - { - - // Add admin opener Javascript function - $template->add_header(' - '); - - $x = getConfig('nb_portal_title'); - - $template->tpl_strings['PAGE_NAME'] = ( $paths->cpage['urlname_nons'] == 'Portal' ) ? - ( ( empty($x) ) ? - 'Welcome to ' . getConfig('site_name') : - $x ) : - 'News Archive'; - - if ( !$session->get_permissions('read') ) - { - die_friendly('Access denied', '
Access to this page is denied.
This may be because you are not logged in or you have not met certain criteria for viewing this page.
'); - } - - $paths->cpage['comments_on'] = 0; - - $template->header(); - ( $paths->cpage['urlname_nons'] == 'Portal' ) ? NewsBoy_portal() : NewsBoy_archive(); - $template->footer(); - } -} - -function NewsBoy_set_page_string() -{ - global $db, $session, $paths, $template, $plugins; // Common objects - if ( $paths->namespace == 'NewsBoy' ) - { - if ( $paths->cpage['urlname_nons'] == 'Portal' ) - { - $template->namespace_string = 'portal'; - - // block editing - $perm_arr = Array('edit_page' => AUTH_DENY, 'view_source' => AUTH_DENY); - $session->acl_merge_with_current($perm_arr, false, 2); - } - else - { - $template->namespace_string = 'news item'; - } - } -} - -function NewsBoy_format_title($title) -{ - $title = strtolower($title); - $title = preg_replace('/\W/', '-', $title); - $title = preg_replace('/([-]+)/', '-', $title); - $title = trim($title, '-'); - return $title; -} - -function NewsBoy_feed_handler($mode) -{ - global $db, $session, $paths, $template, $plugins; // Common objects - - if ( $mode != 'news' ) - return; - - $limit = ( $x = $paths->getParam(1) ) ? $x : 20; - $limit = intval($limit); - if ( $limit > 50 ) - $limit = 50; - - $title = getConfig('site_name') . ': Site news'; - - $x = getConfig('nb_portal_title'); - $desc = ( empty($x) ) ? 'Welcome to ' . getConfig('site_name') : $x; - - $link = makeUrlComplete('NewsBoy', 'Portal'); - $generator = 'Enano CMS ' . enano_version() . ' - NewsBoy plugin'; - $email = getConfig('contact_email'); - - $rss = new RSS($title, $desc, $link, $generator, $email); - - $sql = 'SELECT p.*, l.time_id, l.author, u.user_level,COUNT(c.comment_id) AS num_comments,t.page_text FROM '.table_prefix.'pages AS p - LEFT JOIN '.table_prefix.'comments AS c - ON ( c.page_id=p.urlname AND c.namespace=p.namespace ) - LEFT JOIN '.table_prefix.'logs AS l - ON ( l.page_id=p.urlname AND l.namespace=p.namespace ) - LEFT JOIN '.table_prefix.'users AS u - ON ( u.username=l.author ) - LEFT JOIN '.table_prefix.'page_text AS t - ON ( t.page_id=p.urlname AND t.namespace=p.namespace ) - WHERE p.namespace=\'NewsBoy\' - AND l.action=\'create\' - AND p.urlname REGEXP \'^([0-9]+)$\' - AND p.visible=1 - GROUP BY p.urlname - ORDER BY urlname DESC - LIMIT '.$limit.';'; - - $q = $db->sql_unbuffered_query($sql); - - if ( !$q ) - $db->_die(); - - $formatter = new NewsBoyFormatter(); - - if ( $row = $db->fetchrow() ) - { - do { - - $title = $row['name']; - $link = makeUrlComplete('NewsBoy', $row['urlname']); - $desc = RenderMan::render($row['page_text']); - $time = intval($row['urlname']); - - $rss->add_item($title, $link, $desc, $time); - - } while ( $row = $db->fetchrow() ); - } - else - { - $rss->add_item('Error', $link, 'No news items yet.', time()); - } - - echo $rss->render(); - -} - -function NewsBoy_portal() -{ - global $db, $session, $paths, $template, $plugins; // Common objects - - $news_template = << - - - - - - - - - - -
{TITLE}
- {CONTENT} -
- Posted by {USER_LINK} on {DATE}
- [ {NUM_COMMENTS} comment{COMMENT_S} | {COMMENT_LINK} ] -
- -TPLCODE; - - /* - $p = RenderMan::strToPageID(getConfig('main_page')); - if ( $p[1] != 'NewsBoy' ) - { - echo RenderMan::getPage($p[0], $p[1]); - } - else - { */ - /* - $s = $paths->nslist['NewsBoy'] . 'Announce'; - if ( isPage($s) ) - { - $p = RenderMan::getPage('Announce', 'NewsBoy'); - echo $p; - } - /* } */ - - $s = $paths->nslist['NewsBoy'] . 'Announce'; - $announce_page = getConfig('nb_announce_page'); - if ( !empty($announce_page) && isPage($announce_page) ) - { - $s = $announce_page; - } - else if ( !isPage($s) ) - { - $s = false; - } - if ( $s ) - { - $stuff = RenderMan::strToPageID($s); - $p = RenderMan::getPage($stuff[0], $stuff[1]); - echo $p; - } - - echo '

Latest news

'; - - $q = $db->sql_unbuffered_query('SELECT p.*, COUNT(c.comment_id) AS num_comments, t.page_text, l.time_id, l.author, u.user_level FROM '.table_prefix.'pages AS p - LEFT JOIN '.table_prefix.'comments AS c - ON ( c.page_id=p.urlname AND c.namespace=p.namespace ) - LEFT JOIN '.table_prefix.'page_text AS t - ON ( t.page_id=p.urlname AND t.namespace=p.namespace ) - LEFT JOIN '.table_prefix.'logs AS l - ON ( l.page_id=p.urlname AND l.namespace=p.namespace ) - LEFT JOIN '.table_prefix.'users AS u - ON ( u.username=l.author OR u.user_id=1 ) - WHERE p.namespace=\'NewsBoy\' - AND l.action=\'create\' - AND p.urlname!=\'Announce\' - AND p.visible=1 - GROUP BY p.urlname - ORDER BY urlname DESC;'); - if ( !$q ) - $db->_die(); - - if ( $row = $db->fetchrow() ) - { - $i = 0; - $parser = $template->makeParserText($news_template); - do - { - if ( $i < 5 ) - { - $title = htmlspecialchars($row['name']); - $content = RenderMan::render($row['page_text']); - if ( strlen($content) > 400 ) - { - $content = nb_trim_paragraph($content, 400, $trimmed); - } - if ( $trimmed ) - { - $content .= ' Read more...'; - } - $user_link = nb_make_username_link($row['author'], $row['user_level']); - $date = date('F d, Y h:i:s a', $row['urlname']); - $num_comments = $row['num_comments']; - $comment_s = ( $num_comments == 1 ) ? '' : 's'; - $comment_link = 'add a comment'; - $parser->assign_vars(array( - 'TITLE' => $title, - 'LINK' => makeUrlNS('NewsBoy', $row['urlname']), - 'CONTENT' => $content, - 'USER_LINK' => $user_link, - 'DATE' => $date, - 'NUM_COMMENTS' => $num_comments, - 'COMMENT_S' => $comment_s, - 'COMMENT_LINK' => $comment_link - )); - echo $parser->run(); - } - else - { - echo '

Older news...

'; - break; - } - $i++; - } while ( $row = $db->fetchrow() ); - } - else - { - echo '

No news items yet.

'; - } - if ( $session->user_level >= USER_LEVEL_ADMIN ) - { - echo '
- - - - - - -
Administrative tools:Edit announcement »Portal Administration
-

'; - } -} - -/** - * Formats row data in the archive. - * @package Enano - * @subpackage Newsboy - * @license GNU General Public License - */ - -class NewsBoyFormatter -{ - function article_link($name, $row) - { - $article_link = '' . $row['name'] . ''; - return $article_link; - } - function format_date($date, $row) - { - $date = date('Y-m-j g:m', intval ( $date )); - return $date; - } - function format_username($x, $row) - { - $ul = intval($row['user_level']); - $author = nb_make_username_link($row['author'], $ul); - return $author; - } - function format_commentlink($x, $row) - { - $comments = '' . $row['num_comments'] . ''; - return $comments; - } -} - -function NewsBoy_archive() -{ - global $db, $session, $paths, $template, $plugins; // Common objects - - $lower_limit = ( isset($_GET['start']) ) ? intval($_GET['start']) : ( ( $xx = $paths->getParam(0) ) ? intval($xx) : 0 ); - $entries_per_page = 50; - - $row_count = $entries_per_page + 1; - - // Determine number of total news entries - $q = $db->sql_query('SELECT urlname FROM '.table_prefix.'pages WHERE namespace=\'NewsBoy\' AND urlname REGEXP \'^([0-9]+)$\' AND visible=1;'); - if ( !$q ) - $db->_die(); - $r = $db->fetchrow(); - $num_total = intval($db->numrows()); - $db->free_result(); - - if ( $lower_limit >= $num_total ) - $lower_limit = 0; - - $sql = 'SELECT p.*, l.time_id, l.author, u.user_level,COUNT(c.comment_id) AS num_comments FROM '.table_prefix.'pages AS p - LEFT JOIN '.table_prefix.'comments AS c - ON ( c.page_id=p.urlname AND c.namespace=p.namespace ) - LEFT JOIN '.table_prefix.'logs AS l - ON ( l.page_id=p.urlname AND l.namespace=p.namespace ) - LEFT JOIN '.table_prefix.'users AS u - ON ( u.username=l.author ) - WHERE p.namespace=\'NewsBoy\' - AND l.action=\'create\' - AND p.urlname REGEXP \'^([0-9]+)$\' - AND p.visible=1 - GROUP BY p.urlname - ORDER BY urlname DESC;'; - - $q = $db->sql_unbuffered_query($sql); - - if ( !$q ) - $db->_die(); - - $formatter = new NewsBoyFormatter(); - - $callers = Array( - 'name' => Array($formatter, 'article_link'), - 'urlname' => Array($formatter, 'format_date'), - 'author' => Array($formatter, 'format_username'), - 'num_comments' => Array($formatter, 'format_commentlink') - ); - - $head = '
- - - - '; - $foot = "
ArticleDateAuthorComments
"; - - $content = paginate($q, "\n".'{name}{urlname}{author}{num_comments}', - $num_total, makeUrlNS('NewsBoy', 'Archive/%s'), $lower_limit, 20, $callers, $head, $foot); - echo $content; - - $code = $plugins->setHook('send_page_footers'); - foreach ( $code as $cmd ) - { - eval($cmd); - } - -} - -function nb_make_username_link($username, $user_level) -{ - $color = '#0000AA'; - $user_level = intval($user_level); - if ( $user_level < USER_LEVEL_MEMBER ) return $username; - if ( $user_level >= USER_LEVEL_MOD ) $color = '#00AA00'; - if ( $user_level >= USER_LEVEL_ADMIN ) $color = '#AA0000'; - $link = '' . $username . ''; - return $link; -} - -function NewsBoy_PortalLink() -{ - global $db, $session, $paths, $template, $plugins; // Common objects - if ( $paths->namespace == 'NewsBoy' ) - echo '
« Return to News Portal

'; -} - -// Administration panel -function page_Admin_NewsboyItemManager() -{ - global $db, $session, $paths, $template, $plugins; if($session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN) { redirect(makeUrlNS('Special', 'Administration', 'noheaders', true), '', '', 0); die('Hacking attempt'); } - - $done = false; - - if ( isset( $_GET['act'] ) ) - { - switch ( $_GET['act'] ) - { - case 'edit': - - // Error list - $errors = Array(); - - if ( isset ( $_POST['submitting'] ) ) - { - // Generate timestamp - $year = intval($_POST['pub_year']); - $month = intval($_POST['pub_month']); - $day = intval($_POST['pub_day']); - $hour = intval($_POST['pub_hour']); - $minute = intval($_POST['pub_minute']); - $second = intval($_POST['pub_second']); - - // Validation - if ( $year < 1500 || $year > 10000 ) - $errors[] = 'Invalid year.'; - - if ( $month < 1 || $month > 12 ) - $errors[] = 'Invalid month.'; - - if ( $day < 1 || $day > 31 ) - $errors[] = 'Invalid day.'; - - if ( $hour < 0 || $hour > 23 ) - $errors[] = 'Invalid hour.'; - - if ( $minute < 0 || $minute > 60 ) - $errors[] = 'Invalid minute.'; - - if ( $second < 0 || $second > 60 ) - $errors[] = 'Invalid second.'; - - $name = $_POST['article_name']; - $name = $db->escape($name); - - $author = $_POST['author']; - $author = $db->escape($author); - - if ( count($errors) < 1 ) - { - $time = mktime($hour, $minute, $second, $month, $day, $year); - } - - if ( isset($paths->pages[ $paths->nslist['NewsBoy'] . $time ]) && $paths->pages[ $paths->nslist['NewsBoy'] . $time ] != $paths->pages[ $paths->nslist['NewsBoy'] . $_POST['page_id'] ] ) - $errors[] = 'You cannot have two news articles with the same publish time.'; - - if ( count($errors) < 1 ) - { - $publ = ( isset($_POST['published']) ) ? '1' : '0'; - $sql = 'UPDATE '.table_prefix.'pages SET name=\'' . $name . '\',visible='.$publ.',urlname=\''.$time.'\' WHERE urlname=\'' . $db->escape($_POST['page_id']) . '\' AND namespace=\'NewsBoy\';'; - $q = $db->sql_query($sql); - - if ( !$q ) - $db->_die(); - - // Update author - $q = $db->sql_query('UPDATE '.table_prefix.'logs SET author=\'' . $author . '\' WHERE page_id=\'' . $db->escape($_POST['page_id']) . '\' AND namespace=\'NewsBoy\' AND action=\'create\';'); - - if ( !$q ) - $db->_die(); - - // Update other tables with urlname info - $q = $db->sql_query('UPDATE '.table_prefix.'logs SET page_id=\'' . $time . '\' WHERE page_id=\'' . $db->escape($_POST['page_id']) . '\' AND namespace=\'NewsBoy\';'); - if ( !$q ) - $db->_die(); - - $q = $db->sql_query('UPDATE '.table_prefix.'comments SET page_id=\'' . $time . '\' WHERE page_id=\'' . $db->escape($_POST['page_id']) . '\' AND namespace=\'NewsBoy\';'); - if ( !$q ) - $db->_die(); - - $q = $db->sql_query('UPDATE '.table_prefix.'page_text SET page_id=\'' . $time . '\' WHERE page_id=\'' . $db->escape($_POST['page_id']) . '\' AND namespace=\'NewsBoy\';'); - if ( !$q ) - $db->_die(); - - $q = $db->sql_query('UPDATE '.table_prefix.'categories SET page_id=\'' . $time . '\' WHERE page_id=\'' . $db->escape($_POST['page_id']) . '\' AND namespace=\'NewsBoy\';'); - if ( !$q ) - $db->_die(); - - echo '
Your changes have been saved.
'; - - break; - } - } - - if ( count($errors) > 0 ) - echo '
Errors encountered while saving data:
  • ' . implode('
  • ', $errors) . '
'; - - // Obtain page information - if ( !isset($paths->pages[ $paths->nslist['NewsBoy'] . $_GET['id'] ]) ) - { - echo 'Invalid ID'; - return false; - } - $page_info =& $paths->pages[ $paths->nslist['NewsBoy'] . $_GET['id'] ]; - $time = intval($page_info['urlname_nons']); - - // Get author - $q = $db->sql_query('SELECT author FROM '.table_prefix.'logs WHERE page_id=\'' . $db->escape($page_info['urlname_nons']) . '\' AND namespace=\'NewsBoy\' AND action=\'create\' ORDER BY time_id DESC LIMIT 1;'); - - if ( !$q ) - $db->_die(); - - $row = $db->fetchrow(); - $author = ( isset($row['author']) ) ? $row['author'] : ''; - if ( empty($author) ) - $author = 'Anonymous'; - - // Set date & time - $month = date('n', $time); - $year = date('Y', $time); - $day = date('j', $time); - $hour = date('G', $time); - $minute = date('m', $time); - $second = date('s', $time); - - echo '
'; - echo '
- - - - - - - - - - - - - - - - - - - - - -
Editing news article
Article name:
Published date: - - - , time: -  :  : 
- Note: Hours are in 24-hour format. -
Publish article:
Article author:' . $template->username_field('author', $author) . '
- Save changes  Return to main menu -
-
- - '; - echo '
'; - $done = true; - break; - case 'del': - if ( isset( $_POST['confirmed'] ) ) - { - $page_id = $_POST['page_id']; - $namespace = 'NewsBoy'; - - $e = $db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'delete\', \''.$page_id.'\', \''.$namespace.'\', \''.$session->username.'\')'); - if(!$e) $db->_die('The page log entry could not be inserted.'); - $e = $db->sql_query('DELETE FROM '.table_prefix.'categories WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\''); - if(!$e) $db->_die('The page categorization entries could not be deleted.'); - $e = $db->sql_query('DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\''); - if(!$e) $db->_die('The page comments could not be deleted.'); - $e = $db->sql_query('DELETE FROM '.table_prefix.'page_text WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\''); - if(!$e) $db->_die('The page text entry could not be deleted.'); - $e = $db->sql_query('DELETE FROM '.table_prefix.'pages WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\''); - if(!$e) $db->_die('The page entry could not be deleted.'); - $e = $db->sql_query('DELETE FROM '.table_prefix.'files WHERE page_id=\''.$page_id.'\''); - if(!$e) $db->_die('The file entry could not be deleted.'); - - $result = 'This page has been deleted. Note that there is still a log of edits and actions in the database, and anyone with admin rights can raise this page from the dead unless the log is cleared. If the deleted file is an image, there may still be cached thumbnails of it in the cache/ directory, which is inaccessible to users.'; - - echo $result . '
-
- Return to Newsboy'; - } - else - { - echo '
'; - echo '
- - - - - - - - - - -
Confirm deletion
-

Are you sure you want to delete this news article?

-
- Delete  Cancel -
-
- - '; - echo '
'; - } - $done = true; - break; - case 'create': - - // Error list - $errors = Array(); - - if ( isset ( $_POST['submitting'] ) ) - { - // Generate timestamp - $year = intval($_POST['pub_year']); - $month = intval($_POST['pub_month']); - $day = intval($_POST['pub_day']); - $hour = intval($_POST['pub_hour']); - $minute = intval($_POST['pub_minute']); - $second = intval($_POST['pub_second']); - - // Validation - if ( $year < 1500 || $year > 10000 ) - $errors[] = 'Invalid year.'; - - if ( $month < 1 || $month > 12 ) - $errors[] = 'Invalid month.'; - - if ( $day < 1 || $day > 31 ) - $errors[] = 'Invalid day.'; - - if ( $hour < 0 || $hour > 23 ) - $errors[] = 'Invalid hour.'; - - if ( $minute < 0 || $minute > 60 ) - $errors[] = 'Invalid minute.'; - - if ( $second < 0 || $second > 60 ) - $errors[] = 'Invalid second.'; - - $name = $_POST['article_name']; - $name = $db->escape($name); - - $author = $_POST['author']; - $author = $db->escape($author); - - if ( count($errors) < 1 ) - { - $time = mktime($hour, $minute, $second, $month, $day, $year); - } - - if ( isset($paths->pages[ $paths->nslist['NewsBoy'] . $time ]) && $paths->pages[ $paths->nslist['NewsBoy'] . $time ] != $paths->pages[ $paths->nslist['NewsBoy'] . $_POST['page_id'] ] ) - $errors[] = 'You cannot have two news articles with the same publish time.'; - - if ( count($errors) < 1 ) - { - $publ = ( isset($_POST['published']) ) ? 1 : 0; - $result = PageUtils::createpage( (string)$time, 'NewsBoy', $name, $publ ); - - // Set content - $content = RenderMan::preprocess_text($_POST['content'], true); // this also SQL-escapes it - - $q = $db->sql_query('UPDATE '.table_prefix.'page_text SET page_text=\'' . $content . '\' WHERE page_id=\'' . $time . '\' AND namespace=\'NewsBoy\';'); - if ( !$q ) - $db->_die(); - - if ( $result ) - echo '
Your changes have been saved.
'; - else - $errors[] = 'PageUtils::createpage returned an error.'; - - break; - } - } - - if ( count($errors) > 0 ) - echo '
Errors encountered while preparing data:
  • ' . implode('
  • ', $errors) . '
'; - - $time = time();; - - // Get author - $author = $session->username; - - if ( empty($author) ) - $author = 'Anonymous'; - - // Set date & time - $month = date('n', $time); - $year = date('Y', $time); - $day = date('j', $time); - $hour = date('G', $time); - $minute = date('m', $time); - $second = date('s', $time); - - echo '
'; - echo '
- - - - - - - - - - - - - - - - - - - - - - - -
Creating news article
Article name:
Published datestamp: - - - , time: -  :  : 
- Note: Hours are in 24-hour format. -
Publish article:
Article author:' . $template->username_field('author', $author) . '
Initial content:
You can always edit this later.
- Create article  Return to main menu -
-
- '; - echo '
'; - - $done = true; - break; - } - } - - if ( !$done ) - { - - // Start output - echo '
- - - - - - '; - - $row_class = 'row2'; - - // List existing news entries - $q = $db->sql_query('SELECT name,urlname FROM '.table_prefix.'pages WHERE namespace="NewsBoy" AND urlname!="Announce" ORDER BY name ASC;'); - - if ( !$q ) - $db->_die(); - - if ( $row = $db->fetchrow($q) ) - { - do { - $row_class = ( $row_class == 'row1' ) ? 'row2' : 'row1'; - $ts = intval($row['urlname']); - $date = date('F d, Y h:i a', $ts); - $edit_url = makeUrlNS('Special', 'Administration', "module={$paths->cpage['module']}&act=edit&id={$row['urlname']}", true); - $dele_url = makeUrlNS('Special', 'Administration', "module={$paths->cpage['module']}&act=del&id={$row['urlname']}", true); - $page_url = makeUrlNS('NewsBoy', $row['urlname']); - echo " - - - - - - "; - } while ( $row = $db->fetchrow($q) ); - } - else - { - echo ''; - } - echo ' -
NameDate publishedActions
- {$row['name']} - - $date - - Settings - - Page - - Delete -
No news items yet.
cpage['module']}&act=create", true) . '" style="color: inherit;">Create new entry
'; - $db->free_result(); - - } - -} - -function page_Admin_NewsboyConfiguration() -{ - global $db, $session, $paths, $template, $plugins; if($session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN) { redirect(makeUrlNS('Special', 'Administration', 'noheaders', true), '', '', 0); die('Hacking attempt'); } - if ( isset($_POST['submit']) ) - { - setConfig('nb_portal_title', $_POST['portal_name']); - if ( isPage($_POST['announce_page']) ) - setConfig('nb_announce_page', $_POST['announce_page']); - else - setConfig('nb_announce_page', ''); - // Submit - echo '
Your changes have been saved.
'; - } - echo '
'; - echo '
- - - - - - - - - - - - - - - -
- Newsboy portal: General configuration -
- Portal title:
- This is the text that will be shown as the page title on the
- portal. If you don\'t enter anything here, a default will be used. -
- Page to embed as announcement:
- The page you enter here will always be shown at the top of the
- portal. The default is "' . $paths->nslist['NewsBoy'] . 'Announce". - 		- ' . $template->pagename_field('announce_page', htmlspecialchars(getConfig('nb_announce_page'))) . ' -
- -
-
'; - echo '
'; -} - -/** - * Trims a wad of text to the specified length. - * @todo make HTML friendly (don't break tags) - * @param string The text to trim - * @param int The maximum length to trim the text to. - * @param bool Reference. Set to true if the text was trimmed, otherwise set to false. - */ - -function nb_trim_paragraph($text, $len = 500, &$trimmed = false) -{ - $trimmed = false; - if ( strlen($text) <= $len ) - return $text; - $trimmed = true; - $text = substr($text, 0, $len); - for ( $i = $len; $i > 0; $i-- ) - { - $chr = $text{$i-1}; - if ( preg_match('/[\s]/', $chr) ) - { - $text = substr($text, 0, $i - 1); - $text .= '...'; - return $text; - } - $text = substr($text, 0, $i); - } - return $text; -} - -?> diff -r 2b2084ca1e60 -r 0b3a0aedfd53 plugins/WhosOnline.php --- a/plugins/WhosOnline.php Wed Jun 13 16:59:00 2007 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,145 +0,0 @@ -sql_query('DROP TABLE IF EXISTS '.table_prefix.'online;') - ) $db->_die('Could not clean out old who\'s-online table'); - // The key on username allows the REPLACE command later, to save queries - if(!$db->sql_query('CREATE TABLE '.table_prefix.'online( - entry_id int(12) UNSIGNED NOT NULL auto_increment, - user_id int(12) NOT NULL, - username varchar(63) NOT NULL, - last_load int(12) NOT NULL, - PRIMARY KEY ( entry_id ), - KEY ( username ) - );') - ) $db->_die('Could not create new who\'s-online table'); - if(!$db->sql_query('CREATE UNIQUE INDEX '.table_prefix.'onluser ON '.table_prefix.'online(username);')) - $db->_die('Could not create index on username column.'); - setConfig('whos_online_version', '0.1'); -} - -$plugins->attachHook('session_started', '__WhosOnline_UserCount();'); -$plugins->attachHook('login_success', '__WhosOnline_logonhandler();'); -$plugins->attachHook('logout_success', '__WhosOnline_logoffhandler($ou, $oid, $level);'); - -function __WhosOnline_UserCount() -{ - global $db, $session, $paths, $template, $plugins; // Common objects - global $whos_online; - $whos_online = Array(); - $whos_online['users'] = Array(); - $whos_online['guests'] = Array(); - $q = $db->sql_query('REPLACE INTO '.table_prefix.'online SET user_id='.$session->user_id.',username=\''.$db->escape($session->username).'\',last_load='.time().';'); if(!$q) $db->_die(''); - $q = $db->sql_query('DELETE FROM '.table_prefix.'online WHERE last_load<'.( time() - 60*60*24 ).';'); if(!$q) $db->_die(''); - $q = $db->sql_query('SELECT o.username,o.user_id,u.user_level FROM '.table_prefix.'online AS o - LEFT JOIN '.table_prefix.'users AS u - ON u.user_id=o.user_id - WHERE last_load>'.( time() - 60*5 - 1 ).' ORDER BY username ASC'); if(!$q) $db->_die(''); - $num_guests = 0; - $num_users = 0; - $users = Array(); - while ( $row = $db->fetchrow() ) - { - ( $row['user_id'] == 1 ) ? $num_guests++ : $num_users++; - if($row['user_id'] > 1) - { - switch($row['user_level']) - { - case USER_LEVEL_MEMBER: - default: - $color = '303030'; - $weight = 'normal'; - break; - case USER_LEVEL_MOD: - $color = '00AA00'; - $weight = 'bold'; - break; - case USER_LEVEL_ADMIN: - $color = 'AA0000'; - $weight = 'bold'; - break; - } - $users[] = "{$row['username']}"; - $whos_online['users'][] = $row['username']; - } - else - { - $whos_online['guests'][] = $row['username']; - } - } - $total = $num_guests + $num_users; - $ms = ( $num_users == 1 ) ? '' : 's'; - $gs = ( $num_guests == 1 ) ? '' : 's'; - $ts = ( $total == 1 ) ? '' : 's'; - $is_are = ( $total == 1 ) ? 'is' : 'are'; - $users = implode(', ', $users); - $online_main = ( $num_users > 0 ) ? "
- Users online right now: -
- $users -
- Legend:
Moderators :: Administrators" - : ''; - $html = "
- - There $is_are $total user$ts online :: $num_guests guest$gs and $num_users member$ms - $online_main - -
"; - $template->sidebar_widget('Who\'s Online', $html); -} - -function __WhosOnline_logonhandler() -{ - global $db, $session, $paths, $template, $plugins; // Common objects - $q = $db->sql_query('DELETE FROM '.table_prefix.'online WHERE user_id=1 AND username=\''.$db->escape($_SERVER['REMOTE_ADDR']).'\';'); - if(!$q) - echo $db->get_error(); - if(!$session->theme) - $session->register_guest_session(); - $template->load_theme($session->theme, $session->style); - __WhosOnline_UserCount(); -} - -function __WhosOnline_logoffhandler($username, $user_id, $level) -{ - if($level <= USER_LEVEL_MEMBER) - { - global $db, $session, $paths, $template, $plugins; // Common objects - $q = $db->sql_query('DELETE FROM '.table_prefix.'online WHERE user_id=\''.intval($user_id).'\' AND username=\''.$db->escape($username).'\';'); - if(!$q) - echo $db->get_error(); - $q = $db->sql_query('REPLACE INTO '.table_prefix.'online SET user_id=1,username=\''.$db->escape($_SERVER['REMOTE_ADDR']).'\',last_load='.time().';'); if(!$q) $db->_die(''); - if(!$q) - echo $db->get_error(); - } -} - -?> diff -r 2b2084ca1e60 -r 0b3a0aedfd53 plugins/ajim.php --- a/plugins/ajim.php Wed Jun 13 16:59:00 2007 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,107 +0,0 @@ -'#FFF', - 'sb_color_foreground'=>'#000', - ); - if(defined('ENANO_INSTALLED') || defined('MIDGET_INSTALLED')) - { - if(!isset($_GET['admin'])) - { - $plugins->attachHook('compile_template', 'AjIM_SideBar();'); - $plugins->attachHook('acl_rule_init', 'global $session; $session->register_acl_type(\'ajim_post\', AUTH_ALLOW, \'Submit AjIM posts\');'); - include(ajimServerPath . '/ajim.php'); - - function AjIM_SideBar() - { - global $db, $session, $paths, $template, $plugins; // Common objects - global $__ajim_config; - $paths->addAdminNode('Plugin configuration', 'AjIM configuration', 'AjIM_Config'); - $dir = getcwd(); - chdir(ENANO_ROOT); - include('config.php'); - chdir($dir); - unset($dir); - if($session->user_level >= USER_LEVEL_ADMIN) - { - $r = $db->sql_query('SELECT password FROM '.table_prefix.'users WHERE username=\''.$session->username.'\''); - $p = $db->fetchrow_num($r); - $admin = $p[0]; - } - else - { - $admin = false; - } - $__ajim_config['db_connection_handle'] = $db->_conn; - if(!$session->user_logged_in) - { - $__ajim_config['cant_post_notice'] = 'The administrator requires that you log in to post messages.'; - } - else - { - $__ajim_config['cant_post_notice'] = 'The administrator has disallowed message posting for your user account.'; - } - $canpost = ( $session->get_permissions('ajim_post') ) ? true : false; - $ajim = new ajim($__ajim_config, table_prefix, scriptPath.'/plugins/ajim.php', $admin, false, $canpost, array('RenderMan', 'render')); - $template->sidebar_widget('Shoutbox', $ajim->html(ajimClientPath)); - $template->additional_headers .= ''; - } - } - } elseif(isset($_GET['ajimmode'])) { - global $db, $session, $paths, $template, $plugins, $dbhost, $dbname, $dbuser, $dbpasswd; - require_once('../includes/common.php'); - require_once(ajimServerPath . '/ajim.php'); - header('HTTP/1.1 200 OK'); - define('ajimClientPath', scriptPath.'/ajim'); - if($session->user_level >= 2) { - $admin = $session->grab_password_hash(); - } else $admin = false; - require('../config.php'); - $canpost = (getConfig('ajim_require_login') != '1' || $session->user_logged_in) ? true : false; - $__ajim_config['db_connection_handle'] = $db->_conn; - $__ajim_config['cant_post_notice'] = 'The administrator requires that you log in to post messages.'; - $__ajim_config['allow_looping'] = true; - $ajim = new ajim($__ajim_config, table_prefix, scriptPath.'/plugins/ajim.php', $admin, $_GET['id'], $canpost, array('RenderMan', 'render')); - $db->close(); - exit; - } - - function page_Admin_AjIM_Config() - { - global $db, $session, $paths, $template, $plugins; // Common objects - if(isset($_POST['_save'])) - { - setConfig('ajim_require_login', ( isset($_POST['ajim_require_login']) ) ? '1' : '0'); - } - echo '
'; - ?> -

Configure AjIM, the Asynchronous Javascript Instant Messenger

-

Only one option right now...

-

-

- '; - } -} -?> diff -r 2b2084ca1e60 -r 0b3a0aedfd53 plugins/ajim/ajim.php --- a/plugins/ajim/ajim.php Wed Jun 13 16:59:00 2007 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,825 +0,0 @@ -'.$text); - } - /** - * Make a SQL query. This function contains some error correction that performs automatic database upgrades if needed. - * @param string $q - The query text to send to MySQL. - * @return resource - or, kills the connection and bails out if the query failed - */ - function sql($q) { - $r = mysql_query($q, $this->conn); - if(!$r) - { - if(strstr(mysql_error(), 'Unknown column \'time_id\'')) - { - $this->sql('ALTER TABLE '.$this->table_prefix.'ajim ADD COLUMN time_id int(11) NOT NULL DEFAULT 0;'); - $r = mysql_query($q, $this->conn); - } - elseif(strstr(mysql_error(), 'Unknown column \'sid\'')) - { - $this->sql('ALTER TABLE '.$this->table_prefix.'ajim ADD COLUMN sid varchar(40) NOT NULL DEFAULT \'\';'); - $r = mysql_query($q, $this->conn); - } - elseif(strstr(mysql_error(), 'Unknown column \'ip_addr\'')) - { - $this->sql('ALTER TABLE '.$this->table_prefix.'ajim ADD COLUMN ip_addr varchar(15) NOT NULL DEFAULT \'\';'); - $r = mysql_query($q, $this->conn); - } - $this->kill('Error during query:

'.htmlspecialchars($q).'

MySQL said: '.mysql_error().'

Depending on the error, AjIM may be able to automatically repair it. Just hang tight for about ten seconds. Whatever you do, don\'t close this browser window!'); - } - return $r; - } - /** - * Get the user's SID (unique ID used for editing authorization) or generate a new one. - * @return string - */ - function get_sid() - { - // Tag the user with a unique ID that can be used to edit posts - // This is used to essentially track users, but only for the purpose of letting them edit posts - if(!isset($_COOKIE['ajim_sid'])) - { - $hash = sha1(microtime()); - setcookie('ajim_sid', $hash, time()+60*60*24*365); // Cookies last for one year - } - else - $hash = $_COOKIE['ajim_sid']; - - return $hash; - } - /** - * Set the default value for a configuration field. - * @param string $key - name of the configuration key - * @param string $value - the default value - * @param array $confarray - needs to be the array passed as the first param on the constructor - */ - function config_default($key, $value, &$confarray) - { - if(!isset($confarray[$key])) - $confarray[$key] = $value; - } - /** - * Set up some basic vars and a database connection - * @param array $config - a configuration array, with either the key db_connection_handle (a valid MySQL connection resource) or the keys dbhost, dbname, dbuser, and dbpass - * @param string $table_prefix - the text prepended to the "ajim" table, should match ^([A-z0-9_]+)$ - * @param string $handler - URL to the backend script, for example in Enano this would be the plugin file plugins/ajim.php - * @param string $admin - string containing the MD5 hash of the user's password, IF AND ONLY IF the user should be allowed to use the moderation function. In all other cases this should be false. - * @param string $id - used to carry over the randomly generated instance ID between requests. Should be false if the class is being initialized for displaying the inital HTML, in all other cases should be the value of the class variable AjIM::$id - * @param bool $can_post - true if the user is allowed to post, false otherwise. Defaults to true. - * @param mixed $formatfunc - a string containing the name of a function that can be called to format text before posts are sent to the user. If you need to call a class method, this should be an array with key 0 being the class name and key 1 being the method name. - */ - function __construct($config, $table_prefix, $handler, $admin = false, $id = false, $can_post = true, $formatfunc = false) { - // CONFIGURATION - // $this->prune: a limit on the number of posts in the chat box. Usually this should be set to 40 or 50. Default is 40. - // Set to -1 to disable pruning. - $this->prune = -1; - - $this->get_sid(); - - if(!is_array($config)) - $this->kill('$config passed to the AjIM constructor should be an associative array with either the keys dbhost, dbname, dbuser, and dbpass, or the key db_connection_handle.'); - if(isset($config['db_connection_handle'])) - { - if(!is_resource($config['db_connection_handle'])) $this->kill('$config[\'db_connection_handle\'] is not a valid resource'); - $this->conn = $config['db_connection_handle']; - if(!$this->conn) $this->kill('Error verifying database connection: '.mysql_error()); - } elseif(isset($config['dbhost']) && isset($config['dbname']) && isset($config['dbuser']) && isset($config['dbpass'])) { - $this->conn = mysql_connect($config['dbhost'], $config['dbuser'], $config['dbpass']); - if(!$this->conn) $this->kill('Error connecting to the database: '.mysql_error()); - $this->sql('USE '.$config['dbname']); - } - - $this->bad_words = Array('viagra', 'phentermine', 'pharma', 'rolex', 'genital', 'penis', 'ranitidine', 'prozac', 'acetaminophen', 'acyclovir', 'ionamin', 'denavir', 'nizoral', 'zoloft', 'estradiol', 'didrex', 'aciphex', 'seasonale', 'allegra', 'lexapro', 'famvir', 'propecia', 'nasacort'); - if(isset($config['bad_words']) && is_array($config['bad_words'])) - { - $this->bad_words = array_values(array_merge($this->bad_words, $config['bad_words'])); - } - - // Don't change these values here - change them by passing values to the config array in this constructor's params! - $this->config_default('sb_color_background', '#FFFFFF', $config); - $this->config_default('sb_color_foreground', '#000000', $config); - $this->config_default('sb_color_editlink', '#00C000', $config); - $this->config_default('sb_color_deletelink', '#FF0000', $config); - $this->config_default('sb_color_userlink', '#0000FF', $config); - - $this->config = $config; - - if($id) $this->id = $id; - else $this->id = 'ajim_'.time(); - $this->admin = $admin; - $this->formatfunc = $formatfunc; - $this->can_post = $can_post; - $this->table_prefix = $table_prefix; - $this->sql('CREATE TABLE IF NOT EXISTS '.$this->table_prefix.'ajim( - post_id mediumint(8) NOT NULL auto_increment, - name text, - website text, - post text, - time_id int(11) NOT NULL DEFAULT 0, - PRIMARY KEY ( post_id ) - );'); - $this->iface = $handler; - if(isset($_GET['ajimmode'])) $this->handler(); - } - /** - * A dummy function used for PHP4 compatibility. - * @see AjIM::__construct() - */ - function ajim($config, $table_prefix, $handler, $admin = false, $id = false, $can_post = true, $formatfunc = false) { - $this->__construct($config, $table_prefix, $handler, $admin, $id, $can_post, $formatfunc); - } - /** - * Generates the initial HTML UI to be sent to the user, used internally. - * @access private - * @param string $ajimPath - path to the AjIM connector (not this file), relative to document root, with initial slash. - */ - function html($ajimPath) { - - $enstr = $this->can_post ? '' : ' disabled="disabled"'; - $html = ''; - $html .= ''; - if($this->admin) { - $html.= ''; - } - $html .= '
-
'; - // This is the post form div - if($this->can_post) - { - $html .= '
- - - - - - - - '; - $html .= '
Name:
Website:
Message:

- AjIM powered
- '; - if($this->admin) { - $html .= '
Administration
'; - } - $html.='
'; - } else { - $html .= '
'; - if(isset($this->config['cant_post_notice'])) { - $html .= '
'.$this->config['cant_post_notice'].'
'; - } - $html .= '
'; - } - $html.=''; - - return $html; - } - /** - * Kills the database connection - */ - function destroy() { - mysql_close($this->conn); - } - /** - * Strips all traces of HTML, XML, and PHP from text, and prepares it for being inserted into a MySQL database. - * @access private - * @param string $text - the text to sanitize - * @return string - */ - function sanitize($text) { - $text = rawurldecode($text); - $text = preg_replace('#<(.*?)>#is', '<\\1>', $text); - $text = str_replace("\n", '
', $text); - $text = mysql_real_escape_string($text); - return $text; - } - /** - * Scrutinizes a string $text for any traces of the word $word, returns true if the text is clean. - * For example, if $word is "viagra" and the text contains "\/|@6r/\" this returns false, else you would get true. - * @access private - * @param string $text - the text to check - * @param string $word - word to look for. - * @return bool - */ - function spamcheck($text, $word) - { - // build an array, with each key containing one letter (equiv. to str_split() in PHP 5) - $chars = Array(); - for($i=0;$i'a|\/\\\\|@', - 'b'=>'b|\|o', - 'c'=>'c|\(|', - 'd'=>'d|o\|', - 'e'=>'e|3', - 'f'=>'f', - 'g'=>'g|6|9', - 'h'=>'h|\|n', - 'i'=>'i|\!|1|\|', - 'j'=>'j|\!|1|\|', - 'k'=>'k|\|<|\|<', - 'l'=>'l|\!|1|\|', - 'm'=>'m|nn|rn', - 'n'=>'n|h|u\\|\\\\\|', - 'o'=>'o|\(\)|0|@', - 'p'=>'p', - 'q'=>'q', - 'r'=>'r|\|\^', - 's'=>'s', - 't'=>'t|\+', - 'u'=>'u|n', - 'v'=>'v|\\\\\/', // "\/" - 'w'=>'w|vv|\\\\\/\\\\\/', // allows for "\/\/" - 'x'=>'x|><|><|><|><', - 'y'=>'y', - 'z'=>'z|\|\\\\\|' // |\| - ); - $regex = '#([\s]){0,1}'; - foreach($chars as $c) - { - $lc = strtolower($c); - if(isset($subs[$lc])) - { - $regex .= '('.$subs[$lc].')'; - } else { - die('0 $subs['.$lc.'] is not set'); - $regex .= preg_quote($c); - } - $regex .= '(.|)'; - } - $regex .= '([\s]){0,1}#is'; - //echo($word.': '.$regex.'
'); - if(preg_match($regex, $text)) return false; - return true; - } - /** - * Processes AJAX requests. Usually called if $_GET['ajimmode'] is set. - * @access private - */ - function handler() { - if(isset($_GET['ajimmode'])) { - switch($_GET['ajimmode']) { - default: - die(''); - break; - case 'getsource': - case 'getpost': - if(!preg_match('#^([0-9]+)$#', $_GET['p'])) die('SQL injection attempt'); - $q = $this->sql('SELECT post,sid,ip_addr FROM '.$this->table_prefix.'ajim WHERE post_id='.$_GET['p']); - $r = mysql_fetch_assoc($q); - if( ( ( isset($_GET['ajim_auth']) && (!$this->admin || ($this->admin != $_GET['ajim_auth']) ) ) || !isset($_GET['ajim_auth']) ) && ( $this->get_sid() != $r['sid'] || $_SERVER['REMOTE_ADDR'] != $r['ip_addr'] ) ) die('Hacking attempt'); - if($_GET['ajimmode']=='getpost') - if($this->formatfunc) - { - $p = @call_user_func($this->formatfunc, $r['post']); - if($p) $r['post'] = $p; - unset($p); // Free some memory - } - echo $r['post']; - break; - case "savepost": - if(!preg_match('#^([0-9]+)$#', $_POST['p'])) die('SQL injection attempt'); - $q = $this->sql('SELECT sid,ip_addr FROM '.$this->table_prefix.'ajim WHERE post_id='.$_POST['p']); - $r = mysql_fetch_assoc($q); - if( ( ( isset($_POST['ajim_auth']) && (!$this->admin || ($this->admin != $_POST['ajim_auth']) ) ) || !isset($_POST['ajim_auth']) ) && ( $this->get_sid() != $r['sid'] || $_SERVER['REMOTE_ADDR'] != $r['ip_addr'] ) ) die('Hacking attempt'); - $post = $this->sanitize($_POST['post']); - $post = $this->make_clickable($post); - $post = preg_replace('#_(.*?)_#is', '\\1', $post); - $post = preg_replace('#\*(.*?)\*#is', '\\1', $post); - $bad_words = Array('viagra', 'phentermine', 'pharma'); - foreach($bad_words as $w) - { - if(!$this->spamcheck($post, $w)) die('The word "'.$w.'" has been detected in your message and as a result your post has been blocked. Don\'t argue, that will only get you banned.'); - } - if(!$this->can_post) die('Access to posting messages has been denied because the administrator has set that you must be logged into this website in order to post.'); - - $this->sql('UPDATE '.$this->table_prefix.'ajim SET post=\''.$post.'\' WHERE post_id='.$_POST['p'].';'); - - if($this->formatfunc) - { - $p = @call_user_func($this->formatfunc, $post); - if($p) $post = $p; - unset($p); // Free some memory - } - die($post); - break; - case 'delete': - if(!preg_match('#^([0-9]+)$#', $_POST['p'])) die('SQL injection attempt'); - $q = $this->sql('SELECT sid,ip_addr FROM '.$this->table_prefix.'ajim WHERE post_id='.$_POST['p']); - $r = mysql_fetch_assoc($q); - if( ( ( isset($_POST['ajim_auth']) && (!$this->admin || ($this->admin != $_POST['ajim_auth']) ) ) || !isset($_POST['ajim_auth']) ) && ( $this->get_sid() != $r['sid'] || $_SERVER['REMOTE_ADDR'] != $r['ip_addr'] ) ) die('Hacking attempt'); - $this->sql('DELETE FROM '.$this->table_prefix.'ajim WHERE post_id='.$_POST['p']); - die('good'); - break; - case 'post': - if(!preg_match('#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)$#is', $_POST['website'])) $_POST['website']=''; - // Now for a clever anti-spam trick: blacklist the words "viagra" and "phentermine" using one wicked regex: - // #([\s]){1}(v|\\\\\/)(.*){1}(i|\||l|1)(.*){1}(a|@|\/\\\\)(.*){1}(g|6)(.*){1}r(.*){1}(a|@|\/\\\\)(\s){1}#is - $name = $this->sanitize($_POST['name']); - $website = $this->sanitize($_POST['website']); - $post = $this->sanitize($_POST['post']); - foreach($this->bad_words as $w) - { - if(!$this->spamcheck($post, $w)) die('The word "'.$w.'" has been detected in your message and as a result your post has been blocked. Don\'t argue, that will only get you banned.'); - } - $post = $this->make_clickable($post); - $post = preg_replace('#_(.*?)_#is', '\\1', $post); - $post = preg_replace('#\*(.*?)\*#is', '\\1', $post); - if(!$this->can_post) die('Access to posting messages has been denied because the administrator has set that you must be logged into this website in order to post.'); - $this->sql('INSERT INTO '.$this->table_prefix.'ajim ( name, website, post, time_id, sid, ip_addr ) VALUES(\''.$name.'\', \''.$website.'\', \''.$post.'\', '.time().', \''.mysql_real_escape_string($this->get_sid()).'\', \''.mysql_real_escape_string($_SERVER['REMOTE_ADDR']).'\');'); - case 'view': - // if(isset($_GET['ajim_auth'])) - // die('Auth: '.$_GET['ajim_auth']); // .'
Pw: '.$this->admin); - if(isset($_GET['latest']) && ( isset($this->config['allow_looping']) && $this->config['allow_looping'] == true )) - { - // Determine max execution time - $max_exec = intval(@ini_get('max_execution_time')); - if(!$max_exec) $max_exec = 30; - $time_left = $max_exec - 1; - } - $q = $this->sql('SELECT name, website, post, post_id, time_id, sid, ip_addr FROM '.$this->table_prefix.'ajim ORDER BY post_id;'); - if(mysql_num_rows($q) < 1) echo '0 No posts.'; - else { - // Prune the table - if($this->prune > 0) { - $nr = mysql_num_rows($q); - $nr = $nr - $this->prune; - if($nr > 0) $this->sql('DELETE FROM '.$this->table_prefix.'ajim LIMIT '.$nr.';'); - } - // Alright, what we want to do here is grab the entire table, load it into an array, and then display the posts in reverse order. - for($i = 1; $i<=mysql_num_rows($q); $i++) { - $t[$i] = mysql_fetch_object($q); - } - - $s = sizeof($t); - - if(isset($_GET['latest']) && ( isset($this->config['allow_looping']) && $this->config['allow_looping'] == true )) - { - // When I was coding this, I immediately thought "use labels and goto!" Here's hoping, PHP6 :-) - $latest_from_user = intval($_GET['latest']); - $latest_from_db = intval($t[$s]->time_id); - while(true) - { - if($latest_from_user == $latest_from_db && $time_left > 5) - { - $time_left = $time_left - 5; - sleep(5); - mysql_free_result($q); - $q = $this->sql('SELECT name, website, post, post_id, time_id, sid, ip_addr FROM '.$this->table_prefix.'ajim ORDER BY post_id;'); - $t = Array(); - for($i = 1; $i<=mysql_num_rows($q); $i++) { - $t[$i] = mysql_fetch_object($q); - } - $s = sizeof($t); - $latest_from_user = intval($_GET['latest']); - $latest_from_db = intval($t[$s]->time_id); - //echo (string)$latest_from_db.'
'; - //flush(); - //exit; - if($latest_from_user != $latest_from_db) - break; - continue; - } - elseif($latest_from_user == $latest_from_db && $time_left < 5) - { - die('[E] No new posts'); - } - break; - } - } - - echo $t[$s]->time_id . ' '; - - // This is my favorite array trick - it baffles everyone who looks at it :-D - // What it does is the same as for($i=0;$i 0; $i--) { - if($this->formatfunc) - { - $p = @call_user_func($this->formatfunc, $t[$i]->post); - if($p) $t[$i]->post = $p; - unset($p); // Free some memory - $good_tags = Array('b', 'i', 'u', 'br'); - $gt = implode('|', $good_tags); - - // Override any modifications that may have been made to the HTML - $t[$i]->post = preg_replace('#<('.$gt.')>([^.]+)</\\1>#is', '<\\1>\\2', $t[$i]->post); - $t[$i]->post = preg_replace('#<('.$gt.')([ ]*?)/>#is', '<\\1 />', $t[$i]->post); - $t[$i]->post = preg_replace('#<('.$gt.')>#is', '<\\1 />', $t[$i]->post); - } - echo '
'; - if($t[$i]->website != '') echo ''.$t[$i]->name.''; - else echo ''.$t[$i]->name.''; - echo ' '; - if( $this->can_post && ($t[$i]->sid == $this->get_sid() && $t[$i]->ip_addr == $_SERVER['REMOTE_ADDR'] ) || ( isset($_GET['ajim_auth']) && $_GET['ajim_auth']==$this->admin ) ) - echo 'Delete Edit'; - echo '
Posted on '.date('n/j, g:ia', $t[$i]->time_id).'
'; - echo '
'.$t[$i]->post.'
'; - echo '
'; - } - } - break; - case 'auth': - if($_POST['ajim_auth']==$this->admin) echo 'good'; - else echo 'The password you entered is invalid.'; - break; - } - } - } - - /** - * Replace URLs within a block of text with anchors - * Written by Nathan Codding, copyright (C) phpBB Group - * @param string $text - the text to process - * @return string - */ - function make_clickable($text) - { - $text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1:", $text); - $ret = ' ' . $text; - $ret = preg_replace('#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is', '\\1\\2', $ret); - $ret = preg_replace("#(^|[\ n ])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", '\\1\\2', $ret); - $ret = preg_replace("#(^|[\n ])([a-z0-9&\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)*[\w]+)#i", '\\1\\2@\\3', $ret); - $ret = substr($ret, 1); - return($ret); - } -} - -// The client-side javascript and CSS code - -if(isset($_GET['js']) && isset($_GET['id']) && isset($_GET['path']) && isset($_GET['pfx'])) { - header('Content-type: text/javascript'); - ?> - //