<?php
/*------------------------------------------------------------------------------
sNews Version: 1.7.1
Issue Date: October 22.10 (keyrocks)
Copyright (C): Solucija.com
Licence: sNews is licensed under a Creative Commons License.
--------------------------------------------------------------------------------
PATCHES:
For a list of all patches and bug fixes applied to this Download package,
please view the patch-log_snews1.7.txt (notepad) file located in the
Patches Log folder.
--------------------------------------------------------------------------------*/
// Start sNews session
session_start();
/*------------------------------------------------------------
To enable Error Reporting, un-comment string #1
and comment-out string #2, which turns Error Reporting off.
------------------------------------------------------------*/
//error_reporting(E_ALL ^ E_NOTICE); // #1 Report all Errors
error_reporting(0); // #2 No Error Reporting
// CONFIGURE DATABASE VARIABLES
function db($variable) {
$db = array(
# Edit database connection information only
'dbhost' => '[[softdbhost]]', // MySQL host
'dbname' => '[[softdb]]', // Database name
'dbuname' => '[[softdbuser]]', // Database Username
'dbpass' => '[[softdbpass]]', // Database password
// Table prefix for multiple sNews systems on one database. Leave it blank if not used.
'prefix' => ''
);
return $db[$variable];
}
//SITE - Automatically detects the scripts location.
function site() {
$host = 'http://'.$_SERVER['HTTP_HOST'];
$directory = dirname($_SERVER['SCRIPT_NAME']);
$website = $directory == '/' ? $host.'/' : $host.$directory.'/';
return $website;
}
// Language Variables
function l($var) {
global $l;
return $l[$var];
}
// INFO LINE TAGS (readmore, comments, date)
$tags = array(
'infoline' => '<p class="date">,readmore,comments,date,edit,</p>',
'comments' => '<p class="meta">,name, '.l('on').' ,date,edit,</p>,<p class="comment">,comment,</p>'
);
function tags($tag) {
global $tags;
return $tags[$tag];
}
// Constants
// Website
define('_SITE',site());
// Prefix
define('_PRE',db('prefix'));
// Set login constant
define('_ADMIN',(isset($_SESSION[_SITE.'Logged_In']) && $_SESSION[_SITE.'Logged_In'] == token() ? true : false));
// SITE SETTINGS - grab site settings from database
function s($var) {
global $site_settings;
if (!$site_settings){
$query = 'SELECT name,value FROM '._PRE.'settings';
$result = mysql_query($query);
while ($r = mysql_fetch_assoc($result)) {
$site_settings[$r['name']] = $r['value'];
}
}
$value = $site_settings[$var];
return $value;
}
// SESSION TOKEN
function token() {
$a = md5(substr(session_id(), 2, 7));
$b = $_SERVER['HTTP_USER_AGENT'];
$token = md5($a.$b._SITE);
return $token;
}
// STARTUP
connect_to_db();
// LANGUAGE VARIABLES
s('language') != 'EN' && file_exists('lang/'.s('language').'.php') == true ? include('lang/'.s('language').'.php') : include('lang/EN.php');
// SYSTEM VARIABLES (not to be translated)
//SEF links of the hardcoded items - RESERVED WORDS - will clash if using for article/category seftitles.
$l['cat_listSEF'] = 'archive,contact,sitemap,login';
if (_ADMIN) {$l['cat_listSEF'] .= ',administration,admin_category,admin_article,article_new,extra_new,page_new,snews_categories,snews_articles,extra_contents,snews_pages,snews_settings,snews_files,logout,groupings,admin_groupings';}
//divider character
$l['divider'] = '·';
// used in article pagination links
$l['paginator'] = 'p_';
$l['comment_pages'] = 'c_';
// list of files & folders ignored by upload/file list routine
$l['ignored_items'] = '.,..,cgi-bin,.htaccess,Thumbs.db,snews.php,index.php,lib.php,style.css,admin.js,'.s('language').'.php';
if(isset($_POST['Loginform']) && !_ADMIN) {
$user = checkUserPass($_POST['uname']);
$pass = checkUserPass($_POST['pass']);
unset($_POST['uname'],$_POST['pass']);
// Patch #18 - 1.7.1 - revised string by KikkoMax
if (checkMathCaptcha() && md5($user) === s('username') && md5($pass) === s('password')) {
//if (md5($user) === s('username') && md5($pass) === s('password') && checkMathCaptcha()) {
$_SESSION[_SITE.'Logged_In'] = token();
notification(2,'','administration');
} else { die( notification(2,l('err_Login'),'login')); }
}
if($_POST['submit_text'] && !_ADMIN){
die (notification(2,l('error_not_logged_in'),'home'));
}
if (!empty($_GET['category'])) { // Patch #7 - 1.7.1
$url = explode('/', clean($_GET['category']));
$categorySEF = $url[0];
if (isset($url[1])) $subcatSEF = $url[1];
if (substr($url[1], 0, 1) == l('comment_pages') && is_numeric(substr($url[1], 1, 1))) $commentsPage = $url[1];
if (isset($url[2])) $articleSEF= $url[2];
if (isset($url[3])) $commentsPage = $url[3];
if (check_category($categorySEF)) { $_catID = 0; return; }
// Admin content
if (_ADMIN) {
$pub_a = ''; $pub_c = ''; $pub_x = '';
} else {
$pub_a = ' AND a.published = 1';
$pub_c = ' AND c.published =\'YES\'';
$pub_x = ' AND x.published =\'YES\'';
}
// Query for / Category / subcategory / article /
if ($articleSEF && substr( $articleSEF, 0, 2) != l('paginator') && substr( $articleSEF, 0, 2) != l('comment_pages')) {
$MainQuery = 'SELECT
a.id AS id, title, position, description_meta, keywords_meta,
c.id AS catID, c.name AS name, c.description, x.name AS xname
FROM '._PRE.'articles'.' AS a,
'._PRE.'categories'.' AS c
LEFT JOIN '._PRE.'categories'.' AS x
ON c.subcat=x.id
WHERE a.category=c.id
'.$pub_a.$pub_c.$pub_x.'
AND x.seftitle="'.$categorySEF.'"
AND c.seftitle="'.$subcatSEF.'"
AND a.seftitle="'.$articleSEF.'"
';
}
// Two queries for / Category / subcategory / OR / Category / article /
elseif ($subcatSEF && substr( $subcatSEF, 0, 2) != l('paginator') && substr( $subcatSEF, 0,2) != l('comment_pages')) {
$Try_Article = mysql_query('SELECT
a.id AS id, title, position, description_meta, keywords_meta,
c.id as catID, name, description, subcat
FROM '._PRE.'articles'.' AS a
LEFT JOIN '._PRE.'categories'.' AS c
ON category = c.id
WHERE c.seftitle = "'.$categorySEF.'"
AND a.seftitle ="'.$subcatSEF.'"
'.$pub_a.$pub_c.'
AND subcat = 0
');
$R = mysql_fetch_assoc($Try_Article);
// query for / category / article /
if(empty($R)) {
$MainQuery = 'SELECT
c.id AS catID, c.name AS name, c.description, c.subcat,
x.name AS xname
FROM '._PRE.'categories'.' AS x
LEFT JOIN '._PRE.'categories'.' AS c
ON c.subcat = x.id
WHERE x.seftitle = "'.$categorySEF.'"
AND c.seftitle = "'.$subcatSEF.'"
'.$pub_c.$pub_x ;
}
} else {
switch(true):
case (substr( $categorySEF, 0, 2) == l('paginator')) :
break;
case (false !== strpos($categorySEF, 'rss-')) :
die(rss_contents($categorySEF)); // Patch #17A - 1.7.1 removed: , $articleSEF (redundant)
// Two queries for / Category / OR /Page/
default:
$Try_Page = mysql_query('SELECT
id, title, category, description_meta, keywords_meta, position
FROM '._PRE.'articles'.' AS a
WHERE seftitle = "'.$categorySEF.'"
'.$pub_a.'
AND position = 3');
// query for category
$R = mysql_fetch_assoc($Try_Page);
if (!$R) {
$MainQuery ='SELECT
id AS catID, name, description
FROM '._PRE.'categories'.' AS c
WHERE seftitle = "'.$categorySEF.'"
AND subcat = 0
'.$pub_c;
}
endswitch;
}
if (!empty($MainQuery)){
$Mainresult = mysql_query($MainQuery);
if (mysql_num_rows($Mainresult) === 1 ){
$R = mysql_fetch_assoc($Mainresult);
} else if(!in_array($_GET['action'],explode(',',l('cat_listSEF')))){ // Patch #7 - 1.7.1
$categorySEF = '404';
header('HTTP/1.1 404 Not Found');
unset($subcatSEF,$articleSEF); }
update_articles();
}
// globals
} else {
// ID for 'home'
if (s('display_page') !== 0) $_ID = s('display_page');
}
if(!empty($R['category'])) $_CAT = $R['category'];
if(!empty($R['id'])) $_ID = $R['id'];
if(!empty($R['title'])) $_TITLE = $R['title'];
if(!empty($R['position'])) $_POS = $R['position'];
if(!empty($R['catID'])) $_catID = $R['catID'];
if(!empty($R['name'])) $_NAME = $R['name'];
if(!empty($R['xname'])) $_XNAME = $R['xname'];
if(!empty($R['keywords_meta'])) $_KEYW = $R['keywords_meta'];
if(!empty($R['description_meta'])) $_DESCR = $R['description_meta']; else $_DESCR = $R['description'];
// set comments page for / category / article /
if (isset($url[3]) && !$_XNAME) $commentsPage = $url[2];
//TITLE
function title() {
global $categorySEF, $_DESCR, $_KEYW, $_TITLE, $_NAME, $_XNAME;
echo '<base href="'._SITE.'" />';
$title = $_TITLE ? $_TITLE.' - ' : '';
$title .= $_NAME ? $_NAME.' - ' : '';
$title .= $_XNAME ? $_XNAME.' - ' : '';
if (check_category($categorySEF) == true && $categorySEF != 'administration' && $categorySEF)
$title .= l($categorySEF).' - ';
$title .= s('website_title');
echo '
<title>'.$title.'</title>
<meta http-equiv="Content-Type" content="text/html; charset='.s('charset').'" />
<meta name="description" content="'.(!empty($_DESCR) ? $_DESCR : s('website_description')).'" />
<meta name="keywords" content="'.(!empty($_KEYW) ? $_KEYW : s('website_keywords')).'" />';
if (_ADMIN) {
echo '<script type="text/javascript">';
include('js/admin.js');
echo '</script>';
}
}
//BREADCRUMBS
function breadcrumbs() {
global $categorySEF, $subcatSEF, $_POS, $_TITLE, $_NAME, $_XNAME;
$link = '<a href="'._SITE.'';
if (_ADMIN) {
echo $link.'administration/" title="'.l('administration').'">'.l('administration').'</a> '.l('divider').' ';
}
echo (!empty($categorySEF) ? $link.'">'.l('home').'</a>' : l('home'));
if (!empty($categorySEF) && check_category($categorySEF) == false) {
echo (!empty($subcatSEF) ? ' '.l('divider').' '.$link.$categorySEF.'/">
'.(!empty($_XNAME) ? $_XNAME : $_NAME).'</a>' :
(!empty($_NAME) ? ' '.l('divider').' '.$_NAME:''));
if (!empty($subcatSEF) && $_XNAME) {
echo ($_POS==1 ? ' '.l('divider').' '.$link.$categorySEF.'/'.$subcatSEF.'/">'.$_NAME.'</a>' : ' '.l('divider').' '.$_NAME);
}
echo (!empty($_TITLE)? ' '.l('divider').' '.$_TITLE : '');
}
if (check_category($categorySEF) == true && $categorySEF != 'administration' && $categorySEF) {
echo ' '.l('divider').' '.l($categorySEF);}
}
// LOGIN LOGOUT LINK
function login_link() {
$login = '<a href="'._SITE;
$login .= _ADMIN ? 'administration/" title="'.l('administration').'">'.l('administration').'</a> '.l('divider').' <a href="'._SITE.'logout/" title="'.l('logout').'">'.l('logout') :
'login/" title="'.l('login').'">'.l('login').'';
$login .= '</a>';
echo $login;
}
// DISPLAY CATEGORIES
function categories() {
global $categorySEF;
$qwr = !_ADMIN ? ' AND a.visible=\'YES\'' : '';
if (s('num_categories') == 'on') {
$count = ', COUNT(DISTINCT a.id) as total';
$join = 'LEFT OUTER JOIN '._PRE.'articles'.' AS a
ON (a.category = c.id AND a.position = 1 AND a.published = 1'.$qwr.')';
} else {
$count ='';
$join='';
}
$result = mysql_query('SELECT
c.seftitle, c.name, description, c.id AS parent'.$count.'
FROM '._PRE.'categories'.' AS c '.$join.'
WHERE c.subcat = 0 AND c.published = \'YES\'
GROUP BY c.id
ORDER BY c.catorder,c.id');
if (mysql_num_rows($result) > 0){
while ($r = mysql_fetch_array($result)) {
$category_title = $r['seftitle'];
$r['name'] = (s('language')!='EN' && $r['name'] == 'Uncategorized' && $r['parent']==1) ? l('uncategorised') : $r['name'];
$class = $category_title == $categorySEF ? ' class="current"' : '';
if (isset($r['total'])) { $num='('.$r['total'].')'; }
echo '<li><a'.$class.' href="'._SITE.$category_title.'/" title="'.$r['name'].' - '.$r['description'].'">'.$r['name'].$num.'</a>';
$parent = $r['parent'];
if ($category_title == $categorySEF) { subcategories($parent); }
echo '</li>';
}
} else {
echo '<li>'.l('no_categories').'</li>';
}
}
function subcategories($parent) {
global $categorySEF, $subcatSEF;
$qwr = !_ADMIN ? ' AND a.visible=\'YES\'' : '';
if (s('num_categories') == 'on') {
$count = ', COUNT(DISTINCT a.id) AS total';
$join ='LEFT OUTER JOIN '._PRE.'articles'.' AS a
ON (a.category = c.id AND a.position = 1 AND a.published = 1'.$qwr.')';
} else {
$count ='';
$join='';
}
$subresult = mysql_query('SELECT c.seftitle AS subsef, description, name'.$count.'
FROM '._PRE.'categories'.' AS c '.$join.'
WHERE c.subcat = '.$parent.' AND c.published = \'YES\'
GROUP BY c.id
ORDER BY c.catorder,c.id');
if (mysql_num_rows($subresult) !== 0) {
echo '<ul>';
while ($s = mysql_fetch_array($subresult)) {
$subSEF = $s['subsef'];
$class = $subSEF == $subcatSEF ? ' class="current"' : '';
if (isset($s['total'])) {
$num=' ('.$s['total'].')';
}
echo '<li class="subcat">
<a'.$class.' href="'._SITE.$categorySEF.'/'.$subSEF.'/" title="'.$s['description'].'">
'.$s['name'].$num.'</a></li>';
}
echo '</ul>';
}
}
// DISPLAY PAGES
function pages() {
global $categorySEF,$_No3;
$qwr = !_ADMIN ? ' AND visible=\'YES\'' : '';
$class = empty($categorySEF) ? ' class="current"' : '';
echo '<li><a'.$class.' href="'._SITE.'">'.l('home').'</a></li>';
$class = ($categorySEF == 'archive') ? ' class="current"' : '';
echo '<li><a'.$class.' href="'._SITE.'archive/">'.l('archive').'</a></li>';
$query = "SELECT id, seftitle, title FROM "._PRE.'articles'." WHERE position = 3 $qwr ORDER BY artorder ASC, id";
$result = mysql_query($query);
$num = mysql_num_rows($result);
while ($r = mysql_fetch_array($result)) {
$title = $r['title'];
$class = ($categorySEF == $r['seftitle'])? ' class="current"' : '';
if ($r['id'] != s('display_page')) {
echo '<li><a'.$class.' href="'._SITE.$r['seftitle'].'/">'.$title.'</a></li>';
}
}
$class = ($categorySEF == 'contact') ? ' class="current"': '';
echo '<li><a'.$class.' href="'._SITE.'contact/">'.l('contact').'</a></li>';
$class = ($categorySEF == 'sitemap') ? ' class="current"': '';
echo '<li><a'.$class.' href="'._SITE.'sitemap/">'.l('sitemap').'</a></li>';
if ($num) $_No3 = true;
}
//EXTRA CONTENT
function extra($mode='', $styleit = 0, $classname = '', $idname= '') {
global $categorySEF, $subcatSEF, $articleSEF, $_ID, $_catID;
if (empty($mode)) {
$mode = retrieve('seftitle', 'extras','id',1);
}
if (!_ADMIN) $qwr = ' AND visible=\'YES\''; else $qwr = '';
$mode = strtolower($mode);
$getExtra = retrieve('id', 'extras', 'seftitle', $mode);
$subCat = retrieve('subcat', 'categories', 'id', $_catID);
if (!empty( $_ID)) {
$getArt = $_ID;
}
if (!empty($subcatSEF)) {
$catSEF = $subcatSEF;
}
$url = $categorySEF.(!empty($subcatSEF)? '/'.$subcatSEF:'').(!empty($articleSEF)?'/'.$articleSEF :'');
$sql = 'SELECT
id,title,seftitle,text,category,extraid,page_extra,
position,displaytitle,show_in_subcats,visible
FROM '._PRE.'articles'.'
WHERE published = 1
AND position = 2 ';
$query = $sql.(!empty($getExtra) ? ' AND extraid = '.$getExtra : ' AND extraid = 1');
$query = $query.$qwr.' ORDER BY artorder ASC,id ASC';
$result = mysql_query($query) or die(mysql_error());
while ($r = mysql_fetch_array($result)) {
$category = $r['category'];
$page = $r['page_extra'];
switch (true) {
case ($category == 0 && $page<1):
$print = false;
break;
case ($category == 0 && empty($_catID) && $page!=''):
$print = check_category($catSEF) != true? true : false;
break;
case ($category == $_catID || ($category == $subCat && $r['show_in_subcats'] == 'YES')):
$print = true;
break;
case ($category == -3 && $getArt == $page):
$print = true;
break;
case ($category == -3 && $_catID == 0 && $getArt != $page && $page == 0
&& $categorySEF !='' && !in_array($categorySEF,explode(',',l('cat_listSEF')))
&& substr( $categorySEF, 0, 2) != l('paginator') ):
$print = true;
break;
// To show up on all pages only
case ($category == -1 && $_catID == 0 && $getArt != $page && $page == 0):
$print = true;
break;
// To show up on all categories and pages
case ($category == -1):
$print = true;
break;
default:
$print = false;
}
if ($print == true) {
if ($styleit == 1) {
$container ='<div';
$container .= !empty($classname) ? ' class="'.$classname.'"' : '';
$container .= !empty($idname) ? ' id="'.$idname.'"' : '';
$container .= '>';
echo $container;
}
if ($r['displaytitle'] == 'YES') {
echo '<h3>'. $r['title'] .'</h3>';
}
file_include($r['text'], 9999000);
$visiblity = $r['visible'] == 'YES' ?
'<a href="'._SITE.'?action=process&task=hide&item=snews_articles&id='.$r['id'].'&back='.$url.'">'.l('hide').'</a>' :
l('hidden').' ( <a href="'._SITE.'?action=process&task=show&item=snews_articles&id='.$r['id'].'&back='.$url.'">'.l('show').'</a> )';
echo _ADMIN ? '<p><a href="'._SITE.'?action=admin_article&id='.$r['id'].'" title="'.l('edit').' '.$r['seftitle'].'">
'.l('edit').'</a>'.' '.l('divider').' '.$visiblity.'</p>' : '';
if ($styleit == 1) {
echo '</div>';
}
}
}
}
// PAGINATOR
function paginator($pageNum, $maxPage, $pagePrefix) {
global $categorySEF,$subcatSEF, $articleSEF,$_ID, $_catID,$_POS, $_XNAME;
switch (true){
case !$_ID && !$_catID :
$uri ='';
break;
case $_ID && $_XNAME :
$uri = $categorySEF.'/'.$subcatSEF.'/'.$articleSEF.'/';
break;
case $_POS == 1 || $_XNAME :
$uri = $categorySEF.'/'.$subcatSEF.'/';
break;
default :
$uri = $categorySEF.'/';
}
$link = '<a href="'._SITE.$uri ;
$prefix = !empty($pagePrefix) ? $pagePrefix : '';
if ($pageNum > 1) {
$goTo = $link;
$prev = (($pageNum-1)==1 ? $goTo :
$link.$prefix.($pageNum - 1).'/').'" title="'.l('page').' '.($pageNum - 1).'">
< '.l('previous_page').'</a> ';
$first = $goTo.'" title="'.l('first_page').' '.l('page').'">
<< '.l('first_page').'</a>';
} else {
$prev = '< '.l('previous_page');
$first = '<< '.l('first_page');
}
if ($pageNum < $maxPage) {
$next = $link.$prefix.($pageNum + 1).'/" title="'.l('page').' '.($pageNum + 1).'">
'.l('next_page').' ></a> ';
$last = $link.$prefix.$maxPage.'/" title="'.l('last_page').' '.l('page').'">
'.l('last_page').' >></a> ';
} else {
$next = l('next_page').' > ';
$last = l('last_page').' >>';
}
echo '
<div class="paginator">
'.$first.' '.$prev.'
<strong>['.$pageNum.'</strong> / <strong>'.$maxPage.']</strong>
'.$next.' '.$last.'
</div>';
}
// CENTER
function center() {
// fatal session produced on failed login, and will display error message.
if (isset($_SESSION[_SITE.'fatal'])) {
echo $_SESSION[_SITE.'fatal'];
unset($_SESSION[_SITE.'fatal']);
} else {
global $categorySEF, $subcatSEF, $articleSEF;
switch(true) {
case isset($_GET['category']):
$action = $categorySEF;
break;
case isset($_GET['action']): // Patch #7 - 1.7.1
$action = $categorySEF == '404' ? $categorySEF : clean(cleanXSS($_GET['action']));
break;
}
switch(true) {
case isset($_POST['search_query']):
search(); return; break;
case isset($_POST['comment']):
comment('comment_posted'); return; break;
case isset($_POST['contactform']):
contact(); return; break;
case isset($_POST['Loginform']):
administration(); return; break;
case isset($_POST['submit_text']):
processing(); return; break;
}
if (_ADMIN) {
switch ($action) {
case 'administration':
administration(); return; break;
case 'snews_settings':
settings(); return; break;
case 'snews_categories':
admin_categories(); return; break;
case 'admin_category':
form_categories(); return; break;
case 'admin_subcategory':
form_categories('sub'); return; break;
case 'groupings':
admin_groupings(); return; break;
case 'admin_groupings':
form_groupings(); return; break;
case 'snews_articles':
admin_articles('article_view'); return; break;
case 'extra_contents':
admin_articles('extra_view'); return; break;
case 'snews_pages':
admin_articles('page_view'); return; break;
case 'admin_article':
form_articles(''); return; break;
case 'article_new':
form_articles('article_new'); return; break;
case 'extra_new':
form_articles('extra_new'); return; break;
case 'page_new':
form_articles('page_new'); return; break;
case 'editcomment':
edit_comment(); return; break;
case 'snews_files':
files(); return; break;
case 'process':
processing(); return; break;
case 'logout':
session_destroy();
echo '<meta http-equiv="refresh" content="2; url='._SITE.'">';
echo '<h2>'.l('log_out').'</h2>';
return; break;
}
}
switch ($action) {
case 'archive':
archive(); break;
case 'sitemap':
sitemap(); break;
case 'contact':
contact(); break;
case 'login':
login(); break;
case '404':
echo '<p class="warning">'.l('error_404').'</p>'; // Patch #404 - 1.7.1 - message string revised.
sitemap(); break; // Patch #404 - 1.7.1 - show sitemap with message.
default:
articles(); break;
}
}
}
// ARTICLES
function articles() {
global $categorySEF, $subcatSEF, $articleSEF, $_ID, $_POS, $_catID, $_XNAME;
$frontpage = s('display_page');
$title_not_found = '<h2>'.l('none_yet').'</h2>';
if (_ADMIN) {
$visible='';
$title_not_found .= '<p>'.l('create_new').'
<a href="'._SITE.'administration/" title="'.l('administration').'">'.l('administration').'</a></p>';
} else {
$visible =' AND a.visible=\'YES\' ';
}
if ($_ID || (!$_catID && $frontpage != 0)) {
if (!$_ID) $_ID = $frontpage;
// article or page, id as indentifier
$query_articles = 'SELECT
a.id AS aid,title,a.seftitle AS asef,text,a.date,
a.displaytitle,a.displayinfo,a.commentable,a.visible
FROM '._PRE.'articles'.' AS a
WHERE id ='.$_ID.$visible;
} else {
if (s('display_pagination') == 'on') $on = true; else $on = false;
if ($on == true) {
if ($articleSEF) {
$SEF = $articleSEF;
} elseif ($subcatSEF) {
$SEF = $subcatSEF;
} else {
$SEF = $categorySEF;
}
// pagination
$currentPage = strpos($SEF, l('paginator')) === 0 ? str_replace(l('paginator'), '', $SEF) : '';
if ($_catID) {
$count = 'SELECT COUNT(a.id) AS num
FROM '._PRE.'articles'.' AS a
WHERE position = 1
AND a.published =1
AND category = '.$_catID.$visible.'
GROUP BY category';
} else {
$count = 'SELECT COUNT(a.id) AS num
FROM '._PRE.'articles'.' AS a
LEFT OUTER JOIN '._PRE.'categories'.' as c
ON category = c.id
LEFT OUTER JOIN '._PRE.'categories'.' as x
ON c.subcat = x.id AND (x.published =\'YES\')
WHERE show_on_home = \'YES\' '.$visible.'
AND position = 1
AND a.published =1
AND c.published =\'YES\'
GROUP BY show_on_home';
}
$count = mysql_query($count);
if ($count) {
$r = mysql_fetch_array($count);
$num = $r['num'];
}
}
if ($num === 0 ) {
echo $title_not_found;
} else {
$articleCount = s('article_limit');
$article_limit = (empty($articleCount) || $articleCount < 1) ? 100 : $articleCount;
$totalPages = ceil($num/$article_limit);
if (!isset($currentPage) || !is_numeric($currentPage) || $currentPage < 1) {
$currentPage = 1;
}
// get the rows for category
if ($_catID) {
$query_articles = 'SELECT
a.id AS aid,title,a.seftitle AS asef,text,a.date,
a.displaytitle,a.displayinfo,a.commentable,a.visible
FROM '._PRE.'articles'.' AS a
WHERE position = 1
AND a.published =1
AND category = '.$_catID.$visible.'
ORDER BY artorder ASC,date DESC
LIMIT '.($currentPage - 1) * $article_limit.','.$article_limit;
} else {
$query_articles = 'SELECT
a.id AS aid,title,a.seftitle AS asef,text,a.date,
displaytitle,displayinfo,commentable,a.visible,
c.name AS name,c.seftitle AS csef,
x.name AS xname,x.seftitle AS xsef
FROM '._PRE.'articles'.' AS a
LEFT OUTER JOIN '._PRE.'categories'.' as c
ON category = c.id
LEFT OUTER JOIN '._PRE.'categories'.' as x
ON c.subcat = x.id AND x.published =\'YES\'
WHERE show_on_home = \'YES\'
AND position = 1
AND a.published =1
AND c.published =\'YES\''.$visible.'
ORDER BY date DESC
LIMIT '.($currentPage - 1) * $article_limit.','.$article_limit;
}
}
}
$result = mysql_query($query_articles);
$numrows = mysql_num_rows($result);
if (!$result || !$numrows) {
if (_ADMIN) {
echo $title_not_found;
}
echo '<ul class="vertical">';
menu_articles(0,10,1);
echo '</ul>';
} else {
$link = '<a href="'._SITE;
while ($r = mysql_fetch_array($result)) {
$infoline = $r['displayinfo'] == 'YES' ? true : false;
$text = stripslashes($r['text']);
if (!empty($currentPage)) {
$short_display = strpos($text, '[break]');
$shorten = $short_display == 0 ? 9999000 : $short_display;
} else {
$shorten = 9999000;
}
$comments_query = 'SELECT id FROM '._PRE.'comments'.'
WHERE articleid = '.$r['aid'].' AND approved = \'True\'';
$comments_result = mysql_query($comments_query);
$comments_num = mysql_num_rows($comments_result);
$a_date_format = date(s('date_format'), strtotime($r['date']));
if ($r['csef']) $uri = $r['xsef'] ? $r['xsef'].'/'.$r['csef'] : $r['csef'];
elseif ($_XNAME) $uri = $categorySEF.'/'.$subcatSEF;
else $uri = $categorySEF;
$title = $r['title'];
if ($r['displaytitle'] == 'YES') {
if (!$_ID) {
echo '<h2 class="big">'.$link.$uri.'/'.$r['asef'].'/">'.$title.'</a></h2>';
} else {
echo '<h2>'.$title.'</h2>';
}
}
file_include(str_replace('[break]', '',$text), $shorten);
$commentable = $r['commentable'];
$visiblity = $r['visible'] == 'YES' ?
'<a href="'._SITE.'?action=process&task=hide&item=snews_articles&id='.$r['aid'].'&back='.$uri.'">'.l('hide').'</a>' :
l('hidden').' ( <a href="'._SITE.'?action=process&task=show&item=snews_articles&id='.$r['aid'].'&back='.$uri.'">'.l('show').'</a> )' ;
$edit_link = $link.'?action=admin_article&id='.$r['aid'].'" title="'.$title.'">'.l('edit').'</a> ';
$edit_link.= ' '.l('divider').' '.$visiblity;
if (!empty($currentPage)) {
if ($infoline == true) {
$tag = explode(',', tags('infoline'));
foreach ($tag as $tag) {
switch (true) {
case ($tag == 'date'):
echo $a_date_format;
break;
case ($tag == 'readmore' && strlen($r['text']) > $shorten):
echo $link.$uri.'/'.$r['asef'].'/">'.l('read_more').'</a> ';
break;
case ($tag == 'comments' && ($commentable == 'YES' || $commentable == 'FREEZ')):
echo $link.$uri.'/'.$r['asef'].'/#'.l('comment').'1">
'.l('comments').' ('.$comments_num.')</a> ';
break;
case ($tag == 'edit' && _ADMIN):
echo ' '.$edit_link;
break;
case ($tag != 'readmore' && $tag != 'comments' && $tag != 'edit'):
echo $tag;
break;
}
}
} else if (_ADMIN) {
echo '<p>'.$edit_link.'</p>';
}
} else if (empty($currentPage)) {
if ($infoline == true) {
$tag = explode(',', tags('infoline'));
foreach ($tag as $tag ) {
switch ($tag) {
case 'date':
echo $a_date_format;
break;
case 'readmore':
case 'comments': ;
break;
case 'edit':
if (_ADMIN) {
echo ' '.$edit_link;
}
break;
default:
echo $tag;
}
}
} else if (_ADMIN) {
echo '<p>'.$edit_link.'</p>';
}
}
}
if (!empty($currentPage) && ($num> $article_limit) && $on) {
paginator( $currentPage, $totalPages, l('paginator'));
}
if (!empty($_POS) && empty($currentPage) && $infoline == true) {
if ($commentable == 'YES') {
comment('unfreezed');
} else if ($commentable == 'FREEZ') {
comment('freezed');
}
}
}
}
// COMMENTS
function comment($freeze_status) {
echo '<h3>Comments</h3>';
global $categorySEF, $subcatSEF, $articleSEF, $_ID, $commentsPage;
if (isset($commentsPage)) {
$commentsPage = str_replace(l('comment_pages'),'',$commentsPage);
}
if (strpos($articleSEF, l('paginator')) === 0) {
$articleSEF = str_replace(l('paginator'), '', $articleSEF);
}
if (!isset($commentsPage) || !is_numeric($commentsPage) || $commentsPage < 1) {
$commentsPage = 1;
}
$comments_order = s('comments_order');
if (isset($_POST['comment'])) {
$comment = cleanWords(trim($_POST['text']));
$comment = strlen($comment) > 4 ? clean(cleanXSS($comment)) : null;
$name = trim($_POST['name']);
$name = preg_replace('/[^a-zA-Z0-9_\s-]/', '', $name); // Patch #15 - 1.7.1
if (empty($name)) { $name = 'Anonymous'; } // Patch #15 - 1.7.1
$name = strlen($name) > 1 ? clean(cleanXSS($name)) : null;
$url = trim($_POST['url']);
$url = preg_replace('/[^a-zA-Z0-9_:\/\.-]/', '', $url); // Patch #15 - 1.7.1
$url = (strlen($url) > 8 && strpos($url, '?') === false) ? clean(cleanXSS($url)) : null;
$post_article_id = (is_numeric($_POST['id']) && $_POST['id'] > 0) ? $_POST['id'] : null;
$ip = (strlen($_POST['ip']) < 16) ? clean(cleanXSS($_POST['ip'])) : null;
if (_ADMIN) {
$doublecheck = 1;
$ident=1;
} else {
$contentCheck = retrieve('id', 'comments', 'comment', $comment);
$ident = !$contentCheck || (time() - $_SESSION[_SITE.'poster']['time']) > s('comment_repost_timer') ||
$_SESSION[_SITE.'poster']['ip'] !== $ip ? 1 : 0;
$doublecheck = $_SESSION[_SITE.'poster']['article'] === "$comment:|:$post_article_id" &&
(time()-$_SESSION[_SITE.'poster']['time']) < s('comment_repost_timer') ? 0 : 1;
}
if ($ip == $_SERVER['REMOTE_ADDR'] && $comment && $name && $post_article_id &&
checkMathCaptcha() && $doublecheck == 1 && $ident == 1) {
$url = preg_match('/((http)+(s)?:(\/\/)|(www\.))([a-z0-9_\-]+)/', $url) ? $url : '';
$url = substr($url, 0, 3) == 'www' ? 'http://'.$url : $url;
$time = date('Y-m-d H:i:s');
unset($_SESSION[_SITE.'poster']);
$approved = s('approve_comments') != 'on'|| _ADMIN ? 'True' : '';
$query = 'INSERT INTO '._PRE.'comments'.'(articleid, name, url, comment, time, approved) VALUES'.
"('$post_article_id', '$name', '$url', '$comment', '$time', '$approved')";
mysql_query($query);
$_SESSION[_SITE.'poster']['article']="$comment:|:$post_article_id";
$_SESSION[_SITE.'poster']['time'] = time();
// this is to set session for checking multiple postings.
$_SESSION[_SITE.'poster']['ip'] = $ip;
$commentStatus = s('approve_comments') == 'on'&& !_ADMIN ? l('comment_sent_approve') : l('comment_sent');
// eMAIL COMMENTS
if (s('mail_on_comments') == 'on' && !_ADMIN) {
if (s('approve_comments') == 'on') {
$status = l('approved_text');
$subject =l('subject_a');
} else {
$status = l('not_waiting_approved');
$subject =l('subject_b');
}
$to = s('website_email');
$send_array = array(
'to'=>$to,
'name'=>$name,
'comment'=>$comment,
'ip'=>$ip,
'url'=>$url,
'subject'=>$subject,
'status'=>$status);
send_email($send_array);
}
// End of Mail
} else {
$commentStatus = l('comment_error');
$commentReason = l('ce_reasons');
$fail = true;
$_SESSION[_SITE.'comment']['name'] = $name;
$_SESSION[_SITE.'comment']['comment'] = br2nl($comment);
$_SESSION[_SITE.'comment']['url'] = $url;
$_SESSION[_SITE.'comment']['fail'] = $fail;
}
echo '<h2>'.$commentStatus.'</h2>';
if (!empty($commentReason)) {
echo '<p>'.$commentReason.'</p>';
}
$postArt = clean(cleanXSS($_POST['article']));
$postArtID = retrieve('category','articles','id',$post_article_id);
if ($postArtID == 0) {
$postCat = '' ;
} else {
$postCat = cat_rel($postArtID, 'seftitle').'/';
}
if ($fail){
$back_link = _SITE.$postCat.$postArt;
echo '<a href="'.$back_link.'/">'.l('back').'</a>';
} else {
echo '<meta http-equiv="refresh" content="1; url='._SITE.$postCat.$postArt.'/">';
}
} else {
$commentCount = s('comment_limit');
$comment_limit = (empty($commentCount) || $commentCount < 1) ? 100 : $commentCount;
if (isset($commentsPage)) {
$pageNum = $commentsPage;
}
$offset = ($pageNum - 1) * $comment_limit;
$totalrows = 'SELECT count(id) AS num FROM '._PRE.'comments'.'
WHERE articleid = '.$_ID.' AND approved = \'True\';';
$rowsresult = mysql_query($totalrows);
$numrows = mysql_fetch_array($rowsresult);
$numrows = $numrows['num'];
// Patch #8 - 1.7.1 - redundant section removed
if ($numrows > 0) {
$query = 'SELECT
id,articleid,name,url,comment,time,approved
FROM '._PRE.'comments'.'
WHERE articleid = '.$_ID.'
AND approved = \'True\'
ORDER BY id '.$comments_order.'
LIMIT '."$offset, $comment_limit";
$result = mysql_query($query) or die(l('dberror'));
$ordinal = 1;
$date_format = s('date_format');
$edit_link = ' <a href="'._SITE.'?action=';
while ($r = mysql_fetch_array($result)) {
$date = date($date_format, strtotime($r['time']));
$commentNum = $offset + $ordinal;
$tag = explode(',', tags('comments'));
foreach ($tag as $tag) {
switch (true) {
case ($tag == 'date'):
echo '<a id="'.l('comment').$commentNum.'"
name="'.l('comment').$commentNum.'"></a>'.$date;
break;
case ($tag == 'name'):
$name = $r['name'];
echo !empty($r['url']) ?
'<a href="'.$r['url'].'" title="'.$r['url'].'" rel="nofollow">
'.$name.'</a> ' : $name;
break;
case ($tag == 'comment'):
echo $r['comment'];
break;
case ($tag == 'edit' && _ADMIN):
echo $edit_link.'editcomment&commentid='.$r['id'].'"
title="'.l('edit').' '.l('comment').'">'.l('edit').'</a> ';
echo $edit_link.'process&task=deletecomment&commentid='.$r['id'].'"
title="'.l('delete').' '.l('comment').'" onclick="return pop()">'.l('delete').'</a>';
break;
case ($tag == 'edit'): ;
break;
default:
echo $tag;
}
}
$ordinal++;
}
$maxPage = ceil($numrows / $comment_limit);
$back_to_page = ceil(($numrows + 1) / $comment_limit);
if ($maxPage > 1) {
paginator($pageNum, $maxPage,l('comment_pages'));
}
}
if ($freeze_status != 'freezed' && s('freeze_comments') != 'YES') {
if ($numrows == 0) {echo '<p>'.l('no_comment').'</p>';} // Patch #8 - 1.7.1 - new line added
// recall and set vars for reuse when botched post
if($_SESSION[_SITE.'comment']['fail'] == true) {
$name = $_SESSION[_SITE.'comment']['name'];
$comment = $_SESSION[_SITE.'comment']['comment'];
$url = $_SESSION[_SITE.'comment']['url'];
unset($_SESSION[_SITE.'comment']);
} else {
$url = $name = $comment = '';
}
// end var retrieval
$art_value = empty($articleSEF) ? $subcatSEF : $articleSEF;
echo '<div class="commentsbox"><h2>'.l('addcomment').'</h2>'."\r\n";
echo '<p>'.l('required').'</p>'."\r\n";
echo html_input('form', '', 'post', '', '', '', '', '', '', '', '', '', 'post', _SITE, '')."\r\n";
echo html_input('text', 'name', 'name', $name, '* '.l('name'), 'text', '', '', '', '', '', '', '', '', '')."\r\n";
echo html_input('text', 'url', 'url', $url, l('url'), 'text', '', '', '', '', '', '', '', '', '')."\r\n";
echo html_input('textarea', 'text', 'text', $comment, '* '.l('comment'), '', '', '', '', '', '5', '5', '', '', '')."\r\n";
echo mathCaptcha()."\r\n";
echo '<p>';
echo html_input('hidden', 'category', 'category', $categorySEF, '', '', '', '', '', '', '', '', '', '', '')."\r\n";
echo html_input('hidden', 'id', 'id', $_ID, '', '', '', '', '', '', '', '', '', '', '')."\r\n";
echo html_input('hidden', 'article', 'article', $art_value, '', '', '', '', '', '', '', '', '', '', '')."\r\n";
echo html_input('hidden', 'commentspage', 'commentspage', $back_to_page, '', '', '', '', '', '', '', '', '', '', '')."\r\n";
echo html_input('hidden', 'ip', 'ip', $_SERVER['REMOTE_ADDR'], '', '', '', '', '', '', '', '', '', '', '')."\r\n";
echo html_input('hidden', 'time', 'time', time(), '', '', '', '', '', '', '', '', '', '', '');
echo html_input('submit', 'comment', 'comment', l('submit'), '', 'button', '', '', '', '', '', '', '', '', '')."\r\n";
echo '</p></form></div>';
} else {
echo '<p>'.l('frozen_comments').'</p>';
}
}
}
// ARCHIVE
function archive($start = 0, $size = 200) {
echo '<h2>'.l('archive').'</h2>';
$query = 'SELECT id FROM '._PRE.'articles'.'
WHERE position = 1
AND published = 1
AND visible = \'YES\'
ORDER BY date DESC
LIMIT '."$start, $size";
$result = mysql_query($query);
$count = mysql_num_rows($result);
if ($count === 0) {
echo '<p>'.l('no_articles').'</p>';
} else {
while ($r = mysql_fetch_array($result)) {
$Or_id[] = 'a.id ='.$r['id'];
}
$Or_id = implode(' OR ',$Or_id);
$query = 'SELECT
title,a.seftitle AS asef,a.date AS date,
c.name AS name,c.seftitle AS csef,
x.name AS xname,x.seftitle AS xsef
FROM '._PRE.'articles'.' AS a
LEFT OUTER JOIN '._PRE.'categories'.' as c
ON category = c.id
LEFT OUTER JOIN '._PRE.'categories'.' as x
ON c.subcat = x.id
WHERE ('.$Or_id.')
AND a.published = 1
AND c.published =\'YES\'
AND (x.published =\'YES\' || x.published IS NULL)
ORDER BY date DESC
LIMIT '."$start, $size";
$result = mysql_query($query);
$month_names = explode(', ', l('month_names'));
$dot = l('divider');
echo '<p>';
while ($r = mysql_fetch_array($result)) {
$year = substr($r['date'], 0, 4);
$month = substr($r['date'], 5, 2) -1;
$month_name = (substr($month, 0, 1) == 0) ? $month_names[substr($month, 1, 1)] : $month_names[$month];
if ($last <> $year.$month) {
echo '<strong>'.$month_name.', '.$year.'</strong><br />';
}
$last = $year.$month;
$link = isset($r['xsef']) ? $r['xsef'].'/'.$r['csef'] : $r['csef'];
echo $dot.' <a href="'._SITE.$link.'/'.$r['asef'].'/">
'.$r['title'].' ('.$r['name'].')</a><br />';
}
echo'</p>';
}
}
// SITEMAP
function sitemap() {
echo '<h2>'.l('sitemap').'</h2>
<h3><strong>'.l('pages').'</strong></h3>
<ul>';
$link = '<li><a href="'._SITE;
echo $link.'">'.l('home').'</a></li>';
echo $link.'archive/">'.l('archive').'</a></li>';
// Patch #16 - 1.7.1
// added id to SELECT it, and filter out page if selected as Home with: AND id <> '".s('display_page')."'
// selects only IDs that are less or more than ID of the designated home page.
$query = "SELECT id,title,seftitle
FROM "._PRE.'articles'."
WHERE position = 3
AND published = 1
AND visible = 'YES'
AND id <> '".s('display_page')."'
ORDER BY artorder ASC, date, id";
$result = mysql_query($query);
while ($r = mysql_fetch_array($result)) {
echo $link.$r['seftitle'].'/">'.$r['title'].'</a></li>';
}
echo $link.'contact/">'.l('contact').'</a></li>';
echo $link.'sitemap/">'.l('sitemap').'</a></li>';
echo '</ul>
<h3><strong>'.l('articles').'</strong></h3>
<ul>';
$art_query = 'SELECT title, seftitle, date
FROM '._PRE.'articles'.'
WHERE position = 1
AND published = 1
AND visible = \'YES\'';
$cat_query = 'SELECT id, name, seftitle, description, subcat
FROM '._PRE.'categories'.'
WHERE published = \'YES\'
AND subcat = 0
ORDER BY catorder,id';
$cat_result = mysql_query($cat_query);
if (mysql_num_rows($cat_result) == 0) {
echo '<li>'.l('no_articles').'</li></ul>';
} else {
while ($c = mysql_fetch_array($cat_result)) {
$category_title = $c['seftitle'];
echo '<li><strong><a href="'._SITE.$category_title.'/" title="'.$c['description'].'">
'.$c['name'].'</a></strong>';
$catid = $c['id'];
$query = $art_query.' AND category = '.$catid.' ORDER BY id DESC';
$result = mysql_query($query);
if (mysql_num_rows($result) > 0) {
echo '<ul>';
}
while ($r = mysql_fetch_array($result)) {
echo '<li>'.l('divider').' <a href="'._SITE.$category_title.'/'.$r['seftitle'].'/">
'.$r['title'].'</a></li>';
}
if (mysql_num_rows($result) > 0) {
echo '</ul>';
}
$subcat_result = mysql_query('SELECT id, name, seftitle, description, subcat
FROM '._PRE.'categories'.'
WHERE published = \'YES\'
AND subcat = '.$c['id'].'
ORDER BY catorder ASC');
if (mysql_num_rows($subcat_result) > 0) {
echo '<ul>';
}
while ($s = mysql_fetch_array($subcat_result)) {
$subcat_title = $s['seftitle'];
$subcat_name = $s['name'];
echo '<li class="subcat"><strong><a href="'.
_SITE.$category_title.'/'.$subcat_title.'/" title="'.$s['description'].'">'.$subcat_name.'</a></strong>';
$subcatid = $s['id'];
$query = $art_query.' AND category = '.$subcatid.' ORDER BY id DESC';
$artresult = mysql_query($query);
if (mysql_num_rows($artresult) > 0) {
echo '<ul>';
}
while ($r = mysql_fetch_array($artresult)) {
echo '<li class="subcat">'.l('divider').'
<a href="'._SITE.$category_title.'/'.$subcat_title.'/'.$r['seftitle'].'/">
'.$r['title'].'</a></li>';
}
if (mysql_num_rows($artresult) > 0) {
echo '</ul>';
}
echo '</li>';
}
if (mysql_num_rows($subcat_result) > 0) {
echo '</ul>';
}
echo '</li>';
}
echo '</ul>';
}
}
// CONTACT FORM - // Patch #12 - 1.7.1 - security patch added
function contact() {
if (!isset($_POST['contactform'])) {
$_SESSION[_SITE.'time'] = $time = time();
echo
'<div class="commentsbox"><h2>'.l('contact').'</h2>
<p>'.l('required').'</p>
<form method="post" action="'._SITE.'" id="post" accept-charset="UTF-8">
<p><label for="name">* ',l('name'),'</label>:<br />
<input type="text" name="name" id="name" maxlength="100" class="text" value="" /></p>
<p><label for="email">* ',l('email'),'</label>:<br />
<input type="text" name="email" id="email" maxlength="320" class="text" value="" /></p>
<p><label for="weblink">',l('url'),'</label>:<br />
<input type="text" name="weblink" id="weblink" maxlength="160" class="text" value="" /></p>
<p><label for="message">* ',l('message'),'</label>:<br />
<textarea name="message" rows="5" cols="5" id="message"></textarea></p>
',mathCaptcha(),'
<p><input type="hidden" name="ip" id="ip" value="',$_SERVER['REMOTE_ADDR'],'" />
<input type="hidden" name="time" id="time" value="',time(),'" />
<input type="submit" name="contactform" id="contactform" class="button" value="',l('submit'),'" /></p>
</form>
</div>';
} elseif( isset( $_SESSION[_SITE.'time'] ) ) {
$count = $magic = 0;
if( get_magic_quotes_gpc() ){ $magic = 1; }
foreach($_POST as $k => $v){
if($count === 8 ) die;
if( $magic ) $$k = stripslashes($v);
else $$k = $v;
++$count;
}
$to = s('website_email');
$subject = s('contact_subject');
$name = (isset($name[0]) && ! isset($name[300]) ) ? trim($name) : null;
$name = ! preg_match('/[\\n\\r]/', $name) ? $name : die;
$mail = (isset($email[6]) && ! isset($email[320]) ) ? trim($email) : null;
$mail = ! preg_match('/[\\n\\r]/', $mail) ? $mail : die;
$url = (isset($weblink[4]) && ! isset($weblink[160]) ) ? trim($weblink) : null;
$url = ( strpos($url, '?') === false && ! preg_match('/[\\n\\r]/', $url)) ? $url : null;
$message = (isset($message[10]) && ! isset($message[6000]) ) ? strip_tags($message) : null;
$time = ( isset($_SESSION[_SITE.'time']) && $_SESSION[_SITE.'time'] === (int)$time && (time() - $time) > 10) ? $time : null ;
if ( isset($ip) && $ip === $_SERVER['REMOTE_ADDR'] && $time
&& $name && $mail && $message && checkMathCaptcha()) {
unset($_SESSION[_SITE.'time']);
echo notification(0,l('contact_sent'),'home');
$send_array = array(
'to'=>$to,
'name'=>$name,
'email'=>$mail,
'message'=>$message,
'ip'=>$ip,
'url'=>$url,
'subject'=>$subject);
send_email($send_array);
} else {
echo notification(1,l('contact_not_sent'),'contact');
}
}
}
// MENU ARTICLES
function menu_articles($start = 0, $size = 5, $cat_specific = 0) {
global $categorySEF, $_catID,$subcatSEF;
switch ($cat_specific){
case 1 :
$subcat = !empty($_catID) && empty($subcatSEF) ? 'AND c.subcat = '.$_catID : '';
break;
case 2 :
$subcat = !empty($_catID) ? 'AND c.subcat = '.$_catID : '';
break;
default:
$subcat = '';
}
$query = 'SELECT
title,a.seftitle AS asef,date,
c.name AS name,c.seftitle AS csef,
x.name AS xname,x.seftitle AS xsef
FROM '._PRE.'articles'.' AS a
LEFT OUTER JOIN '._PRE.'categories'.' as c
ON category = c.id
LEFT OUTER JOIN '._PRE.'categories'.' as x
ON c.subcat = x.id AND x.published =\'YES\'
WHERE position = 1
AND a.published = 1
AND c.published =\'YES\'
AND a.visible = \'YES\'
'.$subcat.'
ORDER BY date DESC
LIMIT '."$start, $size";
$result = mysql_query($query);
$count = mysql_num_rows($result);
if ( $count === 0) {
echo '<li>'.l('no_articles').'</li>';
} else {
while ($r = mysql_fetch_array($result)) {
$name = s('show_cat_names') == 'on' ? ' ('.$r['name'].')' : '';
$date = date(s('date_format'), strtotime($r['date']));
$link = isset($r['xsef']) ? $r['xsef'].'/'.$r['csef'] : $r['csef'];
echo '<li><a href="'._SITE.$link.'/'.$r['asef'].'/"
title="'.$r['name'].' / '.$r['title'].' ('.$date.')">'.$r['title'].$name.'</a>
</li>';
}
}
}
// NEW COMMENTS // Patch #1 - 1.7.1 - WHERE string updated in the query below
function new_comments($number = 5, $stringlen = 30) {
$query = 'SELECT
a.id AS aid,title,a.seftitle AS asef,
category,co.id,articleid,co.name AS coname,comment,
c.name,c.seftitle AS csef,c.subcat,
x.name,x.seftitle AS xsef
FROM '._PRE.'comments'.' AS co
LEFT OUTER JOIN '._PRE.'articles'.' AS a
ON articleid = a.id
LEFT OUTER JOIN '._PRE.'categories'.' AS c
ON category = c.id AND c.published =\'YES\'
LEFT OUTER JOIN '._PRE.'categories'.' AS x
ON c.subcat = x.id AND x.published =\'YES\'
WHERE a.published = 1 AND (a.commentable = \'YES\' || a.commentable = \'FREEZ\' )
AND approved = \'True\'
ORDER BY co.id DESC LIMIT '.$number;
$result = mysql_query($query);
if (mysql_num_rows($result) === 0) {
echo '<li>'.l('no_comments').'</li>';
} else {
$comlim = s('comment_limit');
$comment_limit = $comlim < 1 ? 1 : $comlim;
$comments_order = s('comments_order');
while ($r = mysql_fetch_array($result)) {
$loopr = mysql_query("SELECT id FROM "._PRE.'comments'."
WHERE articleid = '$r[articleid]'
AND approved = 'True'
ORDER BY id $comments_order");
$num = 1;
while ($r_art = mysql_fetch_array($loopr)) {
if ($r_art['id'] == $r['id']) {
$ordinal = $num;
}
$num++;
}
$name = $r['coname'];
$comment = strip_tags($r['comment']);
$page = ceil($ordinal / $comment_limit);
$ncom = $name.' ('.$comment;
$ncom = strlen($ncom) > $stringlen ? substr($ncom, 0, $stringlen - 3).'...' : $ncom;
$ncom.= strlen($name) < $stringlen ? ')' : '';
$ncom = str_replace(' ...', '...', $ncom);
$paging = $page > 1 ? '/'.l('comment_pages').$page : ''; // Patch #1 - 1.7.1
unset($link); // Patch #10 - 1.7.1 - 4 strings
if (isset($r['xsef'])) { $link = $r['xsef'].'/'; }
if (isset($r['csef'])) { $link .= $r['csef'].'/'; }
$link .= $r['asef']; // end Patch #10 - 1.7.1
echo '<li><a href="'._SITE.$link.$paging.'/#'.l('comment').$ordinal.'"
title="'.l('comment_info').' '.$r['title'].'">'.$ncom.'</a>
</li>';
}
}
}
// SEARCH FORM
function searchform() { ?>
<form id="search_engine" method="post" action="<?php echo _SITE; ?>" accept-charset="<?php echo s('charset');?>">
<p><input class="searchfield" name="search_query" type="text" id="keywords" value="<?php echo l('search_keywords');
?>" onfocus="document.forms['search_engine'].keywords.value='';" onblur="if (document.forms['search_engine'].keywords.value == '') document.forms['search_engine'].keywords.value='<?php echo l('search_keywords'); ?>';" />
<input class="searchbutton" name="submit" type="submit" value="<?php echo l('search_button')?>" /></p>
</form>
<?php }
//SEARCH ENGINE
function search($limit = 20) {
$search_query = clean(cleanXSS($_POST['search_query']));
echo '<h2>'.l(search_results).'</h2>';
if (strlen($search_query) < 4 || $search_query == l('search_keywords')) {
echo '<p>'.l('charerror').'</p>';
} else {
$keywords = explode(' ', $search_query);
$keyCount = count($keywords);
$query = 'SELECT a.id
FROM '._PRE.'articles'.' AS a
LEFT OUTER JOIN '._PRE.'categories'.' as c
ON category = c.id AND c.published =\'YES\'
LEFT OUTER JOIN '._PRE.'categories'.' as x
ON c.subcat = x.id AND x.published =\'YES\'
WHERE position != 2
AND a.published = 1
AND';
if(!_ADMIN){
$query = $query.' a.visible = \'YES\' AND ';
}
if ($keyCount > 1) {
for ($i = 0; $i < $keyCount - 1; $i++) {
$query = $query.' (title LIKE "%'.$keywords[$i].'%" ||
text LIKE "%'.$keywords[$i].'%" ||
keywords_meta LIKE "%'.$keywords[$i].'%") &&';
}
$j = $keyCount - 1;
$query = $query.'(title LIKE "%'.$keywords[$j].'%" ||
text LIKE "%'.$keywords[$j].'%" ||
keywords_meta LIKE "%'.$keywords[$j].'%")';
} else {
$query = $query.'(title LIKE "%'.$keywords[0].'%" ||
text LIKE "%'.$keywords[0].'%" ||
keywords_meta LIKE "%'.$keywords[0].'%")';
}
$query = $query.' ORDER BY id DESC LIMIT '.$limit;
$result = mysql_query($query);
$numrows = mysql_num_rows($result);
if (!$numrows) {
echo '<p>'.l('noresults').'
<strong>'.stripslashes($search_query).'</strong>.</p>';
} else {
echo '<p><strong>'.$numrows.'</strong> '.l('resultsfound').' <strong>'.
stripslashes($search_query).'</strong>.</p>';
while ($r = mysql_fetch_array($result)) {
$Or_id[] = 'a.id ='.$r['id'];
}
$Or_id = implode(' OR ',$Or_id);
$query = 'SELECT
title,a.seftitle AS asef,a.date AS date,
c.name AS name,c.seftitle AS csef,
x.name AS xname,x.seftitle AS xsef
FROM '._PRE.'articles'.' AS a
LEFT OUTER JOIN '._PRE.'categories'.' as c
ON category = c.id
LEFT OUTER JOIN '._PRE.'categories'.' as x
ON c.subcat = x.id
WHERE '.$Or_id;
$result = mysql_query($query);
while ($r = mysql_fetch_array($result)) {
$date = date(s('date_format'), strtotime($r['date']));
if ($r['name']) $name = ' ('.$r['name'].')';
if (isset($r['xsef'])) $link = $r['xsef'].'/'.$r['csef'].'/';
else $link = isset($r['csef']) ? $r['csef'].'/' : '';
echo '<p><a href="'._SITE.$link.$r['asef'].'/">'.$r['title'].$name.'</a> - '.$date.'</p>';
}
}
}
echo '<p><br /><a href="'._SITE.'">'.l('backhome').'</a></p>';
}
// RSS FEED - ARTICLES/PAGES/COMMENTS
function rss_contents($rss_item){ // Patch #17A - 1.7.1 - removed: , $artSEF='' (redundant)
header('Content-type: text/xml; charset='.s('charset').'');
$limit = s('rss_limit');
switch($rss_item) {
case 'rss-articles':
$heading = l('articles');
$query = _PRE.'articles'.' WHERE position = 1 AND visible = \'YES\' AND published = 1 ORDER BY date';
break;
case 'rss-pages':
$heading = l('pages');
$query = _PRE.'articles'.' WHERE position = 3 AND visible = \'YES\' AND published = 1 ORDER BY date';
break;
case 'rss-comments':
$heading = l('comments');
$query = _PRE.'comments'." WHERE approved = 'True' ORDER BY id";
break;
}
echo '<?xml version="1.0" encoding="'.s('charset').'"?>
<rss version="2.0"><channel>
<title><![CDATA['.s('website_title').']]></title>
<description><![CDATA['.$heading.']]></description>
<link>'._SITE.'</link>
<copyright><![CDATA[Copyright '.s('website_title').']]></copyright>
<generator>sNews CMS</generator>';
$result = mysql_query("SELECT * FROM $query DESC LIMIT $limit");
$numrows = mysql_num_rows($result);
$comments_order = s('comments_order');
$ordinal = $comments_order == 'DESC' ? 1 : $numrows;
$comment_limit = s('comment_limit') < 1 ? 1 : s('comment_limit');
$comments_order = s('comments_order');
while ($r = mysql_fetch_assoc($result)) {
switch($rss_item) {
case 'rss-articles':
case 'rss-pages':
$date = date('D, d M Y H:i:s +0000', strtotime($r['date']));
if ($r['category'] == 0) {
$categorySEF = '';
} else {
$categorySEF = cat_rel($r['category'], 'seftitle').'/';
}
$articleSEF = $r['seftitle'];
$title = $r['title'];
$text = $r['text'];
break;
case 'rss-comments':
$subquery = "SELECT id FROM "._PRE.'comments'."
WHERE articleid = ".$r['articleid']."
ORDER BY id $comments_order";
$subresult = mysql_query($subquery);
$num = 1;
while ($subr = mysql_fetch_array($subresult)) {
if ($subr['id'] == $r['id']) {
$ordinal = $num;
}
$num++;
}
$page = ceil($ordinal / $comment_limit);
$articleSEF = retrieve('seftitle', 'articles', 'id', $r['articleid']);
$articleCat = retrieve('category', 'articles', 'id', $r['articleid']);
$articleTitle = retrieve('title', 'articles', 'id', $r['articleid']);
if ($articleCat == 0) {
$categorySEF = '';
} else {
$categorySEF = cat_rel($articleCat, 'seftitle').'/';
}
if (!empty($articleSEF)) {
$paging = $page > 1 ? $page.'/' : '';
$comment_link = 'c_'.$paging.'#'.l('comment').$ordinal; // Patch #14 - 1.7.1
}
$date = date('D, d M Y H:i:s +0000', strtotime($r['time']));
$title = $articleTitle.' - '.$r['name'];
$text = $r['comment'];
break;
}
$link = _SITE.$categorySEF.$articleSEF.'/'.$comment_link;
$item =
'<item>
<title><![CDATA['.strip($title).']]></title>
<description>
<![CDATA[
'.strip($text).'
]]>
</description>
<pubDate>'.$date.'</pubDate>
<link>'.$link.'</link>
<guid>'.$link.'</guid>
</item>';
echo $item;
}
echo '</channel></rss>';
exit;
}
// RSS FEED - LINK BUILDER - Patch #17B - 1.7.1 - revised function: no globals, 1 query
function rss_links() {
$query = 'SELECT COUNT(id) as articles_count,
(SELECT COUNT(id) FROM '._PRE.'articles WHERE position = 3 AND published = 1) as pages_count,
(SELECT COUNT(id) FROM '._PRE.'comments WHERE approved = "True" ) as comments_count
FROM '._PRE.'articles WHERE position = 1 AND published = 1';
$result = mysql_query( $query );
$l_error = array(); // catch any errors
while ($r = mysql_fetch_assoc($result )) {
foreach ($r as $k => $v) {
if ( $v > 0 ) {
$l = explode('_', $k);
echo '<li><a href="rss-'.$l[0].'/">'.l( 'rss_'.$l[0] ).'</a></li>';
} else {
$l_error[] = $k;
}
}
}
if (count($l_error) == 3) {
echo '<li>'.l('no_rss').'</li>';
}
}
/*** ADMINISTRATIVE FUNCTIONS ***/
// LOGIN
function login() {
if (!_ADMIN) {
echo '<div class="adminpanel">
<h2>'.l('login').'</h2>';
echo html_input('form', '', 'post', '', '', '', '', '', '', '', '', '', 'post', _SITE.'administration/', '');
echo '<p>'.l('login_limit').'</p>';
echo html_input('text', 'uname', 'uname', '', l('username'), 'text', '', '', '', '', '', '', '', '', '');
echo html_input('password', 'pass', 'pass', '', l('password'), 'text', '', '', '', '', '', '', '', '', '');
echo mathCaptcha();
echo '<p>';
echo html_input('hidden', 'Loginform', 'Loginform', 'True', '', '', '', '', '', '', '', '', '', '', '');
echo html_input('submit', 'submit', 'submit', l('login'), '', 'button', '', '', '', '', '', '', '', '', '');
echo '</p></form></div>';
} else {
echo '<h2>'.l('logged_in').'</h2>
<p><a href="'._SITE.'logout/" title="'.l('logout').'">'.l('logout').'</a></p>';
}
}
//CONTENTS COUNTER
function stats($field, $position) {
if (!empty($position)) {
$pos = " WHERE position = $position";
} else {
$pos = '';
}
$query = 'SELECT id FROM '._PRE.$field.$pos;
$result = mysql_query($query);
$numrows = mysql_num_rows($result);
return $numrows;
}
// FORM GENERATOR
function html_input($type, $name, $id, $value, $label, $css, $script1, $script2, $script3, $checked, $rows, $cols, $method, $action, $legend) {
$lbl = !empty($label) ? '<label for="'.$id.'">'.$label.'</label>' : '';
$ID = !empty($id) ? ' id="'.$id.'"' : '';
$style = !empty($css) ? ' class="'.$css.'"' : '';
$js1 = !empty($script1) ? ' '.$script1 : '';
$js2 = !empty($script2) ? ' '.$script2 : '';
$js3 = !empty($script3) ? ' '.$script3 : '';
$attribs = $ID.$style.$js1.$js2.$js3;
$val = ' value="'.$value.'"';
$input = '<input type="'.$type.'" name="'.$name.'"'.$attribs;
switch($type) {
case 'form': $output = (!empty($method) && $method != 'end') ?
'<form method="'.$method.'" action="'.$action.'"'.$attribs.' accept-charset="'.s('charset').'">' : '</form>'; break;
case 'fieldset': $output = (!empty($legend) && $legend != 'end') ?
'<fieldset><legend'.$attribs.'>'.$legend.'</legend>' : '</fieldset>'; break;
case 'text':
case 'password': $output = '<p>'.$lbl.':<br />'.$input.$val.' /></p>'; break;
case 'checkbox':
case 'radio': $check = $checked == 'ok' ? ' checked="checked"' : ''; $output = '<p>'.$input.$check.' /> '.$lbl.'</p>'; break;
case 'hidden':
case 'submit':
case 'reset':
case 'button': $output = $input.$val.' />'; break;
case 'textarea':
$output = '<p>'.$lbl.':<br />
<textarea name="'.$name.'" rows="'.$rows.'" cols="'.$cols.'"'.$attribs.'>'.$value.
'</textarea></p>'; break;
}
return $output;
}
// ADMINISTRATION
function administration() { # Patch #19 - 1.7.1 - replaces fieldset strings function-wide.
if (!_ADMIN) { echo( notification(1,l('error_not_logged_in'),'login')); }
else {
$catnum = mysql_fetch_assoc(mysql_query("SELECT COUNT(id) as catnum FROM "._PRE.'categories'.""));
foreach ($_POST as $key) {unset($_POST[$key]);}
echo '<div class="adminpanel">';
echo '<p class="admintitle"><a href="http://snewscms.com/" title="sNews CMS">sNews</a> '.l('administration').'</p>';
echo '<p>'.l('categories').': <a href="admin_category/">'.l('add_new').'</a>';
$link = ' '.l('divider').' <a href="';
if (stats('categories','') > 0) {
echo $link.'snews_categories/">'.l('view').'</a>';
}
echo '</p><p>'.l('articles').': ';
$art_new = $catnum['catnum'] > 0 ? '<a href="article_new/">'.l('add_new').'</a>' : l('create_cat');
echo $art_new;
if (stats('articles','1') > 0) {
echo $link.'snews_articles/">'.l('view').'</a>';
}
echo '</p><p>'.l('pages').': <a href="page_new/">'.l('add_new').'</a>';
if (stats('articles','3') > 0) {
echo $link.'snews_pages/">'.l('view').'</a>';
}
echo '</p>';
if (s('enable_extras') == 'YES') {
echo '<p class="admintitle">'.l('extra_contents').'</p>';
echo '<p>'.l('groupings').': <a href="admin_groupings/">'.l('add_new').'</a>';
if (stats('extras','') > 0) {
echo $link.'groupings/">'.l('view').'</a>';
}
echo '</p>';
}
echo '<p>'.l('extra_contents').': <a href="extra_new/">'.l('add_new').'</a>';
if (stats('articles','2') > 0) {
echo $link.'extra_contents/">'.l('view').'</a>';
}
echo '</p>';
echo '</div>';
$query_comm = 'SELECT id,articleid,name FROM '._PRE.'comments'.' WHERE approved != \'True\'';
$result_comm = mysql_query($query_comm);
$unapproved = mysql_num_rows($result_comm);
if ($unapproved > 0) {
echo '<div class="adminpanel"><p class="admintitle">'.l('comments').'</p>';
echo '<p><a onclick="toggle(\'sub1\')" style="cursor: pointer;" title="'.l('unapproved').'">
'.$unapproved.' '.l('wait_approval').'</a></p>';
echo '<div id="sub1" class="innerpanel" style="display: none;">';
while ($r = mysql_fetch_array($result_comm)) {
$articleTITLE = retrieve('title', 'articles', 'id', $r['articleid']);
echo '<p class="spacelink">'.$r['name'].' (<strong>'.$articleTITLE.'</strong>) '.l('divider').'
<a href="'._SITE.'?action=editcomment&commentid='.$r['id'].'">'.l('edit').'</a></p>';
}
echo '</div></div>';
}
echo '<div class="message"><p class="admintitle">'.l('site_settings').'</p>';
echo '<p><a href="snews_settings/">'.l('settings').'</a> |
<a href="snews_files/">'.l('files').'</a></p></div>';
echo '<div class="message"><p class="admintitle">'.l('login_status').'</p>';
echo '<p><a href="logout/">'.l('logout').'</a></p></div>';
}
}
// SETTINGS FORM
function settings() { # Patch #19 - 1.7.1 - reduced to 1 adminpanel div. replaces fieldset strings function-wide.
echo '<div class="adminpanel"><p class="admintitle">'.l('settings_title').'</p>';
echo html_input('form','','','','','','','','','','','','post', '?action=process&task=save_settings','');
# Expandable Settings
echo '<p><a onclick="toggle(\'sub1\')" style="cursor: pointer;" title="'.l('a_openclose').''.l('settings').'">'.l('settings').'</a></p>';
echo '<div id="sub1" style="display: none;">';
echo html_input('text', 'website_title', 'webtitle', s('website_title'), l('a_website_title'),'','','','','','','','','','');
echo html_input('text', 'home_sef', 'webSEF', s('home_sef') == '' ? l('home_sef') : s('home_sef'), l('a_home_sef'), '', 'onkeypress="return SEFrestrict(event);"','','','','','','','','');
echo html_input('text', 'website_description', 'wdesc', s('website_description'), l('a_description'),'','','','','','','','','','');
echo html_input('text', 'website_keywords', 'wkey', s('website_keywords'), l('a_keywords'),'','','','','','','','','','');
echo '</div>'; # Expandable Contact
echo '<p><a onclick="toggle(\'sub2\')" style="cursor: pointer;" title="'.l('a_openclose').''.l('a_contact_info').'">'.l('a_contact_info').'</a></p>';
echo '<div id="sub2" style="display: none;">';
echo html_input('text', 'website_email', 'we', s('website_email'), l('a_website_email'),'','','','','','','','','','');
echo html_input('text', 'contact_subject', 'cs', s('contact_subject'), l('a_contact_subject'),'','','','','','','','','','');
echo '</div>'; # Expandable Time & Locale
echo '<p><a onclick="toggle(\'sub3\')" style="cursor: pointer;" title="'.l('a_openclose').''.l('a_time_settings').'">'.l('a_time_settings').'</a></p>';
echo '<div id="sub3" style="display: none;">';
echo html_input('text', 'language', 'lang', s('language') == '' ? 'EN' : s('language'), l('a_language'),'','','','','','','','','','');
echo html_input('text', 'charset', 'char', s('charset') == '' ? 'UTF-8' : s('charset'), l('charset'),'','','','','','','','','','');
echo html_input('text', 'date_format', 'dt', s('date_format'), l('a_date_format'),'','','','','','','','','','');
echo '</div>'; # Expandable Contents
echo '<p><a onclick="toggle(\'sub4\')" style="cursor: pointer;" title="'.l('a_openclose').''.l('contents').'">'.l('contents').'</a></p>';
echo '<div id="sub4" style="display: none;">';
echo html_input('text', 'article_limit', 'artl', s('article_limit'), l('a_article_limit'),'','','','','','','','','','');
echo html_input('text', 'rss_limit', 'rssl', s('rss_limit'), l('a_rss_limit'),'','','','','','','','','','');
echo '<p><label for="dp">'.l('a_display_page').':</label><br /> <select name="display_page" id="dp">';
echo '<option value="0"'.(s('display_page') == 0 ? ' selected="selected"' : '').'>'.l('none').'</option>';
$query = 'SELECT id,title FROM '._PRE.'articles'.' WHERE position = 3 ORDER BY id ASC';
$result = mysql_query($query);
while ($r = mysql_fetch_array($result)) {
echo '<option value="'.$r['id'].'"';
if (s('display_page') == $r['id']) { echo ' selected="selected"'; }
echo '>'.$r['title'].'</option>';
}
echo '</select></p>';
echo html_input('checkbox','display_new_on_home','dnoh','',l('a_display_new_on_home'),'','','','',(s('display_new_on_home') == 'on' ? 'ok' : ''),'','','','','');
echo html_input('checkbox','display_pagination','dpag','',l('a_display_pagination'),'','','','',(s('display_pagination') == 'on' ? 'ok' : ''),'','','','','');
echo html_input('checkbox','num_categories','nc','',l('a_num_categories'),'','','','',(s('num_categories') == 'on' ? 'ok' : ''),'','','','','');
echo html_input('checkbox','show_cat_names','scn','',l('a_show_category_name'),'','','','',(s('show_cat_names') == 'on' ? 'ok' : ''),'','','','','');
echo html_input('checkbox','enable_extras','ee','',l('enable_extras'),'','','','',(s('enable_extras') == 'YES' ? 'ok' : ''),'','','','','');
echo html_input('text','file_ext','fileext',s('file_extensions'),l('file_extensions'),'','','','','','','','','','');
echo html_input('text','allowed_file','all_file',s('allowed_files'),l('allowed_files'),'','','','','','','','','','');
echo html_input('text','allowed_img','all_img',s('allowed_images'),l('allowed_images'),'','','','','','','','','','');
echo '</div>'; # Expandable Comments
echo '<p><a onclick="toggle(\'sub5\')" style="cursor: pointer;" title="'.l('a_openclose').''.l('comments').'">'.l('comments').'</a></p>';
echo '<div id="sub5" style="display: none;">';
echo html_input('checkbox','approve_comments','ac','',l('a_approve_comments'),'','','','',(s('approve_comments') == 'on' ? 'ok' : ''),'','','','','');
echo html_input('text','comment_repost_timer','crt',s('comment_repost_timer'),l('comment_repost_timer'),'','','','','','','','','','');
echo html_input('checkbox','mail_on_comments','mc','',l('a_mail_on_comments'),'','','','',(s('mail_on_comments') == 'on' ? 'ok' : ''),'','','','','');
echo html_input('checkbox','enable_comments','ec','',l('enable_comments'),'','','','',(s('enable_comments') == 'YES' ? 'ok' : ''),'','','','','');
echo html_input('checkbox','freeze_comments','dc','',l('freeze_comments'),'','','','',(s('freeze_comments') == 'YES' ? 'ok' : ''),'','','','','');
echo '<p><label for="co">'.l('a_comments_order').':</label><br /><select id="co" name="comments_order">';
echo '<option value="DESC"'.(s('comments_order') == 'DESC' ? ' selected="selected"' : '').'>'.l('newer_top').'</option>';
echo '<option value="ASC"'.(s('comments_order') == 'ASC' ? ' selected="selected"' : '').'>'.l('newer_bottom').'</option></select>';
echo '</p>';
echo html_input('text','comment_limit','cl',s('comment_limit'),l('a_comment_limit'),'','','','','','','','','','');
echo html_input('checkbox','word_filter_enable','wfe','',l('a_word_filter_enable'),'','','','',(s('word_filter_enable') == 'on' ? 'ok' : ''),'','','','','');
echo html_input('text','word_filter_file','wff',s('word_filter_file'),l('a_word_filter_file'),'','','','','','','','','','');
echo html_input('text','word_filter_change','wfc',s('word_filter_change'),l('a_word_filter_change'),'','','','','','','','','','');
echo '</div>';
echo '<p>'; # Save Settings button
echo html_input('submit','save','save',l('save'),'','button','','','','','','','','','');
echo '</p>';
echo '</form>';
echo '</div>'; # Change Password panel
echo html_input('form','','','','','','','','','','','','post','?action=process&task=changeup','');
echo '<div class="adminpanel">';
echo '<p><a onclick="toggle(\'sub6\')" style="cursor: pointer;" title="'.l('a_openclose').''.l('change_up').'">'.l('change_up').'</a>';
echo '<div id="sub6" style="display: none;">';
echo '<p>'.l('login_limit').'</p>';
echo html_input('text','uname','uname','',l('a_username'),'','','','','','','','','','');
echo html_input('password','pass1','pass1','',l('a_password'),'','','','','','','','','','');
echo html_input('password','pass2','pass2','',l('a_password2'),'','','','','','','','','','');
echo '<p>'; # Save Password Change button
echo html_input('hidden','task','task','changeup','','','','','','','','','','','');
echo html_input('submit','submit_pass','submit_pass',l('save'),'','button','','','','','','','','','');
echo '</p></div>';
echo '</div>';
echo '</form>';
}
// LISTS CATEGORIES
function category_list($id) {
if (isset($_GET['id']) && is_numeric($_GET['id']) && !is_null($_GET['id'])) {
$var = $id;
}
echo '<select name="subcat" id="subcat">';
$selected =' selected="selected"';
$result = mysql_query('SELECT id,name FROM '._PRE.'categories'.'
WHERE subcat = 0 ORDER BY catorder, id');
if (!empty($var)) {
$parent_selection = $selected;
}
echo '<option value="0"'.$parent_selection.'>'.l('not_sub').'</option>';
while ($r = mysql_fetch_array($result)) {
$child = retrieve('subcat','categories','id',$var);
if ($r['id'] == $child) {
echo '<option value="'.$r['id'].'"'.$selected.'>'.$r['name'].'</option>';
} elseif ($id!=$r['id']){
echo '<option value="'.$r['id'].'">'.$r['name'].'</option>';
}
}
echo '</select>';
}
// CATEGORIES FORM
function form_categories($subcat='cat') {
if (isset($_GET['id']) && is_numeric($_GET['id']) && !is_null($_GET['id'])) {
$categoryid = $_GET['id'];
$query = mysql_query('SELECT id,name,seftitle,published,description,subcat,catorder FROM '._PRE.'categories'.' WHERE id='.$categoryid);
$r = mysql_fetch_array($query);
$jresult = mysql_query("select name from "._PRE.'categories'."
where id = ".$r['subcat']);
while($j = mysql_fetch_array($jresult)) {
$name = $j['name'];
}
$frm_action = _SITE.'?action=process&task=admin_category&id='.$categoryid;
$frm_add_edit = $r['subcat'] == '0' ? l('edit').' '.l('category') : l('edit').' '.l('subcategory').' '.$name ;
$frm_name = $r['name'];
$subcat = $r['subcat'] == 0 ? 'cat' : 'subcat';
$frm_sef_title = $r['seftitle'];
$frm_description = $r['description'];
$frm_publish = $r['published'] == 'YES' ? 'ok' : '';
$catorder = $r['catorder'];
$frm_task = 'edit_category';
$frm_submit = l('edit_button'); // Patch #11 - 1.7.1
} else {
$sub_cat = isset($_GET['sub_id']) ? $_GET['sub_id'] : '0';
if ($sub_cat!='cat') {
$jresult = mysql_query('SELECT name FROM '._PRE.'categories'.' WHERE id = '.$sub_cat);
while($j = mysql_fetch_array($jresult)) {
$name = $j['name'];
}
}
$frm_action = _SITE.'?action=process&task=admin_category';
$frm_add_edit = empty($sub_cat) ? l('add_category') : l('add_subcategory').' ('.$name.')';
$frm_sef_title = $_POST['name'] == '' ? cleanSEF($_POST['name']) : cleanSEF($_POST['seftitle']);
$frm_description = '';
$frm_publish = 'ok';
$frm_task = 'add_category';
$frm_submit = l('add_category');
}
echo html_input('form', '', 'post', '', '', '', '', '', '', '', '', '', 'post', $frm_action, '');
echo '<div class="adminpanel">';
echo '<p class="admintitle">'.$frm_add_edit.'</p>'; # Patch #19 - 1.7.1 - replaces fieldset string
echo html_input('text', 'name', 't', $frm_name, l('name'), '', 'onchange="genSEF(this,document.forms[\'post\'].seftitle)"', 'onkeyup="genSEF(this,document.forms[\'post\'].seftitle)"', '', '', '', '', '', '', '');
echo html_input('text', 'seftitle', 's', $frm_sef_title, l('sef_title_cat'), '', '', '', '', '', '', '', '', '', '');
echo html_input('text', 'description', 'desc', $frm_description, l('description'), '', '', '', '', '', '', '', '', '', '');
if (empty($sub_cat)) {
echo '<p>'.l('subcategory').': <br />'; category_list($categoryid); echo '</p>';
}
$publish = $subcat == 'cat' ? l('publish_category') : l('publish_subcategory');
echo html_input('checkbox', 'publish', 'pub', 'YES', $publish, '', '', '', '', $frm_publish, '', '', '', '', '');
echo '</div><p>'; // echo '</fieldset></div><p>'; # Patch #19 - 1.7.1
if ($sub_cat) {
echo html_input('hidden', 'subcat', 'subcat', $sub_cat, '', '', '', '', '', '', '', '', '', '', '');
}
echo html_input('hidden', 'catorder', 'catorder', $catorder, '', '', '', '', '', '', '', '', '', '', '');
echo html_input('hidden', 'task', 'task', 'admin_category', '', '', '', '', '', '', '', '', '', '', '');
echo html_input('submit', $frm_task, $frm_task, $frm_submit, '', 'button', '', '', '', '', '', '', '', '', '');
if (!empty($categoryid)) {
echo ' ';
echo html_input('hidden', 'id', 'id', $categoryid, '', '', '', '', '', '', '', '', '', '', '');
echo html_input('submit', 'delete_category', 'delete_category', l('delete'), '', 'button', 'onclick="javascript: return pop()"', '', '', '', '', '', '', '', '');
}
echo '</p></form>';
}
// CATEGORIES - ADMIN LIST
function admin_categories() { # Patch #19 - 1.7.1 - replaces fieldset string
$add = ' - <a href="admin_category/">'.l('add_new').'</a>';
$link = '?action=admin_category';
$tab = 1;
echo '<div class="adminpanel">';
echo '<p class="admintitle">'.l('categories').$add.'</p>';
echo html_input('form', '', 'post', '', '', '', '', '', '', '', '', '', 'post', '?action=process&task=reorder', '');
echo '<p><input type="hidden" name="order" id="order" value="snews_categories" /></p>';
$query = 'SELECT id, name, description, published, catorder FROM '._PRE.'categories'.' WHERE subcat = 0 ORDER BY catorder,id ASC';
$result = mysql_query($query);
if (!$result || !mysql_num_rows($result)) {
echo '<p>'.l('category_not_exist').'</p>';
} else {
while ($r = mysql_fetch_array($result)) {
$cat_input = '<input type="text" name="cat_'.$r['id'].'" value="'.$r['catorder'].'" size="1" tabindex="'.$tab.'" /> ';
echo '<p>'.$cat_input.'<strong>'.$r['name'].'</strong>
'.l('divider').' <a href="'._SITE.$link.'&id='.$r['id'].'" title="'.$r['description'].'">'.l('edit').'</a> ';
echo $r['published'] != 'YES' ? ' '.l('divider').' ['.l('status').' '.l('unpublished').']' : '';
echo ' '.l('divider').' <a href="'._SITE.$link.'&sub_id='.$r['id'].'" title="'.$r['description'].'">'.l('add_subcategory').'</a></p>';
$subquery = 'SELECT id,name,description,published,catorder FROM '._PRE.'categories'.' WHERE subcat = '.$r['id'].' ORDER BY catorder,id ASC';
$subresult = mysql_query($subquery); $tab2 = 1;
while ($sub = mysql_fetch_array($subresult)) {
$subcat_input = '<input type="text" name="cat_'.$sub['id'].'" value="'.$sub['catorder'].'" size="1" tabindex="'.$tab2.'" /> ';
echo '<p class="subcat">'.$subcat_input.'<strong>'.$sub['name'].'</strong>'.l('divider').' <a href="'._SITE.$link.'&id='.$sub['id'].'" title="'.$sub['description'].'">'.l('edit').'</a> ';
echo ($sub['published'] != 'YES' ? ' '.l('divider').' ['.l('status').' '.l('unpublished').']' : '');
echo '</p>'; $tab2++;
}
$tab++;
}
}
echo '<p>'.html_input('submit', 'reorder', 'reorder', l('order_content'), '', 'button', '', '', '', '', '', '', '', '', '');
echo '</p></form>';
echo '</div>';
}
// DELETE CATEGORY BY ID
function delete_cat($id){
$catdata = mysql_fetch_array(mysql_query("SELECT catorder,subcat FROM "._PRE.'categories'." WHERE id = $id"));
$cat_order = $catdata['catorder'];
$cat_subcat = $catdata['subcat'];
mysql_query("DELETE FROM "._PRE.'categories'." WHERE id = $id LIMIT 1");
$query = mysql_query("SELECT id,catorder FROM "._PRE.'categories'."
WHERE catorder > $cat_order AND subcat = $cat_subcat");
while ($r = mysql_fetch_array($query)) {
mysql_query("UPDATE "._PRE.'categories'." SET
catorder = catorder - 1 WHERE id = $r[id]");
}
}
// ARTICLES - POSTING TIME
function posting_time($time='') {
echo '<p>'.l('day').': <select name="fposting_day">';
$thisDay = !empty($time) ? substr($time, 8, 2) : intval(date('d'));
for($i = 1; $i < 32; $i++) {
echo '<option value="'.$i.'"';
if($i == $thisDay) {
echo ' selected="selected"';
}
echo '>'.$i.'</option>';
}
echo '</select> '.l('month').': <select name="fposting_month">';
$thisMonth = !empty($time) ? substr($time, 5, 2) : intval(date('m'));
for($i = 1; $i < 13; $i++) {
echo '<option value="'.$i.'"';
if($i == $thisMonth) {
echo ' selected="selected"';
}
echo '>'. $i .'</option>';
}
echo '</select> '.l('year').': <select name="fposting_year">';
$PresentYear = intval(date('Y'));
$thisYear = !empty($time) ? substr($time, 0, 4) : $PresentYear;
for($i = $thisYear-3; $i < $PresentYear + 3; $i++) {
echo '<option value="'.$i.'"';
if($i == $thisYear) {
echo ' selected="selected"';
}
echo '>'.$i.'</option>';
}
echo '</select> '.l('hour').': <select name="fposting_hour">';
$thisHour = !empty($time) ? substr($time, 11, 2) : intval(date('H'));
for($i = 0; $i < 24; $i++) {
echo '<option value="'.$i.'"';
if($i == $thisHour) {
echo ' selected="selected"';
}
echo '>'.$i.'</option>';
}
echo '</select> '.l('minute').': <select name="fposting_minute">';
$thisMinute = !empty($time) ? substr($time, 14, 2) : intval(date('i'));
for($i = 0; $i < 60; $i++) {
echo '<option value="'.$i.'"';
if($i == $thisMinute) {
echo ' selected="selected"';
}
echo '>'.$i.'</option>';
}
echo '</select></p>';
return;
}
// ARTICLES FORM
function form_articles($contents) {
if (is_numeric($_GET['id']) && !is_null($_GET['id'])) {
$id = $_GET['id'];
$query = mysql_query('SELECT * FROM '._PRE.'articles'.' WHERE id='.$id);
$r = mysql_fetch_array($query);
$article_category = $r['category'];
$edit_option = $r['position']==0 ? 1 : $r['position'];
$edit_page = $r['page_extra'];
$extraid = $r['extraid'];
switch ($edit_option) {
case 1:
$frm_fieldset = l('edit').' '.l('article');
$toggle_div='show';
$frm_position1 = 'selected="selected"';
break;
case 2:
$frm_fieldset = l('edit').' '.l('extra_contents');
$toggle_div='show';
$frm_position2 = 'selected="selected"';
break;
case 3:
$frm_fieldset = l('edit').' '.l('page');
$toggle_div='show';
$frm_position3 = 'selected="selected"';
break;
}
$frm_action = _SITE.'?action=process&task=admin_article&id='.$id;
$frm_title = $_SESSION[_SITE.'temp']['title'] ? $_SESSION[_SITE.'temp']['title'] : $r['title'];
$frm_sef_title = $_SESSION[_SITE.'temp']['seftitle'] ? cleanSEF($_SESSION[_SITE.'temp']['seftitle']) : $r['seftitle'];
$frm_text = str_replace('&', '&', $_SESSION[_SITE.'temp']['text'] ? $_SESSION[_SITE.'temp']['text'] : $r['text']);
$frm_meta_desc = $_SESSION[_SITE.'temp']['description_meta'] ?
cleanSEF($_SESSION[_SITE.'temp']['description_meta']) : $r['description_meta'];
$frm_meta_key = $_SESSION[_SITE.'temp']['keywords_meta'] ?
cleanSEF($_SESSION[_SITE.'temp']['keywords_meta']) : $r['keywords_meta'];
$frm_display_title = $r['displaytitle'] == 'YES' ? 'ok' : '';
$frm_display_info = $r['displayinfo'] == 'YES' ? 'ok' : '';
$frm_publish = $r['published'] == 1 ? 'ok' : '';
$show_in_subcats = $r['show_in_subcats'] == 'YES' ? 'ok' : '';
$frm_showonhome = $r['show_on_home'] == 'YES' ? 'ok' : '';
$frm_commentable = ($r['commentable'] == 'YES' || $r['commentable'] == 'FREEZ') ? 'ok' : '';
$frm_task = 'edit_article';
$frm_submit = l('edit_button'); // Patch #11 - 1.7.1
} else {
switch ($contents) {
case 'article_new':
$frm_fieldset = l('article_new');
$toggle_div='';
$pos = 1;
$frm_position1 = 'selected="selected"';
break;
case 'extra_new':
$frm_fieldset = l('extra_new');
$toggle_div='';
$pos = 2;
$frm_position2 = 'selected="selected"';
break;
case 'page_new':
$frm_fieldset = l('page_new');
$toggle_div='';
$pos = 3;
$frm_position3 = 'selected="selected"';
break;
}
if (empty($frm_fieldset)) {
$frm_fieldset = l('article_new');
}
$frm_action = _SITE.'?action=process&task=admin_article';
$frm_title = $_SESSION[_SITE.'temp']['title'];
$frm_sef_title = cleanSEF($_SESSION[_SITE.'temp']['seftitle']);
$frm_text = $_SESSION[_SITE.'temp']['text'];
$frm_meta_desc = cleanSEF($_SESSION[_SITE.'temp']['description_meta']);
$frm_meta_key = cleanSEF($_SESSION[_SITE.'temp']['keywords_meta']);
$frm_display_title = 'ok';
$frm_display_info = ($contents == 'extra_new') ? '' : 'ok';
$frm_publish = 'ok';
$show_in_subcats = 'ok';
$frm_showonhome = s('display_new_on_home') == 'on' ? 'ok' : '';
$frm_commentable = ($contents == 'extra_new' || $contents == 'page_new' || s('enable_comments') != 'YES') ? '' : 'ok';
$frm_task = 'add_article';
$frm_submit = l('submit');
}
$catnum = mysql_fetch_assoc(mysql_query("SELECT COUNT(id) as catnum FROM "._PRE.'categories'.""));
if ($contents == 'article_new' && $catnum['catnum'] < 1) {
echo l('create_cat');
} else {
echo html_input('form', '', 'post', '', '', '', '', '', '', '', '', '', 'post', $frm_action, '');
echo '<div class="adminpanel">';
if ($toggle_div=='show') {
# Patch #19 - 1.7.1 - replaces fieldset string
echo '<p class="admintitle"><a onclick="toggle(\'edit_article\')" style="cursor: pointer;" title="'.$frm_fieldset.'">'.$frm_fieldset.'</a></p>';
echo '<div id="edit_article" style="display: none;">';
} else {
echo '<p class="admintitle">'.$frm_fieldset.'</p>'; # Patch #19 - 1.7.1 - replaces fieldset string
}
echo html_input('text', 'title', 'at', $frm_title, l('title'), '', 'onchange="genSEF(this,document.forms[\'post\'].seftitle)"', 'onkeyup="genSEF(this,document.forms[\'post\'].seftitle)"', '', '', '', '', '', '', '');
if ($contents == 'extra_new' || $edit_option == 2) {
echo '<div style="display: none;">';
echo html_input('text', 'seftitle', 'as', $frm_sef_title, l('sef_title'), '', '', '', '', '', '', '', '', '', '');
echo '</div>';
} else {
echo html_input('text', 'seftitle', 'as', $frm_sef_title, l('sef_title'), '', '', '', '', '', '', '', '', '', '');
}
echo html_input('textarea', 'text', 'txt', $frm_text, l('text'), '', '', '', '', '', '2', '100', '', '', '');
buttons();
if ($contents != 'page_new' && $edit_option != 3) {
echo '<p><label for="cat">';
echo ($contents == 'extra_new' || $edit_option == 2) ? l('appear_category') : l('category');
if ($contents == 'extra_new' || $edit_option == 2) {
echo ':</label><br /><select name="define_category" id="cat" onchange="dependancy(\'extra\');">';
echo '<option value="-1"'.($article_category == -1 ? ' selected="selected"' : '').'>'.l('all').'</option>';
echo '<option value="-3"'.($article_category == -3 ? ' selected="selected"' : '').'>'.l('page_only').'</option>';
} else
echo ':</label><br /><select name="define_category" id="cat" onchange="dependancy(\'snews_articles\');">';
$category_query = 'SELECT id,name,subcat FROM '._PRE.'categories'.'
WHERE published = \'YES\' AND subcat = 0 ORDER BY catorder,id ASC';
$category_result = mysql_query($category_query);
while ($cat = mysql_fetch_array($category_result)) {
echo '<option value="'.$cat['id'].'"';
if ($article_category == $cat['id']) {
echo ' selected="selected"';
}
echo '>'.$cat['name'].'</option>';
$subquery = 'SELECT id,name,subcat FROM '._PRE.'categories'.'
WHERE subcat = '.$cat['id'].' ORDER BY catorder,id ASC';
$subresult = mysql_query($subquery);
while ($s = mysql_fetch_array($subresult)) {
echo '<option value="'.$s['id'].'"';
if ($article_category == $s['id']) {
echo ' selected="selected"';
}
echo '>--'.$s['name'].'</option>';
}
}
echo '</select></p>';
if ($contents == 'extra_new' || $edit_option == 2) {
$none_display = $article_category == -1 ? 'none' : 'inline';
echo '<div id="def_page" style="display:'.$none_display.';"><p><label for="dp">'.l('appear_page').':</label>
<br /><select name="define_page" id="dp">';
echo '<option value="0"'.($edit_option != '2' ? ' selected="selected"' : '').'>'.l('all').'</option>';
$query = 'SELECT id,title FROM '._PRE.'articles'.' WHERE position = 3 ORDER BY id ASC';
$result = mysql_query($query);
while ($r = mysql_fetch_array($result)) {
echo '<option value="'.$r['id'].'"';
if ($edit_page == $r['id']) {
echo ' selected="selected"';
}
echo '>'.$r['title'].'</option>';
}
echo '</select><br />'.
html_input('checkbox', 'show_in_subcats', 'asc', 'YES', l('show_in_subcats'), '', '', '', '', $show_in_subcats, '', '', '', '', '').'</p></div>';
}
}
if ($contents == 'article_new' || $edit_option == 1) {
echo html_input('checkbox', 'show_on_home', 'sho', 'YES', l('show_on_home'), '', '', '', '', $frm_showonhome, '', '', '', '', '');
}
echo html_input('checkbox', 'publish_article', 'pu', 'YES', l('publish_article'), '', '', '', '', $frm_publish, '', '', '', '', '');
if ($toggle_div=='show') {
echo '</div>';
}
echo '</div>'; //echo '</fieldset></div>'; # Patch #19 - 1.7.1
echo '<div class="adminpanel">';
# Patch #19 - 1.7.1 - replaces fieldset string
echo '<p class="admintitle"><a onclick="toggle(\'preview\')" style="cursor: pointer;" title="'.l('preview').'">'.l('preview').'</a></p>';
echo '<div id="preview" style="display: none;"></div>';
echo '</div>'; //echo '</fieldset></div>'; # Patch #19 - 1.7.1
echo '<div class="adminpanel">';
# Patch #19 - 1.7.1 - replaces fieldset string
echo '<p class="admintitle"><a onclick="toggle(\'customize\')" style="cursor: pointer;" title="'.l('customize').'">'.l('customize').'</a></p>';
echo '<div id="customize" style="display: none;">';
if ($contents == 'extra_new' || $edit_option == 2) {
if (s('enable_extras') == 'YES') {
echo '<p><label for="ext">'.l('define_extra').'</label><br />';
echo '<select name="define_extra" id="ext">';
$extra_query = 'SELECT id,name FROM '._PRE.'extras'.' ORDER BY id ASC';
$extra_result = mysql_query($extra_query);
while ($ex = mysql_fetch_array($extra_result)) {
echo '<option value="'.$ex['id'].'"';
if ($extraid == $ex['id']) {
echo ' selected="selected"';
}
echo '>'.$ex['name'].'</option>';
}
echo '</select></p>';
} else {
echo html_input('hidden', 'define_extra', 'ext', 1, '', '', '', '', '', '', '', '', '', '', '');
}
}
if (!empty($id)) {
echo '<p><label for="pos">'.l('position').':</label>
<br /><select name="position" id="pos">';
echo '<option value="1"'.$frm_position1.'>'.l('center').'</option>';
echo '<option value="2"'.$frm_position2.'>'.l('side').'</option>';
echo '<option value="3"'.$frm_position3.'>'.l('display_page').'</option>';
echo '</select></p>';
} else {
echo html_input('hidden', 'position', 'position', $pos, '', '', '', '', '', '', '', '', '', '', '');
}
if ($contents != 'extra_new' && $edit_option != '2') {
echo html_input('text', 'description_meta', 'dm', $frm_meta_desc, l('description_meta'), '', '', '', '', '', '', '', '', '', '');
echo html_input('text', 'keywords_meta', 'km', $frm_meta_key, l('keywords_meta'), '', '', '', '', '', '', '', '', '', '');
}
echo html_input('checkbox', 'display_title', 'dti', 'YES', l('display_title'), '', '', '', '', $frm_display_title, '', '', '', '', ''); // Patch #2 - 1.7.1
if ($contents != 'extra_new' && $edit_option != '2') {
echo html_input('checkbox', 'display_info', 'di', 'YES', l('display_info'), '', '', '', '', $frm_display_info, '', '', '', '', '');
echo html_input('checkbox', 'commentable', 'ca', 'YES', l('enable_commenting'), '', '', '', '', $frm_commentable, '', '', '', '', '');
if (!empty($id)) {
echo '<p><input name="freeze" type="checkbox" id="fc"';
if ($r['commentable'] == 'FREEZ') {
echo ' checked="checked" />';
} else if ($r['commentable'] == 'YES') {
echo ' />';
} else {
echo ' />';
}
echo ' <label for="fc"> '.l('freeze_comments').'</label></p>';
}
}
echo '</div></div>'; //echo '</div></fieldset></div>'; # Patch #19 - 1.7.1
if ($contents == 'article_new' || $edit_option == 1) {
echo '<div class="adminpanel">';
# Patch #19 - 1.7.1 - replaces fieldset string
echo '<p class="admintitle"><a onclick="toggle(\'admin_publish_date\')" style="cursor: pointer;" title="'.l('publish_date').'">'.l('publish_date').'</a></p>';
echo '<div id="admin_publish_date" style="display: none;">';
# Patch Nov.22.09 - 1 new string, defines check-box status.
$onoff_status = $r['published'] == '2' ? 'ok' : ''; // Variable inserted in check-box string show is as checked if enabled.
echo html_input('checkbox', 'fposting', 'fp', 'YES', l('enable'), '', '', '', '', $onoff_status, '', '', '', '', '');
echo '<p>'.l('server_time').': '.date('d.m.Y. H:i:s').'</p>';
echo '<p>'.l('article_date').'</p>';
!empty($id) ? posting_time($r['date']) : posting_time();
echo '</div></div>'; //echo '</div></fieldset></div>'; # Patch #19 - 1.7.1
}
echo '<p>';
echo html_input('hidden', 'task', 'task', 'admin_article', '', '', '', '', '', '', '', '', '', '', '');
echo html_input('submit', $frm_task, $frm_task, $frm_submit, '', 'button', '', '', '', '', '', '', '', '', '');
if (!empty($id)) {
echo html_input('hidden', 'article_category', 'article_category', $article_category, '', '', '', '', '', '', '', '', '', '', '');
echo html_input('hidden', 'id', 'id', $id, '', '', '', '', '', '', '', '', '', '', '');
echo html_input('submit', 'delete_article', 'delete_article', l('delete'), '',
'button', 'onclick="javascript: return pop()"', '', '', '', '', '', '', '', '');
}
echo '</p></form>';
}}
// ARTICLES - ADMIN LIST - Patch #19 - 1.7.1 - in 5 locations
function admin_articles($contents) {
global $categorySEF, $subcatSEF;
$link = '<a href="'._SITE.$categorySEF.'/';
switch ($contents) {
case 'article_view':
$title = l('articles');
$sef = 'article_new';
$goto = 'snews_articles';
$p = 1;
$qw = 'position < 2 AND position >-1 ';
break;
case 'extra_view':
$title = l('extra_contents');
$sef = 'extra_new';
$goto = 'extra_contents';$p = '2';
$qw = 'position = 2 ';
break;
case 'page_view':
$title = l('pages');
$sef = 'page_new';
$p = '3';
$goto = 'snews_pages';
$qw = 'position = 3 ';
break;
}
$subquery = 'AND '.$qw;
if (stats('articles',$p) > 0) {
$add = ' - <a href="'.$sef.'/" title="'.l('add_new').'">
'.l('add_new').'</a> - '.l('see').' ('.$link.'">'.l('all').'</a>) -
'.l('filter').' ('.$link.l('year').'">'.l('year').'</a> / '.$link.l('month').'">
'.l('month').'</a>)';
} else {
$add = '';
}
$tab = 1;
if ($subcatSEF == l('year') || $subcatSEF == l('month')) {
$query = 'SELECT DISTINCT(YEAR(date)) AS dyear FROM '._PRE.'articles'.' WHERE '.$qw.' ORDER BY date DESC';
$result = mysql_query($query);
$month_names = explode(', ', l('month_names'));
echo '<div class="adminpanel">';
echo '<p class="admintitle">'.l('articles').'</p>'; // Patch #19 - 1.7.1 - replaces fieldset string
echo ' - '.l('filter').' <span style="color: #0000FF">'.$subcatSEF.'</span> - '.l('see').' ('.$link.'">'.l('all').'</a>) - '.l('filter').' ('.$link.l('year').'">'.l('year').'</a> / '.$link.l('month').'">'.l('month').'</a>)</legend>';
if ($result){
while ($r = mysql_fetch_array($result)) {
$ryear = $r['dyear'];
echo ($subcatSEF == l('month') ? '<span style="color: #0000FF">'.$r['dyear'].'</span>' : $link.l('year').'='.$r['dyear'].'">'.$r['dyear'].'</a> ');
if ($subcatSEF == l('month')) {
$qx = "SELECT DISTINCT(MONTH(date)) AS dmonth FROM "._PRE.'articles'." WHERE $qw AND YEAR(date)=$ryear ORDER BY date ASC";
$rqx = mysql_query($qx);
while ($rx = mysql_fetch_array($rqx)){
$m = $rx['dmonth'] - 1;
echo ' '.l('divider').' '.$link.l('year').'='.$r['dyear'].';'.l('month').'='.$rx['dmonth'].'">'.$month_names[$m].'</a> ';
}
}
echo '<br />';
}
}
echo '</div>';
return;
}
$txtYear = l('year');
$txtMonth = l('month');
if (substr($subcatSEF, 0, strlen($txtYear)) == $txtYear) {
$year = substr($subcatSEF, strlen($txtYear)+1, 4);
}
$find = strpos($subcatSEF,l('month'));
if ($find > 0) {
$month = substr($subcatSEF, $find + strlen($txtMonth) + 1, 2);
}
$filterquery = !empty($year) ? "AND YEAR(date)='".$year."' " : '';
$filterquery .= !empty($month) ? "AND MONTH(date)='".$month."' " : '';
$no_content = !empty($filterquery) ? '<p>'.l('no_content_for_filter').'</p>' : '<p>'.l('article_not_exist').'</p>';
echo html_input('form', '', 'post', '', '', '', '', '', '', '', '', '', 'post', '?action=process&task=reorder', '');
echo '<div class="adminpanel">';
echo '<p class="admintitle">'.$title.$add.'</p>'; // Patch #19 - 1.7.1 - replaces fieldset string
echo '<p><input type="hidden" name="order" id="order" value="'.$goto.'" /></p>';
if ($contents == 'extra_view') {
$cat_array_irregular = array('-1','-3');
foreach ($cat_array_irregular as $cat_value) {
$legend_label = $cat_value == -3 ? l('pages') : l('all');
$page_only_xsql = $cat_value == -3 ? 'page_extra ASC,' : '';
$sql = "SELECT id, title, seftitle, date, published, artorder, visible, default_page, page_extra
FROM "._PRE.'articles'."
WHERE category = $cat_value
AND position = $p $filterquery
ORDER BY $page_only_xsql artorder ASC, date DESC ";
$query = mysql_query($sql) or die(mysql_error());
$num_rows = mysql_num_rows($query);
$tab=1;
echo '<div class="innerpanel">';
echo '<p class="admintitle">'.$legend_label.'</p>'; // Patch #19 - 1.7.1 - replaces fieldset string
if ($num_rows == 0) {
echo $no_content;
} else {
$lbl_filter = -5;
while ($r = mysql_fetch_array($query)) {
if ($cat_value == -3) {
if ($lbl_filter != $r['page_extra']) {
$assigned_page = retrieve('title','articles','id',$r['page_extra']);
echo !$assigned_page ? l('all_pages') : $assigned_page;
}
}
$order_input = '<input type="text" name="page_'.$r['id'].'" value="'.$r['artorder'].'" size="1" tabindex="'.$tab.'" /> ';
// Patch #13 - 1.7.1 - next string replace 1 below it.
echo '<p>'.$order_input.'<strong title="'.date(s('date_format'), strtotime($r['date'])).'"> '.$r['title'].'</strong> ';
//echo '<p>'.$order_input.'<strong title="'.date(s('date_format'), strtotime($r['date'])).'"> '.$r['title'].'</strong> '.l('divider').'<a href="'._SITE.$row['seftitle'].'/'.$r['seftitle'].'/">'.l('view').'</a> ';
if ($r['default_page'] != 'YES'){
echo l('divider').' <a href="'._SITE.'?action=admin_article&id='.$r['id'].'">'.l('edit').'</a> ';
}
$visiblity = $r['visible'] == 'YES' ?
'<a href="'._SITE.'?action=process&task=hide&item='.$item.'&id='.$r['id'].'">'.l('hide').'</a>' :
l('hidden').' ( <a href="'._SITE.'?action=process&task=show&item='.$item.'&id='.$r['id'].'">'.l('show').'</a> )' ;
echo ' '.l('divider').' '.$visiblity;
if ($r['published'] == 2) {
echo l('divider').' ['.l('status').' '.l('future_posting').']';
}
if ($r['published'] == 0) {
echo l('divider').' ['.l('status').' '.l('unpublished').']';
}
echo '</p>';
$tab++;
$lbl_filter = $r['page_extra'];
}
}
echo '</div>';
}
}
if ($contents == 'article_view' || $contents == 'extra_view') {
$item = $contents == 'extra_view' ? 'extra_contents': 'snews_articles';
$cat_query = "SELECT id, name, seftitle FROM "._PRE.'categories'." WHERE subcat = 0";
$cat_res = mysql_query($cat_query);
$num = mysql_num_rows($cat_res);
if (!$cat_res || !$num) {
echo '<p>'.l('no_categories').'</p>';
} else {
$sql = "SELECT id, title, seftitle, date, published, artorder, visible, default_page
FROM "._PRE.'articles'."
WHERE category = '0'
AND position = $p $subquery
ORDER BY artorder ASC, date DESC ";
$query = mysql_query($sql) or die(mysql_error());
$num_rows = mysql_num_rows($query);
if ($num_rows > 0) {
echo '<div class="innerpanel">';
echo '<p class="admintitle">'.l('no_category_set').'</p>'; // Patch #19 - 1.7.1 - replaces fieldset string
while ($O = mysql_fetch_array($query)) {
$order_input = '<input type="text" name="page_'.$O['id'].'" value="'.$O['artorder'].'" size="1" tabindex="'.$tab22.'" /> ';
echo '<p>'.$order_input.'<strong title="'.date(s('date_format'), strtotime($O['date'])).'">'.$O['title'].'</strong> ';
if ($r['default_page'] != 'YES'){
echo l('divider').' <a href="'._SITE.'?action=admin_article&id='.$O['id'].'">'.l('edit').'</a> ';
}
$visiblity = $O['visible'] == 'YES' ?
'<a href="'._SITE.'?action=process&task=hide&item='.$item.'&id='.$O['id'].'">'.l('hide').'</a>' :
l('hidden').' ( <a href="'._SITE.'?action=process&task=show&item='.$item.'&id='.$O['id'].'">'.l('show').'</a> )' ;
echo ' '.l('divider').' '.$visiblity;
if ($O['published'] == 2) {
echo l('divider').' ['.l('status').' '.l('future_posting').']';
}
if ($O['published'] == 0) {
echo l('divider').' ['.l('status').' '.l('unpublished').']';
}
echo '</p>';
$tab22++;
}
echo '</div>';
}
while ($row = mysql_fetch_array($cat_res)) {
echo '<div class="adminpanel">';
echo '<p class="admintitle">'.$row['name'].'</p>'; // Patch #19 - 1.7.1 - replaces fieldset string
$sql = "SELECT id, title, seftitle, date, published, artorder, visible, default_page
FROM "._PRE.'articles'."
WHERE category = '".$row['id']."'
AND position = $p $subquery $filterquery
ORDER BY artorder ASC, date DESC ";
$query = mysql_query($sql) or die(mysql_error());
$num_rows = mysql_num_rows($query);
if ($num_rows == 0) {
echo $no_content;
}
while ($r = mysql_fetch_array($query)) {
$order_input = '<input type="text" name="page_'.$r['id'].'" value="'.$r['artorder'].'" size="1" tabindex="'.$tab.'" /> ';
echo '<p>'.$order_input.'<strong title="'.date(s('date_format'), strtotime($r['date'])).'">
'.$r['title'].'</strong> '.l('divider').'
<a href="'._SITE.$row['seftitle'].'/'.$r['seftitle'].'/">'.l('view').'</a> ';
if ($r['default_page'] != 'YES'){
echo l('divider').' <a href="'._SITE.'?action=admin_article&id='.$r['id'].'">'.l('edit').'</a> ';
}
$visiblity = $r['visible'] == 'YES' ?
'<a href="'._SITE.'?action=process&task=hide&item='.$item.'&id='.$r['id'].'">'.l('hide').'</a>' :
l('hidden').' ( <a href="'._SITE.'?action=process&task=show&item='.$item.'&id='.$r['id'].'">'.l('show').'</a> )' ;
echo ' '.l('divider').' '.$visiblity;
if ($r['published'] == 2) {
echo l('divider').' ['.l('status').' '.l('future_posting').']';
}
if ($r['published'] == 0) {
echo l('divider').' ['.l('status').' '.l('unpublished').']';
}
echo '</p>';
$tab++;
}
$query2 = mysql_query("SELECT id, name, seftitle FROM "._PRE.'categories'." WHERE subcat = '$row[id]' ORDER BY catorder ASC");
$tab2 = 1;
while ($row2 = mysql_fetch_array($query2)){
echo '<a class="subcat" onclick="toggle(\'subcat'.$row2['id'].'\')" style="cursor: pointer;">'.$row2['name'].'</a><br />';
echo '<div id="subcat'.$row2['id'].'" style="display: none;" class="subcat">';
$catart_sql2 = "SELECT id, title, seftitle, date, published, artorder, visible
FROM "._PRE.'articles'."
WHERE category = '$row2[id]' $subquery $filterquery
ORDER BY category ASC, artorder ASC, date DESC ";
$catart_query2 = mysql_query($catart_sql2) or die(mysql_error());
$num_rows2 = mysql_num_rows($catart_query2);
if ($num_rows2 == 0) {
echo $no_content;
}
while ($ca_r2 = mysql_fetch_array($catart_query2)) {
$order_input2 = '<input type="text" name="page_'.$ca_r2['id'].'" value="'.$ca_r2['artorder'].'" size="1" tabindex="'.$tab2.'" /> ';
$catSEF = cat_rel($row2['id'],'seftitle');
echo '<p>'.$order_input2.'<strong title="'.date(s('date_format'), strtotime($ca_r2['date'])).'">
'.$ca_r2['title'].'</strong> '.l('divider').'
<a href="'._SITE.$catSEF.'/'.$ca_r2['seftitle'].'/">'.l('view').'</a> ';
echo l('divider').' <a href="'._SITE.'?action=admin_article&id='.$ca_r2['id'].'">'.l('edit').'</a> ';
$visiblity2 = $ca_r2['visible'] == 'YES' ?
'<a href="'._SITE.'?action=process&task=hide&item=snews_articles&id='.$ca_r2['id'].'">'.l('hide').'</a>' :
l('hidden').' ( <a href="'._SITE.'?action=process&task=show&item=snews_articles&id='.$ca_r2['id'].'">
'.l('show').'</a> )';
echo ' '.l('divider').' '.$visiblity2;
if ($ca_r2['published'] == 2) {
echo l('divider').' ['.l('status').' '.l('future_posting').']';
}
if ($ca_r2['published'] == 0) {
echo l('divider').' ['.l('status').' '.l('unpublished').']';
}
echo '</p>';
}
echo '</div>';
$tab2++;
}
echo '</div>';
}
}
} elseif ($contents == 'page_view') {
$sql = "SELECT id, title, seftitle, date, published, artorder, visible, default_page
FROM "._PRE.'articles'."
WHERE position = 3 $subquery
ORDER BY artorder ASC, date DESC ";
$query = mysql_query($sql) or die(mysql_error());
$num_rows = mysql_num_rows($query);
if ($num_rows == 0) {
echo '<p>'.l('article_not_exist').'</p>';
}
while ($r = mysql_fetch_array($query)) {
$order_input = '<input type="text" name="page_'.$r['id'].'" value="'.$r['artorder'].'" size="1" tabindex="'.$tab.'" /> ';
echo '<p>'.$order_input.'<strong title="'.date(s('date_format'), strtotime($r['date'])).'">
'.$r['title'].'</strong> '.l('divider').'
<a href="'._SITE.$r['seftitle'].'/">'.l('view').'</a> ';
if ($r['default_page'] != 'YES') {
echo l('divider').' <a href="'._SITE.'?action=admin_article&id='.$r['id'].'">'.l('edit').'</a> ';
}
$visiblity = $r['visible'] == 'YES' ?
'<a href="'._SITE.'?action=process&task=hide&item=snews_pages&id='.$r['id'].'">'.l('hide').'</a>' :
l('hidden').' ( <a href="'._SITE.'?action=process&task=show&item=snews_pages&id='.$r['id'].'">'.l('show').'</a> )' ;
echo ' '.l('divider').' '.$visiblity;
if ($r['published'] == 2) {
echo l('divider').' ['.l('status').' '.l('future_posting').']';
}
if ($r['published'] == 0) {
echo l('divider').' ['.l('status').' '.l('unpublished').']';
}
echo '</p>';
$tab++;
}
}
echo '<p>'.html_input('submit', 'reorder', 'reorder', l('order_content'), '', 'button', '', '', '', '', '', '', '', '', '');
echo '</p></div></form>';
}
//BUTTONS
function buttons(){
echo '<div class="clearer"></div>
<p>'.l('formatting').':
<br class="clearer" />';
$formatting = array(
'strong' => '',
'em' => 'key',
'underline' => 'key',
'del' => 'key',
'p' => '',
'br' => ''
);
foreach ($formatting as $key => $var) {
$css = $var == 'key' ? $key :'buttons';
echo '<input type="button" name="'.$key.'" title="'.l($key).'" class="'.$css.'" onclick="tag(\''.$key.'\')" value="'.
l($key.'_value').'" />';
}
echo '</p><br class="clearer" /><p>'.l('insert').': <br class="clearer" />';
$insert = array('img', 'link', 'include', 'func','intro');
foreach ($insert as $key) {
echo '<input type="button" name="'.$key.'" title="'.l($key).'" class="buttons" onclick="tag(\''.
$key.'\')" value="'.l($key.'_value').'" />';
}
echo '<br class="clearer" /></p>';
}
// COMMENTS - EDIT
function edit_comment() {
$commentid = $_GET['commentid'];
$query = mysql_query('SELECT id,articleid,name,url,comment,approved FROM '._PRE.'comments'.' WHERE id='.$commentid);
$r = mysql_fetch_array($query);
$articleTITLE = retrieve('title', 'articles', 'id', $r['articleid']);
echo html_input('form', '', 'post', '', '', '', '', '', '', '', '', '', 'post', '?action=process&task=editcomment&id='.$commentid, '');
echo '<div class="adminpanel">';
# Patch #19 - 1.7.1 - replaces fieldset string
echo '<p class="admintitle">'.l('edit_comment').' (<strong> '.$articleTITLE.'</strong> )</p>';
echo html_input('textarea', 'editedcomment', 'ec', stripslashes($r['comment']), l('comment'), '', '', '', '', '', '2', '100', '', '', '');
echo html_input('text', 'name', 'n', $r['name'], l('name'), '', '', '', '', '', '', '', '', '', '');
echo html_input('text', 'url', 'url', $r['url'], l('url'), '', '', '', '', '', '', '', '', '', '');
echo html_input('checkbox', 'approved', 'a', '', l('approved'), '', '', '', '', $r['approved'] == 'True' ? 'ok' : '', '', '', '', '', '');
echo '</div><p>'; // echo '</fieldset></div><p>'; # Patch #19 - 1.7.1
echo html_input('hidden', 'id', 'id', $r['articleid'], '', '', '', '', '', '', '', '', '', '', '');
echo html_input('submit', 'submit_text', 'submit_text', l('edit'), '', 'button', '', '', '', '', '', '', '', '', '');
echo html_input('hidden', 'commentid', 'commentid', $r['id'], '', '', '', '', '', '', '', '', '', '', '');
echo html_input('submit', 'delete_text', 'delete_text', l('delete'), '',
'button', 'onclick="javascript: return pop()"', '', '', '', '', '', '', '', '');
echo '</p></form>';
}
// FORM EXTRA GROUPINGS
function form_groupings() {
if (s('enable_extras') == 'YES') {
if (isset($_GET['id']) && is_numeric($_GET['id']) && !is_null($_GET['id'])) {
$extraid = $_GET['id'];
$query = mysql_query('SELECT id,name,seftitle,description FROM '._PRE.'extras'.' WHERE id='.$extraid);
$r = mysql_fetch_array($query);
$frm_action = _SITE.'?action=process&task=admin_groupings&id='.$extraid;
$frm_add_edit = l('edit');
$frm_name = $r['name'];
$frm_sef_title = $r['seftitle'];
$frm_description = $r['description'];
$frm_task = 'edit_groupings';
$frm_submit = l('edit_button'); // Patch #11 - 1.7.1
} else {
$frm_action = _SITE.'?action=process&task=admin_groupings';
$frm_add_edit = l('add_groupings');
$frm_name = $_POST['name'];
$frm_sef_title = $_POST['name'] == '' ? cleanSEF($_POST['name']) : cleanSEF($_POST['seftitle']);
$frm_description = '';
$frm_task = 'add_groupings';
$frm_submit = l('add_groupings');
}
echo html_input('form', '', 'post', '', '', '', '', '', '', '', '', '', 'post', $frm_action, '');
echo '<div class="adminpanel">';
# Patch #19 - 1.7.1 - replaces fieldset string
echo '<p class="admintitle">'.$frm_add_edit.'</p>';
echo html_input('text', 'name', 't', $frm_name, l('name'), '',
'onchange="genSEF(this,document.forms[\'post\'].seftitle)"',
'onkeyup="genSEF(this,document.forms[\'post\'].seftitle)"', '', '', '', '', '', '', '');
echo html_input('text', 'seftitle', 's', $frm_sef_title, l('extra_title'), '', '', '', '', '', '', '', '', '', '');
echo html_input('text', 'description', 'desc', $frm_description, l('description'), '', '', '', '', '', '', '', '', '', '');
echo '</div><p>'; // echo '</fieldset></div><p>'; # Patch #19 - 1.7.1
echo html_input('hidden', 'task', 'task', 'admin_groupings', '', '', '', '', '', '', '', '', '', '', '');
echo html_input('submit', $frm_task, $frm_task, $frm_submit, '', 'button', '', '', '', '', '', '', '', '', '');
if (!empty($extraid)) {
echo ' ';
echo html_input('hidden', 'id', 'id', $extraid, '', '', '', '', '', '', '', '', '', '', '');
if ($extraid != 1) {
echo html_input('submit', 'delete_groupings', 'delete_groupings', l('delete'), '',
'button', 'onclick="javascript: return pop()"', '', '', '', '', '', '', '', '');
}
}
echo '</p></form>';
}
}
// ADMIN GROUPINGS
function admin_groupings() {
if (s('enable_extras') == 'YES') {
if (stats('extras','') > 0) {
$add = ' - <a href="admin_groupings/" title="'.l('add_new').'">'.l('add_new').'</a>';
} else {
$add = '';
}
echo '<div class="adminpanel">';
echo '<p class="admintitle">'.l('groupings').$add.'</p>'; // Patch #19 - 1.7.1 - replaces fieldset string
$result = mysql_query('SELECT id,name,description FROM '._PRE.'extras'.' ORDER BY id ASC');
if (!$result || !mysql_num_rows($result)) {
echo '<p>'.l('group_not_exist').'</p>';
} else {
while ($r = mysql_fetch_array($result)) {
echo '<p><strong>'.$r['name'].'</strong> '.l('divider').'<a href="'._SITE.'?action=admin_groupings&id='.$r['id'].'" title="'.$r['description'].'">'.l('edit').'</a></p>';
}
}
echo '</div>';
}
}
/*** PROCESSING (CATEGORIES, CONTENTS, COMMENTS) ***/
function processing() {
if (!_ADMIN) {
echo (notification(1,l('error_not_logged_in'),'home'));
} else {
$action = clean(cleanXSS($_GET['action']));
$id = clean(cleanXSS($_GET['id']));
$commentid = $_POST['commentid'];
$approved = $_POST['approved'] == 'on' ? 'True' : '';
$name = clean(entity($_POST['name']));
$category = !empty($_POST['define_category']) ? $_POST['define_category'] : 0;
$subcat = $_POST['subcat'];
$page = $_POST['define_page'];
$def_extra = $_POST['define_extra'];
$description = clean(entity($_POST['description']));
$title = clean(entity($_POST['title']));
$seftitle = $_POST['seftitle'];
$url = cleanXSS($_POST['url']);
$comment = $_POST['editedcomment'];
$text = clean($_POST['text']);
$date = date('Y-m-d H:i:s');
$description_meta = entity($_POST['description_meta']);
$keywords_meta = entity($_POST['keywords_meta']);
$display_title = $_POST['display_title'] == 'on' ? 'YES' : 'NO';
$display_info = $_POST['display_info'] == 'on' ? 'YES' : 'NO';
$commentable = $_POST['commentable'] == 'on' ? 'YES' : 'NO';
$freez = $_POST['freeze'] == 'on' ? 'YES' : 'NO';
if ($freez == 'YES' && $commentable == 'YES') {
$commentable = 'FREEZ';
}
$position = $_POST['position']> 0 ? $_POST['position'] : 1;
if ($position == 2) {
$position = $_POST['cat_dependant'] == 'on' ? 21 : 2;
}
$publish_article = ($_POST['publish_article'] == 'on') ? 1 : 0;
$show_in_subcats = $_POST['show_in_subcats'] == 'on' ? 'YES' : 'NO';
$show_on_home = ($_POST['show_on_home'] == 'on' || $position > 1) ? 'YES' : 'NO';
$publish_category = $_POST['publish'] == 'on' ? 'YES' : 'NO';
$fpost_enabled = false;
if ($_POST['fposting'] == 'on') {
$fpost_enabled = true;
$date = $_POST['fposting_year'].'-'.$_POST['fposting_month'].'-'.$_POST['fposting_day'].' '.
$_POST['fposting_hour'].':'.$_POST['fposting_minute'].':00';
if (date('Y-m-d H:i:s') < $date) $publish_article = 2;
}
$task = clean(cleanXSS($_GET['task']));
switch ($task) {
case 'save_settings':
if (isset($_POST['save'])) {
$website_title = $_POST['website_title'];
$home_sef = $_POST['home_sef'];
$website_description = $_POST['website_description'];
$website_keywords = $_POST['website_keywords'];
$website_email = $_POST['website_email'];
$contact_subject = $_POST['contact_subject'];
$language = $_POST['language'];
$charset = $_POST['charset'];
$date_format = $_POST['date_format'];
$article_limit = $_POST['article_limit'];
$rss_limit = $_POST['rss_limit'];
$display_page = $_POST['display_page'];
$display_new_on_home = $_POST['display_new_on_home'];
$display_pagination = $_POST['display_pagination'];
$num_categories = $_POST['num_categories'];
$show_cat_names = $_POST['show_cat_names'];
$approve_comments = $_POST['approve_comments'];
$mail_on_comments = $_POST['mail_on_comments'];
$comments_order = $_POST['comments_order'];
$comment_limit = $_POST['comment_limit'];
$word_filter_enable = $_POST['word_filter_enable'];
$word_filter_file = $_POST['word_filter_file'];
$word_filter_change = $_POST['word_filter_change'];
$enable_extras = $_POST['enable_extras'] == 'on' ? 'YES' : 'NO';
$enable_comments = $_POST['enable_comments'] == 'on' ? 'YES' : 'NO';
$comment_repost_timer = is_numeric($_POST['comment_repost_timer']) ? $_POST['comment_repost_timer'] : '15';
$freeze_comments = $_POST['freeze_comments'] == 'on' ? 'YES' : 'NO';
$file_ext = $_POST['file_ext'];
$allowed_file = $_POST['allowed_file'];
$allowed_img = $_POST['allowed_img'];
$ufield = array(
'website_title' => $website_title,
'home_sef' => $home_sef,
'website_description' => $website_description,
'website_keywords' => $website_keywords,
'website_email' => $website_email,
'contact_subject' => $contact_subject,
'language' => $language,
'charset' => $charset,
'date_format' => $date_format,
'article_limit' => $article_limit,
'rss_limit' => $rss_limit,
'display_page' => $display_page,
'comments_order' => $comments_order,
'comment_limit' => $comment_limit,
'word_filter_file' => $word_filter_file,
'word_filter_change' => $word_filter_change,
'display_new_on_home' => $display_new_on_home,
'display_pagination' => $display_pagination,
'num_categories' => $num_categories,
'show_cat_names' => $show_cat_names,
'approve_comments' => $approve_comments,
'mail_on_comments' => $mail_on_comments,
'word_filter_enable' => $word_filter_enable,
'enable_extras' => $enable_extras,
'enable_comments' => $enable_comments,
'freeze_comments' => $freeze_comments,
'comment_repost_timer' => $comment_repost_timer,
'file_extensions' => $file_ext,
'allowed_files' => $allowed_file,
'allowed_images' => $allowed_img
);
while (list($key, $value) = each($ufield)) {
mysql_query("UPDATE "._PRE.'settings'." SET VALUE = '$value' WHERE name = '$key' LIMIT 1");
}
echo notification(0,'','snews_settings');
}
break;
case 'changeup':
if (isset($_POST['submit_pass'])) {
$user = checkUserPass($_POST['uname']);
$pass1 = checkUserPass($_POST['pass1']);
$pass2 = checkUserPass($_POST['pass2']);
if ($user && $pass1 && $pass2 && $pass1 === $pass2) {
$uname = md5($user);
$pass = md5($pass2);
$query = "UPDATE "._PRE.'settings'." SET VALUE=";
mysql_query($query."'$uname' WHERE name='username' LIMIT 1");
mysql_query($query."'$pass' WHERE name='password' LIMIT 1");
echo notification(0,'','administration');
} else {
die(notification(2,l('pass_mismatch'),'snews_settings'));
}
}
break;
case 'admin_groupings':
switch (true) {
case (empty($name)):
echo notification(1,l('err_TitleEmpty').l('errNote'));
form_groupings();
break;
case (empty($seftitle)):
echo notification(1,l('err_SEFEmpty').l('errNote'));
form_groupings();
break;
case(check_if_unique('group_name', $name, $id, '')):
echo notification(1,l('err_TitleExists').l('errNote'));
form_groupings();
break;
case(check_if_unique('group_seftitle', $seftitle, $id, '')):
echo notification(1,l('err_SEFExists').l('errNote'));
form_groupings();
break;
case(cleancheckSEF($seftitle) == 'notok'):
echo notification(1,l('err_SEFIllegal').l('errNote'));
form_groupings();
break;
default:
switch (true) {
case (isset($_POST['add_groupings'])):
mysql_query("INSERT INTO "._PRE.'extras'."(name, seftitle, description)
VALUES('$name', '$seftitle', '$description')");
break;
case (isset($_POST['edit_groupings'])):
mysql_query("UPDATE "._PRE.'extras'." SET
name = '$name',
seftitle = '$seftitle',
description = '$description'
WHERE id = $id LIMIT 1");
break;
case (isset($_POST['delete_groupings'])):
mysql_query("DELETE FROM "._PRE.'extras'." WHERE id = $id LIMIT 1");
break;
}
echo notification(0,'','groupings');
}
break;
case 'admin_category':
case 'admin_subcategory':
switch (true) {
case (empty($name)):
echo notification(1,l('err_TitleEmpty').l('errNote'));
form_categories();
break;
case (empty($seftitle)):
echo notification(1,l('err_SEFEmpty').l('errNote'));
form_categories();
break;
case (isset($_POST['add_category']) && check_if_unique('subcat_name', $name, '', $subcat)):
echo notification(1,l('err_TitleExists').l('errNote'));
form_categories();
break;
case (isset($_POST['add_category']) && check_if_unique('subcat_seftitle', $seftitle, '', $subcat)):
echo notification(1,l('err_SEFExists').l('errNote'));
form_categories();
break;
case (isset($_POST['edit_category']) && $subcat == 0 && check_if_unique('cat_name_edit', $name, $id, '')):
echo notification(1,l('err_TitleExists').l('errNote'));
form_categories();
break;
case (isset($_POST['edit_category']) && $subcat == 0 && check_if_unique('cat_seftitle_edit', $seftitle, $id, '')):
echo notification(1,l('err_SEFExists').l('errNote'));
form_categories();
break;
case (isset($_POST['edit_category']) && $subcat != 0 && check_if_unique('subcat_name_edit', $name, $id, $subcat)):
echo notification(1,l('err_TitleExists').l('errNote'));
form_categories();
break;
case (isset($_POST['edit_category']) && $subcat != 0 && check_if_unique('subcat_seftitle_edit', $seftitle, $id, $subcat)):
echo notification(1,l('err_SEFExists').l('errNote'));
form_categories();
break;
case (cleancheckSEF($seftitle) == 'notok'):
echo notification(1,l('err_SEFIllegal').l('errNote'));
form_categories();
break;
case ($subcat==$id):
echo notification(1,l('errNote'));
form_categories();
break;
default:
switch(true) {
case(isset($_POST['add_category'])):
$catorder = mysql_fetch_array(mysql_query(
"SELECT MAX(catorder) as max
FROM "._PRE.'categories'." WHERE subcat = $subcat"));
$catorder = $catorder['max'] + 1;
mysql_query("INSERT INTO "._PRE.'categories'."
(name, seftitle, description, published, catorder, subcat)
VALUES('$name', '$seftitle', '$description', '$publish_category', '$catorder','$subcat')");
break;
case(isset($_POST['edit_category'])):
$catorder = mysql_fetch_array(mysql_query(
"SELECT MAX(catorder) as max
FROM "._PRE.'categories'." WHERE subcat = $subcat"));
$catorder = isset($_POST['catorder']) ? $_POST['catorder'] : $catorder['max'] + 1;
mysql_query("UPDATE "._PRE.'categories'." SET
name = '$name',
seftitle = '$seftitle',
description = '$description',
published = '$publish_category',
subcat='$subcat',
catorder='$catorder'
WHERE id = $id LIMIT 1");
break;
case (isset($_POST['delete_category'])):
$any_subcats = retrieve('COUNT(id)','categories','subcat',$id);
$any_articles = retrieve('COUNT(id)','articles','category',$id);
if ($any_subcats > 0 || $any_articles > 0) {
echo notification(1,l('warn_catnotempty'),'');
echo '<p><a href="'._SITE.'administration/" title="'.l('administration').'">
'.l('administration').'</a> OR <a href="'._SITE.'?action=process&task=delete_category_all&id='.$id.'" onclick="javascript: return pop(\'x\')" title="'.l('administration').'">
'.l('empty_cat').'</a></p>';
$no_success = true;
} else { delete_cat($id); }
break;
}
$success = isset($no_success) ? '' : notification(0,'','snews_categories');
echo $success;
}
break;
case 'reorder':
if (isset($_POST['reorder'])) {
switch ($_POST['order']){
case 'snews_articles':
case 'extra_contents':
case 'snews_pages':
$table = 'articles';
$order_type = 'artorder';
$remove = 'page_';
break;
case 'snews_categories':
$table = 'categories';
$order_type = 'catorder';
$remove = 'cat_';
break;
}
foreach ($_POST as $key => $value){
$type_id = str_replace($remove,'',$key);
$key = clean(cleanXSS(trim($value)));
if ($key != 'reorder' && $key != 'order' && $key != $table && $key != l('order_content') && $key != $_POST['order']){
$query = "UPDATE "._PRE.$table." SET $order_type = $value WHERE id = $type_id LIMIT 1;";
mysql_query($query) or die(mysql_error().'<br />'.$query);
}
}
echo notification(0,l('please_wait'));
echo '<meta http-equiv="refresh" content="1; url='._SITE.$_POST['order'].'/">';
}
break;
case 'admin_article':
$_SESSION[_SITE.'temp']['title'] = $_POST['title']; // Patch #9 - 1.7.1 - revised
$_SESSION[_SITE.'temp']['seftitle'] = $_POST['seftitle']; // Patch #9 - 1.7.1 - revised
$_SESSION[_SITE.'temp']['text'] = $_POST['text']; // Patch #9 - 1.7.1 - revised
switch (true) {
case (empty($title)):
echo notification(1,l('err_TitleEmpty').l('errNote'));
form_articles('');
unset($_SESSION[_SITE.'temp']);
break;
case (empty($seftitle)):
echo notification(1,l('err_SEFEmpty').l('errNote'));
$_SESSION[_SITE.'temp']['seftitle'] = $_SESSION[_SITE.'temp']['title'];
form_articles('');
unset($_SESSION[_SITE.'temp']);
break;
case (cleancheckSEF($seftitle) == 'notok'):
echo notification(1,l('err_SEFIllegal').l('errNote'));
form_articles('');
unset($_SESSION[_SITE.'temp']);
break;
case ($position == 1 && $_POST['article_category'] != $category && isset($_POST['edit_article'])
&& check_if_unique('article_title', $title, $category, '')):
echo notification(1,l('err_TitleExists').l('errNote'));
form_articles('');
unset($_SESSION[_SITE.'temp']);
break;
case ($position == 1 && $_POST['article_category'] != $category && isset($_POST['edit_article'])
&& check_if_unique('article_seftitle', $seftitle, $category, '')):
echo notification(1,l('err_SEFExists').l('errNote'));
form_articles('');
unset($_SESSION[_SITE.'temp']);
break;
case (!isset($_POST['delete_article']) && !isset($_POST['edit_article'])
&& check_if_unique('article_title', $title, $category, '')):
echo notification(1,l('err_TitleExists').l('errNote'));
form_articles('');
unset($_SESSION[_SITE.'temp']);
break;
case (!isset($_POST['delete_article']) && !isset($_POST['edit_article'])
&& check_if_unique('article_seftitle', $seftitle, $category, '')):
echo notification(1,l('err_SEFExists').l('errNote'));
form_articles('');
unset($_SESSION[_SITE.'temp']);
break;
default:
$pos = $position;
$sub = !empty($category) ? ' AND category = '.$category : '';
$curr_artorder = retrieve('artorder','articles','id',$id);
if (!$curr_artorder){
$artorder = 1;
} else {
$artorder = $curr_artorder;
}
switch ($pos) {
case 1: $link = 'snews_articles'; break;
case 2: $link = 'extra_contents'; break;
case 3: $link = 'snews_pages'; break;
}
switch (true) {
case (isset($_POST['add_article'])):
mysql_query("INSERT INTO "._PRE.'articles'."(
title, seftitle, text, date, category,
position, extraid, page_extra, displaytitle,
displayinfo, commentable, published, description_meta,
keywords_meta, show_on_home, show_in_subcats, artorder)
VALUES('$title', '$seftitle', '$text', '$date', '$category',
'$position', '$def_extra', '$page', '$display_title',
'$display_info', '$commentable', '$publish_article',
'$description_meta', '$keywords_meta', '$show_on_home',
'$show_in_subcats', '$artorder')");
break;
case (isset($_POST['edit_article'])):
$category = $position == 3 ? 0 : $category;
$old_pos = retrieve('position','articles','id',$id);
// Only do this if page is changed to art/extra
if ($position != $old_pos && $old_pos == 3) {
$chk_extra_query = "SELECT id FROM "._PRE.'articles'."
WHERE position = 2 AND category = -3 AND page_extra = $id";
$chk_extra_sql = mysql_query($chk_extra_query) or die(mysql_error('oops'));
if ($chk_extra_sql) {
while ($xtra = mysql_fetch_array($chk_extra_sql)) {
$xtra_id = $xtra['id'];
mysql_query("UPDATE "._PRE.'articles'." SET
category = '0', page_extra = ''
WHERE id = $xtra_id");
}
}
}
if ($fpost_enabled == true) {
$future = "date = '$date',"; // Patch #5 - 1.7.1
//allows backdating of article
$publish_article = strtotime($date) < time() ? 1 : $publish_article;
}
mysql_query("UPDATE "._PRE.'articles'." SET
title='$title',
seftitle = '$seftitle',
text = '$text',
".$future."
category = $category,
position = $position,
extraid = '$def_extra',
page_extra = '$page',
displaytitle = '$display_title',
displayinfo = '$display_info',
commentable = '$commentable',
published = $publish_article,
description_meta = '$description_meta',
keywords_meta = '$keywords_meta',
show_on_home='$show_on_home',
show_in_subcats='$show_in_subcats',
artorder = '$artorder'
WHERE id = $id LIMIT 1") or die(mysql_error());
break;
case(isset($_POST['delete_article'])):
if ($position == 3) {
$chk_extra_query = "SELECT id FROM "._PRE.'articles'."
WHERE position = 2 AND category = -3 AND page_extra = $id";
$chk_extra_sql = mysql_query($chk_extra_query) or die(mysql_error());
if ($chk_extra_sql) {
while ($xtra = mysql_fetch_array($chk_extra_sql)) {
$xtra_id = $xtra['id'];
mysql_query("UPDATE "._PRE.'articles'." SET category = '0',page_extra = '' WHERE id = $xtra_id");
}
}
}
mysql_query("DELETE FROM "._PRE.'articles'." WHERE id = $id");
mysql_query("DELETE FROM "._PRE.'comments'." WHERE articleid = $id");
if ($id == s('display_page')) {
mysql_query("UPDATE "._PRE.'settings'." SET
VALUE = 0 WHERE name = 'display_page'");
}
break;
}
echo notification(0,'',$link);
unset($_SESSION[_SITE.'temp']);
}
break;
case 'editcomment':
$articleID = retrieve('articleid', 'comments', 'id', $commentid);
$articleSEF = retrieve('seftitle', 'articles', 'id', $articleID);
$articleCAT = retrieve('category','articles','seftitle',$articleSEF);
$postCat = cat_rel($articleCAT, 'seftitle');
$link = $postCat.'/'.$articleSEF;
if (isset($_POST['submit_text'])) {
mysql_query("UPDATE "._PRE.'comments'." SET
name = '$name',
url = '$url',
comment = '$comment',
approved = '$approved'
WHERE id = $commentid");
} else if (isset($_POST['delete_text'])) {
mysql_query("DELETE FROM "._PRE.'comments'." WHERE id = $commentid");
}
echo notification(0,'',$link);
break;
case 'deletecomment':
$commentid = $_GET['commentid'];
$articleid = retrieve('articleid', 'comments', 'id', $commentid);
$articleSEF = retrieve('seftitle', 'articles', 'id', $articleid);
$articleCAT = retrieve('category','articles','id', $articleid);
$postCat = cat_rel($articleCAT, 'seftitle');
$link = $postCat.'/'.$articleSEF;
mysql_query("DELETE FROM "._PRE.'comments'." WHERE id = $commentid");
echo notification(0,'', $link);
echo '<meta http-equiv="refresh" content="1; url='._SITE.$postCat.'/'.$articleSEF.'/">';
break;
case 'delete_category_all':
$art_query = mysql_query("SELECT id FROM "._PRE.'articles'." WHERE category = $id");
while ($rart = mysql_fetch_array($art_query)) {
mysql_query("DELETE FROM "._PRE.'comments'." WHERE articleid = $rart[id]");
}
mysql_query("DELETE FROM "._PRE.'articles'." WHERE category = $id");
$sub_query = mysql_query("SELECT id FROM "._PRE.'categories'." WHERE subcat = $id");
while ($rsub = mysql_fetch_array($sub_query)) {
$art_query = mysql_query("SELECT id FROM "._PRE.'articles'." WHERE category = $rsub[id]");
while ($rart = mysql_fetch_array($art_query)) {
mysql_query("DELETE FROM "._PRE.'comments'." WHERE articleid = $rart[id]");
}
mysql_query("DELETE FROM "._PRE.'articles'." WHERE category = $rsub[id]");
}
mysql_query("DELETE FROM "._PRE.'categories'." WHERE subcat = $id"); delete_cat($id);
echo notification(0,'', 'snews_categories');
break;
case 'hide':
case 'show':
$id = $_GET['id'];
$item = $_GET['item'];
$back = $_GET['back'];
$no_yes = $task == 'hide' ? 'NO' : 'YES';
switch ($item) {
case 'snews_articles':
$order = 'artorder';
$link = empty($back) ? 'snews_articles' : $back;
break;
case 'extra_contents':
$order = 'artorder';
$link = empty($back) ? 'extra_contents' : $back;
break;
case 'snews_pages':
$order = 'artorder';
$link = empty($back) ? 'snews_pages' : $back;
break;
}
$item = 'articles';
mysql_query("UPDATE "._PRE."$item SET visible = '$no_yes' WHERE id = '$id'");
echo notification(0,l('please_wait'));
echo '<meta http-equiv="refresh" content="1; url='._SITE.$link.'/">';
break;
}
}
}
// FILES
function files() {
$upload_file = isset($_POST['upload']) ? $_POST['upload'] : null;
$ip = (isset($_POST['ip']) && $_POST['ip'] == $_SERVER['REMOTE_ADDR']) ? $_POST['ip'] : null;
$time = (isset($_POST['time']) && (time() - $_POST['time']) > 4) ? $_POST['time'] : null;
if ($ip && $time && $upload_file && _ADMIN) {
$ignore = explode(',', l('ignored_items'));
$file_types = explode(',', s('allowed_files'));
$image_types = explode(',', s('allowed_images'));
$extension = array_merge($file_types, $image_types);
if ($_FILES['imagefile']['type']) {
$filetemp = $_FILES['imagefile']['tmp_name'];
$filename = strtolower($_FILES['imagefile']['name']);
$filetype = $_FILES['imagefile']['type'];
if (!in_array(substr(strrchr($filename, '.'), 1), $extension) || in_array($filename, $ignore)) {
die(notification(2,l('file_error'),'snews_files'));
} else {
$upload_dir = $_POST['upload_dir'].'/';
copy ($filetemp, $upload_dir.$filename) or die (l('file_error'));
echo notification(0,'','snews_files');
$kb_size = round(($_FILES['imagefile']['size'] / 1024), 1);
echo '<p><a href="'.$upload_dir.$filename.'" title="'.$filename.'">'.$filename.'</a> ['.$kb_size.' KB] ['.$filetype.']</p>';
}
} else {
die(notification(2,l('file_error'),'snews_files'));
}
} else {
if (isset($_GET['task']) == 'delete') {
$file_to_delete = $_GET['folder'].'/'.$_GET['file'];
@unlink($file_to_delete);
echo notification(0,'','snews_files');
} else {
echo '<div class="adminpanel">';
echo '<p class="admintitle">'.l('upload').'</p>'; # Patch #19 - 1.7.1 - title string replaces fieldset
echo '<form method="post" action="snews_files/" enctype="multipart/form-data">';
echo '<p>'.l('uploadto').
' <select name="upload_dir" id="ud1">';
echo '<option value=".">..</option>';
filelist('option',".", 0);
echo '</select></p><p>'.l('uploadfrom').
' <input type="file" name="imagefile" /></p><p>';
echo html_input('hidden', 'ip', 'ip1', $_SERVER['REMOTE_ADDR'], '', '', '', '', '', '', '', '', '', '', '');
echo html_input('hidden', 'time', 'time1', time(), '', '', '', '', '', '', '', '', '', '', '');
echo html_input('submit', 'upload', 'upload', l('upload'), '', 'button', '', '', '', '', '', '', '', '', '');
echo '</p></form></div>'; // echo '</p></form></fieldset></div>'; # Patch #19 - 1.7.1
echo '<div class="adminpanel">';
echo '<p class="admintitle">'.l('view_files').' '.(!isset($_POST['upload_dir']) ? ' root' : ' '.str_replace('.', 'root', $_POST['upload_dir']));
echo '</p>'; # Patch #19 - 1.7.1 - title string replaces fieldset
echo '<form method="post" action="snews_files/" enctype="multipart/form-data">';
echo '<p><select name="upload_dir" id="ud2"><option value=".">..</option>';
filelist('option',".");
echo '</select>';
echo html_input('hidden', 'file', 'file', $file, '', '', '', '', '', '', '', '', '', '', '');
echo html_input('hidden', 'ip', 'ip2', $_SERVER['REMOTE_ADDR'], '', '', '', '', '', '', '', '', '', '', '');
echo html_input('hidden', 'time', 'time2', time(), '', '', '', '', '', '', '', '', '', '', '');
echo html_input('submit', 'show', 'show', l('view'), '', 'button', '', '', '', '', '', '', '', '', '');
$handle = (isset($_POST['upload_dir']) && strlen($_POST['upload_dir']) > 2) ? substr($_POST['upload_dir'], 2) : ".";
echo '</p><p>';
filelist('list', $handle);
echo '</p></form></div>'; // echo '</p></form></fieldset></div>'; # Patch #19 - 1.7.1
}
}
}
// FILELIST FUNCTION
function filelist($mode, $path, $depth = 0) {
$ignore = explode(',', l('ignored_items'));
$file_types = explode(',', s('allowed_files'));
$image_types = explode(',', s('allowed_images'));
$types = array_merge($file_types, $image_types);
$dh = @opendir($path);
while (false !== ($file = readdir($dh))) {
$target = $path.'/'.$file;
if(!in_array($file, $ignore)) {
$spaces = str_repeat(l('divider').' ', ($depth));
switch(true) {
case ($mode == 'option' && is_dir($target)):
$selected = $_POST['view_dir'] == $target ? ' selected="selected"' : '';
echo '<option value="'.$target.'"'.$selected.'>'.$spaces.$file.'</option>';
filelist('option', $target, ($depth + 1));
break;
case ($mode == 'list' && is_file($target) && in_array(substr(strrchr($target, '.'), 1), $types)):
echo '
<a href="'.$target.'" title="'.l('view').' '.$file.'">'.$file.'</a>
'.l('divider').'
<a href="?action=snews_files&task=delete&folder='.$path.'&file='.$file.'" title="'.l('delete').' '.$file.'" onclick="return pop()">
'.l('delete').'</a><br />'; // Patch #3 - 1.7.1
break;
}
}
}
closedir($dh);
}
// CONNECT TO DATABASE
function connect_to_db() {
$db = mysql_connect(db('dbhost'), db('dbuname'), db('dbpass'));
mysql_select_db(db('dbname')) or die(l('dberror'));
if (mysql_num_rows(mysql_query("SHOW TABLES LIKE '"._PRE.'articles'."'")) != 1) {
die(l('db_tables_error'));
}
}
// Get parent/child from an id
function cat_rel($var, $column) {
$categoryid = $var;
$join_result = mysql_query(
"SELECT parent.$column FROM "._PRE.'categories'." as child
INNER JOIN "._PRE.'categories'." as parent
ON parent.id = child.subcat
WHERE child.id = $categoryid");
while ($j = mysql_fetch_array($join_result)) {
$parent = $j[$column].'/';
}
$subresult = mysql_query(
"SELECT $column FROM "._PRE.'categories'."
WHERE id = $categoryid");
while ($c = mysql_fetch_array($subresult)) {
$child = $c[$column];
}
return $parent.$child;
}
// SMART RETRIEVE FUNCTION
function populate_retr_cache() {
global $retr_cache_cat_id, $retr_cache_cat_sef;
$result = mysql_query('SELECT id, seftitle, name FROM '._PRE.'categories'.'');
while ($r = mysql_fetch_array($result)) {
$retr_cache_cat_id[$r['id']] = $r['seftitle'];
$retr_cache_cat_sef[$r['seftitle']] = $r['name'];
}
}
$retr_init = False;
function retrieve($column, $table, $field, $value) {
if (is_null($value))
return null;
if ($table == 'categories') {
global $retr_cache_cat_id, $retr_cache_cat_sef, $retr_init;
if (!$retr_init) {
populate_retr_cache();
$retr_init = true;
}
if ($column == 'name') {
return $retr_cache_cat_sef[$value];
} else if ($column == 'seftitle') {
return $retr_cache_cat_id[$value];
}
}
$result = mysql_query("SELECT $column FROM "._PRE."$table WHERE $field = '$value'");
while ($r = mysql_fetch_array($result)) {
$retrieve = $r[$column];
}
return $retrieve;
}
//NOTIFICATION
function notification($error = 0, $note = '', $link = '') {
// adds a "Warning" option
$title = $error == 0 ? l('operation_completed') : ($error !== 0? l('admin_error') : l('warning'));
$note = (!$note || empty($note)) ? '' : '<p>'.$note.'</p>';
switch(true){
case (!$link):
$goto = '';
break;
case ($link == 'home'):
$goto = '<p><a href="'._SITE.'">'.l('backhome').'</a></p>';
break;
case ($link != 'home'):
$goto = '<p><a href="'._SITE.$link.'/" title="'.$link.'">'.l('back').'</a></p>';
break;
}
if ($error == 2) {
$_SESSION[_SITE.'fatal'] = $note == '' ? '' : '<h3>'.$title.'</h3>'.$note.$goto;
echo '<meta http-equiv="refresh" content="0; url='._SITE.$link.'/">';
return;
} else {
$output = '<h3>'.$title.'</h3>'.$note.$goto;
return $output;
}
}
// PREPARING ARTICLE FOR XML
function strip($text) {
$search = array('/\[include\](.*?)\[\/include\]/', '/\[func\](.*?)\[\/func\]/', '/\[break\]/', '/</', '/>/');
$replace = array('', '', '', '<', '>');
$output = preg_replace($search, $replace, $text);
$output = stripslashes(strip_tags($output, '<a><img><h1><h2><h3><h4><h5><ul><li><ol><p><hr><br><b><i><strong><em><blockquote>'));
return $output;
}
// HTML ENTITIES
function entity($item) {
$item = htmlspecialchars($item, ENT_QUOTES, s('charset'));
return $item;
}
//FILE INCLUSION
function file_include($text, $shorten) {
$fulltext = substr($text, 0, $shorten);
if(substr_count ($fulltext, '&')>0){$fulltext = str_replace('&', '&', str_replace('&', '&', $fulltext));}
if ($shorten < 9999000 && preg_match('<p>',$fulltext)) {
if (substr_count ($fulltext, '<p>') > substr_count ($fulltext, '</p>')) {
$fulltext .='</p>';
}
}
$ins = strpos($fulltext, '[/func]');
if ($ins > 0) {
$text = str_replace('[func]', '|&|', $fulltext);
$text = str_replace('[/func]', '|&|', $text);
$text = explode('|&|', $text);
$num = count($text) - 1;
$i = 1;
while ($i <= $num) {
$func = explode(':|:', $text[$i]);
ob_start();
$returned = call_user_func_array($func[0], explode(',',$func[1]));
$text[$i] = ob_get_clean();
if (empty($text[$i])) {
$text[$i] = $returned;
}
$i = $i + 2;
}
$fulltext = implode($text);
}
$inc = strpos($fulltext, '[/include]');
if ($inc > 0) {
$text = str_replace('[include]', '|&|', $fulltext);
$text = str_replace('[/include]', '|&|', $text);
$text = explode('|&|', $text);
$num = count($text);
$extension = explode(',', s('file_extensions'));
for ($i = 0; $i<$num; $i++) {
if ($i == $num) {
break;
}
if (!in_array(substr(strrchr($text[$i], '.'), 1), $extension)) {
echo substr($text[$i], 0);
} else {
if (preg_match('/^[a-z0-9_\-.\/]+$/i', $text[$i])) {
$filename=$text[$i];
file_exists($filename) ? include($filename) : print l('error_file_exists');
} else {
echo l('error_file_name');
}
}
}
} else {
echo $fulltext;
}
}
// CLEAN - cleaning query
function clean($query) {
if (get_magic_quotes_gpc()) {
$query = stripslashes($query);
}
$query = mysql_real_escape_string($query);
return $query;
}
// BREAK TO NEW LINE
function br2nl($text){
$text = str_replace('\r\n','',str_replace("<br />","\n",preg_replace('/<br\\\\s*?\\/??>/i', "\\n", $text)));
return $text;
}
// SEND EMAIL
function send_email($send_array) {
foreach ($send_array as $var => $value) { $$var = $value; }
$body = isset($status) ? $status."\n" : '';
if (isset($message)) {
$text = l('message').': '."\n".br2nl($message)."\n";
}
if (isset($comment)) {
$text = l('comment').': '."\n".br2nl($comment)."\n";
}
$header = "MIME-Version: 1.0\n";
$header .= "Content-type: text/plain; charset=".s('charset')."\n";
$header .= "From: $name <$email>\r\nReply-To: $name <$email>\r\nReturn-Path: <$email>\r\n";
$body .= isset($name) ? l('name').': '.$name."\n" : '';
$body .= isset($email) ? l('email').': '.$email."\n" : '';
// The below requires new lang var if ip to be sent with email - $l['ip'] = 'IP';
// $body .= isset($ip) ? l('ip').': '.$ip."\n" : '';
$body .= isset($url) && $url!='' ? l('url').': '.$url."\n\n" : '';
$body .= $text."\n";
mail($to,$subject,$body,$header);
}
// USER/PASS CHECK
function checkUserPass($input) {
$output = clean(cleanXSS($input));
$output = strip_tags($output);
if (ctype_alnum($output) === true && strlen($output) > 3 && strlen($output) < 14) {
return $output;
} else {
return null;
}
}
// MATH CAPTCHA - // Patch #18 - 1.7.1 - revised function by KikkoMax
function mathCaptcha() {
$x = rand(1, 9);
$y = rand(1, 9);
if (!isset($_SESSION[_SITE.'mathCaptcha-digit'])) {
$_SESSION[_SITE.'mathCaptcha-digit'] = $x + $y;
$_SESSION[_SITE.'mathCaptcha-digit-x'] = $x;
$_SESSION[_SITE.'mathCaptcha-digit-y'] = $y;
}
$math = '<p><label for="calc">* '.l('math_captcha').': </label><br />';
$math .= $_SESSION[_SITE.'mathCaptcha-digit-x'].' + '.$_SESSION[_SITE.'mathCaptcha-digit-y'].' = ';
$math .= '<input type="text" name="calc" id="calc" /></p>';
return $math;
}
/*
function mathCaptcha() {
$x = rand(1, 9);
$y = rand(1, 9);
$_SESSION[_SITE.'mathCaptcha-digit'] = $x + $y;
$math = '
<p><label for="calc">
* '.l('math_captcha').':
</label><br />';
$math .= $x.' + '.$y.' = ';
$math .= '
<input type="text" name="calc" id="calc" />
</p>';
return $math;
}
*/
// CHECK MATH CAPTCHA RESULT
function checkMathCaptcha() {
$result = false;
$testNumber = isset($_SESSION[_SITE.'mathCaptcha-digit']) ? $_SESSION[_SITE.'mathCaptcha-digit'] : 'none';
unset($_SESSION[_SITE.'mathCaptcha-digit']);
if (is_numeric($testNumber) && is_numeric($_POST['calc']) && ($testNumber == $_POST['calc'])) {
$result = true;
}
return $result;
}
//CATEGORY CHECK
function check_category($category) {
$main_menu = explode(',', l('cat_listSEF'));
if (in_array($category, $main_menu)) {
return true;
} else {
return false;
}
}
// MAKE A CLEAN SEF URL
function cleanSEF($string) {
$string = str_replace(' ', '-', $string);
$string = preg_replace('/[^0-9a-zA-Z-_]/', '', $string);
$string = str_replace('-', ' ', $string);
$string = preg_replace('/^\s+|\s+$/', '', $string);
$string = preg_replace('/\s+/', ' ', $string);
$string = str_replace(' ', '-', $string);
return strtolower($string);
}
// CLEAN CHECK SEF
function cleancheckSEF($string) {
$ret = !preg_match('/^[a-z0-9-_]+$/i', $string) ? 'notok' : 'ok';
return $ret;
}
// XSS CLEAN
$XSS_cache = array();
$ra1 = array('applet', 'body', 'bgsound', 'base', 'basefont', 'embed', 'frame', 'frameset', 'head', 'html',
'id', 'iframe', 'ilayer', 'layer', 'link', 'meta', 'name', 'object', 'script', 'style', 'title', 'xml');
$ra2 = array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script',
'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base',
'onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy',
'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint',
'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick',
'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged',
'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave',
'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus',
'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload',
'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover',
'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange',
'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit',
'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart',
'onstop', 'onsubmit', 'onunload');
$tagBlacklist = array_merge($ra1, $ra2);
//CLEANXSS
function cleanXSS($val) {
if ($val != "") {
global $XSS_cache;
if (!empty($XSS_cache) && array_key_exists($val, $XSS_cache)) return $XSS_cache[$val];
$source = html_entity_decode($val, ENT_QUOTES, 'ISO-8859-1');
$source = preg_replace('/&#(\d+);/me','chr(\\1)', $source);
$source = preg_replace('/&#x([a-f0-9]+);/mei','chr(0x\\1)', $source);
while($source != filterTags($source)) {
$source = filterTags($source);
}
$source = nl2br($source);
$XSS_cache[$val] = $source;
return $source;
}
return $val;
}
//FILTER TAGS
function filterTags($source) {
global $tagBlacklist;
$preTag = NULL;
$postTag = $source;
$tagOpen_start = strpos($source, '<');
while($tagOpen_start !== FALSE) {
$preTag .= substr($postTag, 0, $tagOpen_start);
$postTag = substr($postTag, $tagOpen_start);
$fromTagOpen = substr($postTag, 1);
$tagOpen_end = strpos($fromTagOpen, '>');
if ($tagOpen_end === false) break;
$tagOpen_nested = strpos($fromTagOpen, '<');
if (($tagOpen_nested !== false) && ($tagOpen_nested < $tagOpen_end)) {
$preTag .= substr($postTag, 0, ($tagOpen_nested+1));
$postTag = substr($postTag, ($tagOpen_nested+1));
$tagOpen_start = strpos($postTag, '<');
continue;
}
$tagOpen_nested = (strpos($fromTagOpen, '<') + $tagOpen_start + 1);
$currentTag = substr($fromTagOpen, 0, $tagOpen_end);
$tagLength = strlen($currentTag);
if (!$tagOpen_end) {
$preTag .= $postTag;
$tagOpen_start = strpos($postTag, '<');
}
$tagLeft = $currentTag;
$attrSet = array();
$currentSpace = strpos($tagLeft, ' ');
if (substr($currentTag, 0, 1) == '/') {
$isCloseTag = TRUE;
list($tagName) = explode(' ', $currentTag);
$tagName = substr($tagName, 1);
} else {
$isCloseTag = FALSE;
list($tagName) = explode(' ', $currentTag);
}
if ((!preg_match('/^[a-z][a-z0-9]*$/i',$tagName)) || (!$tagName) || ((in_array(strtolower($tagName), $tagBlacklist)))) {
$postTag = substr($postTag, ($tagLength + 2));
$tagOpen_start = strpos($postTag, '<');
continue;
}
while ($currentSpace !== FALSE) {
$fromSpace = substr($tagLeft, ($currentSpace+1));
$nextSpace = strpos($fromSpace, ' ');
$openQuotes = strpos($fromSpace, '"');
$closeQuotes = strpos(substr($fromSpace, ($openQuotes+1)), '"') + $openQuotes + 1;
if (strpos($fromSpace, '=') !== FALSE) {
if (($openQuotes !== FALSE) && (strpos(substr($fromSpace, ($openQuotes+1)), '"') !== FALSE))
$attr = substr($fromSpace, 0, ($closeQuotes+1));
else $attr = substr($fromSpace, 0, $nextSpace);
} else $attr = substr($fromSpace, 0, $nextSpace);
if (!$attr) $attr = $fromSpace;
$attrSet[] = $attr;
$tagLeft = substr($fromSpace, strlen($attr));
$currentSpace = strpos($tagLeft, ' ');
}
$postTag = substr($postTag, ($tagLength + 2));
$tagOpen_start = strpos($postTag, '<');
}
$preTag .= $postTag;
return $preTag;
}
// CLEAN - WORD FILTER
function cleanWords($text) {
if ((strtolower(s('word_filter_enable')) == 'on') && (file_exists(s('word_filter_file')))) {
$bad_words_from_what = preg_replace('/(^[\r\n]*|[\r\n]+)[\s\t]*[\r\n]+/', '', file(s('word_filter_file')));
$bad_words_from_what = preg_replace('/^(.*)$/', '/\\1/i', $bad_words_from_what);
$bad_words_to_what = s('word_filter_change');
$text = preg_replace($bad_words_from_what, $bad_words_to_what, $text);
return $text;
} else {
return $text;
}
}
// CHECK IF UNIQUE
function check_if_unique($what, $text, $not_id = 'x', $subcat) {
$text = clean($text);
switch ($what) {
case 'article_seftitle':
$sql = _PRE.'articles'.' WHERE seftitle = "'.$text.(!empty($not_id) ? '"
AND category = '.$not_id : '"');
break;
case 'article_title':
$sql = _PRE.'articles'.' WHERE title = "'.$text.(!empty($not_id) ? '"
AND category = '.$not_id : '"');
break;
case 'subcat_seftitle':
$sql = _PRE.'categories'.' WHERE seftitle = "'.$text.'"
AND subcat = '.$subcat;
break;
case 'subcat_name':
$sql = _PRE.'categories'.' WHERE name = "'.$text.'"
AND subcat = '.$subcat;
break;
case 'cat_seftitle_edit':
$sql = _PRE.'categories'.' WHERE seftitle = "'.$text.'"
AND id != '.$not_id;
break;
case 'cat_name_edit':
$sql = _PRE.'categories'.' WHERE name = "'.$text.'"
AND id != '.$not_id;
break;
case 'subcat_seftitle_edit':
$sql = _PRE.'categories'.' WHERE seftitle = "'.$text.'"
AND subcat = '.$subcat.' AND id != '.$not_id;
break;
case 'subcat_name_edit':
$sql = _PRE.'categories'.' WHERE name = "'.$text.'"
AND subcat = '.$subcat.' AND id != '.$not_id;
break;
case 'group_seftitle':
$sql = _PRE.'extras'.' WHERE seftitle = "'.$text.(!empty($not_id) ? '"
AND id != '.$not_id : '"');
break;
case 'group_name':
$sql = _PRE.'extras'.' WHERE name = "'.$text.(!empty($not_id) ? '"
AND id != '.$not_id : '"');
break;
}
$rows = mysql_num_rows(mysql_query('SELECT id FROM '.$sql));
if ($rows == 0) {
return false;
} else {
return true;
}
}
// ARTICLES - FUTURE POSTING
function update_articles() {
$last_date = s('last_date');
$updatetime = !empty($last_date) ? strtotime($last_date) : time();
$dif_time = time() - $updatetime;
if ($dif_time > 1200 || empty($last_date)) {
mysql_query('UPDATE '._PRE.'articles'.'
SET published=1
WHERE published=2
AND date <= NOW()');
mysql_query('UPDATE '._PRE.'settings'.'
SET value=NOW()
WHERE name=\'last_date\'');
}
}
?>
Copyright 2K16 - 2K18 Indonesian Hacker Rulez