4821 lines
144 KiB
PHP
4821 lines
144 KiB
PHP
|
<?php
|
||
|
/*
|
||
|
* Modification History
|
||
|
*
|
||
|
* 2005-April-18 Jason Rohrer
|
||
|
* Created.
|
||
|
*
|
||
|
* 2005-July-26 Jason Rohrer
|
||
|
* Moved settings into a separate file.
|
||
|
*
|
||
|
* 2005-September-1 Jason Rohrer
|
||
|
* Added support for toggling permalinks.
|
||
|
*
|
||
|
* 2005-September-8 Jason Rohrer
|
||
|
* Improved some parameter names.
|
||
|
* Added fix for IE cookie clearing bug.
|
||
|
*
|
||
|
* 2005-September-18 Jason Rohrer
|
||
|
* Fixed several undefined variable notices.
|
||
|
*
|
||
|
* 2005-September-20 Jason Rohrer
|
||
|
* Added text formatting and pubDate fields to RSS feeds.
|
||
|
*
|
||
|
* 2005-November-14 Jason Rohrer
|
||
|
* Added version action.
|
||
|
* Changed behavior of story block formatting for headline-only lists.
|
||
|
* Fixed redirect behavior after login and register.
|
||
|
*
|
||
|
* 2005-November-21 Jason Rohrer
|
||
|
* Added [centerblock] tags for centering a left-aligned block of text.
|
||
|
*
|
||
|
* 2006-March-16 Jason Rohrer
|
||
|
* Removed check for existing session ID when resetting password.
|
||
|
* Added optional email notices to admins about pending items.
|
||
|
*
|
||
|
* 2006-August-10 Jason Rohrer
|
||
|
* Added sb_ prefix to all internal functions to prevent conflicts with other
|
||
|
* packages.
|
||
|
*
|
||
|
* 2006-September-21 Jason Rohrer
|
||
|
* Changed image alignment HTML.
|
||
|
*
|
||
|
* 2006-October-9 Jason Rohrer
|
||
|
* Fixed typo in admin letter. Added list of all pending posts.
|
||
|
* Added an Approve link when admin views a pending post.
|
||
|
* Fixed a bug in URL detection for link-only posts.
|
||
|
* Changed to support ordering by oldest-first, and switched comment ordering.
|
||
|
*
|
||
|
* 2007-May-29 Jason Rohrer
|
||
|
* Fixed warning generated by post queue.
|
||
|
*/
|
||
|
|
||
|
|
||
|
|
||
|
global $seedBlogs_version;
|
||
|
$seedBlogs_version = "0.2_in_progress";
|
||
|
|
||
|
|
||
|
|
||
|
// edit settings.php to change seedBlogs' settings
|
||
|
include( "sbSettings.php" );
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
// no end-user settings below this point
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
// enable verbose error reporting to detect uninitialized variables
|
||
|
error_reporting( E_ALL );
|
||
|
|
||
|
|
||
|
// page layout for web-based setup
|
||
|
$setup_header = "
|
||
|
<HTML>
|
||
|
<HEAD><TITLE>seedBlogs Web-based setup</TITLE></HEAD>
|
||
|
<BODY BGCOLOR=#FFFFFF TEXT=#000000 LINK=#0000FF VLINK=#FF0000>
|
||
|
|
||
|
<CENTER>
|
||
|
<TABLE WIDTH=75% BORDER=0 CELLSPACING=0 CELLPADDING=1>
|
||
|
<TR><TD BGCOLOR=#000000>
|
||
|
<TABLE WIDTH=100% BORDER=0 CELLSPACING=0 CELLPADDING=10>
|
||
|
<TR><TD BGCOLOR=#EEEEEE>";
|
||
|
|
||
|
$setup_footer = "
|
||
|
</TD></TR></TABLE>
|
||
|
</TD></TR></TABLE>
|
||
|
</CENTER>
|
||
|
</BODY></HTML>";
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
// set to 1 to force magic_quote behavior on all user-submitted data
|
||
|
// set to 0 to disable magic_quote behavior
|
||
|
|
||
|
// WARNING: setting $use_magic_quotes to 0 will make user-submitted
|
||
|
// data (for example, web form data) unsafe to pass directly
|
||
|
// into a MySQL database query.
|
||
|
$use_magic_quotes = 1;
|
||
|
|
||
|
if( get_magic_quotes_gpc() && !$use_magic_quotes ) {
|
||
|
// force magic quotes to be removed
|
||
|
$_GET = array_map( 'sb_stripslashes_deep', $_GET );
|
||
|
$_POST = array_map( 'sb_stripslashes_deep', $_POST );
|
||
|
$_REQUEST = array_map( 'sb_stripslashes_deep', $_REQUEST );
|
||
|
$_COOKIE = array_map( 'sb_stripslashes_deep', $_COOKIE );
|
||
|
}
|
||
|
else if( !get_magic_quotes_gpc() && $use_magic_quotes ) {
|
||
|
// force magic quotes to be added
|
||
|
$_GET = array_map( 'sb_addslashes_deep', $_GET );
|
||
|
$_POST = array_map( 'sb_addslashes_deep', $_POST );
|
||
|
$_REQUEST = array_map( 'sb_addslashes_deep', $_REQUEST );
|
||
|
$_COOKIE = array_map( 'sb_addslashes_deep', $_COOKIE );
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
// set to NULL so we can detect when we have set it on purpose
|
||
|
global $return_url;
|
||
|
$return_url = NULL;
|
||
|
|
||
|
|
||
|
// deal with cookies for logins
|
||
|
|
||
|
// ignore cookies if $loggedInID already set by another part of the script
|
||
|
global $loggedInID;
|
||
|
|
||
|
|
||
|
// set by the logout script to tell us to ignore cookies
|
||
|
global $justLoggedOut;
|
||
|
|
||
|
|
||
|
$cookieName = $tableNamePrefix . "cookie";
|
||
|
|
||
|
$cookie_user_id = "";
|
||
|
if( isset( $_COOKIE[ $cookieName ."_user_id" ] ) ) {
|
||
|
$cookie_user_id = $_COOKIE[ $cookieName ."_user_id" ];
|
||
|
}
|
||
|
$cookie_session_id = "";
|
||
|
if( isset( $_COOKIE[ $cookieName ."_session_id" ] ) ) {
|
||
|
$cookie_session_id = $_COOKIE[ $cookieName ."_session_id" ];
|
||
|
}
|
||
|
|
||
|
if( ! $justLoggedOut &&
|
||
|
strcmp( $loggedInID, "" ) == 0 ) { // $loggedInID not already set
|
||
|
|
||
|
$loggedInID = sb_getLoggedInUser();
|
||
|
|
||
|
if( strcmp( $loggedInID, "" ) != 0 ) {
|
||
|
// push the cookie expiration forward
|
||
|
sb_refreshCookie( $cookie_user_id, $cookie_session_id );
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Displays either a login form or information about the currently logged-in
|
||
|
* user (along with a logout link).
|
||
|
*/
|
||
|
function seedBlogs_showLoginBox() {
|
||
|
global $loggedInID, $justLoggedOut, $tableNamePrefix;
|
||
|
|
||
|
// don't use global $return_url here
|
||
|
$return_url = sb_getReturnURL();
|
||
|
|
||
|
if( sb_getUserCount() == 0 ) {
|
||
|
// no registered users
|
||
|
// show link to register form
|
||
|
|
||
|
// use main site URL as return URL here
|
||
|
// This avoid redirecting the user back to sb_setup
|
||
|
global $mainSiteURL;
|
||
|
$encoded_return_url= urlencode( $mainSiteURL );
|
||
|
|
||
|
echo "[<A HREF=\"seedBlogs.php?action=show_register_form&".
|
||
|
"return_url=$encoded_return_url\">".
|
||
|
"Create Admin Account</A>]";
|
||
|
}
|
||
|
else if( $justLoggedOut || strcmp( $loggedInID, "" ) == 0 ) {
|
||
|
$encoded_return_url= urlencode( $return_url );
|
||
|
|
||
|
// show the login form
|
||
|
?>
|
||
|
|
||
|
<FORM ACTION="seedBlogs.php" METHOD="post">
|
||
|
<INPUT TYPE="hidden" NAME="action" VALUE="login">
|
||
|
<INPUT TYPE="hidden" NAME="return_url" VALUE="<?php echo $return_url;?>">
|
||
|
<TABLE BORDER=0>
|
||
|
<TR><TD>User ID:</TD>
|
||
|
<TD><INPUT TYPE="text" MAXLENGTH=20 SIZE=10 NAME="user_id"></TD></TR>
|
||
|
<TR><TD>Password:</TD>
|
||
|
<TD><INPUT TYPE="password" MAXLENGTH=20 SIZE=10 NAME="password"></TD></TR>
|
||
|
<TR><TD VALIGN=TOP>
|
||
|
[<A HREF="seedBlogs.php?action=show_register_form&return_url=<?php
|
||
|
echo $encoded_return_url; ?>">New Account</A>]</TD>
|
||
|
<TD ALIGN=RIGHT VALIGN=TOP><INPUT TYPE="Submit" VALUE="Log In"></TD><TR>
|
||
|
<TR><TD COLSPAN=2 VALIGN=TOP>
|
||
|
[<A HREF="seedBlogs.php?action=show_password_help_form">Forgot Password?</A>]</TD></TR>
|
||
|
</TABLE>
|
||
|
</FORM>
|
||
|
|
||
|
<?php
|
||
|
}
|
||
|
else {
|
||
|
$return_url = urlencode( $return_url );
|
||
|
|
||
|
// indicate which user is logged in
|
||
|
echo "Logged in as <B>" . sb_stripMagicQuotes( $loggedInID ) .
|
||
|
"</B><BR>\n";
|
||
|
echo "[<A HREF=\"seedBlogs.php?action=logout\">Log Out</A>] ";
|
||
|
echo "[<A HREF=\"seedBlogs.php?action=show_register_form&".
|
||
|
"return_url=$return_url\">".
|
||
|
"Edit Account</A>]\n";
|
||
|
|
||
|
if( sb_isAdministrator() ) {
|
||
|
// show a link to pending account queue, if any are pending
|
||
|
sb_connectToDatabase();
|
||
|
$query =
|
||
|
"SELECT COUNT(*) FROM $tableNamePrefix"."users ".
|
||
|
"WHERE approved = '0';";
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
$pendingCount = mysql_result( $result, 0, 0 );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
if( $pendingCount > 0 ) {
|
||
|
$countString = "<B>$pendingCount</B> account requests";
|
||
|
if( $pendingCount == 1 ) {
|
||
|
$countString = "<B>$pendingCount</B> account request";
|
||
|
}
|
||
|
echo "<BR>[<A HREF=\"seedBlogs.php?action=show_account_queue".
|
||
|
"&return_url=$return_url\">" .
|
||
|
"$countString waiting</A>]";
|
||
|
}
|
||
|
|
||
|
// show a link to pending post queue, if any are waiting
|
||
|
sb_connectToDatabase();
|
||
|
$query =
|
||
|
"SELECT COUNT(*) FROM $tableNamePrefix"."posts ".
|
||
|
"WHERE approved = '0' AND removed = '0';";
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
$pendingCount = mysql_result( $result, 0, 0 );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
if( $pendingCount > 0 ) {
|
||
|
$countString = "<B>$pendingCount</B> posts";
|
||
|
if( $pendingCount == 1 ) {
|
||
|
$countString = "<B>$pendingCount</B> post";
|
||
|
}
|
||
|
echo "<BR>[<A HREF=\"seedBlogs.php?action=show_post_queue".
|
||
|
"&blog_name=*&return_url=$return_url\">" .
|
||
|
"$countString pending approval</A>]";
|
||
|
}
|
||
|
|
||
|
echo "<BR>[<A HREF=\"seedBlogs.php?action=show_account_list".
|
||
|
"&return_url=$return_url\">" .
|
||
|
"Manage Accounts</A>]<BR>";
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Displays the search box (used to search all seedBlogs).
|
||
|
*
|
||
|
* @param $inFieldWidth the width of the field, in characters.
|
||
|
* Defaults to 15.
|
||
|
* @param $inShowButton true to show the "Search" button, or false
|
||
|
* to hide it.
|
||
|
* Defaults to true.
|
||
|
*/
|
||
|
function seedBlogs_showSearchBox( $inFieldWidth = 15, $inShowButton = true ) {
|
||
|
// redisplay key words if they are present as POSTed variables
|
||
|
$key_words = "";
|
||
|
if( isset( $_REQUEST[ "key_words" ] ) ) {
|
||
|
$key_words =
|
||
|
sb_stripMagicQuotes(
|
||
|
sb_getRequestVariableRaw( "key_words" ) );
|
||
|
}
|
||
|
?>
|
||
|
<FORM ACTION="seedBlogs.php" METHOD="post">
|
||
|
<INPUT TYPE="hidden" NAME="action" VALUE="search">
|
||
|
<INPUT TYPE="text" MAXLENGTH=20 SIZE=<?php echo $inFieldWidth;?>
|
||
|
NAME="key_words"
|
||
|
VALUE="<?php echo htmlspecialchars( $key_words ); ?>">
|
||
|
<?php
|
||
|
if( $inShowButton ) {
|
||
|
echo "<INPUT TYPE=\"Submit\" VALUE=\"Search\">";
|
||
|
}
|
||
|
echo "</FORM>";
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Displays a seed blog with default formatting options
|
||
|
*
|
||
|
* @param $inBlogName the name of the blog in the database. Should not
|
||
|
* contain spaces or special characters.
|
||
|
* @param $inShowIntroText 1 to show intro text under headlines, or 0 to
|
||
|
* show only headlines.
|
||
|
* @param $inShowAuthors (only applies if $inShowIntroText is 1) 1 to show
|
||
|
* the author of each post, or 0 to hide the authors.
|
||
|
* Defaults to 1.
|
||
|
* @param $inShowDates (only applies if $inShowIntroText is 1) 1 to show
|
||
|
* the creation date for each post, or 0 to hide the dates.
|
||
|
* Defaults to 1.
|
||
|
* @param $inOrder 1 to order by creation date with newest posts first,
|
||
|
* -1 to order by creation date with oldest posts first,
|
||
|
* 0 to order by expiration date with oldest posts first, or
|
||
|
* 2 to allow the administrators to tweak the ordering (up/down widgets
|
||
|
* will be displayed to allow admins to move posts up and down in the list).
|
||
|
* Defaults to 1.
|
||
|
* @param $inMaxNumber the maximum number of entries to show. -1 specifies
|
||
|
* no limit.
|
||
|
* Defaults to 10.
|
||
|
* @param $inNumToSkip the number of posts to skip, starting at the top
|
||
|
* of the list. Specifying 0 shows $inMaxNumber posts starting with the
|
||
|
* top post. Defaults to 0.
|
||
|
* @param $inShowArchive 1 to show the archive link, or 0 to hide it.
|
||
|
* Defaults to 1.
|
||
|
* @param $inShowSubmitLinkToPublic 1 to show a link for the public to submit
|
||
|
* posts, or 0 to hide the link.
|
||
|
* Defaults to 1.
|
||
|
*/
|
||
|
function seedBlog( $inBlogName,
|
||
|
$inShowIntroText,
|
||
|
$inShowAuthors = 1,
|
||
|
$inShowDates = 1,
|
||
|
$inOrder = 1,
|
||
|
$inMaxNumber = 10,
|
||
|
$inNumToSkip = 0,
|
||
|
$inShowArchive = 1,
|
||
|
$inShowSubmitLinkToPublic = 1 ) {
|
||
|
|
||
|
global $storyBlockFormatOpen, $storyBlockFormatClose,
|
||
|
$headlineFormatOpen, $headlineFormatClose, $textBlockFormatOpen,
|
||
|
$textBlockFormatClose, $storySeparator,
|
||
|
$linkStoryBlockFormatOpen, $linkStoryBlockFormatClose,
|
||
|
$linkHeadlineFormatOpen, $linkHeadlineFormatClose, $linkStorySeparator;
|
||
|
|
||
|
// pick from defaults depending on whether intro text is shown or not
|
||
|
$local_storyBlockFormatOpen = $linkStoryBlockFormatOpen;
|
||
|
$local_storyBlockFormatClose = $linkStoryBlockFormatClose;
|
||
|
$local_headlineFormatOpen = $linkHeadlineFormatOpen;
|
||
|
$local_headlineFormatClose = $linkHeadlineFormatClose;
|
||
|
$local_storySeparator = $linkStorySeparator;
|
||
|
|
||
|
|
||
|
if( $inShowIntroText ) {
|
||
|
$local_storyBlockFormatOpen = $storyBlockFormatOpen;
|
||
|
$local_storyBlockFormatClose = $storyBlockFormatClose;
|
||
|
$local_headlineFormatOpen = $headlineFormatOpen;
|
||
|
$local_headlineFormatClose = $headlineFormatClose;
|
||
|
$local_storySeparator = $storySeparator;
|
||
|
}
|
||
|
|
||
|
|
||
|
seedBlogFormatted( $inBlogName,
|
||
|
$inShowIntroText,
|
||
|
$inShowAuthors,
|
||
|
$inShowDates,
|
||
|
$inOrder,
|
||
|
$inMaxNumber,
|
||
|
$inNumToSkip,
|
||
|
$inShowArchive,
|
||
|
$inShowSubmitLinkToPublic,
|
||
|
$local_storyBlockFormatOpen,
|
||
|
$local_storyBlockFormatClose,
|
||
|
$local_headlineFormatOpen,
|
||
|
$local_headlineFormatClose,
|
||
|
$textBlockFormatOpen,
|
||
|
$textBlockFormatClose,
|
||
|
$local_storySeparator );
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Displays a seed blog with customized formatting options.
|
||
|
*
|
||
|
* Parameters are the same as for the simpler call above, except:
|
||
|
* @param $inStoryBlockFormatOpen opening HTML used to format each story block.
|
||
|
* @param $inStoryBlockFormatClose closing HTML used to format each story
|
||
|
* block.
|
||
|
* @param $inHeadlineFormatOpen opening HTML used to format headlines.
|
||
|
* @param $inHeadlineFormatClose closing HTML used to format headlines.
|
||
|
* @param $inTextBlockFormatOpen opening HTML used to format the text of a
|
||
|
* post under the headline. Ignored if $inShowIntroText = 0.
|
||
|
* @param $inTextBlockFormatClose closing HTML used to format the text of a
|
||
|
* post under the headline. Ignored if $inShowIntroText = 0.
|
||
|
* @param $inStorySeparator HTML to insert between each story block in a story
|
||
|
* list.
|
||
|
*/
|
||
|
function seedBlogFormatted( $inBlogName,
|
||
|
$inShowIntroText,
|
||
|
$inShowAuthors,
|
||
|
$inShowDates,
|
||
|
$inOrder,
|
||
|
$inMaxNumber,
|
||
|
$inNumToSkip,
|
||
|
$inShowArchive,
|
||
|
$inShowSubmitLinkToPublic,
|
||
|
// formatting options:
|
||
|
$inStoryBlockFormatOpen,
|
||
|
$inStoryBlockFormatClose,
|
||
|
$inHeadlineFormatOpen,
|
||
|
$inHeadlineFormatClose,
|
||
|
$inTextBlockFormatOpen,
|
||
|
$inTextBlockFormatClose,
|
||
|
$inStorySeparator ) {
|
||
|
|
||
|
global $return_url;
|
||
|
|
||
|
if( $return_url == NULL ) {
|
||
|
$return_url = sb_getReturnURL();
|
||
|
$return_url = urlencode( $return_url );
|
||
|
}
|
||
|
|
||
|
// display link for posting new item
|
||
|
$postLinkName = "Submit";
|
||
|
$postLinkHint = "Submit a post into the approval queue";
|
||
|
|
||
|
$isCommentBlog = false;
|
||
|
if( preg_match( "/_comments/", $inBlogName ) ) {
|
||
|
$isCommentBlog = true;
|
||
|
$postLinkName = "Submit Comment";
|
||
|
$postLinkHint = "Submit a comment into the approval queue";
|
||
|
}
|
||
|
$allowPost = false;
|
||
|
|
||
|
global $loggedInID, $autoApprovePosts, $allowSubmissionsFromPublic;
|
||
|
global $tableNamePrefix;
|
||
|
|
||
|
if( strcmp( $loggedInID, "" ) != 0 ) {
|
||
|
if( $autoApprovePosts ||
|
||
|
sb_getUserDatabaseField( $loggedInID,
|
||
|
"administrator" ) == 1 ) {
|
||
|
// post, don't submit
|
||
|
$postLinkName = "New Post";
|
||
|
$postLinkHint = "Add a new post";
|
||
|
if( $isCommentBlog ) {
|
||
|
$postLinkName = "Post Comment";
|
||
|
$postLinkHint = "Add a new comment";
|
||
|
}
|
||
|
}
|
||
|
$allowPost = true;
|
||
|
}
|
||
|
else {
|
||
|
// no one logged in
|
||
|
if( $inShowSubmitLinkToPublic && $allowSubmissionsFromPublic ||
|
||
|
$isCommentBlog ) {
|
||
|
$allowPost = true;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if( $allowPost ) {
|
||
|
echo "[<A HREF=\"seedBlogs.php?action=edit_post&blog_name=$inBlogName".
|
||
|
"&return_url=$return_url\" TITLE=\"$postLinkHint\">" .
|
||
|
"$postLinkName</A>]<BR>";
|
||
|
}
|
||
|
if( sb_isAdministrator() ) {
|
||
|
// show link to queue, if there are posts wating
|
||
|
|
||
|
sb_connectToDatabase();
|
||
|
$query =
|
||
|
"SELECT COUNT(*) FROM $tableNamePrefix"."posts ".
|
||
|
"WHERE approved = \"0\" AND removed = \"0\" AND ".
|
||
|
"blog_name = \"$inBlogName\";";
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
$pendingCount = mysql_result( $result, 0, 0 );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
if( $pendingCount > 0 ) {
|
||
|
$countString = "<B>$pendingCount</B> posts";
|
||
|
if( $pendingCount == 1 ) {
|
||
|
$countString = "<B>$pendingCount</B> post";
|
||
|
}
|
||
|
echo "[<A HREF=\"seedBlogs.php?action=show_post_queue".
|
||
|
"&blog_name=$inBlogName".
|
||
|
"&return_url=$return_url\">" .
|
||
|
"$countString in queue</A>]<BR>";
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if( $inShowIntroText ) {
|
||
|
// extra space
|
||
|
//echo "<BR>";
|
||
|
}
|
||
|
|
||
|
// get blog posts from the database
|
||
|
|
||
|
$orderClause = "ORDER BY creation_date DESC";
|
||
|
|
||
|
if( $inOrder == 0 ) {
|
||
|
$orderClause = "ORDER BY expiration_date ASC";
|
||
|
}
|
||
|
if( $inOrder == -1 ) {
|
||
|
$orderClause = "ORDER BY creation_date ASC";
|
||
|
}
|
||
|
|
||
|
$limitNumber = $inMaxNumber;
|
||
|
|
||
|
if( $inMaxNumber == -1 ) {
|
||
|
// use a large number, as suggested in the MySQL docs, to cause
|
||
|
// limit to be ignored
|
||
|
$limitNumber = 99999;
|
||
|
}
|
||
|
|
||
|
// LIMIT is only supported by MySQL
|
||
|
$query =
|
||
|
"SELECT * " .
|
||
|
"FROM $tableNamePrefix"."posts " .
|
||
|
"WHERE approved = '1' AND removed = '0' ".
|
||
|
"AND blog_name = '$inBlogName' ".
|
||
|
"AND ( expiration_date > CURRENT_TIMESTAMP OR " .
|
||
|
"expiration_date IS NULL ) " .
|
||
|
"$orderClause LIMIT $inNumToSkip, $limitNumber;";
|
||
|
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
$numRows = mysql_numrows( $result );
|
||
|
|
||
|
if( $numRows == 0 ) {
|
||
|
echo "[no posts]<BR>";
|
||
|
}
|
||
|
|
||
|
$mapArray = NULL;
|
||
|
if( $inOrder == 2 ) {
|
||
|
// use map and ignore the above query
|
||
|
$mapQuery = "SELECT map FROM $tableNamePrefix"."order_map ".
|
||
|
"WHERE blog_name = '$inBlogName';";
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
$result = sb_queryDatabase( $mapQuery );
|
||
|
|
||
|
$mapRaw = "";
|
||
|
|
||
|
if( mysql_numrows( $result ) == 0 ) {
|
||
|
// no order_map entry yet for this blog
|
||
|
|
||
|
// insert a new map containing an empty string
|
||
|
$mapQuery = "INSERT INTO $tableNamePrefix"."order_map ".
|
||
|
"VALUES ( " .
|
||
|
"'$inBlogName', '' );";
|
||
|
sb_queryDatabase( $mapQuery );
|
||
|
}
|
||
|
else {
|
||
|
$mapRaw = mysql_result( $result, 0, 0 );
|
||
|
}
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
|
||
|
$mapArrayRaw = preg_split( "/\s+/", $mapRaw );
|
||
|
|
||
|
// filter the map array to remove unapproved, removed, or expired
|
||
|
// post_ids
|
||
|
$map = "";
|
||
|
|
||
|
sb_connectToDatabase();
|
||
|
for( $i=0; $i<count( $mapArrayRaw ); $i++ ) {
|
||
|
$post_id = $mapArrayRaw[ $i ];
|
||
|
|
||
|
if( sb_isPostVisible( $post_id ) ) {
|
||
|
// post in map is visible
|
||
|
|
||
|
// add ID to our filtered map
|
||
|
if( strcmp( $map, "" ) == 0 ) {
|
||
|
$map = $post_id;
|
||
|
}
|
||
|
else {
|
||
|
$map = $map . "\n" . $post_id;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
// now split the filtered map to get our final array
|
||
|
$mapArray = preg_split( "/\s+/", $map );
|
||
|
|
||
|
if( strcmp( $map, "" ) == 0 ) {
|
||
|
// force an empty array;
|
||
|
$mapArray = array();
|
||
|
}
|
||
|
|
||
|
// reset numRows based on the size of our mapArray
|
||
|
$numRows = count( $mapArray ) - $inNumToSkip;
|
||
|
|
||
|
if( $inMaxNumber != -1 &&
|
||
|
$numRows > $inMaxNumber ) {
|
||
|
|
||
|
$numRows = $inMaxNumber;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// finally, display the posts, using either the query results or the
|
||
|
// map
|
||
|
for( $i=0; $i<$numRows; $i++ ) {
|
||
|
|
||
|
$subject_line = "";
|
||
|
$post_id = "";
|
||
|
$intro_text = "";
|
||
|
$body_text = "";
|
||
|
$user_id = "";
|
||
|
$date = "";
|
||
|
$allow_comments = "";
|
||
|
$show_permalink = "";
|
||
|
|
||
|
if( $mapArray == NULL ) {
|
||
|
// use the query results
|
||
|
$subject_line = mysql_result( $result, $i, "subject_line" );
|
||
|
$post_id = mysql_result( $result, $i, "post_id" );
|
||
|
$intro_text = mysql_result( $result, $i, "intro_text" );
|
||
|
$body_text = mysql_result( $result, $i, "body_text" );
|
||
|
|
||
|
$user_id = mysql_result( $result, $i, "user_id" );
|
||
|
$date = mysql_result( $result, $i, "creation_date" );
|
||
|
$allow_comments = mysql_result( $result, $i, "allow_comments" );
|
||
|
$show_permalink = mysql_result( $result, $i, "show_permalink" );
|
||
|
}
|
||
|
else {
|
||
|
// ignore query results
|
||
|
// re-query database according to map
|
||
|
$post_id = $mapArray[ $i + $inNumToSkip ];
|
||
|
|
||
|
$query =
|
||
|
"SELECT * " .
|
||
|
"FROM $tableNamePrefix"."posts " .
|
||
|
"WHERE post_id = '$post_id';";
|
||
|
sb_connectToDatabase();
|
||
|
$singleResult = sb_queryDatabase( $query );
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
$subject_line = mysql_result( $singleResult, 0, "subject_line" );
|
||
|
$post_id = mysql_result( $singleResult, 0, "post_id" );
|
||
|
$intro_text = mysql_result( $singleResult, 0, "intro_text" );
|
||
|
$body_text = mysql_result( $singleResult, 0, "body_text" );
|
||
|
|
||
|
$user_id = mysql_result( $singleResult, 0, "user_id" );
|
||
|
$date = mysql_result( $singleResult, 0, "creation_date" );
|
||
|
$allow_comments =
|
||
|
mysql_result( $singleResult, 0, "allow_comments" );
|
||
|
$show_permalink =
|
||
|
mysql_result( $singleResult, 0, "show_permalink" );
|
||
|
}
|
||
|
|
||
|
// trim leading/trailing whitespace
|
||
|
$subject_line = trim( $subject_line );
|
||
|
$intro_text = trim( $intro_text );
|
||
|
$body_text = trim( $body_text );
|
||
|
|
||
|
|
||
|
if( $inShowIntroText ) {
|
||
|
|
||
|
$author = NULL;
|
||
|
if( $inShowAuthors ) {
|
||
|
$author = $user_id;
|
||
|
}
|
||
|
$dateString = NULL;
|
||
|
if( $inShowDates ) {
|
||
|
$dateString = $date;
|
||
|
}
|
||
|
|
||
|
$showUpDownWidgets =
|
||
|
( $inOrder == 2 && sb_isAdministrator() );
|
||
|
|
||
|
$index = $i + $inNumToSkip;
|
||
|
|
||
|
// show up widget if we are down from the top
|
||
|
$showUpWidget =
|
||
|
( $index > 0 ) &&
|
||
|
$showUpDownWidgets;
|
||
|
|
||
|
// show down widget if we are up from the bottom
|
||
|
$showDownWidget =
|
||
|
( $index < count( $mapArray ) - 1 ) &&
|
||
|
$showUpDownWidgets;
|
||
|
|
||
|
sb_generateStoryBlock( $inBlogName,
|
||
|
$post_id,
|
||
|
$subject_line,
|
||
|
$author,
|
||
|
$dateString,
|
||
|
$showUpWidget,
|
||
|
$showDownWidget,
|
||
|
$intro_text,
|
||
|
$body_text,
|
||
|
0, // show link to body text
|
||
|
$allow_comments,
|
||
|
$show_permalink,
|
||
|
$return_url,
|
||
|
// formatting options:
|
||
|
$inStoryBlockFormatOpen,
|
||
|
$inStoryBlockFormatClose,
|
||
|
$inHeadlineFormatOpen,
|
||
|
$inHeadlineFormatClose,
|
||
|
$inTextBlockFormatOpen,
|
||
|
$inTextBlockFormatClose );
|
||
|
|
||
|
}
|
||
|
else {
|
||
|
$linkTarget = "seedBlogs.php?action=display_post&".
|
||
|
"post_id=$post_id".
|
||
|
"&show_author=$inShowAuthors&show_date=$inShowDates";
|
||
|
$directURLTarget = false;
|
||
|
|
||
|
if( $intro_text != NULL && $body_text == NULL ) {
|
||
|
// we just have intro text and no body.
|
||
|
// check if the intro text contains just a URL
|
||
|
|
||
|
// intro text has already been trimmed of leading/trailing
|
||
|
// whitespace above
|
||
|
|
||
|
if( strstr( $intro_text, "http://" ) != false &&
|
||
|
strpos( $intro_text, "http://" ) == 0 &&
|
||
|
strstr( $intro_text, " " ) == false ) {
|
||
|
// intro text starts with URL and contains nothing else
|
||
|
|
||
|
// make a direct link
|
||
|
$linkTarget = trim( $intro_text );
|
||
|
|
||
|
$directURLTarget = true;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// open a story block for the headline
|
||
|
echo "$inStoryBlockFormatOpen";
|
||
|
|
||
|
// link around subject, with formatting inside link tags
|
||
|
echo "<A HREF=\"$linkTarget\">$inHeadlineFormatOpen".
|
||
|
"$subject_line".
|
||
|
"$inHeadlineFormatClose</A>";
|
||
|
|
||
|
if( $directURLTarget && sb_canEdit( $post_id ) ) {
|
||
|
// problem: clicking a direct URL link takes you to the URL
|
||
|
// and not the display page, so there is no
|
||
|
// way to edit the post.
|
||
|
|
||
|
// add a special edit link to these posts
|
||
|
echo " [<A HREF=\"seedBlogs.php?action=edit_post".
|
||
|
"&blog_name=$inBlogName".
|
||
|
"&post_id=$post_id&return_url=$return_url".
|
||
|
"&show_author=$inShowAuthors&show_date=$inShowDates\">" .
|
||
|
"Edit</A>]";
|
||
|
}
|
||
|
|
||
|
if( $inOrder == 2 && sb_isAdministrator() ) {
|
||
|
// show up/down widgets
|
||
|
$index = $i + $inNumToSkip;
|
||
|
|
||
|
$upShown = false;
|
||
|
if( $index > 0 ) {
|
||
|
echo " [<A HREF=\"seedBlogs.php?action=move_up".
|
||
|
"&blog_name=$inBlogName".
|
||
|
"&post_id=$post_id&return_url=$return_url\">" .
|
||
|
"Up</A>]";
|
||
|
$upShown = true;
|
||
|
}
|
||
|
if( $index < count( $mapArray ) - 1 ) {
|
||
|
if( ! $upShown ) {
|
||
|
// insert space to separate down widget from headline
|
||
|
echo " ";
|
||
|
}
|
||
|
echo "[<A HREF=\"seedBlogs.php?action=move_down".
|
||
|
"&blog_name=$inBlogName".
|
||
|
"&post_id=$post_id&return_url=$return_url\">" .
|
||
|
"Down</A>]";
|
||
|
}
|
||
|
}
|
||
|
|
||
|
echo "$inStoryBlockFormatClose";
|
||
|
}
|
||
|
|
||
|
|
||
|
if( $i < $numRows - 1 ) {
|
||
|
// separate from next story
|
||
|
echo "$inStorySeparator";
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
if( $inShowArchive ) {
|
||
|
// count total number of posts to see if we need the archive link
|
||
|
|
||
|
$postCount = 0;
|
||
|
|
||
|
if( $mapArray == NULL ) {
|
||
|
sb_connectToDatabase();
|
||
|
$query =
|
||
|
"SELECT COUNT(*) FROM $tableNamePrefix"."posts ".
|
||
|
"WHERE approved = '1' ".
|
||
|
"AND removed = '0' AND blog_name = '$inBlogName' " .
|
||
|
"AND ( expiration_date > CURRENT_TIMESTAMP OR " .
|
||
|
"expiration_date IS NULL );";
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
$postCount = mysql_result( $result, 0, 0 );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
}
|
||
|
else {
|
||
|
$postCount = count( $mapArray );
|
||
|
}
|
||
|
|
||
|
$numOlderPosts = $postCount - ( $inNumToSkip + $numRows );
|
||
|
|
||
|
if( $numOlderPosts > 0 ) {
|
||
|
// there are more posts in the archive
|
||
|
|
||
|
if( $inShowIntroText ) {
|
||
|
// extra space
|
||
|
echo "<BR><BR>";
|
||
|
}
|
||
|
|
||
|
// archive pages have 10 posts each
|
||
|
// show link to archive
|
||
|
$offset = $inNumToSkip + $numRows;
|
||
|
echo "[<A HREF=\"seedBlogs.php?action=show_archive" .
|
||
|
"&blog_name=$inBlogName&order=$inOrder&count=10&".
|
||
|
"show_authors=$inShowAuthors&show_dates=$inShowDates&".
|
||
|
"offset=$offset".
|
||
|
"&show_intro=$inShowIntroText".
|
||
|
"&show_submit_link_to_public=$inShowSubmitLinkToPublic".
|
||
|
"\" TITLE=\"View the post archive\">$numOlderPosts ".
|
||
|
"in Archive</A>]<BR>";
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Generates a URL to the RSS 2.0 feed for a given seedBlog.
|
||
|
* GETing this URL will return RSS XML.
|
||
|
*
|
||
|
* Order of RSS feed is fixed to "order by creation date", with
|
||
|
* newest posts listed first.
|
||
|
*
|
||
|
* @param $inBlogName the name of the blog in the database. Should not
|
||
|
* contain spaces or special characters.
|
||
|
* @param $inChannelTitle the name of the RSS channel.
|
||
|
* @param $inChannelDescription the description of the RSS channel.
|
||
|
* @param $inMaxNumber the maximum number of items to include in the feed.
|
||
|
* -1 specifies no limit.
|
||
|
* Defaults to 10.
|
||
|
* @param $inShowAuthors 1 to show authors, or 0 to hide them. Defaults to 1.
|
||
|
* @param $inShowDates 1 to show dates, or 0 to hide them. Defaults to 1.
|
||
|
*/
|
||
|
function seedBlogRSSLink( $inBlogName,
|
||
|
$inChannelTitle,
|
||
|
$inChannelDescription,
|
||
|
$inMaxNumber = 10,
|
||
|
$inShowAuthors = 1,
|
||
|
$inShowDates = 1 ) {
|
||
|
|
||
|
$encodedTitle = urlencode( $inChannelTitle );
|
||
|
$encodedDescription = urlencode( $inChannelDescription );
|
||
|
$urlParams =
|
||
|
"?action=rss_feed&".
|
||
|
"blog_name=$inBlogName&".
|
||
|
"channel_title=$encodedTitle&" .
|
||
|
"channel_description=$encodedDescription&".
|
||
|
"max_number=$inMaxNumber&show_authors=$inShowAuthors&".
|
||
|
"show_dates=$inShowDates";
|
||
|
|
||
|
global $fullSeedBlogsURL;
|
||
|
|
||
|
return $fullSeedBlogsURL . $urlParams;
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Just like seedBlogRSSLink, but generates full HTML for an RSS button.
|
||
|
*
|
||
|
* Call this wherever you want an RSS button to appear on your page.
|
||
|
*/
|
||
|
function seedBlogRSSButton( $inBlogName,
|
||
|
$inChannelTitle,
|
||
|
$inChannelDescription,
|
||
|
$inMaxNumber = 10,
|
||
|
$inShowAuthors = 1,
|
||
|
$inShowDates = 1 ) {
|
||
|
|
||
|
$rss_url = seedBlogRSSLink( $inBlogName,
|
||
|
$inChannelTitle,
|
||
|
$inChannelDescription,
|
||
|
$inMaxNumber,
|
||
|
$inShowAuthors,
|
||
|
$inShowDates );
|
||
|
echo "<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=1>".
|
||
|
"<TR><TD BGCOLOR=#898E79>".
|
||
|
"<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=1>".
|
||
|
"<TR><TD BGCOLOR=#FFFFFF>".
|
||
|
"<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=2>".
|
||
|
"<TR><TD BGCOLOR=#FF6600>".
|
||
|
"<A HREF=\"$rss_url\"><FONT COLOR=#FFFFFF><B>RSS 2.0</B></FONT></A>".
|
||
|
"</TD></TR></TABLE></TD></TR></TABLE></TD></TR></TABLE>";
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
// end of functions that might be called externally by end-users
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
// general processing whenver seedBlogs.php is accessed directly
|
||
|
|
||
|
// grab POST/GET variables
|
||
|
$action = "";
|
||
|
if( isset( $_REQUEST[ "action" ] ) ) {
|
||
|
$action = sb_getRequestVariableSafe( "action" );
|
||
|
}
|
||
|
$post_id = "";
|
||
|
if( isset( $_REQUEST[ "post_id" ] ) ) {
|
||
|
$post_id = sb_getRequestVariableSafe( "post_id" );
|
||
|
}
|
||
|
$blog_name = "";
|
||
|
if( isset( $_REQUEST[ "blog_name" ] ) ) {
|
||
|
$blog_name = sb_getRequestVariableSafe( "blog_name" );
|
||
|
}
|
||
|
|
||
|
global $return_url;
|
||
|
$return_url = "";
|
||
|
if( isset( $_REQUEST[ "return_url" ] ) ) {
|
||
|
$return_url = sb_getRequestVariableSafe( "return_url" );
|
||
|
}
|
||
|
|
||
|
|
||
|
if( strcmp( $post_id, "" ) == 0 ) {
|
||
|
$post_id = NULL;
|
||
|
}
|
||
|
|
||
|
if( strcmp( $action, "version" ) == 0 ) {
|
||
|
global $seedBlogs_version;
|
||
|
echo "$seedBlogs_version";
|
||
|
}
|
||
|
else if( strcmp( $action, "login" ) == 0 ) {
|
||
|
sb_login();
|
||
|
}
|
||
|
else if( strcmp( $action, "logout" ) == 0 ) {
|
||
|
sb_logout();
|
||
|
}
|
||
|
else if( strcmp( $action, "show_register_form" ) == 0 ) {
|
||
|
sb_showRegisterForm( "" );
|
||
|
}
|
||
|
else if( strcmp( $action, "show_password_help_form" ) == 0 ) {
|
||
|
sb_showPasswordHelpForm( "" );
|
||
|
}
|
||
|
else if( strcmp( $action, "send_password_email" ) == 0 ) {
|
||
|
sb_sendPasswordEmail( "" );
|
||
|
}
|
||
|
else if( strcmp( $action, "register" ) == 0 ) {
|
||
|
sb_register();
|
||
|
}
|
||
|
else if( strcmp( $action, "setup_database" ) == 0 ) {
|
||
|
sb_setupDatabase();
|
||
|
}
|
||
|
else if( strcmp( $action, "edit_post" ) == 0 ) {
|
||
|
sb_showEditor( $blog_name, $post_id );
|
||
|
}
|
||
|
else if( strcmp( $action, "update_post" ) == 0 ) {
|
||
|
sb_updatePost( $blog_name, $post_id );
|
||
|
}
|
||
|
else if( strcmp( $action, "move_up" ) == 0 ) {
|
||
|
sb_moveUp( $blog_name, $post_id );
|
||
|
}
|
||
|
else if( strcmp( $action, "move_down" ) == 0 ) {
|
||
|
sb_moveDown( $blog_name, $post_id );
|
||
|
}
|
||
|
else if( strcmp( $action, "display_post" ) == 0 ) {
|
||
|
sb_displayPost( $post_id );
|
||
|
}
|
||
|
else if( strcmp( $action, "show_archive" ) == 0 ) {
|
||
|
sb_showArchive( $blog_name );
|
||
|
}
|
||
|
else if( strcmp( $action, "approve_post" ) == 0 ) {
|
||
|
sb_approvePost( $post_id );
|
||
|
}
|
||
|
else if( strcmp( $action, "approve_account" ) == 0 ) {
|
||
|
sb_approveAccount();
|
||
|
}
|
||
|
else if( strcmp( $action, "change_admin_status" ) == 0 ) {
|
||
|
sb_changeAdminStatus();
|
||
|
}
|
||
|
else if( strcmp( $action, "remove_account" ) == 0 ) {
|
||
|
sb_removeAccount();
|
||
|
}
|
||
|
else if( strcmp( $action, "show_post_queue" ) == 0 ) {
|
||
|
sb_showPostQueue( $blog_name );
|
||
|
}
|
||
|
else if( strcmp( $action, "show_account_queue" ) == 0 ) {
|
||
|
sb_showAccountQueue();
|
||
|
}
|
||
|
else if( strcmp( $action, "show_account_list" ) == 0 ) {
|
||
|
sb_showAccountList();
|
||
|
}
|
||
|
else if( strcmp( $action, "search" ) == 0 ) {
|
||
|
sb_search();
|
||
|
}
|
||
|
else if( strcmp( $action, "rss_feed" ) == 0 ) {
|
||
|
sb_rssFeed();
|
||
|
}
|
||
|
else if( strcmp( $action, "sb_setup" ) == 0 ) {
|
||
|
global $header, $footer;
|
||
|
//include_once( $header );
|
||
|
global $setup_header, $setup_footer;
|
||
|
echo $setup_header;
|
||
|
|
||
|
echo "<H2>seedBlogs Web-based Setup</H2>";
|
||
|
|
||
|
echo "Creating tables:<BR>";
|
||
|
|
||
|
echo "<CENTER><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=1>
|
||
|
<TR><TD BGCOLOR=#000000>
|
||
|
<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=5>
|
||
|
<TR><TD BGCOLOR=#FFFFFF>";
|
||
|
|
||
|
sb_setupDatabase();
|
||
|
|
||
|
echo "</TD></TR></TABLE></TD></TR></TABLE></CENTER><BR><BR>";
|
||
|
|
||
|
echo "After you create an admin account, the setup process will be ".
|
||
|
"complete.<BR><BR>";
|
||
|
|
||
|
echo "Step 2: ";
|
||
|
|
||
|
echo "<CENTER>";
|
||
|
|
||
|
seedBlogs_showLoginBox();
|
||
|
|
||
|
echo "</CENTER>";
|
||
|
|
||
|
echo $setup_footer;
|
||
|
//include_once( $footer );
|
||
|
}
|
||
|
else if( preg_match( "/seedBlogs\.php/", $_SERVER[ "SCRIPT_NAME" ] ) ) {
|
||
|
// seedBlogs.php has been called without an action parameter
|
||
|
|
||
|
// the preg_match ensures that seedBlogs.php was called directly and
|
||
|
// not just included by another script
|
||
|
|
||
|
// quick (and incomplete) test to see if we should show ins
|
||
|
global $tableNamePrefix;
|
||
|
|
||
|
// check if our "posts" table exists
|
||
|
$tableName = $tableNamePrefix . "posts";
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
$exists = sb_doesTableExist( $tableName );
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
if( $exists ) {
|
||
|
|
||
|
// show main page
|
||
|
global $mainSiteURL;
|
||
|
// redirect
|
||
|
header( "Location: $mainSiteURL" );
|
||
|
}
|
||
|
else {
|
||
|
// start the setup procedure
|
||
|
|
||
|
global $header, $footer;
|
||
|
//include_once( $header );
|
||
|
global $setup_header, $setup_footer;
|
||
|
echo $setup_header;
|
||
|
|
||
|
echo "<H2>seedBlogs Web-based Setup</H2>";
|
||
|
|
||
|
echo "seedBlogs will walk you through a brief setup process.<BR><BR>";
|
||
|
|
||
|
echo "Step 1: ".
|
||
|
"<A HREF=\"seedBlogs.php?action=sb_setup\">".
|
||
|
"create the database tables</A>";
|
||
|
|
||
|
echo $setup_footer;
|
||
|
//include_once( $footer );
|
||
|
}
|
||
|
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Creates the database tables needed by seedBlogs.
|
||
|
*/
|
||
|
function sb_setupDatabase() {
|
||
|
global $tableNamePrefix;
|
||
|
|
||
|
// make sure our "posts" table exists
|
||
|
$tableName = $tableNamePrefix . "posts";
|
||
|
sb_connectToDatabase();
|
||
|
if( ! sb_doesTableExist( $tableName ) ) {
|
||
|
|
||
|
// this table contains all the information for each post
|
||
|
$query =
|
||
|
"CREATE TABLE $tableName(" .
|
||
|
"post_id VARCHAR(255) NOT NULL PRIMARY KEY," .
|
||
|
"blog_name VARCHAR(255) NOT NULL," .
|
||
|
"user_id VARCHAR(20) NOT NULL," .
|
||
|
"creation_date DATETIME NOT NULL," .
|
||
|
"change_date DATETIME NOT NULL," .
|
||
|
"expiration_date DATETIME," .
|
||
|
"allow_comments TINYINT NOT NULL," .
|
||
|
"show_permalink TINYINT NOT NULL," .
|
||
|
"approved TINYINT NOT NULL," .
|
||
|
"removed TINYINT NOT NULL," .
|
||
|
"subject_line VARCHAR(60) NOT NULL," .
|
||
|
"intro_text LONGTEXT," .
|
||
|
"body_text LONGTEXT );";
|
||
|
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
|
||
|
echo "<B>$tableName</B> table created<BR>";
|
||
|
}
|
||
|
else {
|
||
|
echo "<B>$tableName</B> table already exists<BR>";
|
||
|
}
|
||
|
|
||
|
$tableName = $tableNamePrefix . "users";
|
||
|
if( ! sb_doesTableExist( $tableName ) ) {
|
||
|
|
||
|
// this table contains information for each user
|
||
|
$query =
|
||
|
"CREATE TABLE $tableName(" .
|
||
|
"user_id VARCHAR(20) NOT NULL PRIMARY KEY," .
|
||
|
"password_md5 CHAR(32) NOT NULL,".
|
||
|
"email VARCHAR(255),".
|
||
|
"session_id CHAR(32) NULL,".
|
||
|
"approved TINYINT NOT NULL," .
|
||
|
"administrator TINYINT NOT NULL );";
|
||
|
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
|
||
|
echo "<B>$tableName</B> table created<BR>";
|
||
|
}
|
||
|
else {
|
||
|
echo "<B>$tableName</B> table already exists<BR>";
|
||
|
}
|
||
|
|
||
|
$tableName = $tableNamePrefix . "order_map";
|
||
|
if( ! sb_doesTableExist( $tableName ) ) {
|
||
|
|
||
|
// this table contains order information for each blog
|
||
|
$query =
|
||
|
"CREATE TABLE $tableName(" .
|
||
|
"blog_name VARCHAR(255) NOT NULL PRIMARY KEY," .
|
||
|
"map LONGTEXT NOT NULL );";
|
||
|
|
||
|
// each map field contains a list of post_ids separated by whitespace
|
||
|
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
|
||
|
echo "<B>$tableName</B> table created<BR>";
|
||
|
}
|
||
|
else {
|
||
|
echo "<B>$tableName</B> table already exists<BR>";
|
||
|
}
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Logs a user in (setting the global $loggedInID) according to
|
||
|
* the POSTED variables.
|
||
|
*/
|
||
|
function sb_login() {
|
||
|
// the body of this function was largely copied from the NCN project
|
||
|
|
||
|
// grab posted variables
|
||
|
|
||
|
$user_id = sb_getRequestVariableSafe( "user_id" );
|
||
|
// never used in database query, so strip once here
|
||
|
$password = sb_stripMagicQuotes( sb_getRequestVariableRaw( "password" ) );
|
||
|
|
||
|
if( sb_doesUserExist( $user_id ) ) {
|
||
|
|
||
|
if( sb_getUserDatabaseField( $user_id, "approved" ) == 0 ) {
|
||
|
// display failure page
|
||
|
sb_messagePage( "User ID <B>" .
|
||
|
sb_stripMagicQuotes( $user_id ) .
|
||
|
"</B> has no been approved yet." );
|
||
|
}
|
||
|
else {
|
||
|
|
||
|
$passwordMD5 = sb_computePasswordHash( sb_stripMagicQuotes( $user_id ),
|
||
|
$password );
|
||
|
|
||
|
$truePasswordMD5 = sb_getUserDatabaseField( $user_id,
|
||
|
"password_md5" );
|
||
|
|
||
|
if( strcmp( $truePasswordMD5, $passwordMD5 ) == 0 ) {
|
||
|
|
||
|
$session_id = sb_computeSessionID( sb_stripMagicQuotes( $user_id ),
|
||
|
$password );
|
||
|
|
||
|
sb_setUserDatabaseField( $user_id, "session_id", $session_id );
|
||
|
|
||
|
// set cookies with the user_id and session_id
|
||
|
sb_refreshCookie( $user_id, $session_id );
|
||
|
|
||
|
// set global
|
||
|
global $loggedInID;
|
||
|
$loggedInID = $user_id;
|
||
|
|
||
|
// show page user logged in from
|
||
|
|
||
|
// redirect
|
||
|
global $return_url;
|
||
|
header( "Location: $return_url" );
|
||
|
}
|
||
|
else {
|
||
|
// display failure page
|
||
|
sb_messagePage( "Log in failed." );
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
else {
|
||
|
// display failure page
|
||
|
sb_messagePage( "User ID <B>" .
|
||
|
sb_stripMagicQuotes( $user_id ) .
|
||
|
"</B> does not exist." );
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Logs the current user out and clears cookies.
|
||
|
*/
|
||
|
function sb_logout() {
|
||
|
// clear cookie in user's browser
|
||
|
sb_clearCookie();
|
||
|
|
||
|
global $justLoggedOut, $loggedInID;
|
||
|
|
||
|
// clear the session id in the database
|
||
|
sb_setUserDatabaseField( $loggedInID, "session_id", NULL );
|
||
|
|
||
|
// tell other parts of script to ignore set cookies
|
||
|
$justLoggedOut = 1;
|
||
|
|
||
|
// drop the ID that we have read from the cookies so that
|
||
|
// the messagePage can reflect the fact that the user has logged out
|
||
|
$loggedInID = "";
|
||
|
|
||
|
sb_messagePage( "You have successfully logged out." );
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Shows the user registration form, or shows the account editing form
|
||
|
* if a user is already logged in.
|
||
|
*
|
||
|
* @param inMessage the message to display.
|
||
|
*/
|
||
|
function sb_showRegisterForm( $inMessage ) {
|
||
|
global $header, $footer;
|
||
|
|
||
|
include_once( $header );
|
||
|
|
||
|
echo "<B>$inMessage</B>";
|
||
|
|
||
|
global $loggedInID, $tableNamePrefix;
|
||
|
|
||
|
$emailValue = "";
|
||
|
$editExisting = false;
|
||
|
$buttonName = "Register";
|
||
|
|
||
|
if( strcmp( $loggedInID, "" ) != 0 ) {
|
||
|
// user is already logged in
|
||
|
|
||
|
// query to get the current email address
|
||
|
$query = "SELECT * FROM $tableNamePrefix"."users ".
|
||
|
"WHERE user_id = '$loggedInID';";
|
||
|
sb_connectToDatabase();
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
$emailValue = mysql_result( $result, 0, "email" );
|
||
|
$editExisting = true;
|
||
|
$buttonName = "Update";
|
||
|
}
|
||
|
|
||
|
?>
|
||
|
<FORM ACTION="seedBlogs.php" METHOD="post">
|
||
|
<INPUT TYPE="hidden" NAME="action" VALUE="register">
|
||
|
<?php
|
||
|
global $return_url;
|
||
|
|
||
|
echo "<INPUT TYPE=\"hidden\" NAME=\"return_url\" VALUE=\"$return_url\">";
|
||
|
|
||
|
if( $editExisting ) {
|
||
|
echo "<INPUT TYPE=\"hidden\" ".
|
||
|
"NAME=\"user_id\" VALUE=\"$loggedInID\">";
|
||
|
}
|
||
|
|
||
|
|
||
|
echo "<TABLE BORDER=0>";
|
||
|
|
||
|
if( !$editExisting ) {
|
||
|
?>
|
||
|
<TR><TD>User ID:</TD>
|
||
|
<TD><INPUT TYPE="text" MAXLENGTH=20 SIZE=20 NAME="user_id"></TD></TR>
|
||
|
<?php
|
||
|
}
|
||
|
else {
|
||
|
echo "<TR><TD COLSPAN=2>Leave blank to keep old password</TD></TR>";
|
||
|
}
|
||
|
?>
|
||
|
<TR><TD><?php if( $editExisting ) echo "New ";?>Password:</TD>
|
||
|
<TD><INPUT TYPE="password" MAXLENGTH=20 SIZE=20 NAME="password"></TD></TR>
|
||
|
<TR><TD>Re-type Password:</TD>
|
||
|
<TD><INPUT TYPE="password" MAXLENGTH=20 SIZE=20
|
||
|
NAME="password_b"></TD></TR>
|
||
|
<TR><TD>Email:</TD>
|
||
|
<TD><INPUT TYPE="text" MAXLENGTH=255 SIZE=20 NAME="email"
|
||
|
VALUE="<?php echo $emailValue;?>"></TD></TR>
|
||
|
<TR><TD ALIGN=RIGHT COLSPAN=2>
|
||
|
<INPUT TYPE="Submit" VALUE="<?php echo $buttonName;?>"></TD><TR>
|
||
|
</TABLE>
|
||
|
</FORM>
|
||
|
<?php
|
||
|
include_once( $footer );
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Shows a form the user can fill out for help with forgotton passwords.
|
||
|
*
|
||
|
* @param inMessage the message to display.
|
||
|
*/
|
||
|
function sb_showPasswordHelpForm( $inMessage ) {
|
||
|
global $header, $footer;
|
||
|
|
||
|
include_once( $header );
|
||
|
|
||
|
echo "<B>$inMessage</B><BR>";
|
||
|
|
||
|
echo "Enter <EM>either</EM> your user ID or your email address:"
|
||
|
?>
|
||
|
<FORM ACTION="seedBlogs.php" METHOD="post">
|
||
|
<INPUT TYPE="hidden" NAME="action" VALUE="send_password_email">
|
||
|
<TABLE BORDER=0>
|
||
|
<TR><TD>User ID:</TD>
|
||
|
<TD><INPUT TYPE="text" MAXLENGTH=255 SIZE=20 NAME="user_id"
|
||
|
VALUE=""></TD></TR>
|
||
|
<TR><TD>Email:</TD>
|
||
|
<TD><INPUT TYPE="text" MAXLENGTH=255 SIZE=20 NAME="email"
|
||
|
VALUE=""></TD></TR>
|
||
|
<TR><TD ALIGN=RIGHT COLSPAN=2>
|
||
|
<INPUT TYPE="Submit" VALUE="Send New Password by Email"></TD><TR>
|
||
|
</TABLE>
|
||
|
</FORM>
|
||
|
<?php
|
||
|
include_once( $footer );
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Send a notice to the admins.
|
||
|
*
|
||
|
* @param inMessage the email message to send.
|
||
|
*/
|
||
|
function sb_sendAdminNotice( $inMessage ) {
|
||
|
|
||
|
// first, pull all admins from database
|
||
|
$query = "";
|
||
|
global $tableNamePrefix;
|
||
|
|
||
|
$query = "SELECT * FROM $tableNamePrefix"."users ".
|
||
|
"WHERE administrator = '1';";
|
||
|
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
|
||
|
$numRows = mysql_numrows( $result );
|
||
|
|
||
|
if( $numRows < 1 ) {
|
||
|
// no admins
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
$emailList = mysql_result( $result, 0, "email" );
|
||
|
$userIDList = mysql_result( $result, 0, "user_id" );
|
||
|
|
||
|
for( $i=1; $i<$numRows; $i++ ) {
|
||
|
$user_id = mysql_result( $result, $i, "user_id" );
|
||
|
$email = mysql_result( $result, $i, "email" );
|
||
|
|
||
|
if( $i == $numRows - 1 ) {
|
||
|
// last user, insert and before name in list
|
||
|
$userIDList = $userIDList . ", and " . $user_id;
|
||
|
}
|
||
|
else {
|
||
|
// middle of list, just comma and space
|
||
|
$userIDList = $userIDList . ", " . $user_id;
|
||
|
}
|
||
|
|
||
|
$emailList = $emailList . ", " . $email;
|
||
|
}
|
||
|
|
||
|
$adminListNotice = "";
|
||
|
|
||
|
if( $numRows > 1 ) {
|
||
|
// more than one admin
|
||
|
// remind them of this fact to avoid confusion
|
||
|
|
||
|
$adminListNotice =
|
||
|
"\nNote that these admins were all notified ".
|
||
|
"about this issue:\n".
|
||
|
"$userIDList\n";
|
||
|
}
|
||
|
|
||
|
global $siteName, $mainSiteURL, $siteEmailAddress;
|
||
|
$mailHeaders = "From: $siteEmailAddress";
|
||
|
$result = mail( $emailList, "$siteName admin action needed",
|
||
|
"The following action is pending ".
|
||
|
"administrator approval:\n\n".
|
||
|
"$inMessage\n".
|
||
|
"$adminListNotice",
|
||
|
$mailHeaders );
|
||
|
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Sends out a password email using the POSTed variables.
|
||
|
*/
|
||
|
function sb_sendPasswordEmail() {
|
||
|
global $header, $footer;
|
||
|
|
||
|
$user_id = sb_getRequestVariableSafe( "user_id" );
|
||
|
|
||
|
$email = sb_getRequestVariableSafe( "email" );
|
||
|
|
||
|
|
||
|
$error = 0;
|
||
|
|
||
|
// first, make sure the required fields are provided
|
||
|
if( strcmp( $user_id, "" ) == 0 && strcmp( $email, "" ) == 0 ) {
|
||
|
$error = 1;
|
||
|
sb_showPasswordHelpForm( "You must provide some account information." );
|
||
|
}
|
||
|
|
||
|
if( ! $error ) {
|
||
|
|
||
|
// query to either find user with this ID
|
||
|
// or find all users with this email
|
||
|
$query = "";
|
||
|
global $tableNamePrefix;
|
||
|
|
||
|
if( strcmp( $user_id, "" ) != 0 ) {
|
||
|
$query = "SELECT * FROM $tableNamePrefix"."users ".
|
||
|
"WHERE user_id = '$user_id';";
|
||
|
}
|
||
|
else {
|
||
|
$query = "SELECT * FROM $tableNamePrefix"."users ".
|
||
|
"WHERE email = '$email';";
|
||
|
}
|
||
|
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
$numRows = mysql_numrows( $result );
|
||
|
|
||
|
if( $numRows == 0 ) {
|
||
|
sb_showPasswordHelpForm(
|
||
|
"The information you entered does not match any account." );
|
||
|
}
|
||
|
else if( $numRows > 1 ) {
|
||
|
sb_showPasswordHelpForm(
|
||
|
"More than one account uses this email address.<BR>".
|
||
|
"You must provide a User ID." );
|
||
|
}
|
||
|
else {
|
||
|
$user_id = mysql_result( $result, 0, "user_id" );
|
||
|
$email = mysql_result( $result, 0, "email" );
|
||
|
$password_md5 = mysql_result( $result, 0, "password_md5" );
|
||
|
|
||
|
// compute a new, temporary password
|
||
|
|
||
|
// however, we need to generate a password that
|
||
|
// cannot be guessed by attackers
|
||
|
|
||
|
// we can use the password MD5 sum (which we know) as a seed
|
||
|
|
||
|
$temp_session_id = sb_computeSessionID( $user_id, $password_md5 );
|
||
|
|
||
|
// temp passwords are 10 hex digits long
|
||
|
// there are roughly 10^12 possible temp passwords
|
||
|
$temp_password = substr( $temp_session_id, 0, 10 );
|
||
|
|
||
|
$temp_password_md5 =
|
||
|
sb_computePasswordHash( sb_stripMagicQuotes( $user_id ),
|
||
|
$temp_password );
|
||
|
sb_setUserDatabaseField( $user_id,
|
||
|
"password_md5", $temp_password_md5 );
|
||
|
|
||
|
global $siteName, $mainSiteURL, $siteEmailAddress;
|
||
|
$mailHeaders = "From: $siteEmailAddress";
|
||
|
$result = mail( $email, "$siteName temporary password",
|
||
|
"Your password at $mainSiteURL has been ".
|
||
|
"reset.\n\n".
|
||
|
"Here is your temporary account information:\n\n".
|
||
|
"User ID: $user_id\n".
|
||
|
"Password: $temp_password\n",
|
||
|
$mailHeaders );
|
||
|
|
||
|
sb_messagePage(
|
||
|
"A temporary password has been sent to you by email." );
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Processes the variables posted by the register form.
|
||
|
*/
|
||
|
function sb_register() {
|
||
|
global $tableNamePrefix, $loggedInID, $autoApproveUsers;
|
||
|
|
||
|
$updateExisting = false;
|
||
|
if( strcmp( $loggedInID, "" ) != 0 ) {
|
||
|
$updateExisting = true;
|
||
|
}
|
||
|
|
||
|
// grab posted variables
|
||
|
|
||
|
$user_id = sb_getRequestVariableSafe( "user_id" );
|
||
|
// never used in database query, so strip once here
|
||
|
$password = sb_stripMagicQuotes( sb_getRequestVariableRaw( "password" ) );
|
||
|
$password_b = sb_stripMagicQuotes( sb_getRequestVariableRaw( "password_b" ) );
|
||
|
|
||
|
$email = sb_getRequestVariableSafe( "email" );
|
||
|
|
||
|
$error = 0;
|
||
|
|
||
|
// first, make sure the required fields are provided
|
||
|
if( !$updateExisting && strcmp( $user_id, "" ) == 0 ) {
|
||
|
$error = 1;
|
||
|
sb_showRegisterForm( "\"User ID\" is a required field." );
|
||
|
}
|
||
|
else if( !$updateExisting && strcmp( $password, "" ) == 0 ) {
|
||
|
$error = 1;
|
||
|
sb_showRegisterForm( "You must enter a password." );
|
||
|
}
|
||
|
else if( strcmp( $email, "" ) == 0 ) {
|
||
|
$error = 1;
|
||
|
sb_showRegisterForm( "You must enter an email address." );
|
||
|
}
|
||
|
else if( strcmp( $password, $password_b ) != 0 ) {
|
||
|
$error = 1;
|
||
|
sb_showRegisterForm( "Your re-typed password does not match." );
|
||
|
}
|
||
|
|
||
|
if( ! $error ) {
|
||
|
if( !$updateExisting && sb_doesUserExist( $user_id ) ) {
|
||
|
|
||
|
sb_showRegisterForm( "User id <B>$user_id</B> already exists." );
|
||
|
}
|
||
|
else if( !$updateExisting && strcmp( $user_id, "Anonymous" ) == 0 ) {
|
||
|
|
||
|
sb_showRegisterForm( "User id <B>Anonymous</B> is reserved." );
|
||
|
}
|
||
|
else if( !$updateExisting ) {
|
||
|
$password_md5 = sb_computePasswordHash( sb_stripMagicQuotes( $user_id ),
|
||
|
$password );
|
||
|
|
||
|
$approved = 0;
|
||
|
$administrator = 0;
|
||
|
|
||
|
if( sb_getUserCount() == 0 ) {
|
||
|
// auto admin and approve
|
||
|
$approved = 1;
|
||
|
$administrator = 1;
|
||
|
}
|
||
|
if( $autoApproveUsers ) {
|
||
|
$approved = 1;
|
||
|
}
|
||
|
$query = "INSERT INTO $tableNamePrefix". "users VALUES ( " .
|
||
|
"'$user_id', '$password_md5', '$email', NULL, ".
|
||
|
"'$approved', '$administrator' );";
|
||
|
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
if( $approved ) {
|
||
|
// log the user in using same POST variables
|
||
|
sb_login();
|
||
|
}
|
||
|
else {
|
||
|
// tell the user that their account registration is pending
|
||
|
// display failure page
|
||
|
|
||
|
sb_messagePage( "Your account request has been sent to the ".
|
||
|
"administrators for approval.<BR>".
|
||
|
"You will receive an email with further ".
|
||
|
"information." );
|
||
|
|
||
|
global $fullSeedBlogsURL, $emailAdminsAboutPendingItems;
|
||
|
|
||
|
if( $emailAdminsAboutPendingItems ) {
|
||
|
sb_sendAdminNotice(
|
||
|
"The following new account is waiting for approval:\n".
|
||
|
"$user_id\n\n".
|
||
|
"After you log in, check the following link for ".
|
||
|
"details:\n".
|
||
|
"$fullSeedBlogsURL?action=show_account_queue" );
|
||
|
}
|
||
|
}
|
||
|
|
||
|
$approvalMessage = "";
|
||
|
if( $approved ) {
|
||
|
$approvalMessage =
|
||
|
"Your account request has been auto-approved.";
|
||
|
}
|
||
|
else {
|
||
|
$approvalMessage =
|
||
|
"Your account is awaiting approval from the ".
|
||
|
"administrators. You will receive an email when your ".
|
||
|
"account is approved.";
|
||
|
}
|
||
|
// send an email with account information
|
||
|
global $siteName, $mainSiteURL, $siteEmailAddress;
|
||
|
$mailHeaders = "From: $siteEmailAddress";
|
||
|
$result = mail( $email, "$siteName account requested",
|
||
|
"Your account request at $mainSiteURL has been ".
|
||
|
"received.\n\n".
|
||
|
"$approvalMessage\n\n".
|
||
|
"Here is your account information:\n\n".
|
||
|
"User ID: $user_id\n".
|
||
|
"Email: $email\n",
|
||
|
$mailHeaders );
|
||
|
}
|
||
|
else {
|
||
|
// updating an existing account
|
||
|
|
||
|
$passwordUpdate = "";
|
||
|
if( strcmp( $password, "" ) != 0 ) {
|
||
|
// new password (already checked that $password_b matches)
|
||
|
$password_md5 = sb_computePasswordHash(
|
||
|
sb_stripMagicQuotes( $loggedInID ), $password );
|
||
|
|
||
|
$passwordUpdate = "password_md5 = '$password_md5', ";
|
||
|
}
|
||
|
$query = "UPDATE $tableNamePrefix". "users SET " .
|
||
|
"$passwordUpdate email = '$email' ".
|
||
|
"WHERE user_id = '$loggedInID';";
|
||
|
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
$passwordMessage = "";
|
||
|
if( strcmp( $password, "" ) != 0 ) {
|
||
|
// log the user in using same POST variables
|
||
|
// need to do this to reset the cookie
|
||
|
sb_login();
|
||
|
$passwordMessage = "(new password set)\n";
|
||
|
}
|
||
|
else {
|
||
|
sb_messagePage( "Your account information has been updated.<BR> ".
|
||
|
"You will receive an email with your new ".
|
||
|
"information." );
|
||
|
}
|
||
|
|
||
|
// send an email with the updated account information
|
||
|
global $siteName, $mainSiteURL, $siteEmailAddress;
|
||
|
$mailHeaders = "From: $siteEmailAddress";
|
||
|
$result = mail( $email, "$siteName account information updated",
|
||
|
"Your account information at $mainSiteURL has ".
|
||
|
"been updated.\n\n".
|
||
|
"Here is your new account information:\n\n".
|
||
|
"User ID: $user_id\n".
|
||
|
"$passwordMessage".
|
||
|
"Email: $email\n",
|
||
|
$mailHeaders );
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Shows the editor form.
|
||
|
*
|
||
|
* @param $inBlogName the name of the blog to edit.
|
||
|
* @param $inPostID the postID to fill the form with, or NULL to
|
||
|
* show a blank form.
|
||
|
*/
|
||
|
function sb_showEditor( $inBlogName, $inPostID ) {
|
||
|
global $tableNamePrefix, $autoApprovePosts;
|
||
|
|
||
|
$show_author = sb_getRequestVariableSafe( "show_author" );
|
||
|
$show_date = sb_getRequestVariableSafe( "show_date" );
|
||
|
|
||
|
$blog_name = $inBlogName;
|
||
|
$author_name = "";
|
||
|
$subject_line = "";
|
||
|
$intro_text = "";
|
||
|
$body_text = "";
|
||
|
$expiration_date = NULL;
|
||
|
$allow_comments = 0;
|
||
|
// default to showing permalink
|
||
|
$show_permalink = 1;
|
||
|
$approved = 0;
|
||
|
$isExistingPost = false;
|
||
|
|
||
|
// populate form fields from database
|
||
|
if( $inPostID != NULL ) {
|
||
|
$query =
|
||
|
"SELECT * " .
|
||
|
"FROM $tableNamePrefix"."posts " .
|
||
|
"WHERE post_id = '$inPostID';";
|
||
|
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
|
||
|
if( mysql_numrows( $result ) != 1 ) {
|
||
|
sb_closeDatabase();
|
||
|
sb_fatalError( "Post $inPostID does not exist in database." );
|
||
|
}
|
||
|
|
||
|
$row = mysql_fetch_array( $result, MYSQL_ASSOC );
|
||
|
|
||
|
$blog_name = $row[ "blog_name" ];
|
||
|
$author_name = $row[ "user_id" ];
|
||
|
$subject_line = $row[ "subject_line" ];
|
||
|
$intro_text = $row[ "intro_text" ];
|
||
|
$body_text = $row[ "body_text" ];
|
||
|
$expiration_date = $row[ "expiration_date" ];
|
||
|
$allow_comments = $row[ "allow_comments" ];
|
||
|
$show_permalink = $row[ "show_permalink" ];
|
||
|
$approved = $row[ "approved" ];
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
$isExistingPost = true;
|
||
|
}
|
||
|
|
||
|
$buttonName = "Submit for Approval";
|
||
|
|
||
|
if( $isExistingPost ) {
|
||
|
$buttonName = "Update";
|
||
|
}
|
||
|
else {
|
||
|
if( sb_isAdministrator() ||
|
||
|
( $autoApprovePosts && strcmp( $loggedInID, "" ) != 0 ) ) {
|
||
|
// this is a direct post
|
||
|
$buttonName = "Post";
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// include the header before generating a page
|
||
|
global $header, $footer;
|
||
|
include_once( $header );
|
||
|
|
||
|
global $return_url;
|
||
|
?>
|
||
|
<FORM ACTION="seedBlogs.php" METHOD="post">
|
||
|
<INPUT TYPE="hidden" NAME="action"
|
||
|
VALUE="update_post">
|
||
|
<INPUT TYPE="hidden" NAME="return_url"
|
||
|
VALUE="<?php echo $return_url; ?>">
|
||
|
<INPUT TYPE="hidden" NAME="show_author"
|
||
|
VALUE="<?php echo $show_author; ?>">
|
||
|
<INPUT TYPE="hidden" NAME="show_date"
|
||
|
VALUE="<?php echo $show_date; ?>">
|
||
|
<INPUT TYPE="hidden" NAME="blog_name"
|
||
|
VALUE="<?php echo $blog_name; ?>">
|
||
|
<?php
|
||
|
if( $inPostID != NULL ) {
|
||
|
?>
|
||
|
<INPUT TYPE="hidden" NAME="post_id"
|
||
|
VALUE="<?php echo $inPostID; ?>">
|
||
|
<?php
|
||
|
}
|
||
|
?>
|
||
|
<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=1><TR><TD BGCOLOR=#777777>
|
||
|
<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=10>
|
||
|
<?php
|
||
|
// alternating background colors for blocks in form
|
||
|
$bgColor = "#CCCCCC";
|
||
|
$altColor = "#EEEEEE";
|
||
|
|
||
|
global $loggedInID;
|
||
|
if( strcmp( $loggedInID, "" ) == 0 ) {
|
||
|
// no one logged in, allow them to provide a name
|
||
|
?>
|
||
|
<TR><TD ALIGN=LEFT BGCOLOR=<?php echo $bgColor;?>>
|
||
|
Your Name:
|
||
|
</TD>
|
||
|
<TD ALIGN=RIGHT BGCOLOR=<?php echo $bgColor;?>>
|
||
|
<INPUT TYPE="text" MAXLENGTH=60 SIZE=30 NAME="author_name"
|
||
|
VALUE="<?php echo $author_name; ?>">
|
||
|
</TD>
|
||
|
</TR>
|
||
|
<?php
|
||
|
$tempColor = $bgColor;
|
||
|
$bgColor = $altColor;
|
||
|
$altColor = $tempColor;
|
||
|
}
|
||
|
?>
|
||
|
<TR><TD ALIGN=LEFT BGCOLOR=<?php echo $bgColor;?>>
|
||
|
Headline:
|
||
|
</TD>
|
||
|
<TD ALIGN=RIGHT BGCOLOR=<?php echo $bgColor;?>>
|
||
|
<INPUT TYPE="text" MAXLENGTH=60 SIZE=30 NAME="subject_line"
|
||
|
VALUE="<?php echo $subject_line; ?>">
|
||
|
</TD>
|
||
|
</TR>
|
||
|
<?php
|
||
|
$tempColor = $bgColor;
|
||
|
$bgColor = $altColor;
|
||
|
$altColor = $tempColor;
|
||
|
|
||
|
$introTextName = "Intro Text:";
|
||
|
|
||
|
if( preg_match( "/_comments/", $blog_name ) ) {
|
||
|
// only one block of text for comments
|
||
|
$introTextName = "Text:";
|
||
|
}
|
||
|
?>
|
||
|
<TR><TD COLSPAN=2 BGCOLOR=<?php echo $bgColor;?>>
|
||
|
<?php echo $introTextName; ?><BR>
|
||
|
<TEXTAREA NAME="intro_text" COLS=50 ROWS=10><?php echo htmlspecialchars( $intro_text ); ?></TEXTAREA>
|
||
|
</TD></TR>
|
||
|
<?php
|
||
|
$tempColor = $bgColor;
|
||
|
$bgColor = $altColor;
|
||
|
$altColor = $tempColor;
|
||
|
|
||
|
|
||
|
// hide body text block for comments
|
||
|
if( ! preg_match( "/_comments/", $blog_name ) ) {
|
||
|
?>
|
||
|
<TR><TD COLSPAN=2 BGCOLOR=<?php echo $bgColor;?>>
|
||
|
Body Text:<BR>
|
||
|
<TEXTAREA NAME="body_text" COLS=50 ROWS=10><?php echo htmlspecialchars( $body_text ); ?></TEXTAREA>
|
||
|
</TD></TR>
|
||
|
|
||
|
<?php
|
||
|
|
||
|
$tempColor = $bgColor;
|
||
|
$bgColor = $altColor;
|
||
|
$altColor = $tempColor;
|
||
|
}
|
||
|
else {
|
||
|
// force blank body text
|
||
|
echo '<INPUT TYPE="hidden" NAME="body_text" VALUE="">';
|
||
|
}
|
||
|
|
||
|
|
||
|
if( ! preg_match( "/_comments/", $blog_name ) ) {
|
||
|
// no expiration dates allowed on comments
|
||
|
?>
|
||
|
<TR>
|
||
|
<TD ALIGN=LEFT BGCOLOR=<?php echo $bgColor;?>>
|
||
|
Expires:
|
||
|
</TD>
|
||
|
<TD ALIGN=LEFT BGCOLOR=<?php echo $bgColor;?>>
|
||
|
<?php
|
||
|
|
||
|
$fillWithCurrentTime = 0;
|
||
|
|
||
|
// unchecked
|
||
|
$neverExpiresCheckedState = "";
|
||
|
|
||
|
if( $expiration_date == NULL ) {
|
||
|
$fillWithCurrentTime = 1;
|
||
|
|
||
|
$neverExpiresCheckedState = "CHECKED";
|
||
|
}
|
||
|
sb_printDateTimeFormFromTimestamp( "expire_",
|
||
|
$fillWithCurrentTime, $expiration_date );
|
||
|
?>
|
||
|
<INPUT TYPE="checkbox" NAME="never_expires" VALUE=1
|
||
|
<?php echo $neverExpiresCheckedState;?> > Never Expires
|
||
|
</TD>
|
||
|
</TR>
|
||
|
<?php
|
||
|
$tempColor = $bgColor;
|
||
|
$bgColor = $altColor;
|
||
|
$altColor = $tempColor;
|
||
|
}
|
||
|
|
||
|
|
||
|
// should we show comment-enabling widgets?
|
||
|
|
||
|
// no comments allowed on comments
|
||
|
if( ! preg_match( "/_comments/", $blog_name ) ) {
|
||
|
$allowCommentsCheckedState = "";
|
||
|
|
||
|
if( $allow_comments ) {
|
||
|
$allowCommentsCheckedState = "CHECKED";
|
||
|
}
|
||
|
?>
|
||
|
<TR><TD BGCOLOR=<?php echo $bgColor;?>></TD>
|
||
|
<TD BGCOLOR=<?php echo $bgColor;?>>
|
||
|
<INPUT TYPE="checkbox" NAME="allow_comments" VALUE=1
|
||
|
<?php echo $allowCommentsCheckedState;?> > Allow Comments
|
||
|
</TD>
|
||
|
</TR>
|
||
|
<?php
|
||
|
$tempColor = $bgColor;
|
||
|
$bgColor = $altColor;
|
||
|
$altColor = $tempColor;
|
||
|
}
|
||
|
|
||
|
|
||
|
// only give permalink option for non-comments
|
||
|
if( ! preg_match( "/_comments/", $blog_name ) ) {
|
||
|
// permalink-enabling widget
|
||
|
|
||
|
$showPermalinkCheckedState = "";
|
||
|
if( $show_permalink ) {
|
||
|
$showPermalinkCheckedState = "CHECKED";
|
||
|
}
|
||
|
?>
|
||
|
<TR><TD BGCOLOR=<?php echo $bgColor;?>></TD>
|
||
|
<TD BGCOLOR=<?php echo $bgColor;?>>
|
||
|
<INPUT TYPE="checkbox" NAME="show_permalink" VALUE=1
|
||
|
<?php echo $showPermalinkCheckedState;?> > Show Permanent Link
|
||
|
</TD>
|
||
|
</TR>
|
||
|
<?php
|
||
|
$tempColor = $bgColor;
|
||
|
$bgColor = $altColor;
|
||
|
$altColor = $tempColor;
|
||
|
}
|
||
|
|
||
|
|
||
|
// should we show approval widgets?
|
||
|
if( $isExistingPost &&
|
||
|
sb_isAdministrator() &&
|
||
|
$approved == 0 ) {
|
||
|
?>
|
||
|
<TR><TD BGCOLOR=<?php echo $bgColor;?>></TD>
|
||
|
<TD BGCOLOR=<?php echo $bgColor;?>>
|
||
|
<INPUT TYPE="checkbox" NAME="approve" VALUE=1> Approve Post
|
||
|
</TD>
|
||
|
</TR>
|
||
|
<?php
|
||
|
$tempColor = $bgColor;
|
||
|
$bgColor = $altColor;
|
||
|
$altColor = $tempColor;
|
||
|
}
|
||
|
|
||
|
// should show removal widgets?
|
||
|
if( $isExistingPost &&
|
||
|
sb_canEdit( $inPostID ) ) {
|
||
|
?>
|
||
|
<TR><TD BGCOLOR=<?php echo $bgColor;?>></TD>
|
||
|
<TD BGCOLOR=<?php echo $bgColor;?>>
|
||
|
<INPUT TYPE="checkbox" NAME="remove" VALUE=1> Remove Post
|
||
|
</TD>
|
||
|
</TR>
|
||
|
<?php
|
||
|
}
|
||
|
?>
|
||
|
</TABLE>
|
||
|
</TD></TR>
|
||
|
<TR><TD COLSPAN=2 ALIGN=RIGHT BGCOLOR=#FFFFFF>
|
||
|
<INPUT TYPE="Submit" VALUE="<?php echo $buttonName;?>">
|
||
|
</TD></TR>
|
||
|
</TABLE>
|
||
|
<?php
|
||
|
if( preg_match( "/_comments/", $blog_name ) ){
|
||
|
// comments never expire
|
||
|
echo '<INPUT TYPE="hidden" NAME="never_expires" VALUE=1>';
|
||
|
}
|
||
|
?>
|
||
|
|
||
|
</FORM>
|
||
|
|
||
|
<?php
|
||
|
// end the page with our footer
|
||
|
include_once( $footer );
|
||
|
|
||
|
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Updates a post from values submitted through editor form.
|
||
|
*
|
||
|
* @param $inBlogName the name of the blog to edit.
|
||
|
* @param $inPostID the post to update, or NULL to
|
||
|
* insert a new post.
|
||
|
*/
|
||
|
function sb_updatePost( $inBlogName, $inPostID ) {
|
||
|
global $return_url, $tableNamePrefix, $loggedInID;
|
||
|
|
||
|
$author_name = sb_getRequestVariableSafe( "author_name" );
|
||
|
$subject_line = sb_getRequestVariableSafe( "subject_line" );
|
||
|
|
||
|
$return_url = sb_getRequestVariableSafe( "return_url" );
|
||
|
|
||
|
// will encode illegal HTML tags whenver we display the post
|
||
|
$intro_text = sb_getRequestVariableRaw( "intro_text" );
|
||
|
$body_text = sb_getRequestVariableRaw( "body_text" );
|
||
|
|
||
|
$expire_month = sb_getRequestVariableSafe( "expire_month" );
|
||
|
$expire_day = sb_getRequestVariableSafe( "expire_day" );
|
||
|
$expire_year = sb_getRequestVariableSafe( "expire_year" );
|
||
|
$expire_hour = sb_getRequestVariableSafe( "expire_hour" );
|
||
|
$expire_minute = sb_getRequestVariableSafe( "expire_minute" );
|
||
|
$expire_ampm = sb_getRequestVariableSafe( "expire_ampm" );
|
||
|
$never_expires = sb_getRequestVariableSafe( "never_expires" );
|
||
|
|
||
|
// optional fields
|
||
|
$allow_comments = 0;
|
||
|
$show_permalink = 0;
|
||
|
$approve = 0;
|
||
|
$remove = 0;
|
||
|
if( isset( $_REQUEST[ "allow_comments" ] ) ) {
|
||
|
$allow_comments = sb_getRequestVariableSafe( "allow_comments" );
|
||
|
}
|
||
|
if( isset( $_REQUEST[ "show_permalink" ] ) ) {
|
||
|
$show_permalink = sb_getRequestVariableSafe( "show_permalink" );
|
||
|
}
|
||
|
if( isset( $_REQUEST[ "approve" ] ) ) {
|
||
|
$approve = sb_getRequestVariableSafe( "approve" );
|
||
|
}
|
||
|
if( isset( $_REQUEST[ "remove" ] ) ) {
|
||
|
$remove = sb_getRequestVariableSafe( "remove" );
|
||
|
}
|
||
|
|
||
|
if( preg_match( "/_comments/", $inBlogName ) ) {
|
||
|
// this is a comment post
|
||
|
|
||
|
// comments never allowed on comments
|
||
|
// permalinks always forced visible on comments
|
||
|
|
||
|
// make this check here (instead of on editor end) to prevent
|
||
|
// users from doctoring POST variables
|
||
|
|
||
|
$allow_comments = 0;
|
||
|
$show_permalink = 1;
|
||
|
}
|
||
|
|
||
|
|
||
|
$expiration_date = "NULL";
|
||
|
|
||
|
if( $never_expires != 1 ) {
|
||
|
// convert to date stamp
|
||
|
$expiration_date = sb_formatTime( $expire_year,
|
||
|
$expire_month,
|
||
|
$expire_day,
|
||
|
$expire_hour,
|
||
|
$expire_minute,
|
||
|
0, // ignore seconds
|
||
|
$expire_ampm );
|
||
|
$expiration_date = "'$expiration_date'";
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
$post_id = $inPostID;
|
||
|
|
||
|
$query = "";
|
||
|
|
||
|
/*
|
||
|
"CREATE TABLE posts(" .
|
||
|
"post_id VARCHAR(255) NOT NULL PRIMARY KEY," .
|
||
|
"blog_name VARCHAR(255) NOT NULL," .
|
||
|
"user_id VARCHAR(20) NOT NULL," .
|
||
|
"creation_date DATETIME NOT NULL," .
|
||
|
"change_date DATETIME NOT NULL," .
|
||
|
"expiration_date DATETIME," .
|
||
|
"allow_comments TINYINT NOT NULL," .
|
||
|
"show_permalink TINYINT NOT NULL," .
|
||
|
"approved TINYINT NOT NULL," .
|
||
|
"removed TINYINT NOT NULL," .
|
||
|
"subject_line VARCHAR(60) NOT NULL," .
|
||
|
"intro_text LONGTEXT," .
|
||
|
"body_text LONGTEXT );";
|
||
|
*/
|
||
|
global $header, $footer, $allowSubmissionsFromPublic;
|
||
|
|
||
|
$postAllowed = true;
|
||
|
$postApproved = 0;
|
||
|
|
||
|
$editingExisting = false;
|
||
|
|
||
|
if( $post_id == NULL ) {
|
||
|
if( strcmp( $loggedInID, "" ) == 0 &&
|
||
|
! $allowSubmissionsFromPublic &&
|
||
|
! preg_match( "/_comments/", $inBlogName ) ) {
|
||
|
// no one logged in, public posting forbidden, and this is not
|
||
|
// a comment list
|
||
|
$postAllowed = false;
|
||
|
|
||
|
// display failure page
|
||
|
sb_messagePage( "You must log in to submit posts." );
|
||
|
}
|
||
|
else if( strcmp( $author_name, "" ) != 0 &&
|
||
|
sb_doesUserExist( $author_name ) ) {
|
||
|
// a public (not logged in) user has specified an
|
||
|
// existing user's ID as their author name
|
||
|
|
||
|
$postAllowed = false;
|
||
|
sb_messagePage( "The name <B>$author_name</B> is already in".
|
||
|
" use by a registered user." );
|
||
|
}
|
||
|
else {
|
||
|
$post_id = sb_getUniquePostID();
|
||
|
|
||
|
global $autoApprovePosts, $loggedInID;
|
||
|
|
||
|
if( strcmp( $loggedInID, "" ) != 0 ) {
|
||
|
if( sb_getUserDatabaseField( $loggedInID,
|
||
|
"administrator" ) == 1 ) {
|
||
|
// admin posts auto-approved
|
||
|
$postApproved = 1;
|
||
|
}
|
||
|
else {
|
||
|
if( $autoApprovePosts ) {
|
||
|
// approve all posts from logged-in users
|
||
|
$postApproved = 1;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
$user_id = "Anonymous";
|
||
|
|
||
|
if( strcmp( $loggedInID, "" ) != 0 ) {
|
||
|
$user_id = $loggedInID;
|
||
|
}
|
||
|
else {
|
||
|
// no one logged in, use author name if it is set
|
||
|
if( strcmp( $author_name, "" ) != 0 ) {
|
||
|
$user_id = $author_name;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// this query is processed below, outside this if block
|
||
|
$query = "INSERT INTO $tableNamePrefix"."posts VALUES ( " .
|
||
|
"'$post_id', '$inBlogName', '$user_id', CURRENT_TIMESTAMP, " .
|
||
|
"CURRENT_TIMESTAMP, $expiration_date, '$allow_comments',".
|
||
|
"'$show_permalink', '$postApproved', ".
|
||
|
"\"0\", '$subject_line', " .
|
||
|
"'$intro_text', '$body_text' );";
|
||
|
|
||
|
|
||
|
// update the map
|
||
|
// lock to ensure our update is atomic
|
||
|
$mapQuery = "SELECT map FROM $tableNamePrefix"."order_map ".
|
||
|
"WHERE blog_name = '$inBlogName' LOCK IN SHARE MODE;";
|
||
|
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
$result = sb_queryDatabase( $mapQuery );
|
||
|
|
||
|
if( mysql_numrows( $result ) == 1 ) {
|
||
|
$map = mysql_result( $result, 0, 0 );
|
||
|
|
||
|
// stick this post at the top of the list
|
||
|
$map = $post_id . "\n" . $map;
|
||
|
|
||
|
$mapQuery = "UPDATE $tableNamePrefix"."order_map SET ".
|
||
|
"map = '$map' WHERE blog_name = '$inBlogName';";
|
||
|
}
|
||
|
else {
|
||
|
// insert a new map containing only this post_id
|
||
|
$mapQuery = "INSERT INTO $tableNamePrefix"."order_map ".
|
||
|
"VALUES ( " .
|
||
|
"'$inBlogName', '$post_id' );";
|
||
|
}
|
||
|
sb_queryDatabase( $mapQuery );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
}
|
||
|
}
|
||
|
else {
|
||
|
// editing an existing post
|
||
|
$editingExisting = true;
|
||
|
|
||
|
if( !sb_canEdit( $post_id ) ) {
|
||
|
$postAllowed = false;
|
||
|
|
||
|
// display failure page
|
||
|
sb_messagePage( "You are not allowed to edit this post." );
|
||
|
}
|
||
|
else {
|
||
|
// deal with approval and removal
|
||
|
$removedDataString = "removed = \"0\",";
|
||
|
if( $remove == 1 ) {
|
||
|
$removedDataString = "removed = \"1\",";
|
||
|
}
|
||
|
// default to not changing approval status
|
||
|
$approvedDataString = "";
|
||
|
if( $approve == 1 &&
|
||
|
sb_isAdministrator() ) {
|
||
|
$approvedDataString = "approved = \"1\",";
|
||
|
}
|
||
|
|
||
|
$query = "UPDATE $tableNamePrefix"."posts SET " .
|
||
|
"change_date = CURRENT_TIMESTAMP, " .
|
||
|
"expiration_date = $expiration_date, " .
|
||
|
"allow_comments = '$allow_comments', ".
|
||
|
"show_permalink = '$show_permalink', ".
|
||
|
"$removedDataString " .
|
||
|
"$approvedDataString " .
|
||
|
"subject_line = '$subject_line', " .
|
||
|
"intro_text = '$intro_text', body_text = '$body_text' " .
|
||
|
"WHERE post_id = '$post_id';";
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if( $postAllowed ) {
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
sb_queryDatabase( $query );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
if( $remove != 1 ) {
|
||
|
if( $postApproved == 1 ||
|
||
|
sb_isAdministrator() ||
|
||
|
$editingExisting ) {
|
||
|
|
||
|
// display the updated post
|
||
|
|
||
|
// redirect
|
||
|
header( "Location: $return_url" );
|
||
|
}
|
||
|
else {
|
||
|
// let the user know the post has been submitted
|
||
|
sb_messagePage( "The post has been submitted for approval." );
|
||
|
|
||
|
|
||
|
global $fullSeedBlogsURL, $emailAdminsAboutPendingItems;
|
||
|
|
||
|
if( $emailAdminsAboutPendingItems ) {
|
||
|
sb_sendAdminNotice(
|
||
|
"A new post is waiting for approval:\n\n".
|
||
|
"After you log in, check the following link for ".
|
||
|
"details:\n".
|
||
|
"$fullSeedBlogsURL?action=show_post_queue".
|
||
|
"&blog_name=$inBlogName" );
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
else {
|
||
|
// let the user know the post was removed
|
||
|
sb_messagePage( "The post has been removed." );
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Moves a post up in the order map.
|
||
|
*
|
||
|
* @param $inBlogName the name of the blog.
|
||
|
* @param $inPostID the post to move up.
|
||
|
*/
|
||
|
function sb_moveUp( $inBlogName, $inPostID ) {
|
||
|
sb_movePost( $inBlogName, $inPostID, -1 );
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Moves a post down in the order map.
|
||
|
*
|
||
|
* @param $inBlogName the name of the blog.
|
||
|
* @param $inPostID the post to move down.
|
||
|
*/
|
||
|
function sb_moveDown( $inBlogName, $inPostID ) {
|
||
|
sb_movePost( $inBlogName, $inPostID, 1 );
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Moves a post in the order map.
|
||
|
*
|
||
|
* @param $inBlogName the name of the blog.
|
||
|
* @param $inPostID the post to move.
|
||
|
* @param $inMoveDirection -1 for up, or 1 for down.
|
||
|
*/
|
||
|
function sb_movePost( $inBlogName, $inPostID, $inMoveDirection ) {
|
||
|
global $return_url, $tableNamePrefix, $loggedInID;
|
||
|
// update the map
|
||
|
// lock to ensure our update is atomic
|
||
|
$mapQuery = "SELECT map FROM $tableNamePrefix"."order_map ".
|
||
|
"WHERE blog_name = '$inBlogName' LOCK IN SHARE MODE;";
|
||
|
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
$result = sb_queryDatabase( $mapQuery );
|
||
|
|
||
|
if( mysql_numrows( $result ) == 1 ) {
|
||
|
$map = mysql_result( $result, 0, 0 );
|
||
|
|
||
|
|
||
|
$mapArray = preg_split( "/\s+/", $map );
|
||
|
// move this post up in the list, skipping over expired, removed,
|
||
|
// or unapproved posts
|
||
|
|
||
|
// first, find the index of our post
|
||
|
$postIndex = -1;
|
||
|
|
||
|
for( $i=0; $i<count( $mapArray ) && $postIndex == -1; $i++ ) {
|
||
|
if( strcmp( $mapArray[$i], $inPostID ) == 0 ) {
|
||
|
$postIndex = $i;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if( $postIndex == -1 ) {
|
||
|
sb_fatalError( "Could not find post $inPostID in $inBlogName " .
|
||
|
"order map." );
|
||
|
}
|
||
|
|
||
|
|
||
|
// move post, ignoring invisible posts, until it passes
|
||
|
// one visible post
|
||
|
$limit = 0;
|
||
|
if( $inMoveDirection == 1 ) {
|
||
|
// moving down
|
||
|
$limit = count( $mapArray ) - 1;
|
||
|
}
|
||
|
|
||
|
$doneMoving = false;
|
||
|
|
||
|
if( $postIndex == $limit ) {
|
||
|
$doneMoving = true;
|
||
|
}
|
||
|
|
||
|
$passedOneVisible = false;
|
||
|
|
||
|
while( ! $doneMoving ) {
|
||
|
|
||
|
$nextHigherID = $mapArray[ $postIndex + $inMoveDirection ];
|
||
|
|
||
|
$nextVisible = sb_isPostVisible( $nextHigherID );
|
||
|
|
||
|
// move post up one spot
|
||
|
$mapArray[ $postIndex ] = $nextHigherID;
|
||
|
$mapArray[ $postIndex + $inMoveDirection ] = $inPostID;
|
||
|
|
||
|
$postIndex += $inMoveDirection;
|
||
|
|
||
|
if( $nextVisible || $postIndex == $limit ) {
|
||
|
// we've passed at least one visible, or we've hit the limit
|
||
|
$doneMoving = true;
|
||
|
}
|
||
|
}
|
||
|
$map = implode( $mapArray, "\n" );
|
||
|
|
||
|
$mapQuery = "UPDATE $tableNamePrefix"."order_map SET ".
|
||
|
"map = '$map' WHERE blog_name = '$inBlogName';";
|
||
|
}
|
||
|
else {
|
||
|
// insert a new map containing only this post_id
|
||
|
$mapQuery = "INSERT INTO $tableNamePrefix"."order_map ".
|
||
|
"VALUES ( " .
|
||
|
"'$inBlogName', '$post_id' );";
|
||
|
}
|
||
|
sb_queryDatabase( $mapQuery );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
// redirect to return URL
|
||
|
header( "Location: $return_url" );
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Displays a full post.
|
||
|
*
|
||
|
* @param $inPostID the postID to display.
|
||
|
*/
|
||
|
function sb_displayPost( $inPostID ) {
|
||
|
global $tableNamePrefix;
|
||
|
|
||
|
$show_author = sb_getRequestVariableSafe( "show_author" );
|
||
|
$show_date = sb_getRequestVariableSafe( "show_date" );
|
||
|
|
||
|
global $return_url;
|
||
|
|
||
|
//if( $return_url == NULL ) {
|
||
|
// the display page should be the return destination after edits
|
||
|
$return_url = sb_getReturnURL();
|
||
|
$return_url = urlencode( $return_url );
|
||
|
// }
|
||
|
|
||
|
$query =
|
||
|
"SELECT * " .
|
||
|
"FROM $tableNamePrefix"."posts " .
|
||
|
"WHERE post_id = '$inPostID';";
|
||
|
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
|
||
|
if( mysql_numrows( $result ) != 1 ) {
|
||
|
sb_closeDatabase();
|
||
|
sb_fatalError( "Post $inPostID does not exist in database." );
|
||
|
}
|
||
|
|
||
|
$row = mysql_fetch_array( $result, MYSQL_ASSOC );
|
||
|
|
||
|
$subject_line = $row[ "subject_line" ];
|
||
|
$intro_text = $row[ "intro_text" ];
|
||
|
$body_text = $row[ "body_text" ];
|
||
|
$blog_name = $row[ "blog_name" ];
|
||
|
|
||
|
$allow_comments = $row[ "allow_comments" ];
|
||
|
$show_permalink = $row[ "show_permalink" ];
|
||
|
$approved = $row[ "approved" ];
|
||
|
|
||
|
$user_id = $row[ "user_id" ];
|
||
|
$date = $row[ "creation_date" ];
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
// trim leading/trailing whitespace
|
||
|
$subject_line = trim( $subject_line );
|
||
|
$intro_text = trim( $intro_text );
|
||
|
$body_text = trim( $body_text );
|
||
|
|
||
|
|
||
|
global $header, $footer;
|
||
|
include_once( $header );
|
||
|
|
||
|
|
||
|
global $storyBlockFormatOpen, $storyBlockFormatClose,
|
||
|
$headlineFormatOpen, $headlineFormatClose,
|
||
|
$textBlockFormatOpen, $textBlockFormatClose;
|
||
|
|
||
|
if( ! $show_author ) {
|
||
|
$user_id = NULL;
|
||
|
}
|
||
|
if( ! $show_date ) {
|
||
|
$date = NULL;
|
||
|
}
|
||
|
|
||
|
$showLinkToComments = 0;
|
||
|
|
||
|
$commentCount = sb_countComments( $inPostID, 1 );
|
||
|
|
||
|
if( $allow_comments && $commentCount == 0 ) {
|
||
|
|
||
|
// show link to comments, which will be a "submit comment" link
|
||
|
$showLinkToComments = 1;
|
||
|
}
|
||
|
|
||
|
|
||
|
sb_generateStoryBlock( $blog_name,
|
||
|
$inPostID,
|
||
|
$subject_line,
|
||
|
$user_id,
|
||
|
$date,
|
||
|
// hide up and down widgets
|
||
|
0,
|
||
|
0,
|
||
|
$intro_text,
|
||
|
$body_text,
|
||
|
1, // embed body text
|
||
|
$showLinkToComments,
|
||
|
$show_permalink,
|
||
|
$return_url,
|
||
|
// formatting options:
|
||
|
$storyBlockFormatOpen,
|
||
|
$storyBlockFormatClose,
|
||
|
$headlineFormatOpen,
|
||
|
$headlineFormatClose,
|
||
|
$textBlockFormatOpen,
|
||
|
$textBlockFormatClose );
|
||
|
|
||
|
|
||
|
|
||
|
if( $allow_comments ) {
|
||
|
if( $commentCount > 0 ) {
|
||
|
echo "<TABLE WIDTH=100% CELLSPACING=0 CELLPADDING=0 BORDER=0>";
|
||
|
echo "<TR><TD ALIGN=LEFT COLSPAN=2>";
|
||
|
echo "<A NAME=\"comments\">";
|
||
|
sb_showComments( $inPostID );
|
||
|
echo "</TD></TR></TABLE>";
|
||
|
}
|
||
|
}
|
||
|
|
||
|
//echo "</TD></TR></TABLE>";
|
||
|
|
||
|
echo "<BR>";
|
||
|
|
||
|
include_once( $footer );
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Displays an archive for a blog using posted values to specify the range
|
||
|
* of posts to list.
|
||
|
*
|
||
|
* @param $inBlogName the name of the blog to show an archive for.
|
||
|
*/
|
||
|
function sb_showArchive( $inBlogName ) {
|
||
|
|
||
|
$offset = sb_getRequestVariableSafe( "offset" );
|
||
|
$count = sb_getRequestVariableSafe( "count" );
|
||
|
$order = sb_getRequestVariableSafe( "order" );
|
||
|
$show_intro = sb_getRequestVariableSafe( "show_intro" );
|
||
|
$show_authors = sb_getRequestVariableSafe( "show_authors" );
|
||
|
$show_dates = sb_getRequestVariableSafe( "show_dates" );
|
||
|
$show_submit_link_to_public =
|
||
|
sb_getRequestVariableSafe( "show_submit_link_to_public" );
|
||
|
|
||
|
// this archive page should be the return destination after edits
|
||
|
global $return_url;
|
||
|
$return_url = sb_getReturnURL();
|
||
|
$return_url = urlencode( $return_url );
|
||
|
|
||
|
// now simply display a seedBlog with the appropriate offset
|
||
|
|
||
|
global $header, $footer;
|
||
|
|
||
|
include( $header );
|
||
|
|
||
|
echo "<TABLE BORDER=0 WIDTH=100%><TR><TD>";
|
||
|
seedBlog( $inBlogName,
|
||
|
$show_intro,
|
||
|
$show_authors,
|
||
|
$show_dates,
|
||
|
$order,
|
||
|
$count,
|
||
|
$offset,
|
||
|
1, // show the archive
|
||
|
$show_submit_link_to_public );
|
||
|
echo "</TD></TR></TABLE>";
|
||
|
include( $footer );
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Approves a post that is waiting in the admin queue.
|
||
|
*
|
||
|
* @param $inPostID the post to update, or NULL to
|
||
|
* insert a new post.
|
||
|
*/
|
||
|
function sb_approvePost( $inPostID ) {
|
||
|
global $return_url, $tableNamePrefix;
|
||
|
|
||
|
|
||
|
$post_id = $inPostID;
|
||
|
|
||
|
$query = "";
|
||
|
|
||
|
global $header, $footer;
|
||
|
|
||
|
$approvalAllowed = true;
|
||
|
|
||
|
if( $post_id == NULL ) {
|
||
|
|
||
|
$approvalAllowed = false;
|
||
|
|
||
|
// display failure page
|
||
|
sb_messagePage( "No post_id field given." );
|
||
|
}
|
||
|
else {
|
||
|
|
||
|
if( !sb_isAdministrator() ) {
|
||
|
|
||
|
$approvalAllowed = false;
|
||
|
|
||
|
// display failure page
|
||
|
sb_messagePage( "You must be an administrator to approve posts." );
|
||
|
}
|
||
|
else {
|
||
|
$query = "UPDATE $tableNamePrefix"."posts SET " .
|
||
|
"approved = '1' " .
|
||
|
"WHERE post_id = '$post_id';";
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if( $approvalAllowed ) {
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
sb_queryDatabase( $query );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
// redirect to return URL
|
||
|
header( "Location: $return_url" );
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Approves an account that is waiting in the admin queue according to POSTed
|
||
|
* values
|
||
|
*/
|
||
|
function sb_approveAccount() {
|
||
|
global $return_url, $tableNamePrefix;
|
||
|
|
||
|
$user_id = sb_getRequestVariableSafe( "user_id" );
|
||
|
$admin = sb_getRequestVariableSafe( "admin" );
|
||
|
|
||
|
|
||
|
$query = "";
|
||
|
|
||
|
global $header, $footer;
|
||
|
|
||
|
$approvalAllowed = true;
|
||
|
|
||
|
if( $user_id == NULL ) {
|
||
|
|
||
|
$approvalAllowed = false;
|
||
|
|
||
|
// display failure page
|
||
|
sb_messagePage( "No user_id field given." );
|
||
|
}
|
||
|
else {
|
||
|
|
||
|
if( !sb_isAdministrator() ) {
|
||
|
|
||
|
$approvalAllowed = false;
|
||
|
|
||
|
// display failure page
|
||
|
sb_messagePage( "You must be an administrator to approve accounts." );
|
||
|
}
|
||
|
else {
|
||
|
$adminClause = "";
|
||
|
|
||
|
if( $admin == 1 ) {
|
||
|
$adminClause = ", administrator = '1' ";
|
||
|
}
|
||
|
|
||
|
$query = "UPDATE $tableNamePrefix" . "users SET " .
|
||
|
"approved = '1' $adminClause" .
|
||
|
"WHERE user_id = '$user_id';";
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if( $approvalAllowed ) {
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
sb_queryDatabase( $query );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
// send an email indicating approval
|
||
|
global $siteName, $mainSiteURL, $siteEmailAddress;
|
||
|
|
||
|
$email = sb_getUserDatabaseField( $user_id, "email" );
|
||
|
|
||
|
$adminMessage = "";
|
||
|
if( $admin ) {
|
||
|
$adminMessage = "You have been designated as an administrator.";
|
||
|
}
|
||
|
|
||
|
$mailHeaders = "From: $siteEmailAddress";
|
||
|
$result = mail( $email, "$siteName account approved",
|
||
|
"Your account request at $mainSiteURL has been ".
|
||
|
"approved.\n\n".
|
||
|
"$adminMessage\n",
|
||
|
$mailHeaders );
|
||
|
|
||
|
// redirect to return URL
|
||
|
header( "Location: $return_url" );
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Changes the admin status of an account according to POSTed values.
|
||
|
*/
|
||
|
function sb_changeAdminStatus() {
|
||
|
global $return_url, $tableNamePrefix;
|
||
|
|
||
|
$user_id = sb_getRequestVariableSafe( "user_id" );
|
||
|
$admin = sb_getRequestVariableSafe( "admin" );
|
||
|
|
||
|
|
||
|
$query = "";
|
||
|
|
||
|
$approvalAllowed = true;
|
||
|
|
||
|
if( $user_id == NULL || $admin == NULL ) {
|
||
|
|
||
|
// display failure page
|
||
|
sb_messagePage( "Required fields are missing." );
|
||
|
}
|
||
|
else {
|
||
|
|
||
|
if( !sb_isAdministrator() ) {
|
||
|
|
||
|
$approvalAllowed = false;
|
||
|
|
||
|
// display failure page
|
||
|
sb_messagePage( "You must be an administrator to change accounts." );
|
||
|
}
|
||
|
else {
|
||
|
$adminClause = "administrator = '0'";
|
||
|
|
||
|
if( $admin == 1 ) {
|
||
|
$adminClause = "administrator = '1'";
|
||
|
}
|
||
|
|
||
|
$query = "UPDATE $tableNamePrefix" . "users SET" .
|
||
|
" $adminClause " .
|
||
|
"WHERE user_id = '$user_id';";
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if( $approvalAllowed ) {
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
sb_queryDatabase( $query );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
// send an email indicating the change
|
||
|
global $siteName, $mainSiteURL, $siteEmailAddress;
|
||
|
|
||
|
$email = sb_getUserDatabaseField( $user_id, "email" );
|
||
|
|
||
|
$adminMessage = "";
|
||
|
if( $admin ) {
|
||
|
$adminMessage = "You have been designated as an administrator.";
|
||
|
}
|
||
|
else {
|
||
|
$adminMessage = "Your administrator status has been revoked.";
|
||
|
}
|
||
|
|
||
|
$mailHeaders = "From: $siteEmailAddress";
|
||
|
$result = mail( $email, "$siteName account changed",
|
||
|
"Your request at $mainSiteURL has been ".
|
||
|
"changed.\n\n".
|
||
|
"$adminMessage\n",
|
||
|
$mailHeaders );
|
||
|
|
||
|
// redirect to return URL
|
||
|
header( "Location: $return_url" );
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Removes an account according to POSTed values.
|
||
|
*/
|
||
|
function sb_removeAccount() {
|
||
|
global $return_url, $tableNamePrefix;
|
||
|
|
||
|
$user_id = sb_getRequestVariableSafe( "user_id" );
|
||
|
|
||
|
|
||
|
$query = 0;
|
||
|
|
||
|
global $header, $footer;
|
||
|
|
||
|
$removalAllowed = true;
|
||
|
|
||
|
if( $user_id == NULL ) {
|
||
|
|
||
|
$removalAllowed = false;
|
||
|
|
||
|
// display failure page
|
||
|
sb_messagePage( "No user_id field given." );
|
||
|
}
|
||
|
else {
|
||
|
|
||
|
if( !sb_isAdministrator() ) {
|
||
|
|
||
|
$removalAllowed = false;
|
||
|
|
||
|
// display failure page
|
||
|
sb_messagePage( "You must be an administrator to remove accounts." );
|
||
|
}
|
||
|
else {
|
||
|
$query = "DELETE FROM $tableNamePrefix" . "users " .
|
||
|
"WHERE user_id = '$user_id';";
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if( $removalAllowed ) {
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
sb_queryDatabase( $query );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
// redirect to return URL
|
||
|
header( "Location: $return_url" );
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Displays the admin queue for a given blog.
|
||
|
*
|
||
|
* @param $inBlogName the name of the blog to show a queue for, or "*" to
|
||
|
* show queue for all blogs together.
|
||
|
*/
|
||
|
function sb_showPostQueue( $inBlogName ) {
|
||
|
global $header, $footer, $tableNamePrefix;
|
||
|
|
||
|
if( ! sb_isAdministrator() ) {
|
||
|
sb_messagePage( "You must be an administrator to view the queue." );
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
|
||
|
$displayBlogName = "";
|
||
|
$blogNameQueryLine = "";
|
||
|
if( strcmp( $inBlogName, "*" ) != 0 ) {
|
||
|
$displayBlogName = "from <EM>$inBlogName</EM> ";
|
||
|
$blogNameQueryLine = "AND blog_name = '$inBlogName' ";
|
||
|
}
|
||
|
|
||
|
include( $header );
|
||
|
echo "<BR><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=5><TR><TD COLSPAN=4>";
|
||
|
echo "<FONT SIZE=4>Posts $displayBlogName".
|
||
|
"waiting for approval:</FONT></TD></TR>";
|
||
|
|
||
|
// get pending blog posts from the database
|
||
|
|
||
|
$orderClause = "ORDER BY creation_date DESC";
|
||
|
|
||
|
|
||
|
$query =
|
||
|
"SELECT * " .
|
||
|
"FROM $tableNamePrefix"."posts " .
|
||
|
"WHERE approved = '0' AND removed = '0' ".
|
||
|
"$blogNameQueryLine".
|
||
|
"AND ( expiration_date > CURRENT_TIMESTAMP OR " .
|
||
|
"expiration_date IS NULL ) " .
|
||
|
"$orderClause;";
|
||
|
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
|
||
|
|
||
|
$numRows = mysql_numrows( $result );
|
||
|
|
||
|
global $currentColor, $altColor;
|
||
|
|
||
|
/**
|
||
|
* Resets the value of the bg colors.
|
||
|
*/
|
||
|
function sb_resetBGColors() {
|
||
|
global $currentColor, $altColor;
|
||
|
|
||
|
$currentColor = "#CCCCCC";
|
||
|
$altColor = "#EEEEEE";
|
||
|
}
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Prints and alternating BGCOLOR attribute.
|
||
|
*/
|
||
|
function sb_printNextBGColor() {
|
||
|
global $currentColor, $altColor;
|
||
|
|
||
|
echo "BGCOLOR=$currentColor";
|
||
|
$tempColor = $currentColor;
|
||
|
$currentColor = $altColor;
|
||
|
$altColor = $tempColor;
|
||
|
}
|
||
|
|
||
|
|
||
|
if( $numRows == 0 ) {
|
||
|
echo "<TR><TD>[none]</TD></TR>";
|
||
|
}
|
||
|
else {
|
||
|
// table headers
|
||
|
echo "<TR><TD><B>Context:</B></TD>";
|
||
|
echo "<TD><B>Author:</B></TD>";
|
||
|
echo "<TD><B>Headline:</B></TD>";
|
||
|
echo "<TD></TD></TR>";
|
||
|
}
|
||
|
|
||
|
// this queue should be the return destination after edits
|
||
|
$return_url = sb_getReturnURL();
|
||
|
$return_url = urlencode( $return_url );
|
||
|
|
||
|
for( $i=0; $i<$numRows; $i++ ) {
|
||
|
// restart color cycling
|
||
|
sb_resetBGColors();
|
||
|
|
||
|
$blog_name = mysql_result( $result, $i, "blog_name" );
|
||
|
$subject_line = mysql_result( $result, $i, "subject_line" );
|
||
|
$post_id = mysql_result( $result, $i, "post_id" );
|
||
|
$author = mysql_result( $result, $i, "user_id" );
|
||
|
|
||
|
$context = $blog_name;
|
||
|
|
||
|
if( preg_match( "/_comments/", $blog_name ) ) {
|
||
|
|
||
|
preg_match( "/(.*)_comments/", $blog_name, $matches );
|
||
|
|
||
|
// matches[0] contains full matched string
|
||
|
// matches[1] contains first parenthesized subpattern
|
||
|
$parentPostID = $matches[1];
|
||
|
|
||
|
|
||
|
// fetch subject line of parent post
|
||
|
$query =
|
||
|
"SELECT * " .
|
||
|
"FROM $tableNamePrefix"."posts " .
|
||
|
"WHERE post_id = '$parentPostID';";
|
||
|
|
||
|
$contextResult = sb_queryDatabase( $query );
|
||
|
|
||
|
$context_subject_line =
|
||
|
mysql_result( $contextResult, 0, "subject_line" );
|
||
|
|
||
|
$context = "Comment to <A HREF=\"".
|
||
|
"seedBlogs.php?action=display_post" .
|
||
|
"&show_author=1&show_date=1".
|
||
|
"&post_id=$post_id&return_url=$return_url\">".
|
||
|
"$context_subject_line</A>";
|
||
|
}
|
||
|
|
||
|
echo "<TR><TD "; sb_printNextBGColor(); echo ">$context</TD>";
|
||
|
echo "<TD "; sb_printNextBGColor(); echo ">$author</TD>";
|
||
|
echo "<TD "; sb_printNextBGColor(); echo ">$subject_line</TD>";
|
||
|
|
||
|
echo "<TD NOWRAP "; sb_printNextBGColor();
|
||
|
echo ">[<A HREF=\"seedBlogs.php?action=display_post" .
|
||
|
"&show_author=1&show_date=1".
|
||
|
"&post_id=$post_id&return_url=$return_url\">View</A>]";
|
||
|
|
||
|
echo " - [<A HREF=\"seedBlogs.php?action=edit_post" .
|
||
|
"&post_id=$post_id&return_url=$return_url\">".
|
||
|
"Edit</A>]";
|
||
|
|
||
|
echo " - [<A HREF=\"seedBlogs.php?action=approve_post" .
|
||
|
"&post_id=$post_id&return_url=$return_url\">".
|
||
|
"Approve</A>]</TD></TR>";
|
||
|
|
||
|
// blank space
|
||
|
echo "<TR><TD COLSPAN=3 ALIGN=CENTER></TD></TR>";
|
||
|
}
|
||
|
|
||
|
echo "</TD></TR></TABLE><BR><BR>";
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
include( $footer );
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Displays the admin queue of pending account requests.
|
||
|
*/
|
||
|
function sb_showAccountQueue() {
|
||
|
global $header, $footer, $tableNamePrefix;
|
||
|
|
||
|
if( ! sb_isAdministrator() ) {
|
||
|
sb_messagePage( "You must be an administrator to view the queue." );
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
|
||
|
include( $header );
|
||
|
echo "<BR><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=5><TR><TD COLSPAN=3>";
|
||
|
echo "<FONT SIZE=4>Account requests ".
|
||
|
"waiting for approval:</FONT></TD></TR>";
|
||
|
|
||
|
// get pending accounts from the database
|
||
|
|
||
|
$query =
|
||
|
"SELECT * " .
|
||
|
"FROM $tableNamePrefix"."users " .
|
||
|
"WHERE approved = '0';";
|
||
|
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
$numRows = mysql_numrows( $result );
|
||
|
|
||
|
global $currentColor, $altColor;
|
||
|
|
||
|
/**
|
||
|
* Resets the value of the bg colors.
|
||
|
*/
|
||
|
function sb_resetBGColors() {
|
||
|
global $currentColor, $altColor;
|
||
|
|
||
|
$currentColor = "#CCCCCC";
|
||
|
$altColor = "#EEEEEE";
|
||
|
}
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Prints and alternating BGCOLOR attribute.
|
||
|
*/
|
||
|
function sb_printNextBGColor() {
|
||
|
global $currentColor, $altColor;
|
||
|
|
||
|
echo "BGCOLOR=$currentColor";
|
||
|
$tempColor = $currentColor;
|
||
|
$currentColor = $altColor;
|
||
|
$altColor = $tempColor;
|
||
|
}
|
||
|
|
||
|
|
||
|
if( $numRows == 0 ) {
|
||
|
echo "<TR><TD>[none]</TD></TR>";
|
||
|
}
|
||
|
else {
|
||
|
// table headers
|
||
|
echo "<TR><TD><B>User ID:</B></TD>";
|
||
|
echo "<TD><B>Email:</B></TD>";
|
||
|
echo "<TD></TD></TR>";
|
||
|
}
|
||
|
|
||
|
// this queue should be the return destination after edits
|
||
|
$return_url = sb_getReturnURL();
|
||
|
$return_url = urlencode( $return_url );
|
||
|
|
||
|
for( $i=0; $i<$numRows; $i++ ) {
|
||
|
// restart color cycling
|
||
|
sb_resetBGColors();
|
||
|
|
||
|
$user_id = mysql_result( $result, $i, "user_id" );
|
||
|
$email = mysql_result( $result, $i, "email" );
|
||
|
|
||
|
|
||
|
echo "<TR><TD "; sb_printNextBGColor(); echo ">$user_id</TD>";
|
||
|
echo "<TD "; sb_printNextBGColor(); echo ">$email</TD>";
|
||
|
|
||
|
echo "<TD NOWRAP "; sb_printNextBGColor();
|
||
|
echo ">[<A HREF=\"seedBlogs.php?action=remove_account" .
|
||
|
"&user_id=$user_id&return_url=$return_url\">reject</A>]";
|
||
|
|
||
|
echo " - [<A HREF=\"seedBlogs.php?action=approve_account" .
|
||
|
"&user_id=$user_id&admin=0&return_url=$return_url\">".
|
||
|
"approve</A>]";
|
||
|
|
||
|
echo " - [<A HREF=\"seedBlogs.php?action=approve_account" .
|
||
|
"&user_id=$user_id&admin=1&return_url=$return_url\">".
|
||
|
"approve and make admin</A>]</TD></TR>";
|
||
|
|
||
|
// blank space
|
||
|
echo "<TR><TD COLSPAN=3 ALIGN=CENTER></TD></TR>";
|
||
|
}
|
||
|
|
||
|
echo "</TD></TR></TABLE><BR><BR>";
|
||
|
|
||
|
include( $footer );
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Displays the admin list of all approved accounts in the system.
|
||
|
*/
|
||
|
function sb_showAccountList() {
|
||
|
global $header, $footer, $tableNamePrefix;
|
||
|
|
||
|
if( ! sb_isAdministrator() ) {
|
||
|
sb_messagePage( "You must be an administrator to ".
|
||
|
"view the account list." );
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
|
||
|
include( $header );
|
||
|
echo "<BR><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=5><TR><TD COLSPAN=4>";
|
||
|
echo "<FONT SIZE=4>Active Accounts:</FONT></TD></TR>";
|
||
|
|
||
|
// get pending accounts from the database
|
||
|
|
||
|
$query =
|
||
|
"SELECT * " .
|
||
|
"FROM $tableNamePrefix"."users " .
|
||
|
"WHERE approved = '1' ".
|
||
|
"ORDER BY user_id ASC;";
|
||
|
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
$numRows = mysql_numrows( $result );
|
||
|
|
||
|
global $currentColor, $altColor;
|
||
|
|
||
|
/**
|
||
|
* Resets the value of the bg colors.
|
||
|
*/
|
||
|
function sb_resetBGColors() {
|
||
|
global $currentColor, $altColor;
|
||
|
|
||
|
$currentColor = "#CCCCCC";
|
||
|
$altColor = "#EEEEEE";
|
||
|
}
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Prints and alternating BGCOLOR attribute.
|
||
|
*/
|
||
|
function sb_printNextBGColor() {
|
||
|
global $currentColor, $altColor;
|
||
|
|
||
|
echo "BGCOLOR=$currentColor";
|
||
|
$tempColor = $currentColor;
|
||
|
$currentColor = $altColor;
|
||
|
$altColor = $tempColor;
|
||
|
}
|
||
|
|
||
|
|
||
|
if( $numRows == 0 ) {
|
||
|
echo "<TR><TD>[none]</TD></TR>";
|
||
|
}
|
||
|
else {
|
||
|
// table headers
|
||
|
echo "<TR><TD><B>User ID:</B></TD>";
|
||
|
echo "<TD><B>Email:</B></TD>";
|
||
|
echo "<TD><B>Status:</B></TD>";
|
||
|
echo "<TD></TD></TR>";
|
||
|
}
|
||
|
|
||
|
// this queue should be the return destination after edits
|
||
|
$return_url = sb_getReturnURL();
|
||
|
$return_url = urlencode( $return_url );
|
||
|
|
||
|
for( $i=0; $i<$numRows; $i++ ) {
|
||
|
// restart color cycling
|
||
|
sb_resetBGColors();
|
||
|
|
||
|
$user_id = mysql_result( $result, $i, "user_id" );
|
||
|
$email = mysql_result( $result, $i, "email" );
|
||
|
$administrator = mysql_result( $result, $i, "administrator" );
|
||
|
|
||
|
|
||
|
echo "<TR><TD "; sb_printNextBGColor(); echo ">$user_id</TD>";
|
||
|
echo "<TD "; sb_printNextBGColor(); echo ">$email</TD>";
|
||
|
|
||
|
if( $administrator ) {
|
||
|
echo "<TD "; sb_printNextBGColor(); echo ">admin</TD>";
|
||
|
}
|
||
|
else {
|
||
|
echo "<TD "; sb_printNextBGColor(); echo "></TD>";
|
||
|
}
|
||
|
|
||
|
echo "<TD NOWRAP "; sb_printNextBGColor();
|
||
|
echo ">[<A HREF=\"seedBlogs.php?action=remove_account" .
|
||
|
"&user_id=$user_id&return_url=$return_url\">remove</A>]";
|
||
|
|
||
|
if( $administrator == 1 ) {
|
||
|
echo " - [<A HREF=\"seedBlogs.php?action=change_admin_status" .
|
||
|
"&user_id=$user_id&admin=0&return_url=$return_url\">".
|
||
|
"revoke admin status</A>]";
|
||
|
}
|
||
|
else {
|
||
|
echo " - [<A HREF=\"seedBlogs.php?action=change_admin_status" .
|
||
|
"&user_id=$user_id&admin=1&return_url=$return_url\">".
|
||
|
"make admin</A>]";
|
||
|
}
|
||
|
|
||
|
// blank space
|
||
|
echo "<TR><TD COLSPAN=4 ALIGN=CENTER></TD></TR>";
|
||
|
}
|
||
|
|
||
|
echo "</TD></TR></TABLE><BR><BR>";
|
||
|
|
||
|
include( $footer );
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Performs search using posted variables and displays a results page.
|
||
|
*/
|
||
|
function sb_search() {
|
||
|
global $tableNamePrefix;
|
||
|
|
||
|
$key_words = sb_getRequestVariableSafe( "key_words" );
|
||
|
|
||
|
// this result page should be the return destination after edits
|
||
|
$return_url = sb_getReturnURL();
|
||
|
$return_url = urlencode( $return_url );
|
||
|
|
||
|
|
||
|
$keywordArray = explode( " ", $key_words );
|
||
|
$keywordWhereClause = "";
|
||
|
|
||
|
foreach( $keywordArray as $name => $word ) {
|
||
|
$keywordWhereClause = $keywordWhereClause .
|
||
|
"AND ( subject_line LIKE '%$word%' " .
|
||
|
"OR intro_text LIKE '%$word%' ".
|
||
|
"OR body_text LIKE '%$word%' )";
|
||
|
}
|
||
|
|
||
|
$query =
|
||
|
"SELECT * " .
|
||
|
"FROM $tableNamePrefix"."posts " .
|
||
|
"WHERE approved = '1' AND removed = '0' ".
|
||
|
"AND ( expiration_date > CURRENT_TIMESTAMP OR " .
|
||
|
"expiration_date IS NULL ) " .
|
||
|
"$keywordWhereClause;";
|
||
|
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
$numRows = mysql_numrows( $result );
|
||
|
|
||
|
global $header, $footer;
|
||
|
|
||
|
include( $header );
|
||
|
|
||
|
echo "<TABLE BORDER=0 WIDTH=100%><TR><TD>";
|
||
|
|
||
|
|
||
|
echo "<FONT SIZE=5>Search for <EM>$key_words</EM>:</FONT><BR><BR>";
|
||
|
|
||
|
if( $numRows == 0 ) {
|
||
|
echo "[no results]<BR>";
|
||
|
}
|
||
|
|
||
|
global $storyBlockFormatOpen, $storyBlockFormatClose,
|
||
|
$headlineFormatOpen, $headlineFormatClose,
|
||
|
$textBlockFormatOpen, $textBlockFormatClose, $storySeparator;
|
||
|
|
||
|
|
||
|
for( $i=0; $i<$numRows; $i++ ) {
|
||
|
|
||
|
$post_id = mysql_result( $result, $i, "post_id" );
|
||
|
$blog_name = mysql_result( $result, $i, "blog_name" );
|
||
|
$user_id = mysql_result( $result, $i, "user_id" );
|
||
|
$subject_line = mysql_result( $result, $i, "subject_line" );
|
||
|
$intro_text = mysql_result( $result, $i, "intro_text" );
|
||
|
$body_text = mysql_result( $result, $i, "body_text" );
|
||
|
$creation_date = mysql_result( $result, $i, "creation_date" );
|
||
|
$allow_comments = mysql_result( $result, $i, "allow_comments" );
|
||
|
$show_permalink = mysql_result( $result, $i, "show_permalink" );
|
||
|
|
||
|
sb_generateStoryBlock( $blog_name,
|
||
|
$post_id,
|
||
|
trim( $subject_line ),
|
||
|
$user_id,
|
||
|
$creation_date,
|
||
|
// hide up and down widgets
|
||
|
0,
|
||
|
0,
|
||
|
trim( $intro_text ),
|
||
|
trim( $body_text ),
|
||
|
0, // show link to body text
|
||
|
$allow_comments,
|
||
|
$show_permalink,
|
||
|
$return_url,
|
||
|
// formatting options:
|
||
|
$storyBlockFormatOpen,
|
||
|
$storyBlockFormatClose,
|
||
|
$headlineFormatOpen,
|
||
|
$headlineFormatClose,
|
||
|
$textBlockFormatOpen,
|
||
|
$textBlockFormatClose );
|
||
|
|
||
|
if( $i < $numRows - 1 ) {
|
||
|
// separate from next story
|
||
|
echo "$storySeparator";
|
||
|
}
|
||
|
}
|
||
|
|
||
|
echo "</TD></TR></TABLE>";
|
||
|
include( $footer );
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Generates HTML for a story block with intro text visible.
|
||
|
*
|
||
|
* The point of this function is to abstract out the basic story block
|
||
|
* rendering code so that seedBlogFormatted() and sb_search() can both use it.
|
||
|
*
|
||
|
* @param $inBlogName the name of the blog in the database.
|
||
|
* @param $inPostID the post ID.
|
||
|
* @param $inSubjectLine the whitespace trimmed subject line.
|
||
|
* @param $inUserID the author of the post, or NULL to hide the author byline.
|
||
|
* @param $inDateString the MySQL creation date string of this post, or NULL
|
||
|
* to hide the date from the display.
|
||
|
* @param $inShowUpWidget 1 to show up widgets for this post, or
|
||
|
* 0 to hide it.
|
||
|
* @param $inShowDownWidget 1 to show down widget for this post, or
|
||
|
* 0 to hide it.
|
||
|
* @param $inIntroText the raw intro text from the database, whitespace
|
||
|
* trimmed.
|
||
|
* @param $inBodyText the raw body text from the database, whitespace
|
||
|
* trimmed, or NULL if there is no body.
|
||
|
* @param $inEmbedBodyText 1 to include the body text in the story block,
|
||
|
* or 0 to show a "read more" link.
|
||
|
* @param $inAllowComments 1 to allow comments, or 0 to forbid them.
|
||
|
* @param $inShowPermalink 1 to show a permanent link, or 0 to hide it.
|
||
|
* @param $inReturnURL the URL of the page that this block is part of.
|
||
|
*
|
||
|
* Other parameters (formatting options) are identical to those passed into
|
||
|
* seedBlogFormatted.
|
||
|
*/
|
||
|
function sb_generateStoryBlock( $inBlogName,
|
||
|
$inPostID,
|
||
|
$inSubjectLine,
|
||
|
$inUserID,
|
||
|
$inDateString,
|
||
|
$inShowUpWidget,
|
||
|
$inShowDownWidget,
|
||
|
$inIntroText,
|
||
|
$inBodyText,
|
||
|
$inEmbedBodyText,
|
||
|
$inAllowComments,
|
||
|
$inShowPermalink,
|
||
|
$inReturnURL,
|
||
|
// formatting options:
|
||
|
$inStoryBlockFormatOpen,
|
||
|
$inStoryBlockFormatClose,
|
||
|
$inHeadlineFormatOpen,
|
||
|
$inHeadlineFormatClose,
|
||
|
$inTextBlockFormatOpen,
|
||
|
$inTextBlockFormatClose ) {
|
||
|
|
||
|
// open story block
|
||
|
echo "$inStoryBlockFormatOpen\n";
|
||
|
// formatted subject line (no link)
|
||
|
echo "$inHeadlineFormatOpen$inSubjectLine$inHeadlineFormatClose\n";
|
||
|
echo "$inTextBlockFormatOpen";
|
||
|
$show_author = 0;
|
||
|
$show_date = 0;
|
||
|
|
||
|
if( $inUserID != NULL || $inDateString != NULL ) {
|
||
|
echo "<TABLE WIDTH=100% CELLPADDING=0 CELLSPACING=0><TR>";
|
||
|
|
||
|
if( $inUserID != NULL ) {
|
||
|
echo "<TD>by $inUserID</TD>";
|
||
|
$show_author = 1;
|
||
|
}
|
||
|
if( $inDateString != NULL ) {
|
||
|
$timestamp = strtotime( $inDateString );
|
||
|
// format as in Sunday, July 7, 2005 [4:52 pm]
|
||
|
$dateString = date( "l, F j, Y [g:i a]", $timestamp );
|
||
|
|
||
|
if( $inUserID == NULL ) {
|
||
|
echo "<TD>";
|
||
|
}
|
||
|
else {
|
||
|
echo "<TD ALIGN=RIGHT>";
|
||
|
}
|
||
|
echo "<EM>$dateString</EM></TD>";
|
||
|
|
||
|
$show_date = 1;
|
||
|
}
|
||
|
echo "</TR></TABLE>";
|
||
|
}
|
||
|
|
||
|
if( sb_canEdit( $inPostID ) ) {
|
||
|
// Edit link next to subject
|
||
|
echo "[<A HREF=\"seedBlogs.php?action=edit_post".
|
||
|
"&blog_name=$inBlogName".
|
||
|
"&post_id=$inPostID&return_url=$inReturnURL".
|
||
|
"&show_author=$show_author&show_date=$show_date\">" .
|
||
|
"Edit</A>]";
|
||
|
|
||
|
if( sb_isAdministrator() ) {
|
||
|
// show an approve link, if post is pending approval
|
||
|
|
||
|
global $tableNamePrefix;
|
||
|
|
||
|
$query =
|
||
|
"SELECT * " .
|
||
|
"FROM $tableNamePrefix"."posts " .
|
||
|
"WHERE post_id = '$inPostID';";
|
||
|
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
$approved = mysql_result( $result, 0, "approved" );
|
||
|
|
||
|
if( $approved == 0 ) {
|
||
|
echo "[<A HREF=\"seedBlogs.php?action=approve_post" .
|
||
|
"&post_id=$inPostID&return_url=$inReturnURL\">".
|
||
|
"Approve</A>]";
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if( $inShowUpWidget ) {
|
||
|
echo "[<A HREF=\"seedBlogs.php?action=move_up".
|
||
|
"&blog_name=$inBlogName".
|
||
|
"&post_id=$inPostID&return_url=$inReturnURL\">" .
|
||
|
"Move Up</A>]";
|
||
|
}
|
||
|
if( $inShowDownWidget ) {
|
||
|
echo "[<A HREF=\"seedBlogs.php?action=move_down".
|
||
|
"&blog_name=$inBlogName".
|
||
|
"&post_id=$inPostID&return_url=$inReturnURL\">" .
|
||
|
"Move Down</A>]";
|
||
|
}
|
||
|
}
|
||
|
if( $inIntroText != NULL ) {
|
||
|
// intro text
|
||
|
$formattedIntro = sb_rcb_blog2html( $inIntroText );
|
||
|
echo "<BR>$formattedIntro";
|
||
|
}
|
||
|
if( $inBodyText != NULL && $inEmbedBodyText ) {
|
||
|
$formattedBody = sb_rcb_blog2html( $inBodyText );
|
||
|
echo "<BR><BR>$formattedBody";
|
||
|
}
|
||
|
|
||
|
// only open a table for the links if we are going to show some links
|
||
|
if( $inShowPermalink ||
|
||
|
( $inBodyText != NULL && ! $inEmbedBodyText ) ||
|
||
|
$inAllowComments ) {
|
||
|
|
||
|
// links under text
|
||
|
echo
|
||
|
"<BR><BR><TABLE BORDER=0 WIDTH=100% CELLSPACING=0 CELLPADDING=0><TR>";
|
||
|
if( $inBodyText != NULL && ! $inEmbedBodyText ) {
|
||
|
// a read-more link
|
||
|
echo "<TD ALIGN=LEFT>".
|
||
|
"<A HREF=\"seedBlogs.php?action=display_post" .
|
||
|
"&post_id=$inPostID".
|
||
|
"&show_author=$show_author&show_date=$show_date".
|
||
|
"\" TITLE=\"View the entire post\">Read more...</A></TD>";
|
||
|
}
|
||
|
else if( $inShowPermalink ) {
|
||
|
// a perma link
|
||
|
echo "<TD ALIGN=LEFT>".
|
||
|
"[<A HREF=\"seedBlogs.php?action=display_post" .
|
||
|
"&post_id=$inPostID".
|
||
|
"&show_author=$show_author&show_date=$show_date".
|
||
|
"\" TITLE=\"Permanent link for this post\">Link</A>]</TD>";
|
||
|
}
|
||
|
if( $inAllowComments ) {
|
||
|
$approvedCount = sb_countComments( $inPostID, 1 );
|
||
|
$queuedCount = sb_countComments( $inPostID, 0 );
|
||
|
|
||
|
$isAdmin = sb_isAdministrator();
|
||
|
|
||
|
echo "<TD ALIGN=RIGHT>";
|
||
|
|
||
|
if( $approvedCount > 0 ||
|
||
|
( $isAdmin && $queuedCount > 0 ) ) {
|
||
|
echo "[<A HREF=\"seedBlogs.php?action=display_post" .
|
||
|
"&post_id=$inPostID".
|
||
|
"&show_author=$show_author&show_date=$show_date".
|
||
|
"#comments\" TITLE=\"View and add comments\">".
|
||
|
"$approvedCount Comment";
|
||
|
|
||
|
if( $approvedCount != 1 ) {
|
||
|
echo "s";
|
||
|
}
|
||
|
echo "</A>";
|
||
|
|
||
|
if( $isAdmin && $queuedCount > 0 ) {
|
||
|
echo ", $queuedCount in <A HREF=\"seedBlogs.php?".
|
||
|
"action=show_post_queue".
|
||
|
"&blog_name=$inPostID"."_comments".
|
||
|
"&return_url=$inReturnURL\">Queue</A>";
|
||
|
}
|
||
|
echo "]";
|
||
|
}
|
||
|
else {
|
||
|
// no comments yet, but show link for submission
|
||
|
|
||
|
|
||
|
$postLinkName = "Submit Comment";
|
||
|
$allowPost = false;
|
||
|
|
||
|
global $autoApprovePublicComments, $loggedInID;
|
||
|
|
||
|
if( $autoApprovePublicComments ||
|
||
|
strcmp( $loggedInID, "" ) != 0 ) {
|
||
|
|
||
|
// post directly, don't submit
|
||
|
$postLinkName = "Post Comment";
|
||
|
}
|
||
|
|
||
|
echo "[<A HREF=\"seedBlogs.php?action=edit_post".
|
||
|
"&blog_name=$inPostID"."_comments".
|
||
|
"&return_url=$inReturnURL\" ".
|
||
|
"TITLE=\"Submit a comment into the approval queue\">" .
|
||
|
"$postLinkName</A>]";
|
||
|
|
||
|
}
|
||
|
echo"</TD>";
|
||
|
}
|
||
|
|
||
|
echo "</TR></TABLE>";
|
||
|
}
|
||
|
|
||
|
// close text block
|
||
|
echo "$inTextBlockFormatClose";
|
||
|
|
||
|
// close story block
|
||
|
echo "$inStoryBlockFormatClose";
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Generates RSS 2.0 XML for a blog, using posted variables to select the
|
||
|
* blog and configure the RSS feed.
|
||
|
*
|
||
|
* The following RSS 2.0 spec was followed:
|
||
|
* http://blogs.law.harvard.edu/tech/rss
|
||
|
*/
|
||
|
function sb_rssFeed() {
|
||
|
global $tableNamePrefix;
|
||
|
|
||
|
$blog_name = sb_getRequestVariableSafe( "blog_name" );
|
||
|
$channel_title =
|
||
|
sb_stripMagicQuotes( sb_getRequestVariableSafe( "channel_title" ) );
|
||
|
$channel_description =
|
||
|
sb_stripMagicQuotes( sb_getRequestVariableSafe( "channel_description" ) );
|
||
|
$max_number = sb_getRequestVariableSafe( "max_number" );
|
||
|
$show_authors = sb_getRequestVariableSafe( "show_authors" );
|
||
|
$show_dates = sb_getRequestVariableSafe( "show_dates" );
|
||
|
|
||
|
|
||
|
// for now, only order by creation date in RSS feed
|
||
|
$orderClause = "ORDER BY creation_date DESC";
|
||
|
|
||
|
|
||
|
$limitNumber = $max_number;
|
||
|
|
||
|
if( $max_number == -1 ) {
|
||
|
// use a large number, as suggested in the MySQL docs, to cause
|
||
|
// limit to be ignored
|
||
|
$limitNumber = 99999;
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
// LIMIT is only supported by MySQL
|
||
|
$query =
|
||
|
"SELECT * " .
|
||
|
"FROM $tableNamePrefix"."posts " .
|
||
|
"WHERE approved = '1' AND removed = '0' ".
|
||
|
"AND blog_name = '$blog_name' ".
|
||
|
"AND ( expiration_date > CURRENT_TIMESTAMP OR " .
|
||
|
"expiration_date IS NULL ) " .
|
||
|
"$orderClause LIMIT 0, $limitNumber;";
|
||
|
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
$numRows = mysql_numrows( $result );
|
||
|
|
||
|
global $mainSiteURL, $fullSeedBlogsURL;
|
||
|
|
||
|
header( "Content-type: application/xml" );
|
||
|
|
||
|
// echo this to avoid problems with <?
|
||
|
echo "<?xml version=\"1.0\"?>\n";
|
||
|
|
||
|
// now inline the rest of the XML
|
||
|
|
||
|
// tested this with a validator, and it is valid RSS
|
||
|
?>
|
||
|
|
||
|
<rss version="2.0">
|
||
|
<channel>
|
||
|
<title><?php echo $channel_title;?></title>
|
||
|
<link><?php echo $mainSiteURL;?></link>
|
||
|
<description><?php echo $channel_description;?></description>
|
||
|
<?php
|
||
|
|
||
|
for( $i=0; $i<$numRows; $i++ ) {
|
||
|
$subject_line = "";
|
||
|
$post_id = "";
|
||
|
$intro_text = "";
|
||
|
$date = "";
|
||
|
|
||
|
$subject_line = mysql_result( $result, $i, "subject_line" );
|
||
|
$post_id = mysql_result( $result, $i, "post_id" );
|
||
|
$intro_text = mysql_result( $result, $i, "intro_text" );
|
||
|
|
||
|
$date = mysql_result( $result, $i, "creation_date" );
|
||
|
|
||
|
// trim leading/trailing whitespace
|
||
|
$subject_line = trim( $subject_line );
|
||
|
$intro_text = trim( $intro_text );
|
||
|
|
||
|
// convert bbcode into HTML
|
||
|
// then encode the HTML for insertion into an XML document
|
||
|
$intro_text =
|
||
|
htmlspecialchars( sb_rcb_blog2html( strip_tags( $intro_text ) ) );
|
||
|
|
||
|
// & is forbidden in an XML document
|
||
|
$post_url =
|
||
|
$fullSeedBlogsURL .
|
||
|
"?action=display_post&post_id=$post_id".
|
||
|
"&show_author=$show_authors&show_date=$show_dates";
|
||
|
|
||
|
$timestamp = strtotime( $date );
|
||
|
// format as in Sun, 19 May 2002 15:21:36 GMT
|
||
|
// format copied from RSS 2.0 spec, cited above
|
||
|
// Spec points to RFC822 for date format.
|
||
|
// Found this format string for RFC822 in the PHP 5.1 source code
|
||
|
$formatString_RFC822 = "D, d M Y H:i:s T";
|
||
|
$dateString = date( $formatString_RFC822, $timestamp );
|
||
|
?>
|
||
|
|
||
|
<item>
|
||
|
<title><?php echo $subject_line;?></title>
|
||
|
<link><?php echo $post_url;?></link>
|
||
|
<description><?php echo $intro_text?></description>
|
||
|
<pubDate><?php echo $dateString?></pubDate>
|
||
|
</item>
|
||
|
<?php
|
||
|
|
||
|
// end for loop over posts
|
||
|
}
|
||
|
|
||
|
?>
|
||
|
|
||
|
</channel>
|
||
|
</rss>
|
||
|
|
||
|
<?php
|
||
|
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Generates a page showing comments for a given post.
|
||
|
*
|
||
|
* @param $inPostID the post to show comments for.
|
||
|
*/
|
||
|
function sb_showComments( $inPostID ) {
|
||
|
|
||
|
global $tableNamePrefix;
|
||
|
|
||
|
// first, get the post's subject line from the database
|
||
|
$query =
|
||
|
"SELECT * " .
|
||
|
"FROM $tableNamePrefix"."posts " .
|
||
|
"WHERE post_id = '$inPostID';";
|
||
|
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
|
||
|
if( mysql_numrows( $result ) != 1 ) {
|
||
|
sb_closeDatabase();
|
||
|
sb_fatalError( "Post $inPostID does not exist in database." );
|
||
|
}
|
||
|
|
||
|
$row = mysql_fetch_array( $result, MYSQL_ASSOC );
|
||
|
|
||
|
$subject_line = $row[ "subject_line" ];
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
|
||
|
|
||
|
// now display the comments for this post
|
||
|
|
||
|
// the name of the comment-holding blog in the database
|
||
|
$commentBlogName = $inPostID . "_comments";
|
||
|
|
||
|
|
||
|
global $headlineFormatOpen, $headlineFormatClose,
|
||
|
$commentListOpen, $commentListClose;
|
||
|
|
||
|
echo $commentListOpen;
|
||
|
|
||
|
// use a seedBlog to display the comments
|
||
|
// order oldest-first, so we can follow thread of discussion
|
||
|
seedBlog(
|
||
|
// name of this seed blog in the database
|
||
|
$commentBlogName,
|
||
|
// 1 = show intro text below headlines
|
||
|
// 0 = show only headlines
|
||
|
1,
|
||
|
// 1 = show creation date for each post
|
||
|
// 0 = hide dates
|
||
|
1,
|
||
|
// show authors
|
||
|
1,
|
||
|
// 2 = allow custom order tweaking with up/down widgets
|
||
|
// 1 = order by creation date (newest first)
|
||
|
// 0 = order by expiration date (oldest first)
|
||
|
// -1 = order by creation date (oldest first)
|
||
|
-1,
|
||
|
// show an unlimited number of comments
|
||
|
-1,
|
||
|
// skip none of them (start with first post)
|
||
|
0,
|
||
|
// show the archive link
|
||
|
0,
|
||
|
// show the submission link to public
|
||
|
1,
|
||
|
// never allow sub-comments
|
||
|
0
|
||
|
);
|
||
|
|
||
|
echo $commentListClose;
|
||
|
}
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Counts the comments associated with a given post.
|
||
|
*
|
||
|
* @param $inPostID the post to count comments for.
|
||
|
* @param $inApproved set to 1 to count only approved comments, or
|
||
|
* 0 to count comments in the approval queue. Defaults to 1.
|
||
|
*
|
||
|
* @return the number of comments.
|
||
|
*/
|
||
|
function sb_countComments( $inPostID, $inApproved = 1 ) {
|
||
|
global $tableNamePrefix;
|
||
|
|
||
|
// the name of the comment-holding blog in the database
|
||
|
$commentBlogName = $inPostID . "_comments";
|
||
|
|
||
|
|
||
|
$query =
|
||
|
"SELECT COUNT(*) FROM $tableNamePrefix"."posts ".
|
||
|
"WHERE approved = \"$inApproved\" AND removed = \"0\" AND ".
|
||
|
"blog_name = \"$commentBlogName\";";
|
||
|
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
$count = mysql_result( $result, 0, 0 );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
return $count;
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
// general-purpose functions down here, many copied from NCN
|
||
|
|
||
|
/**
|
||
|
* Connects to the database according to the database variables.
|
||
|
*/
|
||
|
function sb_connectToDatabase() {
|
||
|
global $databaseServer,
|
||
|
$databaseUsername, $databasePassword, $databaseName;
|
||
|
|
||
|
|
||
|
mysql_connect( $databaseServer, $databaseUsername, $databasePassword )
|
||
|
or sb_fatalError( "Could not connect to database server: " .
|
||
|
mysql_error() );
|
||
|
|
||
|
mysql_select_db( $databaseName )
|
||
|
or sb_fatalError( "Could not select $databaseName database: " .
|
||
|
mysql_error() );
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Closes the database connection.
|
||
|
*/
|
||
|
function sb_closeDatabase() {
|
||
|
mysql_close();
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Queries the database, and dies with an error message on failure.
|
||
|
*
|
||
|
* @param $inQueryString the SQL query string.
|
||
|
*
|
||
|
* @return a result handle that can be passed to other mysql functions.
|
||
|
*/
|
||
|
function sb_queryDatabase( $inQueryString ) {
|
||
|
|
||
|
$result = mysql_query( $inQueryString )
|
||
|
or sb_fatalError( "Database query failed:<BR>$inQueryString<BR><BR>" .
|
||
|
mysql_error() );
|
||
|
|
||
|
return $result;
|
||
|
}
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Checks whether a table exists in the currently-connected database.
|
||
|
*
|
||
|
* @param $inTableName the name of the table to look for.
|
||
|
*
|
||
|
* @return 1 if the table exists, or 0 if not.
|
||
|
*/
|
||
|
function sb_doesTableExist( $inTableName ) {
|
||
|
// check if our table exists
|
||
|
$tableExists = 0;
|
||
|
|
||
|
$query = "SHOW TABLES";
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
|
||
|
$numRows = mysql_numrows( $result );
|
||
|
|
||
|
|
||
|
for( $i=0; $i<$numRows && ! $tableExists; $i++ ) {
|
||
|
|
||
|
$tableName = mysql_result( $result, $i, 0 );
|
||
|
|
||
|
if( strcmp( $tableName, $inTableName ) == 0 ) {
|
||
|
$tableExists = 1;
|
||
|
}
|
||
|
}
|
||
|
return $tableExists;
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Displays the error page and dies.
|
||
|
*
|
||
|
* @param $message the error message to display on the error page.
|
||
|
*/
|
||
|
function sb_fatalError( $message ) {
|
||
|
//global $errorMessage;
|
||
|
|
||
|
// set the variable that is displayed inside error.php
|
||
|
//$errorMessage = $message;
|
||
|
|
||
|
//include_once( "error.php" );
|
||
|
|
||
|
// for now, just print error message
|
||
|
echo( "<B>Fatal error:</B> $message<BR>" );
|
||
|
die();
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Displays a message page.
|
||
|
*
|
||
|
* @param $message the message to display.
|
||
|
*/
|
||
|
function sb_messagePage( $message ) {
|
||
|
global $header, $footer;
|
||
|
include( $header );
|
||
|
echo( "<BR>$message<BR><BR>" );
|
||
|
include( $footer );
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Prints form elements for selecting a date and time.
|
||
|
*
|
||
|
* @param $namePrefix the prefix to use in each form element
|
||
|
* name. For example, if $namePrefix is "my_", then the
|
||
|
* form elements will have the following names:
|
||
|
* my_month, my_day, my_year, my_hour, my_minute, my_ampm
|
||
|
* All fields have numerical posted values, except ampm, which
|
||
|
* is either "am" or "pm".
|
||
|
* @param $fillWithCurrentTime set to 1 to fill with current time.
|
||
|
* @param $selected____ indicates values that should be pre-selected.
|
||
|
*/
|
||
|
function sb_printDateTimeForm( $namePrefix,
|
||
|
$fillWithCurrentTime = 0,
|
||
|
$selectedMonth = NULL, $selectedDay = NULL,
|
||
|
$selectedYear = NULL, $selectedHour = NULL,
|
||
|
$selectedMinute = NULL,
|
||
|
$selectedAMPM = NULL ) {
|
||
|
|
||
|
if( $fillWithCurrentTime ) {
|
||
|
$currentDateAndTime = getdate();
|
||
|
|
||
|
$selectedHour = $currentDateAndTime[ "hours" ];
|
||
|
$selectedAMPM = "am";
|
||
|
|
||
|
if( $selectedHour > 11 ) {
|
||
|
|
||
|
if( $selectedHour < 24 ) {
|
||
|
$selectedAMPM = "pm";
|
||
|
}
|
||
|
$selectedHour = $selectedHour - 12;
|
||
|
}
|
||
|
|
||
|
$selectedMonth = $currentDateAndTime[ "mon" ];
|
||
|
$selectedDay = $currentDateAndTime[ "mday" ];
|
||
|
$selectedYear = $currentDateAndTime[ "year" ];
|
||
|
|
||
|
$selectedMinute = $currentDateAndTime[ "minutes" ];
|
||
|
}
|
||
|
|
||
|
$months = array( "January", "February", "March", "April",
|
||
|
"May", "June", "July", "August", "September",
|
||
|
"October", "November", "December" );
|
||
|
|
||
|
echo "<TABLE BORDER=0><TR>";
|
||
|
echo "<TD>Date:</TD><TD><SELECT NAME=\"$namePrefix" . "month\">\n";
|
||
|
foreach( $months as $i => $monthName ) {
|
||
|
$monthNumber = $i + 1;
|
||
|
|
||
|
$selectedState = "";
|
||
|
if( $selectedMonth == $monthNumber ) {
|
||
|
$selectedState = "SELECTED";
|
||
|
}
|
||
|
echo "<OPTION VALUE=\"$monthNumber\" " .
|
||
|
"$selectedState>$monthName</OPTION>\n";
|
||
|
}
|
||
|
echo "</SELECT>\n";
|
||
|
|
||
|
echo "<SELECT NAME=\"$namePrefix" . "day\">\n";
|
||
|
for( $day=1; $day<=31; $day++ ) {
|
||
|
$selectedState = "";
|
||
|
if( $selectedDay == $day ) {
|
||
|
$selectedState = "SELECTED";
|
||
|
}
|
||
|
echo "<OPTION $selectedState>$day</OPTION>\n";
|
||
|
}
|
||
|
echo "</SELECT>\n";
|
||
|
|
||
|
echo "<SELECT NAME=\"$namePrefix" . "year\">\n";
|
||
|
for( $year=2005; $year<=2015; $year++ ) {
|
||
|
$selectedState = "";
|
||
|
if( $selectedYear == $year ) {
|
||
|
$selectedState = "SELECTED";
|
||
|
}
|
||
|
echo "<OPTION $selectedState>$year</OPTION>\n";
|
||
|
}
|
||
|
echo "</SELECT></TD></TR>\n";
|
||
|
|
||
|
// start new line
|
||
|
echo "<TR>";
|
||
|
|
||
|
echo "<TD>Time:</TD><TD><SELECT NAME=\"$namePrefix" . "hour\">\n";
|
||
|
for( $hour=1; $hour<=12; $hour++ ) {
|
||
|
$selectedState = "";
|
||
|
if( $selectedHour == $hour ) {
|
||
|
$selectedState = "SELECTED";
|
||
|
}
|
||
|
echo "<OPTION $selectedState>$hour</OPTION>\n";
|
||
|
}
|
||
|
echo "</SELECT>\n";
|
||
|
|
||
|
echo "<SELECT NAME=\"$namePrefix" . "minute\">\n";
|
||
|
for( $minute=0; $minute<=9; $minute++ ) {
|
||
|
$selectedState = "";
|
||
|
if( $selectedMinute == $minute ) {
|
||
|
$selectedState = "SELECTED";
|
||
|
}
|
||
|
echo "<OPTION VALUE=\"$minute\" $selectedState>" .
|
||
|
"0$minute</OPTION>\n";
|
||
|
}
|
||
|
|
||
|
for( $minute=10; $minute<=59; $minute++ ) {
|
||
|
$selectedState = "";
|
||
|
if( $selectedMinute == $minute ) {
|
||
|
$selectedState = "SELECTED";
|
||
|
}
|
||
|
echo "<OPTION $selectedState>$minute</OPTION>\n";
|
||
|
}
|
||
|
echo "</SELECT>\n";
|
||
|
|
||
|
// radio for am/pm
|
||
|
$amCheckedState = "";
|
||
|
$pmCheckedState = "";
|
||
|
|
||
|
if( strcmp( $selectedAMPM, "am" ) == 0 ) {
|
||
|
$amCheckedState = "checked";
|
||
|
}
|
||
|
if( strcmp( $selectedAMPM, "pm" ) == 0 ) {
|
||
|
$pmCheckedState = "checked";
|
||
|
}
|
||
|
|
||
|
echo "<INPUT TYPE=\"radio\" NAME=\"$namePrefix" .
|
||
|
"ampm\" VALUE=\"am\" $amCheckedState>am ";
|
||
|
echo "<INPUT TYPE=\"radio\" NAME=\"$namePrefix" .
|
||
|
"ampm\" VALUE=\"pm\" $pmCheckedState>pm ";
|
||
|
|
||
|
echo "</TD></TR></TABLE>";
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Prints form elements for selecting a date and time, preselecting a time
|
||
|
* using an SQL timestamp.
|
||
|
*
|
||
|
* @param $namePrefix the prefix to use in each form element
|
||
|
* name. For example, if $namePrefix is "my_", then the
|
||
|
* form elements will have the following names:
|
||
|
* my_month, my_day, my_year, my_hour, my_minute, my_ampm
|
||
|
* All fields have numerical posted values, except ampm, which
|
||
|
* is either "am" or "pm".
|
||
|
* @param $fillWithCurrentTime set to 1 to fill with current time.
|
||
|
* @param $selectedTimestamp the SQL timestamp to pre-select.
|
||
|
*/
|
||
|
function sb_printDateTimeFormFromTimestamp( $namePrefix,
|
||
|
$fillWithCurrentTime = 0,
|
||
|
$selectedTimestamp ) {
|
||
|
|
||
|
if( $fillWithCurrentTime ) {
|
||
|
// ignore selectedTimestamp
|
||
|
sb_printDateTimeForm( $namePrefix, $fillWithCurrentTime );
|
||
|
}
|
||
|
else {
|
||
|
$unixTimeInSeconds = strtotime( $selectedTimestamp );
|
||
|
|
||
|
// get array of separated time values
|
||
|
$timeValues = getdate( $unixTimeInSeconds );
|
||
|
|
||
|
$hours = $timeValues[ "hours" ];
|
||
|
|
||
|
// convert to 12-hour time
|
||
|
|
||
|
$ampm = "am";
|
||
|
|
||
|
if( $hours > 11 ) {
|
||
|
|
||
|
if( $hours < 24 ) {
|
||
|
$ampm = "pm";
|
||
|
}
|
||
|
$hours = $hours - 12;
|
||
|
}
|
||
|
|
||
|
sb_printDateTimeForm( $namePrefix,
|
||
|
$fillWithCurrentTime,
|
||
|
$timeValues[ "mon" ], $timeValues[ "mday" ],
|
||
|
$timeValues[ "year" ],
|
||
|
$hours,
|
||
|
$timeValues[ "minutes" ],
|
||
|
$ampm );
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Formats time data as an SQL timestamp.
|
||
|
* An example timestamp: "2005-01-19 17:22:50"
|
||
|
*
|
||
|
* Most parameters are self-explanatory, except:
|
||
|
* @param $ampm one of "am", "pm", or NULL to indicate 24-hour time.
|
||
|
*/
|
||
|
function sb_formatTime( $year, $month, $day, $hour, $minute, $second, $ampm ) {
|
||
|
|
||
|
$formattedHour = $hour;
|
||
|
if( $ampm != NULL ) {
|
||
|
if( strcmp( $ampm, "pm" ) == 0) {
|
||
|
$formattedHour += 12;
|
||
|
}
|
||
|
}
|
||
|
if( $formattedHour < 10 ) {
|
||
|
$formattedHour = "0$formattedHour";
|
||
|
}
|
||
|
|
||
|
$formattedMinute = $minute;
|
||
|
if( $formattedMinute < 10 ) {
|
||
|
$formattedMinute = "0$formattedMinute";
|
||
|
}
|
||
|
|
||
|
$formattedSecond = $second;
|
||
|
if( $formattedSecond < 10 ) {
|
||
|
$formattedSecond = "0$formattedSecond";
|
||
|
}
|
||
|
|
||
|
$formattedDay = $day;
|
||
|
if( $formattedDay < 10 ) {
|
||
|
$formattedDay = "0$formattedDay";
|
||
|
}
|
||
|
|
||
|
$formattedMonth = $month;
|
||
|
if( $formattedMonth < 10 ) {
|
||
|
$formattedMonth = "0$formattedMonth";
|
||
|
}
|
||
|
|
||
|
|
||
|
return "$year-$formattedMonth-$formattedDay " .
|
||
|
"$formattedHour:$formattedMinute:$formattedSecond";
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Gets a post ID that is guaranteed to be unique.
|
||
|
*
|
||
|
* A user must be logged in for this to work properly.
|
||
|
* In other words, the global $loggedInID must be set.
|
||
|
*
|
||
|
* This function queries the database to ensure that the ID is actually
|
||
|
* unique and tries IDs until a uniqe one is found
|
||
|
*
|
||
|
* The correctness of this function depends on the fact that a given
|
||
|
* user will only be inserting one item at a time into the database.
|
||
|
* If multiple items are being inserted, each INSERT querie must be
|
||
|
* performed before the next getUniqueListingID call.
|
||
|
*
|
||
|
* @return a unique ID.
|
||
|
*/
|
||
|
function sb_getUniquePostID() {
|
||
|
global $loggedInID, $tableNamePrefix;
|
||
|
|
||
|
// use current time as part of the ID string
|
||
|
$currentTime = time();
|
||
|
|
||
|
// keep trying until we create an ID that is unique in the database
|
||
|
// use counter in case more than one new item is inserted by
|
||
|
// a user in the same second (in which case, $currentTime will be
|
||
|
// the same for both items).
|
||
|
$uniqueListingCounter = 0;
|
||
|
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
$foundUnique = 0;
|
||
|
$uniqueID = "";
|
||
|
|
||
|
while( ! $foundUnique ) {
|
||
|
|
||
|
$uniqueID = "$loggedInID" . "_$currentTime" . "_$uniqueListingCounter";
|
||
|
|
||
|
$query = "SELECT * FROM $tableNamePrefix"."posts WHERE post_id = '$uniqueID';";
|
||
|
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
|
||
|
$numRows = mysql_numrows( $result );
|
||
|
|
||
|
if( $numRows == 0 ) {
|
||
|
// found a unique ID
|
||
|
$foundUnique = 1;
|
||
|
}
|
||
|
else {
|
||
|
// collision with existing ID
|
||
|
|
||
|
// increment counter and try again
|
||
|
$uniqueListingCounter ++;
|
||
|
}
|
||
|
}
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
return $uniqueID;
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Computes cryptographic hash on a password.
|
||
|
*
|
||
|
* @param $user_id the user's ID.
|
||
|
* @param $password the user's password.
|
||
|
*
|
||
|
* @return the 32-character, hex-encoded MD5 hash.
|
||
|
*/
|
||
|
function sb_computePasswordHash( $user_id, $password ) {
|
||
|
global $siteShortName;
|
||
|
|
||
|
$currentTime = time();
|
||
|
|
||
|
$stringToHash = "$siteShortName$user_id$password";
|
||
|
$password_md5 = md5( $stringToHash );
|
||
|
|
||
|
return $password_md5;
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Computes a session ID for a user.
|
||
|
*
|
||
|
* @param $user_id the user's ID.
|
||
|
* @param $password the user's password.
|
||
|
*
|
||
|
* @return the 32-character session ID.
|
||
|
*/
|
||
|
function sb_computeSessionID( $user_id, $password ) {
|
||
|
global $siteShortName;
|
||
|
|
||
|
$currentTime = time();
|
||
|
|
||
|
$session_id_string = "$siteShortName$user_id$password$currentTime";
|
||
|
$session_id = md5( $session_id_string );
|
||
|
|
||
|
return $session_id;
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Refreshes a user's cookie.
|
||
|
*
|
||
|
* @param $user_id the user's ID.
|
||
|
* @param $session_id the session ID.
|
||
|
*/
|
||
|
function sb_refreshCookie( $user_id, $session_id ) {
|
||
|
global $cookieName;
|
||
|
|
||
|
// expire in 24 hours
|
||
|
$expireTime = time() + 60 * 60 * 24;
|
||
|
|
||
|
setcookie( $cookieName ."_user_id", sb_stripMagicQuotes( $user_id ),
|
||
|
$expireTime, "/" );
|
||
|
setcookie( $cookieName ."_session_id", $session_id, $expireTime, "/" );
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Clears a user's cookie.
|
||
|
*
|
||
|
*/
|
||
|
function sb_clearCookie() {
|
||
|
global $cookieName;
|
||
|
|
||
|
// expire an hour ago
|
||
|
$expireTime = time() - 60 * 60;
|
||
|
|
||
|
setcookie( $cookieName ."_user_id", "", $expireTime, "/" );
|
||
|
setcookie( $cookieName ."_session_id", "", $expireTime, "/" );
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Gets the ID of the user that is logged in.
|
||
|
*
|
||
|
* @return the user ID, or "" if no user is logged in.
|
||
|
*/
|
||
|
function sb_getLoggedInUser() {
|
||
|
global $cookieName;
|
||
|
|
||
|
$cookie_user_id = "";
|
||
|
if( isset( $_COOKIE[ $cookieName ."_user_id" ] ) ) {
|
||
|
$cookie_user_id = $_COOKIE[ $cookieName ."_user_id" ];
|
||
|
}
|
||
|
$cookie_session_id = "";
|
||
|
if( isset( $_COOKIE[ $cookieName ."_session_id" ] ) ) {
|
||
|
$cookie_session_id = $_COOKIE[ $cookieName ."_session_id" ];
|
||
|
}
|
||
|
|
||
|
global $justLoggedOut;
|
||
|
|
||
|
if( ! $justLoggedOut &&
|
||
|
strcmp( $cookie_user_id, "" ) != 0 &&
|
||
|
strcmp( $cookie_session_id, "" ) != 0 &&
|
||
|
// some versions of IE change cookie value to "deleted" upon deletion
|
||
|
// instead of clearing the cookie
|
||
|
strcmp( $cookie_user_id, "deleted" ) != 0 &&
|
||
|
strcmp( $cookie_session_id, "deleted" ) != 0) {
|
||
|
|
||
|
// check that session ID matches ID in database
|
||
|
$trueSessionID = sb_getUserDatabaseField( $cookie_user_id, "session_id" );
|
||
|
|
||
|
|
||
|
// session ID in database is set and
|
||
|
// it matches the cookie session ID
|
||
|
if( strcmp( $trueSessionID, "" ) != 0 &&
|
||
|
strcmp( $trueSessionID, $cookie_session_id ) == 0 ) {
|
||
|
|
||
|
return $cookie_user_id;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// else
|
||
|
return "";
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Gets whether a user exists in the database.
|
||
|
*
|
||
|
* @param $user_id the user's ID.
|
||
|
*/
|
||
|
function sb_doesUserExist( $user_id ) {
|
||
|
global $tableNamePrefix;
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
$query = "SELECT * FROM $tableNamePrefix"."users " .
|
||
|
"WHERE user_id = '$user_id';";
|
||
|
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
|
||
|
$numRows = mysql_numrows( $result );
|
||
|
|
||
|
if( $numRows == 1 ) {
|
||
|
return 1;
|
||
|
}
|
||
|
else {
|
||
|
return 0;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Gets whether the currently logged-in user has administrator status.
|
||
|
*
|
||
|
* @return true if user is an admin, or false otherwise.
|
||
|
*/
|
||
|
function sb_isAdministrator() {
|
||
|
|
||
|
global $loggedInID;
|
||
|
if( strcmp( $loggedInID, "" ) == 0 ) {
|
||
|
// public can never edit
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
if( sb_getUserDatabaseField( $loggedInID, "administrator" ) == 1 ) {
|
||
|
// admins can always edit
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Gets the value of a user's field from the database.
|
||
|
*
|
||
|
* @param $user_id the user's ID.
|
||
|
* @param $fieldName the name of the field to get.
|
||
|
*/
|
||
|
function sb_getUserDatabaseField( $user_id, $fieldName ) {
|
||
|
global $tableNamePrefix;
|
||
|
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
$query = "SELECT $fieldName FROM $tableNamePrefix"."users " .
|
||
|
"WHERE user_id = '$user_id';";
|
||
|
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
|
||
|
$numRows = mysql_numrows( $result );
|
||
|
|
||
|
if( $numRows == 1 ) {
|
||
|
|
||
|
$fieldValue = mysql_result( $result, 0, $fieldName );
|
||
|
return $fieldValue;
|
||
|
}
|
||
|
else {
|
||
|
sb_fatalError(
|
||
|
"Could not get database field $fieldName for user $user_id" );
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Gets the value of a post's field from the database.
|
||
|
*
|
||
|
* @param $post_id the post's ID.
|
||
|
* @param $fieldName the name of the field to get.
|
||
|
*/
|
||
|
function sb_getPostDatabaseField( $post_id, $fieldName ) {
|
||
|
global $tableNamePrefix;
|
||
|
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
$query = "SELECT $fieldName FROM $tableNamePrefix"."posts " .
|
||
|
"WHERE post_id = '$post_id';";
|
||
|
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
|
||
|
$numRows = mysql_numrows( $result );
|
||
|
|
||
|
if( $numRows == 1 ) {
|
||
|
|
||
|
$fieldValue = mysql_result( $result, 0, $fieldName );
|
||
|
return $fieldValue;
|
||
|
}
|
||
|
else {
|
||
|
sb_fatalError(
|
||
|
"Could not get database field $fieldName for post $post_id" );
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Sets the value of a user's field in the database.
|
||
|
*
|
||
|
* @param $user_id the user's ID.
|
||
|
* @param $fieldName the name of the field to set.
|
||
|
* @param $fieldValue the value to set, or NULL to set the field to NULL.
|
||
|
* @param $autoQuote set to 1 to automatically add quotes to the fieldValue.
|
||
|
* Defaults to 1.
|
||
|
*/
|
||
|
function sb_setUserDatabaseField( $user_id, $fieldName, $fieldValue,
|
||
|
$autoQuote = 1 ) {
|
||
|
global $tableNamePrefix;
|
||
|
|
||
|
sb_connectToDatabase();
|
||
|
|
||
|
$fieldData = $fieldValue;
|
||
|
|
||
|
if( $autoQuote ) {
|
||
|
$fieldData = "'$fieldValue'";
|
||
|
}
|
||
|
|
||
|
if( $fieldValue == NULL ) {
|
||
|
$fieldData = "NULL";
|
||
|
}
|
||
|
|
||
|
$query =
|
||
|
"UPDATE $tableNamePrefix"."users SET $fieldName = $fieldData ".
|
||
|
"WHERE user_id = '$user_id';";
|
||
|
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
|
||
|
sb_closeDatabase();
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Strips any magically escaped quotes from a string.
|
||
|
*
|
||
|
* Deals with PHP magic quotes (either on or off) automatically in conjunction
|
||
|
* with this script's $use_magic_quotes variable.
|
||
|
*
|
||
|
* This function is useful for user-submitted strings that are *not* destined
|
||
|
* for the SQL database (for example, when setting cookies or displaying
|
||
|
* such strings to the user).
|
||
|
*
|
||
|
* @param the string to strip.
|
||
|
*
|
||
|
* @return the stripped string, with any escaped quotes fixed into normal
|
||
|
* quotes.
|
||
|
*/
|
||
|
function sb_stripMagicQuotes( $string ) {
|
||
|
global $use_magic_quotes;
|
||
|
if( $use_magic_quotes ) {
|
||
|
// magic quotes on
|
||
|
// need to strip slashes
|
||
|
return stripSlashes( $string );
|
||
|
}
|
||
|
else {
|
||
|
// magic quotes off
|
||
|
// do nothing
|
||
|
return $string;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Recursively applies the addslashes function to arrays of arrays.
|
||
|
* This effectively forces magic_quote escaping behavior, eliminating
|
||
|
* a slew of possible database security issues.
|
||
|
*
|
||
|
* @inValue the value or array to addslashes to.
|
||
|
*
|
||
|
* @return the value or array with slashes added.
|
||
|
*/
|
||
|
function sb_addslashes_deep( $inValue ) {
|
||
|
return
|
||
|
( is_array( $inValue )
|
||
|
? array_map( 'sb_addslashes_deep', $inValue )
|
||
|
: addslashes( $inValue ) );
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Recursively applies the stripslashes function to arrays of arrays.
|
||
|
* This effectively disables magic_quote escaping behavior.
|
||
|
*
|
||
|
* @inValue the value or array to stripslashes from.
|
||
|
*
|
||
|
* @return the value or array with slashes removed.
|
||
|
*/
|
||
|
function sb_stripslashes_deep( $inValue ) {
|
||
|
return
|
||
|
( is_array( $inValue )
|
||
|
? array_map( 'sb_stripslashes_deep', $inValue )
|
||
|
: stripslashes( $inValue ) );
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Gets the raw contents of a variable from the HTTP request. This will
|
||
|
* include escaped quotes if magic quotes are enabled.
|
||
|
*
|
||
|
* @param $inVariableName the name of the variable.
|
||
|
*
|
||
|
* @return the value of the variable.
|
||
|
*/
|
||
|
function sb_getRequestVariableRaw( $inVariableName ) {
|
||
|
return $_REQUEST[ $inVariableName ];
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Gets the filtered of a variable from the HTTP request. This will
|
||
|
* include escaped quotes if magic quotes are enabled.
|
||
|
* Example filtering behavior: HTML tags are removed.
|
||
|
*
|
||
|
* @param $inVariableName the name of the variable.
|
||
|
*
|
||
|
* @return the filtered value of the variable.
|
||
|
*/
|
||
|
function sb_getRequestVariableSafe( $inVariableName ) {
|
||
|
if( isset( $_REQUEST[ $inVariableName ] ) ) {
|
||
|
return strip_tags( $_REQUEST[ $inVariableName ] );
|
||
|
}
|
||
|
else {
|
||
|
return "";
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Counts the number of users in the database.
|
||
|
*
|
||
|
* @return the number of users.
|
||
|
*/
|
||
|
function sb_getUserCount() {
|
||
|
global $tableNamePrefix;
|
||
|
|
||
|
sb_connectToDatabase();
|
||
|
$result =
|
||
|
sb_queryDatabase( "SELECT COUNT(*) FROM $tableNamePrefix"."users;" );
|
||
|
$userCount = mysql_result( $result, 0, 0 );
|
||
|
sb_closeDatabase();
|
||
|
|
||
|
return $userCount;
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Tests whether the currently logged-in user can edit a post.
|
||
|
* Works even if no user is logged in.
|
||
|
*
|
||
|
* @param $inPostID the post ID to test edit powers for.
|
||
|
*
|
||
|
* @return true if editing is allowed, or false if editing is forbidden.
|
||
|
*/
|
||
|
function sb_canEdit( $inPostID ) {
|
||
|
|
||
|
global $loggedInID;
|
||
|
if( strcmp( $loggedInID, "" ) == 0 ) {
|
||
|
// public can never edit
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
if( sb_getUserDatabaseField( $loggedInID, "administrator" ) == 1 ) {
|
||
|
// admins can always edit
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
if( strcmp( $loggedInID,
|
||
|
sb_getPostDatabaseField( $inPostID, "user_id" ) ) == 0 ) {
|
||
|
// rest of users can only edit their own posts
|
||
|
return true;
|
||
|
}
|
||
|
else {
|
||
|
return false;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Tests whether a post is visible (approved, not removed, and not expired).
|
||
|
*
|
||
|
* Must be connected to database before calling.
|
||
|
*
|
||
|
* @param $inPostID the ID to check.
|
||
|
*
|
||
|
* @return true if visible, or false if not.
|
||
|
*/
|
||
|
function sb_isPostVisible( $inPostID ) {
|
||
|
global $tableNamePrefix;
|
||
|
$query =
|
||
|
"SELECT COUNT(*) " .
|
||
|
"FROM $tableNamePrefix"."posts " .
|
||
|
"WHERE approved = '1' AND removed = '0' ".
|
||
|
"AND post_id = '$inPostID' ".
|
||
|
"AND ( expiration_date > CURRENT_TIMESTAMP OR " .
|
||
|
"expiration_date IS NULL );";
|
||
|
|
||
|
$result = sb_queryDatabase( $query );
|
||
|
|
||
|
if( mysql_result( $result, 0, 0 ) == 1 ) {
|
||
|
return true;
|
||
|
}
|
||
|
else {
|
||
|
return false;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Gets the full URL that was called to invoke this script, including
|
||
|
* all GET query parameters.
|
||
|
*
|
||
|
* @return the full return URL.
|
||
|
*/
|
||
|
function sb_getReturnURL() {
|
||
|
$return_url =
|
||
|
"http://" . $_SERVER['HTTP_HOST'] . $_SERVER[ "SCRIPT_NAME" ];
|
||
|
|
||
|
$queryString = $_SERVER[ "QUERY_STRING" ];
|
||
|
if( strcmp( $queryString, "" ) != 0 ) {
|
||
|
$return_url = $return_url . "?" . $_SERVER[ "QUERY_STRING" ];
|
||
|
}
|
||
|
return $return_url;
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Strips HTML tags from data, preparing them for presentation as pure
|
||
|
* text in the browser.
|
||
|
*
|
||
|
* This function written by Noah Medling <noah.medling@gmail.com> as part
|
||
|
* of RCBlog.
|
||
|
*
|
||
|
* @param $inData the data to strip.
|
||
|
*
|
||
|
* @return the stripped data.
|
||
|
*/
|
||
|
function sb_rcb_striphtml( $inData ){
|
||
|
$patterns = array( '/</', '/>/', '/"/' );
|
||
|
$replace = array( '<', '>', '"' );
|
||
|
return preg_replace( $patterns, $replace, $inData );
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
/**
|
||
|
* Renders text containing BBCode as HTML for presentation in a browser.
|
||
|
*
|
||
|
* This function written by Noah Medling <noah.medling@gmail.com> as part
|
||
|
* of RCBlog.
|
||
|
*
|
||
|
* @param $inData the data to convert.
|
||
|
*
|
||
|
* @return the stripped data.
|
||
|
*/
|
||
|
function sb_rcb_blog2html( $inData ){
|
||
|
$patterns = array(
|
||
|
"@(\r\n|\r|\n)?\\[\\*\\](\r\n|\r|\n)?(.*?)(?=(\\[\\*\\])|(\\[/list\\]))@si",
|
||
|
|
||
|
// [b][/b], [i][/i], [u][/u], [mono][/mono]
|
||
|
"@\\[b\\](.*?)\\[/b\\]@si",
|
||
|
"@\\[i\\](.*?)\\[/i\\]@si",
|
||
|
"@\\[u\\](.*?)\\[/u\\]@si",
|
||
|
"@\\[mono\\](.*?)\\[/mono\\]@si",
|
||
|
|
||
|
// [color=][/color], [size=][/size]
|
||
|
"@\\[color=([^\\]\r\n]*)\\](.*?)\\[/color\\]@si",
|
||
|
"@\\[size=([0-9]+)\\](.*?)\\[/size\\]@si",
|
||
|
|
||
|
// [quote=][/quote], [quote][/quote], [code][/code]
|
||
|
"@\\[quote="([^\r\n]*)"\\](\r\n|\r|\n)*(.*?)(\r\n|\r|\n)*\\[/quote\\](\r\n|\r|\n)?@si",
|
||
|
"@\\[quote\\](\r\n|\r|\n)*(.*?)(\r\n|\r|\n)*\\[/quote\\](\r\n|\r|\n)?@si",
|
||
|
"@\\[code\\](\r\n|\r|\n)*(.*?)(\r\n|\r|\n)*\\[/code\\](\r\n|\r|\n)?@si",
|
||
|
|
||
|
// [center][/center], [right][/right], [justify][/justify],
|
||
|
// [centerblock][/centerblock] (centers a left-aligned block of text)
|
||
|
"@\\[center\\](\r\n|\r|\n)?(.*?)(\r\n|\r|\n)?\\[/center\\](\r\n|\r|\n)?@si",
|
||
|
"@\\[right\\](\r\n|\r|\n)?(.*?)(\r\n|\r|\n)?\\[/right\\](\r\n|\r|\n)?@si",
|
||
|
"@\\[justify\\](\r\n|\r|\n)?(.*?)(\r\n|\r|\n)?\\[/justify\\](\r\n|\r|\n)?@si",
|
||
|
"@\\[centerblock\\](\r\n|\r|\n)?(.*?)(\r\n|\r|\n)?\\[/centerblock\\](\r\n|\r|\n)?@si",
|
||
|
|
||
|
// [list][*][/list], [list=][*][/list]
|
||
|
"@\\[list\\](\r\n|\r|\n)*(.*?)(\r\n|\r|\n)*\\[/list\\](\r\n|\r|\n)?@si",
|
||
|
"@\\[list=1\\](\r\n|\r|\n)*(.*?)(\r\n|\r|\n)*\\[/list\\](\r\n|\r|\n)?@si",
|
||
|
"@\\[list=a\\](\r\n|\r|\n)*(.*?)(\r\n|\r|\n)*\\[/list\\](\r\n|\r|\n)?@si",
|
||
|
"@\\[list=A\\](\r\n|\r|\n)*(.*?)(\r\n|\r|\n)*\\[/list\\](\r\n|\r|\n)?@si",
|
||
|
"@\\[list=i\\](\r\n|\r|\n)*(.*?)(\r\n|\r|\n)*\\[/list\\](\r\n|\r|\n)?@si",
|
||
|
"@\\[list=I\\](\r\n|\r|\n)*(.*?)(\r\n|\r|\n)*\\[/list\\](\r\n|\r|\n)?@si",
|
||
|
// "@(\r\n|\r|\n)?\\[\\*\\](\r\n|\r|\n)?([^\\[]*)@si",
|
||
|
|
||
|
// [url=][/url], [url][/url], [email][/email]
|
||
|
"@\\[url=([^\\]\r\n]+)\\](.*?)\\[/url\\]@si",
|
||
|
"@\\[url\\](.*?)\\[/url\\]@si",
|
||
|
"@\\[urls=([^\\]\r\n]+)\\](.*?)\\[/urls\\]@si",
|
||
|
"@\\[urls\\](.*?)\\[/urls\\]@si",
|
||
|
"@\\[email\\](.*?)\\[/email\\]@si",
|
||
|
"@\\[a=([^\\]\r\n]+)\\]@si",
|
||
|
|
||
|
// [img][/img], [img=][/img], [clear]
|
||
|
"@\\[img\\](.*?)\\[/img\\](\r\n|\r|\n)?@si",
|
||
|
"@\\[imgl\\](.*?)\\[/imgl\\](\r\n|\r|\n)?@si",
|
||
|
"@\\[imgr\\](.*?)\\[/imgr\\](\r\n|\r|\n)?@si",
|
||
|
"@\\[img=([^\\]\r\n]+)\\](.*?)\\[/img\\](\r\n|\r|\n)?@si",
|
||
|
"@\\[imgl=([^\\]\r\n]+)\\](.*?)\\[/imgl\\](\r\n|\r|\n)?@si",
|
||
|
"@\\[imgr=([^\\]\r\n]+)\\](.*?)\\[/imgr\\](\r\n|\r|\n)?@si",
|
||
|
"@\\[clear\\](\r\n|\r|\n)?@si",
|
||
|
|
||
|
// [hr], \n
|
||
|
"@\\[hr\\](\r\n|\r|\n)?@si",
|
||
|
"@(\r\n|\r|\n)@");
|
||
|
|
||
|
$replace = array(
|
||
|
'<li>$3</li>',
|
||
|
|
||
|
// [b][/b], [i][/i], [u][/u], [mono][/mono]
|
||
|
'<b>$1</b>',
|
||
|
'<i>$1</i>',
|
||
|
'<span style="text-decoration:underline">$1</span>',
|
||
|
'<span class="mono">$1</span>',
|
||
|
|
||
|
// [color=][/color], [size=][/size]
|
||
|
'<span style="color:$1">$2</span>',
|
||
|
'<span style="font-size:$1px">$2</span>',
|
||
|
|
||
|
// [quote][/quote], [code][/code]
|
||
|
'<div class="quote"><span style="font-size:0.9em;font-style:italic">$1 wrote:<br /><br /></span>$3</div>',
|
||
|
'<div class="quote">$2</div>',
|
||
|
'<div class="code">$2</div>',
|
||
|
|
||
|
// [center][/center], [right][/right], [justify][/justify],
|
||
|
// [centerblock][/centerblock]
|
||
|
'<div style="text-align:center">$2</div>',
|
||
|
'<div style="text-align:right">$2</div>',
|
||
|
'<div style="text-align:justify">$2</div>',
|
||
|
'<CENTER><TABLE BORDER=0><TR><TD>$2</TD></TR></TABLE></CENTER>',
|
||
|
|
||
|
// [list][*][/list], [list=][*][/list]
|
||
|
'<ul>$2</ul>',
|
||
|
'<ol style="list-style-type:decimal">$2</ol>',
|
||
|
'<ol style="list-style-type:lower-alpha">$2</ol>',
|
||
|
'<ol style="list-style-type:upper-alpha">$2</ol>',
|
||
|
'<ol style="list-style-type:lower-roman">$2</ol>',
|
||
|
'<ol style="list-style-type:upper-roman">$2</ol>',
|
||
|
// '<li />',
|
||
|
|
||
|
// [url=][/url], [url][/url], [email][/email]
|
||
|
'<a href="$1" rel="external">$2</a>',
|
||
|
'<a href="$1" rel="external">$1</a>',
|
||
|
'<a href="$1">$2</a>',
|
||
|
'<a href="$1">$1</a>',
|
||
|
'<a href="mailto:$1">$1</a>',
|
||
|
'<a name="$1"></a>',
|
||
|
|
||
|
// [img][/img], [img=][/img], [clear]
|
||
|
'<img border=0 src="$1" alt="$1" />',
|
||
|
'<img border=0 align="left" src="$1" alt="$1" />',
|
||
|
'<img border=0 align="right" src="$1" alt="$1" />',
|
||
|
'<img border=0 src="$1" alt="$2" title="$2" />',
|
||
|
'<img border=0 align="left" src="$1" alt="$2" title="$2" />',
|
||
|
'<img border=0 align="right" src="$1" alt="$2" title="$2" />',
|
||
|
'<div style="clear:both"></div>',
|
||
|
|
||
|
// [hr], \n
|
||
|
'<hr />',
|
||
|
'<br />');
|
||
|
return preg_replace($patterns, $replace, sb_rcb_striphtml( $inData ) );
|
||
|
}
|
||
|
|
||
|
|
||
|
?>
|