Display the number of stories in the current topic in the Topic Editor (feature request #0000806)
3 /* Reminder: always indent with 4 spaces (no tabs). */
4 // +---------------------------------------------------------------------------+
6 // +---------------------------------------------------------------------------+
9 // | Geeklog topic administration page. |
10 // +---------------------------------------------------------------------------+
11 // | Copyright (C) 2000-2009 by the following authors: |
13 // | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
14 // | Mark Limburg - mlimburg AT users DOT sourceforge DOT net |
15 // | Jason Whittenburg - jwhitten AT securitygeeks DOT com |
16 // | Dirk Haun - dirk AT haun-online DOT de |
17 // +---------------------------------------------------------------------------+
19 // | This program is free software; you can redistribute it and/or |
20 // | modify it under the terms of the GNU General Public License |
21 // | as published by the Free Software Foundation; either version 2 |
22 // | of the License, or (at your option) any later version. |
24 // | This program is distributed in the hope that it will be useful, |
25 // | but WITHOUT ANY WARRANTY; without even the implied warranty of |
26 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
27 // | GNU General Public License for more details. |
29 // | You should have received a copy of the GNU General Public License |
30 // | along with this program; if not, write to the Free Software Foundation, |
31 // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
33 // +---------------------------------------------------------------------------+
35 require_once '../lib-common.php';
36 require_once 'auth.inc.php';
37 require_once $_CONF['path_system'] . 'lib-story.php';
41 if (!SEC_hasRights('topic.edit')) {
42 $display .= COM_siteHeader('menu', $MESSAGE[30])
43 . COM_showMessageText($MESSAGE[29], $MESSAGE[30])
45 COM_accessLog("User {$_USER['username']} tried to illegally access the topic administration screen.");
50 // Uncomment the line below if you need to debug the HTTP variables being passed
51 // to the script. This will sometimes cause errors but it will allow you to see
52 // the data being passed in a POST operation
53 // echo COM_debug($_POST);
56 * Show topic administration form
58 * @param string tid ID of topic to edit
59 * @return string HTML for the topic editor
62 function edittopic ($tid = '')
64 global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG27, $LANG_ACCESS,
65 $LANG_ADMIN, $MESSAGE;
70 // new topic - set defaults
75 $A['limitnews'] = ''; // leave empty!
77 $A['archive_flag'] = 0;
79 $result = DB_query("SELECT * FROM {$_TABLES['topics']} WHERE tid ='$tid'");
80 $A = DB_fetchArray($result);
81 $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']);
82 if ($access == 0 OR $access == 2) {
83 $retval .= COM_startBlock ($LANG27[12], '',
84 COM_getBlockTemplate ('_msg_block', 'header'));
85 $retval .= $LANG27[13];
86 $retval .= COM_endBlock(COM_getBlockTemplate ('_msg_block', 'footer'));
87 COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic $tid.");
92 $retval .= COM_startBlock ($LANG27[1], '',
93 COM_getBlockTemplate ('_admin_block', 'header'));
94 if (!is_array ($A) || empty ($A['owner_id'])) {
95 $A['owner_id'] = $_USER['uid'];
97 // this is the one instance where we default the group
98 // most topics should belong to the Topic Admin group
99 if (isset ($_GROUPS['Topic Admin'])) {
100 $A['group_id'] = $_GROUPS['Topic Admin'];
102 $A['group_id'] = SEC_getFeatureGroup ('topic.edit');
104 SEC_setDefaultPermissions ($A, $_CONF['default_permissions_topic']);
107 $topic_templates = new Template($_CONF['path_layout'] . 'admin/topic');
108 $topic_templates->set_file('editor','topiceditor.thtml');
109 $topic_templates->set_var( 'xhtml', XHTML );
110 $topic_templates->set_var('site_url', $_CONF['site_url']);
111 $topic_templates->set_var('site_admin_url', $_CONF['site_admin_url']);
112 $topic_templates->set_var('layout_url', $_CONF['layout_url']);
113 if (!empty($tid) && SEC_hasRights('topic.edit')) {
114 $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete']
115 . '" name="mode"%s' . XHTML . '>';
116 $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
117 $topic_templates->set_var('delete_option',
118 sprintf($delbutton, $jsconfirm));
119 $topic_templates->set_var('delete_option_no_confirmation',
120 sprintf($delbutton, ''));
121 $topic_templates->set_var('warning_msg', $LANG27[6]);
123 $topic_templates->set_var('lang_topicid', $LANG27[2]);
124 $topic_templates->set_var('topic_id', $A['tid']);
125 $topic_templates->set_var('lang_donotusespaces', $LANG27[5]);
126 $topic_templates->set_var('lang_accessrights',$LANG_ACCESS['accessrights']);
127 $topic_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
128 $ownername = COM_getDisplayName ($A['owner_id']);
129 $topic_templates->set_var('owner_username', DB_getItem ($_TABLES['users'],
130 'username', "uid = {$A['owner_id']}"));
131 $topic_templates->set_var('owner_name', $ownername);
132 $topic_templates->set_var('owner', $ownername);
133 $topic_templates->set_var('owner_id', $A['owner_id']);
134 $topic_templates->set_var('lang_group', $LANG_ACCESS['group']);
135 $topic_templates->set_var('lang_save', $LANG_ADMIN['save']);
136 $topic_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
137 $topic_templates->set_var('group_dropdown',
138 SEC_getGroupDropdown ($A['group_id'], $access));
139 $topic_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
140 $topic_templates->set_var('lang_permissions_key', $LANG_ACCESS['permissionskey']);
141 $topic_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
142 $topic_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']);
143 $topic_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
144 $topic_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']));
146 // show sort order only if they specified sortnum as the sort method
147 if ($_CONF['sortmethod'] <> 'alpha') {
148 $topic_templates->set_var('lang_sortorder', $LANG27[10]);
149 if ($A['sortnum'] == 0) {
152 $topic_templates->set_var('sort_order', '<input type="text" size="3" maxlength="3" name="sortnum" value="' . $A['sortnum'] . '"' . XHTML . '>');
154 $topic_templates->set_var('lang_sortorder', $LANG27[14]);
155 $topic_templates->set_var('sort_order', $LANG27[15]);
157 $topic_templates->set_var('lang_storiesperpage', $LANG27[11]);
158 if ($A['limitnews'] == 0) {
159 $topic_templates->set_var('story_limit', '');
161 $topic_templates->set_var('story_limit', $A['limitnews']);
163 $topic_templates->set_var('default_limit', $_CONF['limitnews']);
164 $topic_templates->set_var('lang_defaultis', $LANG27[16]);
165 $topic_templates->set_var('lang_topicname', $LANG27[3]);
166 $topic_templates->set_var('topic_name', stripslashes ($A['topic']));
167 if (empty($A['tid'])) {
168 $A['imageurl'] = '/images/topics/';
170 $topic_templates->set_var('lang_topicimage', $LANG27[4]);
171 $topic_templates->set_var('lang_uploadimage', $LANG27[27]);
172 $topic_templates->set_var('icon_dimensions', $_CONF['max_topicicon_width'].' x '.$_CONF['max_topicicon_height']);
173 $topic_templates->set_var('lang_maxsize', $LANG27[28]);
174 $topic_templates->set_var('max_url_length', 255);
175 $topic_templates->set_var('image_url', $A['imageurl']);
177 $topic_templates->set_var('lang_metadescription',
178 $LANG_ADMIN['meta_description']);
179 $topic_templates->set_var('lang_metakeywords',
180 $LANG_ADMIN['meta_keywords']);
182 if (! empty($A['meta_description'])) {
183 $desc = $A['meta_description'];
186 if (! empty($A['meta_keywords'])) {
187 $keywords = $A['meta_keywords'];
189 $topic_templates->set_var('meta_description', $desc);
190 $topic_templates->set_var('meta_keywords', $keywords);
192 $topic_templates->set_var ('lang_defaulttopic', $LANG27[22]);
193 $topic_templates->set_var ('lang_defaulttext', $LANG27[23]);
194 if ($A['is_default'] == 1) {
195 $topic_templates->set_var ('default_checked', 'checked="checked"');
197 $topic_templates->set_var ('default_checked', '');
200 $topic_templates->set_var ('lang_archivetopic', $LANG27[25]);
201 $topic_templates->set_var ('lang_archivetext', $LANG27[26]);
202 $topic_templates->set_var ('archive_disabled', '');
203 if ($A['archive_flag'] == 1) {
204 $topic_templates->set_var ('archive_checked', 'checked="checked"');
206 $topic_templates->set_var ('archive_checked', '');
207 // Only 1 topic can be the archive topic - so check if there already is one
208 if (DB_count($_TABLES['topics'], 'archive_flag', '1') > 0) {
209 $topic_templates->set_var ('archive_disabled', 'disabled');
214 $num_stories = $LANG_ADMIN['na'];
216 $nresult = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE tid = '" . addslashes($tid) . "'" . COM_getPermSql('AND'));
217 $N = DB_fetchArray( $nresult );
218 $num_stories = $N['count'];
221 $topic_templates->set_var('lang_num_stories', $LANG27[30]);
222 $topic_templates->set_var('num_stories', $num_stories);
223 $topic_templates->set_var('gltoken_name', CSRF_TOKEN);
224 $topic_templates->set_var('gltoken', SEC_createToken());
225 $topic_templates->parse('output', 'editor');
226 $retval .= $topic_templates->finish($topic_templates->get_var('output'));
227 $retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer'));
233 * Save topic to the database
235 * @param string $tid Topic ID
236 * @param string $topic Name of topic (what the user sees)
237 * @param string $imageurl (partial) URL to topic image
238 * @param string $meta_description Topic meta description
239 * @param string $meta_keywords Topic meta keywords
240 * @param int $sortnum number for sort order in "Topics" block
241 * @param int $limitnews number of stories per page for this topic
242 * @param int $owner_id ID of owner
243 * @param int $group_id ID of group topic belongs to
244 * @param int $perm_owner Permissions the owner has
245 * @param int $perm_group Permissions the group has
246 * @param int $perm_member Permissions members have
247 * @param int $perm_anon Permissions anonymous users have
248 * @param string $is_default 'on' if this is the default topic
249 * @param string $is_archive 'on' if this is the archive topic
250 * @return string HTML redirect or error message
252 function savetopic($tid,$topic,$imageurl,$meta_description, $meta_keywords,$sortnum,$limitnews,$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon,$is_default,$is_archive)
254 global $_CONF, $_TABLES, $LANG27, $MESSAGE;
258 // Convert array values to numeric permission values
259 list($perm_owner,$perm_group,$perm_members,$perm_anon) = SEC_getPermissionValues($perm_owner,$perm_group,$perm_members,$perm_anon);
261 $tid = COM_sanitizeID ($tid);
264 if (DB_count ($_TABLES['topics'], 'tid', $tid) > 0) {
265 $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'");
266 $A = DB_fetchArray ($result);
267 $access = SEC_hasAccess ($A['owner_id'], $A['group_id'],
268 $A['perm_owner'], $A['perm_group'], $A['perm_members'],
271 $access = SEC_hasAccess ($owner_id, $group_id, $perm_owner, $perm_group,
272 $perm_members, $perm_anon);
274 if (($access < 3) || !SEC_inGroup($group_id)) {
275 $retval .= COM_siteHeader('menu', $MESSAGE[30])
276 . COM_showMessageText($MESSAGE[29], $MESSAGE[30])
278 COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic $tid.");
279 } elseif (!empty($tid) && !empty($topic)) {
280 if ($imageurl == '/images/topics/') {
283 $topic = addslashes($topic);
284 $meta_description = addslashes(strip_tags($meta_description));
285 $meta_keywords = addslashes(strip_tags($meta_keywords));
287 if ($is_default == 'on') {
289 DB_query ("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1");
294 $is_archive = ($is_archive == 'on') ? 1 : 0;
296 $archivetid = DB_getItem ($_TABLES['topics'], 'tid', "archive_flag=1");
298 // $tid is the archive topic
299 // - if it wasn't already, mark all its stories "archived" now
300 if ($archivetid != $tid) {
301 DB_query ("UPDATE {$_TABLES['stories']} SET featured = 0, frontpage = 0, statuscode = " . STORY_ARCHIVE_ON_EXPIRE . " WHERE tid = '$tid'");
302 DB_query ("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1");
305 // $tid is not the archive topic
306 // - if it was until now, reset the "archived" status of its stories
307 if ($archivetid == $tid) {
308 DB_query ("UPDATE {$_TABLES['stories']} SET statuscode = 0 WHERE tid = '$tid'");
309 DB_query ("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1");
313 DB_save($_TABLES['topics'],'tid, topic, imageurl, meta_description, meta_keywords, sortnum, limitnews, is_default, archive_flag, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon',"'$tid', '$topic', '$imageurl', '$meta_description', '$meta_keywords','$sortnum','$limitnews',$is_default,'$is_archive',$owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon");
315 // update feed(s) and Older Stories block
316 COM_rdfUpToDateCheck('article', $tid);
319 $retval = COM_refresh ($_CONF['site_admin_url'] . '/topic.php?msg=13');
321 $retval .= COM_siteHeader('menu', $LANG27[1]);
322 $retval .= COM_errorLog($LANG27[7], 2);
323 $retval .= COM_siteFooter();
330 * Displays a list of topics
332 * Lists all the topics and their icons.
334 * @return string HTML for the topic list
337 function listtopics()
339 global $_CONF, $_TABLES, $LANG27, $LANG_ACCESS, $LANG_ADMIN;
341 require_once( $_CONF['path_system'] . 'lib-admin.php' );
345 $retval .= COM_startBlock ($LANG27[8], '',
346 COM_getBlockTemplate ('_admin_block', 'header'));
348 $topic_templates = new Template($_CONF['path_layout'] . 'admin/topic');
349 $topic_templates->set_file(array('list'=>'topiclist.thtml', 'item'=>'listitem.thtml'));
350 $topic_templates->set_var( 'xhtml', XHTML );
351 $topic_templates->set_var('site_url', $_CONF['site_url']);
352 $topic_templates->set_var('site_admin_url', $_CONF['site_admin_url']);
353 $topic_templates->set_var('layout_url', $_CONF['layout_url']);
354 $topic_templates->set_var('lang_newtopic', $LANG_ADMIN['create_new']);
355 $topic_templates->set_var('lang_adminhome', $LANG27[18]);
356 $topic_templates->set_var('lang_instructions', $LANG27[9]);
357 $topic_templates->set_var('begin_row', '<tr align="center" valign="bottom">');
359 $result = DB_query("SELECT * FROM {$_TABLES['topics']}");
360 $nrows = DB_numRows($result);
364 array('url' => $_CONF['site_admin_url'] . '/topic.php?mode=edit',
365 'text' => $LANG_ADMIN['create_new']),
366 array('url' => $_CONF['site_admin_url'],
367 'text' => $LANG_ADMIN['admin_home']));
368 $menu = ADMIN_createMenu(
371 $_CONF['layout_url'] . "/images/icons/topic.png"
373 $topic_templates->set_var('top_menu', $menu);
375 for ($i = 0; $i < $nrows; $i++) {
376 $A = DB_fetchArray($result);
378 $access = SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],$A['perm_group'],$A['perm_members'],$A['perm_anon']);
382 $access = $LANG_ACCESS['edit'];
384 $access = $LANG_ACCESS['readonly'];
387 $topic_templates->set_var('topic_id', $A['tid']);
388 $topic_templates->set_var('topic_name', stripslashes ($A['topic']));
389 $topic_templates->set_var('topic_access', $access);
390 if ($A['is_default'] == 1) {
391 $topic_templates->set_var ('default_topic', $LANG27[24]);
393 $topic_templates->set_var ('default_topic', '');
395 if (empty ($A['imageurl'])) {
396 $topic_templates->set_var ('image_tag', '');
398 $imageurl = COM_getTopicImageUrl ($A['imageurl']);
399 $topic_templates->set_var ('image_tag', '<img src="' . $imageurl
400 . '" alt=""' . XHTML . '>');
404 $topic_templates->set_var('end_row','</tr>');
405 $topic_templates->parse('list_row','item',true);
406 $topic_templates->set_var('begin_row','<tr align="center" valign="bottom">');
408 if ($i == $nrows - 1) {
409 $topic_templates->set_var('end_row','</tr>');
411 $topic_templates->set_var('end_row','');
414 $topic_templates->parse('list_row','item',true);
415 $topic_templates->set_var('begin_row','');
416 $counter = $counter + 1;
420 $topic_templates->parse('output', 'list');
421 $retval .= $topic_templates->finish($topic_templates->get_var('output'));
422 $retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer'));
430 * @param string $tid Topic ID
431 * @return string HTML redirect
434 function deleteTopic ($tid)
436 global $_CONF, $_TABLES, $_USER;
438 $result = DB_query ("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid ='$tid'");
439 $A = DB_fetchArray ($result);
440 $access = SEC_hasAccess ($A['owner_id'], $A['group_id'], $A['perm_owner'],
441 $A['perm_group'], $A['perm_members'], $A['perm_anon']);
443 COM_accessLog ("User {$_USER['username']} tried to illegally delete topic $tid.");
444 return COM_refresh ($_CONF['site_admin_url'] . '/topic.php');
447 // don't delete topic blocks - assign them to 'all' and disable them
448 DB_query ("UPDATE {$_TABLES['blocks']} SET tid = 'all', is_enabled = 0 WHERE tid = '$tid'");
451 DB_query ("UPDATE {$_TABLES['syndication']} SET topic = '::all', is_enabled = 0 WHERE topic = '$tid'");
453 // delete comments, trackbacks, images associated with stories in this topic
454 $result = DB_query ("SELECT sid FROM {$_TABLES['stories']} WHERE tid = '$tid'");
455 $numStories = DB_numRows($result);
456 for ($i = 0; $i < $numStories; $i++) {
457 $A = DB_fetchArray($result);
458 STORY_deleteImages($A['sid']);
459 DB_delete($_TABLES['comments'], array('sid', 'type'),
460 array($A['sid'], 'article'));
461 DB_delete($_TABLES['trackback'], array('sid', 'type'),
462 array($A['sid'], 'article'));
466 DB_delete($_TABLES['stories'], 'tid', $tid);
467 DB_delete($_TABLES['storysubmission'], 'tid', $tid);
468 DB_delete($_TABLES['topics'], 'tid', $tid);
470 // update feed(s) and Older Stories block
471 COM_rdfUpToDateCheck('article');
474 return COM_refresh ($_CONF['site_admin_url'] . '/topic.php?msg=14');
478 * Upload new topic icon, replaces previous icon if one exists
480 * @param string tid ID of topic to prepend to filename
481 * @return string filename of new photo (empty = no new photo)
484 function handleIconUpload($tid)
486 global $_CONF, $_TABLES, $LANG27;
488 require_once ($_CONF['path_system'] . 'classes/upload.class.php');
490 $upload = new upload();
491 if (!empty ($_CONF['image_lib'])) {
492 if ($_CONF['image_lib'] == 'imagemagick') {
494 $upload->setMogrifyPath ($_CONF['path_to_mogrify']);
495 } elseif ($_CONF['image_lib'] == 'netpbm') {
497 $upload->setNetPBM ($_CONF['path_to_netpbm']);
498 } elseif ($_CONF['image_lib'] == 'gdlib') {
499 // using the GD library
500 $upload->setGDLib ();
502 $upload->setAutomaticResize (true);
503 if (isset ($_CONF['debug_image_upload']) &&
504 $_CONF['debug_image_upload']) {
505 $upload->setLogFile ($_CONF['path'] . 'logs/error.log');
506 $upload->setDebug (true);
508 if (isset($_CONF['jpeg_quality'])) {
509 $upload->setJpegQuality($_CONF['jpeg_quality']);
512 $upload->setAllowedMimeTypes (array ('image/gif' => '.gif',
513 'image/jpeg' => '.jpg,.jpeg',
514 'image/pjpeg' => '.jpg,.jpeg',
515 'image/x-png' => '.png',
516 'image/png' => '.png'
518 if (!$upload->setPath ($_CONF['path_images'] . 'topics')) {
519 $display = COM_siteHeader ('menu', $LANG27[29]);
520 $display .= COM_startBlock ($LANG27[29], '',
521 COM_getBlockTemplate ('_msg_block', 'header'));
522 $display .= $upload->printErrors (false);
523 $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block',
525 $display .= COM_siteFooter ();
526 COM_output($display);
527 exit; // don't return
532 // see if user wants to upload a (new) icon
533 $newicon = $_FILES['newicon'];
534 if (!empty ($newicon['name'])) {
535 $pos = strrpos ($newicon['name'], '.') + 1;
536 $fextension = substr ($newicon['name'], $pos);
537 $filename = 'topic_' . $tid . '.' . $fextension;
541 if (!empty ($filename)) {
542 $upload->setFileNames ($filename);
543 $upload->setPerms ('0644');
544 if (($_CONF['max_topicicon_width'] > 0) &&
545 ($_CONF['max_topicicon_height'] > 0)) {
546 $upload->setMaxDimensions ($_CONF['max_topicicon_width'],
547 $_CONF['max_topicicon_height']);
549 $upload->setMaxDimensions ($_CONF['max_image_width'],
550 $_CONF['max_image_height']);
552 if ($_CONF['max_topicicon_size'] > 0) {
553 $upload->setMaxFileSize($_CONF['max_topicicon_size']);
555 $upload->setMaxFileSize($_CONF['max_image_size']);
557 $upload->uploadFiles ();
559 if ($upload->areErrors ()) {
560 $display = COM_siteHeader ('menu', $LANG27[29]);
561 $display .= COM_startBlock ($LANG27[29], '',
562 COM_getBlockTemplate ('_msg_block', 'header'));
563 $display .= $upload->printErrors (false);
564 $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block',
566 $display .= COM_siteFooter ();
567 COM_output($display);
568 exit; // don't return
570 $filename = '/images/topics/' . $filename;
581 if (isset ($_REQUEST['mode'])) {
582 $mode = $_REQUEST['mode'];
585 if (($mode == $LANG_ADMIN['delete']) && !empty ($LANG_ADMIN['delete'])) {
586 $tid = COM_applyFilter ($_POST['tid']);
587 if (!isset ($tid) || empty ($tid)) {
588 COM_errorLog ('Attempted to delete topic tid=' . $tid);
589 $display .= COM_refresh ($_CONF['site_admin_url'] . '/topic.php');
590 } elseif (SEC_checkToken()) {
591 $display .= deleteTopic($tid);
593 COM_accessLog("User {$_USER['username']} tried to illegally delete topic $tid and failed CSRF checks.");
594 echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
596 } elseif (($mode == $LANG_ADMIN['save']) && !empty($LANG_ADMIN['save']) && SEC_checkToken()) {
597 if (empty ($_FILES['newicon']['name'])){
598 $imageurl = COM_applyFilter ($_POST['imageurl']);
600 $imageurl = handleIconUpload($_POST['tid']);
601 $imageurl = COM_applyFilter ($imageurl);
604 if (isset($_POST['is_default'])) {
605 $is_default = $_POST['is_default'];
608 if (isset($_POST['is_archive'])) {
609 $is_archive = $_POST['is_archive'];
611 $display .= savetopic (COM_applyFilter ($_POST['tid']), $_POST['topic'],
612 $imageurl, $_POST['meta_description'], $_POST['meta_keywords'],
613 COM_applyFilter ($_POST['sortnum'], true),
614 COM_applyFilter ($_POST['limitnews'], true),
615 COM_applyFilter ($_POST['owner_id'], true),
616 COM_applyFilter ($_POST['group_id'], true),
617 $_POST['perm_owner'], $_POST['perm_group'],
618 $_POST['perm_members'], $_POST['perm_anon'],
619 $is_default, $is_archive);
620 } else if ($mode == 'edit') {
621 $display .= COM_siteHeader('menu', $LANG27[1]);
623 if (isset($_GET['tid'])) {
624 $tid = COM_applyFilter($_GET['tid']);
626 $display .= edittopic($tid);
627 $display .= COM_siteFooter();
628 } else { // 'cancel' or no mode at all
629 $display .= COM_siteHeader('menu', $LANG27[8]);
630 $display .= COM_showMessageFromParameter();
631 $display .= listtopics();
632 $display .= COM_siteFooter();
635 COM_output($display);