When a Story Admin did not have permission to edit a story, Geeklog threw a "call to a member function on a non-object" error when trying to display a proper "access denied" message (reported by Chase and Cesar)
3 /* Reminder: always indent with 4 spaces (no tabs). */
4 // +---------------------------------------------------------------------------+
6 // +---------------------------------------------------------------------------+
9 // | Geeklog story administration page. |
10 // +---------------------------------------------------------------------------+
11 // | Copyright (C) 2000-2009 by the following authors: |
13 // | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
14 // | Mark Limburg - mlimburg AT users DOT sourceforge DOT net |
15 // | Jason Whittenburg - jwhitten AT securitygeeks DOT com |
16 // | Dirk Haun - dirk AT haun-online DOT de |
17 // +---------------------------------------------------------------------------+
19 // | This program is free software; you can redistribute it and/or |
20 // | modify it under the terms of the GNU General Public License |
21 // | as published by the Free Software Foundation; either version 2 |
22 // | of the License, or (at your option) any later version. |
24 // | This program is distributed in the hope that it will be useful, |
25 // | but WITHOUT ANY WARRANTY; without even the implied warranty of |
26 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
27 // | GNU General Public License for more details. |
29 // | You should have received a copy of the GNU General Public License |
30 // | along with this program; if not, write to the Free Software Foundation, |
31 // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
33 // +---------------------------------------------------------------------------+
36 * This is the Geeklog story administration page.
38 * @author Jason Whittenburg
39 * @author Tony Bibbs, tony AT tonybibbs DOT com
44 * Geeklog common function library
46 require_once '../lib-common.php';
47 require_once $_CONF['path_system'] . 'lib-story.php';
50 * Security check to ensure user even belongs on this page
52 require_once 'auth.inc.php';
54 // Set this to true if you want to have this code output debug messages to
56 $_STORY_VERBOSE = false;
60 if (!SEC_hasRights('story.edit')) {
61 $display .= COM_siteHeader('menu', $MESSAGE[30])
62 . COM_showMessageText($MESSAGE[29], $MESSAGE[30])
64 COM_accessLog("User {$_USER['username']} tried to illegally access the story administration screen.");
70 // Uncomment the line below if you need to debug the HTTP variables being passed
71 // to the script. This will sometimes cause errors but it will allow you to see
72 // the data being passed in a POST operation
77 * Returns a list of all users and their user ids, wrapped in <option> tags.
79 * @param int uid current user (to be displayed as selected)
80 * @return string string with <option> tags, to be wrapped in <select>
83 function userlist ($uid = 0)
89 $result = DB_query ("SELECT uid,username FROM {$_TABLES['users']} WHERE uid > 1 ORDER BY username");
91 while ($A = DB_fetchArray ($result)) {
92 $retval .= '<option value="' . $A['uid'] . '"';
93 if ($uid == $A['uid']) {
94 $retval .= ' selected="selected"';
96 $retval .= '>' . $A['username'] . '</option>' . LB;
102 function liststories()
104 global $_CONF, $_TABLES, $_IMAGE_TYPE,
105 $LANG09, $LANG_ADMIN, $LANG_ACCESS, $LANG24;
107 require_once $_CONF['path_system'] . 'lib-admin.php';
111 if (!empty ($_GET['tid'])) {
112 $current_topic = COM_applyFilter($_GET['tid']);
113 } elseif (!empty ($_POST['tid'])) {
114 $current_topic = COM_applyFilter($_POST['tid']);
116 $current_topic = $LANG09[9];
119 if ($current_topic == $LANG09[9]) { // "All"
122 $topicsql = "SELECT tid,topic FROM {$_TABLES['topics']}"
124 $tresult = DB_query($topicsql);
125 $trows = DB_numRows($tresult);
128 for ($i = 0; $i < $trows; $i++) {
129 $T = DB_fetchArray($tresult);
130 $exclude[] = $T['tid'];
131 $seltopics .= '<option value="' . $T['tid'] . '"';
132 if ($current_topic == $T['tid']) {
133 $seltopics .= ' selected="selected"';
135 $seltopics .= '>' . $T['topic'] . '</option>' . LB;
137 $excludetopics = " (tid IN ('" . implode( "','", $exclude ) . "')) ";
139 $retval .= COM_showMessage(101);
143 $excludetopics = " tid = '$current_topic' ";
144 $seltopics = COM_topicList('tid,topic', $current_topic, 1, true);
145 if (empty($seltopics)) {
146 $retval .= COM_showMessage(101);
151 $alltopics = '<option value="' .$LANG09[9]. '"';
152 if ($current_topic == $LANG09[9]) {
153 $alltopics .= ' selected="selected"';
155 $alltopics .= '>' .$LANG09[9]. '</option>' . LB;
156 $filter = $LANG_ADMIN['topic']
157 . ': <select name="tid" style="width: 125px" onchange="this.form.submit()">'
158 . $alltopics . $seltopics . '</select>';
161 array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false));
163 $header_arr[] = array('text' => $LANG_ADMIN['title'], 'field' => 'title', 'sort' => true);
164 $header_arr[] = array('text' => $LANG_ACCESS['access'], 'field' => 'access', 'sort' => false);
165 $header_arr[] = array('text' => $LANG24[34], 'field' => 'draft_flag', 'sort' => true);
166 $header_arr[] = array('text' => $LANG24[7], 'field' => 'username', 'sort' => true); //author
167 $header_arr[] = array('text' => $LANG24[15], 'field' => 'unixdate', 'sort' => true); //date
168 $header_arr[] = array('text' => $LANG_ADMIN['topic'], 'field' => 'tid', 'sort' => true);
169 $header_arr[] = array('text' => $LANG24[32], 'field' => 'featured', 'sort' => true);
171 if (SEC_hasRights ('story.ping') && ($_CONF['trackback_enabled'] ||
172 $_CONF['pingback_enabled'] || $_CONF['ping_enabled'])) {
173 $header_arr[] = array('text' => $LANG24[20], 'field' => 'ping', 'sort' => false);
176 $defsort_arr = array('field' => 'unixdate', 'direction' => 'desc');
179 array('url' => $_CONF['site_admin_url'] . '/story.php?mode=edit&editor=std',
180 'text' => $LANG_ADMIN['create_new'])
183 $menu_arr[] = array('url' => $_CONF['site_admin_url'],
184 'text' => $LANG_ADMIN['admin_home']);
186 $retval .= COM_startBlock($LANG24[22], '',
187 COM_getBlockTemplate('_admin_block', 'header'));
189 $retval .= ADMIN_createMenu(
192 $_CONF['layout_url'] . '/images/icons/story.' . $_IMAGE_TYPE
195 'has_extras' => true,
196 'form_url' => $_CONF['site_admin_url'] . '/story.php'
199 $sql = "SELECT {$_TABLES['stories']}.*, {$_TABLES['users']}.username, {$_TABLES['users']}.fullname, "
200 ."UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} "
201 ."LEFT JOIN {$_TABLES['users']} ON {$_TABLES['stories']}.uid={$_TABLES['users']}.uid "
204 if (!empty ($excludetopics)) {
205 $excludetopics = 'AND ' . $excludetopics;
208 'table' => 'stories',
210 'query_fields' => array('title', 'introtext', 'bodytext', 'sid', 'tid'),
211 'default_filter' => $excludetopics . COM_getPermSQL ('AND')
214 $retval .= ADMIN_list('story', 'ADMIN_getListField_stories', $header_arr,
215 $text_arr, $query_arr, $defsort_arr, $filter);
216 $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
224 * Displays the story entry form
226 * @param string $sid ID of story to edit
227 * @param string $mode 'preview', 'edit', 'editsubmission'
228 * @param string $errormsg a message to display on top of the page
229 * @param string $currenttopic topic selection for drop-down menu
230 * @return string HTML for story editor
233 function storyeditor($sid = '', $mode = '', $errormsg = '', $currenttopic = '')
235 global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG24, $LANG_ACCESS,
236 $LANG_ADMIN, $MESSAGE;
240 if (!isset ($_CONF['hour_mode'])) {
241 $_CONF['hour_mode'] = 12;
244 if (!empty ($errormsg)) {
245 $display .= COM_startBlock($LANG24[25], '',
246 COM_getBlockTemplate ('_msg_block', 'header'));
247 $display .= $errormsg;
248 $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
251 if (!empty ($currenttopic)) {
252 $allowed = DB_getItem ($_TABLES['topics'], 'tid',
253 "tid = '" . addslashes ($currenttopic) . "'" .
254 COM_getTopicSql ('AND'));
256 if ($allowed != $currenttopic) {
261 $story = new Story();
262 if ($mode == 'preview') {
263 // Handle Magic GPC Garbage:
264 while (list($key, $value) = each($_POST)) {
265 if (!is_array($value)) {
266 $_POST[$key] = COM_stripslashes($value);
268 while (list($subkey, $subvalue) = each($value)) {
269 $value[$subkey] = COM_stripslashes($subvalue);
273 $result = $story->loadFromArgsArray($_POST);
275 $result = $story->loadFromDatabase($sid, $mode);
278 if( ($result == STORY_PERMISSION_DENIED) || ($result == STORY_NO_ACCESS_PARAMS) )
280 $display .= COM_startBlock($LANG_ACCESS['accessdenied'], '',
281 COM_getBlockTemplate ('_msg_block', 'header'));
282 $display .= $LANG24[42];
283 $display .= COM_endBlock(COM_getBlockTemplate ('_msg_block', 'footer'));
284 COM_accessLog("User {$_USER['username']} tried to illegally access story $sid.");
286 } elseif( ($result == STORY_EDIT_DENIED) || ($result == STORY_EXISTING_NO_EDIT_PERMISSION) ) {
287 $display .= COM_startBlock($LANG_ACCESS['accessdenied'], '',
288 COM_getBlockTemplate ('_msg_block', 'header'));
289 $display .= $LANG24[41];
290 $display .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
291 $display .= STORY_renderArticle ($story, 'p');
292 COM_accessLog("User {$_USER['username']} tried to illegally edit story $sid.");
294 } elseif( $result == STORY_INVALID_SID ) {
295 if( $mode == 'editsubmission' )
297 // that submission doesn't seem to be there any more (may have been
298 // handled by another Admin) - take us back to the moderation page
299 return COM_refresh( $_CONF['site_admin_url'] . '/moderation.php' );
301 return COM_refresh( $_CONF['site_admin_url'] . '/story.php' );
303 } elseif( $result == STORY_DUPLICATE_SID) {
304 $display .= COM_showMessageText($LANG24[24]);
307 // Load HTML templates
308 $story_templates = new Template($_CONF['path_layout'] . 'admin/story');
309 if ( isset ($_CONF['advanced_editor']) && ($_CONF['advanced_editor'] == 1 )
310 && file_exists ($_CONF['path_layout'] . 'admin/story/storyeditor_advanced.thtml')) {
311 $advanced_editormode = true;
312 $story_templates->set_file(array('editor'=>'storyeditor_advanced.thtml'));
313 $story_templates->set_var ( 'xhtml', XHTML );
314 $story_templates->set_var ('change_editormode', 'onchange="change_editmode(this);"');
316 require_once $_CONF['path_system'] . 'classes/navbar.class.php';
317 $story_templates->set_var ('show_preview', 'none');
318 $story_templates->set_var ('lang_expandhelp', $LANG24[67]);
319 $story_templates->set_var ('lang_reducehelp', $LANG24[68]);
320 $story_templates->set_var ('lang_publishdate', $LANG24[69]);
321 $story_templates->set_var ('lang_toolbar', $LANG24[70]);
322 $story_templates->set_var ('toolbar1', $LANG24[71]);
323 $story_templates->set_var ('toolbar2', $LANG24[72]);
324 $story_templates->set_var ('toolbar3', $LANG24[73]);
325 $story_templates->set_var ('toolbar4', $LANG24[74]);
326 $story_templates->set_var ('toolbar5', $LANG24[75]);
328 if ($story->EditElements('advanced_editor_mode') == 1 OR $story->EditElements('postmode') == 'adveditor') {
329 $story_templates->set_var ('show_texteditor', 'none');
330 $story_templates->set_var ('show_htmleditor', '');
332 $story_templates->set_var ('show_texteditor', '');
333 $story_templates->set_var ('show_htmleditor', 'none');
336 $story_templates->set_file(array('editor' => 'storyeditor.thtml'));
337 $story_templates->set_var('xhtml', XHTML);
338 $advanced_editormode = false;
340 $story_templates->set_var ('site_url', $_CONF['site_url']);
341 $story_templates->set_var ('site_admin_url', $_CONF['site_admin_url']);
342 $story_templates->set_var ('layout_url', $_CONF['layout_url']);
343 $story_templates->set_var ('hour_mode', $_CONF['hour_mode']);
345 if ($story->hasContent()) {
346 $previewContent = STORY_renderArticle($story, 'p');
347 if ($advanced_editormode AND $previewContent != '' ) {
348 $story_templates->set_var('preview_content', $previewContent);
349 } elseif ($previewContent != '') {
350 $display .= COM_startBlock ($LANG24[26], '',
351 COM_getBlockTemplate ('_admin_block', 'header'));
352 $display .= $previewContent;
353 $display .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer'));
357 if ($advanced_editormode) {
358 $navbar = new navbar;
359 if (!empty ($previewContent)) {
360 $navbar->add_menuitem($LANG24[79],'showhideEditorDiv("preview",0);return false;',true);
361 $navbar->add_menuitem($LANG24[80],'showhideEditorDiv("editor",1);return false;',true);
362 $navbar->add_menuitem($LANG24[81],'showhideEditorDiv("publish",2);return false;',true);
363 $navbar->add_menuitem($LANG24[82],'showhideEditorDiv("images",3);return false;',true);
364 $navbar->add_menuitem($LANG24[83],'showhideEditorDiv("archive",4);return false;',true);
365 $navbar->add_menuitem($LANG24[84],'showhideEditorDiv("perms",5);return false;',true);
366 $navbar->add_menuitem($LANG24[85],'showhideEditorDiv("all",6);return false;',true);
368 $navbar->add_menuitem($LANG24[80],'showhideEditorDiv("editor",0);return false;',true);
369 $navbar->add_menuitem($LANG24[81],'showhideEditorDiv("publish",1);return false;',true);
370 $navbar->add_menuitem($LANG24[82],'showhideEditorDiv("images",2);return false;',true);
371 $navbar->add_menuitem($LANG24[83],'showhideEditorDiv("archive",3);return false;',true);
372 $navbar->add_menuitem($LANG24[84],'showhideEditorDiv("perms",4);return false;',true);
373 $navbar->add_menuitem($LANG24[85],'showhideEditorDiv("all",5);return false;',true);
375 if ($mode == 'preview') {
376 $story_templates->set_var ('show_preview', '');
377 $story_templates->set_var ('show_htmleditor', 'none');
378 $story_templates->set_var ('show_texteditor', 'none');
379 $story_templates->set_var ('show_submitoptions', 'none');
380 $navbar->set_selected($LANG24[79]);
382 $navbar->set_selected($LANG24[80]);
384 $story_templates->set_var ('navbar', $navbar->generate() );
387 $oldsid = $story->EditElements('originalSid');
388 if (!empty ($oldsid)) {
389 $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete']
390 . '" name="mode"%s' . XHTML . '>';
391 $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
392 $story_templates->set_var ('delete_option',
393 sprintf ($delbutton, $jsconfirm));
394 $story_templates->set_var ('delete_option_no_confirmation',
395 sprintf ($delbutton, ''));
397 if (($mode == 'editsubmission') || ($story->type == 'submission')) {
398 $story_templates->set_var ('submission_option',
399 '<input type="hidden" name="type" value="submission"' . XHTML . '>');
401 $story_templates->set_var ('lang_author', $LANG24[7]);
402 $storyauthor = COM_getDisplayName ($story->EditElements('uid'));
403 $story_templates->set_var ('story_author', $storyauthor);
404 $story_templates->set_var ('author', $storyauthor);
405 $story_templates->set_var ('story_uid', $story->EditElements('uid'));
408 $story_templates->set_var('lang_accessrights',$LANG_ACCESS['accessrights']);
409 $story_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
410 $ownername = COM_getDisplayName ($story->EditElements('owner_id'));
411 $story_templates->set_var( 'owner_username', DB_getItem ($_TABLES['users'],
412 'username', 'uid = ' .
413 $story->EditElements( 'owner_id' ) ) );
414 $story_templates->set_var('owner_name', $ownername);
415 $story_templates->set_var('owner', $ownername);
416 $story_templates->set_var('owner_id', $story->EditElements('owner_id'));
417 $story_templates->set_var('lang_group', $LANG_ACCESS['group']);
418 $story_templates->set_var('group_dropdown',
419 SEC_getGroupDropdown ($story->EditElements('group_id'), 3));
420 $story_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
421 $story_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
422 $story_templates->set_var('permissions_editor', SEC_getPermissionsHTML(
423 $story->EditElements('perm_owner'),$story->EditElements('perm_group'),
424 $story->EditElements('perm_members'),$story->EditElements('perm_anon')));
425 $story_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']);
426 $story_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
427 $curtime = COM_getUserDateTimeFormat($story->EditElements('date'));
428 $story_templates->set_var('lang_date', $LANG24[15]);
430 $story_templates->set_var('publish_second', $story->EditElements('publish_second'));
433 $publish_hour = $story->EditElements('publish_hour');
434 if ($publish_hour >= 12) {
435 if ($publish_hour > 12) {
436 $publish_hour = $publish_hour - 12;
442 $ampm_select = COM_getAmPmFormSelection ('publish_ampm', $ampm);
443 $story_templates->set_var ('publishampm_selection', $ampm_select);
445 $month_options = COM_getMonthFormOptions($story->EditElements('publish_month'));
446 $story_templates->set_var('publish_month_options', $month_options);
448 $day_options = COM_getDayFormOptions($story->EditElements('publish_day'));
449 $story_templates->set_var('publish_day_options', $day_options);
451 $year_options = COM_getYearFormOptions($story->EditElements('publish_year'));
452 $story_templates->set_var('publish_year_options', $year_options);
454 if ($_CONF['hour_mode'] == 24) {
455 $hour_options = COM_getHourFormOptions ($story->EditElements('publish_hour'), 24);
457 $hour_options = COM_getHourFormOptions ($publish_hour);
459 $story_templates->set_var('publish_hour_options', $hour_options);
461 $minute_options = COM_getMinuteFormOptions($story->EditElements('publish_minute'));
462 $story_templates->set_var('publish_minute_options', $minute_options);
464 $story_templates->set_var('publish_date_explanation', $LANG24[46]);
465 $story_templates->set_var('story_unixstamp', $story->EditElements('unixdate'));
467 $story_templates->set_var('expire_second', $story->EditElements('expire_second'));
470 $expire_hour = $story->EditElements('expire_hour');
471 if ($expire_hour >= 12) {
472 if ($expire_hour > 12) {
473 $expire_hour = $expire_hour - 12;
479 $ampm_select = COM_getAmPmFormSelection ('expire_ampm', $ampm);
480 if (empty ($ampm_select)) {
481 // have a hidden field to 24 hour mode to prevent JavaScript errors
482 $ampm_select = '<input type="hidden" name="expire_ampm" value=""' . XHTML . '>';
484 $story_templates->set_var ('expireampm_selection', $ampm_select);
486 $month_options = COM_getMonthFormOptions($story->EditElements('expire_month'));
487 $story_templates->set_var('expire_month_options', $month_options);
489 $day_options = COM_getDayFormOptions($story->EditElements('expire_day'));
490 $story_templates->set_var('expire_day_options', $day_options);
492 $year_options = COM_getYearFormOptions($story->EditElements('expire_year'));
493 $story_templates->set_var('expire_year_options', $year_options);
495 if ($_CONF['hour_mode'] == 24) {
496 $hour_options = COM_getHourFormOptions ($story->EditElements('expire_hour'), 24);
498 $hour_options = COM_getHourFormOptions ($expire_hour);
500 $story_templates->set_var('expire_hour_options', $hour_options);
502 $minute_options = COM_getMinuteFormOptions($story->EditElements('expire_minute'));
503 $story_templates->set_var('expire_minute_options', $minute_options);
505 $story_templates->set_var('expire_date_explanation', $LANG24[46]);
506 $story_templates->set_var('story_unixstamp', $story->EditElements('expirestamp'));
508 $atopic = DB_getItem($_TABLES['topics'], 'tid', "archive_flag = 1");
509 $have_archive_topic = (empty($atopic) ? false : true);
511 if ($story->EditElements('statuscode') == STORY_ARCHIVE_ON_EXPIRE) {
512 $story_templates->set_var('is_checked2', 'checked="checked"');
513 $story_templates->set_var('is_checked3', 'checked="checked"');
514 $story_templates->set_var('showarchivedisabled', 'false');
515 $have_archive_topic = true; // force display of auto archive option
516 } elseif ($story->EditElements('statuscode') == STORY_DELETE_ON_EXPIRE) {
517 $story_templates->set_var('is_checked2', 'checked="checked"');
518 $story_templates->set_var('is_checked4', 'checked="checked"');
519 if (! $have_archive_topic) {
520 $story_templates->set_var('is_checked3', 'style="display:none;"');
522 $story_templates->set_var('showarchivedisabled', 'false');
524 if (! $have_archive_topic) {
525 $story_templates->set_var('is_checked3', 'style="display:none;"');
527 $story_templates->set_var('showarchivedisabled', 'true');
529 $story_templates->set_var('lang_archivetitle', $LANG24[58]);
530 $story_templates->set_var('lang_option', $LANG24[59]);
531 $story_templates->set_var('lang_enabled', $LANG_ADMIN['enabled']);
532 $story_templates->set_var('lang_story_stats', $LANG24[87]);
533 if ($have_archive_topic) {
534 $story_templates->set_var('lang_optionarchive', $LANG24[61]);
536 $story_templates->set_var('lang_optionarchive', '');
538 $story_templates->set_var('lang_optiondelete', $LANG24[62]);
539 $story_templates->set_var('lang_title', $LANG_ADMIN['title']);
540 $story_templates->set_var('story_title', $story->EditElements('title'));
541 $story_templates->set_var('lang_metadescription', $LANG_ADMIN['meta_description']);
542 $story_templates->set_var('meta_description', $story->EditElements('meta_description'));
543 $story_templates->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']);
544 $story_templates->set_var('meta_keywords', $story->EditElements('meta_keywords'));
545 $story_templates->set_var('lang_topic', $LANG_ADMIN['topic']);
546 if(empty($currenttopic) && ($story->EditElements('tid') == '')) {
547 $story->setTid(DB_getItem($_TABLES['topics'], 'tid',
548 'is_default = 1' . COM_getPermSQL('AND')));
549 } elseif ($story->EditElements('tid') == '') {
550 $story->setTid($currenttopic);
553 $tlist = COM_topicList('tid,topic', $story->EditElements('tid'), 1, true);
555 $display .= COM_showMessage(101);
558 $story_templates->set_var('topic_options', $tlist);
559 $story_templates->set_var('lang_show_topic_icon', $LANG24[56]);
560 if ($story->EditElements('show_topic_icon') == 1) {
561 $story_templates->set_var('show_topic_icon_checked', 'checked="checked"');
563 $story_templates->set_var('show_topic_icon_checked', '');
565 $story_templates->set_var('lang_draft', $LANG24[34]);
566 if ($story->EditElements('draft_flag')) {
567 $story_templates->set_var('is_checked', 'checked="checked"');
569 $story_templates->set_var ('lang_mode', $LANG24[3]);
570 $story_templates->set_var ('status_options',
571 COM_optionList ($_TABLES['statuscodes'], 'code,name',
572 $story->EditElements('statuscode')));
573 $story_templates->set_var ('comment_options',
574 COM_optionList ($_TABLES['commentcodes'], 'code,name',
575 $story->EditElements('commentcode')));
576 $story_templates->set_var ('trackback_options',
577 COM_optionList ($_TABLES['trackbackcodes'], 'code,name',
578 $story->EditElements('trackbackcode')));
580 $story_templates->set_var('lang_cmt_disable', $LANG24[63]);
581 if ($story->EditElements('cmt_close')) {
582 $story_templates->set_var('is_checked5', 'checked="checked"');
583 $story_templates->set_var('showcmtclosedisabled', 'false');
585 $story_templates->set_var('showcmtclosedisabled', 'true');
588 $month_options = COM_getMonthFormOptions($story->EditElements('cmt_close_month'));
589 $story_templates->set_var('cmt_close_month_options', $month_options);
591 $day_options = COM_getDayFormOptions($story->EditElements('cmt_close_day'));
592 $story_templates->set_var('cmt_close_day_options', $day_options);
594 // ensure that the year dropdown includes the close year
595 $endtm = mktime(0, 0, 0, date('m'),
596 date('d') + $_CONF['article_comment_close_days'], date('Y'));
597 $yoffset = date('Y', $endtm) - date('Y');
598 $close_year = $story->EditElements('cmt_close_year');
600 $year_options = COM_getYearFormOptions($close_year, $yoffset);
601 } elseif ($yoffset > 5) {
602 $year_options = COM_getYearFormOptions($close_year, -1, $yoffset);
604 $year_options = COM_getYearFormOptions($close_year);
606 $story_templates->set_var('cmt_close_year_options', $year_options);
608 $cmt_close_ampm = '';
609 $cmt_close_hour = $story->EditElements('cmt_close_hour');
611 if ($cmt_close_hour >= 12) {
612 if ($cmt_close_hour > 12) {
613 $cmt_close_hour = $cmt_close_hour - 12;
619 $ampm_select = COM_getAmPmFormSelection ('cmt_close_ampm', $ampm);
620 if (empty ($ampm_select)) {
621 // have a hidden field to 24 hour mode to prevent JavaScript errors
622 $ampm_select = '<input type="hidden" name="cmt_close_ampm" value=""' . XHTML . '>';
624 $story_templates->set_var ('cmt_close_ampm_selection', $ampm_select);
626 if ($_CONF['hour_mode'] == 24) {
627 $hour_options = COM_getHourFormOptions ($story->EditElements('cmt_close_hour'), 24);
629 $hour_options = COM_getHourFormOptions ($cmt_close_hour);
631 $story_templates->set_var('cmt_close_hour_options', $hour_options);
633 $minute_options = COM_getMinuteFormOptions($story->EditElements('cmt_close_minute'));
634 $story_templates->set_var('cmt_close_minute_options', $minute_options);
636 $story_templates->set_var('cmt_close_second', $story->EditElements('cmt_close_second'));
638 if (($_CONF['onlyrootfeatures'] == 1 && SEC_inGroup('Root'))
639 or ($_CONF['onlyrootfeatures'] !== 1)) {
640 $featured_options = "<select name=\"featured\">" . LB
641 . COM_optionList ($_TABLES['featurecodes'], 'code,name', $story->EditElements('featured'))
644 $featured_options = "<input type=\"hidden\" name=\"featured\" value=\"0\"" . XHTML . ">";
646 $story_templates->set_var ('featured_options',$featured_options);
647 $story_templates->set_var ('frontpage_options',
648 COM_optionList ($_TABLES['frontpagecodes'], 'code,name',
649 $story->EditElements('frontpage')));
651 $story_templates->set_var('story_introtext', $story->EditElements('introtext'));
653 $story_templates->set_var('story_bodytext', $story->EditElements('bodytext'));
654 $story_templates->set_var('lang_introtext', $LANG24[16]);
655 $story_templates->set_var('lang_bodytext', $LANG24[17]);
656 $story_templates->set_var('lang_postmode', $LANG24[4]);
657 $story_templates->set_var('lang_publishoptions',$LANG24[76]);
658 $story_templates->set_var('lang_nojavascript',$LANG24[77]);
659 $story_templates->set_var('no_javascript_return_link',sprintf($LANG24[78],$_CONF['site_admin_url'], $sid));
660 $post_options = COM_optionList($_TABLES['postmodes'],'code,name',$story->EditElements('postmode'));
662 // If Advanced Mode - add post option and set default if editing story created with Advanced Editor
663 if ($_CONF['advanced_editor'] == 1) {
664 if ($story->EditElements('advanced_editor_mode') == 1 OR $story->EditElements('postmode') == 'adveditor') {
665 $post_options .= '<option value="adveditor" selected="selected">'.$LANG24[86].'</option>';
667 $post_options .= '<option value="adveditor">'.$LANG24[86].'</option>';
670 if ($_CONF['wikitext_editor']) {
671 if ($story->EditElements('postmode') == 'wikitext') {
672 $post_options .= '<option value="wikitext" selected="selected">'.$LANG24[88].'</option>';
674 $post_options .= '<option value="wikitext">'.$LANG24[88].'</option>';
677 $story_templates->set_var('post_options',$post_options );
678 $story_templates->set_var('lang_allowed_html',
679 COM_allowedHTML('story.edit'));
682 if ($_CONF['maximagesperarticle'] > 0) {
683 $story_templates->set_var('lang_images', $LANG24[47]);
684 $icount = DB_count($_TABLES['article_images'],'ai_sid', $story->getSid());
686 $result_articles = DB_query("SELECT * FROM {$_TABLES['article_images']} WHERE ai_sid = '".$story->getSid()."'");
687 for ($z = 1; $z <= $icount; $z++) {
688 $I = DB_fetchArray($result_articles);
689 $saved_images .= $z . ') '
690 . COM_createLink($I['ai_filename'],
691 $_CONF['site_url'] . '/images/articles/' . $I['ai_filename'])
692 . ' ' . $LANG_ADMIN['delete']
693 . ': <input type="checkbox" name="delete[' .$I['ai_img_num']
694 . ']"' . XHTML . '><br' . XHTML . '>';
698 $newallowed = $_CONF['maximagesperarticle'] - $icount;
699 for ($z = $icount + 1; $z <= $_CONF['maximagesperarticle']; $z++) {
700 $fileinputs .= $z . ') <input type="file" dir="ltr" name="file'
701 . $z . '"' . XHTML . '>';
702 if ($z < $_CONF['maximagesperarticle']) {
703 $fileinputs .= '<br' . XHTML . '>';
706 $fileinputs .= '<br' . XHTML . '>' . $LANG24[51];
707 if ($_CONF['allow_user_scaling'] == 1) {
708 $fileinputs .= $LANG24[27];
710 $fileinputs .= $LANG24[28] . '<br' . XHTML . '>';
712 $story_templates->set_var('saved_images', $saved_images);
713 $story_templates->set_var('image_form_elements', $fileinputs);
714 $story_templates->set_var('lang_hits', $LANG24[18]);
715 $story_templates->set_var('story_hits', $story->EditElements('hits'));
716 $story_templates->set_var('lang_comments', $LANG24[19]);
717 $story_templates->set_var('story_comments', $story->EditElements('comments'));
718 $story_templates->set_var('lang_trackbacks', $LANG24[29]);
719 $story_templates->set_var('story_trackbacks', $story->EditElements('trackbacks'));
720 $story_templates->set_var('lang_emails', $LANG24[39]);
721 $story_templates->set_var('story_emails', $story->EditElements('numemails'));
722 $story_templates->set_var('story_id', $story->getSid());
723 $story_templates->set_var('old_story_id', $story->EditElements('originalSid'));
724 $story_templates->set_var('lang_sid', $LANG24[12]);
725 $story_templates->set_var('lang_save', $LANG_ADMIN['save']);
726 $story_templates->set_var('lang_preview', $LANG_ADMIN['preview']);
727 $story_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
728 $story_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
729 $story_templates->set_var('gltoken_name', CSRF_TOKEN);
730 $story_templates->set_var('gltoken', SEC_createToken());
731 $story_templates->parse('output','editor');
733 $display .= COM_startBlock ($LANG24[5], '',
734 COM_getBlockTemplate ('_admin_block', 'header'));
735 $display .= $story_templates->finish($story_templates->get_var('output'));
736 $display .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer'));
742 * Saves story to database
744 * @param string $type story submission or (new) story
745 * @param string $sid ID of story to save
746 * @param int $uid ID of user that wrote the story
747 * @param string $tid Topic ID story belongs to
748 * @param string $title Title of story
749 * @param string $introtext Introduction text
750 * @param string $bodytext Text of body
751 * @param int $hits Number of times story has been viewed
752 * @param string $unixdate Date story was originally saved
753 * @param int $featured Flag on whether or not this is a featured article
754 * @param string $commentcode Indicates if comments are allowed to be made to article
755 * @param string $trackbackcode Indicates if trackbacks are allowed to be made to article
756 * @param string $statuscode Status of the story
757 * @param string $postmode Is this HTML or plain text?
758 * @param string $frontpage Flag indicates if story will appear on front page and topic or just topic
759 * @param int $draft_flag Flag indicates if story is a draft or not
760 * @param int $numemails Number of times this story has been emailed to someone
761 * @param int $owner_id ID of owner (not necessarily the author)
762 * @param int $group_id ID of group story belongs to
763 * @param int $perm_owner Permissions the owner has on story
764 * @param int $perm_group Permissions the group has on story
765 * @param int $perm_member Permissions members have on story
766 * @param int $perm_anon Permissions anonymous users have on story
767 * @param int $delete String array of attached images to delete from article
770 function submitstory($type='')
776 // Handle Magic GPC Garbage:
777 while (list($key, $value) = each($args)) {
778 if (!is_array($value)) {
779 $args[$key] = COM_stripslashes($value);
781 while (list($subkey, $subvalue) = each($value)) {
782 $value[$subkey] = COM_stripslashes($subvalue);
787 /* ANY FURTHER PROCESSING on POST variables - COM_stripslashes etc.
788 * Do it HERE on $args */
790 PLG_invokeService('story', 'submit', $args, $output, $svc_msg);
796 if (isset($_REQUEST['mode'])){
797 $mode = COM_applyFilter ($_REQUEST['mode']);
800 if (isset($_REQUEST['editopt'])){
801 $editopt = COM_applyFilter ($_REQUEST['editopt']);
802 if ($editopt == 'default') {
803 $_CONF['advanced_editor'] = false;
808 if (($mode == $LANG_ADMIN['delete']) && !empty ($LANG_ADMIN['delete'])) {
809 $sid = COM_applyFilter ($_POST['sid']);
811 if (isset ($_POST['type'])) {
812 $type = COM_applyFilter ($_POST['type']);
814 if (!isset ($sid) || empty ($sid)) {
815 COM_errorLog ('Attempted to delete story sid=' . $sid);
816 echo COM_refresh ($_CONF['site_admin_url'] . '/story.php');
817 } else if ($type == 'submission') {
818 $tid = DB_getItem ($_TABLES['storysubmission'], 'tid', "sid = '$sid'");
819 if (SEC_hasTopicAccess ($tid) < 3) {
820 COM_accessLog ("User {$_USER['username']} tried to illegally delete story submission $sid.");
821 echo COM_refresh ($_CONF['site_admin_url'] . '/index.php');
822 } else if (SEC_checkToken()) {
823 DB_delete ($_TABLES['storysubmission'], 'sid', $sid,
824 $_CONF['site_admin_url'] . '/moderation.php');
826 COM_accessLog ("User {$_USER['username']} tried to illegally delete story submission $sid and failed CSRF checks.");
827 echo COM_refresh ($_CONF['site_admin_url'] . '/index.php');
829 } else if (SEC_checkToken()) {
830 echo STORY_deleteStory ($sid);
832 COM_accessLog ("User {$_USER['username']} tried to delete story and failed CSRF checks $sid.");
833 echo COM_refresh ($_CONF['site_admin_url'] . '/index.php');
835 } else if (($mode == $LANG_ADMIN['preview']) && !empty ($LANG_ADMIN['preview'])) {
836 $display .= COM_siteHeader('menu', $LANG24[5]);
838 if (!empty ($_GET['editor'])) {
839 $editor = COM_applyFilter ($_GET['editor']);
841 $display .= storyeditor (COM_applyFilter ($_POST['sid']), 'preview', '', '',
843 $display .= COM_siteFooter();
844 COM_output($display);
845 } else if ($mode == 'edit') {
846 $display .= COM_siteHeader('menu', $LANG24[5]);
848 if (isset ($_GET['sid'])) {
849 $sid = COM_applyFilter ($_GET['sid']);
852 if (isset ($_GET['topic'])) {
853 $topic = COM_applyFilter ($_GET['topic']);
856 if (isset ($_GET['editor'])) {
857 $editor = COM_applyFilter ($_GET['editor']);
859 $display .= storyeditor ($sid, $mode, '', $topic, $editor);
860 $display .= COM_siteFooter();
861 COM_output($display);
862 } else if ($mode == 'editsubmission') {
863 $display .= COM_siteHeader('menu', $LANG24[5]);
864 $display .= storyeditor (COM_applyFilter ($_GET['id']), $mode);
865 $display .= COM_siteFooter();
866 COM_output($display);
867 } else if (($mode == $LANG_ADMIN['save']) && !empty ($LANG_ADMIN['save']) && SEC_checkToken()) {
869 } else { // 'cancel' or no mode at all
871 if (isset($_POST['type'])){
872 $type = COM_applyFilter ($_POST['type']);
874 if (($mode == $LANG24[10]) && !empty ($LANG24[10]) &&
875 ($type == 'submission')) {
876 $display = COM_refresh ($_CONF['site_admin_url'] . '/moderation.php');
878 $display .= COM_siteHeader('menu', $LANG24[22]);
879 $display .= COM_showMessageFromParameter();
880 $display .= liststories();
881 $display .= COM_siteFooter();
883 COM_output($display);