Add a robots "noindex" meta tag to the submission form (like we already do for the comment submission form)
3 /* Reminder: always indent with 4 spaces (no tabs). */
4 // +---------------------------------------------------------------------------+
6 // +---------------------------------------------------------------------------+
9 // | Let users submit stories and plugin stuff. |
10 // +---------------------------------------------------------------------------+
11 // | Copyright (C) 2000-2008 by the following authors: |
13 // | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
14 // | Mark Limburg - mlimburg AT users DOT sourceforge DOT net |
15 // | Jason Whittenburg - jwhitten AT securitygeeks DOT com |
16 // | Dirk Haun - dirk AT haun-online DOT de |
17 // +---------------------------------------------------------------------------+
19 // | This program is free software; you can redistribute it and/or |
20 // | modify it under the terms of the GNU General Public License |
21 // | as published by the Free Software Foundation; either version 2 |
22 // | of the License, or (at your option) any later version. |
24 // | This program is distributed in the hope that it will be useful, |
25 // | but WITHOUT ANY WARRANTY; without even the implied warranty of |
26 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
27 // | GNU General Public License for more details. |
29 // | You should have received a copy of the GNU General Public License |
30 // | along with this program; if not, write to the Free Software Foundation, |
31 // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
33 // +---------------------------------------------------------------------------+
35 require_once 'lib-common.php';
36 require_once $_CONF['path_system'] . 'lib-story.php';
38 // Uncomment the line below if you need to debug the HTTP variables being passed
39 // to the script. This will sometimes cause errors but it will allow you to see
40 // the data being passed in a POST operation
41 // echo COM_debug($_POST);
44 * Shows a given submission form
46 * This is the submission it is modular to allow us to write as little as
47 * possible. It takes a type and formats a form for the user. Currently the
48 * types is story. If no type is provided, Story is assumed.
50 * @param string $type type of submission ('story')
51 * @param string $mode calendar mode ('personal' or empty string)
52 * @param string $topic topic (for stories)
53 * @return string HTML for submission form
56 function submissionform($type='story', $mode = '', $topic = '')
58 global $_CONF, $_TABLES, $_USER, $LANG12, $LANG_LOGIN;
62 COM_clearSpeedlimit ($_CONF['speedlimit'], 'submit');
64 $last = COM_checkSpeedlimit ('submit');
67 $retval .= COM_startBlock ($LANG12[26], '',
68 COM_getBlockTemplate ('_msg_block', 'header'))
72 . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
74 if (empty ($_USER['username']) &&
75 (($_CONF['loginrequired'] == 1) || ($_CONF['submitloginrequired'] == 1))) {
76 $retval .= COM_startBlock ($LANG_LOGIN[1], '',
77 COM_getBlockTemplate ('_msg_block', 'header'));
78 $loginreq = new Template($_CONF['path_layout'] . 'submit');
79 $loginreq->set_file('loginreq', 'submitloginrequired.thtml');
80 $loginreq->set_var('xhtml', XHTML);
81 $loginreq->set_var('site_url', $_CONF['site_url']);
82 $loginreq->set_var('site_admin_url', $_CONF['site_admin_url']);
83 $loginreq->set_var('layout_url', $_CONF['layout_url']);
84 $loginreq->set_var('login_message', $LANG_LOGIN[2]);
85 $loginreq->set_var('lang_login', $LANG_LOGIN[3]);
86 $loginreq->set_var('lang_newuser', $LANG_LOGIN[4]);
87 $loginreq->parse('errormsg', 'loginreq');
88 $retval .= $loginreq->finish($loginreq->get_var('errormsg'));
89 $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
92 $retval .= COM_startBlock($LANG12[19])
96 if ((strlen($type) > 0) && ($type <> 'story')) {
97 $formresult = PLG_showSubmitForm($type);
98 if ($formresult == false) {
99 COM_errorLog("Someone tried to submit an item to the $type-plugin, which cannot be found.", 1);
100 COM_displayMessageAndAbort (79, '', 410, 'Gone');
102 $retval .= $formresult;
105 $retval .= submitstory($topic);
114 * Shows the story submission form
117 function submitstory($topic = '')
119 global $_CONF, $_TABLES, $_USER, $LANG12, $LANG24;
123 $story = new Story();
125 if( isset( $_POST['mode'] ) && ( $_POST['mode'] == $LANG12[32] ) )
128 $story->loadSubmission();
129 $retval .= COM_startBlock($LANG12[32])
130 . STORY_renderArticle ($story, 'p')
133 $story->initSubmission($topic);
136 $storyform = new Template($_CONF['path_layout'] . 'submit');
137 if (isset ($_CONF['advanced_editor']) && ($_CONF['advanced_editor'] == 1) &&
138 file_exists ($_CONF['path_layout'] . 'submit/submitstory_advanced.thtml')) {
139 $storyform->set_file('storyform','submitstory_advanced.thtml');
140 $storyform->set_var ('change_editormode', 'onchange="change_editmode(this);"');
141 $storyform->set_var ('lang_expandhelp', $LANG24[67]);
142 $storyform->set_var ('lang_reducehelp', $LANG24[68]);
143 if ($story->EditElements('postmode') == 'html') {
144 $storyform->set_var ('show_texteditor', 'none');
145 $storyform->set_var ('show_htmleditor', '');
147 $storyform->set_var ('show_texteditor', '');
148 $storyform->set_var ('show_htmleditor', 'none');
151 $storyform->set_file('storyform','submitstory.thtml');
152 if ($story->EditElements('postmode') == 'html') {
153 $storyform->set_var ('show_texteditor', 'none');
154 $storyform->set_var ('show_htmleditor', '');
156 $storyform->set_var ('show_texteditor', '');
157 $storyform->set_var ('show_htmleditor', 'none');
160 $storyform->set_var ('xhtml', XHTML);
161 $storyform->set_var ('site_url', $_CONF['site_url']);
162 $storyform->set_var ('site_admin_url', $_CONF['site_admin_url']);
163 $storyform->set_var ('layout_url', $_CONF['layout_url']);
164 $storyform->set_var ('lang_username', $LANG12[27]);
166 if (!empty($_USER['username'])) {
167 $storyform->set_var('story_username', $_USER['username']);
168 $storyform->set_var('author', COM_getDisplayName ());
169 $storyform->set_var('status_url', $_CONF['site_url']
170 . '/users.php?mode=logout');
171 $storyform->set_var('lang_loginout', $LANG12[34]);
173 $storyform->set_var('status_url', $_CONF['site_url'] . '/users.php');
174 $storyform->set_var('lang_loginout', $LANG12[2]);
175 if (!$_CONF['disable_new_user_registration']) {
176 $storyform->set_var('separator', ' | ');
177 $storyform->set_var('seperator', ' | ');
182 $_CONF['site_url'] . '/users.php?mode=new',
183 array('rel'=>"nofollow")
189 $storyform->set_var('lang_title', $LANG12[10]);
190 $storyform->set_var('story_title', $story->EditElements('title'));
191 $storyform->set_var('lang_topic', $LANG12[28]);
193 $tlist = COM_topicList('tid,topic', $story->EditElements('tid'));
195 $retval .= COM_showMessage(101);
198 $storyform->set_var('story_topic_options', $tlist);
199 $storyform->set_var('lang_story', $LANG12[29]);
200 $storyform->set_var('lang_introtext', $LANG12[54]);
201 $storyform->set_var('lang_bodytext', $LANG12[55]);
202 $storyform->set_var('story_introtext', $story->EditElements('introtext'));
203 $storyform->set_var('story_bodytext', $story->EditElements('bodytext'));
204 $storyform->set_var('lang_postmode', $LANG12[36]);
205 $storyform->set_var('story_postmode_options', COM_optionList($_TABLES['postmodes'],'code,name',$story->EditElements('postmode')));
206 $storyform->set_var('allowed_html', COM_allowedHTML());
207 $storyform->set_var('story_uid', $story->EditElements('uid'));
208 $storyform->set_var('story_sid', $story->EditElements('sid'));
209 $storyform->set_var('story_date', $story->EditElements('unixdate'));
210 $storyform->set_var('lang_preview', $LANG12[32]);
212 PLG_templateSetVars('story', $storyform);
213 if (($_CONF['skip_preview'] == 1) ||
214 (isset($_POST['mode']) && ($_POST['mode'] == $LANG12[32]))) {
215 $storyform->set_var('save_button',
216 '<input name="mode" type="submit" value="'
217 . $LANG12[8] . '"' . XHTML . '>');
220 $retval .= COM_startBlock($LANG12[6],'submitstory.html');
221 $storyform->parse('theform', 'storyform');
222 $retval .= $storyform->finish($storyform->get_var('theform'));
223 $retval .= COM_endBlock();
229 * Send an email notification for a new submission.
231 * @param string $table Table where the new submission can be found
232 * @param string $story Story object that was submitted.
235 function sendNotification ($table, $story)
237 global $_CONF, $_TABLES, $LANG01, $LANG08, $LANG24, $LANG29, $LANG_ADMIN;
239 $title = COM_undoSpecialChars( $story->displayElements('title') );
240 if ($A['postmode'] == 'html') {
241 $A['introtext'] = strip_tags ($A['introtext']);
243 $introtext = COM_undoSpecialChars( $story->displayElements('introtext') . "\n" . $story->displayElements('bodytext') );
244 $storyauthor = COM_getDisplayName( $story->displayelements('uid') );
245 $topic = stripslashes(DB_getItem ($_TABLES['topics'], 'topic',
246 'tid = \''.$story->displayElements('tid').'\''));
247 $mailbody = "$LANG08[31]: {$title}\n"
248 . "$LANG24[7]: {$storyauthor}\n"
249 . "$LANG08[32]: " . strftime ($_CONF['date']) . "\n"
250 . "{$LANG_ADMIN['topic']}: {$topic}\n\n";
252 if ($_CONF['emailstorieslength'] > 0) {
253 if ($_CONF['emailstorieslength'] > 1) {
254 $introtext = MBYTE_substr ($introtext, 0,
255 $_CONF['emailstorieslength']) . '...';
257 $mailbody .= $introtext . "\n\n";
259 if ($table == $_TABLES['storysubmission']) {
260 $mailbody .= "$LANG01[10] <{$_CONF['site_admin_url']}/moderation.php>\n\n";
262 $articleUrl = COM_buildUrl ($_CONF['site_url']
263 . '/article.php?story=' . $story->getSid() );
264 $mailbody .= $LANG08[33] . ' <' . $articleUrl . ">\n\n";
266 $mailsubject = $_CONF['site_name'] . ' ' . $LANG29[35];
267 $mailbody .= "\n------------------------------\n";
268 $mailbody .= "\n$LANG08[34]\n";
269 $mailbody .= "\n------------------------------\n";
271 COM_mail ($_CONF['site_mail'], $mailsubject, $mailbody);
275 * Saves a story submission
277 * @param array $A Data for that submission
278 * @return string HTML redirect
281 function savestory ($A)
283 global $_CONF, $_TABLES, $_USER;
287 $story = new Story();
288 $story->loadSubmission();
290 // pseudo-formatted story text for the spam check
291 $result = PLG_checkforSpam ($story->GetSpamCheckFormat(), $_CONF['spamx']);
294 COM_updateSpeedlimit ('submit');
295 COM_displayMessageAndAbort ($result, 'spamx', 403, 'Forbidden');
298 COM_updateSpeedlimit ('submit');
300 $result = $story->saveSubmission();
301 if( $result == STORY_NO_ACCESS_TOPIC )
303 // user doesn't have access to this topic - bail
304 $retval = COM_refresh ($_CONF['site_url'] . '/index.php');
305 } elseif( ( $result == STORY_SAVED ) || ( $result == STORY_SAVED_SUBMISSION ) ) {
306 if (isset ($_CONF['notification']) &&
307 in_array ('story', $_CONF['notification']))
309 sendNotification ($_TABLES['storysubmission'], $story);
312 if( $result == STORY_SAVED )
314 $retval = COM_refresh( COM_buildUrl( $_CONF['site_url']
315 . '/article.php?story=' . $story->getSid() ) );
317 $retval = COM_refresh( $_CONF['site_url'] . '/index.php?msg=2' );
325 * This will save a submission
327 * @param string $type Type of submission we are dealing with
328 * @param array $A Data for that submission
331 function savesubmission($type, $A)
333 global $_CONF, $_TABLES, $_USER, $LANG12;
335 $retval = COM_siteHeader ();
337 COM_clearSpeedlimit ($_CONF['speedlimit'], 'submit');
339 $last = COM_checkSpeedlimit ('submit');
342 $retval .= COM_startBlock ($LANG12[26], '',
343 COM_getBlockTemplate ('_msg_block', 'header'))
347 . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'))
353 if (!empty ($type) && ($type != 'story')) {
354 // Update the submitspeedlimit for user - assuming Plugin approves
356 COM_updateSpeedlimit ('submit');
358 // see if this is a submission that needs to be handled by a plugin
359 // and should include its own redirect
360 $retval = PLG_saveSubmission ($type, $A);
362 if ($retval === false) {
363 COM_errorLog ("Could not save your submission. Bad type: $type");
364 } elseif (empty ($retval)) {
365 // plugin should include its own redirect - but in case handle
366 // it here and redirect to the main page
367 return COM_refresh ($_CONF['site_url'] . '/index.php');
373 if (!empty ($A['title']) && !empty ($A['introtext'])) {
374 $retval = savestory ($A);
376 $retval .= COM_startBlock ($LANG12[22], '',
377 COM_getBlockTemplate ('_msg_block', 'header'))
378 . $LANG12[23] // return missing fields error
379 . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'))
380 . submissionform($type)
391 // note that 'type' _may_ come in through $_GET even when the
392 // other parameters are in $_POST
394 if (isset($_POST['type'])) {
395 $type = COM_applyFilter($_POST['type']);
396 } elseif (isset($_GET['type'])) {
397 $type = COM_applyFilter($_GET['type']);
401 if (isset ($_REQUEST['mode'])) {
402 $mode = COM_applyFilter ($_REQUEST['mode']);
405 if (($mode == $LANG12[8]) && !empty ($LANG12[8])) { // submit
406 if (empty ($_USER['username']) &&
407 (($_CONF['loginrequired'] == 1) || ($_CONF['submitloginrequired'] == 1))) {
408 $display = COM_refresh ($_CONF['site_url'] . '/index.php');
410 if ($type == 'story') {
411 $msg = PLG_itemPreSave ($type, $_POST);
413 $_POST['mode'] = $LANG12[32];
414 $display .= COM_siteHeader ('menu', $pagetitle)
415 . COM_errorLog ($msg, 2)
416 . submitstory ($topic)
418 COM_output($display);
422 $display .= savesubmission ($type, $_POST);
425 if ((strlen ($type) > 0) && ($type <> 'story')) {
426 if (SEC_hasRights ("$type.edit") ||
427 SEC_hasRights ("$type.admin")) {
428 echo COM_refresh ($_CONF['site_admin_url']
429 . "/plugins/$type/index.php?mode=edit");
432 } elseif (SEC_hasRights ('story.edit')) {
434 if (isset ($_REQUEST['topic'])) {
435 $topic = '&topic=' . urlencode(COM_applyFilter($_REQUEST['topic']));
437 echo COM_refresh ($_CONF['site_admin_url']
438 . '/story.php?mode=edit' . $topic);
442 if (isset ($_REQUEST['topic'])) {
443 $topic = COM_applyFilter ($_REQUEST['topic']);
448 $pagetitle = $LANG12[6];
454 $noindex = '<meta name="robots" content="noindex"' . XHTML . '>' . LB;
455 $display .= COM_siteHeader ('menu', $pagetitle, $noindex);
456 $display .= submissionform($type, $mode, $topic);
457 $display .= COM_siteFooter();
460 COM_output($display);