Menu
▾
▴
[mxbb-commits] mx_kb/includes kb_post.php,NONE,1.1 functions_kb.php,1.18,1.19 kb_article.php,1.13,1.14 kb_header.php,1.12,1.13 kb_moderator.php,1.4,1.5
|
From: Jon O. <jon...@us...> - 2005-03-26 22:52:49
|
Update of /cvsroot/mxbb/mx_kb/includes In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25039/modules/mx_kb/includes Modified Files: functions_kb.php kb_article.php kb_header.php kb_moderator.php Added Files: kb_post.php Log Message: finally rewriting this module, once and for all - rewritten post methods - better security - separated html. bbcode, smilies from phpbb - wysiwyg support Index: kb_header.php =================================================================== RCS file: /cvsroot/mxbb/mx_kb/includes/kb_header.php,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** kb_header.php 11 Feb 2005 22:10:32 -0000 1.12 --- kb_header.php 26 Mar 2005 22:52:36 -0000 1.13 *************** *** 38,48 **** else { ! while ( $row = $db->sql_fetchrow( $result ) ) { ! $config_name = $row['config_name']; ! $config_value = $row['config_value']; $kb_config[$config_name] = $config_value; } } // $dirname = $phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_kb.'.$phpEx; // include($dirname); --- 38,49 ---- else { ! while ( $row_tmp = $db->sql_fetchrow( $result ) ) { ! $config_name = $row_tmp['config_name']; ! $config_value = $row_tmp['config_value']; $kb_config[$config_name] = $config_value; } } + // $dirname = $phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_kb.'.$phpEx; // include($dirname); Index: functions_kb.php =================================================================== RCS file: /cvsroot/mxbb/mx_kb/includes/functions_kb.php,v retrieving revision 1.18 retrieving revision 1.19 diff -C2 -d -r1.18 -r1.19 *** functions_kb.php 18 Feb 2005 10:07:43 -0000 1.18 --- functions_kb.php 26 Mar 2005 22:52:35 -0000 1.19 *************** *** 91,99 **** // get author of article ! function get_kb_author( $id ) { global $db; ! $sql = "SELECT username FROM " . USERS_TABLE . " WHERE user_id = $id"; --- 91,99 ---- // get author of article ! function get_kb_author( $id, $get_all_userdata = false ) { global $db; ! $sql = "SELECT * FROM " . USERS_TABLE . " WHERE user_id = $id"; *************** *** 106,110 **** if ( $row = $db->sql_fetchrow( $result ) ) { ! $name = $row['username']; } else --- 106,117 ---- if ( $row = $db->sql_fetchrow( $result ) ) { ! if ( $get_all_userdata ) ! { ! $name = $row; ! } ! else ! { ! $name = $row['username']; ! } } else *************** *** 124,128 **** $sql = "SELECT type FROM " . KB_TYPES_TABLE . " ! WHERE id = $id"; if ( !( $result = $db->sql_query( $sql ) ) ) --- 131,135 ---- $sql = "SELECT type FROM " . KB_TYPES_TABLE . " ! WHERE id = '$id'"; if ( !( $result = $db->sql_query( $sql ) ) ) *************** *** 518,521 **** --- 525,707 ---- } + // wgErics good old insert_pm function + function kb_insert_pm( + $to_id, + $message, + $subject, + $from_id, + $html_on = 0, + $bbcode_on = 1, + $smilies_on = 1) + { + global $db, $lang, $user_ip, $board_config, $userdata, $phpbb_root_path, $phpEx; + + if ( !$from_id ) + { + $from_id = $userdata['user_id']; + } + + //get varibles ready + $to_id = intval($to_id); + $from_id = intval($from_id); + $msg_time = time(); + $attach_sig = $userdata['user_attachsig']; + + //get to users info + $sql = "SELECT user_id, user_notify_pm, user_email, user_lang, user_active + FROM " . USERS_TABLE . " + WHERE user_id = '$to_id' + AND user_id <> " . ANONYMOUS; + if ( !($result = $db->sql_query($sql)) ) + { + $error = TRUE; + $error_msg = $lang['No_such_user']; + } + + $to_userdata = $db->sql_fetchrow($result); + + $privmsg_subject = trim(strip_tags($subject)); + if ( empty($privmsg_subject) ) + { + $error = TRUE; + $error_msg .= ( ( !empty($error_msg) ) ? '<br />' : '' ) . $lang['Empty_subject']; + } + + if ( !empty($message) ) + { + if ( !$error ) + { + if ( $bbcode_on ) + { + $bbcode_uid = make_bbcode_uid(); + } + + $privmsg_message = prepare_message($message, $html_on, $bbcode_on, $smilies_on, $bbcode_uid); + $privmsg_message = str_replace('\\\n', '\n', $privmsg_message); + + } + } + else + { + $error = TRUE; + $error_msg .= ( ( !empty($error_msg) ) ? '<br />' : '' ) . $lang['Empty_message']; + } + + // + // See if recipient is at their inbox limit + // + $sql = "SELECT COUNT(privmsgs_id) AS inbox_items, MIN(privmsgs_date) AS oldest_post_time + FROM " . PRIVMSGS_TABLE . " + WHERE ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . " + OR privmsgs_type = " . PRIVMSGS_READ_MAIL . " + OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " ) + AND privmsgs_to_userid = " . $to_userdata['user_id']; + if ( !($result = $db->sql_query($sql)) ) + { + message_die(GENERAL_MESSAGE, $lang['No_such_user']); + } + + $sql_priority = ( SQL_LAYER == 'mysql' ) ? 'LOW_PRIORITY' : ''; + + if ( $inbox_info = $db->sql_fetchrow($result) ) + { + if ( $inbox_info['inbox_items'] >= $board_config['max_inbox_privmsgs'] ) + { + $sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . " + WHERE ( privmsgs_type = " . PRIVMSGS_NEW_MAIL . " + OR privmsgs_type = " . PRIVMSGS_READ_MAIL . " + OR privmsgs_type = " . PRIVMSGS_UNREAD_MAIL . " ) + AND privmsgs_date = " . $inbox_info['oldest_post_time'] . " + AND privmsgs_to_userid = " . $to_userdata['user_id']; + if ( !$result = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, 'Could not find oldest privmsgs (inbox)', '', __LINE__, __FILE__, $sql); + } + $old_privmsgs_id = $db->sql_fetchrow($result); + $old_privmsgs_id = $old_privmsgs_id['privmsgs_id']; + + $sql = "DELETE $sql_priority FROM " . PRIVMSGS_TABLE . " + WHERE privmsgs_id = $old_privmsgs_id"; + if ( !$db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs (inbox)'.$sql, '', __LINE__, __FILE__, $sql); + } + + $sql = "DELETE $sql_priority FROM " . PRIVMSGS_TEXT_TABLE . " + WHERE privmsgs_text_id = $old_privmsgs_id"; + if ( !$db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, 'Could not delete oldest privmsgs text (inbox)', '', __LINE__, __FILE__, $sql); + } + } + } + + $sql_info = "INSERT INTO " . PRIVMSGS_TABLE . " (privmsgs_type, privmsgs_subject, privmsgs_from_userid, privmsgs_to_userid, privmsgs_date, privmsgs_ip, privmsgs_enable_html, privmsgs_enable_bbcode, privmsgs_enable_smilies, privmsgs_attach_sig) + VALUES (" . PRIVMSGS_NEW_MAIL . ", '" . str_replace("\'", "''", $privmsg_subject) . "', " . $from_id . ", " . $to_userdata['user_id'] . ", $msg_time, '$user_ip', $html_on, $bbcode_on, $smilies_on, $attach_sig)"; + + if ( !($result = $db->sql_query($sql_info, BEGIN_TRANSACTION)) ) + { + message_die(GENERAL_ERROR, "Could not insert/update private message sent info.", "", __LINE__, __FILE__, $sql_info); + } + + $privmsg_sent_id = $db->sql_nextid(); + + $sql = "INSERT INTO " . PRIVMSGS_TEXT_TABLE . " (privmsgs_text_id, privmsgs_bbcode_uid, privmsgs_text) + VALUES ($privmsg_sent_id, '" . $bbcode_uid . "', '" . str_replace("\'", "''", $privmsg_message) . "')"; + + if ( !$db->sql_query($sql, END_TRANSACTION) ) + { + message_die(GENERAL_ERROR, "Could not insert/update private message sent text.", "", __LINE__, __FILE__, $sql); + } + + // + // Add to the users new pm counter + // + $sql = "UPDATE " . USERS_TABLE . " + SET user_new_privmsg = user_new_privmsg + 1, user_last_privmsg = " . time() . " + WHERE user_id = " . $to_userdata['user_id']; + if ( !$status = $db->sql_query($sql) ) + { + message_die(GENERAL_ERROR, 'Could not update private message new/read status for user', '', __LINE__, __FILE__, $sql); + } + + if ( $to_userdata['user_notify_pm'] && !empty($to_userdata['user_email']) && $to_userdata['user_active'] ) + { + $script_name = preg_replace('/^\/?(.*?)\/?$/', "\\1", trim($board_config['script_path'])); + $script_name = ( $script_name != '' ) ? $script_name . '/privmsg.'.$phpEx : 'privmsg.'.$phpEx; + $server_name = trim($board_config['server_name']); + $server_protocol = ( $board_config['cookie_secure'] ) ? 'https://' : 'http://'; + $server_port = ( $board_config['server_port'] <> 80 ) ? ':' . trim($board_config['server_port']) . '/' : '/'; + + include($phpbb_root_path . 'includes/emailer.'.$phpEx); + $emailer = new emailer($board_config['smtp_delivery']); + + $emailer->from($board_config['board_email']); + $emailer->replyto($board_config['board_email']); + + $emailer->use_template('privmsg_notify', $to_userdata['user_lang']); + $emailer->email_address($to_userdata['user_email']); + $emailer->set_subject($lang['Notification_subject']); + + $emailer->assign_vars(array( + 'USERNAME' => $to_username, + 'SITENAME' => $board_config['sitename'], + 'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '', + + 'U_INBOX' => $server_protocol . $server_name . $server_port . $script_name . '?folder=inbox') + ); + + $emailer->send(); + $emailer->reset(); + } + + return; + + $msg = $lang['Message_sent'] . '<br /><br />' . sprintf($lang['Click_return_inbox'], '<a href="' . append_sid("privmsg.$phpEx?folder=inbox") . '">', '</a> ') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>'); + + message_die(GENERAL_MESSAGE, $msg); + + } // insert_pm() + // get categories for index *************** *** 910,935 **** } ! // insert post for site updates ! // By netclectic - Adrian Cockburn ! function insert_post( $message, ! $subject, ! $forum_id, ! $user_id, ! $user_name, ! $user_attach_sig, ! $topic_id = null, ! $message_update_text = '', ! $bump_post = 1, ! $topic_type = POST_NORMAL, ! $do_notification = false, ! $notify_user = false, ! $current_time = 0, ! $error_die_function = '', ! $html_on = 1, ! $bbcode_on = 1, ! $smilies_on = 1 ) { ! global $db, $board_config, $user_ip; // initialise some variables $topic_vote = 0; --- 1096,1155 ---- } ! /* ! * Description : This functions is used to insert a post into your phpbb forums. ! * It handles all the related bits like updating post counts, ! * indexing search words, etc. ! * The post is inserted for a specific user, so you will have to ! * already have a user setup which you want to use with it. ! * ! * If you're using the POST method to input data then you should call stripslashes on ! * your subject and message before calling insert_post - see test_insert_post for example. ! * ! * Parameters : $message - the message that will form the body of the post ! * $subject - the subject of the post ! * $forum_id - the forum the post is to be added to ! * $user_id - the id of the user for the post ! * $user_name - the username of the user for the post ! * $user_attach_sig - should the user's signature be attached to the post ! * ! * Options Params : $topic_id - if topic_id is passed then the post will be ! * added as a reply to this topic ! * $topic_type - defaults to POST_NORMAL, can also be ! * POST_STICKY, POST_ANNOUNCE or POST_GLOBAL_ANNOUNCE ! * $do_notification - should users be notified of new posts (only valid for replies) ! * $notify_user - should the 'posting' user be signed up for notifications of this topic ! * $current_time - should the current time be used, if not then you should supply a posting time ! * $error_die_function - can be used to supply a custom error function. ! * $html_on = false - should html be allowed (parsed) in the post text. ! * $bbcode_on = true - should bbcode be allowed (parsed) in the post text. ! * $smilies_on = true - should smilies be allowed (parsed) in the post text. ! * ! * Returns : If the function succeeds without an error it will return an array containing ! * the post id and the topic id of the new post. Any error along the way will result in either ! * the normal phpbb message_die function being called or a custom die function determined ! * by the $error_die_function parameter. ! */ ! ! // insert post for site updates, by netclectic - Adrian Cockburn ! function kb_insert_post( ! $message, ! $subject, ! $forum_id, ! $user_id, ! $user_name, ! $user_attach_sig, ! $topic_id = '', ! $message_update_text = '', ! $topic_type = POST_NORMAL, ! $do_notification = false, ! $notify_user = false, ! $current_time = 0, ! $error_die_function = '', ! $html_on = 0, ! $bbcode_on = 1, ! $smilies_on = 1 ) { ! global $db, $board_config, $user_ip, $kb_config; // initialise some variables $topic_vote = 0; *************** *** 937,956 **** $poll_options = ''; $poll_length = ''; ! if ( $bump_post == 0 ) ! { ! $mode = 'update_only'; ! } ! ! $bbcode_uid = ( $bbcode_on ) ? make_bbcode_uid() : ''; ! $error_die_function = ( $error_die_function == '' ) ? "message_die" : $error_die_function; ! $current_time = ( $current_time == 0 ) ? time() : $current_time; ! // parse the message and the subject ! $message_update_text = str_replace( "\'", "''", prepare_message( trim( $message_update_text . $message ), $html_on, $bbcode_on, $smilies_on, $bbcode_uid ) ); ! $message = str_replace( "\'", "''", prepare_message( trim( $message ), $html_on, $bbcode_on, $smilies_on, $bbcode_uid ) ); ! $subject = str_replace( "\'", "''", trim( $subject ) ); ! $username = str_replace( "\'", "''", trim( strip_tags( $user_name ) ) ); // if this is a new topic then insert the topic details ! if ( is_null( $topic_id ) ) { $mode = 'newtopic'; --- 1157,1177 ---- $poll_options = ''; $poll_length = ''; + $mode = 'reply'; ! $bbcode_uid = ($bbcode_on) ? make_bbcode_uid() : ''; ! $error_die_function = ($error_die_function == '') ? "message_die" : $error_die_function; ! $current_time = ($current_time == 0) ? time() : $current_time; ! ! // parse the message and the subject (belt & braces :) ! $message = addslashes(unprepare_message($message)); ! $message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid); ! $message_update_text = addslashes(unprepare_message($message_update_text)); ! $message_update_text = prepare_message(trim($message_update_text), $html_on, $bbcode_on, $smilies_on, $bbcode_uid); ! $subject = addslashes(unprepare_message(trim($subject))); ! $username = addslashes(unprepare_message(trim($user_name))); ! $username = phpbb_clean_username( $username ); ! // if this is a new topic then insert the topic details ! if ( empty( $topic_id ) ) { $mode = 'newtopic'; *************** *** 963,967 **** } // insert the post details using the topic id ! if ( $mode != 'update_only' ) { $sql = "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ($topic_id, $forum_id, " . $user_id . ", '$username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $user_attach_sig)"; --- 1184,1188 ---- } // insert the post details using the topic id ! if ( $mode == 'newtopic' || $kb_config['bump_post'] == '1' ) { $sql = "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ($topic_id, $forum_id, " . $user_id . ", '$username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $user_attach_sig)"; *************** *** 1021,1025 **** } // do we need to do user notification ! if ( ( $mode != 'newtopic' ) && $do_notification ) { $post_data = array(); --- 1242,1246 ---- } // do we need to do user notification ! if ( ($mode != 'newtopic') && $do_notification ) { $post_data = array(); *************** *** 1028,1033 **** // End if mode is update_only } ! // Update original post ! // Added by Haplo $sql = "SELECT topic_first_post_id FROM " . TOPICS_TABLE . " --- 1249,1255 ---- // End if mode is update_only } ! ! // Start KB addon - update original post -------------------------------------------------- ! $sql = "SELECT topic_first_post_id FROM " . TOPICS_TABLE . " *************** *** 1042,1045 **** --- 1264,1276 ---- $orig_post_id = $row[0]; + $sql = "UPDATE " . TOPICS_TABLE . " SET + topic_title = '$subject' + WHERE topic_id = '$topic_id'"; + + if ( !( $result = $db->sql_query( $sql, BEGIN_TRANSACTION ) ) ) + { + message_die( GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql ); + } + $sql = "UPDATE " . POSTS_TEXT_TABLE . " SET post_subject = '$subject', *************** *** 1052,1213 **** message_die( GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql ); } // if all is well then return the id of our new post return array( 'post_id' => $post_id, 'topic_id' => $topic_id ); } - function add_kb_words( $post_id, $post_text, $post_title = '' ) - { - global $db, $phpbb_root_path, $mx_root_path, $module_root_path, $board_config, $lang, $is_block, $page_id; - - $stopword_array = @file( $phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_stopwords.txt" ); - $synonym_array = @file( $phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . "/search_synonyms.txt" ); - - $search_raw_words = array(); - $search_raw_words['text'] = split_words( clean_words( 'post', $post_text, $stopword_array, $synonym_array ) ); - $search_raw_words['title'] = split_words( clean_words( 'post', $post_title, $stopword_array, $synonym_array ) ); - - $word = array(); - $word_insert_sql = array(); - while ( list( $word_in, $search_matches ) = @each( $search_raw_words ) ) - { - $word_insert_sql[$word_in] = ''; - if ( !empty( $search_matches ) ) - { - for ( $i = 0; $i < count( $search_matches ); $i++ ) - { - $search_matches[$i] = trim( $search_matches[$i] ); - - if ( $search_matches[$i] != '' ) - { - $word[] = $search_matches[$i]; - if ( !strstr( $word_insert_sql[$word_in], "'" . $search_matches[$i] . "'" ) ) - { - $word_insert_sql[$word_in] .= ( $word_insert_sql[$word_in] != "" ) ? ", '" . $search_matches[$i] . "'" : "'" . $search_matches[$i] . "'"; - } - } - } - } - } - - if ( count( $word ) ) - { - sort( $word ); - - $prev_word = ''; - $word_text_sql = ''; - $temp_word = array(); - for( $i = 0; $i < count( $word ); $i++ ) - { - if ( $word[$i] != $prev_word ) - { - $temp_word[] = $word[$i]; - $word_text_sql .= ( ( $word_text_sql != '' ) ? ', ' : '' ) . "'" . $word[$i] . "'"; - } - $prev_word = $word[$i]; - } - $word = $temp_word; - - $check_words = array(); - switch ( SQL_LAYER ) - { - case 'postgresql': - case 'msaccess': - case 'mssql-odbc': - case 'oracle': - case 'db2': - $sql = "SELECT word_id, word_text - FROM " . SEARCH_WORD_TABLE . " - WHERE word_text IN ($word_text_sql)"; - if ( !( $result = $db->sql_query( $sql ) ) ) - { - message_die( GENERAL_ERROR, 'Could not select words', '', __LINE__, __FILE__, $sql ); - } - - while ( $row = $db->sql_fetchrow( $result ) ) - { - $check_words[$row['word_text']] = $row['word_id']; - } - break; - } - - $value_sql = ''; - $match_word = array(); - for ( $i = 0; $i < count( $word ); $i++ ) - { - $new_match = true; - if ( isset( $check_words[$word[$i]] ) ) - { - $new_match = false; - } - - if ( $new_match ) - { - switch ( SQL_LAYER ) - { - case 'mysql': - case 'mysql4': - $value_sql .= ( ( $value_sql != '' ) ? ', ' : '' ) . '(\'' . $word[$i] . '\', 0)'; - break; - case 'mssql': - $value_sql .= ( ( $value_sql != '' ) ? ' UNION ALL ' : '' ) . "SELECT '" . $word[$i] . "', 0"; - break; - default: - $sql = "INSERT INTO " . KB_WORD_TABLE . " (word_text, word_common) - VALUES ('" . $word[$i] . "', 0)"; - if ( !$db->sql_query( $sql ) ) - { - message_die( GENERAL_ERROR, 'Could not insert new word', '', __LINE__, __FILE__, $sql ); - } - break; - } - } - } - - if ( $value_sql != '' ) - { - switch ( SQL_LAYER ) - { - case 'mysql': - case 'mysql4': - $sql = "INSERT IGNORE INTO " . KB_WORD_TABLE . " (word_text, word_common) - VALUES $value_sql"; - break; - case 'mssql': - $sql = "INSERT INTO " . KB_WORD_TABLE . " (word_text, word_common) - $value_sql"; - break; - } - - if ( !$db->sql_query( $sql ) ) - { - message_die( GENERAL_ERROR, 'Could not insert new word', '', __LINE__, __FILE__, $sql ); - } - } - } - - while ( list( $word_in, $match_sql ) = @each( $word_insert_sql ) ) - { - $title_match = ( $word_in == 'title' ) ? 1 : 0; - - if ( $match_sql != '' ) - { - $sql = "INSERT INTO " . KB_MATCH_TABLE . " (article_id, word_id, title_match) - SELECT $post_id, word_id, $title_match - FROM " . KB_WORD_TABLE . " - WHERE word_text IN ($match_sql)"; - if ( !$db->sql_query( $sql ) ) - { - message_die( GENERAL_ERROR, 'Could not insert new word matches', '', __LINE__, __FILE__, $sql ); - } - } - } - - if ( $mode == 'single' ) - { - remove_common( 'single', 4 / 10, $word ); - } - - return; - } // MX add-on // Generate paths for page and standalone mode --- 1283,1293 ---- message_die( GENERAL_ERROR, 'Error in posting', '', __LINE__, __FILE__, $sql ); } + + // End kb addon coe ---------------------------------------------------------- + // if all is well then return the id of our new post return array( 'post_id' => $post_id, 'topic_id' => $topic_id ); } // MX add-on // Generate paths for page and standalone mode *************** *** 1595,1598 **** --- 1675,1785 ---- return $template; } + + function kb_get_data($row, $userdata, $kb_post_mode = '') + { + global $db; + + $kb_author_data = get_kb_author( $kb_comment['article_author_id'], true ); + + $sql = "SELECT * FROM " . KB_CATEGORIES_TABLE . " WHERE category_id = '" . $row['article_category_id'] . "'"; + if ( !( $results = $db->sql_query( $sql ) ) ) + { + mx_message_die( GENERAL_ERROR, "Could not get comments_forum_id", '', __LINE__, __FILE__, $sql ); + } + $cat_row = $db->sql_fetchrow( $results ); + + // Article data + $kb_comment['article_id'] = $row['article_id']; + $kb_comment['article_title'] = $row['article_title']; + $kb_comment['article_desc'] = $row['article_description']; + + $kb_comment['article_category_id'] = $row['article_category_id']; + $kb_comment['category_name'] = $cat_row['category_name']; + $kb_comment['category_forum_id'] = $cat_row['comments_forum_id']; + $kb_comment['topic_id'] = $kb_post_mode == 'edit' ? $row['topic_id'] : ''; + + $kb_comment['article_type_id'] = $row['article_type']; + $kb_comment['article_type'] = get_kb_type( $kb_comment['article_type_id'] ); + + // Article author + $kb_comment['article_author_id'] = $row['article_author_id']; + $kb_comment['article_author'] = $kb_author_data['username']; + $kb_comment['article_author_sig'] = $kb_author_data['user_attachsig']; + + // Article editor + $kb_comment['article_editor_id'] = $userdata['user_id']; + $kb_comment['article_editor'] = $userdata['username']; + $kb_comment['article_editor_sig'] = $userdata['user_attachsig']; + + return $kb_comment; + } + + // Compose phpbb comment header + function kb_compose_comment( $kb_comment ) + { + global $lang, $kb_comment, $phpEx; + + $search = array ( "'&(quot|#34);'i", // Replace HTML entities + "'&(amp|#38);'i", + "'&(lt|#60);'i", + "'&(gt|#62);'i" + ); + + $replace = array ( "\"", + "&", + "<", + ">" + ); + + // Compose phpBB post header + $temp_url = PORTAL_URL . "modules/mx_kb/kb.$phpEx?mode=" . "article&k=" . $kb_comment['article_id']; + + $message = "[b]" . $lang['Article_title'] . ":[/b] " . preg_replace( $search, $replace, $kb_comment['article_title'] ) . "\n"; + $message .= "[b]" . $lang['Author'] . ":[/b] " . $kb_comment['article_author'] . "\n"; + $message .= "[b]" . $lang['Article_description'] . ":[/b] " . preg_replace( $search, $replace, $kb_comment['article_desc'] ) . "\n\n"; + + $message .= "[b]" . $lang['Category'] . ":[/b] " . $kb_comment['category_name'] . "\n"; + $message .= "[b]" . $lang['Article_type'] . ":[/b] " . $kb_comment['article_type'] . "\n\n"; + + $message .= "[b][url=" . $temp_url . "]" . $lang['Read_full_article'] . "[/url][/b]"; + + $message_update_text = "[i]" . $lang['Edited_Article_info'] . $kb_comment['article_editor'] . "[/i]" . "\n\n"; + + return array( 'message' => $message, 'update_message' => $message_update_text ); + } + + function article_formatting( $article ) + { + // Prepare ingress/preword + $search = array (); + $replace = array (); + + $search = array ( "'\[title*?[^\[\]]*?\]'si", + "'\[\/title*?[^\[\]]*?\]'si", + "'\[subtitle*?[^\[\]]*?\]'si", + "'\[\/subtitle*?[^\[\]]*?\]'si", + "'\[subsubtitle*?[^\[\]]*?\]'si", + "'\[\/subsubtitle*?[^\[\]]*?\]'si", + "'\[quote*?[^\[\]]*?\]'si", + "'\[\/quote*?[^\[\]]*?\]'si", + "'\[abstract*?[^\[\]]*?\]'si", + "'\[\/abstract*?[^\[\]]*?\]'si" ); + + $replace = array ( "<span class=\"cattitle\">", + "</span>", + "<span class=\"topictitle\">", + "</span>", + "<span class=\"gensmall\"><b>", + "</b></span>", + "<div align=\"center\"><span class=\"gensmall\"><i>''", + "''</i></span></div>", + "<table cellpadding=\"20\" style=\"margin-bottom: -20px;\"><tr><td><span class=\"postbody\" style=\"font-weight: bold; font-size: 9pt;\">", + "</span></td></td></tr></table>" ); + + $article = preg_replace( $search, $replace, $article ); + + return $article; + } + // Functions for newssuite operation mode Index: kb_article.php =================================================================== RCS file: /cvsroot/mxbb/mx_kb/includes/kb_article.php,v retrieving revision 1.13 retrieving revision 1.14 diff -C2 -d -r1.13 -r1.14 *** kb_article.php 1 Feb 2005 20:45:37 -0000 1.13 --- kb_article.php 26 Mar 2005 22:52:36 -0000 1.14 *************** *** 31,34 **** --- 31,35 ---- FROM " . KB_ARTICLES_TABLE . " WHERE article_id = $article_id"; + if ( !( $result = $db->sql_query( $sql ) ) ) { *************** *** 36,42 **** } ! if ( $row = $db->sql_fetchrow( $result ) ) { $article_title = stripslashes( $row['article_title'] ); $approved = $row['approved']; --- 37,54 ---- } ! $row = $db->sql_fetchrow( $result ); ! ! if ( count($row) > 0 ) { $article_title = stripslashes( $row['article_title'] ); + + // + // Define censored word matches + // + + $orig_word = array(); + $replacement_word = array(); + obtain_word_list($orig_word, $replacement_word); + $approved = $row['approved']; *************** *** 47,51 **** $kb_is_auth = array(); $kb_is_auth = kb_auth(AUTH_ALL, $article_category_id, $userdata); - // End of auth check --- 59,62 ---- *************** *** 53,56 **** --- 64,68 ---- // User authorisation levels output // + $kb_auth_can = ( ( $kb_is_auth['auth_post'] ) ? $lang['KB_Rules_post_can'] : $lang['KB_Rules_post_cannot'] ) . '<br />'; $kb_auth_can .= ( ( $kb_is_auth['auth_edit'] ) ? $lang['KB_Rules_edit_can'] : $lang['KB_Rules_edit_cannot'] ) . '<br />'; *************** *** 63,67 **** if ( $kb_is_auth['auth_mod'] ) { - //$kb_auth_can .= sprintf($lang['KB_Rules_moderate'], "<a href=\"modcp.$phpEx?" . POST_FORUM_URL . "=$forum_id&start=" . $start . "&sid=" . $userdata['session_id'] . '">', '</a>'); $kb_auth_can .= $lang['KB_Rules_moderate_can'] . '<br />'; } --- 75,78 ---- *************** *** 74,78 **** --- 85,91 ---- $date = create_date( $board_config['default_dateformat'], $row['article_date'], $board_config['board_timezone'] ); + // author information + $author_id = $row['article_author_id']; *************** *** 84,88 **** { $author_name = get_kb_author( $author_id ); - $temp_url = append_sid( $phpbb_root_path . "profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$author_id" ); $author_kb_art = '<a href="' . $temp_url . '" class="gensmall">' . $author_name . '</a>'; --- 97,100 ---- *************** *** 94,121 **** $kb_art_description = stripslashes( $row['article_description'] ); ! // Prepare ingress/preword ! $search = array (); ! $replace = array (); ! $search = array ( "'\[title*?[^\[\]]*?\]'si", ! "'\[\/title*?[^\[\]]*?\]'si", ! "'\[subtitle*?[^\[\]]*?\]'si", ! "'\[\/subtitle*?[^\[\]]*?\]'si", ! "'\[subsubtitle*?[^\[\]]*?\]'si", ! "'\[\/subsubtitle*?[^\[\]]*?\]'si", ! "'\[quote*?[^\[\]]*?\]'si", ! "'\[\/quote*?[^\[\]]*?\]'si", ! "'\[abstract*?[^\[\]]*?\]'si", ! "'\[\/abstract*?[^\[\]]*?\]'si" ); ! $replace = array ( "<span class=\"cattitle\">", ! "</span>", ! "<span class=\"topictitle\">", ! "</span>", ! "<span class=\"gensmall\"><b>", ! "</b></span>", ! "<div align=\"center\"><span class=\"gensmall\"><i>''", ! "''</i></span></div>", ! "<table cellpadding=\"20\" style=\"margin-bottom: -20px;\"><tr><td><span class=\"postbody\" style=\"font-weight: bold; font-size: 9pt;\">", ! "</span></td></td></tr></table>" ); ! $article = preg_replace( $search, $replace, $article ); $type_id = $row['article_type']; --- 106,110 ---- $kb_art_description = stripslashes( $row['article_description'] ); ! $article = article_formatting( $article ); $type_id = $row['article_type']; *************** *** 153,177 **** } // Was a highlight request part of the URI? $highlight_match = $highlight = ''; ! if ( isset( $HTTP_GET_VARS['highlight'] ) ) ! { // Split words and phrases ! $words = explode( ' ', trim( htmlspecialchars( $HTTP_GET_VARS['highlight'] ) ) ); ! for( $i = 0; $i < sizeof( $words ); $i++ ) { ! if ( trim( $words[$i] ) != '' ) { ! $highlight_match .= ( ( $highlight_match != '' ) ? '|' : '' ) . str_replace( '*', '\w*', phpbb_preg_quote( $words[$i], '#' ) ); } } ! unset( $words ); ! $highlight = urlencode( $HTTP_GET_VARS['highlight'] ); } ! if ( !$board_config['allow_html'] ) { $article = preg_replace( '#(<)([\/]?.*?)(>)#is', "<\\2>", $article ); --- 142,170 ---- } + // // Was a highlight request part of the URI? + // $highlight_match = $highlight = ''; ! if (isset($HTTP_GET_VARS['highlight'])) ! { // Split words and phrases ! ! $words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight']))); ! for($i = 0; $i < sizeof($words); $i++) { ! if (trim($words[$i]) != '') { ! $highlight_match .= (($highlight_match != '') ? '|' : '') . str_replace('*', '\w*', phpbb_preg_quote($words[$i], '#')); } } ! unset($words); ! $highlight = urlencode($HTTP_GET_VARS['highlight']); ! $highlight_match = phpbb_rtrim($highlight_match, "\\"); } ! if ( !$html_on ) { $article = preg_replace( '#(<)([\/]?.*?)(>)#is', "<\\2>", $article ); *************** *** 182,190 **** $bbcode_uid = $row['bbcode_uid']; ! if ( $board_config['allow_bbcode'] ) { if ( $bbcode_uid != '' ) { ! $article = ( $board_config['allow_bbcode'] ) ? bbencode_second_pass( $article, $bbcode_uid ) : preg_replace( '/\:[0-9a-z\:]+\]/si', ']', $article ); } } --- 175,183 ---- $bbcode_uid = $row['bbcode_uid']; ! if ( $bbcode_on ) { if ( $bbcode_uid != '' ) { ! $article = ( $bbcode_on ) ? bbencode_second_pass( $article, $bbcode_uid ) : preg_replace( '/\:[0-9a-z\:]+\]/si', ']', $article ); } } *************** *** 194,209 **** // Parse smilies ! if ( $board_config['allow_smilies'] ) { $article = mx_smilies_pass( $article ); } // Highlight active words (primarily for search) ! if ( $highlight_match ) ! { // This was shamelessly 'borrowed' from volker at multiartstudio dot de // via php.net's annotated manual ! $message = str_replace( '\"', '"', substr( preg_replace( '#(\>(((?>([^><]+|(?R)))*)\<))#se', "preg_replace('#\b(" . $highlight_match . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $article . '<' ), 1, -1 ) ); } --- 187,204 ---- // Parse smilies ! if ( $smilies_on ) { $article = mx_smilies_pass( $article ); } + // // Highlight active words (primarily for search) + // ! if ($highlight_match) ! { // This was shamelessly 'borrowed' from volker at multiartstudio dot de // via php.net's annotated manual ! $article = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . $highlight_match . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $article . '<'), 1, -1)); } *************** *** 232,235 **** --- 227,231 ---- $page_title = $article_title; + if ( !$is_block && !$print_version ) { *************** *** 238,244 **** // fixup (truncates) urls, images and words for a narrow column layout ! $kb_art_description = kb_decode_truncate_fixup( $kb_art_description ); ! $article = kb_decode_truncate_fixup( $article ); // load header if ( !$print_version && !$reader_mode ) { --- 234,245 ---- // fixup (truncates) urls, images and words for a narrow column layout ! if ( $kb_config['formatting_fixup'] ) ! { ! $kb_art_description = kb_decode_truncate_fixup( $kb_art_description ); ! $article = kb_decode_truncate_fixup( $article ); ! } ! // load header + if ( !$print_version && !$reader_mode ) { *************** *** 247,250 **** --- 248,252 ---- // edit + if ( ( $userdata['user_id'] == $author_id && $kb_is_auth['auth_edit'] ) || $kb_is_auth['auth_mod'] ) { *************** *** 265,281 **** if ( $reader_mode ) { ! $template->set_filenames( array( 'body' => 'kb_article_reader.tpl' ) ! ); } else { ! $template->set_filenames( array( 'body' => 'kb_article_body.tpl' ) ! ); } } else { ! $template->set_filenames( array( 'body' => 'kb_article_body_print.tpl' ) ! ); } --- 267,280 ---- if ( $reader_mode ) { ! $template->set_filenames( array( 'body' => 'kb_article_reader.tpl' ) ); } else { ! $template->set_filenames( array( 'body' => 'kb_article_body.tpl' ) ); } } else { ! $template->set_filenames( array( 'body' => 'kb_article_body_print.tpl' ) ); } *************** *** 287,349 **** else { ! // fix for 0.76 if ( !$topic_id && $approved && $kb_config['use_comments']) { ! // choose a user ! $user_id = $userdata['user_id']; ! // initialise the userdata ! $sql = "SELECT * FROM " . USERS_TABLE . " WHERE user_id = $user_id"; ! if ( !( $result = $db->sql_query( $sql ) ) ) ! { ! mx_message_die( CRITICAL_ERROR, 'Could not obtain lastvisit data from user table', '', __LINE__, __FILE__, $sql ); ! } ! $user = $db->sql_fetchrow( $result ); ! ! $search = array ( "'&(quot|#34);'i", // Replace HTML entities ! "'&(amp|#38);'i", ! "'&(lt|#60);'i", ! "'&(gt|#62);'i" ! ); ! $replace = array ( "\"", ! "&", ! "<", ! ">" ! ); ! $sql = "SELECT comments_forum_id FROM " . KB_CATEGORIES_TABLE . " WHERE category_id = '" . $article_category_id . "'"; ! if ( !( $results = $db->sql_query( $sql ) ) ) ! { ! mx_message_die( GENERAL_ERROR, "Could not get comments_forum_id", '', __LINE__, __FILE__, $sql ); ! } ! $cat_row = $db->sql_fetchrow( $results ); ! $forum_id = $cat_row['comments_forum_id']; ! $temp_url = PORTAL_URL . ( $is_block ? "index.$phpEx?page=$page_id&mode=" : "modules/mx_kb/kb.$phpEx?mode=" ) . "article&k=" . $article_id; ! $message = "[b]" . $lang['Category'] . ":[/b] " . $article_category_name . "\n"; ! $message .= "[b]" . $lang['Article_type'] . ":[/b] " . $type . "\n\n"; ! $message .= "[b]" . $lang['Article_title'] . ":[/b] " . preg_replace( $search, $replace, $row['article_title'] ) . "\n"; ! $message .= "[b]" . $lang['Author'] . ":[/b] " . $author_kb_art . "\n"; ! $message .= "[b]" . $lang['Article_description'] . ":[/b] " . preg_replace( $search, $replace, $row['article_description'] ) . "\n\n"; ! $message .= "[b][url=" . $temp_url . "]" . $lang['Read_full_article'] . "[/url][/b]"; ! ! $subject = '[ KB ] ' . $row['article_title']; ! ! $subject = str_replace( "'", "\'" , $subject ); ! $message = str_replace( "'", "\'" , $message ); ! ! $forum_id = $kb_config['forum_id']; ! ! $topic_data = insert_post( $message, $subject, $forum_id, $user['user_id'], $user['username'], $user['user_attachsig'] ); $sql = "UPDATE " . KB_ARTICLES_TABLE . " SET topic_id = " . $topic_data['topic_id'] . " ! WHERE article_id = " . $article_id; ! if ( !( $result876 = $db->sql_query( $sql ) ) ) { mx_message_die( GENERAL_ERROR, "Could not update article data", '', __LINE__, __FILE__, $sql ); } $topic_id = $topic_data['topic_id']; } if ( $kb_is_auth['auth_comment'] && $kb_config['use_comments'] ) { --- 286,318 ---- else { ! // If no phpbb topic id is created, create on ;) if ( !$topic_id && $approved && $kb_config['use_comments']) { ! $kb_comment = array(); ! ! // Populate the kb_comment variable ! $kb_comment = kb_get_data($row, $userdata); ! // Compose post header ! $subject = $lang['KB_comment_prefix'] . $kb_comment['article_title']; ! $message_temp = kb_compose_comment( $kb_comment ); ! $kb_message = $message_temp['message']; ! $kb_update_message = $message_temp['update_message']; ! // Post ! $topic_data = kb_insert_post( $kb_message, $subject, $kb_comment['category_forum_id'], $kb_comment['article_author_id'], $userdata['article_author'], $userdata['article_author_sig'], $kb_comment['topic_id'], $kb_update_message ); $sql = "UPDATE " . KB_ARTICLES_TABLE . " SET topic_id = " . $topic_data['topic_id'] . " ! WHERE article_id = " . $kb_comment['article_id']; ! if ( !( $result = $db->sql_query( $sql ) ) ) { mx_message_die( GENERAL_ERROR, "Could not update article data", '', __LINE__, __FILE__, $sql ); } + $topic_id = $topic_data['topic_id']; } + if ( $kb_is_auth['auth_comment'] && $kb_config['use_comments'] ) { *************** *** 360,365 **** $comments_img = '<a href="' . $temp_url . '" class="gensmall"> [' . $topic['topic_replies'] . ' - ' . $lang['Post_comments'] . ']</a>'; ! $template->assign_block_vars( 'switch_comments', array( ! ) ); } else --- 329,333 ---- $comments_img = '<a href="' . $temp_url . '" class="gensmall"> [' . $topic['topic_replies'] . ' - ' . $lang['Post_comments'] . ']</a>'; ! $template->assign_block_vars( 'switch_comments', array() ); } else *************** *** 385,390 **** $pagination = generate_pagination( this_kb_mxurl( "mode=article&k=$article_id" . $page_numm ), $topic['topic_replies'], $kb_config['comments_pagination'], $start ) . ' '; get_kb_comments( $topic_id, $start, $show_num_comments ); - // $template->assign_block_vars('switch_comments_show', array()); } // rate if ( $kb_is_auth['auth_rate'] && $kb_config['use_ratings']) --- 353,358 ---- $pagination = generate_pagination( this_kb_mxurl( "mode=article&k=$article_id" . $page_numm ), $topic['topic_replies'], $kb_config['comments_pagination'], $start ) . ' '; get_kb_comments( $topic_id, $start, $show_num_comments ); } + // rate if ( $kb_is_auth['auth_rate'] && $kb_config['use_ratings']) *************** *** 393,396 **** --- 361,365 ---- $rate_img = '<a href="' . $temp_url . '" class="gensmall">' . $lang['ADD_RATING'] . '</a>'; $rate = '<a href="' . $temp_url . '" class="gensmall">' . $lang['ADD_RATING'] . '</a>'; + $template->assign_block_vars( 'switch_ratings', array() ); } *************** *** 403,406 **** --- 372,376 ---- $path_kb = ' '; $path_kb_array = array(); + get_kb_nav( $article_category_id ); *************** *** 410,414 **** 'PAGE_NUMBER' => sprintf( $lang['Page_of'], ( floor( $start / $kb_config['comments_pagination'] ) + 1 ), ceil( $topic['topic_replies'] / $kb_config['comments_pagination'] ) ), 'L_GOTO_PAGE' => $lang['Goto_page'], ! 'L_ARTICLE_DESCRIPTION' => $lang['Article_description'], 'L_ARTICLE_DATE' => $lang['Date'], --- 380,384 ---- 'PAGE_NUMBER' => sprintf( $lang['Page_of'], ( floor( $start / $kb_config['comments_pagination'] ) + 1 ), ceil( $topic['topic_replies'] / $kb_config['comments_pagination'] ) ), 'L_GOTO_PAGE' => $lang['Goto_page'], ! 'L_ARTICLE_DESCRIPTION' => $lang['Article_description'], 'L_ARTICLE_DATE' => $lang['Date'], *************** *** 437,448 **** 'RATE_IMG' => $rate_img, 'RATE' => $rate, 'PATH' => $path_kb, ! ! 'S_AUTH_LIST' => $kb_auth_can, ! 'COMMENTS' => $comments, ! 'COMMENTS_IMG' => $comments_img ) ! ); // article pages table of contents --- 407,417 ---- 'RATE_IMG' => $rate_img, 'RATE' => $rate, + 'COMMENTS' => $comments, + 'COMMENTS_IMG' => $comments_img, 'PATH' => $path_kb, ! 'S_AUTH_LIST' => $kb_auth_can ! ) ); // article pages table of contents *************** *** 453,456 **** --- 422,426 ---- $i = 0; + while ( $i < count( $art_pages ) ) { *************** *** 459,465 **** $art_split = explode( '[toc]', $art_pages[$i] ); $article_toc = $art_split[0]; ! // $article_body = $art_split[1]; // Fix up the toc title ! if ( !$board_config['allow_html'] ) { $article_toc = preg_replace( '#(<)([\/]?.*?)(>)#is', "<\\2>", $article_toc ); --- 429,436 ---- $art_split = explode( '[toc]', $art_pages[$i] ); $article_toc = $art_split[0]; ! // Fix up the toc title ! ! if ( !$html_on ) { $article_toc = preg_replace( '#(<)([\/]?.*?)(>)#is', "<\\2>", $article_toc ); *************** *** 468,480 **** // Parse message - // $bbcode_uid = $row['bbcode_uid']; - // $article_toc = preg_replace('/\:[0-9a-z\:]+\]/si', ']', $article_toc); $article_toc = preg_replace( "/\[(\S+)\]/e", "", $article_toc ); - // $txt = preg_replace("/<a href=\"(.*)\">(.*)<\/a>/i", "\\2 (\\1)", $txt); $article_toc = make_clickable( $article_toc ); // Parse smilies ! if ( $board_config['allow_smilies'] ) { $article_toc = mx_smilies_pass( $article_toc ); --- 439,448 ---- // Parse message $article_toc = preg_replace( "/\[(\S+)\]/e", "", $article_toc ); $article_toc = make_clickable( $article_toc ); // Parse smilies ! if ( $smilies_on ) { $article_toc = mx_smilies_pass( $article_toc ); *************** *** 487,493 **** --- 455,463 ---- $article_toc = str_replace( '\"', '"', substr( preg_replace( '#(\>(((?>([^><]+|(?R)))*)\<))#se', "preg_replace(\$orig_word, \$replacement_word, '\\0')", '>' . $article_toc . '<' ), 1, -1 ) ); } + // Replace newlines (we use this rather than nl2br because // till recently it wasn't XHTML compliant) // $article_toc = str_replace("\n", "\n<br />\n", $article_toc); + $page_toc = $art_pages[$i]; *************** *** 524,534 **** $page_link .= '<br />'; } ! $template->assign_block_vars( 'switch_toc.pages', array( 'TOC_ITEM' => $page_link ) ! ); $i++; } } ! // article pages if ( count( $art_pages ) > 1 ) --- 494,505 ---- $page_link .= '<br />'; } ! ! $template->assign_block_vars( 'switch_toc.pages', array( 'TOC_ITEM' => $page_link ) ); ! $i++; } } ! // article pages TOC navigation if ( count( $art_pages ) > 1 ) *************** *** 546,552 **** --- 517,525 ---- $i = 0; + while ( $i < count( $art_pages ) ) { $page_number = $i + 1; + if ( $page_num != $i ) { *************** *** 570,575 **** $page_link .= ', '; } ! $template->assign_block_vars( 'switch_pages.pages', array( 'PAGE_LINK' => $page_link ) ! ); $i++; } --- 543,549 ---- $page_link .= ', '; } ! ! $template->assign_block_vars( 'switch_pages.pages', array( 'PAGE_LINK' => $page_link ) ); ! $i++; } --- NEW FILE: kb_post.php --- <?php /** ------------------------------------------------------------------------ * subject : mx-portal, CMS & portal * begin : june, 2002 * copyright : (C) 2002-2005 MX-System * email : jon...@ho... * project site : www.mx-system.com * * description : * ------------------------------------------------------------------------- * * $Id: kb_post.php,v 1.1 2005/03/26 22:52:36 jonohlsson Exp $ */ /** * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. */ if ( !defined( 'IN_PORTAL' ) ) { die( "Hacking attempt" ); } $category_id = ( isset( $HTTP_GET_VARS['cat'] ) ) ? intval ( $HTTP_GET_VARS['cat'] ) : intval ( $HTTP_POST_VARS['cat'] ); $article_id = ( isset( $HTTP_GET_VARS['k'] ) ) ? intval ( $HTTP_GET_VARS['k'] ) : intval ( $HTTP_POST_VARS['k'] ); if ( empty( $category_id ) ) { // Get old data first $sql = "SELECT article_category_id FROM " . KB_ARTICLES_TABLE . " WHERE article_id = $article_id"; if ( !( $result = $db->sql_query( $sql ) ) ) { mx_message_die( GENERAL_ERROR, "Could not obtain article data", '', __LINE__, __FILE__, $sql ); } $row = $db->sql_fetchrow( $result ); $category_id = $row['article_category_id']; } $kb_post_mode = empty( $article_id ) ? 'add' : 'edit'; // Parameters $submit = ( isset( $HTTP_POST_VARS['article_submit'] ) ) ? true : false; $cancel = ( isset( $HTTP_POST_VARS['cancel'] ) ) ? true : false; $preview = ( isset( $HTTP_POST_VARS['preview'] ) ) ? true : false; $kb_wysiwyg = false; if ( $kb_config['wysiwyg'] ) // Html Textblock { // This switch is for enabling the wysiwyg html editor addon "tiny mce". to disable this feature either remove this section or delete the modules/tinymce folder if ( file_exists( $mx_root_path . 'modules/tinymce/jscripts/tiny_mce/blank.htm' ) ) { $template->assign_block_vars( "tinyMCE", array() ); $bbcode_on = false; $html_on = true; $smilies_on = false; $html_entities_match = array( ); $html_entities_replace = array( ); $kb_wysiwyg = true; } } if ( !$kb_wysiwyg ) { $bbcode_on = $kb_config['allow_bbcode'] ? true : false; $html_on = $kb_config['allow_html'] ? true : false; $smilies_on = $kb_config['allow_smilies'] ? true : false; $board_config['allow_html_tags'] = $kb_config['allowed_html_tags']; $template->assign_block_vars( 'formatting', array() ); } // Start auth check // $kb_is_auth = array(); $kb_is_auth = kb_auth(AUTH_ALL, $category_id, $userdata); // End of auth check // $page_title = $kb_post_mode == 'add' ? $lang['Add_article'] : $lang['Edit_article']; // post article ----------------------------------------------------------------------------ADD/EDIT if ( $submit ) { if ( empty( $HTTP_POST_VARS['article_name'] ) || empty( $HTTP_POST_VARS['article_desc'] ) || empty( $HTTP_POST_VARS['message'] ) ) { $message = $lang['Empty_fields'] . '<br /><br />' . sprintf( $lang['Empty_fields_return'], '<a href="' . append_sid( this_kb_mxurl( 'mode=add' ) ) . '">', '</a>' ); mx_message_die( GENERAL_MESSAGE, $message ); } $article_title = ( !empty( $HTTP_POST_VARS['article_name'] ) ) ? htmlspecialchars( trim ( $HTTP_POST_VARS['article_name'] ) ) : ''; $article_description = ( !empty( $HTTP_POST_VARS['article_desc'] ) ) ? htmlspecialchars( trim ( $HTTP_POST_VARS['article_desc'] ) ) : ''; $article_text = ( !empty( $HTTP_POST_VARS['message'] ) ) ? $HTTP_POST_VARS['message'] : ''; $bbcode_uid = ( !empty( $HTTP_POST_VARS['bbcode_uid'] ) ) ? $HTTP_POST_VARS['bbcode_uid'] : ''; $date = time(); $author_id = intval ( $userdata['user_id'] ); $type_id = intval ( $HTTP_POST_VARS['type_id'] ); $username = phpbb_clean_username( $HTTP_POST_VARS['username'] ); // Check message if ( !empty( $article_text ) ) { if ( empty( $bbcode_uid ) ) { $bbcode_uid = ( $bbcode_on ) ? make_bbcode_uid() : ''; } $article_text = prepare_message( trim( $article_text ), $html_on, $bbcode_on, $smilies_on, $bbcode_uid ); } switch ( $kb_post_mode ) { case 'edit': // UPDATE Article ------------------------------------------- if ( !($kb_is_auth['auth_edit'] || $kb_is_auth['auth_mod']) ) { $message = $lang['No_edit'] . '<br /><br />' . sprintf( $lang['Click_return_kb'], '<a href="' . append_sid( this_kb_mxurl() ) . '">', '</a>' ) . '<br /><br />' . sprintf( $lang['Click_return_index'], '<a href="' . append_sid( $mx_root_path . "index.$phpEx" ) . '">', '</a>' ); mx_message_die( GENERAL_MESSAGE, $message ); } // Get old data first $sql = "SELECT article_category_id, approved, topic_id FROM " . KB_ARTICLES_TABLE . " WHERE article_id = $article_id"; if ( !( $result = $db->sql_query( $sql ) ) ) { mx_message_die( GENERAL_ERROR, "Could not obtain article data", '', __LINE__, __FILE__, $sql ); } $row = $db->sql_fetchrow( $result ); $old_approve = $row['approved']; $old_topic_id = $row['topic_id']; $old_category_id = $row['article_category_id']; $error_msg = ''; // If changed category if ( $old_category_id != $category_id ) { update_kb_number( $old_category_id, '- 1' ); if ( $kb_is_auth['auth_mod'] || ( $kb_is_auth['auth_approval_edit'] && $userdata['user_id'] == $author_id ) ) { update_kb_number( $category, '+ 1' ); } } // If unapproved if ( $kb_is_auth['auth_mod'] || ( $kb_is_auth['auth_approval_edit'] && $userdata['user_id'] == $author_id ) ) { $approve = 1; if ( $old_approve != 1 ) { update_kb_number( $category_id, '+ 1' ); } } else { $approve = 2; if ( $old_approve == 1 && $old_category_id == $category_id ) { update_kb_number( $category_id, '- 1' ); } } $sql = "UPDATE " . KB_ARTICLES_TABLE . " SET article_category_id = '$category_id', article_title = '$article_title', article_description = '$article_description', article_date = '$date', article_author_id = '$author_id', article_body = '$article_text', article_type = '$type_id', approved = '$approve', bbcode_uid = '$bbcode_uid' WHERE article_id = '$article_id'"; if ( !( $edit_article = $db->sql_query( $sql ) ) ) { mx_message_die( GENERAL_ERROR, "Could not edit article", '', __LINE__, __FILE__, $sql ); } mx_remove_search_words( $article_id, 'kb' ); break; case 'add': // ADD NEW --------------------------------------------------------------------------------- if ( !($kb_is_auth['auth_post'] || $kb_is_auth['auth_mod']) ) { $message = $lang['No_add'] . '<br /><br />' . sprintf( $lang['Click_return_kb'], '<a href="' . append_sid( this_kb_mxurl() ) . '">', '</a>' ) . '<br /><br />' . sprintf( $lang['Click_return_index'], '<a href="' . append_sid( $mx_root_path . "index.$phpEx" ) . '">', '</a>' ); mx_message_die( GENERAL_MESSAGE, $message ); } if ( $kb_is_auth['auth_approval'] || $kb_is_auth['auth_mod'] ) { $approve = 1; update_kb_number( $category_id, '+ 1' ); } else { $approve = 0; } $sql = "INSERT INTO " . KB_ARTICLES_TABLE . " ( article_category_id , article_title , article_description , article_date , article_author_id , username , bbcode_uid , article_body , article_type , approved, views ) VALUES ( '$category_id', '$article_title', '$article_description', '$date', '$author_id', '$username', '$bbcode_uid', '$article_text', '$type_id', '$approve', '0')"; if ( !( $results = $db->sql_query( $sql ) ) ) { mx_message_die( GENERAL_ERROR, "Could not submit aritcle", '', __LINE__, __FILE__, $sql ); } break; } if ( !$approve || $approve == 0 ) { email_kb_admin( $kb_config['notify'] ); } // Insert phpBB post if using kb commenting if ( $approve == 1 && $kb_config['use_comments'] && $kb_is_auth['auth_comment']) { $kb_comment = array(); // Populate the kb_comment variable $kb_comment = kb_get_data($row, $userdata, $kb_post_mode); // Compose post header $subject = $lang['KB_comment_prefix'] . $kb_comment['article_title']; $message_temp = kb_compose_comment( $kb_comment ); $kb_message = $message_temp['message']; $kb_update_message = $message_temp['update_message']; // Post $topic_data = kb_insert_post( $kb_message, $subject, $kb_comment['category_forum_id'], $kb_comment['article_author_id'], $userdata['article_author'], $userdata['article_author_sig'], $kb_comment['topic_id'], $kb_update_message ); $sql = "UPDATE " . KB_ARTICLES_TABLE . " SET topic_id = " . $topic_data['topic_id'] . " WHERE article_id = " . $kb_comment['article_id']; if ( !( $result = $db->sql_query( $sql ) ) ) { mx_message_die( GENERAL_ERROR, "Could not update article data", '', __LINE__, __FILE__, $sql ); } } if ( $approve == 1 ) { mx_add_search_words( 'single', $article_id, stripslashes( $article_text ), stripslashes( $article_title ), 'kb' ); $message = $lang['Article_submitted'] . '<br /><br />' . sprintf( $lang['Click_return_kb'], '<a href="' . append_sid( this_kb_mxurl() ) . '">', '</a>' ) . '<br /><br />' . sprintf( $lang['Click_return_index'], '<a href="' . append_sid( $mx_root_path . "index.$phpEx" ) . '">', '</a>' ); } else { $message = $lang['Article_submitted_Approve'] . '<br /><br />' . sprintf( $lang['Click_return_kb'], '<a href="' . append_sid( this_kb_mxurl() ) . '">', '</a>' ) . '<br /><br />' . sprintf( $lang['Click_return_index'], '<a href="' . append_sid( $mx_root_path . "index.$phpEx" ) . '">', '</a>' ); } mx_message_die( GENERAL_MESSAGE, $message ); } // BEGIN - PreText HIDE/SHOW if ( $kb_config['show_pretext'] ) { // Pull Header/Body info. $pt_header = $kb_config['pt_header']; $pt_body = $kb_config['pt_body']; $template->set_filenames( array( 'pretext' => 'kb_post_pretext.tpl' ) ); $template->assign_vars( array( 'PRETEXT_HEADER' => $pt_header, 'PRETEXT_BODY' => $pt_body ) ); $template->assign_var_from_handle( 'KB_PRETEXT_BOX', 'pretext' ); } // END - PreText HIDE/SHOW // ---------------------------------------------------------------------------------------------------------- MAIN FORM // ---------------------------------------------------------------------------------------------------------- // ---------------------------------------------------------------------------------------------------------- // Security if ( !$kb_is_auth['auth_mod'] ) { if ( $kb_post_mode == 'edit' && !$kb_is_auth['auth_edit'] ) { $message = $lang['No_edit'] . '<br /><br />' . sprintf( $lang['Click_return_kb'], '<a href="' . append_sid( this_kb_mxurl() ) . '">', '</a>' ) . '<br /><br />' . sprintf( $lang['Click_return_index'], '<a href="' . append_sid( $mx_root_path . "index.$phpEx" ) . '">', '</a>' ); mx_message_die( GENERAL_MESSAGE, $message ); } if ( $kb_post_mode == 'add' && ( !$kb_is_auth['auth_post'] || $kb_config['allow_new'] == 0 ) ) { $message = $lang['No_add'] . '<br /><br />' . sprintf( $lang['Click_return_kb'], '<a href="' . append_sid( this_kb_mxurl() ) . '">', '</a>' ) . '<br /><br />' . sprintf( $lang['Click_return_index'], '<a href="' . append_sid( $mx_root_path . "index.$phpEx" ) . '">', '</a>' ); mx_message_die( GENERAL_MESSAGE, $message ); } } // First (re)declare basic variables if ( $kb_post_mode == 'edit' ) { $sql = "SELECT * FROM " . KB_ARTICLES_TABLE . " WHERE article_id = '" . $article_id . "'"; if ( !( $result = $db->sql_query( $sql ) ) ) { mx_message_die( GENERAL_ERROR, "Could not obtain article data", '', __LINE__, __FILE__, $sql ); } $row = $db->sql_fetchrow( $result ); } $kb_title = ( isset( $HTTP_POST_VARS['article_name'] ) ) ? htmlspecialchars( trim( stripslashes( $HTTP_POST_VARS['article_name'] ) ) ) : $row['article_title']; $kb_desc = ( isset( $HTTP_POST_VARS['article_desc'] ) ) ? htmlspecialchars( trim( stripslashes( $HTTP_POST_VARS['article_desc'] ) ) ): $row['article_description']; $kb_text = ( isset( $HTTP_POST_VARS['message'] ) ) ? htmlspecialchars( trim( stripslashes( $HTTP_POST_VARS['message'] ) ) ) : $row['article_body']; $type_id = ( isset( $HTTP_POST_VARS['type_id'] ) ) ? htmlspecialchars( trim( stripslashes( $HTTP_POST_VARS['type_id'] ) ) ) : $row['article_type']; $bbcode_uid = ( isset( $HTTP_POST_VARS['bbcode_uid'] ) ) ? htmlspecialchars( trim( stripslashes( $HTTP_POST_VARS['bbcode_uid'] ) ) ) : $row['bbcode_uid']; if ( $preview ) { $preview_title = $kb_title; $preview_desc = $kb_desc; $preview_text = $kb_text; $orig_word = array(); $replacement_word = array(); obtain_word_list( $orig_word, $replacement_word ); $bbcode_uid = ( $bbcode_on ) ? make_bbcode_uid() : ''; $preview_text = stripslashes(prepare_message(addslashes(unprepare_message($preview_text)), $html_on, $bbcode_on, $smilies_on, $bbcode_uid)); if ( $bbcode_on ) { $preview_text = bbencode_second_pass( $preview_text, $bbcode_uid ); } if ( count( $orig_word ) ) { $preview_title = preg_replace( $orig_word, $replacement_word, $preview_title ); $preview_desc = preg_replace( $orig_word, $replacement_word, $preview_desc ); $preview_text = preg_replace( $orig_word, $replacement_word, $preview_text ); } if ( $smilies_on ) { $preview_text = mx_smilies_pass( $preview_text ); } $preview_text = make_clickable( $preview_text ); $preview_text = str_replace( "\n", '<br />', $preview_text ); $template->set_filenames( array( 'preview' => 'kb_post_preview.tpl' ) ); $template->assign_vars( array( 'L_PREVIEW' => $lang['Preview'], 'ARTICLE_TITLE' => $preview_title, 'ARTICLE_DESC' => $preview_desc, 'ARTICLE_BODY' => $preview_text, 'PREVIEW_MESSAGE' => $preview_text ) ); $template->assign_var_from_handle( 'KB_PREVIEW_BOX', 'preview' ); } // show article form - MAIN if ( $kb_post_mode == 'edit' ) { $s_hidden_vars = '<input type="hidden" name="k" value="' . $article_id . '"><input type="hidden" name="bbcode_uid" value="' . $bbcode_uid . '"><input type="hidden" name="author_id" value="' . $author_id . '">'; } else { $s_hidden_vars = '<input type="hidden" name="cat" value="' . $category_id . '">'; } // $bbcode_uid = $block_config[$block_id][$block_text_par]['bbcode_uid']; if ( $bbcode_uid != '' ) { $kb_text = preg_replace('/\:(([a-z0-9]:)?)' . $bbcode_uid . '/s', '', $kb_text); } $kb_text = str_replace('<', '<', $kb_text); $kb_text = str_replace('>... [truncated message content] |
