4 * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)
\r
5 * Copyright (C) 2002-2009 The Nucleus Group
\r
7 * This program is free software; you can redistribute it and/or
\r
8 * modify it under the terms of the GNU General Public License
\r
9 * as published by the Free Software Foundation; either version 2
\r
10 * of the License, or (at your option) any later version.
\r
11 * (see nucleus/documentation/index.html#license for more info)
\r
14 * @license http://nucleuscms.org/license.txt GNU General Public License
\r
15 * @copyright Copyright (C) 2002-2009 The Nucleus Group
\r
17 * $NucleusJP: globalfunctions.php,v 1.23.2.7 2008/02/05 08:30:08 kimitake Exp $
\r
20 // needed if we include globalfunctions from install.php
\r
21 global $nucleus, $CONF, $DIR_LIBS, $DIR_LANG, $manager, $member;
\r
23 $nucleus['version'] = 'v3.41RC';
\r
24 $nucleus['codename'] = '';
\r
26 checkVars(array('nucleus', 'CONF', 'DIR_LIBS', 'MYSQL_HOST', 'MYSQL_USER', 'MYSQL_PASSWORD', 'MYSQL_DATABASE', 'DIR_LANG', 'DIR_PLUGINS', 'HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_ENV_VARS', 'HTTP_SESSION_VARS', 'HTTP_POST_FILES', 'HTTP_SERVER_VARS', 'GLOBALS', 'argv', 'argc', '_GET', '_POST', '_COOKIE', '_ENV', '_SESSION', '_SERVER', '_FILES'));
\r
29 if ($CONF['debug']) {
\r
30 error_reporting(E_ALL); // report all errors!
\r
32 error_reporting(E_ERROR | E_WARNING | E_PARSE);
\r
36 Indicates when Nucleus should display startup errors. Set to 1 if you want
\r
37 the error enabled (default), false otherwise
\r
40 Displays an error when visiting a public Nucleus page and headers have
\r
41 been sent out to early. This usually indicates an error in either a
\r
42 configuration file or a language file, and could cause Nucleus to
\r
45 Displays an error only when visiting the admin area, and when one or
\r
46 more of the installation files (install.php, install.sql, upgrades/
\r
47 directory) are still on the server.
\r
50 $CONF['alertOnHeadersSent'] = 1;
\r
51 $CONF['alertOnSecurityRisk'] = 1;
\r
52 /*$CONF['ItemURL'] = $CONF['Self'];
\r
53 $CONF['ArchiveURL'] = $CONF['Self'];
\r
54 $CONF['ArchiveListURL'] = $CONF['Self'];
\r
55 $CONF['MemberURL'] = $CONF['Self'];
\r
56 $CONF['SearchURL'] = $CONF['Self'];
\r
57 $CONF['BlogURL'] = $CONF['Self'];
\r
58 $CONF['CategoryURL'] = $CONF['Self'];
\r
60 // switch URLMode back to normal when $CONF['Self'] ends in .php
\r
61 // this avoids urls like index.php/item/13/index.php/item/15
\r
62 if (!isset($CONF['URLMode']) || (($CONF['URLMode'] == 'pathinfo') && (substr($CONF['Self'], strlen($CONF['Self']) - 4) == '.php'))) {
\r
63 $CONF['URLMode'] = 'normal';
\r
66 if (getNucleusPatchLevel() > 0) {
\r
67 $nucleus['version'] .= '/' . getNucleusPatchLevel();
\r
71 if (!isset($CONF['installscript'])) {
\r
72 $CONF['installscript'] = 0;
\r
75 // we will use postVar, getVar, ... methods instead of HTTP_GET_VARS or _GET
\r
76 if ($CONF['installscript'] != 1) { // vars were already included in install.php
\r
77 if (phpversion() >= '4.1.0') {
\r
78 include_once($DIR_LIBS . 'vars4.1.0.php');
\r
80 include_once($DIR_LIBS . 'vars4.0.6.php');
\r
85 $bLoggingSanitizedResult=0;
\r
86 $bSanitizeAndContinue=0;
\r
88 $orgRequestURI = serverVar('REQUEST_URI');
\r
91 // get all variables that can come from the request and put them in the global scope
\r
92 $blogid = requestVar('blogid');
\r
93 $itemid = intRequestVar('itemid');
\r
94 $catid = intRequestVar('catid');
\r
95 $skinid = requestVar('skinid');
\r
96 $memberid = requestVar('memberid');
\r
97 $archivelist = requestVar('archivelist');
\r
98 $imagepopup = requestVar('imagepopup');
\r
99 $archive = requestVar('archive');
\r
100 $query = requestVar('query');
\r
101 $highlight = requestVar('highlight');
\r
102 $amount = requestVar('amount');
\r
103 $action = requestVar('action');
\r
104 $nextaction = requestVar('nextaction');
\r
105 $maxresults = requestVar('maxresults');
\r
106 $startpos = intRequestVar('startpos');
\r
107 $errormessage = '';
\r
109 $virtualpath = ((getVar('virtualpath') != null) ? getVar('virtualpath') : serverVar('PATH_INFO'));
\r
111 if (!headers_sent() ) {
\r
112 header('Generator: Nucleus CMS ' . $nucleus['version']);
\r
115 // include core classes that are needed for login & plugin handling
\r
116 include($DIR_LIBS . 'mysql.php');
\r
117 include($DIR_LIBS . 'MEMBER.php');
\r
118 include($DIR_LIBS . 'ACTIONLOG.php');
\r
119 include($DIR_LIBS . 'MANAGER.php');
\r
120 include($DIR_LIBS . 'PLUGIN.php');
\r
122 $manager =& MANAGER::instance();
\r
124 // make sure there's no unnecessary escaping:
\r
125 set_magic_quotes_runtime(0);
\r
128 if (!isset($CONF['UsingAdminArea'])) {
\r
129 $CONF['UsingAdminArea'] = 0;
\r
132 // only needed when updating logs
\r
133 if ($CONF['UsingAdminArea']) {
\r
134 include($DIR_LIBS . 'xmlrpc.inc.php'); // XML-RPC client classes
\r
135 include_once($DIR_LIBS . 'ADMIN.php');
\r
138 // connect to database
\r
142 // logs sanitized result if need
\r
143 if ($orgRequestURI!==serverVar('REQUEST_URI')) {
\r
144 $msg = "Sanitized [" . serverVar('REMOTE_ADDR') . "] ";
\r
145 $msg .= $orgRequestURI . " -> " . serverVar('REQUEST_URI');
\r
146 if ($bLoggingSanitizedResult) {
\r
147 addToLog(WARNING, $msg);
\r
149 if (!$bSanitizeAndContinue) {
\r
154 // makes sure database connection gets closed on script termination
\r
155 register_shutdown_function('sql_disconnect');
\r
160 // Properly set $CONF['Self'] and others if it's not set... usually when we are access from admin menu
\r
161 if (!isset($CONF['Self'])) {
\r
162 $CONF['Self'] = $CONF['IndexURL'];
\r
163 // strip trailing /
\r
164 if ($CONF['Self'][strlen($CONF['Self']) -1] == "/") {
\r
165 $CONF['Self'] = substr($CONF['Self'], 0, strlen($CONF['Self']) -1);
\r
168 /* $CONF['ItemURL'] = $CONF['Self'];
\r
169 $CONF['ArchiveURL'] = $CONF['Self'];
\r
170 $CONF['ArchiveListURL'] = $CONF['Self'];
\r
171 $CONF['MemberURL'] = $CONF['Self'];
\r
172 $CONF['SearchURL'] = $CONF['Self'];
\r
173 $CONF['BlogURL'] = $CONF['Self'];
\r
174 $CONF['CategoryURL'] = $CONF['Self'];*/
\r
177 $CONF['ItemURL'] = $CONF['Self'];
\r
178 $CONF['ArchiveURL'] = $CONF['Self'];
\r
179 $CONF['ArchiveListURL'] = $CONF['Self'];
\r
180 $CONF['MemberURL'] = $CONF['Self'];
\r
181 $CONF['SearchURL'] = $CONF['Self'];
\r
182 $CONF['BlogURL'] = $CONF['Self'];
\r
183 $CONF['CategoryURL'] = $CONF['Self'];
\r
185 // switch URLMode back to normal when $CONF['Self'] ends in .php
\r
186 // this avoids urls like index.php/item/13/index.php/item/15
\r
187 if (!isset($CONF['URLMode']) || (($CONF['URLMode'] == 'pathinfo') && (substr($CONF['Self'], strlen($CONF['Self']) - 4) == '.php'))) {
\r
188 $CONF['URLMode'] = 'normal';
\r
191 // automatically use simpler toolbar for mozilla
\r
192 if (($CONF['DisableJsTools'] == 0) && strstr(serverVar('HTTP_USER_AGENT'), 'Mozilla/5.0') && strstr(serverVar('HTTP_USER_AGENT'), 'Gecko') ) {
\r
193 $CONF['DisableJsTools'] = 2;
\r
196 // login if cookies set
\r
197 $member = new MEMBER();
\r
199 // secure cookie key settings (either 'none', 0, 8, 16, 24, or 32)
\r
200 if (!isset($CONF['secureCookieKey'])) $CONF['secureCookieKey']=24;
\r
201 switch($CONF['secureCookieKey']){
\r
203 $CONF['secureCookieKeyIP']=preg_replace('/\.[0-9]+\.[0-9]+\.[0-9]+$/','',serverVar('REMOTE_ADDR'));
\r
206 $CONF['secureCookieKeyIP']=preg_replace('/\.[0-9]+\.[0-9]+$/','',serverVar('REMOTE_ADDR'));
\r
209 $CONF['secureCookieKeyIP']=preg_replace('/\.[0-9]+$/','',serverVar('REMOTE_ADDR'));
\r
212 $CONF['secureCookieKeyIP']=serverVar('REMOTE_ADDR');
\r
215 $CONF['secureCookieKeyIP']='';
\r
218 // login/logout when required or renew cookies
\r
219 if ($action == 'login') {
\r
220 // Form Authentication
\r
221 $login = postVar('login');
\r
222 $pw = postVar('password');
\r
223 $shared = intPostVar('shared'); // shared computer or not
\r
225 $pw=substr($pw,0,40); // avoid md5 collision by using a long key
\r
227 if ($member->login($login, $pw) ) {
\r
229 $member->newCookieKey();
\r
230 $member->setCookies($shared);
\r
232 if ($CONF['secureCookieKey']!=='none') {
\r
233 // secure cookie key
\r
234 $member->setCookieKey(md5($member->getCookieKey().$CONF['secureCookieKeyIP']));
\r
238 // allows direct access to parts of the admin area after logging in
\r
240 $action = $nextaction;
\r
243 $manager->notify('LoginSuccess', array('member' => &$member) );
\r
244 $errormessage = '';
\r
245 ACTIONLOG::add(INFO, "Login successful for $login (sharedpc=$shared)");
\r
247 // errormessage for [%errordiv%]
\r
248 $errormessage = 'Login failed for ' . $login;
\r
250 $manager->notify('LoginFailed', array('username' => $login) );
\r
251 ACTIONLOG::add(INFO, $errormessage);
\r
255 Backed out for now: See http://forum.nucleuscms.org/viewtopic.php?t=3684 for details
\r
257 } elseif (serverVar('PHP_AUTH_USER') && serverVar('PHP_AUTH_PW')) {
\r
258 // HTTP Authentication
\r
259 $login = serverVar('PHP_AUTH_USER');
\r
260 $pw = serverVar('PHP_AUTH_PW');
\r
262 if ($member->login($login, $pw) ) {
\r
263 $manager->notify('LoginSuccess',array('member' => &$member));
\r
264 ACTIONLOG::add(INFO, "HTTP authentication successful for $login");
\r
266 $manager->notify('LoginFailed',array('username' => $login));
\r
267 ACTIONLOG::add(INFO, 'HTTP authentication failed for ' . $login);
\r
269 //Since bad credentials, generate an apropriate error page
\r
270 header("WWW-Authenticate: Basic realm=\"Nucleus CMS {$nucleus['version']}\"");
\r
271 header('HTTP/1.0 401 Unauthorized');
\r
272 echo 'Invalid username or password';
\r
277 } elseif (($action == 'logout') && (!headers_sent() ) && cookieVar($CONF['CookiePrefix'] . 'user') ) {
\r
278 // remove cookies on logout
\r
279 setcookie($CONF['CookiePrefix'] . 'user', '', (time() - 2592000), $CONF['CookiePath'], $CONF['CookieDomain'], $CONF['CookieSecure']);
\r
280 setcookie($CONF['CookiePrefix'] . 'loginkey', '', (time() - 2592000), $CONF['CookiePath'], $CONF['CookieDomain'], $CONF['CookieSecure']);
\r
281 $manager->notify('Logout', array('username' => cookieVar($CONF['CookiePrefix'] . 'user') ) );
\r
282 } elseif (cookieVar($CONF['CookiePrefix'] . 'user') ) {
\r
283 // Cookie Authentication
\r
284 $ck=cookieVar($CONF['CookiePrefix'] . 'loginkey');
\r
285 // secure cookie key
\r
286 $ck=substr($ck,0,32); // avoid md5 collision by using a long key
\r
287 if ($CONF['secureCookieKey']!=='none') $ck=md5($ck.$CONF['secureCookieKeyIP']);
\r
288 $res = $member->cookielogin(cookieVar($CONF['CookiePrefix'] . 'user'), $ck );
\r
291 // renew cookies when not on a shared computer
\r
292 if ($res && (cookieVar($CONF['CookiePrefix'] . 'sharedpc') != 1) && (!headers_sent() ) ) {
\r
293 $member->setCookieKey(cookieVar($CONF['CookiePrefix'] . 'loginkey'));
\r
294 $member->setCookies();
\r
299 $manager->notify('PostAuthentication', array('loggedIn' => $member->isLoggedIn() ) );
\r
302 // first, let's see if the site is disabled or not. always allow admin area access.
\r
303 if ($CONF['DisableSite'] && !$member->isAdmin() && !$CONF['UsingAdminArea']) {
\r
304 redirect($CONF['DisableSiteURL']);
\r
308 // load other classes
\r
309 include($DIR_LIBS . 'PARSER.php');
\r
310 include($DIR_LIBS . 'SKIN.php');
\r
311 include($DIR_LIBS . 'TEMPLATE.php');
\r
312 include($DIR_LIBS . 'BLOG.php');
\r
313 include($DIR_LIBS . 'BODYACTIONS.php');
\r
314 include($DIR_LIBS . 'COMMENTS.php');
\r
315 include($DIR_LIBS . 'COMMENT.php');
\r
316 //include($DIR_LIBS . 'ITEM.php');
\r
317 include($DIR_LIBS . 'NOTIFICATION.php');
\r
318 include($DIR_LIBS . 'BAN.php');
\r
319 include($DIR_LIBS . 'PAGEFACTORY.php');
\r
320 include($DIR_LIBS . 'SEARCH.php');
\r
321 include($DIR_LIBS . 'entity.php');
\r
324 // set lastVisit cookie (if allowed)
\r
325 if (!headers_sent() ) {
\r
326 if ($CONF['LastVisit']) {
\r
327 setcookie($CONF['CookiePrefix'] . 'lastVisit', time(), time() + 2592000, $CONF['CookiePath'], $CONF['CookieDomain'], $CONF['CookieSecure']);
\r
329 setcookie($CONF['CookiePrefix'] . 'lastVisit', '', (time() - 2592000), $CONF['CookiePath'], $CONF['CookieDomain'], $CONF['CookieSecure']);
\r
333 // read language file, only after user has been initialized
\r
334 $language = getLanguageName();
\r
335 include($DIR_LANG . ereg_replace( '[\\|/]', '', $language) . '.php');
\r
337 // check if valid charset
\r
338 if (!encoding_check(false, false, _CHARSET)) {
\r
339 foreach(array($_GET, $_POST) as $input) {
\r
340 array_walk($input, 'encoding_check');
\r
345 Backed out for now: See http://forum.nucleuscms.org/viewtopic.php?t=3684 for details
\r
347 // To remove after v2.5 is released and language files have been updated.
\r
348 // Including this makes sure that language files for v2.5beta can still be used for v2.5final
\r
349 // without having weird _SETTINGS_EXTAUTH string showing up in the admin area.
\r
350 if (!defined('_MEMBERS_BYPASS'))
\r
352 define('_SETTINGS_EXTAUTH', 'Enable External Authentication');
\r
353 define('_WARNING_EXTAUTH', 'Warning: Enable only if needed.');
\r
354 define('_MEMBERS_BYPASS', 'Use External Authentication');
\r
359 // make sure the archivetype skinvar keeps working when _ARCHIVETYPE_XXX not defined
\r
360 if (!defined('_ARCHIVETYPE_MONTH') ) {
\r
361 define('_ARCHIVETYPE_DAY', 'day');
\r
362 define('_ARCHIVETYPE_MONTH', 'month');
\r
365 // decode path_info
\r
366 if ($CONF['URLMode'] == 'pathinfo') {
\r
367 // initialize keywords if this hasn't been done before
\r
368 if (!isset($CONF['ItemKey']) || $CONF['ItemKey'] == '') {
\r
369 $CONF['ItemKey'] = 'item';
\r
372 if (!isset($CONF['ArchiveKey']) || $CONF['ArchiveKey'] == '') {
\r
373 $CONF['ArchiveKey'] = 'archive';
\r
376 if (!isset($CONF['ArchivesKey']) || $CONF['ArchivesKey'] == '') {
\r
377 $CONF['ArchivesKey'] = 'archives';
\r
380 if (!isset($CONF['MemberKey']) || $CONF['MemberKey'] == '') {
\r
381 $CONF['MemberKey'] = 'member';
\r
384 if (!isset($CONF['BlogKey']) || $CONF['BlogKey'] == '') {
\r
385 $CONF['BlogKey'] = 'blog';
\r
388 if (!isset($CONF['CategoryKey']) || $CONF['CategoryKey'] == '') {
\r
389 $CONF['CategoryKey'] = 'category';
\r
392 if (!isset($CONF['SpecialskinKey']) || $CONF['SpecialskinKey'] == '') {
\r
393 $CONF['SpecialskinKey'] = 'special';
\r
400 'type' => basename(serverVar('SCRIPT_NAME') ), // e.g. item, blog, ...
\r
401 'info' => $virtualpath,
\r
402 'complete' => &$parsed
\r
407 // default implementation
\r
408 $data = explode("/", $virtualpath );
\r
409 for ($i = 0; $i < sizeof($data); $i++) {
\r
410 switch ($data[$i]) {
\r
411 case $CONF['ItemKey']: // item/1 (blogid)
\r
414 if ($i < sizeof($data) ) {
\r
415 $itemid = intval($data[$i]);
\r
419 case $CONF['ArchivesKey']: // archives/1 (blogid)
\r
422 if ($i < sizeof($data) ) {
\r
423 $archivelist = intval($data[$i]);
\r
427 case $CONF['ArchiveKey']: // two possibilities: archive/yyyy-mm or archive/1/yyyy-mm (with blogid)
\r
428 if ((($i + 1) < sizeof($data) ) && (!strstr($data[$i + 1], '-') ) ) {
\r
429 $blogid = intval($data[++$i]);
\r
434 if ($i < sizeof($data) ) {
\r
435 $archive = $data[$i];
\r
439 case 'blogid': // blogid/1
\r
440 case $CONF['BlogKey']: // blog/1
\r
443 if ($i < sizeof($data) ) {
\r
444 $blogid = intval($data[$i]);
\r
448 case $CONF['CategoryKey']: // category/1 (catid)
\r
452 if ($i < sizeof($data) ) {
\r
453 $catid = intval($data[$i]);
\r
457 case $CONF['MemberKey']:
\r
460 if ($i < sizeof($data) ) {
\r
461 $memberid = intval($data[$i]);
\r
465 case $CONF['SpecialskinKey']:
\r
468 if ($i < sizeof($data) ) {
\r
469 $_REQUEST['special'] = $data[$i];
\r
480 function intPostVar($name) {
\r
481 return intval(postVar($name) );
\r
484 function intGetVar($name) {
\r
485 return intval(getVar($name) );
\r
488 function intRequestVar($name) {
\r
489 return intval(requestVar($name) );
\r
492 function intCookieVar($name) {
\r
493 return intval(cookieVar($name) );
\r
497 * returns the currently used version (100 = 1.00, 101 = 1.01, etc...)
\r
499 function getNucleusVersion() {
\r
504 * power users can install patches in between nucleus releases. These patches
\r
505 * usually add new functionality in the plugin API and allow those to
\r
506 * be tested without having to install CVS.
\r
508 function getNucleusPatchLevel() {
\r
513 * Connects to mysql server
\r
515 function sql_connect() {
\r
516 global $MYSQL_HOST, $MYSQL_USER, $MYSQL_PASSWORD, $MYSQL_DATABASE, $MYSQL_CONN;
\r
518 $MYSQL_CONN = @mysql_connect($MYSQL_HOST, $MYSQL_USER, $MYSQL_PASSWORD) or startUpError('<p>Could not connect to MySQL database.</p>', 'Connect Error');
\r
519 mysql_select_db($MYSQL_DATABASE) or startUpError('<p>Could not select database: ' . mysql_error() . '</p>', 'Connect Error');
\r
521 /*/ <add for garble measure>
\r
522 $resource = sql_query("show variables LIKE 'character_set_database'");
\r
523 $fetchDat = mysql_fetch_assoc($resource);
\r
524 $charset = $fetchDat['Value'];
\r
525 $mySqlVer = implode('.', array_map('intval', explode('.', mysql_get_server_info($MYSQL_CONN))));
\r
526 if ($mySqlVer >= '5.0.7' && phpversion() >= '5.2.3') {
\r
527 mysql_set_charset($charset);
\r
529 sql_query("SET NAMES " . $charset);
\r
531 // </add for garble measure>*/
\r
533 return $MYSQL_CONN;
\r
537 * returns a prefixed nucleus table name
\r
539 function sql_table($name) {
\r
540 global $MYSQL_PREFIX;
\r
542 if ($MYSQL_PREFIX) {
\r
543 return $MYSQL_PREFIX . 'nucleus_' . $name;
\r
545 return 'nucleus_' . $name;
\r
549 function sendContentType($contenttype, $pagetype = '', $charset = _CHARSET) {
\r
550 global $manager, $CONF;
\r
552 if (!headers_sent() ) {
\r
553 // if content type is application/xhtml+xml, only send it to browsers
\r
554 // that can handle it (IE6 cannot). Otherwise, send text/html
\r
556 // v2.5: For admin area pages, keep sending text/html (unless it's a debug version)
\r
557 // application/xhtml+xml still causes too much problems with the javascript implementations
\r
559 // v3.3: ($CONF['UsingAdminArea'] && !$CONF['debug']) gets removed,
\r
560 // application/xhtml+xml seems to be working, so we're going to use it if we can.
\r
562 // Note: reverted the following function in JP version
\r
567 ($contenttype == 'application/xhtml+xml')
\r
568 && (!stristr(serverVar('HTTP_ACCEPT'), 'application/xhtml+xml') )
\r
570 $contenttype = 'text/html';
\r
575 ($contenttype == 'application/xhtml+xml')
\r
576 && (($CONF['UsingAdminArea'] && !$CONF['debug']) || !stristr(serverVar('HTTP_ACCEPT'),'application/xhtml+xml'))
\r
579 $contenttype = 'text/html';
\r
583 'PreSendContentType',
\r
585 'contentType' => &$contenttype,
\r
586 'charset' => &$charset,
\r
587 'pageType' => $pagetype
\r
591 // strip strange characters
\r
592 $contenttype = preg_replace('|[^a-z0-9-+./]|i', '', $contenttype);
\r
593 $charset = preg_replace('|[^a-z0-9-_]|i', '', $charset);
\r
595 if ($charset != '') {
\r
596 header('Content-Type: ' . $contenttype . '; charset=' . $charset);
\r
598 header('Content-Type: ' . $contenttype);
\r
601 // check if valid charset
\r
602 if (!encoding_check(false,false,$charset)) {
\r
603 foreach(array($_GET, $_POST) as $input) {
\r
604 array_walk($input, 'encoding_check');
\r
611 * Errors before the database connection has been made
\r
613 function startUpError($msg, $title) {
\r
614 if (!defined('_CHARSET')) define('_CHARSET', 'iso-8859-1');
\r
615 header('Content-Type: text/html; charset=' . _CHARSET);
\r
617 <html <?php echo _HTML_XML_NAME_SPACE_AND_LANG_CODE; ?>>
\r
618 <head><meta http-equiv="Content-Type" content="text/html; charset=<?php echo _CHARSET?>" />
\r
619 <title><?php echo htmlspecialchars($title)?></title></head>
\r
621 <h1><?php echo htmlspecialchars($title)?></h1>
\r
629 * disconnects from SQL server
\r
631 function sql_disconnect() {
\r
636 * executes an SQL query
\r
638 function sql_query($query) {
\r
641 $res = mysql_query($query) or print("mySQL error with query $query: " . mysql_error() . '<p />');
\r
647 * Highlights a specific query in a given HTML text (not within HTML tags) and returns it
\r
650 * text to be highlighted
\r
651 * @param $expression
\r
652 * regular expression to be matched (can be an array of expressions as well)
\r
653 * @param $highlight
\r
654 * highlight to be used (use \\0 to indicate the matched expression)
\r
657 function highlight($text, $expression, $highlight) {
\r
658 if (!$highlight || !$expression) {
\r
662 if (is_array($expression) && (count($expression) == 0) ) {
\r
666 // add a tag in front (is needed for preg_match_all to work correct)
\r
667 $text = '<!--h-->' . $text;
\r
669 // split the HTML up so we have HTML tags
\r
670 // $matches[0][i] = HTML + text
\r
671 // $matches[1][i] = HTML
\r
672 // $matches[2][i] = text
\r
673 preg_match_all('/(<[^>]+>)([^<>]*)/', $text, $matches);
\r
675 // throw it all together again while applying the highlight to the text pieces
\r
677 for ($i = 0; $i < sizeof($matches[2]); $i++) {
\r
679 $result .= $matches[1][$i];
\r
682 if (is_array($expression) ) {
\r
683 foreach ($expression as $regex) {
\r
685 $matches[2][$i] = @eregi_replace($regex, $highlight, $matches[2][$i]);
\r
689 $result .= $matches[2][$i];
\r
691 $result .= @eregi_replace($expression, $highlight, $matches[2][$i]);
\r
699 * Parses a query into an array of expressions that can be passed on to the highlight method
\r
701 function parseHighlight($query) {
\r
702 // TODO: add more intelligent splitting logic
\r
704 // get rid of quotes
\r
705 $query = preg_replace('/\'|"/', '', $query);
\r
711 $aHighlight = explode(' ', $query);
\r
713 for ($i = 0; $i < count($aHighlight); $i++) {
\r
714 $aHighlight[$i] = trim($aHighlight[$i]);
\r
716 if (strlen($aHighlight[$i]) < 3) {
\r
717 unset($aHighlight[$i]);
\r
721 if (count($aHighlight) == 1) {
\r
722 return $aHighlight[0];
\r
724 return $aHighlight;
\r
729 * Checks if email address is valid
\r
731 function isValidMailAddress($address) {
\r
732 if (preg_match('/^[a-zA-Z+0-9\._-]+@[a-zA-Z0-9\._-]+\.[A-Za-z]{2,5}$/', $address)) {
\r
740 // some helper functions
\r
741 function getBlogIDFromName($name) {
\r
742 return quickQuery('SELECT bnumber as result FROM ' . sql_table('blog') . ' WHERE bshortname="' . addslashes($name) . '"');
\r
745 function getBlogNameFromID($id) {
\r
746 return quickQuery('SELECT bname as result FROM ' . sql_table('blog') . ' WHERE bnumber=' . intval($id) );
\r
749 function getBlogIDFromItemID($itemid) {
\r
750 return quickQuery('SELECT iblog as result FROM ' . sql_table('item') . ' WHERE inumber=' . intval($itemid) );
\r
753 function getBlogIDFromCommentID($commentid) {
\r
754 return quickQuery('SELECT cblog as result FROM ' . sql_table('comment') . ' WHERE cnumber=' . intval($commentid) );
\r
757 function getBlogIDFromCatID($catid) {
\r
758 return quickQuery('SELECT cblog as result FROM ' . sql_table('category') . ' WHERE catid=' . intval($catid) );
\r
761 function getCatIDFromName($name) {
\r
762 return quickQuery('SELECT catid as result FROM ' . sql_table('category') . ' WHERE cname="' . addslashes($name) . '"');
\r
765 function quickQuery($q) {
\r
766 $res = sql_query($q);
\r
767 $obj = mysql_fetch_object($res);
\r
768 return $obj->result;
\r
771 function getPluginNameFromPid($pid) {
\r
772 $res = sql_query('SELECT pfile FROM ' . sql_table('plugin') . ' WHERE pid=' . intval($pid) );
\r
773 $obj = mysql_fetch_object($res);
\r
774 return $obj->pfile;
\r
777 function selector() {
\r
778 global $itemid, $blogid, $memberid, $query, $amount, $archivelist, $maxresults;
\r
779 global $archive, $skinid, $blog, $memberinfo, $CONF, $member;
\r
780 global $imagepopup, $catid;
\r
783 $actionNames = array('addcomment', 'sendmessage', 'createaccount', 'forgotpassword', 'votepositive', 'votenegative', 'plugin');
\r
784 $action = requestVar('action');
\r
786 if (in_array($action, $actionNames) ) {
\r
787 global $DIR_LIBS, $errormessage;
\r
788 include_once($DIR_LIBS . 'ACTION.php');
\r
790 $errorInfo = $a->doAction($action);
\r
793 $errormessage = $errorInfo['message'];
\r
797 // show error when headers already sent out
\r
798 if (headers_sent() && $CONF['alertOnHeadersSent']) {
\r
800 // try to get line number/filename (extra headers_sent params only exists in PHP 4.3+)
\r
801 if (function_exists('version_compare') && version_compare('4.3.0', phpversion(), '<=') ) {
\r
802 headers_sent($hsFile, $hsLine);
\r
803 $extraInfo = ' in <code>' . $hsFile . '</code> line <code>' . $hsLine . '</code>';
\r
809 '<p>The page headers have already been sent out' . $extraInfo . '. This could cause Nucleus not to work in the expected way.</p><p>Usually, this is caused by spaces or newlines at the end of the <code>config.php</code> file, at the end of the language file or at the end of a plugin file. Please check this and try again.</p><p>If you don\'t want to see this error message again, without solving the problem, set <code>$CONF[\'alertOnHeadersSent\']</code> in <code>globalfunctions.php</code> to <code>0</code></p>',
\r
810 'Page headers already sent'
\r
815 // make is so ?archivelist without blogname or blogid shows the archivelist
\r
816 // for the default weblog
\r
817 if (serverVar('QUERY_STRING') == 'archivelist') {
\r
818 $archivelist = $CONF['DefaultBlog'];
\r
821 // now decide which type of skin we need
\r
823 // itemid given -> only show that item
\r
826 if (!$manager->existsItem($itemid,0,0) ) {
\r
827 doError(_ERROR_NOSUCHITEM);
\r
830 global $itemidprev, $itemidnext, $catid, $itemtitlenext, $itemtitleprev;
\r
832 // 1. get timestamp, blogid and catid for item
\r
833 $query = 'SELECT itime, iblog, icat FROM ' . sql_table('item') . ' WHERE inumber=' . intval($itemid);
\r
834 $res = sql_query($query);
\r
835 $obj = mysql_fetch_object($res);
\r
837 // if a different blog id has been set through the request or selectBlog(),
\r
839 // if ($blogid && (intval($blogid) != $obj->iblog) ) {
\r
840 // doError(_ERROR_NOSUCHITEM);
\r
842 if ($blogid && (intval($blogid) != $obj->iblog) ) {
\r
843 if (!headers_sent()) {
\r
844 $b =& $manager->getBlog($obj->iblog);
\r
845 $CONF['ItemURL'] = $b->getURL();
\r
846 if ($CONF['URLMode'] == 'pathinfo' and substr($CONF['ItemURL'],-1) == '/')
\r
847 $CONF['ItemURL'] = substr($CONF['ItemURL'], 0, -1);
\r
848 $correctURL = createItemLink($itemid, '');
\r
849 redirect($correctURL);
\r
852 doError(_ERROR_NOSUCHITEM);
\r
856 // if a category has been selected which doesn't match the item, ignore the
\r
858 if (($catid != 0) && ($catid != $obj->icat) ) {
\r
862 $blogid = $obj->iblog;
\r
863 $timestamp = strtotime($obj->itime);
\r
865 $b =& $manager->getBlog($blogid);
\r
867 if ($b->isValidCategory($catid) ) {
\r
868 $catextra = ' and icat=' . $catid;
\r
873 // get previous itemid and title
\r
874 $query = 'SELECT inumber, ititle FROM ' . sql_table('item') . ' WHERE itime<' . mysqldate($timestamp) . ' and idraft=0 and iblog=' . $blogid . $catextra . ' ORDER BY itime DESC LIMIT 1';
\r
875 $res = sql_query($query);
\r
877 $obj = mysql_fetch_object($res);
\r
880 $itemidprev = $obj->inumber;
\r
881 $itemtitleprev = $obj->ititle;
\r
884 // get next itemid and title
\r
885 $query = 'SELECT inumber, ititle FROM ' . sql_table('item') . ' WHERE itime>' . mysqldate($timestamp) . ' and itime <= ' . mysqldate($b->getCorrectTime()) . ' and idraft=0 and iblog=' . $blogid . $catextra . ' ORDER BY itime ASC LIMIT 1';
\r
886 $res = sql_query($query);
\r
888 $obj = mysql_fetch_object($res);
\r
891 $itemidnext = $obj->inumber;
\r
892 $itemtitlenext = $obj->ititle;
\r
895 } elseif ($archive) {
\r
899 // get next and prev month links ...
\r
900 global $archivenext, $archiveprev, $archivetype, $archivenextexists, $archiveprevexists;
\r
902 // sql queries for the timestamp of the first and the last published item
\r
903 $query = "SELECT UNIX_TIMESTAMP(itime) as result FROM ".sql_table('item')." WHERE idraft=0 AND iblog=".(int)($blogid ? $blogid : $CONF['DefaultBlog'])." ORDER BY itime ASC";
\r
904 $first_timestamp=quickQuery ($query);
\r
905 $query = "SELECT UNIX_TIMESTAMP(itime) as result FROM ".sql_table('item')." WHERE idraft=0 AND iblog=".(int)($blogid ? $blogid : $CONF['DefaultBlog'])." ORDER BY itime DESC";
\r
906 $last_timestamp=quickQuery ($query);
\r
908 sscanf($archive, '%d-%d-%d', $y, $m, $d);
\r
911 $archivetype = _ARCHIVETYPE_DAY;
\r
912 $t = mktime(0, 0, 0, $m, $d, $y);
\r
913 // one day has 24 * 60 * 60 = 86400 seconds
\r
914 $archiveprev = strftime('%Y-%m-%d', $t - 86400 );
\r
915 // check for published items
\r
916 if ($t > $first_timestamp) {
\r
917 $archiveprevexists = true;
\r
920 $archiveprevexists = false;
\r
925 $archivenext = strftime('%Y-%m-%d', $t);
\r
926 if ($t < $last_timestamp) {
\r
927 $archivenextexists = true;
\r
930 $archivenextexists = false;
\r
934 $archivetype = _ARCHIVETYPE_MONTH;
\r
935 $t = mktime(0, 0, 0, $m, 1, $y);
\r
936 // one day before is in the previous month
\r
937 $archiveprev = strftime('%Y-%m', $t - 86400);
\r
938 if ($t > $first_timestamp) {
\r
939 $archiveprevexists = true;
\r
942 $archiveprevexists = false;
\r
945 // timestamp for the next month
\r
946 $t = mktime(0, 0, 0, $m+1, 1, $y);
\r
947 $archivenext = strftime('%Y-%m', $t);
\r
948 if ($t < $last_timestamp) {
\r
949 $archivenextexists = true;
\r
952 $archivenextexists = false;
\r
956 } elseif ($archivelist) {
\r
957 $type = 'archivelist';
\r
959 if (is_numeric($archivelist)) {
\r
960 $blogid = intVal($archivelist);
\r
962 $blogid = getBlogIDFromName($archivelist);
\r
966 doError(_ERROR_NOSUCHBLOG);
\r
969 } elseif ($query) {
\r
972 $query = stripslashes($query);
\r
973 if(preg_match("/^(\xA1{2}|\xe3\x80{2}|\x20)+$/", $query)){
\r
976 $order = (_CHARSET == 'EUC-JP') ? 'EUC-JP, UTF-8,' : 'UTF-8, EUC-JP,';
\r
977 $query = mb_convert_encoding($query, _CHARSET, $order . ' JIS, SJIS, ASCII');
\r
978 if (is_numeric($blogid)) {
\r
979 $blogid = intVal($blogid);
\r
981 $blogid = getBlogIDFromName($blogid);
\r
985 doError(_ERROR_NOSUCHBLOG);
\r
988 } elseif ($memberid) {
\r
991 if (!MEMBER::existsID($memberid) ) {
\r
992 doError(_ERROR_NOSUCHMEMBER);
\r
995 $memberinfo = $manager->getMember($memberid);
\r
997 } elseif ($imagepopup) {
\r
998 // media object (images etc.)
\r
999 $type = 'imagepopup';
\r
1001 // TODO: check if media-object exists
\r
1002 // TODO: set some vars?
\r
1004 // show regular index page
\r
1009 // decide which blog should be displayed
\r
1011 $blogid = $CONF['DefaultBlog'];
\r
1014 $b =& $manager->getBlog($blogid);
\r
1015 $blog = $b; // references can't be placed in global variables?
\r
1017 if (!$blog->isValid) {
\r
1018 doError(_ERROR_NOSUCHBLOG);
\r
1021 // set catid if necessary
\r
1023 $blog->setSelectedCategory($catid);
\r
1026 // decide which skin should be used
\r
1027 if ($skinid != '' && ($skinid == 0) ) {
\r
1028 selectSkin($skinid);
\r
1032 $skinid = $blog->getDefaultSkin();
\r
1035 $special = requestVar('special');
\r
1036 if (!empty($special) && isValidShortName($special)) {
\r
1037 $type = strtolower($special);
\r
1040 $skin = new SKIN($skinid);
\r
1042 if (!$skin->isValid) {
\r
1043 doError(_ERROR_NOSUCHSKIN);
\r
1047 $skin->parse($type);
\r
1049 // check to see we should throw JustPosted event
\r
1050 $blog->checkJustPosted();
\r
1054 * Show error skin with given message. An optional skin-object to use can be given
\r
1056 function doError($msg, $skin = '') {
\r
1057 global $errormessage, $CONF, $skinid, $blogid, $manager;
\r
1059 if ($skin == '') {
\r
1061 if (SKIN::existsID($skinid) ) {
\r
1062 $skin = new SKIN($skinid);
\r
1063 } elseif ($manager->existsBlogID($blogid) ) {
\r
1064 $blog =& $manager->getBlog($blogid);
\r
1065 $skin = new SKIN($blog->getDefaultSkin() );
\r
1066 } elseif ($CONF['DefaultBlog']) {
\r
1067 $blog =& $manager->getBlog($CONF['DefaultBlog']);
\r
1068 $skin = new SKIN($blog->getDefaultSkin() );
\r
1070 // this statement should actually never be executed
\r
1071 $skin = new SKIN($CONF['BaseSkin']);
\r
1076 $skinid = $skin->id;
\r
1077 $errormessage = $msg;
\r
1078 $skin->parse('error');
\r
1082 function getConfig() {
\r
1085 $query = 'SELECT * FROM ' . sql_table('config');
\r
1086 $res = sql_query($query);
\r
1088 while ($obj = mysql_fetch_object($res) ) {
\r
1089 $CONF[$obj->name] = $obj->value;
\r
1093 // some checks for names of blogs, categories, templates, members, ...
\r
1094 function isValidShortName($name) {
\r
1095 return eregi('^[a-z0-9]+$', $name);
\r
1098 function isValidDisplayName($name) {
\r
1099 return eregi('^[a-z0-9]+[a-z0-9 ]*[a-z0-9]+$', $name);
\r
1102 function isValidCategoryName($name) {
\r
1106 function isValidTemplateName($name) {
\r
1107 return eregi('^[a-z0-9/]+$', $name);
\r
1110 function isValidSkinName($name) {
\r
1111 return eregi('^[a-z0-9/]+$', $name);
\r
1114 // add and remove linebreaks
\r
1115 function addBreaks($var) {
\r
1116 return nl2br($var);
\r
1119 function removeBreaks($var) {
\r
1120 return preg_replace("/<br \/>([\r\n])/", "$1", $var);
\r
1123 // shortens a text string to maxlength ($toadd) is what needs to be added
\r
1124 // at the end (end length is <= $maxlength)
\r
1125 function shorten($text, $maxlength, $toadd) {
\r
1126 // 1. remove entities...
\r
1127 // $trans = get_html_translation_table(HTML_ENTITIES);
\r
1128 $trans = get_html_translation_table(HTML_SPECIALCHARS); // for Japanese
\r
1129 $trans = array_flip($trans);
\r
1130 $text = strtr($text, $trans);
\r
1132 // 2. the actual shortening
\r
1133 if (strlen($text) > $maxlength) {
\r
1134 // $text = substr($text, 0, $maxlength - strlen($toadd) ) . $toadd;
\r
1135 $text = mb_strimwidth($text, 0, $maxlength, $toadd, _CHARSET); // for Japanese
\r
1141 * Converts a unix timestamp to a mysql DATETIME format, and places
\r
1142 * quotes around it.
\r
1144 function mysqldate($timestamp) {
\r
1145 return '"' . date('Y-m-d H:i:s', $timestamp) . '"';
\r
1149 * functions for use in index.php
\r
1151 function selectBlog($shortname) {
\r
1152 global $blogid, $archivelist;
\r
1153 $blogid = getBlogIDFromName($shortname);
\r
1155 // also force archivelist variable, if it is set
\r
1156 if ($archivelist) {
\r
1157 $archivelist = $blogid;
\r
1161 function selectSkin($skinname) {
\r
1163 $skinid = SKIN::getIdFromName($skinname);
\r
1167 * Can take either a category ID or a category name (be aware that
\r
1168 * multiple categories can have the same name)
\r
1170 function selectCategory($cat) {
\r
1172 if (is_numeric($cat) ) {
\r
1173 $catid = intval($cat);
\r
1175 $catid = getCatIDFromName($cat);
\r
1179 function selectItem($id) {
\r
1181 $itemid = intval($id);
\r
1184 // force the use of a language file (warning: can cause warnings)
\r
1185 function selectLanguage($language) {
\r
1187 include($DIR_LANG . ereg_replace( '[\\|/]', '', $language) . '.php');
\r
1190 function parseFile($filename, $includeMode = 'normal', $includePrefix = '') {
\r
1191 $handler = new ACTIONS('fileparser');
\r
1192 $parser = new PARSER(SKIN::getAllowedActionsForType('fileparser'), $handler);
\r
1193 $handler->parser =& $parser;
\r
1195 // set IncludeMode properties of parser
\r
1196 PARSER::setProperty('IncludeMode', $includeMode);
\r
1197 PARSER::setProperty('IncludePrefix', $includePrefix);
\r
1199 if (!file_exists($filename) ) {
\r
1200 doError('A file is missing');
\r
1203 $fsize = filesize($filename);
\r
1205 if ($fsize <= 0) {
\r
1210 $fd = fopen ($filename, 'r');
\r
1211 $contents = fread ($fd, $fsize);
\r
1214 // parse file contents
\r
1215 $parser->parse($contents);
\r
1219 * Outputs a debug message
\r
1221 function debug($msg) {
\r
1222 echo '<p><b>' . $msg . "</b></p>\n";
\r
1226 function addToLog($level, $msg) {
\r
1227 ACTIONLOG::add($level, $msg);
\r
1230 // shows a link to help file
\r
1231 function help($id) {
\r
1232 echo helpHtml($id);
\r
1235 function helpHtml($id) {
\r
1237 return helplink($id) . '<img src="' . $CONF['AdminURL'] . 'documentation/icon-help.gif" width="15" height="15" alt="' . _HELP_TT . '" title="' . _HELP_TT . '" /></a>';
\r
1240 function helplink($id) {
\r
1242 return '<a href="' . $CONF['AdminURL'] . 'documentation/help.html#'. $id . '" onclick="if (event && event.preventDefault) event.preventDefault(); return help(this.href);">';
\r
1245 function getMailFooter() {
\r
1246 $message = "\n\n-----------------------------";
\r
1247 $message .= "\n Powered by Nucleus CMS";
\r
1248 $message .= "\n(http://www.nucleuscms.org/)";
\r
1253 * Returns the name of the language to use
\r
1254 * preference priority: member - site
\r
1255 * defaults to english when no good language found
\r
1257 * checks if file exists, etc...
\r
1259 function getLanguageName() {
\r
1260 global $CONF, $member;
\r
1262 if ($member && $member->isLoggedIn() ) {
\r
1263 // try to use members language
\r
1264 $memlang = $member->getLanguage();
\r
1266 if (($memlang != '') && (checkLanguage($memlang) ) ) {
\r
1271 // use default language
\r
1272 if (checkLanguage($CONF['Language']) ) {
\r
1273 return $CONF['Language'];
\r
1280 * Includes a PHP file. This method can be called while parsing templates and skins
\r
1282 function includephp($filename) {
\r
1283 // make predefined variables global, so most simple scripts can be used here
\r
1285 // apache (names taken from PHP doc)
\r
1286 global $GATEWAY_INTERFACE, $SERVER_NAME, $SERVER_SOFTWARE, $SERVER_PROTOCOL;
\r
1287 global $REQUEST_METHOD, $QUERY_STRING, $DOCUMENT_ROOT, $HTTP_ACCEPT;
\r
1288 global $HTTP_ACCEPT_CHARSET, $HTTP_ACCEPT_ENCODING, $HTTP_ACCEPT_LANGUAGE;
\r
1289 global $HTTP_CONNECTION, $HTTP_HOST, $HTTP_REFERER, $HTTP_USER_AGENT;
\r
1290 global $REMOTE_ADDR, $REMOTE_PORT, $SCRIPT_FILENAME, $SERVER_ADMIN;
\r
1291 global $SERVER_PORT, $SERVER_SIGNATURE, $PATH_TRANSLATED, $SCRIPT_NAME;
\r
1292 global $REQUEST_URI;
\r
1294 // php (taken from PHP doc)
\r
1295 global $argv, $argc, $PHP_SELF, $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS;
\r
1296 global $HTTP_POST_FILES, $HTTP_ENV_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS;
\r
1299 global $PATH_INFO, $HTTPS, $HTTP_RAW_POST_DATA, $HTTP_X_FORWARDED_FOR;
\r
1301 if (@file_exists($filename) ) {
\r
1302 include($filename);
\r
1307 * Checks if a certain language/plugin exists
\r
1309 function checkLanguage($lang) {
\r
1310 global $DIR_LANG ;
\r
1311 return file_exists($DIR_LANG . ereg_replace( '[\\|/]', '', $lang) . '.php');
\r
1314 function checkPlugin($plug) {
\r
1315 global $DIR_PLUGINS;
\r
1316 return file_exists($DIR_PLUGINS . ereg_replace( '[\\|/]', '', $plug) . '.php');
\r
1320 * Centralisation of the functions that generate links
\r
1322 function createItemLink($itemid, $extra = '') {
\r
1323 return createLink('item', array('itemid' => $itemid, 'extra' => $extra) );
\r
1326 function createMemberLink($memberid, $extra = '') {
\r
1327 return createLink('member', array('memberid' => $memberid, 'extra' => $extra) );
\r
1330 function createCategoryLink($catid, $extra = '') {
\r
1331 return createLink('category', array('catid' => $catid, 'extra' => $extra) );
\r
1334 function createArchiveListLink($blogid = '', $extra = '') {
\r
1335 return createLink('archivelist', array('blogid' => $blogid, 'extra' => $extra) );
\r
1338 function createArchiveLink($blogid, $archive, $extra = '') {
\r
1339 return createLink('archive', array('blogid' => $blogid, 'archive' => $archive, 'extra' => $extra) );
\r
1342 function createBlogidLink($blogid, $params = '') {
\r
1343 return createLink('blog', array('blogid' => $blogid, 'extra' => $params) );
\r
1346 function createLink($type, $params) {
\r
1347 global $manager, $CONF;
\r
1349 $generatedURL = '';
\r
1350 $usePathInfo = ($CONF['URLMode'] == 'pathinfo');
\r
1352 // ask plugins first
\r
1355 if ($usePathInfo) {
\r
1360 'params' => $params,
\r
1361 'completed' => &$created,
\r
1367 // if a plugin created the URL, return it
\r
1372 // default implementation
\r
1375 if ($usePathInfo) {
\r
1376 $url = $CONF['ItemURL'] . '/' . $CONF['ItemKey'] . '/' . $params['itemid'];
\r
1378 $url = $CONF['ItemURL'] . '?itemid=' . $params['itemid'];
\r
1383 if ($usePathInfo) {
\r
1384 $url = $CONF['MemberURL'] . '/' . $CONF['MemberKey'] . '/' . $params['memberid'];
\r
1386 $url = $CONF['MemberURL'] . '?memberid=' . $params['memberid'];
\r
1391 if ($usePathInfo) {
\r
1392 $url = $CONF['CategoryURL'] . '/' . $CONF['CategoryKey'] . '/' . $params['catid'];
\r
1394 $url = $CONF['CategoryURL'] . '?catid=' . $params['catid'];
\r
1398 case 'archivelist':
\r
1399 if (!$params['blogid']) {
\r
1400 $params['blogid'] = $CONF['DefaultBlog'];
\r
1403 if ($usePathInfo) {
\r
1404 $url = $CONF['ArchiveListURL'] . '/' . $CONF['ArchivesKey'] . '/' . $params['blogid'];
\r
1406 $url = $CONF['ArchiveListURL'] . '?archivelist=' . $params['blogid'];
\r
1411 if ($usePathInfo) {
\r
1412 $url = $CONF['ArchiveURL'] . '/' . $CONF['ArchiveKey'] . '/'.$params['blogid'].'/' . $params['archive'];
\r
1414 $url = $CONF['ArchiveURL'] . '?blogid='.$params['blogid'].'&archive=' . $params['archive'];
\r
1419 if ($usePathInfo) {
\r
1420 $url = $CONF['BlogURL'] . '/' . $CONF['BlogKey'] . '/' . $params['blogid'];
\r
1422 $url = $CONF['BlogURL'] . '?blogid=' . $params['blogid'];
\r
1427 return addLinkParams($url, (isset($params['extra'])? $params['extra'] : null));
\r
1430 function createBlogLink($url, $params) {
\r
1432 if ($CONF['URLMode'] == 'normal') {
\r
1433 if (strpos($url, '?') === FALSE && is_array($params)) {
\r
1434 $fParam = reset($params);
\r
1435 $fKey = key($params);
\r
1436 array_shift($params);
\r
1437 $url .= '?' . $fKey . '=' . $fParam;
\r
1439 } elseif ($CONF['URLMode'] == 'pathinfo' && substr($url, -1) == '/') {
\r
1440 $url = substr($url, 0, -1);
\r
1442 return addLinkParams($url, $params);
\r
1445 function addLinkParams($link, $params) {
\r
1448 if (is_array($params) ) {
\r
1450 if ($CONF['URLMode'] == 'pathinfo') {
\r
1452 foreach ($params as $param => $value) {
\r
1453 $link .= '/' . $param . '/' . urlencode($value);
\r
1458 foreach ($params as $param => $value) {
\r
1459 $link .= '&' . $param . '=' . urlencode($value);
\r
1469 * @param $querystr
\r
1470 * querystring to alter (e.g. foo=1&bar=2&x=y)
\r
1472 * name of parameter to change (e.g. 'foo')
\r
1474 * New value for that parameter (e.g. 3)
\r
1476 * altered query string (for the examples above: foo=3&bar=2&x=y)
\r
1478 function alterQueryStr($querystr, $param, $value) {
\r
1479 $vars = explode('&', $querystr);
\r
1482 for ($i = 0; $i < count($vars); $i++) {
\r
1483 $v = explode('=', $vars[$i]);
\r
1485 if ($v[0] == $param) {
\r
1487 $vars[$i] = implode('=', $v);
\r
1494 $vars[] = $param . '=' . $value;
\r
1497 return ltrim(implode('&', $vars), '&');
\r
1500 // passes one variable as hidden input field (multiple fields for arrays)
\r
1501 // @see passRequestVars in varsx.x.x.php
\r
1502 function passVar($key, $value) {
\r
1504 if (is_array($value) ) {
\r
1505 for ($i = 0; $i < sizeof($value); $i++) {
\r
1506 passVar($key . '[' . $i . ']', $value[$i]);
\r
1512 // other values: do stripslashes if needed
\r
1513 ?><input type="hidden" name="<?php echo htmlspecialchars($key)?>" value="<?php echo htmlspecialchars(undoMagic($value) )?>" /><?php
\r
1517 Date format functions (to be used from [%date(..)%] skinvars
\r
1519 function formatDate($format, $timestamp, $defaultFormat, &$blog) {
\r
1520 // apply blog offset (#42)
\r
1521 $boffset = $blog ? $blog->getTimeOffset() * 3600 : 0;
\r
1522 $offset = date('Z', $timestamp) + $boffset;
\r
1524 switch ($format) {
\r
1526 if ($offset >= 0) {
\r
1530 $offset = -$offset;
\r
1533 $tz .= sprintf("%02d%02d", floor($offset / 3600), round(($offset % 3600) / 60) );
\r
1534 return date('D, j M Y H:i:s ', $timestamp) . $tz;
\r
1537 $timestamp -= $offset;
\r
1538 return date('D, j M Y H:i:s ', $timestamp) . 'GMT';
\r
1541 $timestamp -= $offset;
\r
1542 return date('Y-m-d\TH:i:s\Z', $timestamp);
\r
1545 if ($offset >= 0) {
\r
1549 $offset = -$offset;
\r
1552 $tz .= sprintf("%02d:%02d", floor($offset / 3600), round(($offset % 3600) / 60) );
\r
1553 return date('Y-m-d\TH:i:s', $timestamp) . $tz;
\r
1556 return strftime($format ? $format : $defaultFormat, $timestamp);
\r
1560 function encoding_check($val, $key, $encoding=false, $exclude=false) {
\r
1562 When 3rd argument is set, return if checked already.
\r
1563 When 4th argument is set, set the excluded key(s).
\r
1565 static $search=false, $checked=array(), $excludes=array();
\r
1566 if ($exclude!==false) {
\r
1567 if (is_array($exclude)) {
\r
1568 foreach($exclude as $v) $excludes[$v]=true;
\r
1569 } else $excludes[$exclude]=true;
\r
1572 if ($encoding!==false) {
\r
1573 switch($encoding=strtolower($encoding)){
\r
1575 $search='/([\x00-\x7F]+'.
\r
1576 '|[\xC2-\xDF][\x80-\xBF]'.
\r
1577 '|[\xE0-\xEF][\x80-\xBF][\x80-\xBF]'.
\r
1578 '|[\xF0-\xF7][\x80-\xBF][\x80-\xBF][\x80-\xBF]'.
\r
1579 '|[\xF8-\xFB][\x80-\xBF][\x80-\xBF][\x80-\xBF][\x80-\xBF]'.
\r
1580 '|[\xFC-\xFD][\x80-\xBF][\x80-\xBF][\x80-\xBF][\x80-\xBF][\x80-\xBF])/';
\r
1583 $search='/([\x00-\x7F]+'.
\r
1584 '|[\x8E][\xA0-\xDF]'.
\r
1585 '|[\x8F]?[\xA1-\xFE][\xA1-\xFE])/';
\r
1588 $search='/([\x00-\x7F]+'.
\r
1589 '|[\xA1-\xF7][\xA1-\xFE])/';
\r
1592 // Note that shift_jis is only supported for output.
\r
1593 // Using shift_jis in DB is prohibited.
\r
1594 $search='/([\x00-\x7F\xA1-\xDF]+'.
\r
1595 '|[\x81-\x9F\xE0-\xFC][\x40-\xFC])/';
\r
1599 if (preg_match('/^iso\-8859\-[0-9]{1,2}$/',$encoding)) break;
\r
1600 if (preg_match('/^windows\-125[0-8]$/',$encoding)) break;
\r
1601 startUpError('<p>Unknown or non-supported encoding.</p>', 'Encoding Error');
\r
1604 if (isset($checked[$encoding])) return true; // Already checked.
\r
1605 $checked[$encoding]=true;
\r
1607 if ($key===false) return false; // Not yet checked.
\r
1608 if ($search===false) return true; // non-multibyte encoding
\r
1609 if (isset($excludes[$key])) return true; // This key isn't checked.
\r
1610 if (is_array($val)) {
\r
1611 array_walk($val, 'encoding_check');
\r
1613 $result=preg_replace($search,'',$val);
\r
1614 if (strlen($result)!=0) {
\r
1615 startUpError('<p>Invalid input.</p>', 'Input Error');
\r
1619 $result=preg_replace($search,'',$key);
\r
1620 if (strlen($result)!=0) {
\r
1621 startUpError('<p>Invalid input.</p>', 'Input Error');
\r
1627 function checkVars($aVars) {
\r
1628 global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_SESSION_VARS;
\r
1630 foreach ($aVars as $varName) {
\r
1632 if (phpversion() >= '4.1.0') {
\r
1634 if ( isset($_GET[$varName])
\r
1635 || isset($_POST[$varName])
\r
1636 || isset($_COOKIE[$varName])
\r
1637 || isset($_ENV[$varName])
\r
1638 || isset($_SESSION[$varName])
\r
1639 || isset($_FILES[$varName])
\r
1641 die('Sorry. An error occurred.');
\r
1646 if ( isset($HTTP_GET_VARS[$varName])
\r
1647 || isset($HTTP_POST_VARS[$varName])
\r
1648 || isset($HTTP_COOKIE_VARS[$varName])
\r
1649 || isset($HTTP_ENV_VARS[$varName])
\r
1650 || isset($HTTP_SESSION_VARS[$varName])
\r
1651 || isset($HTTP_POST_FILES[$varName])
\r
1653 die('Sorry. An error occurred.');
\r
1662 * Sanitize parameters such as $_GET and $_SERVER['REQUEST_URI'] etc.
\r
1665 function sanitizeParams()
\r
1667 global $HTTP_SERVER_VARS;
\r
1673 // REQUEST_URI of $HTTP_SERVER_VARS
\r
1674 $str =& $HTTP_SERVER_VARS["REQUEST_URI"];
\r
1675 serverStringToArray($str, $array, $frontParam);
\r
1676 sanitizeArray($array);
\r
1677 arrayToServerString($array, $frontParam, $str);
\r
1679 // QUERY_STRING of $HTTP_SERVER_VARS
\r
1680 $str =& $HTTP_SERVER_VARS["QUERY_STRING"];
\r
1681 serverStringToArray($str, $array, $frontParam);
\r
1682 sanitizeArray($array);
\r
1683 arrayToServerString($array, $frontParam, $str);
\r
1685 if (phpversion() >= '4.1.0') {
\r
1686 // REQUEST_URI of $_SERVER
\r
1687 $str =& $_SERVER["REQUEST_URI"];
\r
1688 serverStringToArray($str, $array, $frontParam);
\r
1689 sanitizeArray($array);
\r
1690 arrayToServerString($array, $frontParam, $str);
\r
1692 // QUERY_STRING of $_SERVER
\r
1693 $str =& $_SERVER["QUERY_STRING"];
\r
1694 serverStringToArray($str, $array, $frontParam);
\r
1695 sanitizeArray($array);
\r
1696 arrayToServerString($array, $frontParam, $str);
\r
1700 convArrayForSanitizing($_GET, $array);
\r
1701 sanitizeArray($array);
\r
1702 revertArrayForSanitizing($array, $_GET);
\r
1704 // $_REQUEST (only GET param)
\r
1705 convArrayForSanitizing($_REQUEST, $array);
\r
1706 sanitizeArray($array);
\r
1707 revertArrayForSanitizing($array, $_REQUEST);
\r
1711 * Check ticket when not checked in plugin's admin page
\r
1713 * Also avoid the access to plugin/index.php by guest user.
\r
1715 function ticketForPlugin(){
\r
1716 global $CONF,$DIR_PLUGINS,$member,$ticketforplugin;
\r
1719 $ticketforplugin=array();
\r
1720 $ticketforplugin['ticket']=false;
\r
1722 /* Check if using plugin's php file. */
\r
1723 if ($p_translated=serverVar('PATH_TRANSLATED')) {
\r
1724 if (!file_exists($p_translated)) $p_translated='';
\r
1726 if (!$p_translated) {
\r
1727 $p_translated=serverVar('SCRIPT_FILENAME');
\r
1728 if (!file_exists($p_translated)) {
\r
1729 header("HTTP/1.0 404 Not Found");
\r
1733 $p_translated=str_replace('\\','/',$p_translated);
\r
1734 $d_plugins=str_replace('\\','/',$DIR_PLUGINS);
\r
1735 if (strpos($p_translated,$d_plugins)!==0) return;// This isn't plugin php file.
\r
1737 /* Solve the plugin php file or admin directory */
\r
1738 $phppath=substr($p_translated,strlen($d_plugins));
\r
1739 $phppath=preg_replace('!^/!','',$phppath);// Remove the first "/" if exists.
\r
1740 $path=preg_replace('/^NP_(.*)\.php$/','$1',$phppath); // Remove the first "NP_" and the last ".php" if exists.
\r
1741 $path=preg_replace('!^([^/]*)/(.*)$!','$1',$path); // Remove the "/" and beyond.
\r
1743 /* Solve the plugin name. */
\r
1745 $query='SELECT pfile FROM '.sql_table('plugin');
\r
1746 $res=sql_query($query);
\r
1747 while($row=mysql_fetch_row($res)) {
\r
1748 $name=substr($row[0],3);
\r
1749 $plugins[strtolower($name)]=$name;
\r
1751 mysql_free_result($res);
\r
1752 if ($plugins[$path]) $plugin_name=$plugins[$path];
\r
1753 else if (in_array($path,$plugins)) $plugin_name=$path;
\r
1755 header("HTTP/1.0 404 Not Found");
\r
1759 /* Return if not index.php */
\r
1760 if ( $phppath!=strtolower($plugin_name).'/'
\r
1761 && $phppath!=strtolower($plugin_name).'/index.php' ) return;
\r
1763 /* Exit if not logged in. */
\r
1764 if ( !$member->isLoggedIn() ) exit("You aren't logged in.");
\r
1766 global $manager,$DIR_LIBS,$DIR_LANG,$HTTP_GET_VARS,$HTTP_POST_VARS;
\r
1768 /* Check if this feature is needed (ie, if "$manager->checkTicket()" is not included in the script). */
\r
1769 if (!($p_translated=serverVar('PATH_TRANSLATED'))) $p_translated=serverVar('SCRIPT_FILENAME');
\r
1770 if ($file=@file($p_translated)) {
\r
1772 foreach($file as $line) {
\r
1773 if (preg_match('/[\$]manager([\s]*)[\-]>([\s]*)checkTicket([\s]*)[\(]/i',$prevline.$line)) return;
\r
1778 /* Show a form if not valid ticket */
\r
1779 if ( ( strstr(serverVar('REQUEST_URI'),'?') || serverVar('QUERY_STRING')
\r
1780 || strtoupper(serverVar('REQUEST_METHOD'))=='POST' )
\r
1781 && (!$manager->checkTicket()) ){
\r
1783 if (!class_exists('PluginAdmin')) {
\r
1784 $language = getLanguageName();
\r
1785 include($DIR_LANG . ereg_replace( '[\\|/]', '', $language) . '.php');
\r
1786 include($DIR_LIBS . 'PLUGINADMIN.php');
\r
1788 if (!(function_exists('mb_strimwidth') || extension_loaded('mbstring'))) {
\r
1789 if (file_exists($DIR_LIBS.'mb_emulator/mb-emulator.php')) {
\r
1790 global $mbemu_internals;
\r
1791 include_once($DIR_LIBS.'mb_emulator/mb-emulator.php');
\r
1794 $oPluginAdmin = new PluginAdmin($plugin_name);
\r
1795 $oPluginAdmin->start();
\r
1796 echo '<p>' . _ERROR_BADTICKET . "</p>\n";
\r
1798 /* Show the form to confirm action */
\r
1799 // PHP 4.0.x support
\r
1800 $get= (isset($_GET)) ? $_GET : $HTTP_GET_VARS;
\r
1801 $post= (isset($_POST)) ? $_POST : $HTTP_POST_VARS;
\r
1802 // Resolve URI and QUERY_STRING
\r
1803 if ($uri=serverVar('REQUEST_URI')) {
\r
1804 list($uri,$qstring)=explode('?',$uri);
\r
1806 if ( !($uri=serverVar('PHP_SELF')) ) $uri=serverVar('SCRIPT_NAME');
\r
1807 $qstring=serverVar('QUERY_STRING');
\r
1809 if ($qstring) $qstring='?'.$qstring;
\r
1810 echo '<p>'._SETTINGS_UPDATE.' : '._QMENU_PLUGINS.' <span style="color:red;">'.
\r
1811 htmlspecialchars($plugin_name)."</span> ?</p>\n";
\r
1812 switch(strtoupper(serverVar('REQUEST_METHOD'))){
\r
1814 echo '<form method="POST" action="'.htmlspecialchars($uri.$qstring).'">';
\r
1815 $manager->addTicketHidden();
\r
1816 _addInputTags($post);
\r
1819 echo '<form method="GET" action="'.htmlspecialchars($uri).'">';
\r
1820 $manager->addTicketHidden();
\r
1821 _addInputTags($get);
\r
1825 echo '<input type="submit" value="'._YES.'" /> ';
\r
1826 echo '<input type="button" value="'._NO.'" onclick="history.back(); return false;" />';
\r
1829 $oPluginAdmin->end();
\r
1833 /* Create new ticket */
\r
1834 $ticket=$manager->addTicketToUrl('');
\r
1835 $ticketforplugin['ticket']=substr($ticket,strpos($ticket,'ticket=')+7);
\r
1837 function _addInputTags(&$keys,$prefix=''){
\r
1838 foreach($keys as $key=>$value){
\r
1839 if ($prefix) $key=$prefix.'['.$key.']';
\r
1840 if (is_array($value)) _addInputTags($value,$key);
\r
1842 if (get_magic_quotes_gpc()) $value=stripslashes($value);
\r
1843 if ($key=='ticket') continue;
\r
1844 echo '<input type="hidden" name="'.htmlspecialchars($key).
\r
1845 '" value="'.htmlspecialchars($value).'" />'."\n";
\r
1851 * Convert the server string such as $_SERVER['REQUEST_URI']
\r
1852 * to arry like arry['blogid']=1 and array['page']=2 etc.
\r
1854 function serverStringToArray($str, &$array, &$frontParam)
\r
1860 // split front param, e.g. /index.php, and others, e.g. blogid=1&page=2
\r
1861 if (strstr($str, "?")){
\r
1862 list($frontParam, $args) = preg_split("/\?/", $str, 2);
\r
1869 // If there is no args like blogid=1&page=2, return
\r
1870 if (!strstr($str, "=") && !strlen($frontParam)) {
\r
1871 $frontParam = $str;
\r
1875 $array = explode("&", $args);
\r
1879 * Convert array like array['blogid'] to server string
\r
1880 * such as $_SERVER['REQUEST_URI']
\r
1882 function arrayToServerString($array, $frontParam, &$str)
\r
1884 if (strstr($str, "?")) {
\r
1885 $str = $frontParam . "?";
\r
1887 $str = $frontParam;
\r
1889 if (count($array)) {
\r
1890 $str .= implode("&", $array);
\r
1895 * Sanitize array parameters.
\r
1896 * This function checks both key and value.
\r
1897 * - check key if it inclues " (double quote), remove from array
\r
1898 * - check value if it includes \ (escape sequece), remove remaining string
\r
1900 function sanitizeArray(&$array)
\r
1902 $excludeListForSanitization = array('query');
\r
1903 // $excludeListForSanitization = array();
\r
1905 foreach ($array as $k => $v) {
\r
1907 // split to key and value
\r
1908 list($key, $val) = preg_split("/=/", $v, 2);
\r
1909 if (!isset($val)) {
\r
1913 // when magic quotes is on, need to use stripslashes,
\r
1914 // and then addslashes
\r
1915 if (get_magic_quotes_gpc()) {
\r
1916 $val = stripslashes($val);
\r
1918 $val = addslashes($val);
\r
1920 // if $key is included in exclude list, skip this param
\r
1921 if (!in_array($key, $excludeListForSanitization)) {
\r
1924 if (strpos($val, '\\')) {
\r
1925 list($val, $tmp) = explode('\\', $val);
\r
1928 // remove control code etc.
\r
1929 $val = strtr($val, "\0\r\n<>'\"", " ");
\r
1932 if (preg_match('/\"/i', $key)) {
\r
1933 unset($array[$k]);
\r
1937 // set sanitized info
\r
1938 $array[$k] = sprintf("%s=%s", $key, $val);
\r
1944 * Convert array for sanitizeArray function
\r
1946 function convArrayForSanitizing($src, &$array)
\r
1949 foreach ($src as $key => $val) {
\r
1950 if (key_exists($key, $_GET)) {
\r
1951 array_push($array, sprintf("%s=%s", $key, $val));
\r
1957 * Revert array after sanitizeArray function
\r
1959 function revertArrayForSanitizing($array, &$dst)
\r
1961 foreach ($array as $v) {
\r
1962 list($key, $val) = preg_split("/=/", $v, 2);
\r
1963 $dst[$key] = $val;
\r
1968 * Stops processing the request and redirects to the given URL.
\r
1969 * - no actual contents should have been sent to the output yet
\r
1970 * - the URL will be stripped of illegal or dangerous characters
\r
1972 function redirect($url) {
\r
1973 $url = preg_replace('|[^a-z0-9-~+_.?#=&;,/:@%*]|i', '', $url);
\r
1974 header('Location: ' . $url);
\r
1979 * Strip HTML tags from a string
\r
1980 * This function is a bit more intelligent than a regular call to strip_tags(),
\r
1981 * because it also deletes the contents of certain tags and cleans up any
\r
1982 * unneeded whitespace.
\r
1984 function stringStripTags ($string) {
\r
1985 $string = preg_replace("/<del[^>]*>.+<\/del[^>]*>/isU", '', $string);
\r
1986 $string = preg_replace("/<script[^>]*>.+<\/script[^>]*>/isU", '', $string);
\r
1987 $string = preg_replace("/<style[^>]*>.+<\/style[^>]*>/isU", '', $string);
\r
1988 $string = str_replace('>', '> ', $string);
\r
1989 $string = str_replace('<', ' <', $string);
\r
1990 $string = strip_tags($string);
\r
1991 $string = preg_replace("/\s+/", " ", $string);
\r
1992 $string = trim($string);
\r
1997 * Make a string containing HTML safe for use in a HTML attribute
\r
1998 * Tags are stripped and entities are normalized
\r
2000 function stringToAttribute ($string) {
\r
2001 $string = stringStripTags($string);
\r
2002 $string = entity::named_to_numeric($string);
\r
2003 $string = entity::normalize_numeric($string);
\r
2005 if (_CHARSET == 'UTF-8') {
\r
2006 $string = entity::numeric_to_utf8($string);
\r
2009 $string = entity::specialchars($string, 'html');
\r
2010 $string = entity::numeric_to_named($string);
\r
2015 * Make a string containing HTML safe for use in a XML document
\r
2016 * Tags are stripped, entities are normalized and named entities are
\r
2017 * converted to numeric entities.
\r
2019 function stringToXML ($string) {
\r
2020 $string = stringStripTags($string);
\r
2021 $string = entity::named_to_numeric($string);
\r
2022 $string = entity::normalize_numeric($string);
\r
2024 if (_CHARSET == 'UTF-8') {
\r
2025 $string = entity::numeric_to_utf8($string);
\r
2028 $string = entity::specialchars($string, 'xml');
\r
2032 // START: functions from the end of file BLOG.php
\r
2033 // used for mail notification (html -> text)
\r
2034 function toAscii($html) {
\r
2035 // strip off most tags
\r
2036 $html = strip_tags($html,'<a>');
\r
2037 $to_replace = "/<a[^>]*href=[\"\']([^\"^']*)[\"\'][^>]*>([^<]*)<\/a>/i";
\r
2039 $ascii = preg_replace_callback ($to_replace, '_links_add', $html);
\r
2040 $ascii .= "\n\n" . _links_list();
\r
2041 return strip_tags($ascii);
\r
2044 function _links_init() {
\r
2045 global $tmp_links;
\r
2046 $tmp_links = array();
\r
2049 function _links_add($match) {
\r
2050 global $tmp_links;
\r
2051 array_push($tmp_links, $match[1]);
\r
2052 return $match[2] . ' [' . sizeof($tmp_links) .']';
\r
2055 function _links_list() {
\r
2056 global $tmp_links;
\r
2059 foreach ($tmp_links as $current) {
\r
2060 $output .= "[$i] $current\n";
\r
2065 // END: functions from the end of file BLOG.php
\r
2067 // START: functions from the end of file ADMIN.php
\r
2069 * @todo document this
\r
2071 function encode_desc(&$data)
\r
2073 // _$to_entities = get_html_translation_table(HTML_ENTITIES);
\r
2074 $to_entities = get_html_translation_table(HTML_SPECIALCHARS); // for Japanese
\r
2075 $from_entities = array_flip($to_entities);
\r
2076 $data = str_replace('<br />', '\n', $data); //hack
\r
2077 $data = strtr($data,$from_entities);
\r
2078 $data = strtr($data,$to_entities);
\r
2079 $data = str_replace('\n', '<br />', $data); //hack
\r
2084 * Returns the Javascript code for a bookmarklet that works on most modern browsers
\r
2088 function getBookmarklet($blogid) {
\r
2092 $document = 'document';
\r
2093 $bookmarkletline = "javascript:Q='';x=".$document.";y=window;if(x.selection){Q=x.selection.createRange().text;}else if(y.getSelection){Q=y.getSelection();}else if(x.getSelection){Q=x.getSelection();}wingm=window.open('";
\r
2094 $bookmarkletline .= $CONF['AdminURL'] . "bookmarklet.php?blogid=$blogid";
\r
2095 $bookmarkletline .="&logtext='+escape(Q)+'&loglink='+escape(x.location.href)+'&loglinktitle='+escape(x.title),'nucleusbm','toolbar=no,scrollbars=no,width=600,height=550,left=10,top=10,status=no,resizable=yes');wingm.focus();";
\r
2097 return $bookmarkletline;
\r
2099 // END: functions from the end of file ADMIN.php
\r
2102 * Returns a variable or null if not set
\r
2104 * @param mixed Variable
\r
2105 * @return mixed Variable
\r
2107 function ifset(&$var) {
\r
2108 if (isset($var)) {
\r
2116 * Returns number of subscriber to an event
\r
2119 * @return number of subscriber(s)
\r
2121 function numberOfEventSubscriber($event) {
\r
2122 $query = 'SELECT COUNT(*) as count FROM ' . sql_table('plugin_event') . ' WHERE event=\'' . $event . '\'';
\r
2123 $res = sql_query($query);
\r
2124 $obj = mysql_fetch_object($res);
\r
2125 return $obj->count;
\r