NP_TrackBack/trunk/trackback/index.php

   1 <?php
   2
   3         $strRel = '../../../';
   4         include($strRel . 'config.php');
   5         include($DIR_LIBS . 'PLUGINADMIN.php');
   6         include('template.php');
   7
   8
   9         $oPluginAdmin = new PluginAdmin('TrackBack');
  10
  11         if ( !$member->isLoggedIn() )
  12         {
  13                 $oPluginAdmin->start();
  14                 echo '<p>' . _ERROR_DISALLOWED . '</p>';
  15                 $oPluginAdmin->end();
  16                 exit;
  17         }
  18
  19         // Actions
  20         $action = requestVar('action');
  21         $aActionsNotToCheck = array(
  22                 '',
  23                 'ping',
  24         );
  25         if (!in_array($action, $aActionsNotToCheck)) {
  26                 if (!$manager->checkTicket()) doError(_ERROR_BADTICKET);
  27         }
  28
  29         $oPluginAdmin->start();
  30
  31 //modify start+++++++++
  32                 $plug =& $oPluginAdmin->plugin;
  33                 $tableVersion = $plug->checkTableVersion();
  34
  35                 // include language file for this plugin
  36                 $language = ereg_replace( '[\\|/]', '', getLanguageName());
  37                 if (file_exists($plug->getDirectory().'language/'.$language.'.php'))
  38                         include_once($plug->getDirectory().'language/'.$language.'.php');
  39                 else
  40                         include_once($plug->getDirectory().'language/'.'english.php');
  41 //modify end+++++++++
  42
  43         $mTemplate = new Trackback_Template();
  44         $mTemplate->set ('CONF', $CONF);
  45         $mTemplate->set ('plugid', $plug->getID());
  46         $mTemplate->set ('plugindirurl', $oPluginAdmin->plugin->getAdminURL());
  47         $mTemplate->template('templates/menu.html');
  48         echo $mTemplate->fetch();
  49
  50         $oTemplate = new Trackback_Template();
  51         $oTemplate->set ('CONF', $CONF);
  52         $oTemplate->set ('plugindirurl', $oPluginAdmin->plugin->getAdminURL());
  53         $oTemplate->set ('ticket', $manager->_generateTicket());
  54         $ajaxEnabled = ($oPluginAdmin->plugin->getOption('ajaxEnabled') == 'yes') ? true : false;
  55         $oTemplate->set ('ajaxEnabled', $ajaxEnabled);
  56
  57         $whereClause = '';
  58         if( ! $member->isAdmin() ){
  59                 // where clause
  60                 $res = sql_query('SELECT tblog FROM '.sql_table('team').' WHERE tadmin = 1 AND tmember = '.$member->getID() );
  61                 $adminBlog = array();
  62                 while ($row = mysql_fetch_array($res)){
  63                         $adminBlog[] = $row[0];
  64                 }
  65                 if($adminBlog)
  66                         $whereClause =  ' i.iblog in (' . implode(', ', $adminBlog) . ') ';
  67
  68                 if( $whereClause )
  69                         $whereClause = ' AND ( i.iauthor = '.$member->getID().' OR ' . $whereClause . ' )';
  70                 else
  71                         $whereClause = ' AND i.iauthor = '.$member->getID();
  72         }
  73         //echo "<p>Debug: $whereClause<p>";
  74
  75         $requiredAdminRights = array(
  76                 'tableUpgrade',
  77                 'blocked_clear',
  78                 'blocked_spamclear',
  79         );
  80         if (in_array($action, $requiredAdminRights)) {
  81                 if( ! $member->isAdmin() ){
  82                         echo '<p>' . _ERROR_DISALLOWED . '</p>';
  83                         echo '<p>Reason: ' . __LINE__ . '</p>';
  84                         $oPluginAdmin->end();
  85                         exit;
  86                 }
  87         }
  88
  89         $requiredItemEditRights = array(
  90                 'block',
  91                 'unblock',
  92                 'delete',
  93         );
  94         if (in_array($action, $requiredItemEditRights)) {
  95                 if( ! $member->isAdmin() ){
  96                         $tb = intRequestVar('tb');
  97                         $query = 'SELECT i.inumber FROM ' . sql_table('plugin_tb') . ' t, ' . sql_table('item') . ' i WHERE t.tb_id = i.inumber AND t.id = '. $tb . $whereClause ;
  98                         $res = sql_query($query);
  99                         if( ! @mysql_num_rows($res) ){
 100                                 echo '<p>' . _ERROR_DISALLOWED . '</p>';
 101                                 echo '<p>Reason: ' . __LINE__ . '</p>';
 102                                 $oPluginAdmin->end();
 103                                 exit;
 104                         }
 105                 }
 106         }
 107
 108         switch($action) {
 109
 110 //modify start+++++++++
 111                 case 'tableUpgrade':
 112                         sql_query("
 113                                 CREATE TABLE IF NOT EXISTS
 114                                         ".sql_table('plugin_tb_lookup')."
 115                                 (
 116                                         `link`      TEXT            NOT NULL,
 117                                         `url`       TEXT            NOT NULL,
 118                                         `title`     TEXT,
 119
 120                                         PRIMARY KEY (`link` (100))
 121                                 )
 122                         ");
 123                         echo $q = "ALTER TABLE ".sql_table('plugin_tb')."
 124                                  ADD `block` TINYINT( 4 ) NOT NULL AFTER `url` ,
 125                                  ADD `spam` TINYINT( 4 ) NOT NULL AFTER `block` ,
 126                                  ADD `link` TINYINT( 4 ) NOT NULL AFTER `spam` ,
 127                                  CHANGE `url` `url` TEXT NOT NULL,
 128                                  CHANGE `title` `title` TEXT NOT NULL,
 129                                  CHANGE `excerpt` `excerpt` TEXT NOT NULL,
 130                                  CHANGE `blog_name` `blog_name` TEXT NOT NULL,
 131                                  DROP PRIMARY KEY,
 132                                  ADD `id` INT( 11 ) NOT NULL AUTO_INCREMENT PRIMARY KEY FIRST ;";
 133                         $res = @sql_query($q);
 134                         if (!$res){
 135                                 echo 'Could not alter table: ' . mysql_error();
 136                         }else{
 137                                 $tableVersion = 1;
 138                                 $oTemplate->template('templates/updatetablefinished.html');
 139                         }
 140                         @sql_query('ALTER TABLE `' . sql_table('plugin_tb') . '` ADD INDEX `tb_id_block_timestamp_idx` ( `tb_id`, `block`, `timestamp` DESC )');
 141                         break;
 142 //modify end+++++++++
 143
 144                 case 'block':
 145                         $tb = intRequestVar('tb');
 146
 147                         $res = sql_query ("
 148                                 UPDATE
 149                                         ".sql_table('plugin_tb')."
 150                                 SET
 151                                         block = 1
 152                                 WHERE
 153                                         id = '".$tb."'
 154                         ");
 155
 156                         $action = requestVar('next');
 157                         break;
 158
 159                 case 'blocked_clear':
 160                         $res = sql_query ("DELETE FROM ".sql_table('plugin_tb')." WHERE block = 1");
 161                         $action = requestVar('next');
 162                         break;
 163
 164                 case 'blocked_spamclear':
 165                         $res = sql_query ("DELETE FROM ".sql_table('plugin_tb')." WHERE block = 1 and spam = 1");
 166                         $action = requestVar('next');
 167                         break;
 168
 169                 case 'unblock':
 170                         $tb = intRequestVar('tb');
 171
 172                         $res = sql_query ("
 173                                 UPDATE
 174                                         ".sql_table('plugin_tb')."
 175                                 SET
 176                                         block = 0
 177                                 WHERE
 178                                         id = '".$tb."'
 179                         ");
 180
 181                         $action = requestVar('next');
 182                         break;
 183
 184                 case 'delete':
 185                         $tb = intRequestVar('tb');
 186
 187                         $res = sql_query ("
 188                                 DELETE FROM
 189                                         ".sql_table('plugin_tb')."
 190                                 WHERE
 191                                         id = '".$tb."'
 192                         ");
 193
 194                         $action = requestVar('next');
 195                         break;
 196
 197                 case 'sendping':
 198                         $title     = requestVar('title');
 199                         $url       = requestVar('url');
 200                         $excerpt   = requestVar('excerpt');
 201                         $blog_name = requestVar('blog_name');
 202                         $ping_url  = requestVar('ping_url');
 203
 204                         // No charset conversion needs to be done here, because
 205                         // the charset used to receive the info is used to send
 206                         // it...
 207
 208                         if ($ping_url) {
 209                                 $error = $oPluginAdmin->plugin->sendPing(0, $title, $url, $excerpt, $blog_name, $ping_url);
 210
 211                                 if ($error) {
 212                                         echo '<b>TrackBack Error:' . $error . '</b>';
 213                                 }
 214                         }
 215
 216                         $action = requestVar('next');
 217                         break;
 218
 219                 case 'ping':
 220                         $id  = intRequestVar('id');
 221
 222                         $usePathInfo = ($CONF['URLMode'] == 'pathinfo');
 223                         if ($usePathInfo)
 224                         @ include($strRel . 'fancyurls.config.php');
 225
 226                         global $manager;
 227                         $itemData = $manager->getItem($id, 0, 0);
 228
 229                         if(is_array($itemData)){
 230                                 $blog =& $manager->getBlog($itemData['blogid']);
 231                                 $CONF['ItemURL'] = ($usePathInfo)? preg_replace('/\/$/', '', $blog->getURL()): $blog->getURL();
 232                                 $itemData['url'] = createItemLink($id);
 233                                 $itemData['excerpt'] = shorten(strip_tags($itemData['body'].$itemData['more']), 250, '...');
 234                                 $itemData['blogname'] = $blog->getName();
 235                         }else{
 236                                 $itemData = array();
 237                                 $itemData['url'] = $CONF['IndexURL'];
 238                                 $itemData['blogname'] = $CONF['SiteName'];
 239                         }
 240                         $oTemplate->set('item', $itemData);
 241
 242                         $oTemplate->template('templates/ping.html');
 243                         break;
 244         }
 245
 246         // Pages
 247         switch($action) {
 248
 249                 case 'help':
 250                         $oTemplate->template('help.html');
 251                         break;
 252
 253                 case 'ping':
 254                         $oTemplate->template('templates/ping.html');
 255                         break;
 256
 257                 case 'blocked':
 258                 case 'all':
 259                         $rres = sql_query ("
 260                                 SELECT
 261                                         COUNT(*) AS count
 262                                 FROM
 263                                         ".sql_table('plugin_tb')." AS t,
 264                                         ".sql_table('item')." AS i
 265                                 WHERE
 266                                         t.tb_id = i.inumber AND
 267                                         t.block = " . (( $action == 'all') ? 0 : 1) . $whereClause );
 268
 269                         if ($row = mysql_fetch_array($rres))
 270                                 $count = $row['count'];
 271                         else
 272                                 $count = 0;
 273                         $oTemplate->set('count', $count);
 274
 275                         if($ajaxEnabled){
 276                                 if( $action == 'all')
 277                                         $oTemplate->template('templates/all_ajax.html');
 278                                 else
 279                                         $oTemplate->template('templates/blocked_ajax.html');
 280                         } else {
 281                                 $start  = intRequestVar('start') ? intRequestVar('start') : 0;
 282                                 $amount = intRequestVar('amount') ? intRequestVar('amount') : 25;
 283
 284                                 $rres = sql_query ("
 285                                         SELECT
 286                                         i.ititle AS story,
 287                                         i.inumber AS story_id,
 288                                         t.id AS id,
 289                                         t.title AS title,
 290                                         t.blog_name AS blog_name,
 291                                         t.excerpt AS excerpt,
 292                                         t.url AS url,
 293                                         UNIX_TIMESTAMP(t.timestamp) AS timestamp,
 294                                         t.spam AS spam,
 295                                         t.link AS link
 296                                         FROM
 297                                         ".sql_table('plugin_tb')." AS t,
 298                                         ".sql_table('item')." AS i
 299                                         WHERE
 300                                         t.tb_id = i.inumber AND
 301                                         t.block = " . (( $action == 'all') ? 0 : 1) . $whereClause ."
 302                                         ORDER BY
 303                                         timestamp DESC
 304                                         LIMIT
 305                                         ".$start.",".$amount);
 306
 307                                 $items = array();
 308
 309                                 while ($rrow = mysql_fetch_array($rres)){
 310                                         $rrow['title']          = $oPluginAdmin->plugin->_cut_string($rrow['title'], 50);
 311                                         $rrow['title']          = $oPluginAdmin->plugin->_strip_controlchar($rrow['title']);
 312                                         $rrow['title']          = htmlspecialchars($rrow['title']);
 313
 314                                         $rrow['blog_name']      = $oPluginAdmin->plugin->_cut_string($rrow['blog_name'], 50);
 315                                         $rrow['blog_name']      = $oPluginAdmin->plugin->_strip_controlchar($rrow['blog_name']);
 316                                         $rrow['blog_name']      = htmlspecialchars($rrow['blog_name']);
 317
 318                                         $rrow['excerpt']        = $oPluginAdmin->plugin->_cut_string($rrow['excerpt'], 800);
 319                                         $rrow['excerpt']        = $oPluginAdmin->plugin->_strip_controlchar($rrow['excerpt']);
 320                                         $rrow['excerpt']        = htmlspecialchars($rrow['excerpt']);
 321
 322                                         $rrow['url']            = htmlspecialchars($rrow['url'], ENT_QUOTES);
 323                                         $rrow['timestamp']              = htmlspecialchars($rrow['timestamp'], ENT_QUOTES);
 324
 325                                         $blog = & $manager->getBlog(getBlogIDFromItemID($item['itemid']));
 326                                         $rrow['story_url'] = $oPluginAdmin->plugin->_createItemLink($rrow['story_id'], $blog);
 327                                         $rrow['story'] = htmlspecialchars(strip_tags($rrow['story']), ENT_QUOTES);
 328
 329                                         $items[] = $rrow;
 330                                 }
 331
 332                                 $oTemplate->set('amount', $amount);
 333                                 $oTemplate->set('start', $start);
 334                                 $oTemplate->set('items', $items);
 335
 336                                 if( $action == 'all')
 337                                         $oTemplate->template('templates/all.html');
 338                                 else
 339                                         $oTemplate->template('templates/blocked.html');
 340                         }
 341                         break;
 342
 343                 case 'list':
 344                         $id     = requestVar('id');
 345                         $start  = intRequestVar('start') ? intRequestVar('start') : 0;
 346                         $amount = intRequestVar('amount') ? intRequestVar('amount') : 25;
 347
 348                         $ires = sql_query ("
 349                                 SELECT
 350                                         i.ititle,
 351                                         i.inumber
 352                                 FROM
 353                                         ".sql_table('item')." i
 354                                 WHERE
 355                                         i.inumber = '".$id."'
 356                         ". $whereClause );
 357
 358                         if ($irow = mysql_fetch_array($ires))
 359                         {
 360                                 $story['id']    = $id;
 361                                 $story['title'] = $irow['ititle'];
 362
 363                                 $rres = sql_query ("
 364                                         SELECT
 365                                                 COUNT(*) AS count
 366                                         FROM
 367                                                 ".sql_table('plugin_tb')." AS t
 368                                         WHERE
 369                                                 t.tb_id = '".$id."' AND
 370                                                 t.block = 0
 371                                 ");
 372
 373                                 if ($row = mysql_fetch_array($rres))
 374                                         $count = $row['count'];
 375                                 else
 376                                         $count = 0;
 377
 378                                 $rres = sql_query ("
 379                                         SELECT
 380                                                 t.id AS id,
 381                                                 t.title AS title,
 382                                                 t.blog_name AS blog_name,
 383                                                 t.excerpt AS excerpt,
 384                                                 t.url AS url,
 385                                         UNIX_TIMESTAMP(t.timestamp) AS timestamp
 386                                         FROM
 387                                                 ".sql_table('plugin_tb')." AS t
 388                                         WHERE
 389                                                 t.tb_id = '".$id."' AND
 390                                                 t.block = 0
 391                                         ORDER BY
 392                                                 timestamp DESC
 393                                         LIMIT
 394                                                 ".$start.",".$amount."
 395                                 ");
 396
 397                                 $items = array();
 398
 399                                 while ($rrow = mysql_fetch_array($rres))
 400                                 {
 401                                         $rrow['title']          = $oPluginAdmin->plugin->_cut_string($rrow['title'], 50);
 402                                         $rrow['title']          = $oPluginAdmin->plugin->_strip_controlchar($rrow['title']);
 403                                         $rrow['title']          = htmlspecialchars($rrow['title']);
 404 //                                      $rrow['title']          = _CHARSET == 'UTF-8' ? $rrow['title'] : $oPluginAdmin->plugin->_utf8_to_entities($rrow['title']);
 405
 406                                         $rrow['blog_name']      = $oPluginAdmin->plugin->_cut_string($rrow['blog_name'], 50);
 407                                         $rrow['blog_name']      = $oPluginAdmin->plugin->_strip_controlchar($rrow['blog_name']);
 408                                         $rrow['blog_name']      = htmlspecialchars($rrow['blog_name']);
 409 //                                      $rrow['blog_name']      = _CHARSET == 'UTF-8' ? $rrow['blog_name'] : $oPluginAdmin->plugin->_utf8_to_entities($rrow['blog_name']);
 410
 411                                         $rrow['excerpt']        = $oPluginAdmin->plugin->_cut_string($rrow['excerpt'], 800);
 412                                         $rrow['excerpt']        = $oPluginAdmin->plugin->_strip_controlchar($rrow['excerpt']);
 413                                         $rrow['excerpt']        = htmlspecialchars($rrow['excerpt']);
 414 //                                      $rrow['excerpt']        = _CHARSET == 'UTF-8' ? $rrow['excerpt'] : $oPluginAdmin->plugin->_utf8_to_entities($rrow['excerpt']);
 415
 416                                         $rrow['url']            = htmlspecialchars($rrow['url'], ENT_QUOTES);
 417                                         $rrow['story'] = htmlspecialchars(strip_tags($rrow['story']), ENT_QUOTES);
 418                                         $items[] = $rrow;
 419                                 }
 420
 421                                 $oTemplate->set ('amount', $amount);
 422                                 $oTemplate->set ('count', $count);
 423                                 $oTemplate->set ('start', $start);
 424                                 $oTemplate->set ('items', $items);
 425                                 $oTemplate->set ('story', $story);
 426                                 $oTemplate->template('templates/list.html');
 427                         }
 428
 429                         break;
 430
 431
 432                 case 'index':
 433                         $bres = sql_query ("
 434                                 SELECT
 435                                         bnumber AS bnumber,
 436                                         bname AS bname,
 437                                         burl AS burl
 438                                 FROM
 439                                         ".sql_table('blog')."
 440                                 ORDER BY
 441                                         bname
 442                         ");
 443
 444                         $blogs = array();
 445
 446                         while ($brow = mysql_fetch_array($bres))
 447                         {
 448                                 if( !$member->isTeamMember($brow['bnumber']) ) continue;
 449                                 $ires = sql_query ("
 450                                         SELECT
 451                                                 i.inumber AS inumber,
 452                                             i.ititle AS ititle,
 453                                             COUNT(*) AS total
 454                                         FROM
 455                                                 ".sql_table('item')." AS i,
 456                                                 ".sql_table('plugin_tb')." AS t
 457                                         WHERE
 458                                                 i.iblog = ".$brow['bnumber']." AND
 459                                                 t.tb_id = i.inumber AND
 460                                                 t.block = 0 ".$whereClause."
 461                                         GROUP BY
 462                                                 i.inumber
 463                     ORDER BY
 464                         i.inumber DESC
 465                                 ");
 466
 467                                 $items = array();
 468
 469                                 while ($irow = mysql_fetch_array($ires))
 470                                 {
 471                                         $items[] = $irow;
 472                                 }
 473
 474                                 $brow['items'] = $items;
 475                                 $blogs[] = $brow;
 476                         }
 477
 478                         $oTemplate->set ('blogs', $blogs);
 479                         $oTemplate->template('templates/index.html');
 480                         break;
 481
 482                 default:
 483                         //modify start+++++++++
 484                         if(!$tableVersion){
 485                                 $oTemplate->template('templates/updatetable.html');
 486                         }
 487                         //modify end+++++++++
 488                         break;
 489         }
 490
 491         // Create the admin area page
 492         echo $oTemplate->fetch();
 493
 494         echo '<div align="right">Powered by <a href="http://www.famfamfam.com/lab/icons/silk/">Silk icon</a></div>';
 495         $oPluginAdmin->end();
 496