sibtracker/system/modules/addnews.php

219 lines
12 KiB
PHP
Raw Permalink Normal View History

2019-05-18 13:46:03 +08:00
<?php
if( ! defined( 'DATALIFEENGINE' ) ) {die( "Hacking attempt!" );}
$allow_addnews = true;
include_once SYSTEM_DIR . '/classes/parse.class.php';
$parse = new ParseFilter( Array (), Array (), 1, 1 );
if( $member_id['restricted'] and $member_id['restricted_days'] and $member_id['restricted_date'] < $_TIME ) {
$member_id['restricted'] = 0;
$db->query( "UPDATE LOW_PRIORITY " . USERPREFIX . "_users SET restricted='0', restricted_days='0', restricted_date='' WHERE user_id='{$member_id['user_id']}'" );
}
if( $member_id['restricted'] == 1 or $member_id['restricted'] == 3 ) {
if( $member_id['restricted_days'] ) {
$lang['news_info_4'] = str_replace( '{date}', langdate( "j M Y H:i", $member_id['restricted_date'] ), $lang['news_info_4'] );
$lang['add_err_9'] = $lang['news_info_4'];
} else {$lang['add_err_9'] = $lang['news_info_5'];}
$allow_addnews = false;
}
if( ! $allow_addnews ) {msgbox( $lang['all_info'], $lang['add_err_9'] . "<br /><br /><a href=\"javascript:history.go(-1)\">$lang[all_prev]</a>" );
} else {
if( isset( $_REQUEST['mod'] ) and $_REQUEST['mod'] == "addnews" and $is_logged and $user_group[$member_id['user_group']]['allow_adds'] ) {
$stop = "";
$allow_comm = intval( $_POST['allow_comm'] );
if( $user_group[$member_id['user_group']]['allow_main'] ) $allow_main = intval( $_POST['allow_main'] ); else $allow_main = 0;
$approve = intval( $_POST['approve'] );
$allow_rating = intval( $_POST['allow_rating'] );
if( $user_group[$member_id['user_group']]['allow_fixed'] ) $news_fixed = intval( $_POST['news_fixed'] ); else $news_fixed = 0;
if( ! count( $_REQUEST['catlist'] ) ) {$catlist = array (); $catlist[] = '0';} else $catlist = $_REQUEST['catlist']; $category_list = $db->safesql( implode( ',', $catlist ) );
if( ! $config['allow_add_tags'] ) $_POST['tags'] = ""; elseif( @preg_match( "/[\||\'|\<|\>|\"|\!|\?|\$|\@|\/|\\\|\&\~\*\+]/", $_POST['tags'] ) ) $_POST['tags'] = ""; else $_POST['tags'] = $db->safesql( htmlspecialchars( strip_tags( stripslashes( trim( $_POST['tags'] ) ) ), ENT_QUOTES ) );
if ( $_POST['tags'] ) {
$temp_array = array();
$tags_array = array();
$temp_array = explode (",", $_POST['tags']);
if (count($temp_array)) {
foreach ( $temp_array as $value ) {
if( trim($value) ) $tags_array[] = trim( $value );
}}
if ( count($tags_array) ) $_POST['tags'] = implode(", ", $tags_array); else $_POST['tags'] = "";
}
if( ! $user_group[$member_id['user_group']]['moderation'] ) {$approve = 0;$allow_comm = 1;$allow_main = 0;$allow_rating = 1;$news_fixed = 0;}
if( $approve ) $msg = $lang['add_ok_1']; else $msg = $lang['add_ok_2'];
$allow_list = explode( ',', $user_group[$member_id['user_group']]['cat_add'] );
if( $user_group[$member_id['user_group']]['moderation'] ) {
foreach ( $catlist as $selected ) {
if( $allow_list[0] != "all" and ! in_array( $selected, $allow_list ) and $member_id['user_group'] != "1" ) {
$approve = 0;
$msg = $lang['add_ok_3'];
}}}
$full_story = $db->safesql( $parse->BB_Parse( $parse->process( $_POST['full_story'] ), false ) );
$short_story = $db->safesql( $parse->BB_Parse( $parse->process( $_POST['short_story'] ), false ) );
if( $parse->not_allowed_text ) {$stop .= "<li>" . $lang['news_err_39'] . "</li>";}
$parse->ParseFilter();
$title = $db->safesql( $parse->process( trim( strip_tags ($_POST['title']) ) ) );
$alt_name = trim( $parse->process( stripslashes( $_POST['alt_name'] ) ) );
if( $alt_name == "" or ! $alt_name ) $alt_name = totranslit( stripslashes( $title ), true, false ); else $alt_name = totranslit( $alt_name, true, false );
if( $title == "" or ! $title ) $stop .= $lang['add_err_1'];
if( strlen( $title ) > 200 ) $stop .= $lang['add_err_2'];
if( trim( $short_story ) == "" or ! $short_story ) $stop .= $lang['add_err_5'];
if( $stop ) {$stop = "<ul>" . $stop . "</ul><a href=\"javascript:history.go(-1)\">$lang[all_prev]</a>"; msgbox( $lang['add_err_6'], $stop );}
if( ! $stop ) {
$id = (isset( $_REQUEST['id'] )) ? intval( $_REQUEST['id'] ) : 0; $found = false;
if( $id ) {$row = $db->super_query( "SELECT * FROM " . PREFIX . "_post where id = '$id' and approve = '0'" ); if( $id == $row['id'] and ($member_id['name'] == $row['autor'] or $user_group[$member_id['user_group']]['allow_all_edit']) ) $found = true; else $found = false;}
if( $found ) {
$db->query( "UPDATE " . PREFIX . "_post set title='$title', short_story='$short_story', full_story='$full_story', category='$category_list', alt_name='$alt_name', allow_comm='$allow_comm', approve='$approve', allow_main='$allow_main', allow_rate='$allow_rating', fixed='$news_fixed', tags='" . $_POST['tags'] . "' WHERE id='$id'" );
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
if( $_POST['tags'] != $row['tags'] or $approve ) {$db->query( "DELETE FROM " . PREFIX . "_tags WHERE news_id = '{$row['id']}'" );
if( $_POST['tags'] != "" and $approve ) {
$tags = array ();
$_POST['tags'] = explode( ",", $_POST['tags'] );
foreach ( $_POST['tags'] as $value ) {$tags[] = "('" . $row['id'] . "', '" . trim( $value ) . "')";}
$tags = implode( ", ", $tags );
$db->query( "INSERT INTO " . PREFIX . "_tags (news_id, tag) VALUES " . $tags );
}}} else {
$added_time = time() + ($config['date_adjust'] * 60);
$thistime = date( "Y-m-d H:i:s", $added_time );
$db->query( "INSERT INTO " . PREFIX . "_post (date, autor, short_story, full_story, title, keywords, category, alt_name, allow_comm, approve, allow_main, fixed, allow_rate, tags) values ('$thistime', '$member_id[name]', '$short_story', '$full_story', '$title', '', '$category_list', '$alt_name', '$allow_comm', '$approve', '$allow_main', '$news_fixed', '$allow_rating', '" . $_POST['tags'] . "')" );
$row['id'] = $db->insert_id();
$member_id['name'] = $db->safesql($member_id['name']);
//<2F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
if (isset($_FILES['tor_add']) && $_FILES['tor_add']!='') {include_once SYSTEM_DIR . '/modules/torrent/upload.php';}
//!<21><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
$db->query( "UPDATE " . PREFIX . "_images set news_id='{$row['id']}' where author = '{$member_id['name']}' AND news_id = '0'" );
$db->query( "UPDATE " . PREFIX . "_files set news_id='{$row['id']}' where author = '{$member_id['name']}' AND news_id = '0'" );
$db->query( "UPDATE " . PREFIX . "_torrents set news_id='{$row['id']}' where author = '{$member_id['name']}' AND news_id = '0'" );
$db->query( "UPDATE " . USERPREFIX . "_users set news_num=news_num+1 where user_id='$member_id[user_id]'" );
$row = $row['id'];
include_once SYSTEM_DIR . '/inc/newsimg/doaddimg.php';
if( $_POST['tags'] != "" and $approve ) {
$tags = array ();
$_POST['tags'] = explode( ",", $_POST['tags'] );
foreach ( $_POST['tags'] as $value ) {$tags[] = "('" . $row['id'] . "', '" . trim( $value ) . "')";}
$tags = implode( ", ", $tags );
$db->query( "INSERT INTO " . PREFIX . "_tags (news_id, tag) VALUES " . $tags );
}}
msgbox( $lang['add_ok'], "{$msg} <a href=\"{$config['http_home_url']}" . "addnews.html\">$lang[add_noch]</a> $lang[add_or] <a href=\"{$config['http_home_url']}\">$lang[all_prev]</a>" );
if( $approve ) $cache->clear();
}
} elseif( $is_logged and $user_group[$member_id['user_group']]['allow_adds'] ) {
$tpl->load_template( 'addnews.tpl' );
$addtype = "addnews";
include_once SYSTEM_DIR . '/modules/bbcode.php';
$tpl->set( '{shortarea}', '' );
$tpl->set( '{fullarea}', '' );
$id = (isset( $_REQUEST['id'] )) ? intval( $_REQUEST['id'] ) : 0;
$found = false;
if( $id ) {$row = $db->super_query( "SELECT * FROM " . PREFIX . "_post where id = '$id' and approve = '0'" ); if( $id == $row['id'] and ($member_id['name'] == $row['autor'] or $user_group[$member_id['user_group']]['allow_all_edit']) ) $found = true; else $found = false;}
if( $found ) {
$cat_list = explode( ',', $row['category'] );
$categories_list = CategoryNewsSelection( $cat_list, 0 );
$tpl->set( '{title}', $parse->decodeBBCodes( $row['title'], false ) );
$tpl->set( '{alt-name}', $row['alt_name'] );
$row['short_story'] = $parse->decodeBBCodes( $row['short_story'], false );
$row['full_story'] = $parse->decodeBBCodes( $row['full_story'], false );
$tpl->set( '{short-story}', $row['short_story'] );
$tpl->set( '{full-story}', $row['full_story'] );
$tpl->set( '{tags}', $row['tags'] );
} else {
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> 27.02.2011
$categories_list = CategoryNewsSelectioh();
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> 27.02.2011
// $categories_list = CategoryNewsSelection( 0, 0 );
$tpl->set( '{title}', '' );
$tpl->set( '{alt-name}', '' );
$tpl->set( '{short-story}', '' );
$tpl->set( '{full-story}', '' );
$tpl->set( '{tags}', '' );
}
// $cats = "<select name=\"catlist[]\" id=\"category\" onchange=\"onCategoryChange(this.value)\">";
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> 27.02.2011
$cats = <<<HTML
<script language="javascript" type="text/javascript">
<!--
function rvvvr(adon){
var adon = document.getElementById('entryform').adon.value;
ShowLoading('');
$.post(dle_root + "system/ajax/categajax.php", { adon: adon }, function(data){
HideLoading('');
$("#adonbox").html(data);
});
return false;
};
//-->
</script>
<select name="adon" id="adon" onChange="rvvvr('adon'); return false;">
<option value="0"></option>
HTML;
// <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> 27.02.2011
$cats .= $categories_list;
$cats .= "</select>";
$tpl->set( '{bbcode}', $bb_code );
$tpl->set( '{category}', $cats );
include_once SYSTEM_DIR . '/modules/addimg.php';
if( $user_group[$member_id['user_group']]['moderation'] ) {
$admintag = "<input type=\"checkbox\" name=\"allow_comm\" id=\"allow_comm\" value=\"1\" checked=\"checked\" /><label for=\"allow_comm\">" . $lang['add_al_com'] . "</label>";
if( $user_group[$member_id['user_group']]['allow_main'] ) $admintag .= "&nbsp;&nbsp;&nbsp;&nbsp;<input type=\"checkbox\" name=\"allow_main\" id=\"allow_main\" value=\"1\" checked=\"checked\" /><label for=\"allow_main\">" . $lang['add_al_m'] . "</label>";
$admintag .= "<br /><input type=\"checkbox\" name=\"approve\" id=\"approve\" value=\"1\" checked=\"checked\" /><label for=\"approve\"> {$lang['add_al_ap']}</label><br /><input type=\"checkbox\" name=\"allow_rating\" id=\"allow_rating\" value=\"1\" checked=\"checked\" /><label for=\"allow_rating\"> {$lang['addnews_allow_rate']}</label>";
if( $user_group[$member_id['user_group']]['allow_fixed'] ) $admintag .= "<br /><input type=\"checkbox\" name=\"news_fixed\" id=\"news_fixed\" value=\"1\" /><label for=\"news_fixed\"> {$lang['add_al_fix']}</label>";
$tpl->set( '{admintag}', $admintag );} else $tpl->set( '{admintag}', '' );
$torpole = "<tr><td width=\"118.5\" height=\"25\" nowrap=\"nowrap\"><3E><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:</td><td><input type=\"file\" name=\"tor_add\" maxlength=\"250\" class=\"f_input\" /></td></tr>";
$tpl->set('{toradd}', $torpole);
if( $is_logged and $member_id['user_group'] < 3 ) {
$tpl->set( '[urltag]', '' );
$tpl->set( '[/urltag]', '' );} else $tpl->set_block( "'\\[urltag\\].*?\\[/urltag\\]'si", "" );
$script = "
<script language=\"javascript\" type=\"text/javascript\">
<!--
function preview(){";
$script .= "if(document.entryform.short_story.value == '' || document.entryform.title.value == ''){ alert('$lang[add_err_7]'); }
else{
dd=window.open('','prv','height=400,width=750,resizable=0,scrollbars=1')
document.entryform.mod.value='preview';document.entryform.action='{$config['http_home_url']}system/preview.php';document.entryform.target='prv'
document.entryform.submit();dd.focus()
setTimeout(\"document.entryform.mod.value='addnews';document.entryform.action='';document.entryform.target='_self'\",500)
}
}";
$script .= <<<HTML
//-->
</script>
HTML;
$script .= "<form method=post enctype=\"multipart/form-data\" name=\"entryform\" id=\"entryform\" onsubmit=\"if(document.entryform.title.value == '' || document.entryform.short_story.value == ''){alert('$lang[add_err_7]');return false}\" action=\"\">";
$tpl->copy_template = $categoryfilter . $script . $tpl->copy_template . "<input type=\"hidden\" name=\"mod\" value=\"addnews\" /></form>";
$tpl->compile( 'content' );
$tpl->clear();
} else
msgbox( $lang['all_info'], "$lang[add_err_8]<br /><a href=\"javascript:history.go(-1)\">$lang[all_prev]</a>" );
}
?>