_SetArticleId(); $this->_BuildTrailArray(); $this->_SetTitle(); $this->_SetAuthorName(); $this->_SetPage(); $this->_SetAuthorId(); } function HandlePage() { // Determine which function to load switch($this->_action) { case "__captcha": { if ($GLOBALS['AL_CFG']['EnableCaptchaCheck']){ $GLOBALS["AL_CLASS_CAPTCHA"]->OutputImage(); } break; } case "viewarticle": { $this->ShowArticlePage(); break; } case "submitcomment": { $this->SaveComment(); break; } case "newcomment": { $this->NewComment(); break; } case "emailarticle": { $this->EmailArticle(); break; } case "print": { $this->PrintArticle(); break; } case "favorite": { $this->FavoriteArticle(); break; } case "read": { $this->ReadArticle(); break; } case "submitarticle": { if($GLOBALS["AL_CLASS_AUTH"]->IsLoggedIn()){ $GLOBALS["HideArticleOptionsPanel"] = true; $this->SubmitArticle(); }else{ header(sprintf("Location: %s/authors/login",$GLOBALS["AL_CFG"]["siteURL"])); } break; } case "savearticle": { if($GLOBALS["AL_CLASS_AUTH"]->IsLoggedIn()){ $GLOBALS["HideArticleOptionsPanel"] = true; $this->SaveArticle(); }else{ header(sprintf("Location: %s/authors/login",$GLOBALS["AL_CFG"]["siteURL"])); } break; } case "savearticle2": { if($GLOBALS["AL_CLASS_AUTH"]->IsLoggedIn()){ $GLOBALS["HideArticleOptionsPanel"] = true; $this->SaveArticle2(); }else{ header(sprintf("Location: %s/authors/login",$GLOBALS["AL_CFG"]["siteURL"])); } break; } case "addpage": { if($GLOBALS["AL_CLASS_AUTH"]->IsLoggedIn()){ $GLOBALS["HideArticleOptionsPanel"] = true; $this->AddPage(); }else{ header(sprintf("Location: %s/authors/login",$GLOBALS["AL_CFG"]["siteURL"])); } break; } case "getdownload": { $this->GetDownload(); break; } case "viewallfavorites": { $GLOBALS["HideArticleOptionsPanel"] = true; $this->ViewAllFavorites(); break; } default: { $this->ShowArticles(); break; } } } function GetPage() { return $this->_page; } function _GetPass(&$CatId) { /* Get a list of all the categories that this question appears in and if they are *ALL* password protected then we will request authorization. */ $pass = ""; $numCats = 0; $numPass = 0; $query = sprintf("select * from %scategoryassociations inner join %scategories on %scategoryassociations.CategoryId=%scategories.CategoryId where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"],$GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetArticleId()); $result = mysql_query($query); $numCats = mysql_num_rows($result); // If all categories are password protected then we will require the password while($row = mysql_fetch_array($result)) { if($row["catPass"] != "") { $numPass++; $CatId = $row["CategoryID"]; $pass = $row["catPass"]; } } if($numCats == $numPass) { // The password needs to match at least one of the categories return $pass; } else return ""; } function _SetPage() { $uri = $_SERVER["REQUEST_URI"]; if(isset($_REQUEST["Page"])) $this->_page = $_REQUEST["Page"]; if(is_numeric(strpos($uri, "__captcha"))) { $this->_action = "__captcha"; }elseif(is_numeric(strpos($uri, "/submitcomment"))) { $this->_action = "submitcomment"; } else if(is_numeric(strpos($uri, "/newcomment"))) { $this->_action = "newcomment"; } else if(is_numeric(strpos($uri, "/articleemail"))) { $this->_action = "emailarticle"; } else if(is_numeric(strpos($uri, "/print"))) { $this->_action = "print"; } else if(is_numeric(strpos($uri, "/addfav"))) { $this->_action = "favorite"; } else if(is_numeric(strpos($uri, "/removefav"))) { $this->_action = "favorite"; } else if(is_numeric(strpos($uri, "/addread"))) { $this->_action = "read"; } else if(is_numeric(strpos($uri, "/removeread"))) { $this->_action = "read"; } else if(is_numeric(strpos($uri, "/submitarticle/do"))) { $this->_action = "savearticle"; } else if(is_numeric(strpos($uri, "/submitarticle/textdo"))) { $this->_action = "savearticle2"; } else if(is_numeric(strpos($uri, "submitarticle/addpage"))) { $this->_action = "addpage"; } else if(is_numeric(strpos($uri, "/submitarticle"))) { $this->_action = "submitarticle"; } else if(is_numeric(strpos($uri, "/getdownload"))) { $this->_action = "getdownload"; } else if(is_numeric(strpos($uri, "/allfavorites"))) { $this->_action = "viewallfavorites"; } else if(eregi("/articles/?$", $uri)) { $this->_action = ""; } else { $getPage =false; if(is_numeric(strpos($uri, "/articles/articles"))){ $iPos = strpos($uri, "/articles/articles/"); $iPos += strlen("/articles/articles/"); $uri1 = substr($uri, $iPos, 100); $getPage =true; }elseif(is_numeric(strpos($uri, "/articles"))){ $iPos = strpos($uri, "/articles/"); $iPos += strlen("/articles/"); $uri1 = substr($uri, $iPos, 100); $getPage =true; } if($getPage == true){ $arrURI = explode("/", $uri1); if(sizeof($arrURI) > 1) $this->_page = $arrURI[1]; $query = sprintf("select count(*) from %sarticlepages where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetArticleId()); $this->_pages = mysql_result(mysql_query($query), 0, 0); $this->_action = "viewarticle"; } } if($this->_page == 0) $this->_page = 1; } function GetPages() { return $this->_pages; } function GetPageId() { // Use the article ID and page number to find out the actual page ID $arrIds = array(); $query = sprintf("select PageID from %sarticlepages where ArticleID='%d' order by SortOrderID", $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetArticleId()); $result = mysql_query($query); while($row = mysql_fetch_array($result)) $arrIds[] = $row["PageID"]; if(sizeof($arrIds) >= $this->GetPage()) return $arrIds[$this->GetPage()-1]; else return 0; } function _SetArticleId() { $uri = $_SERVER["REQUEST_URI"]; if(is_numeric(strpos($uri, "/articles/articles"))){ $iPos = strpos($uri, "/articles/articles/"); $iPos += strlen("/articles/articles/"); $uri1 = substr($uri, $iPos, 100); }else{ $iPos = strpos($uri, "/articles/"); $iPos += strlen("/articles/"); $uri1 = substr($uri, $iPos, 100); } $jPos = strpos($uri1, "/"); $id = substr($uri1, 0, $jPos); if(is_numeric($id)) $this->_articleId = $id; else $this->_articleId = 0; if(isset($_REQUEST["ArticleId"])) $this->_articleId = (int)$_REQUEST["ArticleId"]; if(isset($_REQUEST["ContentId"])) $this->_articleId = (int)$_REQUEST["ContentId"]; } function GetArticleId($ForceCheck = false) { if(!$ForceCheck) return $this->_articleId; else { $this->_SetArticleId(); return $this->_articleId; } } function GetTitle($ArticleId = 0) { if($ArticleId == 0) { return $this->_title; } else { $query = sprintf("select Title from %sarticles where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $ArticleId); return @mysql_result(@mysql_query($query), 0, 0); } } function _SetTitle() { $query = sprintf("select Title from %sarticles where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetArticleId()); $this->_title = @mysql_result(@mysql_query($query), 0, 0); } function _SetMetaTags() { $query = sprintf("select * from %sarticles where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetArticleId()); $row = mysql_fetch_array(mysql_query($query)); $metaKeys = trim($row["MetaKeywords"]); if(!empty($metaKeys)){ $GLOBALS["AL_CFG"]["siteKeywords"] = $row["MetaKeywords"]; } $metaDesc = trim($row["MetaDesc"]); if(!empty($metaDesc)){ $GLOBALS["AL_CFG"]["siteDesc"] = $row["MetaDesc"]; } return true; } function GetAuthorName() { return $this->_author; } function GetArticleType() { $query = sprintf("select Type from %sarticles where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetArticleId()); return @mysql_result(@mysql_query($query), 0, 0); } function GetArticleLink() { $query = sprintf("select ArticleURL from %sarticles where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetArticleId()); return @mysql_result(@mysql_query($query), 0, 0); } function GetPageTitle() { // Get the title of the selected page $title = ""; $query = sprintf("select Title from %sarticlepages where PageID='%d' and ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetPageId(), $this->GetArticleId()); $result = mysql_query($query); if($row = mysql_fetch_array($result)) { $title = $row["Title"]; } return $title; } function _SetAuthorName() { $query = sprintf("select * from %sarticles inner join %susers on %sarticles.AuthorID=%susers.UserID where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetArticleId()); $result = mysql_query($query); if($row = mysql_fetch_array($result)) { $this->_author = sprintf("%s %s", $row["FirstName"], $row["LastName"]); } } function GetAuthorId() { return $this->_authorId; } function _SetAuthorId() { $query = sprintf("select AuthorID from %sarticles where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetArticleId()); $result = mysql_query($query); if($row = mysql_fetch_array($result)) { $this->_authorId = $row["AuthorID"]; } } function GetBiography() { $query = sprintf("select * from %sarticles inner join %susers on %sarticles.AuthorID=%susers.UserID where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetArticleId()); $result = mysql_query($query); if($row = mysql_fetch_array($result)) { return AL_HELPER::hyperlinkUrls(str_replace('"', '"', $row["Biography"])); } } function GetPublishDate() { $date = $GLOBALS["AL_LANG"]["hpNA"]; $query = sprintf("select unix_timestamp(StartDate) as SD from %sarticles where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetArticleId()); $result = mysql_query($query); if($row = mysql_fetch_array($result)) { $date = AL_HELPER::GetRelativeDate($row["SD"]); } return $date; } function GetAuthorLink() { $query = sprintf("select * from %sarticles inner join %susers on %sarticles.AuthorID=%susers.UserID where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetArticleId()); $result = mysql_query($query); $link = ""; if($row = mysql_fetch_array($result)) { $link = AL_HELPER::AuthorLink($row["AuthorID"], sprintf("%s %s", $row["FirstName"], $row["LastName"])); } return $link; } function _BuildTrailArray() { // Build the arrays that will contain the category names to build the trails $GLOBALS["ArticleTrails"] = array(); $count = 0; $query = sprintf("select * from %scategoryassociations where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetArticleId()); $catResult = mysql_query($query); while($catRow = mysql_fetch_array($catResult)) { $query = sprintf("select * from %scategories where CategoryID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $catRow["CategoryID"]); $result = mysql_query($query); if($row = mysql_fetch_array($result)) { // The root category is valid, try and loop through each category to find the ID of the last category in the set $parentCat = $row["CategoryID"]; $start = true; $numCats = 0; while($parentCat > 0) { if($start) { $query = sprintf("select * from %scategories inner join %scategoryassociations on %scategories.CategoryID = %scategoryassociations.CategoryID where ArticleID='%d' and %scategories.CategoryID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetArticleId(), $GLOBALS["AL_CFG"]["tablePrefix"], $parentCat); $start = false; $numCats = mysql_num_rows(mysql_query($query)); } else { if($numCats > 1) $query = sprintf("select * from %scategories where ParentID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $parentCat); else $query = sprintf("select * from %scategories where ParentID=-1", $GLOBALS["AL_CFG"]["tablePrefix"]); } $result1 = mysql_query($query); if($row1 = mysql_fetch_array($result1)) { $parentCat = $row1["CategoryID"]; $GLOBALS["ArticleTrails"][$count][] = array($row1["CategoryID"], $row1["Name"], $row1["ParentID"]); } else { // Get the first category $query = sprintf("select * from %scategories where CategoryID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["ArticleTrails"][$count][0][0]); $result2 = mysql_query($query); if($row2 = mysql_fetch_array($result2)) { $catId = $row2["ParentID"]; $query = sprintf("select * from %scategories where CategoryID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $catId); $result3 = mysql_query($query); if($row3 = mysql_fetch_array($result3)) { $arrParent = array(array($row3["CategoryID"], $row3["Name"], $row3["ParentID"])); $GLOBALS["ArticleTrails"][$count] = array_merge_recursive($arrParent, $GLOBALS["ArticleTrails"][$count]); } } $parentCat = 0; } } } $count++; } // Make sure each trail's first category is the parent category // If the article is in multiple sub-categories of the same root // category it's harder to pick up the categories so we loop twice // to make sure they are all fixed up. for($h = 0; $h < 2; $h++) { for($i = 0; $i < sizeof($GLOBALS["ArticleTrails"]); $i++) { if($GLOBALS["ArticleTrails"][$i][0][2] > 0) { $catId = $GLOBALS["ArticleTrails"][$i][0][2]; $query = sprintf("select * from %scategories where CategoryID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $catId); $result = mysql_query($query); if($row = mysql_fetch_array($result)) { $arrParent = array(array($row["CategoryID"], $row["Name"], $row["ParentID"])); $GLOBALS["ArticleTrails"][$i] = array_merge_recursive($arrParent, $GLOBALS["ArticleTrails"][$i]); } } } } } function GetContent() { // Get the content and then escape the glossary words $output = ""; if($this->GetArticleType() == 1) { $query = sprintf("select Content from %sarticlepages where PageID='%d' and ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetPageId(), $this->GetArticleId()); $result = mysql_query($query); if($row = mysql_fetch_array($result)) { $output = $row["Content"]; // Get all glossary words $arrWords = AL_HELPER::GetGlossaryTerms(); if(sizeof($arrWords) > 0) { // Make the replacements for($i = 0; $i < sizeof($arrWords); $i++) { $regex = "#(?![^<]*?>)(?!]*>)\b" . preg_quote($arrWords[$i]["word"]) . "\b(?![^<]*)#si"; $output = preg_replace($regex, $arrWords[$i]["token"], $output, 1); } } if(sizeof($arrWords) > 0) { // Make the replacements for($i = 0; $i < sizeof($arrWords); $i++) { // Just replace the first instanse of the token $title = str_replace("\r\n", "
", str_replace(''', '\\'', str_replace('"', '', $arrWords[$i]["desc"]))); $popup = "" . $arrWords[$i]["word"] . "

" . $title . "'); return false\">" . $arrWords[$i]["word"] . ""; // Replace the rest of the tokens back with the word $output = str_replace($arrWords[$i]["token"], $popup, $output); } } } } else { $query = sprintf("select Summary from %sarticles where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetArticleId()); $result = mysql_query($query); if($row = mysql_fetch_array($result)) $output = $row["Summary"]; } return $output; } function GetPrintContent() { // Get the content of all pages and then escape the glossary words $output = ""; $count = 0; if($this->GetArticleType() == 1) { $query = sprintf("select Title, Content from %sarticlepages where ArticleID='%d' order by SortOrderID asc", $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetArticleId()); $result = mysql_query($query); while($row = mysql_fetch_array($result)) { if(++$count < mysql_num_rows($result)) $output .= sprintf("
%s
%s
", $row["Title"], $row["Content"]); else $output .= sprintf("
%s
%s
", $row["Title"], $row["Content"]); } } return $output; } function GetSummary() { $output = ""; $query = sprintf("select Summary from %sarticles where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetArticleId()); $result = mysql_query($query); if($row = mysql_fetch_array($result)) $output = $row["Summary"]; return $output; } function GetPagingLinks() { $pages = ""; $output = ""; if($this->GetPages() > 1) { if($this->GetPage() > 1) $pages .= sprintf("« %s ", $GLOBALS["AL_CFG"]["siteURL"], $this->GetArticleId(), $this->GetPage()-1, AL_HELPER::_MakeURLSafe($this->GetTitle()), $GLOBALS["AL_LANG"]["artBack"]); else $pages .= sprintf("« %s ", $GLOBALS["AL_LANG"]["artBack"]); for($i = 1; $i <= $this->GetPages(); $i++) { if($i != $this->GetPage()) $pages .= sprintf("%d ", $GLOBALS["AL_CFG"]["siteURL"], $this->GetArticleId(), $i, AL_HELPER::_MakeURLSafe($this->GetTitle()), $i); else $pages .= sprintf("%d ", $i); } if($this->GetPage() < $this->GetPages()) $pages .= sprintf("%s » ", $GLOBALS["AL_CFG"]["siteURL"], $this->GetArticleId(), $this->GetPage()+1, AL_HELPER::_MakeURLSafe($this->GetTitle()), $GLOBALS["AL_LANG"]["artNext"]); else $pages .= sprintf("%s » ", $GLOBALS["AL_LANG"]["artNext"]); $output .= sprintf("
%s: %s
", $GLOBALS["AL_LANG"]["artPages"], $pages); if($this->GetPage() < $this->GetPages()) { $output .= sprintf("
%s: %s »
", $GLOBALS["AL_CFG"]["siteURL"], $this->GetArticleId(), $this->GetPage()+1, AL_HELPER::_MakeURLSafe($this->GetTitle()), $GLOBALS["AL_LANG"]["artNext"], $this->GetNextPageTitle()); } } return $output; } function GetNextPageTitle() { // Use the article ID and page number to find out the actual page ID $query = sprintf("select * from %sarticlepages where ArticleID='%d' order by SortOrderID", $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetArticleId()); $result = mysql_query($query); while($row = mysql_fetch_array($result)) $arrTitles[] = $row["Title"]; if(sizeof($arrTitles) >= $this->GetPage()) return $arrTitles[$this->GetPage()]; else return ""; } function SaveComment() { // Save the users comment/rating for this article $articleId = $_POST["ContentId"]; $articleRating = $_POST["ArticleRating"]; if(isset($_POST["ArticleComment"])) $articleComment = $_POST["ArticleComment"]; else $articleComment = ""; if(isset($_POST["SendToAuthor"])) $articleSendToAuthor = true; else $articleSendToAuthor = false; if(isset($_POST["PostOnSite"])) $articlePost = true; else $articlePost = false; if(isset($_POST["ContentType"])) $contentType = $_POST["ContentType"]; else $contentType = 1; if(isset($_POST["FromName"])) $fromName = $_POST["FromName"]; else $fromName = ""; if(isset($_POST["FromEmail"])) $fromEmail = $_POST["FromEmail"]; else $fromEmail = ""; if($articleComment != "") $source = 1; else $source = 0; // Save the rating of the article $this->UpdateArticleScore(AL_SCORE_TYPE_RATE, $articleRating); // Save the comment and then redirect AL_HELPER::SaveComment($articleId, $articleRating, $articleComment, $articleSendToAuthor, $articlePost, 1, $this->GetPage(), $fromName, $fromEmail, $source); echo mysql_error(); } function IsInRecent($ArticleId) { // Is an article in the favorites session? if(isset($_COOKIE["AL_RECENT"])) { $arrRecent = explode(",", $_COOKIE["AL_RECENT"]); if(in_array($ArticleId, $arrRecent)) return true; else return false; } else { return false; } } function UpdateArticleScore($ActionType, $Rating = 0) { /* This function updates the score of an article, which is used to factor popular articles and authors. There are 4 ways to increase an articles score: 1. View the article: Adds one point per unique view of article per user. Checks if article is in histroy and if it is it doesn't add the point. 2. Rate the article 5/5: Adds 2.5 points when this occurs 3. Rate the article 1/5: Subtracts 2.5 points when this occurs 4. Rate an article 2/5-4/5: Factors this rating to find a median rating and adds */ $add = 0; $updateRating = true; switch($ActionType) { case AL_SCORE_TYPE_VIEW: { $add = 1; $updateRating = false; break; } case AL_SCORE_TYPE_RATE: { switch($Rating) { case 1: { $add = -2.5; break; } case 5: { $add = 2.5; break; } case 2: case 3: case 4: { $add = $Rating; break; } } // Factor in the article rating $add += ($Rating - 1 - 2.5); $add *= 5; break; } } $score = $this->GetArticleScore(); $votes = $this->GetArticleVotes(); if($votes > 0) { $score += $add; $votes++; $rating = $score / $votes; } else { $votes++; $score = $add; $rating = $Rating; } // Update the values if($updateRating) $this->UpdateArticleScoreData($score, $votes, $rating); else $this->UpdateArticleScoreData($score, $votes, -1); } function GetArticleScore() { // Get the score of an article $query = sprintf("select Score from %sarticles where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetArticleId()); $result = mysql_query($query); if($row = mysql_fetch_array($result)) return $row["Score"]; else return 0; } function GetArticleVotes() { // Get the votes of an article $query = sprintf("select Votes from %sarticles where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetArticleId()); $result = mysql_query($query); if($row = mysql_fetch_array($result)) return $row["Votes"]; else return 0; } function UpdateArticleScoreData($Score, $Votes, $Rating) { if($Rating > -1) $query = sprintf("update %sarticles set Score='%d', Votes='%d', Rating='%d' where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $Score, $Votes, $Rating, $this->GetArticleId()); else $query = sprintf("update %sarticles set Score='%d', Votes='%d' where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $Score, $Votes, $this->GetArticleId()); mysql_query($query); } function IncrementViewCount() { // Update the number of views for this article $query = sprintf("update %sarticles set Views=Views+1 where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetArticleId()); @mysql_query($query); } function ShowArticlePage() { $catId = 0; $auth = false; $pass = $this->_GetPass($catId); if($this->_HasCorrectCookiePass()) $auth = true; // Is the user attempting to get access to the category? if(isset($_POST["artAuthPass"])) { if($this->_HasCorrectPass($_POST["artAuthPass"])) $auth = true; } if($pass != "" && $auth == false) { // Load the article password panel $GLOBALS["HidePanels"] = array("AddPagePanel","SubmitArticlePanel", "SubmitArticleRegularPanel", "SubmitCommentPanel", "AdvancedSearchPanel", "SearchResultsPanel", "ArticleFavouritesPanel", "ViewArticlesPanel", "ViewArticlePanel" ); $GLOBALS["FormAction"] = str_replace(".php", "", $_SERVER["PHP_SELF"]); if(isset($_POST["artAuthPass"])) $GLOBALS["artAuthPass"] = $_POST["artAuthPass"]; else $GLOBALS["artAuthPass"] = ""; // Do we need to hide the "bad password" message? if(!isset($_POST["artAuthPass"])){ $GLOBALS["HideErrorPanel"] = "none"; } $GLOBALS["AL_CLASS_TEMPLATE"]->SetPageTitle($this->GetTitle()); $this->_SetMetaTags(); $GLOBALS["AL_CLASS_TEMPLATE"]->SetTemplate("Articles"); echo $GLOBALS["AL_CLASS_TEMPLATE"]->ParseTemplate(); } else { if($this->GetPage() == 1) $this->IncrementViewCount(); if(!$this->IsInRecent($this->GetArticleId())) { if(isset($_COOKIE["AL_RECENT"])) $recent = $_COOKIE["AL_RECENT"]; else $recent = ""; $recent .= sprintf(",%d", $this->GetArticleId()); $recent = eregi_replace(",$", "", $recent); $recent = eregi_replace("^,", "", $recent); setcookie("AL_RECENT", $recent, time() + (3600 * 24 * 365), "/"); // Update the score of the article $this->UpdateArticleScore(AL_SCORE_TYPE_VIEW); } // Hide the panels we don't need $GLOBALS["HidePanels"] = array("AddPagePanel","SubmitArticlePanel", "SubmitArticleRegularPanel", "SubmitCommentPanel", "AdvancedSearchPanel", "SearchResultsPanel", "ArticleFavouritesPanel", "ViewArticlesPanel", "ArticleAuthPanel" ); // Load the view article page $GLOBALS["AL_CLASS_TEMPLATE"]->SetPageTitle($this->GetTitle()); $this->_SetMetaTags(); $GLOBALS["AL_CLASS_TEMPLATE"]->SetTemplate("Articles"); echo $GLOBALS["AL_CLASS_TEMPLATE"]->ParseTemplate(); } } function NewComment() { if(isset($_GET["done"])) $GLOBALS["HideForm"] = "none"; // Hide the panels we don't need $GLOBALS["HidePanels"] = array("ArticleAuthPanel","AddPagePanel","SubmitArticlePanel", "SubmitArticleRegularPanel", "ViewArticlePanel", "AdvancedSearchPanel", "SearchResultsPanel", "ArticleFavouritesPanel", "ViewArticlesPanel" ); if(!isset($_SESSION['CommentMessage'])){ // Load the post comment form // $uri = $_SERVER['REQUEST_URI']; $ray = explode("?",$uri); if(is_numeric(str_replace("ArticleId=","",$ray[1]))){ $GLOBALS["ContentId"] = str_replace("ArticleId=","",$ray[1]); }else{ $GLOBALS["ContentId"] = $this->GetArticleId(); } } $GLOBALS["ContentType"] = 1; $GLOBALS["AL_CLASS_TEMPLATE"]->SetPageTitle($GLOBALS["AL_LANG"]["artSubmitComment"]); $GLOBALS["AL_CLASS_TEMPLATE"]->SetTemplate("Articles"); echo $GLOBALS["AL_CLASS_TEMPLATE"]->ParseTemplate(); } function IsInFavorites($ArticleId) { // Is an article in the favorites cookie? if(isset($_COOKIE["AL_FAVS"])) { $arrFavs = explode(",", $_COOKIE["AL_FAVS"]); if(in_array($ArticleId, $arrFavs)) return true; else return false; } else { return false; } } function IsInToRead($ArticleId) { // Is an article in the favorites cookie? if(isset($_COOKIE["AL_READ"])) { $arrFavs = explode(",", $_COOKIE["AL_READ"]); return in_array($ArticleId, $arrFavs); } else { return false; } } function UpdateNumTimesEmailed() { $query = sprintf("update %sarticles set EmailsSent=EmailsSent+1 where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetArticleId()); @mysql_query($query); } function EmailArticle() { // Do we show the form or send the email? if(eregi("/send$", $_SERVER["REQUEST_URI"])) { // Send the email to the friend $title = sprintf($GLOBALS["AL_LANG"]["artEmailIRecommend"], $GLOBALS["AL_CFG"]["siteName"]); $msg = $_POST["Message"]; $msg = str_replace("{FriendsName}", $_POST["FriendsName"], $msg); $msg = str_replace("{YourName}", $_POST["YourName"], $msg); $msg = str_replace("{YourEmail}", $_POST["YourEmail"], $msg); $msg = str_replace("FriendsName", $_POST["FriendsName"], $msg); $msg = str_replace("YourName", $_POST["YourName"], $msg); $msg = str_replace("YourEmail", $_POST["YourEmail"], $msg); $msg = stripslashes($msg); $msg = str_replace("'", "'", $msg); $content_type = "Content-Type: text/plain; charset=\"iso-8859-1\"\nContent-Transfer-Encoding: 7bit\n"; $Headers = "From: "; $Headers .= $_POST["YourEmail"]; $Headers .= "\n"; $Headers .= "Reply-To: " . $_POST["YourEmail"] . "\n"; $Headers .= "Return-Path: " . $_POST["YourEmail"] . "\n"; $Headers .= "MIME-Version: 1.0\n"; $Headers .= $content_type; AL_MAIL::sendEmail($_POST["FriendsEmail"], $title, $msg,$_POST["YourName"],$_POST["YourEmail"]); // Update the number of times this article has been emailed $this->UpdateNumTimesEmailed(); $GLOBALS["HidePanel1"] = "none"; } else { $GLOBALS["HidePanel2"] = "none"; } // Show the form to email an article $articleId = $this->GetArticleId(true); $GLOBALS["AL_CLASS_TEMPLATE"]->SetPageTitle(sprintf($GLOBALS["AL_LANG"]["artEmailTitle"], $GLOBALS["AL_CLASS_ARTICLE"]->GetTitle())); $GLOBALS["Script"] = $GLOBALS["AL_CLASS_TEMPLATE"]->GetAndParseFile("javascript/formUtil.js"); // replaced 2007.0.7 - $GLOBALS["FormAction"] = eregi_replace("/{2,}", "/", sprintf("%s/send", $_SERVER["PHP_SELF"])); $GLOBALS["FormAction"] = AL_HELPER::ArticleLink($articleId,$this->GetTitle()) . "/articleemail/send"; $GLOBALS["Message"] = str_replace("%%NL%%", "\r\n", $GLOBALS["AL_LANG"]["artEmailMessageText"]); $GLOBALS["Message"] = str_replace("{SiteName}", $GLOBALS["AL_CFG"]["siteName"], $GLOBALS["Message"]); $GLOBALS["Message"] = sprintf($GLOBALS["Message"], $this->GetTitle(), AL_HELPER::ArticleLink($articleId, $this->GetTitle())); $GLOBALS["AL_CLASS_TEMPLATE"]->SetTemplate("Panels/EmailArticlePanel"); echo $GLOBALS["AL_CLASS_TEMPLATE"]->ParseTemplate(); } function PrintArticle() { // Show the page to print an article $articleId = $this->GetArticleId(true); $GLOBALS["SiteLink"] = $GLOBALS["AL_CFG"]["siteURL"]; $GLOBALS["SiteName"] = $GLOBALS["AL_CFG"]["siteName"]; $GLOBALS["Title"] = $this->GetTitle(); $GLOBALS["ArticleLink"] = urldecode(AL_HELPER::ArticleLink($articleId, $this->GetTitle())); if ($GLOBALS['AL_CFG']['EnableAuthorPics'] == 1 || $GLOBALS['AL_CFG']['EnableAuthorProfiles'] == 1) { $GLOBALS['AuthorDisplay'] = ''; } else { $GLOBALS['AuthorDisplay'] = 'none'; } if($GLOBALS["AL_CFG"]["EnableAuthorPictures"] == 1) { $GLOBALS["AuthorPic"] = AL_HELPER::GetAuthorPic($this->GetAuthorId()); } else { $GLOBALS["AuthorPic"] = ""; } $GLOBALS["ArticleAuthor"] = $this->GetAuthorName(); if($GLOBALS["AL_CFG"]["EnableAuthorProfiles"] == 1) { $GLOBALS["AuthorBio"] = $this->GetBiography(); } else { $GLOBALS["AuthorBio"] = ""; } $GLOBALS["ArticleDate"] = $this->GetPublishDate(); $GLOBALS["ArticleSummary"] = $this->GetSummary(); $GLOBALS["ArticleContent"] = $this->GetPrintContent(); $GLOBALS["AL_CLASS_TEMPLATE"]->SetPageTitle($this->GetTitle()); $GLOBALS["AL_CLASS_TEMPLATE"]->SetTemplate("Panels/PrintArticlePanel"); echo $GLOBALS["AL_CLASS_TEMPLATE"]->ParseTemplate(); } function FavoriteArticle() { $uri = $_SERVER["REQUEST_URI"]; $articleId = $this->GetArticleId(); if(is_numeric(strpos($uri, "/addfav"))) { if(!$this->IsInFavorites($articleId)) { $fav = $_COOKIE["AL_FAVS"]; $fav = sprintf("%s,%d", $fav, $articleId); // Increment the number of bookmarks for this article $query = sprintf("update %sarticles set Bookmarks=Bookmarks+1 where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $articleId); @mysql_query($query); $_SESSION["Message"] = $GLOBALS["AL_LANG"]["artAddedToFavs"]; ob_end_clean(); setcookie("AL_FAVS", $fav, time() + (3600 * 24 * 365), "/"); } } else { $fav = $_COOKIE["AL_FAVS"]; $fav = str_replace("," . $this->GetArticleId(), "", $fav); $_SESSION["Message"] = $GLOBALS["AL_LANG"]["artRemovedFromFavs"]; ob_end_clean(); setcookie("AL_FAVS", $fav, time() + (3600 * 24 * 365), "/"); } printf("", AL_HELPER::ArticleLink($articleId, $this->GetTitle())); } function ReadArticle() { $uri = $_SERVER["REQUEST_URI"]; $articleId = $this->GetArticleId(); if(is_numeric(strpos($uri, "/addread"))) { if(!$this->IsInToRead($articleId)) { session_start(); $read = $_COOKIE["AL_READ"]; $read = sprintf("%s,%d", $read, $articleId); $_SESSION["Message"] = $GLOBALS["AL_LANG"]["artAddedToRead"]; ob_end_clean(); setcookie("AL_READ", $read, time() + (3600 * 24 * 365), "/"); } } else { session_start(); $read = $_SESSION["AL_READ"]; $read = str_replace("," . $this->GetArticleId(), "", $read); $_SESSION["Message"] = $GLOBALS["AL_LANG"]["artRemovedFromRead"]; ob_end_clean(); setcookie("AL_READ", $read, time() + (3600 * 24 * 365), "/"); } printf("", AL_HELPER::ArticleLink($articleId, $this->GetTitle())); } function ShowArticles() { // Hide the panels we don't need $GLOBALS["HidePanels"] = array("ArticleAuthPanel","AddPagePanel","SubmitArticlePanel", "SubmitArticleRegularPanel", "SubmitCommentPanel", "AdvancedSearchPanel", "SearchResultsPanel", "ArticleFavouritesPanel", "ViewArticlePanel" ); // Load the view article page $GLOBALS["AL_CLASS_TEMPLATE"]->SetPageTitle($GLOBALS["AL_CFG"]["siteName"]); $GLOBALS["AL_CLASS_TEMPLATE"]->SetTemplate("Articles"); echo $GLOBALS["AL_CLASS_TEMPLATE"]->ParseTemplate(); } function GetRSS() { ob_end_clean(); header("Content-Type: text/xml"); $uri = $_SERVER["REQUEST_URI"]; if(is_numeric(strpos($uri, "/cat"))){ // must be a category $iPos = strpos($uri, "/cat/"); $iPos += strlen("/cat/"); $uri1 = substr($uri, $iPos, 1000); $jPos = strpos($uri1, "/"); $catId = substr($uri1, 0, $jPos); $thisCat = mysql_fetch_array(mysql_query("SELECT * FROM ".$GLOBALS["AL_CFG"]["tablePrefix"]."categories WHERE CategoryID='".$catId."'")); // Get a list of recent articles to show $ar = array(); $query = sprintf("select *, unix_timestamp(StartDate) as SD from %sarticles inner join %susers on %sarticles.AuthorID = %susers.UserID inner join %scategoryassociations on %scategoryassociations.ArticleID = %sarticles.ArticleID where Visible=1 and %sarticles.Status=1 and %scategoryassociations.CategoryID = '%d' order by StartDate DESC, %sarticles.ArticleID DESC", $GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"],$GLOBALS["AL_CFG"]["tablePrefix"],$GLOBALS["AL_CFG"]["tablePrefix"],$GLOBALS["AL_CFG"]["tablePrefix"],$catId,$GLOBALS["AL_CFG"]["tablePrefix"]); $articleResult = mysql_query($query); $NumArticles = mysql_num_rows($articleResult); if(mysql_num_rows($articleResult) > 0) { while($articleRow = mysql_fetch_array($articleResult)) { $ar[] = $articleRow; } } $arrArticles = $ar; $catTitle = $GLOBALS["AL_LANG"]["hpArticles"] . " - " . $thisCat["Name"]; }else{ // default $arrArticles = $this->GetRecentArticleList(); $catTitle = $GLOBALS["AL_LANG"]["hpArticles"]; } $uDate = date("D, d M Y H:i:s O"); $output = "<"; $output .= sprintf("?xml version=\"1.0\" encoding=\"utf-8\"?> %s - %s %s en-us %s N/A %s %s 20", AL_TPL_HTTP_PATH, AL_HELPER::_MakeSafeForRSS($GLOBALS["AL_CFG"]["siteName"]), AL_HELPER::_MakeSafeForRSS($catTitle), $GLOBALS["AL_CFG"]["siteURL"], $GLOBALS["AL_CFG"]["siteURL"], AL_HELPER::GetAdminEmail(), $uDate); for($i = 0; $i < sizeof($arrArticles); $i++) { $title = AL_HELPER::_MakeSafeForRSS($arrArticles[$i]["Title"]); $link = AL_HELPER::ArticleLink($arrArticles[$i]["ArticleID"], $arrArticles[$i]["Title"]); $desc = AL_HELPER::_MakeSafeForRSS($arrArticles[$i]["Summary"]); $author = AL_HELPER::_MakeSafeForRSS(sprintf("%s %s", $arrArticles[$i]["FirstName"], $arrArticles[$i]["LastName"])); $authorEmail = AL_HELPER::_MakeSafeForRSS($arrArticles[$i]["Email"]); $date = date("D, d M Y H:i:s O", $arrArticles[$i]["SD"]); if($authorEmail == ''){ $authorEmail = "no@email.com"; } $output .= sprintf(" %s %s %s %s (%s) %s ", utf8_encode($title), AL_HELPER::_MakeSafeForRSS($link), str_replace("©", "", utf8_encode($desc)),$authorEmail, $author, $date); } $output .= " "; echo $output; die(); } function GetRecentArticleList() { // Get a list of recent articles to show $ar = array(); $query = sprintf("select *, unix_timestamp(StartDate) as SD from %sarticles inner join %susers on %sarticles.AuthorID = %susers.UserID where Visible=1 and %sarticles.Status=1 and unix_timestamp(StartDate) <= %s and (ExpiryDate >= %s or EnableExpiry=0) order by StartDate DESC, ArticleID DESC limit 10", $GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"], time(), time()); $articleResult = mysql_query($query); $NumArticles = mysql_num_rows($articleResult); if(mysql_num_rows($articleResult) > 0) { while($articleRow = mysql_fetch_array($articleResult)) { $ar[] = $articleRow; } } return $ar; } function GetExternalLink() { $query = sprintf("select ArticleURL from %sarticles where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetArticleId()); $result = mysql_query($query); if($row = mysql_fetch_array($result)) return $row["ArticleURL"]; else return ""; } function SubmitArticle() { /* If the user has contribute content permissions but doesn't have submit article permissions then we redirect him to the backend to submit an article */ if( $GLOBALS["AL_CLASS_AUTH"]->HasPermission(1) && !$GLOBALS["AL_CLASS_AUTH"]->HasPermission(0) ) { $_SESSION["fromFrontEnd"] = 1; ob_end_clean(); header(sprintf("Location: %s/admin/index.php?ToDo=createArticle", $GLOBALS["AL_CFG"]["siteURL"])); die(); } elseif ($GLOBALS["AL_CLASS_AUTH"]->HasPermission(53)){ // if 53, they are allowed to submit an article using a form if(isset($_SESSION["NewAuthorMessage"])) { $GLOBALS["NewAccountMessage"] = AL_HELPER::MakeBox($GLOBALS["AL_LANG"]["authNewUserDone"], "Success"); } // Hide the panels we don't need $GLOBALS["HidePanels"] = array("ArticleAuthPanel","CategoryAuthPanel","AddPagePanel","ViewArticlesPanel", "SubmitArticlePanel", "SubmitCommentPanel", "AdvancedSearchPanel", "SearchResultsPanel", "ArticleFavouritesPanel", "ViewArticlePanel" ); // Load the view article page $GLOBALS["AL_CLASS_TEMPLATE"]->SetPageTitle($GLOBALS["AL_LANG"]["artSubmitArticle"]); $GLOBALS["AL_CLASS_TEMPLATE"]->SetTemplate("Articles"); echo $GLOBALS["AL_CLASS_TEMPLATE"]->ParseTemplate(); }else { // otherwise they just have to submit a file if(isset($_SESSION["NewAuthorMessage"])) { $GLOBALS["NewAccountMessage"] = AL_HELPER::MakeBox($GLOBALS["AL_LANG"]["authNewUserDone"], "Success"); } // Hide the panels we don't need $GLOBALS["HidePanels"] = array("ArticleAuthPanel","AddPagePanel","ViewArticlesPanel", "SubmitArticleRegularPanel", "SubmitCommentPanel", "AdvancedSearchPanel", "SearchResultsPanel", "ArticleFavouritesPanel", "ViewArticlePanel" ); // Load the view article page $GLOBALS["AL_CLASS_TEMPLATE"]->SetPageTitle($GLOBALS["AL_LANG"]["artSubmitArticle"]); $GLOBALS["AL_CLASS_TEMPLATE"]->SetTemplate("Articles"); echo $GLOBALS["AL_CLASS_TEMPLATE"]->ParseTemplate(); } } function SaveArticle2(){ // initialize the vars $title = $_POST["Title"]; $summary =$_POST["Summary"]; $arrCats = $_POST["ACategories"]; $articleType = $_POST["ArticleType"]; $articleURL = $_POST["ArticleUrl"]; $pageTitle = $_POST["PageTitle"]; $startDate = sprintf("%s-%s-%s", date("Y"), date("m"), date("d")); // check what type of article they are posting... if($articleType == 1) { $content = html_entity_decode($_POST["wysiwyg"]); } if(isset($_FILES["File"]) && $_FILES["File"]['size'] > 0) { $token = md5(uniqid(rand(), true)); $arrFile = $_FILES["File"]; $finalToken = sprintf("%s:%s", $token, $arrFile["name"]); // Save the attachment @move_uploaded_file($arrFile["tmp_name"], "submitted_articles/" . $token); @chmod($path . "submitted_articles/" . $token, 0757); } else { $arrFile = array(); $finalToken = ""; } // Start by saving to the articles table $query = sprintf("insert into %sarticles(AuthorID, Title, Summary, Type, ArticleURL, Status, Visible, StartDate, File, IsFinished) values('%d', '%s', '%s', '%d', '%s', 0, 0, '%s', '%s', 1)", $GLOBALS["AL_CFG"]["tablePrefix"], $_SESSION["userid"], $title, $_POST["Summary"], $articleType, $articleURL, $startDate, $finalToken); mysql_query($query); echo mysql_error(); $articleId = mysql_insert_id(); $query = sprintf("insert into %sarticlepages(ArticleID, SortOrderID, Title, Content) values('%d', 1, '%s', '%s')", $GLOBALS["AL_CFG"]["tablePrefix"], $articleId, $pageTitle, mysql_escape_string($content)); mysql_query($query); // if the option to email on a new article submittion is turned on.... do it $GLOBALS["AL_CLASS_MAIL"]->CheckDoMail($articleId,$_SESSION["userid"],"front"); // Setup the article -> category associations foreach($arrCats as $key=>$c) { $query = sprintf("insert into %scategoryassociations(ArticleID, CategoryID) values('%d', '%d')", $GLOBALS["AL_CFG"]["tablePrefix"], $articleId, $c); mysql_query($query); } // Show the view account page $_SESSION["SubmittedArticleTitle"] = $title; if($_POST["addMore"] == '1'){ $GLOBALS["articleID"] = $articleId; $GLOBALS["pageNum"] = "2"; $GLOBALS["PageNumber"] = "(".$GLOBALS["AL_LANG"]['artPage']." ".$GLOBALS["pageNum"].")"; // if 53, they are allowed to submit an article using a form if(isset($_SESSION["NewAuthorMessage"])) { $GLOBALS["NewAccountMessage"] = AL_HELPER::MakeBox($GLOBALS["AL_LANG"]["authNewUserDone"], "Success"); } // Hide the panels we don't need $GLOBALS["HidePanels"] = array( "ViewArticlesPanel", "SubmitArticlePanel", "SubmitArticlePanel", "SubmitCommentPanel", "SubmitArticleRegularPanel", "AdvancedSearchPanel", "SearchResultsPanel", "ArticleFavouritesPanel", "ViewArticlePanel", "ArticleAuthPanel" ); // Load the view article page $GLOBALS["AL_CLASS_TEMPLATE"]->SetPageTitle($GLOBALS["AL_LANG"]["artSubmitArticle"]); $GLOBALS["AL_CLASS_TEMPLATE"]->SetTemplate("Articles"); echo $GLOBALS["AL_CLASS_TEMPLATE"]->ParseTemplate(); }else{ ob_end_clean(); header(sprintf("Location: %s/authors/viewaccount", $GLOBALS["AL_CFG"]["siteURL"])); die(); } } function AddPage(){ $pageTitle = $_POST["PageTitle"]; $pageNum = $_POST["pageNum"]; $articleID = $_POST["articleID"]; $content = html_entity_decode($_POST["wysiwyg"]); $query = sprintf("insert into %sarticlepages(ArticleID, SortOrderID, Title, Content) values('%d', '%d', '%s', '%s')", $GLOBALS["AL_CFG"]["tablePrefix"], $articleID,$pageNum, $pageTitle, mysql_escape_string($content)); @mysql_query($query); if($_POST["addMore"] == '1') { // they clicked they want to add another page, so show the form $GLOBALS["articleID"] = $articleID; $GLOBALS["pageNum"] = $_POST["pageNum"] + 1; $GLOBALS["PageNumber"] = "(Page ".$GLOBALS["pageNum"].")"; // if 53, they are allowed to submit an article using a form if(isset($_SESSION["NewAuthorMessage"])) { $GLOBALS["NewAccountMessage"] = AL_HELPER::MakeBox($GLOBALS["AL_LANG"]["authNewUserDone"], "Success"); } // Hide the panels we don't need $GLOBALS["HidePanels"] = array( "ViewArticlesPanel", "SubmitArticlePanel", "SubmitArticlePanel", "SubmitCommentPanel", "SubmitArticleRegularPanel", "AdvancedSearchPanel", "SearchResultsPanel", "ArticleFavouritesPanel", "ViewArticlePanel", "ArticleAuthPanel" ); // Load the view article page $GLOBALS["AL_CLASS_TEMPLATE"]->SetPageTitle($GLOBALS["AL_LANG"]["artSubmitArticle"] . " (Page $pageNum)"); $GLOBALS["AL_CLASS_TEMPLATE"]->SetTemplate("Articles"); echo $GLOBALS["AL_CLASS_TEMPLATE"]->ParseTemplate(); }else{ ob_end_clean(); header(sprintf("Location: %s/authors/viewaccount", $GLOBALS["AL_CFG"]["siteURL"])); die(); } } function checkFile($fileInfo){ $badFiles = array('.php','.cgi','.pl','.php3','.php4','.asp','.aspx','.c','.phtml'); foreach ($badFiles as $key=>$value){ $length = strlen($value); // check the extension if(substr($fileInfo['name'],strlen($fileInfo['name'])-$length) == $value){ // must be a bad file! return false; } } return true; } function SaveArticle() { $title = $_POST["Title"]; $summary =$_POST["Summary"]; $arrCats = $_POST["ACategories"]; $articleType = $_POST["ArticleType"]; $articleURL = $_POST["ArticleUrl"]; $startDate = sprintf("%s-%s-%s", date("Y"), date("m"), date("d")); if(isset($_FILES["File"]) && $_FILES["File"]['size'] > 0) { if($this->checkFile($_FILES["File"])){ $token = md5(uniqid(rand(), true)); $arrFile = $_FILES["File"]; $finalToken = sprintf("%s:%s", $token, $arrFile["name"]); // Save the attachment @move_uploaded_file($arrFile["tmp_name"], "submitted_articles/" . $token); @chmod($path . "submitted_articles/" . $token, 0757); }else{ $_SESSION["SubmittedArticleFail"] = true; $_SESSION["invalidFile"] = true; header(sprintf("Location: %s/authors/viewaccount", $GLOBALS["AL_CFG"]["siteURL"])); die(); } } else { $arrFile = array(); $finalToken = ""; } if($_SESSION["userid"] == 0 OR !isset($_SESSION["userid"])){ $_SESSION["SubmittedArticleFail"] = true; header(sprintf("Location: %s/authors/viewaccount", $GLOBALS["AL_CFG"]["siteURL"])); die(); } // Start by saving to the articles table $query = sprintf("insert into %sarticles(AuthorID, Title, Summary, Type, ArticleURL, Status, Visible, StartDate, File, IsFinished) values('%d', '%s', '%s', '%d', '%s', 0, 0, '%s', '%s', 1)", $GLOBALS["AL_CFG"]["tablePrefix"], $_SESSION["userid"], $title, $_POST["Summary"], $articleType, $articleURL, $startDate, $finalToken); mysql_query($query); $articleId = mysql_insert_id(); $GLOBALS["AL_CLASS_MAIL"]->CheckDoMail($articleId,$_SESSION["userid"],"front"); // Setup the article -> category associations foreach($arrCats as $key=>$c) { $query = sprintf("insert into %scategoryassociations(ArticleID, CategoryID) values('%d', '%d')", $GLOBALS["AL_CFG"]["tablePrefix"], $articleId, $c); mysql_query($query); } // Show the view account page $_SESSION["SubmittedArticleTitle"] = $title; ob_end_clean(); header(sprintf("Location: %s/authors/viewaccount", $GLOBALS["AL_CFG"]["siteURL"])); die(); } function GetDownload() { // Get the contents of a file submitted by a user when adding an article from the front end $arrURI = explode("/", $_SERVER["REQUEST_URI"]); $articleId = $arrURI[sizeof($arrURI)-1]; if(is_numeric($articleId)) { // See if there's a pending article with an attachment $query = sprintf("select File from %sarticles where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $articleId); $result = mysql_query($query); if($row = mysql_fetch_array($result)) { $arrFile = explode(":", $row["File"]); if($fp = fopen(sprintf("submitted_articles/%s", $arrFile[0]), "rb")) { // Everything is OK, clear the output buffer and stream the file ob_end_clean(); header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Content-Type: application/force-download"); header("Content-Type: application/octet-stream"); header("Content-Type: application/download"); header("Content-Disposition: attachment; filename=".str_replace(" ", "_", $arrFile[1]).";"); header("Content-Transfer-Encoding: binary"); fpassthru($fp); die(); } } } } function articleCount(){ $query = sprintf("select count(ArticleID) from %sarticles where visible='1'", $GLOBALS["AL_CFG"]["tablePrefix"]); return mysql_result(mysql_query($query), 0, 0); } function ViewAllFavorites() { // Hide the panels we don't need $GLOBALS["HidePanels"] = array("ArticleAuthPanel","AddPagePanel","ViewArticlesPanel", "SubmitArticleRegularPanel", "SubmitCommentPanel", "AdvancedSearchPanel", "SearchResultsPanel", "SubmitArticlePanel", "ViewArticlePanel" ); // Load the view article page $GLOBALS["AL_CLASS_TEMPLATE"]->SetPageTitle($GLOBALS["AL_LANG"]["artYourFavouriteArticles"]); $GLOBALS["AL_CLASS_TEMPLATE"]->SetTemplate("Articles"); echo $GLOBALS["AL_CLASS_TEMPLATE"]->ParseTemplate(); } function _HasCorrectCookiePass() { // We need to get the password of all categories that this question appears in and compare the password to these. If it's right for one of them, grant access $pass = ""; $numCats = 0; $numPass = 0; $query = sprintf("select * from %scategoryassociations inner join %scategories on %scategoryassociations.CategoryID=%scategories.CategoryID where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"],$GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetArticleId()); $result = mysql_query($query); $numCats = mysql_num_rows($result); // If all categories are password protected then we will require the password while($row = mysql_fetch_array($result)) { if($row["catPass"] != "") { if(isset($_COOKIE["al_cat_pass_" . $row["CategoryID"]])) { $cookiePass = $_COOKIE["al_cat_pass_" . $row["CategoryID"]]; $pass = $row["catPass"]; if($pass == $cookiePass) return true; } } } return false; } function _HasCorrectPass($Pass) { // We need to get the password of all categories that this question appears in and compare the password to these. If it's right for one of them, grant access $pass = ""; $numCats = 0; $numPass = 0; $auth = false; $query = sprintf("select * from %scategoryassociations inner join %scategories on %scategoryassociations.CategoryID=%scategories.CategoryID where ArticleID='%d'", $GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"],$GLOBALS["AL_CFG"]["tablePrefix"], $GLOBALS["AL_CFG"]["tablePrefix"], $this->GetArticleId()); $result = mysql_query($query); $numCats = mysql_num_rows($result); // If all categories are password protected then we will require the password while($row = mysql_fetch_array($result)) { if($row["catPass"] != "") { $pass = $row["catPass"]; if($pass == $Pass) { setcookie("al_cat_pass_" . $row["CategoryID"], $pass, time()+3600*24*365, "/"); $auth = true; } } } return $auth; } } ?>