0) {
$nucleus['version'] .= '/' . getNucleusPatchLevel();
}
// Avoid notices
if (!isset($CONF['installscript'])) {
$CONF['installscript'] = 0;
}
// we will use postVar, getVar, ... methods instead of HTTP_GET_VARS or _GET
if ($CONF['installscript'] != 1) { // vars were already included in install.php
if (phpversion() >= '4.1.0') {
include_once($DIR_LIBS . 'vars4.1.0.php');
} else {
include_once($DIR_LIBS . 'vars4.0.6.php');
}
}
// sanitize option
$bLoggingSanitizedResult=0;
$bSanitizeAndContinue=0;
$orgRequestURI = serverVar('REQUEST_URI');
sanitizeParams();
// get all variables that can come from the request and put them in the global scope
$blogid = requestVar('blogid');
$itemid = intRequestVar('itemid');
$catid = intRequestVar('catid');
$skinid = requestVar('skinid');
$memberid = requestVar('memberid');
$archivelist = requestVar('archivelist');
$imagepopup = requestVar('imagepopup');
$archive = requestVar('archive');
$query = requestVar('query');
$highlight = requestVar('highlight');
$amount = requestVar('amount');
$action = requestVar('action');
$nextaction = requestVar('nextaction');
$maxresults = requestVar('maxresults');
$startpos = intRequestVar('startpos');
$errormessage = '';
$error = '';
$virtualpath = ((getVar('virtualpath') != null) ? getVar('virtualpath') : serverVar('PATH_INFO'));
if (!headers_sent() ) {
header('Generator: Nucleus CMS ' . $nucleus['version']);
}
// include core classes that are needed for login & plugin handling
include($DIR_LIBS . 'mysql.php');
include($DIR_LIBS . 'MEMBER.php');
include($DIR_LIBS . 'ACTIONLOG.php');
include($DIR_LIBS . 'MANAGER.php');
include($DIR_LIBS . 'PLUGIN.php');
$manager =& MANAGER::instance();
// make sure there's no unnecessary escaping:
set_magic_quotes_runtime(0);
// Avoid notices
if (!isset($CONF['UsingAdminArea'])) {
$CONF['UsingAdminArea'] = 0;
}
// only needed when updating logs
if ($CONF['UsingAdminArea']) {
include($DIR_LIBS . 'xmlrpc.inc.php'); // XML-RPC client classes
include_once($DIR_LIBS . 'ADMIN.php');
}
// connect to database
sql_connect();
$SQLCount = 0;
// logs sanitized result if need
if ($orgRequestURI!==serverVar('REQUEST_URI')) {
$msg = "Sanitized [" . serverVar('REMOTE_ADDR') . "] ";
$msg .= $orgRequestURI . " -> " . serverVar('REQUEST_URI');
if ($bLoggingSanitizedResult) {
addToLog(WARNING, $msg);
}
if (!$bSanitizeAndContinue) {
die("");
}
}
// makes sure database connection gets closed on script termination
register_shutdown_function('sql_disconnect');
// read config
getConfig();
// automatically use simpler toolbar for mozilla
if (($CONF['DisableJsTools'] == 0) && strstr(serverVar('HTTP_USER_AGENT'), 'Mozilla/5.0') && strstr(serverVar('HTTP_USER_AGENT'), 'Gecko') ) {
$CONF['DisableJsTools'] = 2;
}
// login if cookies set
$member = new MEMBER();
// login/logout when required or renew cookies
if ($action == 'login') {
// Form Authentication
$login = postVar('login');
$pw = postVar('password');
$shared = intPostVar('shared'); // shared computer or not
if ($member->login($login, $pw) ) {
$member->newCookieKey();
$member->setCookies($shared);
// allows direct access to parts of the admin area after logging in
if ($nextaction) {
$action = $nextaction;
}
$manager->notify('LoginSuccess', array('member' => &$member) );
$errormessage = '';
ACTIONLOG::add(INFO, "Login successful for $login (sharedpc=$shared)");
} else {
// errormessage for [%errordiv%]
$errormessage = 'Login failed for ' . $login;
$manager->notify('LoginFailed', array('username' => $login) );
ACTIONLOG::add(INFO, $errormessage);
}
/*
Backed out for now: See http://forum.nucleuscms.org/viewtopic.php?t=3684 for details
} elseif (serverVar('PHP_AUTH_USER') && serverVar('PHP_AUTH_PW')) {
// HTTP Authentication
$login = serverVar('PHP_AUTH_USER');
$pw = serverVar('PHP_AUTH_PW');
if ($member->login($login, $pw) ) {
$manager->notify('LoginSuccess',array('member' => &$member));
ACTIONLOG::add(INFO, "HTTP authentication successful for $login");
} else {
$manager->notify('LoginFailed',array('username' => $login));
ACTIONLOG::add(INFO, 'HTTP authentication failed for ' . $login);
//Since bad credentials, generate an apropriate error page
header("WWW-Authenticate: Basic realm=\"Nucleus CMS {$nucleus['version']}\"");
header('HTTP/1.0 401 Unauthorized');
echo 'Invalid username or password';
exit;
}
*/
} elseif (($action == 'logout') && (!headers_sent() ) && cookieVar($CONF['CookiePrefix'] . 'user') ) {
// remove cookies on logout
setcookie($CONF['CookiePrefix'] . 'user', '', (time() - 2592000), $CONF['CookiePath'], $CONF['CookieDomain'], $CONF['CookieSecure']);
setcookie($CONF['CookiePrefix'] . 'loginkey', '', (time() - 2592000), $CONF['CookiePath'], $CONF['CookieDomain'], $CONF['CookieSecure']);
$manager->notify('Logout', array('username' => cookieVar($CONF['CookiePrefix'] . 'user') ) );
} elseif (cookieVar($CONF['CookiePrefix'] . 'user') ) {
// Cookie Authentication
$res = $member->cookielogin(cookieVar($CONF['CookiePrefix'] . 'user'), cookieVar($CONF['CookiePrefix'] . 'loginkey') );
// renew cookies when not on a shared computer
if ($res && (cookieVar($CONF['CookiePrefix'] . 'sharedpc') != 1) && (!headers_sent() ) ) {
$member->setCookies();
}
}
// login completed
ticketForPlugin();
$manager->notify('PostAuthentication', array('loggedIn' => $member->isLoggedIn() ) );
// first, let's see if the site is disabled or not. always allow admin area access.
if ($CONF['DisableSite'] && !$member->isAdmin() && !$CONF['UsingAdminArea']) {
redirect($CONF['DisableSiteURL']);
exit;
}
// load other classes
include($DIR_LIBS . 'PARSER.php');
include($DIR_LIBS . 'SKIN.php');
include($DIR_LIBS . 'TEMPLATE.php');
include($DIR_LIBS . 'BLOG.php');
include($DIR_LIBS . 'BODYACTIONS.php');
include($DIR_LIBS . 'COMMENTS.php');
include($DIR_LIBS . 'COMMENT.php');
//include($DIR_LIBS . 'ITEM.php');
include($DIR_LIBS . 'NOTIFICATION.php');
include($DIR_LIBS . 'BAN.php');
include($DIR_LIBS . 'PAGEFACTORY.php');
include($DIR_LIBS . 'SEARCH.php');
include($DIR_LIBS . 'entity.php');
// set lastVisit cookie (if allowed)
if (!headers_sent() ) {
if ($CONF['LastVisit']) {
setcookie($CONF['CookiePrefix'] . 'lastVisit', time(), time() + 2592000, $CONF['CookiePath'], $CONF['CookieDomain'], $CONF['CookieSecure']);
} else {
setcookie($CONF['CookiePrefix'] . 'lastVisit', '', (time() - 2592000), $CONF['CookiePath'], $CONF['CookieDomain'], $CONF['CookieSecure']);
}
}
// read language file, only after user has been initialized
$language = getLanguageName();
include($DIR_LANG . ereg_replace( '[\\|/]', '', $language) . '.php');
/*
Backed out for now: See http://forum.nucleuscms.org/viewtopic.php?t=3684 for details
// To remove after v2.5 is released and language files have been updated.
// Including this makes sure that language files for v2.5beta can still be used for v2.5final
// without having weird _SETTINGS_EXTAUTH string showing up in the admin area.
if (!defined('_MEMBERS_BYPASS'))
{
define('_SETTINGS_EXTAUTH', 'Enable External Authentication');
define('_WARNING_EXTAUTH', 'Warning: Enable only if needed.');
define('_MEMBERS_BYPASS', 'Use External Authentication');
}
*/
// make sure the archivetype skinvar keeps working when _ARCHIVETYPE_XXX not defined
if (!defined('_ARCHIVETYPE_MONTH') ) {
define('_ARCHIVETYPE_DAY', 'day');
define('_ARCHIVETYPE_MONTH', 'month');
}
// decode path_info
if ($CONF['URLMode'] == 'pathinfo') {
// initialize keywords if this hasn't been done before
if ($CONF['ItemKey'] == '') {
$CONF['ItemKey'] = 'item';
}
if ($CONF['ArchiveKey'] == '') {
$CONF['ArchiveKey'] = 'archive';
}
if ($CONF['ArchivesKey'] == '') {
$CONF['ArchivesKey'] = 'archives';
}
if ($CONF['MemberKey'] == '') {
$CONF['MemberKey'] = 'member';
}
if ($CONF['BlogKey'] == '') {
$CONF['BlogKey'] = 'blog';
}
if ($CONF['CategoryKey'] == '') {
$CONF['CategoryKey'] = 'category';
}
$parsed = false;
$manager->notify(
'ParseURL',
array(
'type' => basename(serverVar('SCRIPT_NAME') ), // e.g. item, blog, ...
'info' => $virtualpath,
'complete' => &$parsed
)
);
if (!$parsed) {
// default implementation
$data = explode("/", $virtualpath );
for ($i = 0; $i < sizeof($data); $i++) {
switch ($data[$i]) {
case $CONF['ItemKey']: // item/1 (blogid)
$i++;
if ($i < sizeof($data) ) {
$itemid = intval($data[$i]);
}
break;
case $CONF['ArchivesKey']: // archives/1 (blogid)
$i++;
if ($i < sizeof($data) ) {
$archivelist = intval($data[$i]);
}
break;
case $CONF['ArchiveKey']: // two possibilities: archive/yyyy-mm or archive/1/yyyy-mm (with blogid)
if ((($i + 1) < sizeof($data) ) && (!strstr($data[$i + 1], '-') ) ) {
$blogid = intval($data[++$i]);
}
$i++;
if ($i < sizeof($data) ) {
$archive = $data[$i];
}
break;
case 'blogid': // blogid/1
case $CONF['BlogKey']: // blog/1
$i++;
if ($i < sizeof($data) ) {
$blogid = intval($data[$i]);
}
break;
case $CONF['CategoryKey']: // category/1 (catid)
case 'catid':
$i++;
if ($i < sizeof($data) ) {
$catid = intval($data[$i]);
}
break;
case $CONF['MemberKey']:
$i++;
if ($i < sizeof($data) ) {
$memberid = intval($data[$i]);
}
break;
default:
// skip...
}
}
}
}
function intPostVar($name) {
return intval(postVar($name) );
}
function intGetVar($name) {
return intval(getVar($name) );
}
function intRequestVar($name) {
return intval(requestVar($name) );
}
function intCookieVar($name) {
return intval(cookieVar($name) );
}
/**
* returns the currently used version (100 = 1.00, 101 = 1.01, etc...)
*/
function getNucleusVersion() {
return 330;
}
/**
* power users can install patches in between nucleus releases. These patches
* usually add new functionality in the plugin API and allow those to
* be tested without having to install CVS.
*/
function getNucleusPatchLevel() {
return 0;
}
/**
* Connects to mysql server
*/
function sql_connect() {
global $MYSQL_HOST, $MYSQL_USER, $MYSQL_PASSWORD, $MYSQL_DATABASE, $MYSQL_CONN;
$MYSQL_CONN = @mysql_connect($MYSQL_HOST, $MYSQL_USER, $MYSQL_PASSWORD) or startUpError('
Could not connect to MySQL database.
', 'Connect Error');
mysql_select_db($MYSQL_DATABASE) or startUpError('
Could not select database: ' . mysql_error() . '
', 'Connect Error');
return $MYSQL_CONN;
}
/**
* returns a prefixed nucleus table name
*/
function sql_table($name) {
global $MYSQL_PREFIX;
if ($MYSQL_PREFIX) {
return $MYSQL_PREFIX . 'nucleus_' . $name;
} else {
return 'nucleus_' . $name;
}
}
function sendContentType($contenttype, $pagetype = '', $charset = _CHARSET) {
global $manager, $CONF;
if (!headers_sent() ) {
// if content type is application/xhtml+xml, only send it to browsers
// that can handle it (IE6 cannot). Otherwise, send text/html
// v2.5: For admin area pages, keep sending text/html (unless it's a debug version)
// application/xhtml+xml still causes too much problems with the javascript implementations
// v3.3: ($CONF['UsingAdminArea'] && !$CONF['debug']) gets removed,
// application/xhtml+xml seems to be working, so we're going to use it if we can.
//
// Note: reverted the following function in JP version
//
/*
// v3.3 code
if (
($contenttype == 'application/xhtml+xml')
&& (!stristr(serverVar('HTTP_ACCEPT'), 'application/xhtml+xml') )
) {
$contenttype = 'text/html';
}
*/
// v3.2x code
if (
($contenttype == 'application/xhtml+xml')
&& (($CONF['UsingAdminArea'] && !$CONF['debug']) || !stristr(serverVar('HTTP_ACCEPT'),'application/xhtml+xml'))
)
{
$contenttype = 'text/html';
}
$manager->notify(
'PreSendContentType',
array(
'contentType' => &$contenttype,
'charset' => &$charset,
'pageType' => $pagetype
)
);
// strip strange characters
$contenttype = preg_replace('|[^a-z0-9-+./]|i', '', $contenttype);
$charset = preg_replace('|[^a-z0-9-_]|i', '', $charset);
if ($charset != '') {
header('Content-Type: ' . $contenttype . '; charset=' . $charset);
} else {
header('Content-Type: ' . $contenttype);
}
}
}
/**
* Errors before the database connection has been made
*/
function startUpError($msg, $title) {
?>
');
return $res;
}
/**
* Highlights a specific query in a given HTML text (not within HTML tags) and returns it
*
* @param $text
* text to be highlighted
* @param $expression
* regular expression to be matched (can be an array of expressions as well)
* @param $highlight
* highlight to be used (use \\0 to indicate the matched expression)
*
*/
function highlight($text, $expression, $highlight) {
if (!$highlight || !$expression) {
return $text;
}
if (is_array($expression) && (count($expression) == 0) ) {
return $text;
}
// add a tag in front (is needed for preg_match_all to work correct)
$text = '' . $text;
// split the HTML up so we have HTML tags
// $matches[0][i] = HTML + text
// $matches[1][i] = HTML
// $matches[2][i] = text
preg_match_all('/(<[^>]+>)([^<>]*)/', $text, $matches);
// throw it all together again while applying the highlight to the text pieces
$result = '';
for ($i = 0; $i < sizeof($matches[2]); $i++) {
if ($i != 0) {
$result .= $matches[1][$i];
}
if (is_array($expression) ) {
foreach ($expression as $regex) {
if ($regex) {
$matches[2][$i] = @eregi_replace($regex, $highlight, $matches[2][$i]);
}
}
$result .= $matches[2][$i];
} else {
$result .= @eregi_replace($expression, $highlight, $matches[2][$i]);
}
}
return $result;
}
/**
* Parses a query into an array of expressions that can be passed on to the highlight method
*/
function parseHighlight($query) {
// TODO: add more intelligent splitting logic
// get rid of quotes
$query = preg_replace('/\'|"/', '', $query);
if (!query) {
return array();
}
$aHighlight = explode(' ', $query);
for ($i = 0; $i < count($aHighlight); $i++) {
$aHighlight[$i] = trim($aHighlight[$i]);
if (strlen($aHighlight[$i]) < 3) {
unset($aHighlight[$i]);
}
}
if (count($aHighlight) == 1) {
return $aHighlight[0];
} else {
return $aHighlight;
}
}
/**
* Checks if email address is valid
*/
function isValidMailAddress($address) {
if (preg_match('/^[a-zA-Z+0-9\._-]+@[a-zA-Z0-9\._-]+\.[A-Za-z]{2,5}$/', $address)) {
return 1;
} else {
return 0;
}
}
// some helper functions
function getBlogIDFromName($name) {
return quickQuery('SELECT bnumber as result FROM ' . sql_table('blog') . ' WHERE bshortname="' . addslashes($name) . '"');
}
function getBlogNameFromID($id) {
return quickQuery('SELECT bname as result FROM ' . sql_table('blog') . ' WHERE bnumber=' . intval($id) );
}
function getBlogIDFromItemID($itemid) {
return quickQuery('SELECT iblog as result FROM ' . sql_table('item') . ' WHERE inumber=' . intval($itemid) );
}
function getBlogIDFromCommentID($commentid) {
return quickQuery('SELECT cblog as result FROM ' . sql_table('comment') . ' WHERE cnumber=' . intval($commentid) );
}
function getBlogIDFromCatID($catid) {
return quickQuery('SELECT cblog as result FROM ' . sql_table('category') . ' WHERE catid=' . intval($catid) );
}
function getCatIDFromName($name) {
return quickQuery('SELECT catid as result FROM ' . sql_table('category') . ' WHERE cname="' . addslashes($name) . '"');
}
function quickQuery($q) {
$res = sql_query($q);
$obj = mysql_fetch_object($res);
return $obj->result;
}
function getPluginNameFromPid($pid) {
$res = sql_query('SELECT pfile FROM ' . sql_table('plugin') . ' WHERE pid=' . intval($pid) );
$obj = mysql_fetch_object($res);
return $obj->pfile;
}
function selector() {
global $itemid, $blogid, $memberid, $query, $amount, $archivelist, $maxresults;
global $archive, $skinid, $blog, $memberinfo, $CONF, $member;
global $imagepopup, $catid;
global $manager;
$actionNames = array('addcomment', 'sendmessage', 'createaccount', 'forgotpassword', 'votepositive', 'votenegative', 'plugin');
$action = requestVar('action');
if (in_array($action, $actionNames) ) {
global $DIR_LIBS, $errormessage;
include_once($DIR_LIBS . 'ACTION.php');
$a = new ACTION();
$errorInfo = $a->doAction($action);
if ($errorInfo) {
$errormessage = $errorInfo['message'];
}
}
// show error when headers already sent out
if (headers_sent() && $CONF['alertOnHeadersSent']) {
// try to get line number/filename (extra headers_sent params only exists in PHP 4.3+)
if (function_exists('version_compare') && version_compare('4.3.0', phpversion(), '<=') ) {
headers_sent($hsFile, $hsLine);
$extraInfo = ' in ' . $hsFile . ' line ' . $hsLine . '';
} else {
$extraInfo = '';
}
startUpError(
'
The page headers have already been sent out' . $extraInfo . '. This could cause Nucleus not to work in the expected way.
Usually, this is caused by spaces or newlines at the end of the config.php file, at the end of the language file or at the end of a plugin file. Please check this and try again.
If you don\'t want to see this error message again, without solving the problem, set $CONF[\'alertOnHeadersSent\'] in globalfunctions.php to 0
',
'Page headers already sent'
);
exit;
}
// make is so ?archivelist without blogname or blogid shows the archivelist
// for the default weblog
if (serverVar('QUERY_STRING') == 'archivelist') {
$archivelist = $CONF['DefaultBlog'];
}
// now decide which type of skin we need
if ($itemid) {
// itemid given -> only show that item
$type = 'item';
if (!$manager->existsItem($itemid,0,0) ) {
doError(_ERROR_NOSUCHITEM);
}
global $itemidprev, $itemidnext, $catid, $itemtitlenext, $itemtitleprev;
// 1. get timestamp, blogid and catid for item
$query = 'SELECT itime, iblog, icat FROM ' . sql_table('item') . ' WHERE inumber=' . intval($itemid);
$res = sql_query($query);
$obj = mysql_fetch_object($res);
// if a different blog id has been set through the request or selectBlog(),
// deny access
// if ($blogid && (intval($blogid) != $obj->iblog) ) {
// doError(_ERROR_NOSUCHITEM);
// }
if ($blogid && (intval($blogid) != $obj->iblog)) {
if (!headers_sent()) {
$b =& $manager->getBlog($obj->iblog);
$CONF['ItemURL'] = $b->getURL();
if ($CONF['URLMode'] == 'pathinfo' and substr($CONF['ItemURL'],-1) == '/')
$CONF['ItemURL'] = substr($CONF['ItemURL'], 0, -1);
$correctURL = createItemLink($itemid, '');
redirect($correctURL);
exit;
} else {
doError(_ERROR_NOSUCHITEM);
}
}
// if a category has been selected which doesn't match the item, ignore the
// category. #85
if (($catid != 0) && ($catid != $obj->icat) ) {
$catid = 0;
}
$blogid = $obj->iblog;
$timestamp = strtotime($obj->itime);
$b =& $manager->getBlog($blogid);
if ($b->isValidCategory($catid) ) {
$catextra = ' and icat=' . $catid;
}
// get previous itemid and title
$query = 'SELECT inumber, ititle FROM ' . sql_table('item') . ' WHERE itime<' . mysqldate($timestamp) . ' and idraft=0 and iblog=' . $blogid . $catextra . ' ORDER BY itime DESC LIMIT 1';
$res = sql_query($query);
$obj = mysql_fetch_object($res);
if ($obj) {
$itemidprev = $obj->inumber;
$itemtitleprev = $obj->ititle;
}
// get next itemid and title
$query = 'SELECT inumber, ititle FROM ' . sql_table('item') . ' WHERE itime>' . mysqldate($timestamp) . ' and itime <= ' . mysqldate($b->getCorrectTime()) . ' and idraft=0 and iblog=' . $blogid . $catextra . ' ORDER BY itime ASC LIMIT 1';
$res = sql_query($query);
$obj = mysql_fetch_object($res);
if ($obj) {
$itemidnext = $obj->inumber;
$itemtitlenext = $obj->ititle;
}
} elseif ($archive) {
// show archive
$type = 'archive';
// get next and prev month links
global $archivenext, $archiveprev, $archivetype;
sscanf($archive, '%d-%d-%d', $y, $m, $d);
if ($d != 0) {
$archivetype = _ARCHIVETYPE_DAY;
$t = mktime(0, 0, 0, $m, $d, $y);
$archiveprev = strftime('%Y-%m-%d', $t - (24 * 60 * 60) );
$archivenext = strftime('%Y-%m-%d', $t + (24 * 60 * 60) );
} else {
$archivetype = _ARCHIVETYPE_MONTH;
$t = mktime(0, 0, 0, $m, 1, $y);
$archiveprev = strftime('%Y-%m', $t - (1 * 24 * 60 * 60) );
$archivenext = strftime('%Y-%m', $t + (32 * 24 * 60 * 60) );
}
} elseif ($archivelist) {
$type = 'archivelist';
if (is_numeric($archivelist)) {
$blogid = intVal($archivelist);
} else {
$blogid = getBlogIDFromName($archivelist);
}
if (!$blogid) {
doError(_ERROR_NOSUCHBLOG);
}
} elseif ($query) {
global $startpos;
$type = 'search';
$query = stripslashes($query);
if(preg_match("/^(\xA1{2}|\xe3\x80{2}|\x20)+$/",$query)){
$type = 'index';
}
$order = (_CHARSET == 'EUC-JP') ? 'EUC-JP, UTF-8,' : 'UTF-8, EUC-JP,';
$query = mb_convert_encoding($query, _CHARSET, $order.' JIS, SJIS, ASCII');
if (is_numeric($blogid)) {
$blogid = intVal($blogid);
} else {
$blogid = getBlogIDFromName($blogid);
}
if (!$blogid) {
doError(_ERROR_NOSUCHBLOG);
}
} elseif ($memberid) {
$type = 'member';
if (!MEMBER::existsID($memberid) ) {
doError(_ERROR_NOSUCHMEMBER);
}
$memberinfo = $manager->getMember($memberid);
} elseif ($imagepopup) {
// media object (images etc.)
$type = 'imagepopup';
// TODO: check if media-object exists
// TODO: set some vars?
} else {
// show regular index page
global $startpos;
$type = 'index';
}
// decide which blog should be displayed
if (!$blogid) {
$blogid = $CONF['DefaultBlog'];
}
$b =& $manager->getBlog($blogid);
$blog = $b; // references can't be placed in global variables?
if (!$blog->isValid) {
doError(_ERROR_NOSUCHBLOG);
}
// set catid if necessary
if ($catid) {
$blog->setSelectedCategory($catid);
}
// decide which skin should be used
if ($skinid != '' && ($skinid == 0) ) {
selectSkin($skinid);
}
if (!$skinid) {
$skinid = $blog->getDefaultSkin();
}
$special = requestVar('special');
if (!empty($special) && isValidShortName($special)) {
$type = strtolower($special);
}
$skin = new SKIN($skinid);
if (!$skin->isValid) {
doError(_ERROR_NOSUCHSKIN);
}
// parse the skin
$skin->parse($type);
}
/**
* Show error skin with given message. An optional skin-object to use can be given
*/
function doError($msg, $skin = '') {
global $errormessage, $CONF, $skinid, $blogid, $manager;
if ($skin == '') {
if (SKIN::existsID($skinid) ) {
$skin = new SKIN($skinid);
} elseif ($manager->existsBlogID($blogid) ) {
$blog =& $manager->getBlog($blogid);
$skin = new SKIN($blog->getDefaultSkin() );
} elseif ($CONF['DefaultBlog']) {
$blog =& $manager->getBlog($CONF['DefaultBlog']);
$skin = new SKIN($blog->getDefaultSkin() );
} else {
// this statement should actually never be executed
$skin = new SKIN($CONF['BaseSkin']);
}
}
$errormessage = $msg;
$skin->parse('error');
exit;
}
function getConfig() {
global $CONF;
$query = 'SELECT * FROM ' . sql_table('config');
$res = sql_query($query);
while ($obj = mysql_fetch_object($res) ) {
$CONF[$obj->name] = $obj->value;
}
}
// some checks for names of blogs, categories, templates, members, ...
function isValidShortName($name) {
return eregi('^[a-z0-9]+$', $name);
}
function isValidDisplayName($name) {
return eregi('^[a-z0-9]+[a-z0-9 ]*[a-z0-9]+$', $name);
}
function isValidCategoryName($name) {
return 1;
}
function isValidTemplateName($name) {
return eregi('^[a-z0-9/]+$', $name);
}
function isValidSkinName($name) {
return eregi('^[a-z0-9/]+$', $name);
}
// add and remove linebreaks
function addBreaks($var) {
return nl2br($var);
}
function removeBreaks($var) {
return preg_replace("/ ([\r\n])/", "$1", $var);
}
// shortens a text string to maxlength ($toadd) is what needs to be added
// at the end (end length is <= $maxlength)
function shorten($text, $maxlength, $toadd) {
// 1. remove entities...
$trans = get_html_translation_table(HTML_ENTITIES);
$trans = array_flip($trans);
$text = strtr($text, $trans);
// 2. the actual shortening
if (strlen($text) > $maxlength)
$text = mb_strimwidth($text, 0, $maxlength, $toadd, _CHARSET);
return $text;
}
/**
* Converts a unix timestamp to a mysql DATETIME format, and places
* quotes around it.
*/
function mysqldate($timestamp) {
return '"' . date('Y-m-d H:i:s', $timestamp) . '"';
}
/**
* functions for use in index.php
*/
function selectBlog($shortname) {
global $blogid, $archivelist;
$blogid = getBlogIDFromName($shortname);
// also force archivelist variable, if it is set
if ($archivelist) {
$archivelist = $blogid;
}
}
function selectSkin($skinname) {
global $skinid;
$skinid = SKIN::getIdFromName($skinname);
}
/**
* Can take either a category ID or a category name (be aware that
* multiple categories can have the same name)
*/
function selectCategory($cat) {
global $catid;
if (is_numeric($cat) ) {
$catid = intval($cat);
} else {
$catid = getCatIDFromName($cat);
}
}
function selectItem($id) {
global $itemid;
$itemid = intval($id);
}
// force the use of a language file (warning: can cause warnings)
function selectLanguage($language) {
global $DIR_LANG;
include($DIR_LANG . ereg_replace( '[\\|/]', '', $language) . '.php');
}
function parseFile($filename, $includeMode = 'normal', $includePrefix = '') {
$handler = new ACTIONS('fileparser');
$parser = new PARSER(SKIN::getAllowedActionsForType('fileparser'), $handler);
$handler->parser =& $parser;
// set IncludeMode properties of parser
PARSER::setProperty('IncludeMode', $includeMode);
PARSER::setProperty('IncludePrefix', $includePrefix);
if (!file_exists($filename) ) {
doError('A file is missing');
}
$fsize = filesize($filename);
if ($fsize <= 0) {
return;
}
// read file
$fd = fopen ($filename, 'r');
$contents = fread ($fd, $fsize);
fclose ($fd);
// parse file contents
$parser->parse($contents);
}
/**
* Outputs a debug message
*/
function debug($msg) {
echo '