Skip to content

Instantly share code, notes, and snippets.

/snews.py

Created March 24, 2013 18:32
Show Gist options
  • Save anonymous/5232966 to your computer and use it in GitHub Desktop.
Save anonymous/5232966 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
snews.py
#!/usr/bin/python
# -*- coding: UTF-8 -*-
import sys, os, math
from cgi import escape, FieldStorage
import MySQLdb
import time
from datetime import datetime
import Cookie
reload(sys)
sys.setdefaultencoding("utf8")
import codecs
sys.stdout = codecs.getwriter('utf8')(sys.stdout)
import cgitb
cgitb.enable()
def headers():
hs = Cookie.SimpleCookie()
if 'HTTP_COOKIE' in os.environ:
hs.load(os.environ['HTTP_COOKIE'])
if 'id' in hs:
hs['id']=''
hs['id']['expires']='Thu, 01 Jan 1970 00:00:00 GMT'
print "Content-Type: text/html; charset=utf-8"
print hs
print ""
headers()
from pynewssettings import db
# SITE - Automatically detects the scripts location.
def site():
website = host = ''
directory = '/'
host = os.environ['SERVER_NAME'] if 'SERVER_NAME' in os.environ else 'localhost'
try:
#directory = os.path.dirname(os.environ['SCRIPT_NAME'])
directory = os.environ['SCRIPT_NAME']
finally:
website = 'http://'+(host+'/' if directory == '/' else host+directory+'/')
return website
# xxx import correct LANG file
import EN
# XXX Missing ?
EN.l['hidden'] = 'hidden'
def l(s):
return EN.l[s]
# INFO LINE TAGS (readmore, comments, date)
def tags(t):
ts = {
'infoline': '<p class="date">,readmore,comments,date,edit,</p>',
'comments': '<p class="meta">,name, '+l('on')+' ,date,edit,</p>,<p class="comment">,comment,</p>'
}
return ts[t];
# SITE SETTINGS - grab site settings from database
site_settings = {}
def s(var):
global dbconnection
global site_settings;
if (not site_settings):
cur = dbconnection.cursor()
query = 'SELECT name,value FROM '+_PRE+'settings'
cur.execute(query)
for r in cur.fetchall():
site_settings[r['name']] = r['value'];
value = site_settings[var];
return value;
# SESSION TOKEN
def token():
# xxx poor
# but this function is useless anyway
return _SITE
#TITLE
def title():
global categorySEF, _DESCR, _KEYW, TITL, _NAME, _XNAME
print '<base href="'+_SITE+'" />'
stitle = (_TITLE+' - ') if _TITLE else ''
stitle += (_NAME+' - ') if _NAME else ''
stitle += (_XNAME+' - ') if _XNAME else ''
if (check_category(categorySEF) and categorySEF != 'administration' and categorySEF):
print s
stitle += l(categorySEF)+' - '
stitle += s('website_title')
desc = _DESCR if _DESCR else s('website_description')
keyw = _KEYW if _KEYW else s('website_keywords')
print """<title>%s</title>
<meta http-equiv="Content-Type" content="text/html; charset=%s" />
<meta name="description" content="%s" />
<meta name="keywords" content="%s" />""" % (stitle , s('charset'), desc, keyw)
if (_ADMIN):
print '<script type="text/javascript">'
#xxx include('js/admin.js')
print '</script>'
# BREADCRUMBS
def breadcrumbs():
global dbconnection
global categorySEF, subcatSEF, _POS, _TITLE, _NAME, _XNAME, _SITE
link = '<a href="'+_SITE+'';
if (_ADMIN):
print link+'administration/" title="'+l('administration')+'">'+l('administration')+'</a> '+l('divider')+' ';
print link+'">'+l('home')+'</a>' if (categorySEF) else l('home')
if ((categorySEF) and not check_category(categorySEF)):
# xxx fix syntax
# print ' '+l('divider')+' '+link+categorySEF+'/">'+(_XNAME if not empty(_XNAME) else _NAME)+'</a>' if not empty(subcatSEF) else (' '+l('divider')+' '+_NAME if not empty(_NAME))
if (subcatSEF and _XNAME):
print (' '+l('divider')+' '+link+categorySEF+'/'+subcatSEF+'/">'+_NAME+'</a>' if _POS==1 else ' '+l('divider')+' '+_NAME);
if (_TITLE):
print ' '+l('divider')+' '+_TITLE
if (check_category(categorySEF) and categorySEF != 'administration' and categorySEF):
print ' '+l('divider')+' '+l(categorySEF);
# LOGIN LOGOUT LINK
def login_link() :
login = '<a href="'+_SITE
login += ('administration/" title="'+l('administration')+'">'+l('administration')+'</a> '+l('divider')+' <a href="'+_SITE+'logout/" title="'+l('logout')+'">'+l('logout')) if _ADMIN else ('login/" title="'+l('login')+'">'+l('login'))
login += '</a>'
print login
# DISPLAY CATEGORIES
def categories():
def subcategories(parent):
global categorySEF, subcatSEF;
tab = retr_categories(parent);
if tab:
print '<ul>';
for s in tab:
subSEF = s['seftitle'];
cssclass = ' class="current"' if subSEF == subcatSEF else '';
num='('+s['total']+')' if 'total' in s else ''
print '<li class="subcat"><a'+cssclass+' href="'+_SITE+categorySEF+'/'+subSEF+'/" title="'+s['description']+'">'+s['name']+num+'</a></li>';
print '</ul>';
global categorySEF;
tab = retr_categories();
if tab:
for r in tab:
category_title = r['seftitle'];
r['name'] = l('uncategorised') if (s('language')!='EN' and r['name'] == 'Uncategorized' and r['parent']==1) else r['name'];
cssclass = ' class="current"' if category_title == categorySEF else '';
num='('+r['total']+')' if 'total' in r else ''
print '<li><a'+cssclass+' href="'+_SITE+category_title+'/" title="'+r['name']+' - '+r['description']+'">'+r['name']+num+'</a>';
parent = r['parent'];
if (category_title == categorySEF): subcategories(parent)
print '</li>';
else:
print '<li>'+l('no_categories')+'</li>';
# DISPLAY PAGES
def pages():
global categorySEF,_No3,_ID
qwr = ' AND visible=\'YES\'' if not _ADMIN else ''
cssclass = ' class="current"' if not(categorySEF) else ''
print '<li><a'+cssclass+' href="'+_SITE+'">%s</a></li>' % l('home')
cssclass = ' class="current"' if (categorySEF == 'archive') else ''
print '<li><a'+cssclass+' href="'+_SITE+'archive/">%s</a></li>' % l('archive')
query = "SELECT id, seftitle, title FROM %sarticles WHERE position = 3 %s ORDER BY artorder ASC, id" %(_PRE,qwr)
cur = dbconnection.cursor()
cur.execute(query)
num=0
for r in cur.fetchall():
title = r['title']
cssclass = ' class="current"' if (categorySEF == r['seftitle']) else ''
cssclass = ' class="current"' if (_ID == r['id']) else ''
if r['id'] != s('display_page'):
print '<li'+cssclass+'><a href="'+_SITE+r['seftitle']+'/">%s</a></li>' % title
num += 1
cssclass = ' class="current"' if (categorySEF == 'contact') else ''
print '<li><a'+cssclass+' href="'+_SITE+'contact/">%s</a></li>' % l('contact')
cssclass = ' class="current"' if (categorySEF == 'sitemap') else ''
print '<li><a'+cssclass+' href="'+_SITE+'sitemap/">%s</a></li>' % l('sitemap')
if (num):
_No3 = True
# DISPLAY PAGES
def xxx_pages() :
global categorySEF,_No3,_ID
qwr = ' AND visible=\'YES\'' if not _ADMIN else ''
classcss = ' class="current"' if not(categorySEF) else ''
print '<li><a'+classcss+' href="'+_SITE+'">'+l('home')+'</a></li>'
cssclass = ' class="current"' if categorySEF == 'archive' else ''
print '<li><a'+cssclass+' href="'+_SITE+'archive/">'+l('archive')+'</a></li>'
query = "SELECT id, seftitle, title FROM "+_PRE+'articles'+" WHERE position = 3 qwr ORDER BY artorder ASC, id"
result = cur.execute(query)
num = mysql_num_rows(result)
for r in cur.fetchall():
title = r['title']
classcss = ' class="current"' if (categorySEF == r['seftitle']) else ''
classcss = ' class="current"' if (_ID == r['id']) else ''
if (r['id'] != s('display_page')) :
print '<li'+classcss+'><a href="'+_SITE.r['seftitle']+'/">'+title+'</a></li>'
# XXX class = (categorySEF == 'contact') ? ' class="current"': ''
# XXX print '<li><a'+class+' href="'+_SITE+'contact/">'+l('contact')+'</a></li>'
# XXX class = (categorySEF == 'sitemap') ? ' class="current"': ''
# XXX print '<li><a'+class+' href="'+_SITE+'sitemap/">'+l('sitemap')+'</a></li>'
if (num): _No3 = true
#EXTRA CONTENT
def extra(mode='', styleit = 0, classname = '', idname= ''):
global categorySEF, subcatSEF, articleSEF, _ID, _catID
if not mode:
mode = retrieve('seftitle', 'extras','id',1)
if not _ADMIN:
qwr = ' AND visible=\'YES\''
else:
qwr = ''
mode.lower()
getExtra = retrieve('id', 'extras', 'seftitle', mode)
subCat = retrieve('subcat', 'categories', 'id', _catID)
if _ID:
getArt = _ID
if subcatSEF:
catSEF = subcatSEF
url = ('/'+categorySEF if categorySEF else '')+('/'+subcatSEF if subcatSEF else '')+('/'+articleSEF if articleSEF else '')
sql = """SELECT
id,title,seftitle,text,category,extraid,page_extra,
position,displaytitle,show_in_subcats,visible
FROM %sarticles
WHERE published = 1
AND position = 2 """ % _PRE
if not getExtra:
getExtra = 1
query = sql+(' AND extraid = %d' % getExtra )
query = query+qwr+' ORDER BY artorder ASC,id ASC'
cur = dbconnection.cursor()
result = cur.execute(query)
for r in cur.fetchall():
category = r['category']
page = r['page_extra']
if category == 0 and page<1:
dprint = False
elif category == 0 and not _catID and page!='':
dprint = True if check_category(catSEF) != True else False
elif category == _catID or (category == subCat and r['show_in_subcats'] == 'YES'):
dprint = True
elif category == -3 and getArt == page:
dprint = True
elif (category == -3 and _catID == 0 and getArt != page and page == 0 and categorySEF !='' and not in_array(categorySEF,explode(',',l('cat_listSEF')))
and substr( categorySEF, 0, 2) != l('paginator') ):
dprint = True
# To show up on all pages only
elif category == -1 and _catID == 0 and getArt != page and page == 0:
dprint = True
# To show up on all categories and pages
elif category == -1:
dprint = True
else:
dprint = False
if dprint:
if styleit == 1:
container ='<div'
container += ' class="'+classname+'"' if classname else ''
container += ' id="'+idname+'"' if idname else ''
container += '>'
print container
if r['displaytitle'] == 'YES':
print '<h3>%s</h3>' % r['title']
file_include(r['text'], 9999000)
if r['visible'] == 'YES':
visiblity = '<a href=%s?action=process&amp;task=hide&amp;item=snews_articles&amp;id=%d&amp;back=%s">%s</a>' %(_SITE,r['id'],url,l('hide'))
else:
visiblity = l('hidden')+' ( <a href="%s?action=process&amp;task=show&amp;item=snews_articles&amp;id=%d&amp;back=%s">%s</a> )' % (_SITE,r['id'],url,l('show'))
if _ADMIN:
print '<p><a href="%s?action=admin_article&amp;id=%d" title="%s %s">%s</a> %s</p>' % (_SITE,r['id'],l('edit'),r['seftitle'],l('edit'),l('divider'),visiblity)
if styleit == 1:
print '</div>'
def paginator(pageNum, maxPage, pagePrefix):
global categorySEF,subcatSEF, articleSEF,_ID, _catID,_POS, _XNAME, _SITE
first = prev = next = last =""
if pagePrefix:
prefix = pagePrefix
else:
prefix = ""
if not _ID and not _catID:
uri ='';
elif _ID and _XNAME:
uri = categorySEF+'/'+subcatSEF+'/'+articleSEF+'/';
elif _POS == 1 or _XNAME:
uri = categorySEF+'/'+subcatSEF+'/';
else:
uri = categorySEF+'/';
link = '<a href="'+_SITE+uri
if (pageNum > 1):
if pageNum > 2:
prev = link+prefix+str(pageNum - 1)+'/" title="'+l('page')+' '+str(pageNum - 1)+'">&lt; '+l('previous_page')+'</a> ';
first = link+'" title="'+l('first_page')+' '+l('page')+'">&lt;&lt; '+l('first_page')+'</a>';
else:
prev = '&lt; '+l('previous_page');
first = '&lt;&lt; '+l('first_page');
if (pageNum < maxPage):
next = link+prefix+str(pageNum + 1)+'/" title="'+l('page')+' '+str(pageNum + 1)+'">'+l('next_page')+' &gt;</a> ';
last = link+prefix+str(maxPage)+'/" title="'+l('last_page')+' '+l('page')+'">'+l('last_page')+' &gt;&gt;</a> ';
else:
next = l('next_page')+' &gt; ';
last = l('last_page')+' &gt;&gt;';
print ('<div class="paginator">%s %s<strong>[%s</strong> / <strong>%s]</strong>%s %s</div>') % (first, prev, pageNum, maxPage,next, last)
_PRE = db('prefix')
categorySEF=None
articleSEF=None
subcatSEF=None
_ID = None
_catID = None
_POS = None
_XNAME = None
_NAME = None
pageNum = None
_TITLE = None
_KEYW = None
_DESC = None
_SESSION = {}
_GET = FieldStorage()
pagesList = []
commentsPage = None
_SERVER = { 'REMOTE_ADDR':'xxx'}
_POST = {}
for i in _GET.keys():
if i not in _POST:
_POST[i]=_GET.getvalue(i)
# Constants
# Website
_SITE = site()
# Set login constant
_ADMIN = _SITE+'Logged_In' in _SESSION and _SESSION[_SITE+'Logged_In'] == token()
_ADMIN = True # xxx
# CENTER
def center() :
# fatal session produced on failed login, and will display error message.
if (_SITE+str('fatal')) in _SESSION :
print _SESSION[_SITE+str('fatal')]
del(_SESSION[_SITE+str('fatal')])
else:
global categorySEF, subcatSEF, articleSEF
action = None
if 'category' in _GET:
action = categorySEF
if 'action' in _GET: # Patch #7 - 1.7.0
action = categorySEF if categorySEF == '404' else clean(cleanXSS(_GET.getvalue('action')))
if 'search_query' in _POST:
search(); return;
if 'comment' in _POST:
comment('comment_posted'); return;
if 'contactform' in _POST:
contact()
return
if 'Loginform' in _POST:
administration()
return
if 'submit_text' in _POST:
processing()
return
# XXX hack
if (action is None) and categorySEF:
action = categorySEF
if (_ADMIN) :
if action == 'administration':
administration(); return;
elif action == 'snews_settings':
settings(); return;
elif action == 'snews_categories':
admin_categories(); return;
elif action == 'admin_category':
form_categories(); return;
elif action == 'admin_subcategory':
form_categories('sub'); return;
elif action == 'groupings':
admin_groupings(); return;
elif action == 'admin_groupings':
form_groupings(); return;
elif action == 'snews_articles':
admin_articles('article_view'); return;
elif action == 'extra_contents':
admin_articles('extra_view'); return;
elif action == 'snews_pages':
admin_articles('page_view'); return;
elif action == 'admin_article':
form_articles(''); return;
elif action == 'article_new':
form_articles('article_new'); return;
elif action == 'extra_new':
form_articles('extra_new'); return;
elif action == 'page_new':
form_articles('page_new'); return;
elif action == 'editcomment':
edit_comment(); return;
elif action == 'snews_files':
files(); return;
elif action == 'process':
processing(); return;
elif action == 'logout':
session_destroy()
print '<meta http-equiv="refresh" content="2; url='+_SITE+'">'
print '<h2>'+l('log_out')+'</h2>'
return;
global pagesList
if (action in pagesList):
pagesList[action]['func']()
return
if action == "archive":
archive()
if action == '404':
print '<p class="warning">'+l('error_404')+'</p>'; # Patch #404 - 1.7.1 - message string revised.
elif action == "sitemap":
sitemap(); # Patch #404 - 1.7.1 - show sitemap with message.
else:
articles()
# ARTICLES
def articles():
global dbconnection
global categorySEF, subcatSEF, articleSEF, _ID, _POS, _catID, _XNAME, _SITE, pageNum
frontpage = s('display_page');
title_not_found = '<h2>'+l('none_yet')+'</h2>';
if _ADMIN:
visible='';
title_not_found += '<p>'+l('create_new')+'<a href="'+_SITE+'administration/" title="'+l('administration')+'">'+l('administration')+'</a></p>';
else:
visible =' AND a.visible=\'YES\' ';
if (_ID is not None or (_catID is None and frontpage != 0)):
if (_ID is None):
_ID = frontpage;
# article or page, id as indentifier
query_articles = 'SELECT a.id AS aid,title,a.seftitle AS asef,text,a.date, a.displaytitle, a.displayinfo, a.commentable, a.visible FROM '+_PRE+'articles AS a WHERE id ='+str(_ID)+visible;
else:
on = s('display_pagination') == 'on'
if on:
if (articleSEF):
SEF = articleSEF;
else:
if (subcatSEF):
SEF = subcatSEF
else:
SEF = categorySEF;
# pagination
if (_catID is not None):
count = 'SELECT COUNT(a.id) AS num FROM '+_PRE+'articles AS a WHERE position = 1 AND a.published =1 AND category = '+str(_catID)+visible+' GROUP BY category';
else:
count = 'SELECT COUNT(a.id) AS num FROM '+_PRE+'articles AS a LEFT OUTER JOIN '+_PRE+'categories as c ON category = c.id LEFT OUTER JOIN '+_PRE+'categories as x ON c.subcat = x.id AND (x.published =\'YES\') WHERE show_on_home = \'YES\' '+visible+' AND position = 1 AND a.published =1 AND c.published =\'YES\' GROUP BY show_on_home';
cur = dbconnection.cursor()
cur.execute(count)
r = cur.fetchone()
num = r['num'] if r else 0
if (num == 0):
print title_not_found;
else:
articleCount = 0
try:
int(s('article_limit'))
except:
pass
article_limit = 100 if (articleCount < 1) else articleCount;
totalPages = int(math.ceil(num/article_limit));
if (not pageNum or pageNum < 1):
pageNum = 1;
# get the rows for category
if (_catID is not None):
query_articles = 'SELECT a.id AS aid,title,a.seftitle AS asef,text,a.date, a.displaytitle, a.displayinfo, a.commentable, a.visible FROM '+_PRE+'articles AS a WHERE position = 1 AND a.published =1 AND category = '+str(_catID)+visible+' ORDER BY artorder ASC,date DESC LIMIT '+str((pageNum - 1) * article_limit)+','+str(article_limit)
else:
query_articles = 'SELECT a.id AS aid,title,a.seftitle AS asef,text,a.date, displaytitle,displayinfo, commentable,a.visible, c.name AS name,c.seftitle AS csef, x.name AS xname,x.seftitle AS xsef FROM '+_PRE+'articles AS a LEFT OUTER JOIN '+_PRE+'categories as c ON category = c.id LEFT OUTER JOIN '+_PRE+'categories as x ON c.subcat = x.id AND x.published =\'YES\' WHERE show_on_home = \'YES\' AND position = 1 AND a.published =1 AND c.published =\'YES\''+visible+' ORDER BY date DESC LIMIT '+str((pageNum - 1) * article_limit)+','+str(article_limit)
cur = dbconnection.cursor()
cur.execute(query_articles)
numrows = 1 # xxx!!!!
if (numrows == 0):
if _ADMIN:
print title_not_found;
print '<ul class="vertical">';
menu_articles(0,10,1);
print '</ul>';
else:
link = '<a href="'+_SITE;
for r in cur.fetchall():
infoline = r['displayinfo'] == 'YES'
text = r['text'].decode('string_escape');
if (pageNum):
short_display = strpos(text, '[break]');
shorten = 9999000 if short_display == 0 else short_display;
else:
shorten = 9999000;
comments_query = "SELECT count(id) as num FROM %scomments WHERE articleid = %d AND approved = 'True'" %(_PRE, r['aid'])
cur = dbconnection.cursor()
cur.execute(comments_query)
comments_num = cur.fetchone()['num']
a_date_format = date(s('date_format'), strtotime(r['date']))
if ('csef' in r):
uri = r['xsef']+'/'+r['csef'] if r['xsef'] else r['csef'];
else:
if (_XNAME): uri = categorySEF+'/'+subcatSEF;
else: uri = categorySEF;
print '<div class="wrap">'
title = r['title'];
if (r['displaytitle'] == 'YES'):
if (not _ID):
print '<h2 class="big">'+link+uri+'/'+r['asef']+'/">'+title+'</a></h2>';
else:
print '<h2>'+title+'</h2>';
print text # XXX //// file_include(str_replace('[break]', '',text), shorten);
commentable = r['commentable'];
visiblity = ('<a href="'+_SITE+'?action=process&amp;task=hide&amp;item=snews_articles&amp;id='+str(r['aid'])+'&amp;back='+str(uri)+'">'+l('hide')+'</a>' if r['visible'] == 'YES' else l('hidden')) + \
' ( <a href="'+_SITE+'?action=process&amp;task=show&amp;item=snews_articles&amp;id='+str(r['aid'])+'&amp;back='+str(uri)+'">'+l('show')+'</a> )'
edit_link = link+'?action=admin_article&amp;id='+str(r['aid'])+'" title="'+title+'">'+l('edit')+'</a> ';
edit_link+= ' '+l('divider')+' '+visiblity;
if ((pageNum)):
if (infoline):
tag = explode(',', tags('infoline'));
for tag in tag:
if (tag == 'date'):
print a_date_format;
elif (tag == 'readmore' and strlen(r['text']) > shorten):
print link+uri+'/'+r['asef']+'/">'+l('read_more')+'</a> ';
elif (tag == 'comments' and (commentable == 'YES' or commentable == 'FREEZ')):
print link+uri+'/'+r['asef']+'/#'+l('comment')+'1">'+l('comments')+' (%d)</a> '%comments_num;
elif (tag == 'edit' and _ADMIN):
print ' '+edit_link;
elif (tag != 'readmore' and tag != 'comments' and tag != 'edit'):
print tag;
elif _ADMIN:
print '<p>'+edit_link+'</p>';
elif (not (pageNum)):
if (infoline):
tag = explode(',', tags('infoline'));
for tag in tag:
if tag == 'date':
print a_date_format;
break;
elif tag == 'readmore':
pass
elif tag == 'comments':
pass;
elif tag == 'edit':
if _ADMIN:
print ' '+edit_link;
else:
print tag;
else:
if _ADMIN:
print '<p>'+edit_link+'</p>';
print "</div>"
if ((pageNum) and (num> article_limit) and on):
paginator(pageNum, totalPages, l('paginator'));
if ((_POS) and not (pageNum) and infoline):
if (commentable == 'YES'):
comment('unfreezed');
elif (commentable == 'FREEZ'):
comment('freezed');
# COMMENTS
def comment(freeze_status):
print '<h3>Comments</h3>'
global categorySEF, subcatSEF, articleSEF, _ID, commentsPage
if commentsPage:
commentsPage = str_replace(l('comment_pages'),'',commentsPage)
if strpos(articleSEF, l('paginator')) == 0:
articleSEF = str_replace(l('paginator'), '', articleSEF)
if not commentsPage or not is_numeric(commentsPage) or commentsPage < 1:
commentsPage = 1
comments_order = s('comments_order')
if 'comment' in _POST:
comment = cleanWords(trim(_POST['text']))
comment = clean(cleanXSS(comment)) if strlen(comment) > 4 else None
name = trim(_POST['name'])
name = preg_replace('/[^a-zA-Z0-9_\s-]/', '', name) # Patch #15 - 1.7.0
if not name:
name = 'Anonymous'
name = clean(cleanXSS(name)) if strlen(name) > 1 else None
url = trim(_POST['url'])
url = preg_replace('/[^a-zA-Z0-9_:\/\.-]/', '', url) # Patch #15 - 1.7.0
url = clean(cleanXSS(url)) if (strlen(url) > 8 and strpos(url, '?') == False) else None
post_article_id = _POST['id'] if (is_numeric(_POST['id']) and _POST['id'] > 0) else None
ip = clean(cleanXSS(_POST['ip'])) if (strlen(_POST['ip']) < 16) else None
if _ADMIN:
doublecheck = 1
ident=1
else:
contentCheck = retrieve('id', 'comments', 'comment', comment)
ident = 1 if not contentCheck or (time() - _SESSION[_SITE+'poster']['time']) > s('comment_repost_timer') or _SESSION[_SITE+'poster']['ip'] != ip else 0
doublecheck = 0 if _SESSION[_SITE+'poster']['article'] == "comment:|:post_article_id" and (time()-_SESSION[_SITE+'poster']['time']) < s('comment_repost_timer') else 1
if ip == _SERVER['REMOTE_ADDR'] and comment and name and post_article_id and checkMathCaptcha() and doublecheck == 1 and ident == 1:
# xxx url = preg_match('/((http)+(s)?:(\/\/)|(www\.))([a-z0-9_\-]+)/', url) ? url : ''
# xxx url = substr(url, 0, 3) == 'www' ? 'http://'+url : url
time = date('Y-m-d H:i:s')
unset(_SESSION[_SITE+'poster'])
approved = 'True' if s('approve_comments') != 'on' or _ADMIN else ''
query = 'INSERT INTO '+_PRE+'comments(articleid, name, url, comment, time, approved) VALUES'+"('post_article_id', 'name', 'url', 'comment', 'time', 'approved')"
cur.execute(query)
_SESSION[_SITE+'poster']['article']="comment:|:post_article_id"
_SESSION[_SITE+'poster']['time'] = time()
# this is to set session for checking multiple postings.
_SESSION[_SITE+'poster']['ip'] = ip
commentStatus = l('comment_sent_approve') if s('approve_comments') == 'on' and not _ADMIN else l('comment_sent')
# eMAIL COMMENTS
if s('mail_on_comments') == 'on' and not _ADMIN:
if s('approve_comments') == 'on':
status = l('approved_text')
subject =l('subject_a')
else:
status = l('not_waiting_approved')
subject =l('subject_b')
to = s('website_email')
send_array = {
'to':to,
'name':name,
'comment':comment,
'ip':ip,
'url':url,
'subject':subject,
'status':status}
send_email(send_array)
# End of Mail
else:
commentStatus = l('comment_error')
commentReason = l('ce_reasons')
fail = True
_SESSION[_SITE+'comment']['name'] = name
_SESSION[_SITE+'comment']['comment'] = br2nl(comment)
_SESSION[_SITE+'comment']['url'] = url
_SESSION[_SITE+'comment']['fail'] = fail
print '<h2>%s</h2>' % commentStatus
if commentReason:
print '<p>%s</p>' % commentReason
postArt = clean(cleanXSS(_POST['article']))
postArtID = retrieve('category','articles','id',post_article_id)
if postArtID == 0:
postCat = ''
else:
postCat = cat_rel(postArtID, 'seftitle')+'/'
if fail:
back_link = _SITE.postCat.postArt
print '<a href="'+back_link+'/">%s</a>' % l('back')
else:
print '<meta http-equiv="refresh" content="1; url=%s/">' % _SITE.postCat.postArt
else:
commentCount = s('comment_limit')
comment_limit = 100 if (not commentCount or commentCount < 1) else int(commentCount)
if commentsPage:
pageNum = commentsPage
offset = (pageNum - 1) * comment_limit
totalrows = 'SELECT count(id) AS num FROM '+_PRE+'comments WHERE articleid = %d AND approved = \'True\';' % _ID
cur = dbconnection.cursor()
cur.execute(totalrows)
numrows = cur.fetchone()
numrows = numrows['num']
# Patch #8 - 1.7.0 - redundant section removed
if numrows > 0:
query = 'SELECT id,articleid,name,url,comment,time,approved FROM '+_PRE+'comments WHERE articleid = '+_ID+' AND approved = \'True\' ORDER BY id '+comments_order+' LIMIT '+"offset, comment_limit"
result = cur.execute(query) or die(l('dberror'))
ordinal = 1
date_format = s('date_format')
edit_link = ' <a href="%s?action=' % _SITE
for r in cur.fetchall():
datestr = date(date_format, strtotime(r['time']))
commentNum = offset + ordinal
tags = explode(',', tags('comments'))
for tag in tags:
if tag == 'date':
print '<a id="'+l('comment')+commentNum+'" name="'+l('comment').commentNum+'"></a>'+datestr
elif tag == 'name':
name = r['name']
print '<a href="'+r['url']+'" title="'+r['url']+'" rel="nofollow"> '+name+'</a> ' if r['url'] else name
elif tag == 'comment':
print r['comment']
elif tag == 'edit' and _ADMIN:
print edit_link+'editcomment&amp;commentid='+r['id']+'" title="'+l('edit')+' '+l('comment')+'">%s</a> ' % l('edit')
print edit_link+'process&amp;task=deletecomment&amp;commentid='+r['id']+'" title="'+l('delete')+' '+l('comment')+'" onclick="return pop()">%s</a>' % l('delete')
elif tag == 'edit':
pass
else:
print tag
ordinal += 1
maxPage = math.ceil(numrows / comment_limit)
back_to_page = math.ceil((numrows + 1) / comment_limit)
if maxPage > 1:
paginator(pageNum, maxPage,l('comment_pages'))
if freeze_status != 'freezed' and s('freeze_comments') != 'YES':
if (numrows == 0):
print '<p>'+l('no_comment')+'</p>' # Patch #8 - 1.7.0 - new line added
# recall and set vars for reuse when botched post
if _SITE+'comment' in _SESSION :
name = _SESSION[_SITE+'comment']['name']
comment = _SESSION[_SITE+'comment']['comment']
url = _SESSION[_SITE+'comment']['url']
unset(_SESSION[_SITE+'comment'])
else:
url = name = comment = ''
# end var retrieval
art_value = subcatSEF if not articleSEF else articleSEF
print '<div class="commentsbox"><h2>'+l('addcomment')+'</h2>'+"\r\n"
print '<p>'+l('required')+'</p>'+"\r\n"
print html_input('form', '', 'post', '', '', '', '', '', '', '', '', '', 'post', _SITE, '')+"\r\n"
print html_input('text', 'name', 'name', name, '* '+l('name'), 'text', '', '', '', '', '', '', '', '', '')+"\r\n"
print html_input('text', 'url', 'url', url, l('url'), 'text', '', '', '', '', '', '', '', '', '')+"\r\n"
print html_input('textarea', 'text', 'text', comment, '* '+l('comment'), '', '', '', '', '', '5', '5', '', '', '')+"\r\n"
print mathCaptcha()+"\r\n"
print '<p>'
print html_input('hidden', 'category', 'category', categorySEF, '', '', '', '', '', '', '', '', '', '', '')+"\r\n"
print html_input('hidden', 'id', 'id', _ID, '', '', '', '', '', '', '', '', '', '', '')+"\r\n"
print html_input('hidden', 'article', 'article', art_value, '', '', '', '', '', '', '', '', '', '', '')+"\r\n"
print html_input('hidden', 'commentspage', 'commentspage', back_to_page, '', '', '', '', '', '', '', '', '', '', '')+"\r\n"
print html_input('hidden', 'ip', 'ip', _SERVER['REMOTE_ADDR'], '', '', '', '', '', '', '', '', '', '', '')+"\r\n"
print html_input('hidden', 'time', 'time', unixtime(), '', '', '', '', '', '', '', '', '', '', '')
print html_input('submit', 'comment', 'comment', l('submit'), '', 'button', '', '', '', '', '', '', '', '', '')+"\r\n"
print '</p></form></div>'
else:
print '<p>%s</p>' % l('frozen_comments')
# ARCHIVE
def archive(start = 0, size = 200) :
global dbconnection
print '<h2>'+l('archive')+'</h2>'
query = """SELECT id FROM %sarticles
WHERE position = 1
AND published = 1
AND visible = 'YES'
ORDER BY date DESC
LIMIT %s, %s""" % (_PRE, start, size)
cur = dbconnection.cursor()
result = cur.execute(query)
Or_id = []
count = 0
for r in cur.fetchall():
Or_id.append('a.id ='+str(r['id']))
count += 1
if (count == 0):
print '<p>'+l('no_articles')+'</p>'
else:
Or_id = implode(' OR ',Or_id)
query = """SELECT
title,a.seftitle AS asef,a.date AS date,
c.name AS name,c.seftitle AS csef,
x.name AS xname,x.seftitle AS xsef
FROM %sarticles AS a
LEFT OUTER JOIN %scategories as c
ON category = c.id
LEFT OUTER JOIN %scategories as x
ON c.subcat = x.id
WHERE (%s)
AND a.published = 1
AND c.published = 'YES'
AND (x.published = 'YES' or x.published IS NULL)
ORDER BY date DESC
LIMIT %s, %s""" % (_PRE, _PRE, _PRE, Or_id, start, size)
cur = dbconnection.cursor()
result = cur.execute(query)
month_names = explode(', ', l('month_names'))
dot = l('divider')
print '<p>'
last=None
for r in cur.fetchall():
year = r['date'].year
month = r['date'].month
month_name = month_names[month-1]
if last != str(year)+str(month):
print '<strong>'+month_name+', '+str(year)+'</strong><br />'
last = str(year)+str(month)
link = (r['xsef']+'/'+str(r['csef'])) if 'xsef' in r and r['xsef'] else r['csef']
print dot+' <a href="'+_SITE+link+'/'+r['asef']+'/">'+r['title']+' ('+r['name']+')</a><br />'
print '</p>'
# SITEMAP
def sitemap():
print '<h2>'+l('sitemap')+'</h2><h3><strong>'+l('pages')+'</strong></h3><ul>'
link = '<li><a href="'+_SITE
print link+'">%s</a></li>' % l('home')
print link+'archive/">%s</a></li>' % l('archive')
# Patch #16 - 1.7.1
# added id to SELECT it, and filter out page if selected as Home with: AND id <> '".s('display_page')."'
# selects only IDs that are less or more than ID of the designated home page.
global s
cur = dbconnection.cursor()
cur2 = dbconnection.cursor()
query = "SELECT id,title,seftitle FROM %sarticles WHERE position = 3 AND published = 1 AND visible = 'YES' AND id <> '%s' ORDER BY artorder ASC, date, id" % (_PRE, s('display_page') )
result = cur.execute(query)
for r in cur.fetchall():
print link+r['seftitle']+'/">%s</a></li>' % r['title']
print link+'contact/">%s</a></li>' % l('contact')
print link+'sitemap/">%s</a></li>' % l('sitemap')
print '</ul><h3><strong>'+l('articles')+'</strong></h3><ul>'
art_query = 'SELECT title, seftitle, date FROM %sarticles WHERE position = 1 AND published = 1 AND visible = \'YES\'' % _PRE
cat_query = 'SELECT id, name, seftitle, description, subcat FROM %scategories WHERE published = \'YES\' AND subcat = 0 ORDER BY catorder,id' % _PRE
cat_result = cur.execute(cat_query)
if mysql_num_rows(cat_result) == 0:
print '<li>%s</li></ul>' % l('no_articles')
else:
for c in cur.fetchall():
category_title = c['seftitle']
print '<li><strong><a href="'+_SITE+category_title+'/" title="'+c['description']+'">'+c['name']+'</a></strong>'
catid = c['id']
query = art_query+' AND category = %s ORDER BY id DESC' % catid
result = cur.execute(query)
if mysql_num_rows(result) > 0:
print '<ul>'
for r in cur.fetchall():
print '<li>'+l('divider')+' <a href="'+_SITE+category_title+'/'+r['seftitle']+'/">'+r['title']+'</a></li>'
if mysql_num_rows(result) > 0:
print '</ul>'
subcat_result = cur2.execute('SELECT id, name, seftitle, description, subcat FROM '+_PRE+'categories WHERE published = \'YES\' AND subcat = %s ORDER BY catorder ASC' % c['id'])
if mysql_num_rows(subcat_result) > 0:
print '<ul>'
for s1 in cur2.fetchall():
subcat_title = s1['seftitle']
subcat_name = s1['name']
print '<li class="subcat"><strong><a href="'+_SITE+category_title+'/'+subcat_title+'/" title="'+s1['description']+'">%s</a></strong>' % subcat_name
subcatid = s1['id']
query = art_query+' AND category = %s ORDER BY id DESC' % subcatid
artresult = cur.execute(query)
if mysql_num_rows(artresult) > 0:
print '<ul>'
for r in cur.fetchall():
print '<li class="subcat">'+l('divider')+'<a href="'+_SITE+category_title+'/'+subcat_title+'/'+r['seftitle']+'/">'+r['title']+'</a></li>'
if mysql_num_rows(artresult) > 0:
print '</ul>'
print '</li>'
if mysql_num_rows(subcat_result) > 0:
print '</ul>'
print '</li>'
print '</ul>'
def contact():
# XXX TODO
assert(False)
# MENU ARTICLES
def menu_articles(start = 0, size = 5, cat_specific = 0):
global categorySEF, _catID,subcatSEF
if cat_specific == 1:
subcat = 'AND c.subcat = %d'%_catID if _catID and not subcatSEF else ''
elif cat_specific == 2:
subcat = 'AND c.subcat = %d'%_catID if _catID else ''
elif cat_specific == 100: # XXX SEECHAC
subcat = 'AND (c.id = 100) AND (a.show_on_home = TRUE) ' if _catID else ''
else:
subcat = ''
query = """SELECT
title,a.seftitle AS asef,date,
c.name AS name,c.seftitle AS csef,
x.name AS xname,x.seftitle AS xsef
FROM %sarticles AS a
LEFT OUTER JOIN %scategories as c
ON category = c.id
LEFT OUTER JOIN %scategories as x
ON c.subcat = x.id AND x.published ='YES'
WHERE position = 1
AND a.published = 1
AND c.published = 'YES'
AND a.visible = 'YES'
'+subcat+'
ORDER BY date DESC
LIMIT %s,%s""" %(_PRE,_PRE,_PRE,start, size)
cur = dbconnection.cursor()
result = cur.execute(query)
count = 0
for r in cur.fetchall():
global T
name = ' ('+r['name']+')' if s('show_cat_names') == 'on' else ''
date = date(s('date_format'), strtotime(r['date']))
link = r['xsef']+'/'+r['csef'] if 'xsef' in r else r['csef']
cssclass = ' class="current"' if r['title'] == T['title'] else ''
print '<li '+cssclass+'><a href="'+_SITE+link+'/'+r['asef']+'/" title="'+r['name']+' / '+r['title']+' ('+date+')">'+r['title']+name+'</a></li>'
count += 1
if count == 0:
print '<li>%s</li>' % l('no_articles')
# NEW COMMENTS // Patch #1 - 1.7.0 - WHERE string updated in the query below
def new_comments(number = 5, stringlen = 30):
query = """SELECT
a.id AS aid,title,a.seftitle AS asef,
category,co.id,articleid,co.name AS coname,comment,
c.name,c.seftitle AS csef,c.subcat,
x.name,x.seftitle AS xsef
FROM %scomments AS co
LEFT OUTER JOIN %sarticles AS a
ON articleid = a.id
LEFT OUTER JOIN %scategories AS c
ON category = c.id AND c.published =\'YES\'
LEFT OUTER JOIN %scategories AS x
ON c.subcat = x.id AND x.published =\'YES\'
WHERE a.published = 1 AND (a.commentable = \'YES\' or a.commentable = \'FREEZ\' )
AND approved = \'True\'
ORDER BY co.id DESC LIMIT %d""" %(_PRE, _PRE, _PRE, _PRE, number)
cur = dbconnection.cursor()
result = cur.execute(query)
comlim = s('comment_limit')
comment_limit = 1 if comlim < 1 else comlim
comments_order = s('comments_order')
num_result = 0
for r in cur.fetchall():
num_result +=1
loopr = cur.execute("""SELECT id FROM %scomments
WHERE articleid = '%s'
AND approved = 'True'
ORDER BY id comments_order""" % (_PRE, r[articleid]))
num = 1
for r_art in cur.fetchall():
if r_art['id'] == r['id']:
ordinal = num
num += 1
name = r['coname']
comment = strip_tags(r['comment'])
page = ceil(ordinal / comment_limit)
ncom = name+' ('+comment
ncom = substr(ncom, 0, stringlen - 3)+'+.+' if strlen(ncom) > stringlen else ncom
ncom+= ')' if strlen(name) < stringlen else ''
ncom = str_replace(' ..+', '+.+', ncom)
paging = '/'+l('comment_pages').page if page > 1 else '' # Patch #1 - 1.7.0
unset(link) # Patch #10 - 1.7.0 - 4 strings
if 'xsef' in r:
link = r['xsef']+'/'
if 'csef' in r:
link += r['csef']+'/'
link += r['asef'] # end Patch #10 - 1.7.0
print '<li><a href="%s%s%s/#%s%d" title="%s %s">%s</a></li>' % (_SITE,link,paging,l('comment'),ordinal,l('comment_info'), r['title'], ncom)
if num_result == 0:
print '<li>%s</li>' % l('no_comments')
# SEARCH FORM
def searchform():
print """
<form id="search_engine" method="post" action="%s" accept-charset="%s">
<p><input class="searchfield" name="search_query" type="text" id="keywords" value="%s" onfocus="document.forms['search_engine'].keywords.value='';" onblur="if (document.forms['search_engine'].keywords.value == '') document.forms['search_engine'].keywords.value='%s';" />
<input class="searchbutton" name="submit" type="submit" value="%s" /></p>
</form>
""" % (_SITE,s('charset'),l('search_keywords'),l('search_keywords'),l('search_button'))
#SEARCH ENGINE
def search(limit = 20):
search_query = clean(cleanXSS(_POST['search_query']))
print '<h2>%s</h2>' % l('search_results')
if strlen(search_query) < 4 or search_query == l('search_keywords'):
print '<p>%s</p>' % l('charerror')
else:
keywords = explode(' ', search_query)
#keyCount = count(keywords)
keyCount = len(keywords)
query = """SELECT a.id
FROM %sarticles AS a
LEFT OUTER JOIN %scategories as c
ON category = c.id AND c.published =\'YES\'
LEFT OUTER JOIN %scategories as x
ON c.subcat = x.id AND x.published =\'YES\'
WHERE position != 2
AND a.published = 1
AND""" % ( _PRE, _PRE, _PRE)
if not _ADMIN:
query = query+' a.visible = \'YES\' AND '
for i in range(0,keyCount - 1):
query = query+""" (title LIKE "%%%s%%" or
text LIKE "%%%s%%" or
keywords_meta LIKE "%%%s%%") and """ % (keywords[i], keywords[i],keywords[i])
j = keyCount - 1
if j >= 0:
query = query+""" (title LIKE "%%%s%%" or
text LIKE "%%%s%%" or
keywords_meta LIKE "%%%s%%") """ % (keywords[j], keywords[j],keywords[j])
query = query+' ORDER BY id DESC LIMIT %d' % limit
cur = dbconnection.cursor()
result = cur.execute(query)
numrows = 0
Or_id = []
for r in cur.fetchall():
Or_id.append(str(r['id']))
numrows += 1
if not numrows:
print '<p>%s <strong>%s</strong>.</p>' % (l('noresults'), stripslashes(search_query))
else:
print '<p><strong>%d</strong> %s <strong>%s</strong>.</p>' % (numrows, l('resultsfound'), stripslashes(search_query))
Or_id = implode(',',Or_id)
query = """SELECT
title,a.seftitle AS asef,a.date AS date,
c.name AS name,c.seftitle AS csef,
x.name AS xname,x.seftitle AS xsef
FROM %sarticles AS a
LEFT OUTER JOIN %scategories as c
ON category = c.id
LEFT OUTER JOIN %scategories as x
ON c.subcat = x.id
WHERE a.id IN (%s)""" % (_PRE,_PRE,_PRE,Or_id)
result = cur.execute(query)
for r in cur.fetchall():
datestr = date(s('date_format'), strtotime(r['date']))
if (r['name']):
name = ' (%s)' % r['name']
if ('xsef' in r and r['xsef']):
link = r['xsef']+'/%s/' % r['csef']
else:
link = r['csef']+'/' if 'csef' in r else ''
print '<p><a href="'+_SITE+link+r['asef']+'/">'+r['title']+name+'</a> - %s</p>' % datestr
print '<p><br /><a href="'+_SITE+'">%s</a></p>' % l('backhome')
#CONTENTS COUNTER
def stats(field, position):
if position:
pos = " WHERE position = %s" % position
else:
pos = ''
query = 'SELECT count(id) as c FROM '+_PRE+field+pos
cur = dbconnection.cursor()
cur.execute(query)
return cur.fetchone()['c']
# FORM GENERATOR
def html_input(ftype, name, id, value, label, css, script1, script2, script3, checked, rows, cols, method, action, legend):
lbl = '<label for="'+id+'">'+label+'</label>' if label else ''
ID = ' id="'+id+'"' if id else ''
style = ' class="'+css+'"' if css else ''
js1 = ' '+script1 if script1 else ''
js2 = ' '+script2 if script2 else ''
js3 = ' '+script3 if script3 else ''
attribs = ID+style+js1+js2+js3
val = ' value="%s"' % value
input = '<input type="'+ftype+'" name="'+name+'"'+attribs
if ftype == 'form':
output = '<form method="'+method+'" action="'+action+'"'+attribs+' accept-charset="'+s('charset')+'">' if (method and method != 'end') else '</form>'
elif ftype == 'fieldset':
output = '<fieldset><legend'+attribs+'>'+legend+'</legend>' if (legend and legend != 'end') else '</fieldset>'
elif ftype == 'text' or ftype == 'password':
output = '<p>'+lbl+':<br />'+input+val+' /></p>'
elif ftype in ( 'checkbox', 'radio'):
check = ' checked="checked"' if checked == 'ok' else ''
output = '<p>'+input+check+' /> '+lbl+'</p>'
elif ftype in ('hidden', 'submit', 'reset', 'button'):
output = input+val+' />'
elif ftype == 'textarea':
output = '<p>'+lbl+':<br /><textarea name="'+name+'" rows="'+rows+'" cols="'+cols+'"'+attribs+'>'+value+'</textarea></p>'
return output
# ADMINISTRATION
def administration():
# Patch #19 - 1.7.1 - replaces fieldset strings function-wide.
if (not _ADMIN):
echo( notification(1,l('error_not_logged_in'),'login'))
else:
cur = dbconnection.cursor()
cur.execute("SELECT COUNT(id) as catnum FROM "+_PRE+'categories')
catnum = cur.fetchone()['catnum']
for key in _POST:
del(_POST[key])
print '<div class="adminpanel">'
print '<p class="admintitle"><a href="http:#snewscms.com/" title="sNews CMS">sNews</a> %s</p>' % l('administration')
print '<p>'+l('categories')+': <a href="admin_category/">%s</a>' % l('add_new')
link = ' %s <a href="' % l('divider')
if (stats('categories','') > 0):
print link+'snews_categories/">%s</a>' % l('view')
print '</p><p>%s: ' % l('articles')
art_new = '<a href="article_new/">'+l('add_new')+'</a>' if catnum > 0 else l('create_cat')
print art_new
if (stats('articles','1') > 0):
print link+'snews_articles/">%s</a>' % l('view')
print '</p><p>'+l('pages')+': <a href="page_new/">%s</a>' % l('add_new')
if (stats('articles','3') > 0):
print link+'snews_pages/">%s</a>' % l('view')
print '</p>'
if (s('enable_extras') == 'YES'):
print '<p class="admintitle">%s</p>' % l('extra_contents')
print '<p>'+l('groupings')+': <a href="admin_groupings/">%s</a>' % l('add_new')
if (stats('extras','') > 0):
print link+'groupings/">%s</a>' % l('view')
print '</p>'
print '<p>'+l('extra_contents')+': <a href="extra_new/">%s</a>' % l('add_new')
if (stats('articles','2') > 0):
print link+'extra_contents/">%s</a>' % l('view')
print '</p>'
print '</div>'
cur.execute('SELECT id,articleid,name FROM '+_PRE+'comments WHERE approved != \'True\'')
unapproved = cur.fetchall()
print unapproved, "xxx"
if unapproved:
print '<div class="adminpanel"><p class="admintitle">%s</p>' % l('comments')
print '<p><a onclick="snews_toggle(\'sub1\')" style="cursor: pointer;" title="'+l('unapproved')+'">'+unapproved+' %s</a></p>' % l('wait_approval')
print '<div id="sub1" class="innerpanel" style="display: nonexxx;">'
for r in unapproved:
articleTITLE = retrieve('title', 'articles', 'id', r['articleid'])
print '<p class="spacelink">'+r['name']+' (<strong>'+articleTITLE+'</strong>) '+l('divider')+ \
' <a href="'+_SITE+'?action=editcomment&amp;commentid='+r['id']+'">%s</a></p>' % l('edit')
print '</div></div>'
print '<div class="message"><p class="admintitle">%s</p>' % l('site_settings')
print '<p><a href="snews_settings/">'+l('settings')+'</a>&nbsp;|&nbsp;<a href="snews_files/">'+l('files')+'</a></p></div>'
print '<div class="message"><p class="admintitle">%s</p>' % l('login_status')
print '<p><a href="logout/">%s</a></p></div>' % l('logout')
# SETTINGS FORM
def settings(): # Patch #19 - 1.7.1 - reduced to 1 adminpanel div. replaces fieldset strings function-wide.
print '<div class="adminpanel"><p class="admintitle">%s</p>' % l('settings_title')
print html_input('form','','','','','','','','','','','','post', '?action=process&amp;task=save_settings','')
# Expandable Settings
print '<p><a onclick="snews_toggle(\'sub1\')" style="cursor: pointer;" title="'+l('a_openclose')+''+l('settings')+'">%s</a></p>' % l('settings')
print '<div id="sub1" style="display: nonexxx;">'
print html_input('text', 'website_title', 'webtitle', s('website_title'), l('a_website_title'),'','','','','','','','','','')
print html_input('text', 'home_sef', 'webSEF', l('home_sef') if s('home_sef') == '' else s('home_sef'), l('a_home_sef'), '', 'onkeypress="return SEFrestrict(event);"','','','','','','','','')
print html_input('text', 'website_description', 'wdesc', s('website_description'), l('a_description'),'','','','','','','','','','')
print html_input('text', 'website_keywords', 'wkey', s('website_keywords'), l('a_keywords'),'','','','','','','','','','')
print '</div>' # Expandable Contact
print '<p><a onclick="snews_toggle(\'sub2\')" style="cursor: pointer;" title="'+l('a_openclose')+''+l('a_contact_info')+'">%s</a></p>' % l('a_contact_info')
print '<div id="sub2" style="display: nonexxx;">'
print html_input('text', 'website_email', 'we', s('website_email'), l('a_website_email'),'','','','','','','','','','')
print html_input('text', 'contact_subject', 'cs', s('contact_subject'), l('a_contact_subject'),'','','','','','','','','','')
print '</div>' # Expandable Time & Locale
print '<p><a onclick="snews_toggle(\'sub3\')" style="cursor: pointer;" title="'+l('a_openclose')+''+l('a_time_settings')+'">%s</a></p>' % l('a_time_settings')
print '<div id="sub3" style="display: nonexxx;">'
print html_input('text', 'language', 'lang', 'EN' if s('language') == '' else s('language'), l('a_language'),'','','','','','','','','','')
print html_input('text', 'charset', 'char', 'UTF-8' if s('charset') == '' else s('charset'), l('charset'),'','','','','','','','','','')
print html_input('text', 'date_format', 'dt', s('date_format'), l('a_date_format'),'','','','','','','','','','')
print '</div>' # Expandable Contents
print '<p><a onclick="snews_toggle(\'sub4\')" style="cursor: pointer;" title="'+l('a_openclose')+''+l('contents')+'">%s</a></p>' % l('contents')
print '<div id="sub4" style="display: nonexxx;">'
print html_input('text', 'article_limit', 'artl', s('article_limit'), l('a_article_limit'),'','','','','','','','','','')
print html_input('text', 'rss_limit', 'rssl', s('rss_limit'), l('a_rss_limit'),'','','','','','','','','','')
print '<p><label for="dp">%s:</label><br /> <select name="display_page" id="dp">' % l('a_display_page')
print '<option value="0" %s>%s</option>' % ('selected="selected"' if s('display_page') == 0 else '',l('none'))
query = 'SELECT id,title FROM %sarticles WHERE position = 3 ORDER BY id ASC' % _PRE
result = cur.execute(query)
for r in cur.fetchall():
print '<option value="%s"' % r['id']
if (s('display_page') == r['id']):
print ' selected="selected"'
print '>%s</option>' % r['title']
print '</select></p>'
print html_input('checkbox','display_new_on_home','dnoh','',l('a_display_new_on_home'),'','','','',( 'ok' if s('display_new_on_home') == 'on' else ''),'','','','','')
print html_input('checkbox','display_pagination','dpag','',l('a_display_pagination'),'','','','',( 'ok' if s('display_pagination') == 'on' else ''),'','','','','')
print html_input('checkbox','num_categories','nc','',l('a_num_categories'),'','','','',( 'ok' if s('num_categories') == 'on' else ''),'','','','','')
print html_input('checkbox','show_cat_names','scn','',l('a_show_category_name'),'','','','',( 'ok' if s('show_cat_names') == 'on' else ''),'','','','','')
print html_input('checkbox','enable_extras','ee','',l('enable_extras'),'','','','',( 'ok' if s('enable_extras') == 'YES' else ''),'','','','','')
print html_input('text','file_ext','fileext',s('file_extensions'),l('file_extensions'),'','','','','','','','','','')
print html_input('text','allowed_file','all_file',s('allowed_files'),l('allowed_files'),'','','','','','','','','','')
print html_input('text','allowed_img','all_img',s('allowed_images'),l('allowed_images'),'','','','','','','','','','')
print '</div>' # Expandable Comments
print '<p><a onclick="snews_toggle(\'sub5\')" style="cursor: pointer;" title="'+l('a_openclose')+''+l('comments')+'">%s</a></p>' % l('comments')
print '<div id="sub5" style="display: nonexxx;">'
print html_input('checkbox','approve_comments','ac','',l('a_approve_comments'),'','','','',( 'ok' if s('approve_comments') == 'on' else ''),'','','','','')
print html_input('text','comment_repost_timer','crt',s('comment_repost_timer'),l('comment_repost_timer'),'','','','','','','','','','')
print html_input('checkbox','mail_on_comments','mc','',l('a_mail_on_comments'),'','','','',( 'ok' if s('mail_on_comments') == 'on' else ''),'','','','','')
print html_input('checkbox','enable_comments','ec','',l('enable_comments'),'','','','',( 'ok' if s('enable_comments') == 'YES' else ''),'','','','','')
print html_input('checkbox','freeze_comments','dc','',l('freeze_comments'),'','','','',( 'ok' if s('freeze_comments') == 'YES' else ''),'','','','','')
print '<p><label for="co">%s:</label><br /><select id="co" name="comments_order">' % l('a_comments_order')
print '<option value="DESC"'+ (' selected="selected"' if s('comments_order') == 'DESC' else '')+'>%s</option>' % l('newer_top')
print '<option value="ASC"'+ (' selected="selected"' if s('comments_order') == 'ASC' else '')+'>%s</option></select>' % l('newer_bottom')
print '</p>'
print html_input('text','comment_limit','cl',s('comment_limit'),l('a_comment_limit'),'','','','','','','','','','')
print html_input('checkbox','word_filter_enable','wfe','',l('a_word_filter_enable'),'','','','',( 'ok' if s('word_filter_enable') == 'on' else ''),'','','','','')
print html_input('text','word_filter_file','wff',s('word_filter_file'),l('a_word_filter_file'),'','','','','','','','','','')
print html_input('text','word_filter_change','wfc',s('word_filter_change'),l('a_word_filter_change'),'','','','','','','','','','')
print '</div>'
print '<p>' # Save Settings button
print html_input('submit','save','save',l('save'),'','button','','','','','','','','','')
print '</p>'
print '</form>'
print '</div>' # Change Password panel
print html_input('form','','','','','','','','','','','','post','?action=process&amp;task=changeup','')
print '<div class="adminpanel">'
print '<p><a onclick="snews_toggle(\'sub6\')" style="cursor: pointer;" title="'+l('a_openclose')+''+l('change_up')+'">%s</a>' % l('change_up')
print '<div id="sub6" style="display: nonexxx;">'
print '<p>%s</p>' % l('login_limit')
print html_input('text','uname','uname','',l('a_username'),'','','','','','','','','','')
print html_input('password','pass1','pass1','',l('a_password'),'','','','','','','','','','')
print html_input('password','pass2','pass2','',l('a_password2'),'','','','','','','','','','')
print '<p>' # Save Password Change button
print html_input('hidden','task','task','changeup','','','','','','','','','','','')
print html_input('submit','submit_pass','submit_pass',l('save'),'','button','','','','','','','','','')
print '</p></div>'
print '</div>'
print '</form>'
# LISTS CATEGORIES
def category_list(id):
var = None
if ('id' in _GET) and is_numeric(_GET.getvalue('id')) and not is_null(_GET.getvalue('id')):
var = id
print '<select name="subcat" id="subcat">'
selected =' selected="selected"'
cur = dbconnection.cursor()
result = cur.execute('SELECT id,name FROM '+_PRE+'categories WHERE subcat = 0 ORDER BY catorder, id')
if (var):
parent_selection = selected
print '<option value="0"'+parent_selection+'>%s</option>' % l('not_sub')
for r in cur.fetchall():
child = retrieve('subcat','categories','id',var)
if (r['id'] == child):
print '<option value="%s"'+selected+'>%s</option>' % (r['id'],r['name'])
elif (id!=r['id']):
print '<option value="%s">%s</option>' % (r['id'],r['name'])
print '</select>'
# ARTICLES - ADMIN LIST - Patch #19 - 1.7.1 - in 5 locations
def admin_articles(contents):
global categorySEF, subcatSEF
link = '<a href="%s/' % (_SITE+categorySEF)
if contents == 'article_view':
title = l('articles')
sef = 'article_new'
goto = 'snews_articles'
p = 1
qw = 'position < 2 AND position >-1 '
if contents == 'extra_view':
title = l('extra_contents')
sef = 'extra_new'
goto = 'extra_contents'
p = '2'
qw = 'position = 2 '
if contents == 'page_view':
title = l('pages')
sef = 'page_new'
p = '3'
goto = 'snews_pages'
qw = 'position = 3 '
subquery = 'AND '+qw
if stats('articles',p) > 0:
add = ' - <a href="'+sef+'/" title="'+l('add_new')+'">'+l('add_new')+'</a> - '+l('see')+' ('+link+'">'+l('all')+'</a>) - '+l('filter')+' ('+link+l('year')+'">'+l('year')+'</a> / '+link+l('month')+'">'+l('month')+'</a>)'
else:
add = ''
tab = 1
if subcatSEF == l('year') or subcatSEF == l('month'):
query = 'SELECT DISTINCT(YEAR(date)) AS dyear FROM '+_PRE+'articles WHERE %s ORDER BY date DESC' % qw
result = cur.execute(query)
month_names = explode(', ', l('month_names'))
print '<div class="adminpanel">'
print '<p class="admintitle">%s</p>' % l('articles')
# Patch #19 - 1.7.1 - replaces fieldset string
print ' - '+l('filter')+' <span style="color: #0000FF">'+subcatSEF+'</span> - '+l('see')+' ('+link+'">'+l('all')+'</a>) - '+l('filter')+' ('+link.l('year')+'">'+l('year')+'</a> / '+link.l('month')+'">%s</a>)</legend>' % l('month')
if result:
for r in cur.fetchall():
ryear = r['dyear']
echo(subcatSEF == '<span style="color: #0000FF">'+r['dyear']+'</span>' if l('month') else link.l('year')+'='+r['dyear']+'">'+r['dyear']+'</a> ')
if subcatSEF == l('month'):
qx = "SELECT DISTINCT(MONTH(date)) AS dmonth FROM "+_PRE+'articles'+" WHERE qw AND YEAR(date)=ryear ORDER BY date ASC"
rqx = cur.execute(qx)
for rx in cur.fetchall():
m = rx['dmonth'] - 1
print ' '+l('divider')+' '+link.l('year')+'='+r['dyear']+';'+l('month')+'='+rx['dmonth']+'">%s</a> ' % month_names[m]
print '<br />'
print '</div>'
return
txtYear = l('year')
txtMonth = l('month')
year = month = None
if substr(subcatSEF, 0, strlen(txtYear)) == txtYear:
year = substr(subcatSEF, strlen(txtYear)+1, 4)
find = strpos(subcatSEF,l('month'))
if find > 0:
month = substr(subcatSEF, find + strlen(txtMonth) + 1, 2)
filterquery = "AND YEAR(date)='"+year+"' " if year else ''
filterquery += "AND MONTH(date)='"+month+"' " if month else ''
no_content = '<p>'+l('no_content_for_filter')+'</p>' if filterquery else '<p>%s</p>' % l('article_not_exist')
print html_input('form', '', 'post', '', '', '', '', '', '', '', '', '', 'post', '?action=process&amp;task=reorder', '')
print '<div class="adminpanel">'
print '<p class="admintitle">%s</p>' % (title+add)
# Patch #19 - 1.7.1 - replaces fieldset string
print '<p><input type="hidden" name="order" id="order" value="%s" /></p>' % goto
if contents == 'extra_view':
cat_array_irregular = array('-1','-3')
for cat_value in cat_array_irregular:
legend_label = l('pages') if cat_value == -3 else l('all')
page_only_xsql = 'page_extra ASC,' if cat_value == -3 else ''
sql = "SELECT id, title, seftitle, date, published, artorder, visible, default_page, page_extra FROM "+_PRE+'articles'+" WHERE category = cat_value AND position = p filterquery ORDER BY page_only_xsql artorder ASC, date DESC "
query = cur.execute(sql) or die(mysql_error())
num_rows = mysql_num_rows(query)
tab=1
print '<div class="innerpanel">'
print '<p class="admintitle">%s</p>' % legend_label
# Patch #19 - 1.7.1 - replaces fieldset string
if num_rows == 0:
print no_content
else:
lbl_filter = -5
for r in cur.fetchall():
if cat_value == -3:
if lbl_filter != r['page_extra']:
assigned_page = retrieve('title','articles','id',r['page_extra'])
print assigned_page if assigned_page else l('all_pages')
order_input = '<input type="text" name="page_'+r['id']+'" value="'+r['artorder']+'" size="1" tabindex="%s" /> &nbsp;' % tab
# Patch #13 - 1.7.0 - next string replace 1 below it.
print '<p>'+order_input+'<strong title="'+date(s('date_format'), strtotime(r['date']))+'"> %s</strong> ' % r['title']
#print '<p>'+order_input+'<strong title="'+date(s('date_format'), strtotime(r['date']))+'"> '+r['title']+'</strong> '+l('divider')+'<a href="'+_SITE.row['seftitle']+'/'+r['seftitle']+'/">%s</a> ' % l('view')
if r['default_page'] != 'YES':
print l('divider')+' <a href="'+_SITE+'?action=admin_article&amp;id='+r['id']+'">%s</a> ' % l('edit')
visiblity = '<a href="'+_SITE+'?action=process&amp;task=hide&amp;item='+item+'&amp;id='+r['id']+'">'+l('hide')+'</a>' if r['visible'] == 'YES' else l('hidden')+' ( <a href="'+_SITE+'?action=process&amp;task=show&amp;item='+item+'&amp;id='+r['id']+'">%s</a> )' % l('show')
print ' '+l('divider')+' '+visiblity
if r['published'] == 2:
print l('divider')+' ['+l('status')+' %s]' % l('future_posting')
if r['published'] == 0:
print l('divider')+' ['+l('status')+' %s]' % l('unpublished')
print '</p>'
tab += 1
lbl_filter = r['page_extra']
print '</div>'
if contents == 'article_view' or contents == 'extra_view':
item = 'extra_contents' if contents == 'extra_view' else 'snews_articles'
cat_query = "SELECT id, name, seftitle FROM "+_PRE+'categories'+" WHERE subcat = 0"
cur = dbconnection.cursor()
cat_res = cur.execute(cat_query)
num = mysql_num_rows(cat_res)
if not cat_res or not num:
print '<p>%s</p>' % l('no_categories')
else:
sql = "SELECT id, title, seftitle, date, published, artorder, visible, default_page FROM %sarticles WHERE category = '0' AND position = %s %s ORDER BY artorder ASC, date DESC " % (_PRE, p, subquery)
query = cur.execute(sql)
num_rows = mysql_num_rows(query)
if num_rows > 0:
print '<div class="innerpanel">'
print '<p class="admintitle">%s</p>' % l('no_category_set')
# Patch #19 - 1.7.1 - replaces fieldset string
for O in cur.fetchall():
order_input = '<input type="text" name="page_'+O['id']+'" value="'+O['artorder']+'" size="1" tabindex="%s" /> &nbsp;' % tab22
print '<p>'+order_input+'<strong title="'+date(s('date_format'), strtotime(O['date']))+'">%s</strong> ' % O['title']
if r['default_page'] != 'YES':
print l('divider')+' <a href="'+_SITE+'?action=admin_article&amp;id='+O['id']+'">%s</a> ' % l('edit')
visiblity = '<a href="'+_SITE+'?action=process&amp;task=hide&amp;item='+item+'&amp;id='+O['id']+'">'+l('hide')+'</a>' if r['visible'] == 'YES' else l('hidden')+' ( <a href="'+_SITE+'?action=process&amp;task=show&amp;item='+item+'&amp;id='+O['id']+'">%s</a> )' % l('show')
print ' '+l('divider')+' '+visiblity
if r['published'] == 2:
print l('divider')+' ['+l('status')+' %s]' % l('future_posting')
if r['published'] == 0:
print l('divider')+' ['+l('status')+' %s]' % l('unpublished')
print '</p>'
tab22 += 1
print '</div>'
for row in cur.fetchall():
print '<div class="adminpanel">'
print '<p class="admintitle">%s</p>' % row['name']
# Patch #19 - 1.7.1 - replaces fieldset string
sql = "SELECT id, title, seftitle, date, published, artorder, visible, default_page FROM %sarticles WHERE category = %s AND position = p %s filterquery ORDER BY artorder ASC, date DESC " % (_PRE,row['id'],subquery)
query = cur.execute(sql) or die(mysql_error())
num_rows = mysql_num_rows(query)
if num_rows == 0:
print no_content
for r in cur.fetchall():
order_input = '<input type="text" name="page_'+r['id']+'" value="'+r['artorder']+'" size="1" tabindex="%s" /> &nbsp;' % tab
print '<p>'+order_input+'<strong title="'+date(s('date_format'), strtotime(r['date']))+'">'+r['title']+'</strong> '+l('divider')+'<a href="'+_SITE.row['seftitle']+'/'+r['seftitle']+'/">%s</a> ' % l('view')
if r['default_page'] != 'YES':
print l('divider')+' <a href="'+_SITE+'?action=admin_article&amp;id='+r['id']+'">%s</a> ' % l('edit')
visiblity = '<a href="'+_SITE+'?action=process&amp;task=hide&amp;item='+item+'&amp;id='+r['id']+'">'+l('hide')+'</a>' if r['visible'] == 'YES' else l('hidden')+' ( <a href="'+_SITE+'?action=process&amp;task=show&amp;item='+item+'&amp;id='+r['id']+'">%s</a> )' % l('show')
print ' '+l('divider')+' '+visiblity
if r['published'] == 2:
print l('divider')+' ['+l('status')+' %s]' % l('future_posting')
if r['published'] == 0:
print l('divider')+' ['+l('status')+' %s]' % l('unpublished')
print '</p>'
tab += 1
query2 = cur.execute("SELECT id, name, seftitle FROM "+_PRE+'categories'+" WHERE subcat = 'row[id]' ORDER BY catorder ASC")
tab2 = 1
for row2 in cur.fetchall():
print '<a class="subcat" onclick="snews_toggle(\'subcat'+row2['id']+'\')" style="cursor: pointer;">%s</a><br />' % row2['name']
print '<div id="subcat%s" style="display: nonexxx;" class="subcat">' % row2['id']
catart_sql2 = "SELECT id, title, seftitle, date, published, artorder, visible FROM "+_PRE+'articles'+" WHERE category = 'row2[id]' %s filterquery ORDER BY category ASC, artorder ASC, date DESC " % subquery
catart_query2 = cur.execute(catart_sql2) or die(mysql_error())
num_rows2 = mysql_num_rows(catart_query2)
if num_rows2 == 0:
print no_content
for ca_r2 in cur.fetchall():
order_input2 = '<input type="text" name="page_'+ca_r2['id']+'" value="'+ca_r2['artorder']+'" size="1" tabindex="%s" /> &nbsp;' % tab2
catSEF = cat_rel(row2['id'],'seftitle')
print '<p>'+order_input2+'<strong title="'+date(s('date_format'), strtotime(ca_r2['date']))+'">'+ca_r2['title']+'</strong> '+l('divider')+'<a href="'+_SITE.catSEF+'/'+ca_r2['seftitle']+'/">%s</a> ' % l('view')
print l('divider')+' <a href="'+_SITE+'?action=admin_article&amp;id='+ca_r2['id']+'">%s</a> ' % l('edit')
visiblity2 = '<a href="%s?action=process&amp;task=hide&amp;item=snews_articles&amp;id=%s">%s</a>' % (_SITE,ca_r2['id'],l('hide')) if ca_r2['visible'] == 'YES' else '%s ( <a href="'+_SITE+'?action=process&amp;task=show&amp;item=snews_articles&amp;id='+ca_r2['id']+'">'+l('show')+'</a> )' % l('hidden')
print ' '+l('divider')+' '+visiblity2
if ca_r2['published'] == 2:
print l('divider')+' ['+l('status')+' %s]' % l('future_posting')
if ca_r2['published'] == 0:
print l('divider')+' ['+l('status')+' %s]' % l('unpublished')
print '</p>'
print '</div>'
tab2 += 1
print '</div>'
elif contents == 'page_view':
sql = "SELECT id, title, seftitle, date, published, artorder, visible, default_page FROM "+_PRE+'articles'+" WHERE position = 3 %s ORDER BY artorder ASC, date DESC " % subquery
cur = dbconnection.cursor()
query = cur.execute(sql) or die(mysql_error())
num_rows = mysql_num_rows(query)
if num_rows == 0:
print '<p>%s</p>' % l('article_not_exist')
for r in cur.fetchall():
order_input = '<input type="text" name="page_%s" value="%s" size="1" tabindex="%s" /> &nbsp;' % (r['id'],r['artorder'],tab)
print '<p>'+order_input+'<strong title="'+date(s('date_format'), strtotime(r['date']))+'">'+r['title']+'</strong> '+l('divider')+'<a href="'+_SITE+r['seftitle']+'/">%s</a> ' % l('view')
if r['default_page'] != 'YES':
print '%s <a href="%s?action=admin_article&amp;id=%s">%s</a> ' % (l('divider'),_SITE,r['id'],l('edit'))
visiblity = '<a href="'+_SITE+'?action=process&amp;task=hide&amp;item=snews_pages&amp;id=%s">%s</a>' % (r['id'],l('hide')) if r['visible'] == 'YES' else l('hidden')+' ( <a href="'+_SITE+'?action=process&amp;task=show&amp;item=snews_pages&amp;id=%s">%s</a> )' % (r['id'],l('show'))
print ' '+l('divider')+' '+visiblity
if r['published'] == 2:
print l('divider')+' ['+l('status')+' %s]' % l('future_posting')
if r['published'] == 0:
print l('divider')+' ['+l('status')+' %s]' % l('unpublished')
print '</p>'
tab += 1
print '<p>'+html_input('submit', 'reorder', 'reorder', l('order_content'), '', 'button', '', '', '', '', '', '', '', '', '')
print '</p></div></form>'
#BUTTONS
def buttons():
print '<div class="clearer"></div><p>:<br class="clearer" />' % l('formatting')
formatting = {
'strong': '',
'em': 'key',
'underline': 'key',
'del': 'key',
'p': '',
'br': ''
}
for key, var in formatting.iteritems():
css = key if var == 'key' else 'buttons'
print '<input type="button" name="'+key+'" title="'+l(key)+'" class="'+css+'" onclick="tag(\''+key+'\')" value="'+l(key+'_value')+'" />'
print '</p><br class="clearer" /><p>%s: <br class="clearer" />' % l('insert')
insert = ['img', 'link', 'include', 'func','intro']
for key in insert:
print '<input type="button" name="'+key+'" title="'+l(key)+'" class="buttons" onclick="tag(\''+key+'\')" value="'+l(key+'_value')+'" />'
print '<br class="clearer" /></p>'
# ADMIN GROUPINGS
def admin_groupings():
if s('enable_extras') == 'YES':
if stats('extras','') > 0:
add = ' - <a href="admin_groupings/" title="'+l('add_new')+'">%s</a>' % l('add_new')
else:
add = ''
print '<div class="adminpanel">'
print '<p class="admintitle">'+l('groupings')+add+'</p>' # Patch #19 - 1.7.1 - replaces fieldset string
cur = dbconnection.cursor()
cur.execute('SELECT id,name,description FROM %sextras ORDER BY id ASC' % _PRE)
num = 0
for r in cur.fetchall():
print '<p><strong>%s</strong> %s<a href="%s?action=admin_groupings&amp;id=%d" title="%s">%s</a></p>' % (r['name'],l('divider'),_SITE,r['id'],r['description'],l('edit'))
num += 1
if num == 0:
print '<p>%s</p>' % l('group_not_exist')
print '</div>'
# PROCESSING (CATEGORIES, CONTENTS, COMMENTS)
def processing():
if not _ADMIN:
print (notification(1, l('error_not_logged_in'), 'home'))
else:
action = clean(cleanXSS(_GET['action']))
id = clean(cleanXSS(_GET['id'] if 'id' in _GET else ''))
commentid = _POST['commentid'] if 'commentid' in _GET else ''
approved = 'True' if 'approved' in _POST and _POST['approved'] == 'on' else ''
name = clean(entity(_POST['name'] if 'name' in _POST else None))
category = _POST['define_category'] if 'define_category' in _POST else 0
subcat = _POST['subcat']
#xxx page = _POST['define_page']
#xxx def_extra = _POST['define_extra']
#xxx description = clean(entity(_POST['description']))
#xxx title = clean(entity(_POST['title']))
seftitle = _POST['seftitle']
#xxx url = cleanXSS(_POST['url'])
#xxx comment = _POST['editedcomment']
#xxx text = clean(_POST['text'])
#xxx date = date('Y-m-d H:i:s')
#xxx description_meta = entity(_POST['description_meta'])
#xxx keywords_meta = entity(_POST['keywords_meta'])
#xxx display_title = 'YES' if _POST['display_title'] == 'on' else 'NO'
#xxx display_info = 'YES' if _POST['display_info'] == 'on' else 'NO'
#xxx commentable = 'YES' if _POST['commentable'] == 'on' else 'NO'
#xxx freez = 'YES' if _POST['freeze'] == 'on' else 'NO'
#xxx if freez == 'YES' and commentable == 'YES':
#xxx commentable = 'FREEZ'
if 'position' in _POST:
position = _POST['position'] if _POST['position'] > 0 else 1
if position == 2:
position = 21 if _POST['cat_dependant'] == 'on' else 2
#xxx publish_article = 1 if (_POST['publish_article'] == 'on') else 0
#xxx show_in_subcats = 'YES' if _POST['show_in_subcats'] == 'on' else 'NO'
#xxx show_on_home = 'YES' if (_POST['show_on_home'] == 'on' or position > 1) else 'NO'
publish_category = 'YES' if _POST['publish'] == 'on' else 'NO'
fpost_enabled = False
if 'fposting' in _POST and _POST['fposting'] == 'on':
fpost_enabled = True
date = _POST['fposting_year']+'-'+_POST['fposting_month']+'-'+_POST['fposting_day']+' '+_POST['fposting_hour']+':%s:00' % _POST['fposting_minute']
if (date('Y-m-d H:i:s') < date):
publish_article = 2
task = clean(cleanXSS(_GET.getvalue('task')))
print "xxxxxxxx %s" % task
if task == 'save_settings':
if 'save' in _POST:
website_title = _POST['website_title']
home_sef = _POST['home_sef']
website_description = _POST['website_description']
website_keywords = _POST['website_keywords']
website_email = _POST['website_email']
contact_subject = _POST['contact_subject']
language = _POST['language']
charset = _POST['charset']
date_format = _POST['date_format']
article_limit = _POST['article_limit']
rss_limit = _POST['rss_limit']
display_page = _POST['display_page']
display_new_on_home = _POST['display_new_on_home']
display_pagination = _POST['display_pagination']
num_categories = _POST['num_categories']
show_cat_names = _POST['show_cat_names']
approve_comments = _POST['approve_comments']
mail_on_comments = _POST['mail_on_comments']
comments_order = _POST['comments_order']
comment_limit = _POST['comment_limit']
word_filter_enable = _POST['word_filter_enable']
word_filter_file = _POST['word_filter_file']
word_filter_change = _POST['word_filter_change']
enable_extras = 'YES' if _POST['enable_extras'] == 'on' else 'NO'
enable_comments = 'YES' if _POST['enable_comments'] == 'on' else 'NO'
comment_repost_timer = _POST['comment_repost_timer'] if is_numeric(_POST['comment_repost_timer']) else '15'
freeze_comments = 'YES' if _POST['freeze_comments'] == 'on' else 'NO'
file_ext = _POST['file_ext']
allowed_file = _POST['allowed_file']
allowed_img = _POST['allowed_img']
ufield = { 'website_title' : website_title, 'home_sef' : home_sef, 'website_description' : website_description, 'website_keywords' : website_keywords, 'website_email' : website_email, 'contact_subject' : contact_subject, 'language' : language, 'charset' : charset, 'date_format' : date_format, 'article_limit' : article_limit, 'rss_limit' : rss_limit, 'display_page' : display_page, 'comments_order' : comments_order, 'comment_limit' : comment_limit, 'word_filter_file' : word_filter_file, 'word_filter_change' : word_filter_change, 'display_new_on_home' : display_new_on_home, 'display_pagination' : display_pagination, 'num_categories' : num_categories, 'show_cat_names' : show_cat_names, 'approve_comments' : approve_comments, 'mail_on_comments' : mail_on_comments, 'word_filter_enable' : word_filter_enable, 'enable_extras' : enable_extras, 'enable_comments' : enable_comments, 'freeze_comments' : freeze_comments, 'comment_repost_timer' : comment_repost_timer, 'file_extensions' : file_ext, 'allowed_files' : allowed_file, 'allowed_images' : allowed_img }
for key, value in ufield.items():
cur.execute("UPDATE %ssettings SET VALUE = '%s' WHERE name = '%s' LIMIT 1" % (_PRE,value,key))
print notification(0, '', 'snews_settings')
elif task == 'changeup':
if 'submit_pass' in _POST:
user = checkUserPass(_POST['uname'])
pass1 = checkUserPass(_POST['pass1'])
pass2 = checkUserPass(_POST['pass2'])
if user and pass1 and pass2 and pass1 == pass2:
uname = md5(user)
passwd = md5(pass2)
query = "UPDATE %ssettings SET VALUE=" % (_PRE)
cur.execute(query+("'%s' WHERE name='username' LIMIT 1" % uname))
cur.execute(query+("'%s' WHERE name='password' LIMIT 1" % passwd))
print notification(0, '', 'administration')
else:
die(notification(2, l('pass_mismatch'), 'snews_settings'))
elif task == 'admin_groupings':
if not name:
print notification(1, l('err_TitleEmpty').l('errNote'))
form_groupings()
elif not seftitle:
print notification(1, l('err_SEFEmpty').l('errNote'))
form_groupings()
elif (check_if_unique('group_name', name, id, '')):
print notification(1, l('err_TitleExists').l('errNote'))
form_groupings()
elif (check_if_unique('group_seftitle', seftitle, id, '')):
print notification(1, l('err_SEFExists').l('errNote'))
form_groupings()
elif (cleancheckSEF(seftitle) == 'notok'):
print notification(1, l('err_SEFIllegal').l('errNote'))
form_groupings()
else:
# XXX VALUES
if 'add_groupings' in _POST:
cur.execute("INSERT INTO "+_PRE+'extras'+"(name, seftitle, description) VALUES('name', 'seftitle', 'description')")
elif 'edit_groupings' in _POST:
cur.execute("UPDATE %sextras SET name = 'name', seftitle = 'seftitle', description = 'description' WHERE id = id LIMIT 1" % _PRE)
elif 'delete_groupings' in _POST:
cur.execute("DELETE FROM "._PRE+'extras'+" WHERE id = id LIMIT 1")
print notification(0, '', 'groupings')
elif task == 'admin_category' or task == 'admin_subcategory':
if not name:
print notification(1, l('err_TitleEmpty').l('errNote'))
form_categories()
elif not seftitle:
print notification(1, l('err_SEFEmpty').l('errNote'))
form_categories()
elif 'add_category' in _POST and check_if_unique('subcat_name', name, '', subcat):
print notification(1, l('err_TitleExists').l('errNote'))
form_categories()
elif 'add_category' in _POST and check_if_unique('subcat_seftitle', seftitle, '', subcat):
print notification(1, l('err_SEFExists').l('errNote'))
form_categories()
elif 'edit_category' in _POST and subcat == 0 and check_if_unique('cat_name_edit', name, id, ''):
print notification(1, l('err_TitleExists').l('errNote'))
form_categories()
elif 'edit_category' in _POST and subcat == 0 and check_if_unique('cat_seftitle_edit', seftitle, id, ''):
print notification(1, l('err_SEFExists').l('errNote'))
form_categories()
elif 'edit_category' in _POST and subcat != 0 and check_if_unique('subcat_name_edit', name, id, subcat):
print notification(1, l('err_TitleExists').l('errNote'))
form_categories()
elif 'edit_category' in _POST and subcat != 0 and check_if_unique('subcat_seftitle_edit', seftitle, id, subcat):
print notification(1, l('err_SEFExists').l('errNote'))
form_categories()
elif cleancheckSEF(seftitle) == 'notok':
print notification(1, l('err_SEFIllegal').l('errNote'))
form_categories()
elif subcat == id:
print notification(1, l('errNote'))
form_categories()
else:
if ('add_category' in _POST):
cur.execute("SELECT MAX(catorder) as max FROM %scategories WHERE subcat = %s" % (_PRE,subcat))
catorder = cur.fetchone()
catorder = catorder['max'] + 1
cur.execute("INSERT INTO %scategories (name, seftitle, description, published, catorder, subcat) VALUES('%s', '%s', '%s', '%s', '%d','%s')" % (_PRE,name,seftitle,description,publish_category,catorder,subcat))
elif ('edit_category' in _POST):
cur.execute("SELECT MAX(catorder) as max FROM %scategories WHERE subcat = %s" % (_PRE,subcat))
catorder = cur.fetchone()
catorder = _POST['catorder'] if 'catorder' in _POST else catorder['max'] + 1
cur.execute("""UPDATE %scategories SET
name = 'name',
seftitle = 'seftitle',
description = 'description',
published = 'publish_category',
subcat='subcat',
catorder='catorder'
WHERE id = id LIMIT 1""" % _PRE)
elif 'delete_category' in _POST:
any_subcats = retrieve('COUNT(id)', 'categories', 'subcat', id)
any_articles = retrieve('COUNT(id)', 'articles', 'category', id)
if any_subcats > 0 or any_articles > 0:
print notification(1, l('warn_catnotempty'), '')
print '<p><a href="'+_SITE+'administration/" title="'+l('administration')+'">'+l('administration')+'</a> OR <a href= action=process&amp;task=delete_category_all&amp;id='+id+'" onclick="javascript if "'+_SITE+' else return pop(\'x\')" title="'+l('administration')+'">'+l('empty_cat')+'</a></p>'
no_success = True
else:
delete_cat(id)
success = '' if isset(no_success) else notification(0, '', 'snews_categories')
print success
elif task == 'reorder':
if 'reorder' in _POST:
if _POST['order'] == 'snews_articles' or _POST['order'] == 'extra_contents' or _POST['order'] == 'snews_pages':
table = 'articles'
order_type = 'artorder'
remove = 'page_'
elif _POST['order'] == 'snews_categories':
table = 'categories'
order_type = 'catorder'
remove = 'cat_'
for key, value in _POST:
type_id = str_replace(remove, '', key)
key = clean(cleanXSS(trim(value)))
if key != 'reorder' and key != 'order' and key != table and key != l('order_content') and key != _POST['order']:
query = "UPDATE %s%s SET order_type = %s WHERE id = %s LIMIT 1;" % (_PRE,table,value,type_id)
cur.execute(query) or die(mysql_error()+'<br />'+query)
print notification(0, l('please_wait'))
print '<meta http-equiv="refresh" content="1; url=%s/">' % _SITE._POST['order']
elif task == 'admin_article':
_SESSION[_SITE+'temp']['title'] = _POST['title'] # Patch #9 - 1.7.0 - revised
_SESSION[_SITE+'temp']['seftitle'] = _POST['seftitle'] # Patch #9 - 1.7.0 - revised
_SESSION[_SITE+'temp']['text'] = _POST['text'] # Patch #9 - 1.7.0 - revised
if not title:
print notification(1, l('err_TitleEmpty').l('errNote'))
form_articles('')
unset(_SESSION[_SITE+'temp'])
elif not seftitle:
print notification(1, l('err_SEFEmpty').l('errNote'))
_SESSION[_SITE+'temp']['seftitle'] = _SESSION[_SITE+'temp']['title']
form_articles('')
unset(_SESSION[_SITE+'temp'])
elif cleancheckSEF(seftitle) == 'notok':
print notification(1, l('err_SEFIllegal').l('errNote'))
form_articles('')
unset(_SESSION[_SITE+'temp'])
elif position == 1 and _POST['article_category'] != category and 'edit_article' in _POST and check_if_unique('article_title', title, category, ''):
print notification(1, l('err_TitleExists').l('errNote'))
form_articles('')
unset(_SESSION[_SITE+'temp'])
elif position == 1 and _POST['article_category'] != category and 'edit_article' in _POST and check_if_unique('article_seftitle', seftitle, category, ''):
print notification(1, l('err_SEFExists').l('errNote'))
form_articles('')
unset(_SESSION[_SITE+'temp'])
elif not 'delete_article' in _POST and not 'edit_article' in _POST and check_if_unique('article_title', title, category, ''):
print notification(1, l('err_TitleExists').l('errNote'))
form_articles('')
unset(_SESSION[_SITE+'temp'])
elif not 'delete_article' in _POST and not 'edit_article' in _POST and check_if_unique('article_seftitle', seftitle, category, ''):
print notification(1, l('err_SEFExists').l('errNote'))
form_articles('')
unset(_SESSION[_SITE+'temp'])
else:
pos = position
sub = ' AND category = '+category if category else ''
curr_artorder = retrieve('artorder', 'articles', 'id', id)
if not curr_artorder:
artorder = 1
else:
artorder = curr_artorder
if pos == 1:
link = 'snews_articles'
elif pos == 2:
link = 'extra_contents'
elif pos == 3:
link = 'snews_pages'
if 'add_article' in _POST:
cur.execute("INSERT INTO %sarticles" % (_PRE) +"""(
title, seftitle, text, date, category,
position, extraid, page_extra, displaytitle,
displayinfo, commentable, published, description_meta,
keywords_meta, show_on_home, show_in_subcats, artorder)
VALUES('title', 'seftitle', 'text', 'date', 'category',
'position', 'def_extra', 'page', 'display_title',
'display_info', 'commentable', 'publish_article',
'description_meta', 'keywords_meta', 'show_on_home',
'show_in_subcats', 'artorder')""") # xxx values
elif 'edit_article' in _POST:
category = 0 if position == 3 else category
old_pos = retrieve('position', 'articles', 'id', id)
# Only do this if page is changed to art/extra
if position != old_pos and old_pos == 3:
chk_extra_query = "SELECT id FROM %sarticles WHERE position = 2 AND category = -3 AND page_extra = id" % _PRE
chk_extra_sql = cur.execute(chk_extra_query) or die(mysql_error('oops'))
if chk_extra_sql:
for xtra in cur.fetchall():
xtra_id = xtra['id']
cur.execute("UPDATE articles SET category = '0', page_extra = '' WHERE id = xtra_id" % _PRE)
if fpost_enabled :
future = "date = 'date'," # Patch #5 - 1.7.0
#allows backdating of article
publish_article = 1 if strtotime(date) < time() else publish_article
cur.execute("""UPDATE %sarticles SET
title='title',
seftitle = 'seftitle',
text = 'text',
%s
category = category,
position = position,
extraid = 'def_extra',
page_extra = 'page',
displaytitle = 'display_title',
displayinfo = 'display_info',
commentable = 'commentable',
published = publish_article,
description_meta = 'description_meta',
keywords_meta = 'keywords_meta',
show_on_home='show_on_home',
show_in_subcats='show_in_subcats',
artorder = 'artorder'
WHERE id = id LIMIT 1""" % (_PRE,future)) or die(mysql_error())
elif 'delete_article' in _POST:
if position == 3:
chk_extra_query = "SELECT id FROM %sarticles WHERE position = 2 AND category = -3 AND page_extra = id" % _PRE
chk_extra_sql = cur.execute(chk_extra_query) or die(mysql_error())
if chk_extra_sql:
for xtra in cur.fetchall():
xtra_id = xtra['id']
cur.execute("UPDATE %sarticles SET category = '0',page_extra = '' WHERE id = xtra_id" % _PRE)
cur.execute("DELETE FROM "+_PRE+'articles'+" WHERE id = id")
cur.execute("DELETE FROM "+_PRE+'comments'+" WHERE articleid = id")
if id == s('display_page'):
cur.execute("UPDATE "+_PRE+'settings'+" SET VALUE = 0 WHERE name = 'display_page'")
print notification(0, '', link)
unset(_SESSION[_SITE+'temp'])
elif task == 'editcomment':
articleID = retrieve('articleid', 'comments', 'id', commentid)
articleSEF = retrieve('seftitle', 'articles', 'id', articleID)
articleCAT = retrieve('category', 'articles', 'seftitle', articleSEF)
postCat = cat_rel(articleCAT, 'seftitle')
link = postCat+'/'+articleSEF
if 'submit_text' in _POST:
cur.execute("""UPDATE %scomments SET
name = 'name',
url = 'url',
comment = 'comment',
approved = 'approved'
WHERE id = commentid""" % _PRE)
elif 'delete_text' in _POST:
cur.execute("DELETE FROM "._PRE+'comments'+" WHERE id = commentid")
print notification(0, '', link)
elif task == 'deletecomment':
commentid = _GET['commentid']
articleid = retrieve('articleid', 'comments', 'id', commentid)
articleSEF = retrieve('seftitle', 'articles', 'id', articleid)
articleCAT = retrieve('category', 'articles', 'id', articleid)
postCat = cat_rel(articleCAT, 'seftitle')
link = postCat+'/'+articleSEF
cur.execute("DELETE FROM "._PRE+'comments'+" WHERE id = commentid")
print notification(0, '', link)
print '<meta http-equiv="refresh" content="1; url='+_SITE.postCat+'/%s/">' % articleSEF
elif task == 'delete_category_all':
art_query = cur.execute("SELECT id FROM "._PRE+'articles'+" WHERE category = id")
for rart in cur.fetchall():
cur.execute("DELETE FROM "._PRE+'comments'+" WHERE articleid = rart[id]")
cur.execute("DELETE FROM "._PRE+'articles'+" WHERE category = id")
sub_query = cur.execute("SELECT id FROM "._PRE+'categories'+" WHERE subcat = id")
for rsub in cur.fetchall():
art_query = cur.execute("SELECT id FROM "._PRE+'articles'+" WHERE category = rsub[id]")
for rart in cur.fetchall():
cur.execute("DELETE FROM "._PRE+'comments'+" WHERE articleid = rart[id]")
cur.execute("DELETE FROM "._PRE+'articles'+" WHERE category = rsub[id]")
cur.execute("DELETE FROM "._PRE+'categories'+" WHERE subcat = id")
delete_cat(id)
print notification(0, '', 'snews_categories')
elif task == 'hide' or task == 'show':
id = _GET['id']
item = _GET['item']
back = _GET['back']
no_yes = 'NO' if task == 'hide' else 'YES'
if item == 'snews_articles':
order = 'artorder'
link = 'snews_articles' if not back else back
if item == 'extra_contents':
order = 'artorder'
link = 'extra_contents' if not back else back
if item == 'snews_pages':
order = 'artorder'
link = 'snews_pages' if not back else back
item = 'articles'
cur.execute("UPDATE %sitem SET visible = 'no_yes' WHERE id = 'id'" % _PRE)
print notification(0, l('please_wait'))
print '<meta http-equiv="refresh" content="1; url=%s/">' % _SITE.link
else:
print "XXX Unknown processing task"
# CATEGORIES FORM
def form_categories(subcat='cat'):
sub_cat = None
categoryid = None
name = "xxx"
if ('id' in _GET) and is_numeric(_GET.getvalue('id')) and not is_null(_GET.getvalue('id')):
categoryid = _GET.getvalue('id')
query = 'SELECT id,name,seftitle,published,description,subcat,catorder FROM '+_PRE+'categories WHERE id='+categoryid
cur = dbconnection.cursor()
result = cur.execute(query)
r = cur.fetchone()
query = "select name from "+_PRE+'categories'+" where id = "+str(r['subcat'])
jresult = cur.execute(query)
name = ''
for j in cur.fetchall():
name = j['name']
frm_action = _SITE+'?action=process&amp;id='+categoryid
frm_add_edit = l('edit')+' '+l('category') if r['subcat'] == '0' else l('edit')+' '+l('subcategory')+' '+name
frm_name = r['name']
frm_sef_title = r['seftitle']
frm_description = r['description']
frm_publish = 'ok' if r['published'] == 'YES' else ''
catorder = r['catorder']
frm_task = 'edit_category'
frm_submit = l('edit_button') # Patch #11 - 1.7.0
else:
sub_cat = _GET.getvalue('sub_id') if 'sub_id' in _GET else '0'
cur = dbconnection.cursor()
result = cur.execute('SELECT name FROM %scategories WHERE id = %s' % (_PRE, sub_cat))
for j in cur.fetchall():
name = j['name']
frm_action = _SITE+'?action=process'
frm_add_edit = l('add_category') if not sub_cat else l('add_subcategory')+' (%s)' % name
frm_sef_title = cleanSEF(_POST['name']) if 'name' in _POST else cleanSEF(_POST['seftitle']) if 'seftitle' in _POST else ""
frm_description = ''
frm_name = ''
frm_publish = 'ok'
catorder = ''
frm_task = 'add_category'
frm_submit = l('add_category')
print html_input('form', '', 'post', '', '', '', '', '', '', '', '', '', 'post', frm_action, '')
print '<div class="adminpanel">'
print '<p class="admintitle">'+frm_add_edit+'</p>' # Patch #19 - 1.7.1 - replaces fieldset string
print html_input('text', 'name', 't', frm_name, l('name'), '', 'onchange="genSEF(this,document.forms[\'post\'].seftitle)"', 'onkeyup="genSEF(this,document.forms[\'post\'].seftitle)"', '', '', '', '', '', '', '')
print html_input('text', 'seftitle', 's', frm_sef_title, l('sef_title_cat'), '', '', '', '', '', '', '', '', '', '')
print html_input('text', 'description', 'desc', frm_description, l('description'), '', '', '', '', '', '', '', '', '', '')
if (not sub_cat):
print '<p>'+l('subcategory')+': <br />'
category_list(categoryid)
print '</p>'
publish = l('publish_category') if subcat == 'cat' else l('publish_subcategory')
print html_input('checkbox', 'publish', 'pub', 'YES', publish, '', '', '', '', frm_publish, '', '', '', '', '')
print '</div><p>' # echo '</fieldset></div><p>'; # Patch #19 - 1.7.1
if (sub_cat):
print html_input('hidden', 'subcat', 'subcat', sub_cat, '', '', '', '', '', '', '', '', '', '', '')
print html_input('hidden', 'catorder', 'catorder', catorder, '', '', '', '', '', '', '', '', '', '', '')
print html_input('hidden', 'task', 'task', 'admin_category', '', '', '', '', '', '', '', '', '', '', '')
print html_input('submit', frm_task, frm_task, frm_submit, '', 'button', '', '', '', '', '', '', '', '', '')
if (categoryid):
print '&nbsp;&nbsp;'
print html_input('hidden', 'id', 'id', categoryid, '', '', '', '', '', '', '', '', '', '', '')
print html_input('submit', 'delete_category', 'delete_category', l('delete'), '', 'button', 'onclick="javascript: return pop()"', '', '', '', '', '', '', '', '')
print '</p></form>'
# ARTICLES FORM
def form_articles(contents):
session = _SESSION[_SITE+'temp'] if _SITE+'temp' in _SESSION else {}
frm_position1 = frm_position2 = frm_position3 = ''
if is_numeric(_GET.getvalue('id')) and not is_null(_GET.getvalue('id')):
id = _GET.getvalue('id')
cur = dbconnection.cursor()
query = cur.execute('SELECT * FROM '+_PRE+'articles WHERE id='+id)
r = cur.fetchone()
article_category = r['category']
edit_option = 1 if r['position']==0 else r['position']
edit_page = r['page_extra']
extraid = r['extraid']
if edit_option == 1:
frm_fieldset = l('edit')+' '+l('article')
toggle_div='show'
frm_position1 = 'selected="selected"'
if edit_option == 2:
frm_fieldset = l('edit')+' '+l('extra_contents')
toggle_div='show'
frm_position2 = 'selected="selected"'
if edit_option == 3:
frm_fieldset = l('edit')+' '+l('page')
toggle_div='show'
frm_position3 = 'selected="selected"'
frm_action = _SITE+'?action=process&amp;task=admin_article&amp;id='+id
frm_title = session['title'] if 'title' in session else r['title']
frm_sef_title = cleanSEF(session['seftitle']) if 'seftitle' in session else r['seftitle']
frm_text = (session['text'] if 'text' in session else r['text']).replace('&', '&amp;')
frm_meta_desc = cleanSEF(session['description_meta']) if 'description_meta' in session else r['description_meta']
frm_meta_key = cleanSEF(session['keywords_meta']) if 'keywords_meta' in session else r['keywords_meta']
frm_display_title = 'ok' if r['displaytitle'] == 'YES' else ''
frm_display_info = 'ok' if r['displayinfo'] == 'YES' else ''
frm_publish = 'ok' if r['published'] == 1 else ''
show_in_subcats = 'ok' if r['show_in_subcats'] == 'YES' else ''
frm_showonhome = 'ok' if r['show_on_home'] == 'YES' else ''
frm_commentable = 'ok' if (r['commentable'] == 'YES' or r['commentable'] == 'FREEZ') else ''
frm_task = 'edit_article'
frm_submit = l('edit_button')
# Patch #11 - 1.7.0
else:
if contents == 'article_new':
frm_fieldset = l('article_new')
toggle_div=''
pos = 1
frm_position1 = 'selected="selected"'
if contents == 'extra_new':
frm_fieldset = l('extra_new')
toggle_div=''
pos = 2
frm_position2 = 'selected="selected"'
if contents == 'page_new':
frm_fieldset = l('page_new')
toggle_div=''
pos = 3
frm_position3 = 'selected="selected"'
if not frm_fieldset:
frm_fieldset = l('article_new')
frm_action = _SITE+'?action=process&amp;task=admin_article'
frm_title = session['title']
frm_sef_title = cleanSEF(session['seftitle'])
frm_text = session['text']
frm_meta_desc = cleanSEF(session['description_meta'])
frm_meta_key = cleanSEF(session['keywords_meta'])
frm_display_title = 'ok'
frm_display_info = '' if contents == 'extra_new' else 'ok'
frm_publish = 'ok'
show_in_subcats = 'ok'
frm_showonhome = 'ok' if s('display_new_on_home') == 'on' else ''
frm_commentable = '' if (contents == 'extra_new' or contents == 'page_new' or s('enable_comments') != 'YES') else 'ok'
frm_task = 'add_article'
frm_submit = l('submit')
cur.execute("SELECT COUNT(id) as catnum FROM %scategories" % _PRE)
catnum = cur.fetchone()
if contents == 'article_new' and catnum['catnum'] < 1:
print l('create_cat')
else:
print html_input('form', '', 'post', '', '', '', '', '', '', '', '', '', 'post', frm_action, '')
print '<div class="adminpanel">'
if toggle_div=='show':
# Patch #19 - 1.7.1 - replaces fieldset string
print '<p class="admintitle"><a onclick="snews_toggle(\'edit_article\')" style="cursor: pointer;" title="'+frm_fieldset+'">%s</a></p>' % frm_fieldset
print '<div id="edit_article" style="display: nonexxx;">'
else:
print '<p class="admintitle">%s</p>' % frm_fieldset
# Patch #19 - 1.7.1 - replaces fieldset string
print html_input('text', 'title', 'at', frm_title, l('title'), '', 'onchange="genSEF(this,document.forms[\'post\'].seftitle)"', 'onkeyup="genSEF(this,document.forms[\'post\'].seftitle)"', '', '', '', '', '', '', '')
if contents == 'extra_new' or edit_option == 2:
print '<div style="display: xxxnone;">'
print html_input('text', 'seftitle', 'as', frm_sef_title, l('sef_title'), '', '', '', '', '', '', '', '', '', '')
print '</div>'
else:
print html_input('text', 'seftitle', 'as', frm_sef_title, l('sef_title'), '', '', '', '', '', '', '', '', '', '')
print html_input('textarea', 'text', 'txt', frm_text, l('text'), '', '', '', '', '', '2', '100', '', '', '')
buttons()
if contents != 'page_new' and edit_option != 3:
print '<p><label for="cat">'
print l('appear_category') if (contents == 'extra_new' or edit_option == 2) else l('category')
if contents == 'extra_new' or edit_option == 2:
print ':</label><br /><select name="define_category" id="cat" onchange="dependancy(\'extra\');">'
print '<option value="-1"'+(' selected="selected"' if article_category == -1 else '')+'>%s</option>' % l('all')
print '<option value="-3"'+(' selected="selected"' if article_category == -3 else '')+'>%s</option>' % l('page_only')
else:
print ':</label><br /><select name="define_category" id="cat" onchange="dependancy(\'snews_articles\');">'
category_query = 'SELECT id,name,subcat FROM '+_PRE+'categories WHERE published = \'YES\' AND subcat = 0 ORDER BY catorder,id ASC'
category_result = cur.execute(category_query)
for cat in cur.fetchall():
print '<option value="%s"' % cat['id']
if article_category == cat['id']:
print ' selected="selected"'
print '>%s</option>' % cat['name']
subquery = 'SELECT id,name,subcat FROM '+_PRE+'categories WHERE subcat = '+cat['id']+' ORDER BY catorder,id ASC'
# XXX Bug : use separate cursor
subresult = cur.execute(subquery)
for s in cur.fetchall():
print '<option value="%s"' % s['id']
if article_category == s['id']:
print ' selected="selected"'
print '>--%s</option>' % s['name']
print '</select></p>'
if contents == 'extra_new' or edit_option == 2:
none_display = 'none' if article_category == -1 else 'inline'
print '<div id="def_page" style="display:'+none_display+';"><p><label for="dp">'+l('appear_page')+':</label><br /><select name="define_page" id="dp">'
print '<option value="0"'+(' selected="selected"' if edit_option != '2' else '')+'>%s</option>' % l('all')
query = 'SELECT id,title FROM %sarticles WHERE position = 3 ORDER BY id ASC' % _PRE
result = cur.execute(query)
for r in cur.fetchall():
print '<option value="%s"' % r['id']
if edit_page == r['id']:
print ' selected="selected"'
print '>%s</option>' % r['title']
print '</select><br />'+ html_input('checkbox', 'show_in_subcats', 'asc', 'YES', l('show_in_subcats'), '', '', '', '', show_in_subcats, '', '', '', '', '')+'</p></div>'
if contents == 'article_new' or edit_option == 1:
print html_input('checkbox', 'show_on_home', 'sho', 'YES', l('show_on_home'), '', '', '', '', frm_showonhome, '', '', '', '', '')
print html_input('checkbox', 'publish_article', 'pu', 'YES', l('publish_article'), '', '', '', '', frm_publish, '', '', '', '', '')
if toggle_div=='show':
print '</div>'
print '</div>'
#print '</fieldset></div>'
# Patch #19 - 1.7.1
print '<div class="adminpanel">'
# Patch #19 - 1.7.1 - replaces fieldset string
print '<p class="admintitle"><a onclick="snews_toggle(\'preview\')" style="cursor: pointer;" title="'+l('preview')+'">%s</a></p>' % l('preview')
print '<div id="preview" style="display: xxxnone;"></div>'
print '</div>'
#print '</fieldset></div>'
# Patch #19 - 1.7.1
print '<div class="adminpanel">'
# Patch #19 - 1.7.1 - replaces fieldset string
print '<p class="admintitle"><a onclick="snews_toggle(\'customize\')" style="cursor: pointer;" title="'+l('customize')+'">%s</a></p>' % l('customize')
print '<div id="customize" style="display: xxxnone;">'
if contents == 'extra_new' or edit_option == 2:
if s('enable_extras') == 'YES':
print '<p><label for="ext">%s</label><br />' % l('define_extra')
print '<select name="define_extra" id="ext">'
extra_query = 'SELECT id,name FROM %sextras ORDER BY id ASC' % _PRE
extra_result = cur.execute(extra_query)
for ex in cur.fetchall():
print '<option value="%s"' % ex['id']
if extraid == ex['id']:
print ' selected="selected"'
print '>%s</option>' % ex['name']
print '</select></p>'
else:
print html_input('hidden', 'define_extra', 'ext', 1, '', '', '', '', '', '', '', '', '', '', '')
if id:
print '<p><label for="pos">'+l('position')+':</label><br /><select name="position" id="pos">'
print '<option value="1"'+frm_position1+'>%s</option>' % l('center')
print '<option value="2"'+frm_position2+'>%s</option>' % l('side')
print '<option value="3"'+frm_position3+'>%s</option>' % l('display_page')
print '</select></p>'
else:
print html_input('hidden', 'position', 'position', pos, '', '', '', '', '', '', '', '', '', '', '')
if contents != 'extra_new' and edit_option != '2':
print html_input('text', 'description_meta', 'dm', frm_meta_desc, l('description_meta'), '', '', '', '', '', '', '', '', '', '')
print html_input('text', 'keywords_meta', 'km', frm_meta_key, l('keywords_meta'), '', '', '', '', '', '', '', '', '', '')
print html_input('checkbox', 'display_title', 'dti', 'YES', l('display_title'), '', '', '', '', frm_display_title, '', '', '', '', '')
# Patch #2 - 1.7.0
if contents != 'extra_new' and edit_option != '2':
print html_input('checkbox', 'display_info', 'di', 'YES', l('display_info'), '', '', '', '', frm_display_info, '', '', '', '', '')
print html_input('checkbox', 'commentable', 'ca', 'YES', l('enable_commenting'), '', '', '', '', frm_commentable, '', '', '', '', '')
if id:
print '<p><input name="freeze" type="checkbox" id="fc"'
if r['commentable'] == 'FREEZ':
print ' checked="checked" />'
else:
print ' />'
print ' <label for="fc"> %s</label></p>' % l('freeze_comments')
print '</div></div>'
#print '</div></fieldset></div>'
# Patch #19 - 1.7.1
if contents == 'article_new' or edit_option == 1:
print '<div class="adminpanel">'
# Patch #19 - 1.7.1 - replaces fieldset string
print '<p class="admintitle"><a onclick="snews_toggle(\'admin_publish_date\')" style="cursor: pointer;" title="'+l('publish_date')+'">%s</a></p>' % l('publish_date')
print '<div id="admin_publish_date" style="display: xxxnone;">'
# Patch Nov.22.09 - 1 new string, defines check-box status.
onoff_status = 'ok' if r['published'] == '2' else ''
# Variable inserted in check-box string show is as checked if enabled.
print html_input('checkbox', 'fposting', 'fp', 'YES', l('enable'), '', '', '', '', onoff_status, '', '', '', '', '')
print '<p>'+l('server_time')+': %s</p>' % date('d.m.Y. H:i:s')
print '<p>%s</p>' % l('article_date')
if id : posting_time(r['date'])
else: posting_time()
print '</div></div>'
#print '</div></fieldset></div>'
# Patch #19 - 1.7.1
print '<p>'
print html_input('hidden', 'task', 'task', 'admin_article', '', '', '', '', '', '', '', '', '', '', '')
print html_input('submit', frm_task, frm_task, frm_submit, '', 'button', '', '', '', '', '', '', '', '', '')
if id:
print html_input('hidden', 'article_category', 'article_category', article_category, '', '', '', '', '', '', '', '', '', '', '')
print html_input('hidden', 'id', 'id', id, '', '', '', '', '', '', '', '', '', '', '')
print html_input('submit', 'delete_article', 'delete_article', l('delete'), '','button', 'onclick="javascript: return pop()"', '', '', '', '', '', '', '', '')
print '</p></form>'
# CATEGORIES - ADMIN LIST
def admin_categories(): # Patch #19 - 1.7.1 - replaces fieldset string
add = ' - <a href="admin_category/">%s</a>' % l('add_new')
link = '?action=admin_category'
tab = 1
print '<div class="adminpanel">'
print '<p class="admintitle">%s</p>' % (l('categories')+add)
print html_input('form', '', 'post', '', '', '', '', '', '', '', '', '', 'post', '?action=process&amp;task=reorder', '')
print '<p><input type="hidden" name="order" id="order" value="snews_categories" /></p>'
query = 'SELECT id, name, description, published, catorder FROM %scategories WHERE subcat = 0 ORDER BY catorder,id ASC' % _PRE
cur = dbconnection.cursor()
result = cur.execute(query)
if (not result or not mysql_num_rows(result)):
print '<p>%s</p>' % l('category_not_exist')
else:
for r in cur.fetchall():
cat_input = '<input type="text" name="cat_'+str(r['id'])+'" value="'+str(r['catorder'])+'" size="1" tabindex="%s" /> &nbsp;' % tab
print '<p>'+cat_input+'<strong>'+r['name']+'</strong>'+l('divider')+' <a href="'+_SITE+link+'&amp;id='+str(r['id'])+'" title="'+r['description']+'">%s</a> ' % l('edit')
print ' '+l('divider')+' ['+l('status')+' '+l('unpublished')+']' if r['published'] != 'YES' else ''
print ' '+l('divider')+' <a href="'+_SITE+link+'&amp;sub_id='+str(r['id'])+'" title="'+r['description']+'">%s</a></p>' % l('add_subcategory')
subquery = 'SELECT id,name,description,published,catorder FROM '+_PRE+'categories WHERE subcat = %s ORDER BY catorder,id ASC' % r['id']
subcur = dbconnection.cursor()
subcur.execute(subquery)
tab2 = 1
for sub in subcur.fetchall():
subcat_input = '<input type="text" name="cat_'+str(sub['id'])+'" value="'+str(sub['catorder'])+'" size="1" tabindex="%s" /> &nbsp;' % tab2
print '<p class="subcat">'+subcat_input+'<strong>'+sub['name']+'</strong>'+l('divider')+' <a href="'+_SITE+link+'&amp;id='+str(sub['id'])+'" title="'+sub['description']+'">%s</a> ' % l('edit')
print ' '+l('divider')+' ['+l('status')+' '+l('unpublished')+']' if sub['published'] != 'YES' else ''
print '</p>'
tab2+=1
tab+=1
print '<p>'+html_input('submit', 'reorder', 'reorder', l('order_content'), '', 'button', '', '', '', '', '', '', '', '', '')
print '</p></form>'
print '</div>'
# CONNECT TO DATABASE
dbconnection = None;
def connect_to_db():
global dbconnection
cur = None
try:
# cursorclass=MySQLdb.cursors.DictCursor seems to be defined only after the 1st call ???
dbconnection = MySQLdb.connect(db('dbhost'), db('dbuname'), db('dbpass'), db('dbname'),charset='utf8')
dbconnection = MySQLdb.connect(db('dbhost'), db('dbuname'), db('dbpass'), db('dbname'),cursorclass=MySQLdb.cursors.DictCursor)
cur = dbconnection.cursor()
cur.execute("SHOW TABLES LIKE '"+_PRE+'articles'+"'")
data = cur.fetchone()
# DEBUG print data
if data is None:
print l('db_tables_error')
# RAISE !
if cur:
cur.close;
EN.l['cat_listSEF'] = 'contact,login'
EN.l['cat_listSEF'] = 'login'; # SEECHAC
if (_ADMIN): EN.l['cat_listSEF'] += ',administration,admin_category,admin_article,article_new,extra_new,page_new,snews_categories,snews_articles,extra_contents,snews_pages,snews_settings,snews_files,logout,groupings,admin_groupings'
#divider character
EN.l['divider'] = '&middot;'
# used in article pagination links
EN.l['paginator'] = 'p_'
EN.l['comment_pages'] = 'c_'
# list of files & folders ignored by upload/file list routine
EN.l['ignored_items'] = '.,..,cgi-bin,.htaccess,Thumbs.db,snews.php,index.php,lib.php,style.css,admin.js,'+s('language')+'.php'
except MySQLdb.Error, e:
print "Error %d: %s" % (e.args[0],e.args[1])
if dbconnection:
dbconnection.close()
sys.exit(1)
# SMART RETRIEVE FUNCTION
def populate_retr_cache():
global retr_cache_cat_id, retr_cache_cat_sef
cur = dbconnection.cursor()
cur.execute('SELECT id, seftitle, name FROM '+_PRE+'categories')
for r in cur.fetchall():
retr_cache_cat_id[r['id']] = r['seftitle']
retr_cache_cat_sef[r['seftitle']] = r['name']
retr_init = False
retr_cache_cat_id = retr_cache_cat_sef = {}
def retrieve(column, table, field, value):
if is_null(value):
return None
if (table == 'categories'):
global retr_cache_cat_id, retr_cache_cat_sef, retr_init
if ( not retr_init):
populate_retr_cache()
retr_init = True
if (column == 'name'):
return retr_cache_cat_sef[value]
elif (column == 'seftitle'):
return retr_cache_cat_id[value]
cur = dbconnection.cursor()
cur.execute("SELECT %s FROM %s%s WHERE %s = '%s'" % (column,_PRE,table,field,value))
for r in cur.fetchall():
retrieve = r[column]
return retrieve
#NOTIFICATION
def notification(error = 0, note = '', link = ''):
# adds a "Warning" option
title = l('operation_completed') if error == 0 else (l('admin_error') if error != 0 else l('warning'))
note = '' if (note is None or not note) else '<p>%s</p>' % note
if link is None:
goto = ''
elif link == 'home':
goto = '<p><a href="'+_SITE+'">%s</a></p>' % l('backhome')
elif link != 'home':
goto = '<p><a href="'+_SITE+link+'/" title="'+link+'">%s</a></p>' % l('back')
if error == 2:
_SESSION[_SITE+'fatal'] = '' if note == '' else '<h3>'+title+'</h3>'+note+goto
print '<meta http-equiv="refresh" content="0; url=%s/">' % _SITE+link
return
else:
output = '<h3>'+title+'</h3>'+note+goto
return output
# LOGIN LOGOUT LINK
def login_link() :
login = '<a href="'+_SITE
login += ('administration/" title="'+l('administration')+'">'+l('administration')+'</a> '+l('divider')+' <a href="'+_SITE+'logout/" title="'+l('logout')+'">'+l('logout')) if _ADMIN else ('login/" title="'+l('login')+'">'+l('login'))
login += '</a>'
print login
# RETRIEVE CATEGORIES OR SUBCATEGORIES FROM DB
def retr_categories(parent = 0):
global dbconnection
qwr = ' AND a.visible=\'YES\'' if not _ADMIN else '';
if (s('num_categories') == 'on'):
query = """SELECT c.seftitle, c.name, description, c.id AS parent, COUNT(DISTINCT a.id) as total
FROM %scategories AS c
LEFT OUTER JOIN %sarticles'.' AS a
ON (a.category = c.id AND a.position = 1 AND a.published = 1 %s)
WHERE c.subcat = %d AND c.published = 'YES'
GROUP BY c.id
ORDER BY c.catorder,c.id""" % (_PRE, _PRE, parent);
else:
query = """SELECT c.seftitle, c.name, description, c.id AS parent
FROM %scategories AS c
WHERE c.subcat = %d AND c.published = 'YES'
GROUP BY c.id
ORDER BY c.catorder,c.id""" % (_PRE, parent);
cur = dbconnection.cursor()
cur.execute(query)
tab = [];
for r in cur.fetchall():
tab.append(r)
return tab;
def getUrlInformation(urlstring):
global dbconnection
global commentsPage,pageNum;
URI = urlstring.split('/')
while(len(URI)>0 and len(URI[0])==0): del(URI[0]);
while(len(URI)>0 and len(URI[len(URI)-1])==0): del(URI[len(URI)-1]);
if (len(URI)>0 and URI[len(URI)-1].find(l('comment_pages'))==0 and is_numeric(substr(URI[len(URI)-1], strlen(l('comment_pages'))))):
commentsPage = substr(URI[len(URI)-1], strlen(l('comment_pages')));
del(URI[len(URI)-1]);
if URI:
item = URI[len(URI)-1]
if item.find(l('paginator'))==0:
suffix = item[strlen(l('paginator')):]
if is_numeric(suffix):
pageNum = int(suffix)
del(URI[len(URI)-1]);
# print URI;print '<p>\n'
''' /*
/ Category / subcategory / article /
/ Category / subcategory /
/ Category / article /
/ Category /
/ Page /
*/'''
if (_ADMIN):
pub_a = ''; pub_c = ''; pub_x = '';
else:
pub_a = ' AND a.published = 1';
pub_c = ' AND c.published =\'YES\'';
pub_x = ' AND x.published =\'YES\'';
if len(URI)==3:
MainQuery = '''SELECT
a.id AS id, title, position, description_meta, keywords_meta,
c.id AS catID, c.name AS name, c.description, x.name AS xname,
x.seftitle as categorySEF, c.seftitle as subcatSEF
FROM '''+_PRE+'articles'+''' AS a,
'''+_PRE+'categories'+''' AS c
LEFT JOIN '''+_PRE+'categories'+''' AS x
ON c.subcat=x.id
WHERE a.category=c.id
'''+pub_a+pub_c+pub_x+'''
AND x.seftitle="'''+URI[0]+'''"
AND c.seftitle="'''+URI[1]+'''"
AND a.seftitle="'''+URI[2]+'"';
elif len(URI)==2:
MainQuery = '''SELECT
a.id AS id, title, position, description_meta, keywords_meta,
c.id as catID, name, description, subcat, c.seftitle as categorySEF, NULL as xname, a.seftitle as subcatSEF
FROM '''+_PRE+'articles'+''' AS a
LEFT JOIN '''+_PRE+'categories'+''' AS c
ON category = c.id
WHERE c.seftitle = "'''+URI[0]+'''"
AND a.seftitle ="'''+URI[1]+'''"
'''+pub_a+pub_c+'''
AND subcat = 0
UNION
SELECT
NULL, NULL, 0, NULL, NULL, c.id, c.name, c.description, c.subcat, x.seftitle, x.name, c.seftitle
FROM '''+_PRE+'categories'+''' AS x
LEFT JOIN '''+_PRE+'categories'+''' AS c
ON c.subcat = x.id
WHERE x.seftitle = "'''+URI[0]+'''"
AND c.seftitle = "'''+URI[1]+'''"
'''+pub_c+pub_x
elif len(URI)==1:
MainQuery = '''SELECT
a.id as id, title, description_meta, keywords_meta, position, category as catID, a.seftitle as categorySEF, name, description
FROM '''+_PRE+'articles'+''' AS a
LEFT JOIN '''+_PRE+'categories'+''' AS c
ON category = c.id
WHERE a.seftitle = "'''+URI[0]+'''"
'''+pub_a+'''
AND position = 3
UNION
SELECT
NULL, NULL, NULL, NULL, 0, c.id AS catID, seftitle, name, description
FROM '''+_PRE+'categories'+''' AS c
WHERE c.seftitle = "'''+URI[0]+'''"
AND subcat = 0
'''+pub_c;
elif len(URI)==0:
MainQuery = '''SELECT
id, title, category, description_meta, keywords_meta, position
FROM '''+_PRE+'articles'+''' AS a
WHERE id = "'''+s('display_page')+'''"
'''+pub_a+' AND position = 3';
else:
assert(False)
cur = dbconnection.cursor()
result = cur.execute(MainQuery)
D = cur.fetchone();
if (D is None):
# ethier page not found or builtin page
D = {}
if check_category(URI[0]):
D['categorySEF'] = URI[0];
else:
D['categorySEF'] = '404';
D['description'] = '404';
header('HTTP/1.1 404 Not Found');
return D;
#CATEGORY CHECK
def check_category(category) :
main_menu = l('cat_listSEF').split(',')
return category in main_menu
# CHECK IF UNIQUE
def check_if_unique(what, text, not_id, subcat):
text = clean(text)
if what == 'article_seftitle':
sql = _PRE+'articles WHERE seftitle = "'+text+('" AND category = '+not_id if not_id else '"')
elif what == 'article_title':
sql = _PRE+'articles WHERE title = "'+text+('" AND category = '+not_id if not_id else '"')
elif what == 'subcat_seftitle':
sql = _PRE+'categories WHERE seftitle = "'+text+'" AND subcat = '+subcat
elif what == 'subcat_name':
sql = _PRE+'categories WHERE name = "'+text+'" AND subcat = '+subcat
elif what == 'cat_seftitle_edit':
sql = _PRE+'categories WHERE seftitle = "'+text+'" AND id != '+not_id
elif what == 'cat_name_edit':
sql = _PRE+'categories WHERE name = "'+text+'" AND id != '+not_id
elif what == 'subcat_seftitle_edit':
sql = _PRE+'categories WHERE seftitle = "'+text+'" AND subcat = '+subcat+' AND id != '+not_id
elif what == 'subcat_name_edit':
sql = _PRE+'categories WHERE name = "'+text+'" AND subcat = '+subcat+' AND id != '+not_id
elif what == 'group_seftitle':
sql = _PRE+'extras WHERE seftitle = "'+text+('" AND id != '+not_id if not_id else '"')
elif what == 'group_name':
sql = _PRE+'extras WHERE name = "'+text+('" AND id != '+not_id if not_id else '"')
cur = dbconnection.cursor()
result = cur.execute('SELECT count(id) FROM '+sql)
rows = cur.fetchone()
return rows == 0 # XXX test this function
# ARTICLES - FUTURE POSTING
def update_articles() :
last_date = s('last_date')
updatetime = strtotime(last_date) if last_date else time.time()
dif_time = time.time() - updatetime
if (not(last_date) or dif_time > 1200) :
cur = dbconnection.cursor()
cur.execute("""UPDATE %sarticles
SET published=1
WHERE published=2
AND date <= NOW()""" % _PRE)
cur.execute("""UPDATE %ssettings
SET value=NOW()
WHERE name='last_date'""" % _PRE)
connect_to_db()
EN.l['cat_listSEF'] = 'archive,contact,sitemap,login';
if (_ADMIN):
EN.l['cat_listSEF'] += ',administration,admin_category,admin_article,article_new,extra_new,page_new,snews_categories,snews_articles,extra_contents,snews_pages,snews_settings,snews_files,logout,groupings,admin_groupings'
if 'PATH_INFO' in os.environ:
url=os.environ['PATH_INFO']
else:
url='/'
R = getUrlInformation(url)
if 'categorySEF' in R: categorySEF = R['categorySEF'];
if 'subcatSEF' in R: subcatSEF = R['subcatSEF'];
if 'category' in R: _CAT = R['category'];
if 'id' in R: _ID = R['id'];
if 'title' in R: _TITLE = R['title'];
if 'position' in R: _POS = R['position'];
if 'catID' in R: _catID = R['catID'];
if 'name' in R: _NAME = R['name'];
if 'xname' in R: _XNAME = R['xname'];
if 'keywords_meta' in R: _KEYW = R['keywords_meta'];
if 'description_meta' in R: _DESCR = R['description_meta']
elif 'description' in R: _DESCR = R['description'];
else: _DESCR = None
# set comments page for / category / article /
# xxx missing
# MATH CAPTCHA - // Patch #18 - 1.7.1 - revised function by KikkoMax
def mathCaptcha():
return "mathCaptcha"
# CHECK MATH CAPTCHA RESULT
def checkMathCaptcha():
return True
# CLEAN CHECK SEF
def cleancheckSEF(string):
ret = 'notok' if not preg_match('/^[a-z0-9-_]+$/i', string) else 'ok';
return ret
def clean(s):
# XXX TODO
return s
def cleanXSS(s):
# XXX TODO
return s
def mysql_num_rows(s):
# XXX TODO
print "xxx mysql_num_rows not implemented"
return 1
# xxx placeholder
def stripslashes(s):
return s.decode('string_escape')
# php/Python equiv
def strpos(string, pattern):
if string is None:
return None
return string.find(pattern)
def explode(separator,string):
return string.split(separator)
def strlen(string):
return len(string)
def is_null(s):
return s is None
def is_numeric(string):
try:
int(string)
return True
except ValueError:
return False
except TypeError:
return False
def implode(s,array):
return s.join(array)
def unixtime():
return 0
def mktime(xxx):
return ""
def substr(s,start,len):
return s is not None and s[start:start+len]
def date(f,s):
# XXX TODO
return "Today"
def strtotime(t):
if type(t) is str:
t = datetime.strptime(t,"%Y-%m-%d %H:%M:%S")
return time.mktime(t.timetuple())
elif type(t) is datetime:
return time.mktime(t.timetuple())
else:
print "xxx ", type(t)
assert False
def header(x):
# XXX return http header
return
def entity(x):
return x
#
# XXX DEBUG & TESTS
sys.path.append('Jinja2-2.6')
sys.path.append('Jinja2-2.6/jinja2')
from jinja2 import Environment, PackageLoader, Template
from loaders import FileSystemLoader
template = Template('Hello {{ name }}!')
#print template.render(name='John Doe')
env = Environment(loader=FileSystemLoader('.'))
retr_categories()
update_articles()
def snewsdebug():
print "BEGIN DEBUG"
print '<table border=1>'
for item in R:
print '<tr><td>'+item+'<td>'+str(R[item])
print '</table>'
print "<p>ID %s _catID %s<p>" % (_ID,_catID)
print os.environ
print R
login_link()
categories()
breadcrumbs()
print "<p>"
template = env.get_template('index.html')
print template.render(title=s('website_title'), website_description=s('website_description'))
print "<p>"
print _GET
print "END DEBUG"
if not os.path.exists('.sessions'):
os.mkdir('.sessions')
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment