Skip to content

Instantly share code, notes, and snippets.

@skiane

skiane/snews.py

Forked from anonymous/snews.py
Last active December 15, 2015 08:39
Show Gist options
  • Save skiane/5232989 to your computer and use it in GitHub Desktop.
Save skiane/5232989 to your computer and use it in GitHub Desktop.
Download ZIP
sNews in Python
Raw
snews.py
#!/usr/bin/python
# -*- coding: UTF-8 -*-
# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4
"""
XXX BUG Protect search field
XXX BUG missing last char (not anymore ?)
XXX TODO test form_groupings
XXX BUG not error mess when wrong login
"""
from __future__ import print_function
import sys
import os
import math
import re
from cgi import escape, FieldStorage
import MySQLdb
import time
from datetime import datetime
import Cookie
from hashlib import md5
# Using JINJA2 template
sys.path.append('Jinja2-2.6')
sys.path.append('Jinja2-2.6/jinja2')
from jinja2 import Environment, PackageLoader, Template
from loaders import FileSystemLoader
def html_option_selected(condition):
html_text=' selected="selected" '
return html_text if condition else ''
reload(sys)
sys.setdefaultencoding("utf8")
import codecs
sys.stdout = codecs.getwriter('utf8')(sys.stdout)
import cgitb
cgitb.enable()
def headers():
""" XXX
hs = Cookie.SimpleCookie()
if 'HTTP_COOKIE' in os.environ:
hs.load(os.environ['HTTP_COOKIE'])
if 'id' in hs:
hs['id'] = ''
hs['id']['expires'] = 'Thu, 01 Jan 1970 00:00:00 GMT'
"""
print("Content-Type: text/html; charset=utf-8")
_SESSION.sendCookies()
print("")
from pynewssettings import db
import simple_session
_SESSION = simple_session.Session()
_DEBUG = {}
def trace(str):
global _DEBUG
if not 'tracestr' in _DEBUG:
_DEBUG['tracestr'] = ''
_DEBUG['tracestr'] += str + ' ;<p> '
def site():
website = host = ''
directory = '/'
host = os.environ['SERVER_NAME'] if 'SERVER_NAME' in os.environ \
else 'localhost'
try:
#directory = os.path.dirname(os.environ['SCRIPT_NAME'])
directory = os.environ['SCRIPT_NAME']
finally:
website = 'http://'+(host+'/' if directory == '/' else host+directory+'/')
return website
# XXX import correct LANG file
import EN
EN.l['hidden'] = 'hidden' # XXX Missing ?
EN.l['please_wait'] = 'Please wait' # XXX Missing ?
EN.l['cat_listSEF'] = ""
#divider character
EN.l['divider'] = '&middot;'
# used in article pagination links
EN.l['paginator'] = 'p_'
EN.l['comment_pages'] = 'c_'
# list of files & folders ignored by upload/file list routine
EN.l['ignored_items'] = '.,..,cgi-bin,.htaccess,Thumbs.db,snews.php,index.php,lib.php,style.css,admin.js,'
def l(s):
assert s in EN.l
return EN.l[s]
# INFO LINE TAGS (readmore, comments, date)
def tags(t):
ts = {
'infoline': '<p class="date">,readmore,comments,date,edit,</p>',
'comments': '<p class="meta">,name,%s,date,edit,</p>,<p class="comment">,comment,</p>' % l('on')
}
return ts[t]
# SITE SETTINGS - grab site settings from database
site_settings = {}
def s(var):
global dbconnection
global site_settings
if not site_settings:
cur = dbconnection.cursor()
query = 'SELECT name,value FROM %ssettings' % _PRE
cur.execute(query)
for r in cur.fetchall():
site_settings[r['name']] = r['value']
if 'display_page' in site_settings:
site_settings['display_page'] = int(site_settings['display_page'])
value = site_settings[var]
return value
#TITLE
def title():
global categorySEF, _DESCR, TITL, _NAME, _XNAME, R
print('<base href="%s" />' % _SITE)
stitle = _TITLE+' - ' if _TITLE else ''
stitle += _NAME+' - ' if _NAME else ''
stitle += _XNAME+' - ' if _XNAME else ''
if check_category(categorySEF) and categorySEF != 'administration' and categorySEF:
stitle += l(categorySEF)+' - '
stitle += s('website_title')
desc = _DESCR if _DESCR else s('website_description')
keyw = R['keywords_meta'] if 'keywords_meta' in R and R['keywords_meta'] else s('website_keywords')
print("""<title>%s</title>
<meta http-equiv="Content-Type" content="text/html; charset=%s" />
<meta name="description" content="%s" />
<meta name="keywords" content="%s" />""" % (stitle, s('charset'), desc, keyw))
if _ADMIN:
print('<script type="text/javascript">')
#XXX include('js/admin.js')
print('</script>')
# BREADCRUMBS
def breadcrumbs():
global dbconnection
global categorySEF, subcatSEF, _POS, _TITLE, _NAME, _XNAME, _SITE
link = '<a href="'+_SITE+''
if _ADMIN:
print(link+'administration/" title="'+l('administration')+'">'+l('administration')+'</a> '+l('divider')+' ')
print(link+'">'+l('home')+'</a>' if (categorySEF) else l('home'))
if (categorySEF) and not check_category(categorySEF):
if subcatSEF:
print(' '+l('divider')+' '+link+categorySEF+'/">'+(_XNAME if _XNAME else _NAME)+'</a>')
elif _NAME:
print(' '+l('divider')+' '+_NAME)
if subcatSEF and _XNAME:
print((' '+l('divider')+' '+link+categorySEF+'/'+subcatSEF+'/">'+_NAME+'</a>' if _POS == 1 else ' '+l('divider')+' '+_NAME))
if _TITLE:
print(' '+l('divider')+' '+_TITLE)
if check_category(categorySEF) and categorySEF != 'administration' and categorySEF:
print(' '+l('divider')+' '+l(categorySEF))
# LOGIN LOGOUT LINK
def login_link():
login = '<a href="'+_SITE
login += ('administration/" title="'+l('administration')+'">'+l('administration')+'</a> '+l('divider')+' <a href="'+_SITE+'logout/" title="'+l('logout')+'">'+l('logout')) if _ADMIN else ('login/" title="'+l('login')+'">'+l('login'))
login += '</a>'
print(login)
# DISPLAY CATEGORIES
def categories():
def subcategories(parent):
global categorySEF, subcatSEF
tab = retr_categories(parent)
if len(tab) > 0:
print('<ul>')
for s in tab:
subSEF = s['seftitle']
cssclass = ' class="current"' if subSEF == subcatSEF else ''
num = ('(%s)' % s['total']) if 'total' in s else ''
print('<li class="subcat"><a'+cssclass+' href="'+_SITE+categorySEF+'/'+subSEF+'/" title="'+s['description']+'">'+s['name']+num+'</a></li>')
print('</ul>')
global categorySEF
tab = retr_categories()
if tab:
for r in tab:
category_title = r['seftitle']
r['name'] = l('uncategorised') if (s('language') != 'EN' and r['name'] == 'Uncategorized' and r['parent'] == 1) else r['name']
cssclass = ' class="current"' if category_title == categorySEF else ''
num = '(%d)' % r['total'] if 'total' in r else ''
print('<li><a'+cssclass+' href="'+_SITE+category_title+'/" title="'+r['name']+' - '+r['description']+'">'+r['name']+num+'</a>')
parent = r['parent']
if category_title == categorySEF:
subcategories(parent)
print('</li>')
else:
print('<li>'+l('no_categories')+'</li>')
# DISPLAY PAGES
def pages():
global categorySEF, _ID
qwr = ' AND visible=\'YES\'' if not _ADMIN else ''
cssclass = ' class="current"' if not(categorySEF) else ''
print('<li><a'+cssclass+' href="'+_SITE+'">%s</a></li>' % l('home'))
cssclass = ' class="current"' if (categorySEF == 'archive') else ''
print('<li><a'+cssclass+' href="'+_SITE+'archive/">%s</a></li>' % l('archive'))
query = "SELECT id, seftitle, title FROM %sarticles WHERE position = 3 %s ORDER BY artorder ASC, id" % (_PRE, qwr)
cur = dbconnection.cursor()
cur.execute(query)
num = 0
for r in cur.fetchall():
title = r['title']
cssclass = ' class="current"' if (categorySEF == r['seftitle']) else ''
cssclass = ' class="current"' if (_ID == r['id']) else ''
if r['id'] != s('display_page'):
print('<li'+cssclass+'><a href="'+_SITE+r['seftitle']+'/">%s</a></li>' % title)
num += 1
if check_category('contact'):
cssclass = ' class="current"' if (categorySEF == 'contact') else ''
print('<li><a'+cssclass+' href="'+_SITE+'contact/">%s</a></li>' % l('contact'))
cssclass = ' class="current"' if (categorySEF == 'sitemap') else ''
print('<li><a'+cssclass+' href="'+_SITE+'sitemap/">%s</a></li>' % l('sitemap'))
#EXTRA CONTENT
def extra(mode='', styleit=False, classname='', idname=''):
global categorySEF, subcatSEF, articleSEF, _ID, _catID
if not mode:
mode = retrieve('seftitle', 'extras', 'id', 1)
if not _ADMIN:
qwr = ' AND visible=\'YES\''
else:
qwr = ''
mode.lower()
getExtra = retrieve('id', 'extras', 'seftitle', mode)
subCat = retrieve('subcat', 'categories', 'id', _catID)
if _ID:
getArt = _ID
if subcatSEF:
catSEF = subcatSEF
url = ('/'+categorySEF if categorySEF else '')+('/'+subcatSEF if subcatSEF else '')+('/'+articleSEF if articleSEF else '')
sql = """SELECT
id,title,seftitle,text,category,extraid,page_extra,
position,displaytitle,show_in_subcats,visible
FROM %sarticles
WHERE published = 1
AND position = 2 """ % _PRE
if not getExtra:
getExtra = 1
query = sql+(' AND extraid = %d' % getExtra)
query = query+qwr+' ORDER BY artorder ASC,id ASC'
cur = dbconnection.cursor()
result = cur.execute(query)
trace(cur._last_executed)
for r in cur.fetchall():
category = r['category']
page = r['page_extra']
if category == 0 and page < 1:
dprint = False
elif category == 0 and not _catID and page != '':
dprint = not check_category(catSEF)
elif category == _catID or (category == subCat and r['show_in_subcats'] == 'YES'):
dprint = True
elif category == -3 and getArt == page:
dprint = True
elif category == -3 and _catID == 0 and getArt != page and page == 0 and categorySEF != '' and not categorySEF in explode(',',l('cat_listSEF')) and categorySEF.find(l('paginator')) == 0:
dprint = True
# To show up on all pages only
elif category == -1 and _catID == 0 and getArt != page and page == 0:
dprint = True
# To show up on all categories and pages
elif category == -1:
dprint = True
else:
dprint = False
if dprint:
if styleit:
container = '<div'
container += ' class="'+classname+'"' if classname else ''
container += ' id="'+idname+'"' if idname else ''
container += '>'
print(container)
if r['displaytitle'] == 'YES':
print('<h3>%s</h3>' % r['title'])
file_include(r['text'], 9999000)
if r['visible'] == 'YES':
visiblity = '<a href=%s?action=process&amp;task=hide&amp;item=snews_articles&amp;id=%d&amp;back=%s">%s</a>' % (_SITE, r['id'], url, l('hide'))
else:
visiblity = l('hidden')+' ( <a href="%s?action=process&amp;task=show&amp;item=snews_articles&amp;id=%d&amp;back=%s">%s</a> )' % (_SITE, r['id'], url, l('show'))
if _ADMIN:
print('<p><a href="%s?action=admin_article&amp;id=%d" title="%s %s">%s</a>%s %s</p>' % (_SITE, r['id'], l('edit'), r['seftitle'], l('edit'), l('divider'), visiblity))
if styleit:
print('</div>')
def paginator(pageNum, maxPage, pagePrefix):
global categorySEF, subcatSEF, articleSEF, _ID, _catID, _POS, _XNAME, _SITE
first = prev = next = last = ""
if pagePrefix:
prefix = pagePrefix
else:
prefix = ""
if not _ID and not _catID:
uri = ''
elif _ID and _XNAME:
uri = categorySEF+'/'+subcatSEF+'/'+articleSEF+'/'
elif _POS == 1 or _XNAME:
uri = categorySEF+'/'+subcatSEF+'/'
else:
uri = categorySEF+'/'
link = '<a href="'+_SITE+uri
if pageNum > 1:
if pageNum > 2:
prev = link+prefix+str(pageNum - 1)+'/" title="'+l('page')+' '+str(pageNum - 1)+'">&lt; '+l('previous_page')+'</a> '
first = link+'" title="'+l('first_page')+' '+l('page')+'">&lt;&lt; '+l('first_page')+'</a>'
else:
prev = '&lt; '+l('previous_page')
first = '&lt;&lt; '+l('first_page')
if pageNum < maxPage:
next = link+prefix+str(pageNum + 1)+'/" title="'+l('page')+' '+str(pageNum + 1)+'">'+l('next_page')+' &gt;</a> '
last = link+prefix+str(maxPage)+'/" title="'+l('last_page')+' '+l('page')+'">'+l('last_page')+' &gt;&gt;</a> '
else:
next = l('next_page')+' &gt; '
last = l('last_page')+' &gt;&gt;'
print(('<div class="paginator">%s %s<strong> [%s</strong> / <strong>%s] </strong>%s %s</div>') % (first, prev, pageNum, maxPage, next, last))
_PRE = db('prefix')
categorySEF = None
articleSEF = None
subcatSEF = None
_ID = None
_catID = None
_POS = None
_XNAME = None
_NAME = None
pageNum = None
_TITLE = None
_DESC = None
_GET = FieldStorage(keep_blank_values=True)
pagesList = {}
commentsPage = None
_SERVER = {'REMOTE_ADDR': os.environ['REMOTE_ADDR'] if 'REMOTE_ADDR' in os.environ else '127.0.0.1' }
_POST = {}
for i in list(_GET.keys()):
if i not in _POST:
_POST[i] = _GET.getvalue(i)
# Constants
# Website root url
_SITE = site()
# Set login constant
_ADMIN = _SITE+'Logged_In' in _SESSION and _SESSION[_SITE+'Logged_In'] == True
# CENTER
def center():
# fatal session produced on failed login, and will display error message.
if (_SITE+str('fatal')) in _SESSION.data:
print(_SESSION[_SITE+str('fatal')])
del(_SESSION[_SITE+str('fatal')])
else:
global categorySEF, subcatSEF, articleSEF
action = None
if 'category' in _GET:
action = categorySEF
if 'action' in _GET: # Patch #7 - 1.7.0
action = categorySEF if categorySEF == '404' else clean(cleanXSS(_GET.getvalue('action')))
categorySEF = action
if 'search_query' in _POST:
search()
return
if 'comment' in _POST:
comment('comment_posted')
return
if 'contactform' in _POST:
contact()
return
if 'submit_text' in _POST:
processing()
return
global pagesList
if categorySEF in pagesList:
pagesList[categorySEF]['func']()
return
if _ADMIN:
if action == 'admin_subcategory':
form_categories('sub')
return
elif action == 'admin_groupings':
form_groupings()
return
elif action == 'admin_article':
form_articles('')
return
elif action == 'editcomment':
edit_comment()
return
elif action == 'snews_files':
files()
return
elif action == 'process':
processing()
return
else:
assert(action is None)
articles()
def register_page(SEF, title, func, showInListing=True):
global EN
global pagesList
EN.l['cat_listSEF'] += ","+SEF
pagesList[SEF] = {'title': title, 'func': func, 'showInListing': showInListing}
# ARTICLES
def articles():
global categorySEF, subcatSEF, articleSEF, _ID, _POS, _catID, _XNAME, pageNum
frontpage = s('display_page')
cur = dbconnection.cursor()
currentPage = pageNum
title_not_found = '<h2>%s</h2>' % l('none_yet')
if _ADMIN:
visible = ''
title_not_found += '<p>'+l('create_new')+' <a href="'+_SITE+'administration/" title="'+l('administration')+'">%s</a></p>' % l('administration')
else:
visible = ' AND a.visible=\'YES\' '
if _ID or (not _catID and frontpage != 0):
if not _ID:
_ID = frontpage
# article or page, id as indentifier
query_articles = """SELECT a.id AS aid,title,a.seftitle AS asef,text,a.date,
a.displaytitle,a.displayinfo,a.commentable,a.visible
FROM %sarticles AS a WHERE id =%s %s""" % (_PRE, _ID, visible)
else:
num = -1
on = (s('display_pagination') == 'on')
if on:
if articleSEF:
SEF = articleSEF
elif subcatSEF:
SEF = subcatSEF
else:
SEF = categorySEF
# pagination
if _catID:
count = 'SELECT COUNT(a.id) AS num FROM '+_PRE+'articles AS a WHERE position = 1 AND a.published =1 AND category = %s GROUP BY category' % _catID+visible
else:
count = 'SELECT COUNT(a.id) AS num FROM '+_PRE+'articles AS a LEFT OUTER JOIN '+_PRE+'categories as c ON category = c.id LEFT OUTER JOIN '+_PRE+"""categories as x
ON c.subcat = x.id AND (x.published =\'YES\')
WHERE show_on_home = \'YES\' """+visible+"""
AND position = 1
AND a.published =1
AND c.published =\'YES\'
GROUP BY show_on_home"""
count = cur.execute(count)
trace(cur._last_executed)
if count:
r = cur.fetchone()
num = int(r['num'])
if num == 0:
print(title_not_found)
else:
articleCount = 0
try:
articleCount = int(s('article_limit'))
except:
pass
article_limit = 100 if (not articleCount or articleCount < 1) else articleCount
totalPages = int(math.ceil(float(num)/article_limit))
if not currentPage or not is_numeric(currentPage) or currentPage < 1:
currentPage = 1
# get the rows for category
trace("page : cur="+str(currentPage)+" max ="+str(totalPages)+"art="+ str(num))
if _catID:
query_articles = """SELECT
a.id AS aid,title,a.seftitle AS asef,text,a.date,
a.displaytitle,a.displayinfo,a.commentable,a.visible
FROM """+_PRE+"""articles AS a
WHERE position = 1
AND a.published =1
AND category = %d %s
ORDER BY artorder ASC,date DESC
LIMIT %d, %d""" % (_catID, visible, (currentPage - 1) * article_limit, article_limit)
else:
query_articles = """SELECT
a.id AS aid,title,a.seftitle AS asef,text,a.date,
displaytitle,displayinfo,commentable,a.visible,
c.name AS name,c.seftitle AS csef,
x.name AS xname,x.seftitle AS xsef
FROM """+_PRE+"""articles AS a
LEFT OUTER JOIN """+_PRE+"""categories as c
ON category = c.id
LEFT OUTER JOIN """+_PRE+"""categories as x
ON c.subcat = x.id AND x.published =\'YES\'
WHERE show_on_home = \'YES\'
AND position = 1
AND a.published =1
AND c.published =\'YES\'"""+visible+"""
ORDER BY date DESC
LIMIT """+str((currentPage - 1) * article_limit)+','+str(article_limit)
cur.execute(query_articles)
trace(cur._last_executed)
numrows = 0
link = '<a href="'+_SITE
for r in cur.fetchall():
numrows += 1
infoline = True if r['displayinfo'] == 'YES' else False
text = stripslashes(r['text'])
if currentPage:
short_display = strpos(text, '[break]')
shorten = 9999000 if short_display == 0 else short_display
else:
shorten = 9999000
comments_query = 'SELECT id FROM %scomments WHERE articleid = %%s AND approved = \'True\'' % (_PRE)
comments_result = cur.execute(comments_query, [r['aid']])
trace(cur._last_executed)
comments_num = cur.rowcount
a_date_format = date(s('date_format'), strtotime(r['date']))
if 'csef' in r:
uri = r['xsef']+'/'+r['csef'] if r['xsef'] else r['csef']
elif _XNAME:
uri = categorySEF+'/'+subcatSEF
else:
uri = categorySEF
title = r['title']
if r['displaytitle'] == 'YES':
if not _ID:
print('<h2 class="big">'+link+uri+'/'+r['asef']+'/">%s</a></h2>' % title)
else:
print('<h2>%s</h2>' % title)
file_include(str_replace('[break]', '', text), shorten)
commentable = r['commentable']
visiblity = ''
if r['visible'] == 'YES':
visiblity = '<a href="'+_SITE+'?action=process&amp;task=hide&amp;item=snews_articles&amp;id=%d&amp;back=%s">%s</a>' % (r['aid'], uri, l('hide'))
else:
visibility = l('hidden')+' ( <a href="'+_SITE+'?action=process&amp;task=show&amp;item=snews_articles&amp;id=%d&amp;back=%s">%s</a> )' % (r['aid'], uri, l('show'))
edit_link = link+'?action=admin_article&amp;id=%d" title="%s">%s</a> ' % (r['aid'], title, l('edit'))
edit_link += ' '+l('divider')+' '+visiblity
if currentPage:
if infoline:
tag = explode(',', tags('infoline'))
for tag in tag:
if tag == 'date':
print(a_date_format)
elif tag == 'readmore' and len(r['text']) > shorten:
print(link+uri+'/'+r['asef']+'/">%s</a> ' % l('read_more'))
elif tag == 'comments' and (commentable == 'YES' or commentable == 'FREEZ'):
print(link+uri+'/'+r['asef']+'/#'+l('comment')+'1"> '+l('comments')+' (%s)</a> ' % comments_num)
elif tag == 'edit' and _ADMIN:
print(' '+edit_link)
elif tag != 'readmore' and tag != 'comments' and tag != 'edit':
print(tag)
elif _ADMIN:
print('<p>%s</p>' % edit_link)
else:
if infoline:
tag = explode(',', tags('infoline'))
for tag in tag:
if tag == 'date':
print(a_date_format)
elif tag == 'readmore':
pass
elif tag == 'comments':
pass
elif tag == 'edit':
if _ADMIN:
print(' '+edit_link)
else:
print(tag)
elif _ADMIN:
print('<p>%s</p>' % edit_link)
if currentPage and (num > article_limit) and on:
paginator(currentPage, totalPages, l('paginator'))
if _POS and not currentPage and infoline:
if commentable == 'YES':
comment('unfreezed')
elif commentable == 'FREEZ':
comment('freezed')
if numrows == 0:
if _ADMIN:
print(title_not_found)
print('<ul class="vertical">')
menu_articles(0,10,1)
print('</ul>')
# COMMENTS
def comment(freeze_status):
print('<h3>Comments</h3>')
global categorySEF, subcatSEF, articleSEF, _ID, commentsPage
assert(strpos(articleSEF, l('paginator')) != 0)
# XXX These two lines should now be obsolete
if strpos(articleSEF, l('paginator')) == 0:
articleSEF = str_replace(l('paginator'), '', articleSEF)
assert(False)
if not commentsPage or not is_numeric(commentsPage) or commentsPage < 1:
commentsPage = 1
comments_order = s('comments_order')
back_to_page = None
numrows = 0
if 'comment' in _POST:
commentReason = None
fail = False
commentstr = cleanWords(trim(_POST['text']))
commentstr = clean(cleanXSS(commentstr))
name = trim(_POST['name'])
name = re.sub('/[^a-zA-Z0-9_\s-]/', '', name) # Patch #15 - 1.7.0
if not name:
name = 'Anonymous'
name = clean(cleanXSS(name)) if len(name) > 1 else None
url = trim(_POST['url']) if 'url' in _POST else ''
url = re.sub('[^a-zA-Z0-9_:\/\.-]', '', url) # Patch #15 - 1.7.0
url = clean(cleanXSS(url)) if (len(url) > 8 and not strpos(url, '?')) else ''
post_article_id = _POST['id'] if (is_numeric(_POST['id']) and _POST['id'] > 0) else None
ip = clean(cleanXSS(_POST['ip'])) if (len(_POST['ip']) < 16) else None
if _ADMIN:
doublepost = False
ident = 1
else:
fail = len(commentstr) <= 4
contentCheck = retrieve('id', 'comments', 'comment', commentstr)
ident = 1 if not contentCheck or (time.time() - _SESSION[_SITE+'poster']['time']) > s('comment_repost_timer') or _SESSION[_SITE+'poster']['ip'] != ip else 0
doublepost = 'poster' in _SESSION and _SESSION[_SITE+'poster']['article'] == commentstr+":|:"+post_article_id and (time.time()-_SESSION[_SITE+'poster']['time']) < s('comment_repost_timer')
if not fail and commentstr and name and post_article_id and checkMathCaptcha() and not doublepost and ident == 1:
url = url if preg_match('((http)+(s)?:(\/\/)|(www\.))([a-z0-9_\-]+)', url) else ''
url = 'http://'+url if url[0:3] == 'www' else url
timestr = date('Y-m-d H:i:s')
_SESSION[_SITE+'poster'] = {}
approved = 'True' if s('approve_comments') != 'on' or _ADMIN else ''
query = 'INSERT INTO %scomments(articleid, name, url, comment, time, approved) VALUES(%%s, %%s, %%s, %%s, %%s, %%s)' % _PRE
cur = dbconnection.cursor()
cur.execute(query, [post_article_id,name,url,commentstr,timestr,approved])
trace(cur._last_executed)
_SESSION[_SITE+'poster']['article'] = commentstr+":|:"+post_article_id
_SESSION[_SITE+'poster']['time'] = time.localtime()
# this is to set session for checking multiple postings.
_SESSION[_SITE+'poster']['ip'] = ip
commentStatus = l('comment_sent_approve') if s('approve_comments') == 'on' and not _ADMIN else l('comment_sent')
# eMAIL COMMENTS
if s('mail_on_comments') == 'on' and not _ADMIN:
if s('approve_comments') == 'on':
status = l('approved_text')
subject = l('subject_a')
else:
status = l('not_waiting_approved')
subject = l('subject_b')
to = s('website_email')
send_array = {
'to':to,
'name':name,
'comment':commentstr,
'ip':ip,
'url':url,
'subject':subject,
'status':status}
send_email(send_array)
# End of Mail
else:
commentStatus = l('comment_error')
commentReason = l('ce_reasons')
fail = True
_SESSION[_SITE+'comment'] = {}
_SESSION[_SITE+'comment']['name'] = name
_SESSION[_SITE+'comment']['comment'] = br2nl(commentstr)
_SESSION[_SITE+'comment']['url'] = url
_SESSION[_SITE+'comment']['fail'] = fail
print('<h2>%s</h2>' % commentStatus)
if commentReason:
print('<p>%s</p>' % commentReason)
postArt = clean(cleanXSS(_POST['article']))
postArtID = retrieve('category','articles','id', post_article_id)
if postArtID == 0:
postCat = ''
else:
postCat = cat_rel(postArtID, 'seftitle')+'/'
back_link = _SITE+postCat+postArt
if fail:
print('<a href="'+back_link+'/">%s</a>' % l('back'))
else:
print('<meta http-equiv="refresh" content="1; url=%s/">' % back_link)
else:
commentCount = int(s('comment_limit'))
comment_limit = 100 if (not commentCount or commentCount < 1) else int(commentCount)
if commentsPage:
pageNum = int(commentsPage)
offset = (pageNum - 1) * comment_limit
totalrows = 'SELECT count(id) AS num FROM %scomments WHERE articleid = %%s AND approved = "True";' % (_PRE)
cur = dbconnection.cursor()
cur.execute(totalrows, [_ID])
trace(cur._last_executed)
numrows = cur.fetchone()
numrows = numrows['num']
# Patch #8 - 1.7.0 - redundant section removed
if numrows > 0:
query = "SELECT id,articleid,name,url,comment,time,approved FROM %scomments WHERE articleid = %d AND approved = 'True' ORDER BY id %s LIMIT %d, %d" % (_PRE, _ID, comments_order, offset, comment_limit)
result = cur.execute(query)
trace(cur._last_executed)
ordinal = 1
date_format = s('date_format')
edit_link = ' <a href="%s?action=' % _SITE
for r in cur.fetchall():
datestr = date(date_format, strtotime(r['time']))
commentNum = offset + ordinal
tagslist = explode(',', tags('comments'))
for tag in tagslist:
if tag == 'date':
print('<a id="%s%d" name="%s%d"></a>%s' % (l('comment'),commentNum,l('comment'),commentNum,datestr))
elif tag == 'name':
name = r['name']
print('<a href="'+r['url']+'" title="'+r['url']+'" rel="nofollow"> '+name+'</a> ' if r['url'] else name)
elif tag == 'comment':
print(strip_tags(r['comment']))
elif tag == 'edit' and _ADMIN:
print(edit_link+'editcomment&amp;commentid=%d" title="%s %s">%s</a> ' % (r['id'],l('edit'),l('comment'),l('edit')))
print(edit_link+'process&amp;task=deletecomment&amp;commentid='+str(r['id'])+'" title="'+l('delete')+' '+l('comment')+'" onclick="return pop()">%s</a>' % l('delete'))
elif tag == 'edit':
pass
else:
print(tag)
ordinal += 1
maxPage = int(math.ceil(float(numrows) / comment_limit))
back_to_page = int(math.ceil(float(numrows + 1) / comment_limit))
if maxPage > 1:
paginator(pageNum, maxPage,l('comment_pages'))
if freeze_status != 'freezed' and s('freeze_comments') != 'YES':
if numrows == 0:
print('<p>'+l('no_comment')+'</p>') # Patch #8 - 1.7.0 - new line added
# recall and set vars for reuse when botched post
if _SITE+'comment' in _SESSION:
name = _SESSION[_SITE+'comment']['name']
commentstr = _SESSION[_SITE+'comment']['comment']
url = _SESSION[_SITE+'comment']['url']
del(_SESSION[_SITE+'comment'])
else:
url = name = commentstr = ''
# end var retrieval
art_value = subcatSEF if not articleSEF else articleSEF
print('<div class="commentsbox"><h2>%s</h2>' % l('addcomment'))
print('<p>%s</p>' % l('required'))
print(html_input('form', '', 'post', '', '', '', '', '', '', '', '', '', 'post', _SITE, ''))
print(html_input('text', 'name', 'name', name, '* '+l('name'), 'text', '', '', '', '', '', '', '', '', ''))
print(html_input('text', 'url', 'url', url, l('url'), 'text', '', '', '', '', '', '', '', '', ''))
print(html_input('textarea', 'text', 'text', commentstr, '* '+l('comment'), '', '', '', '', '', '5', '5', '', '', ''))
print(mathCaptcha())
print('<p>')
print(html_input('hidden', 'category', 'category', categorySEF, '', '', '', '', '', '', '', '', '', '', ''))
print(html_input('hidden', 'id', 'id', _ID, '', '', '', '', '', '', '', '', '', '', ''))
print(html_input('hidden', 'article', 'article', art_value, '', '', '', '', '', '', '', '', '', '', ''))
if back_to_page:
print(html_input('hidden', 'commentspage', 'commentspage', back_to_page, '', '', '', '', '', '', '', '', '', '', ''))
print(html_input('hidden', 'ip', 'ip', _SERVER['REMOTE_ADDR'], '', '', '', '', '', '', '', '', '', '', ''))
print(html_input('hidden', 'time', 'time', unixtime(), '', '', '', '', '', '', '', '', '', '', ''))
print(html_input('submit', 'comment', 'comment', l('submit'), '', 'button', '', '', '', '', '', '', '', '', ''))
print('</p></form></div>')
else:
print('<p>%s</p>' % l('frozen_comments'))
def page_error_404():
assert(categorySEF == '404')
print('<p class="warning">'+l('error_404')+'</p>')
# ARCHIVE
def archive(start=0, size=200):
global dbconnection
print('<h2>'+l('archive')+'</h2>')
query = """SELECT id FROM %sarticles
WHERE position = 1
AND published = 1
AND visible = 'YES'
ORDER BY date DESC
LIMIT %s, %s""" % (_PRE, start, size)
cur = dbconnection.cursor()
result = cur.execute(query)
trace(cur._last_executed)
Or_id = []
count = 0
for r in cur.fetchall():
Or_id.append(str(r['id']))
count += 1
if count == 0:
print('<p>%s</p>' % l('no_articles'))
else:
Or_id = implode(', ',Or_id)
query = """SELECT
title,a.seftitle AS asef,a.date AS date,
c.name AS name,c.seftitle AS csef,
x.name AS xname,x.seftitle AS xsef
FROM %sarticles AS a
LEFT OUTER JOIN %scategories as c
ON category = c.id
LEFT OUTER JOIN %scategories as x
ON c.subcat = x.id
WHERE a.id in (%s)
AND a.published = 1
AND c.published = 'YES'
AND (x.published = 'YES' or x.published IS NULL)
ORDER BY date DESC
LIMIT %s, %s""" % (_PRE, _PRE, _PRE, Or_id, start, size)
cur = dbconnection.cursor()
result = cur.execute(query)
trace(cur._last_executed)
month_names = explode(', ', l('month_names'))
dot = l('divider')
print('<p>')
last = None
for r in cur.fetchall():
if r['date'] is not None:
year = r['date'].year
month = r['date'].month
else: # XXX Dummy date
year = 1970
month = 1
month_name = month_names[month-1]
if last != str(year)+str(month):
print('<strong>'+month_name+', '+str(year)+'</strong><br />')
last = str(year)+str(month)
link = (r['xsef']+'/'+str(r['csef'])) if 'xsef' in r and r['xsef'] else r['csef']
print(dot+' <a href="'+_SITE+link+'/'+r['asef']+'/">'+r['title']+' ('+r['name']+')</a><br />')
print('</p>')
# SITEMAP
def sitemap():
print('<h2>'+l('sitemap')+'</h2><h3><strong>'+l('pages')+'</strong></h3><ul>')
link = '<li><a href="'+_SITE
# Sitemap for pages
print(link+'">%s</a></li>' % l('home'))
print(link+'archive/">%s</a></li>' % l('archive'))
# Patch #16 - 1.7.1
# added id to SELECT it, and filter out page if selected as Home with: AND id <> '".s('display_page')."'
# selects only IDs that are less or more than ID of the designated home page.
global s
cur = dbconnection.cursor()
query = "SELECT id,title,seftitle FROM %sarticles WHERE position = 3 AND published = 1 AND visible = 'YES' AND id <> '%s' ORDER BY artorder ASC, date, id" % (_PRE, s('display_page'))
result = cur.execute(query)
trace(cur._last_executed)
for r in cur.fetchall():
print(link+r['seftitle']+'/">%s</a></li>' % r['title'])
print(link+'contact/">%s</a></li>' % l('contact'))
print(link+'sitemap/">%s</a></li>' % l('sitemap'))
# Sitemap for articles
print('</ul><h3><strong>'+l('articles')+'</strong></h3><ul>')
art_query = 'SELECT title, seftitle, date FROM %sarticles WHERE position = 1 AND published = 1 AND visible = \'YES\'' % _PRE
cat_query = 'SELECT id, name, seftitle, description, subcat FROM %scategories WHERE published = \'YES\' AND subcat = 0 ORDER BY catorder,id' % _PRE
cat_result = cur.execute(cat_query)
trace(cur._last_executed)
count = 0
for c in cur.fetchall():
count += 1
category_title = c['seftitle']
print('<li><strong><a href="'+_SITE+category_title+'/" title="'+c['description']+'">'+c['name']+'</a></strong>')
catid = c['id']
query = art_query+' AND category = %s ORDER BY id DESC' % catid
result = cur.execute(query)
trace(cur._last_executed)
artcount = 0
for r in cur.fetchall():
if artcount == 0:
print('<ul>')
artcount += 1
print('<li>'+l('divider')+' <a href="'+_SITE+category_title+'/'+r['seftitle']+'/">'+r['title']+'</a></li>')
if artcount > 0:
print('</ul>')
subcat_result = cur.execute('SELECT id, name, seftitle, description, subcat FROM '+_PRE+'categories WHERE published = \'YES\' AND subcat = %s ORDER BY catorder ASC' % c['id'])
trace(cur._last_executed)
subcatcount = 0
for s1 in cur.fetchall():
if subcatcount == 0:
print('<ul>')
subcatcount += 1
subcat_title = s1['seftitle']
subcat_name = s1['name']
print('<li class="subcat"><strong><a href="'+_SITE+category_title+'/'+subcat_title+'/" title="'+s1['description']+'">%s</a></strong>' % subcat_name)
subcatid = s1['id']
query = art_query+' AND category = %s ORDER BY id DESC' % subcatid
artresult = cur.execute(query)
trace(cur._last_executed)
artcount = 0
for r in cur.fetchall():
if artcount == 0:
print('<ul>')
artcount += 1
print('<li class="subcat">'+l('divider')+'<a href="'+_SITE+category_title+'/'+subcat_title+'/'+r['seftitle']+'/">'+r['title']+'</a></li>')
if artcount > 0:
print('</ul>')
print('</li>')
if subcatcount > 0:
print('</ul>')
print('</li>')
if count == 0:
print('<li>%s</li></ul>' % l('no_articles'))
print('</ul>')
def contact(): # XXX TODO
assert(False)
# MENU ARTICLES
def menu_articles(start=0, size=5, cat_specific=0):
global categorySEF, _catID,subcatSEF
if cat_specific == 1:
subcat = 'AND c.subcat = %d' % _catID if _catID and not subcatSEF else ''
elif cat_specific == 2:
subcat = 'AND c.subcat = %d' % _catID if _catID else ''
elif cat_specific == 100: # XXX SEECHAC
subcat = 'AND (c.id = 100) AND (a.show_on_home = TRUE) ' if _catID else ''
else:
subcat = ''
query = """SELECT
title,a.seftitle AS asef,date,
c.name AS name,c.seftitle AS csef,
x.name AS xname,x.seftitle AS xsef
FROM %sarticles AS a
LEFT OUTER JOIN %scategories as c
ON category = c.id
LEFT OUTER JOIN %scategories as x
ON c.subcat = x.id AND x.published ='YES'
WHERE position = 1
AND a.published = 1
AND c.published = 'YES'
AND a.visible = 'YES'
%s
ORDER BY date DESC
LIMIT %s,%s""" % (_PRE,_PRE,_PRE,subcat, start, size)
cur = dbconnection.cursor()
result = cur.execute(query)
trace(cur._last_executed)
count = 0
for r in cur.fetchall():
name = ' ('+r['name']+')' if s('show_cat_names') == 'on' else ''
datestr = date(s('date_format'), strtotime(r['date']))
link = r['xsef']+'/'+r['csef'] if 'xsef' in r and r['xsef'] is not None else r['csef']
print('<li><a href="%s%s/%s/" title="%s / %s (%s)">%s%s</a></li>' % (_SITE, link, r['asef'],r['name'], r['title'], datestr, r['title'], name))
count += 1
if count == 0:
print('<li>%s</li>' % l('no_articles'))
# NEW COMMENTS // Patch #1 - 1.7.0 - WHERE string updated in the query below
def new_comments(number=5, stringlen=30):
query = """SELECT
a.id AS aid,title,a.seftitle AS asef,
category,co.id,articleid,co.name AS coname,comment,
c.name,c.seftitle AS csef,c.subcat,
x.name,x.seftitle AS xsef
FROM %scomments AS co
LEFT OUTER JOIN %sarticles AS a
ON articleid = a.id
LEFT OUTER JOIN %scategories AS c
ON category = c.id AND c.published =\'YES\'
LEFT OUTER JOIN %scategories AS x
ON c.subcat = x.id AND x.published =\'YES\'
WHERE a.published = 1 AND (a.commentable IN ('YES', 'FREEZ'))
AND approved = \'True\'
ORDER BY co.id DESC LIMIT %d""" % (_PRE, _PRE, _PRE, _PRE, number)
cur = dbconnection.cursor()
result = cur.execute(query)
trace(cur._last_executed)
comlim = int(s('comment_limit'))
comment_limit = 1 if comlim < 1 else comlim
comments_order = s('comments_order')
num_result = 0
for r in cur.fetchall():
num_result += 1
loopr = cur.execute("""SELECT id FROM %scomments
WHERE articleid = %%s
AND approved = 'True'
ORDER BY id %s """ % (_PRE,comments_order), [r['articleid']])
trace(cur._last_executed)
num = 1
for r_art in cur.fetchall():
if r_art['id'] == r['id']:
ordinal = num
num += 1
name = r['coname']
commentstr = strip_tags(r['comment'])
page = int(math.ceil(float(ordinal) / comment_limit))
ncom = name+' ('+commentstr
ncom = ncom[0:stringlen - 3]+'...' if len(ncom) > stringlen else ncom
ncom = ncom[0:stringlen - 3]+'...'
ncom += ')' if len(name) < stringlen else ''
ncom = str_replace(' ...', '...', ncom)
paging = '/%s%d' % (l('comment_pages'),page) if page > 1 else '' # Patch #1 - 1.7.0
link = '' # Patch #10 - 1.7.0 - 4 strings
if 'xsef' in r and r['xsef']:
link = r['xsef']+'/'
if 'csef' in r and r['csef']:
link += r['csef']+'/'
link += r['asef'] # end Patch #10 - 1.7.0
print('<li><a href="%s%s%s/#%s%d" title="%s %s">%s</a></li>' % (_SITE,link,paging,l('comment'),ordinal,l('comment_info'), r['title'], ncom))
if num_result == 0:
print('<li>%s</li>' % l('no_comments'))
# SEARCH FORM
def searchform():
print("""
<form id="search_engine" method="post" action="%s" accept-charset="%s">
<p><input class="searchfield" name="search_query" type="text" id="keywords" value="%s" onfocus="document.forms['search_engine'].keywords.value='';" onblur="if (document.forms['search_engine'].keywords.value == '') document.forms['search_engine'].keywords.value='%s';" />
<input class="searchbutton" name="submit" type="submit" value="%s" /></p>
</form>
""" % (_SITE,s('charset'),l('search_keywords'),l('search_keywords'),l('search_button')))
#SEARCH ENGINE
def search(limit=20):
search_query = clean(cleanXSS(_POST['search_query']))
print('<h2>%s</h2>' % l('search_results'))
if len(search_query) < 4 or search_query == l('search_keywords'):
print('<p>%s</p>' % l('charerror'))
else:
keywords = explode(' ', search_query)
keyCount = len(keywords)
query = """SELECT a.id
FROM %sarticles AS a
LEFT OUTER JOIN %scategories as c
ON category = c.id AND c.published =\'YES\'
LEFT OUTER JOIN %scategories as x
ON c.subcat = x.id AND x.published =\'YES\'
WHERE position != 2
AND a.published = 1
AND""" % (_PRE, _PRE, _PRE)
if not _ADMIN:
query = query+' a.visible = \'YES\' AND '
for i in range(0,keyCount - 1):
query = query+""" (title LIKE "%%%s%%" or
text LIKE "%%%s%%" or
keywords_meta LIKE "%%%s%%") and """ % (keywords[i], keywords[i],keywords[i])
j = keyCount - 1
if j >= 0:
query = query+""" (title LIKE "%%%s%%" or
text LIKE "%%%s%%" or
keywords_meta LIKE "%%%s%%") """ % (keywords[j], keywords[j],keywords[j])
query = query+' ORDER BY id DESC LIMIT %d' % limit
cur = dbconnection.cursor()
result = cur.execute(query)
trace(cur._last_executed)
numrows = 0
Or_id = []
for r in cur.fetchall():
Or_id.append(str(r['id']))
numrows += 1
if not numrows:
print('<p>%s <strong>%s</strong>.</p>' % (l('noresults'), stripslashes(search_query)))
else:
print('<p><strong>%d</strong> %s <strong>%s</strong>.</p>' % (numrows, l('resultsfound'), stripslashes(search_query)))
Or_id = implode(',',Or_id)
query = """SELECT
title,a.seftitle AS asef,a.date AS date,
c.name AS name,c.seftitle AS csef,
x.name AS xname,x.seftitle AS xsef
FROM %sarticles AS a
LEFT OUTER JOIN %scategories as c
ON category = c.id
LEFT OUTER JOIN %scategories as x
ON c.subcat = x.id
WHERE a.id IN (%s)""" % (_PRE,_PRE,_PRE,Or_id)
result = cur.execute(query)
trace(cur._last_executed)
for r in cur.fetchall():
datestr = date(s('date_format'), strtotime(r['date']))
if r['name']:
name = ' (%s)' % r['name']
if 'xsef' in r and r['xsef']:
link = r['xsef']+'/%s/' % r['csef']
else:
link = r['csef']+'/' if 'csef' in r else ''
print('<p><a href="'+_SITE+link+r['asef']+'/">'+r['title']+name+'</a> - %s</p>' % datestr)
print('<p><br /><a href="'+_SITE+'">%s</a></p>' % l('backhome'))
def rss_links(): # XXX TODO
print("XXX TODO")
def rss_contents(rss_item): # XXX TODO
print("XXX TODO")
# LOGIN
def login():
if not _ADMIN:
print('<div class="adminpanel"><h2>'+l('login')+'</h2>')
print(html_input('form', '', 'post', '', '', '', '', '', '', '', '', '', 'post', _SITE+'administration/', ''))
print('<p>%s</p>' % l('login_limit'))
print(html_input('text', 'uname', 'uname', '', l('username'), 'text', '', '', '', '', '', '', '', '', ''))
print(html_input('password', 'pass', 'pass', '', l('password'), 'text', '', '', '', '', '', '', '', '', ''))
print(mathCaptcha())
print('<p>')
print(html_input('hidden', 'Loginform', 'Loginform', 'True', '', '', '', '', '', '', '', '', '', '', ''))
print(html_input('submit', 'submit', 'submit', l('login'), '', 'button', '', '', '', '', '', '', '', '', ''))
print('</p></form></div>')
print('<form action="?login" method="post"><button>Login with Google</button></form>')
else:
print('<h2>'+l('logged_in')+'</h2><p><a href="'+_SITE+'logout/" title="'+l('logout')+'">%s</a></p>' % l('logout'))
def logout():
_SESSION.destroy()
print('<meta http-equiv="refresh" content="2; url='+_SITE+'">')
print('<h2>'+l('log_out')+'</h2>')
#CONTENTS COUNTER
def stats(field, position):
if position:
pos = " WHERE position = %s" % position
else:
pos = ''
query = 'SELECT count(id) as c FROM '+_PRE+field+pos
cur = dbconnection.cursor()
cur.execute(query)
trace(cur._last_executed)
return cur.fetchone()['c']
# FORM GENERATOR
def html_input(ftype, name, id, value, label, css, script1, script2, script3, checked, rows, cols, method, action, legend):
lbl = '<label for="'+id+'">'+label+'</label>' if label else ''
ID = ' id="'+id+'"' if id else ''
style = ' class="'+css+'"' if css else ''
js1 = ' '+script1 if script1 else ''
js2 = ' '+script2 if script2 else ''
js3 = ' '+script3 if script3 else ''
attribs = ID+style+js1+js2+js3
val = ' value="%s"' % value
input = '<input type="'+ftype+'" name="'+name+'"'+attribs
if ftype == 'form':
output = '<form method="'+method+'" action="'+action+'"'+attribs+' accept-charset="'+s('charset')+'">' if (method and method != 'end') else '</form>'
elif ftype == 'fieldset':
output = '<fieldset><legend'+attribs+'>'+legend+'</legend>' if (legend and legend != 'end') else '</fieldset>'
elif ftype == 'text' or ftype == 'password':
output = '<p>'+lbl+':<br />'+input+val+' /></p>'
elif ftype in ('checkbox', 'radio'):
check = ' checked="checked"' if checked == 'ok' else ''
output = '<p>'+input+check+' /> '+lbl+'</p>'
elif ftype in ('hidden', 'submit', 'reset', 'button'):
output = input+val+' />'
elif ftype == 'textarea':
output = '<p>%s:<br /><textarea name="%s" rows="%s" cols="%s"%s>%s</textarea></p>' % (lbl,name,rows,cols,attribs,value)
return output
# ADMINISTRATION
def administration():
# Patch #19 - 1.7.1 - replaces fieldset strings function-wide.
if not _ADMIN:
print((notification(1,l('error_not_logged_in'),'login')))
else:
cur = dbconnection.cursor()
cur.execute("SELECT COUNT(id) as catnum FROM "+_PRE+'categories')
catnum = cur.fetchone()['catnum']
print('<div class="adminpanel">')
print('<p class="admintitle"><a href="http:#snewscms.com/" title="sNews CMS">sNews</a> %s</p>' % l('administration'))
print('<p>'+l('categories')+': <a href="admin_category/">%s</a>' % l('add_new'))
link = ' %s <a href="' % l('divider')
if stats('categories','') > 0:
print(link+'snews_categories/">%s</a>' % l('view'))
print('</p><p>%s: ' % l('articles'))
art_new = '<a href="article_new/">'+l('add_new')+'</a>' if catnum > 0 else l('create_cat')
print(art_new)
if stats('articles','1') > 0:
print(link+'snews_articles/">%s</a>' % l('view'))
print('</p><p>'+l('pages')+': <a href="page_new/">%s</a>' % l('add_new'))
if stats('articles','3') > 0:
print(link+'snews_pages/">%s</a>' % l('view'))
print('</p>')
if s('enable_extras') == 'YES':
print('<p class="admintitle">%s</p>' % l('extra_contents'))
print('<p>'+l('groupings')+': <a href="admin_groupings/">%s</a>' % l('add_new'))
if stats('extras','') > 0:
print(link+'groupings/">%s</a>' % l('view'))
print('</p>')
print('<p>'+l('extra_contents')+': <a href="extra_new/">%s</a>' % l('add_new'))
if stats('articles','2') > 0:
print(link+'extra_contents/">%s</a>' % l('view'))
print('</p>')
print('</div>')
cur.execute('SELECT id,articleid,name FROM '+_PRE+'comments WHERE approved != \'True\'')
unapproved = cur.fetchall()
count = cur.rowcount
if count > 0:
print('<div class="adminpanel"><p class="admintitle">%s</p>' % l('comments'))
print('<p><a onclick="javascript: $(\'#sub1\').toggle()" class="toggle" title="%s">%d %s</a></p>' % (l('unapproved'),count,l('wait_approval')))
print('<div id="sub1" class="innerpanel" style="display: none;">')
for r in unapproved:
articleTITLE = retrieve('title', 'articles', 'id', r['articleid'])
assert(articleTITLE is not None)
print('<p class="spacelink">%s (<strong>%s</strong>) %s <a href="%s?action=editcomment&amp;commentid=%d">%s</a></p>' % (r['name'],articleTITLE,l('divider'),_SITE, r['id'],l('edit')))
if count > 0:
print('</div></div>')
print('<div class="message"><p class="admintitle">%s</p>' % l('site_settings'))
print('<p><a href="snews_settings/">'+l('settings')+'</a>&nbsp;|&nbsp;<a href="snews_files/">'+l('files')+'</a></p></div>')
print('<div class="message"><p class="admintitle">%s</p>' % l('login_status'))
print('<p><a href="logout/">%s</a></p></div>' % l('logout'))
# SETTINGS FORM
def settings():
print('<div class="adminpanel"><p class="admintitle">%s</p>' % l('settings_title'))
print(html_input('form','','','','','','','','','','','','post', '?action=process&amp;task=save_settings',''))
# Expandable Settings
print('<p><a onclick="javascript: $(\'#sub1\').toggle()" class="toggle" title="'+l('a_openclose')+''+l('settings')+'">%s</a></p>' % l('settings'))
print('<div id="sub1" style="display: none;">')
print(html_input('text', 'website_title', 'webtitle', s('website_title'), l('a_website_title'),'','','','','','','','','',''))
print(html_input('text', 'home_sef', 'webSEF', l('home_sef') if s('home_sef') == '' else s('home_sef'), l('a_home_sef'), '', 'onkeypress="return SEFrestrict(event);"','','','','','','','',''))
print(html_input('text', 'website_description', 'wdesc', s('website_description'), l('a_description'),'','','','','','','','','',''))
print(html_input('text', 'website_keywords', 'wkey', s('website_keywords'), l('a_keywords'),'','','','','','','','','',''))
print('</div>') # Expandable Contact
print('<p><a onclick="javascript: $(\'#sub2\').toggle()" class="toggle" title="'+l('a_openclose')+''+l('a_contact_info')+'">%s</a></p>' % l('a_contact_info'))
print('<div id="sub2" style="display: none;">')
print(html_input('text', 'website_email', 'we', s('website_email'), l('a_website_email'),'','','','','','','','','',''))
print(html_input('text', 'contact_subject', 'cs', s('contact_subject'), l('a_contact_subject'),'','','','','','','','','',''))
print('</div>') # Expandable Time & Locale
print('<p><a onclick="javascript: $(\'#sub3\').toggle()" class="toggle" title="'+l('a_openclose')+''+l('a_time_settings')+'">%s</a></p>' % l('a_time_settings'))
print('<div id="sub3" style="display: none;">')
print(html_input('text', 'language', 'lang', 'EN' if s('language') == '' else s('language'), l('a_language'),'','','','','','','','','',''))
print(html_input('text', 'charset', 'char', 'UTF-8' if s('charset') == '' else s('charset'), l('charset'),'','','','','','','','','',''))
print(html_input('text', 'date_format', 'dt', s('date_format'), l('a_date_format'),'','','','','','','','','',''))
print('</div>') # Expandable Contents
print('<p><a onclick="javascript: $(\'#sub4\').toggle()" class="toggle" title="'+l('a_openclose')+''+l('contents')+'">%s</a></p>' % l('contents'))
print('<div id="sub4" style="display: none;">')
print(html_input('text', 'article_limit', 'artl', s('article_limit'), l('a_article_limit'),'','','','','','','','','',''))
print(html_input('text', 'rss_limit', 'rssl', s('rss_limit'), l('a_rss_limit'),'','','','','','','','','',''))
print('<p><label for="dp">%s:</label><br /> <select name="display_page" id="dp">' % l('a_display_page'))
print('<option value="0" %s>%s</option>' % (html_option_selected(s('display_page') == 0),l('none')))
query = 'SELECT id,title FROM %sarticles WHERE position = 3 ORDER BY id ASC' % _PRE
cur = dbconnection.cursor()
result = cur.execute(query)
for r in cur.fetchall():
print('<option value="%s"' % r['id'])
print(html_option_selected(s('display_page') == r['id']))
print('>%s</option>' % r['title'])
print('</select></p>')
print(html_input('checkbox','display_new_on_home','dnoh','',l('a_display_new_on_home'),'','','','',('ok' if s('display_new_on_home') == 'on' else ''),'','','','',''))
print(html_input('checkbox','display_pagination','dpag','',l('a_display_pagination'),'','','','',('ok' if s('display_pagination') == 'on' else ''),'','','','',''))
print(html_input('checkbox','num_categories','nc','',l('a_num_categories'),'','','','',('ok' if s('num_categories') == 'on' else ''),'','','','',''))
print(html_input('checkbox','show_cat_names','scn','',l('a_show_category_name'),'','','','',('ok' if s('show_cat_names') == 'on' else ''),'','','','',''))
print(html_input('checkbox','enable_extras','ee','',l('enable_extras'),'','','','',('ok' if s('enable_extras') == 'YES' else ''),'','','','',''))
print(html_input('text','file_extensions','fileext',s('file_extensions'),l('file_extensions'),'','','','','','','','','',''))
print(html_input('text','allowed_file','all_file',s('allowed_files'),l('allowed_files'),'','','','','','','','','',''))
print(html_input('text','allowed_images','all_img',s('allowed_images'),l('allowed_images'),'','','','','','','','','',''))
print('</div>') # Expandable Comments
print('<p><a onclick="javascript: $(\'#sub5\').toggle()" class="toggle" title="'+l('a_openclose')+''+l('comments')+'">%s</a></p>' % l('comments'))
print('<div id="sub5" style="display: none;">')
print(html_input('checkbox','approve_comments','ac','',l('a_approve_comments'),'','','','',('ok' if s('approve_comments') == 'on' else ''),'','','','',''))
print(html_input('text','comment_repost_timer','crt',s('comment_repost_timer'),l('comment_repost_timer'),'','','','','','','','','',''))
print(html_input('checkbox','mail_on_comments','mc','',l('a_mail_on_comments'),'','','','',('ok' if s('mail_on_comments') == 'on' else ''),'','','','',''))
print(html_input('checkbox','enable_comments','ec','',l('enable_comments'),'','','','',('ok' if s('enable_comments') == 'YES' else ''),'','','','',''))
print(html_input('checkbox','freeze_comments','dc','',l('freeze_comments'),'','','','',('ok' if s('freeze_comments') == 'YES' else ''),'','','','',''))
print('<p><label for="co">%s:</label><br /><select id="co" name="comments_order">' % l('a_comments_order'))
print('<option value="DESC"' + html_option_selected(s('comments_order') == 'DESC') + '>%s</option>' % l('newer_top'))
print('<option value="ASC"' + html_option_selected(s('comments_order') == 'ASC') + '>%s</option></select>' % l('newer_bottom'))
print('</p>')
print(html_input('text','comment_limit','cl',s('comment_limit'),l('a_comment_limit'),'','','','','','','','','',''))
print(html_input('checkbox','word_filter_enable','wfe','',l('a_word_filter_enable'),'','','','',('ok' if s('word_filter_enable') == 'on' else ''),'','','','',''))
print(html_input('text','word_filter_file','wff',s('word_filter_file'),l('a_word_filter_file'),'','','','','','','','','',''))
print(html_input('text','word_filter_change','wfc',s('word_filter_change'),l('a_word_filter_change'),'','','','','','','','','',''))
print('</div>')
print('<p>') # Save Settings button
print(html_input('submit','save','save',l('save'),'','button','','','','','','','','',''))
print('</p>')
print('</form>')
print('</div>') # Change Password panel
print(html_input('form','','','','','','','','','','','','post','?action=process&amp;task=changeup',''))
print('<div class="adminpanel">')
print('<p><a onclick="javascript: $(\'#sub6\').toggle()" class="toggle" title="'+l('a_openclose')+''+l('change_up')+'">%s</a>' % l('change_up'))
print('<div id="sub6" style="display: none;">')
print('<p>%s</p>' % l('login_limit'))
print(html_input('text','uname','uname','',l('a_username'),'','','','','','','','','',''))
print(html_input('password','pass1','pass1','',l('a_password'),'','','','','','','','','',''))
print(html_input('password','pass2','pass2','',l('a_password2'),'','','','','','','','','',''))
print('<p>') # Save Password Change button
print(html_input('hidden','task','task','changeup','','','','','','','','','','',''))
print(html_input('submit','submit_pass','submit_pass',l('save'),'','button','','','','','','','','',''))
print('</p></div>')
print('</div>')
print('</form>')
# LISTS CATEGORIES
def category_list(id):
var = None
if ('id' in _GET) and is_numeric(_GET.getvalue('id')) and _GET.getvalue('id'):
var = id
print('<select name="subcat" id="subcat">')
cur = dbconnection.cursor()
result = cur.execute('SELECT id,name FROM '+_PRE+'categories WHERE subcat = 0 ORDER BY catorder, id')
parent_selection = html_option_selected(var)
print('<option value="0"'+parent_selection+'>%s</option>' % l('not_sub'))
for r in cur.fetchall():
child = retrieve('subcat','categories','id',var)
if r['id'] == child:
print('<option value="%s" selected>%s</option>' % (r['id'],r['name']))
elif id != r['id']:
print('<option value="%s">%s</option>' % (r['id'],r['name']))
print('</select>')
# CATEGORIES FORM
def form_categories(subcat='cat'):
sub_cat = None
categoryid = None
if 'id' in _GET:
categoryid = _GET.getvalue('id')
assert(categoryid)
query = 'SELECT id,name,seftitle,published,description,subcat,catorder FROM '+_PRE+'categories WHERE id='+categoryid
cur = dbconnection.cursor()
result = cur.execute(query)
r = cur.fetchone()
query = "select name from "+_PRE+"categories where id = "+str(r['subcat'])
jresult = cur.execute(query)
name = ''
for j in cur.fetchall():
name = j['name']
frm_action = _SITE+'?action=process&amp;id='+categoryid
frm_add_edit = l('edit')+' '+l('category') if r['subcat'] == '0' else l('edit')+' '+l('subcategory')+' '+name
frm_name = r['name']
frm_sef_title = r['seftitle']
frm_description = r['description']
frm_publish = 'ok' if r['published'] == 'YES' else ''
catorder = r['catorder']
frm_task = 'edit_category'
frm_submit = l('edit_button') # Patch #11 - 1.7.0
else:
sub_cat = _GET.getvalue('sub_id') if 'sub_id' in _GET else None
if sub_cat:
cur = dbconnection.cursor()
result = cur.execute('SELECT name FROM %scategories WHERE id = %s' % (_PRE, sub_cat))
for j in cur.fetchall():
name = j['name']
frm_action = _SITE+'?action=process'
frm_add_edit = l('add_category') if not sub_cat else l('add_subcategory')+' (%s)' % name
frm_sef_title = cleanSEF(_POST['name']) if 'name' in _POST else cleanSEF(_POST['seftitle']) if 'seftitle' in _POST else ""
frm_description = ''
frm_name = ''
frm_publish = 'ok'
catorder = ''
frm_task = 'add_category'
frm_submit = l('add_category')
print(html_input('form', '', 'post', '', '', '', '', '', '', '', '', '', 'post', frm_action, ''))
print('<div class="adminpanel">')
print('<p class="admintitle">'+frm_add_edit+'</p>') # Patch #19 - 1.7.1 - replaces fieldset string
print(html_input('text', 'name', 't', frm_name, l('name'), '', 'onchange="genSEF(this,document.forms[\'post\'].seftitle)"', 'onkeyup="genSEF(this,document.forms[\'post\'].seftitle)"', '', '', '', '', '', '', ''))
print(html_input('text', 'seftitle', 's', frm_sef_title, l('sef_title_cat'), '', '', '', '', '', '', '', '', '', ''))
print(html_input('text', 'description', 'desc', frm_description, l('description'), '', '', '', '', '', '', '', '', '', ''))
if not sub_cat:
print('<p>'+l('subcategory')+': <br />')
category_list(categoryid)
print('</p>')
publish = l('publish_category') if subcat == 'cat' else l('publish_subcategory')
print(html_input('checkbox', 'publish', 'pub', 'YES', publish, '', '', '', '', frm_publish, '', '', '', '', ''))
print('</div><p>') # echo '</fieldset></div><p>'; # Patch #19 - 1.7.1
if sub_cat:
print(html_input('hidden', 'subcat', 'subcat', sub_cat, '', '', '', '', '', '', '', '', '', '', ''))
print(html_input('hidden', 'catorder', 'catorder', catorder, '', '', '', '', '', '', '', '', '', '', ''))
print(html_input('hidden', 'task', 'task', 'admin_category', '', '', '', '', '', '', '', '', '', '', ''))
print(html_input('submit', frm_task, frm_task, frm_submit, '', 'button', '', '', '', '', '', '', '', '', ''))
if categoryid:
print('&nbsp;&nbsp;')
print(html_input('hidden', 'id', 'id', categoryid, '', '', '', '', '', '', '', '', '', '', ''))
print(html_input('submit', 'delete_category', 'delete_category', l('delete'), '', 'button', 'onclick="javascript: return pop()"', '', '', '', '', '', '', '', ''))
print('</p></form>')
# CATEGORIES - ADMIN LIST
def admin_categories(): # Patch #19 - 1.7.1 - replaces fieldset string
add = ' - <a href="admin_category/">%s</a>' % l('add_new')
link = '?action=admin_category'
tab = 1
print('<div class="adminpanel">')
print('<p class="admintitle">%s</p>' % (l('categories')+add))
print(html_input('form', '', 'post', '', '', '', '', '', '', '', '', '', 'post', '?action=process&amp;task=reorder', ''))
print('<p><input type="hidden" name="order" id="order" value="snews_categories" /></p>')
query = 'SELECT id, name, description, published, catorder FROM %scategories WHERE subcat = 0 ORDER BY catorder,id ASC' % _PRE
cur = dbconnection.cursor()
result = cur.execute(query)
count = 0
for r in cur.fetchall():
count += 1
cat_input = '<input type="text" name="cat_'+str(r['id'])+'" value="'+str(r['catorder'])+'" size="1" tabindex="%s" /> &nbsp;' % tab
print('<p>'+cat_input+'<strong>'+r['name']+'</strong>'+l('divider')+' <a href="'+_SITE+link+'&amp;id='+str(r['id'])+'" title="'+r['description']+'">%s</a> ' % l('edit'))
print(' '+l('divider')+' ['+l('status')+' '+l('unpublished')+']' if r['published'] != 'YES' else '')
print(' '+l('divider')+' <a href="'+_SITE+link+'&amp;sub_id='+str(r['id'])+'" title="'+r['description']+'">%s</a></p>' % l('add_subcategory'))
subquery = 'SELECT id,name,description,published,catorder FROM '+_PRE+'categories WHERE subcat = %s ORDER BY catorder,id ASC' % r['id']
subcur = dbconnection.cursor()
subcur.execute(subquery)
tab2 = 1
for sub in subcur.fetchall():
subcat_input = '<input type="text" name="cat_'+str(sub['id'])+'" value="'+str(sub['catorder'])+'" size="1" tabindex="%s" /> &nbsp;' % tab2
print('<p class="subcat">'+subcat_input+'<strong>'+sub['name']+'</strong>'+l('divider')+' <a href="'+_SITE+link+'&amp;id='+str(sub['id'])+'" title="'+sub['description']+'">%s</a> ' % l('edit'))
print(' '+l('divider')+' ['+l('status')+' '+l('unpublished')+']' if sub['published'] != 'YES' else '')
print('</p>')
tab2 += 1
tab += 1
if count == 0:
print('<p>%s</p>' % l('category_not_exist'))
print('<p>'+html_input('submit', 'reorder', 'reorder', l('order_content'), '', 'button', '', '', '', '', '', '', '', '', ''))
print('</p></form>')
print('</div>')
# DELETE CATEGORY BY ID
def delete_cat(id):
cur = dbconnection.cursor()
stmt = cur.execute("SELECT catorder,subcat FROM %scategories WHERE id = %s" % (_PRE,id))
catdata = cur.fetchone()
if catdata:
cat_order = catdata['catorder']
cat_subcat = catdata['subcat']
cur.execute("DELETE FROM %scategories WHERE id = %s LIMIT 1" % (_PRE,id))
query = cur.execute("SELECT id,catorder FROM %scategories WHERE catorder > %d AND subcat = %d" % (_PRE,cat_order,cat_subcat))
for r in cur.fetchall():
cur.execute("UPDATE %scategories SET catorder = catorder - 1 WHERE id = %d" % (_PRE,r['id']))
# ARTICLES - POSTING TIME
def posting_time(timestr=None):
thisDay = thisMonth = thisYear = None
if not timestr:
thisDay = int(date('d'))
thisMonth = int(date('m'))
thisYear = int(date('Y'))
thisHour = int(date('H'))
thisMinute = int(date('i'))
elif type(timestr) is datetime:
thisDay = timestr.day
thisMonth = timestr.month
thisYear = timestr.year
thisHour = timestr.hour
thisMinute = timestr.minute
else:
thisDay = substr(timestr, 8, 2)
thisMonth = substr(timestr, 5, 2)
thisYear = substr(timestr, 0, 4)
thisHour = substr(timestr, 11, 2)
thisMinute = substr(timestr, 14, 2)
print('<p>%s:&nbsp;<select name="fposting_day">' % l('day'))
for i in range(1,32):
sel = html_option_selected(i == thisDay)
print('<option value="%s"%s>%s</option>' % (i,sel,i))
print('</select>&nbsp;&nbsp;%s:&nbsp;<select name="fposting_month">' % l('month'))
for i in range(1,13):
sel = html_option_selected(i == thisMonth)
print('<option value="%s"%s>%s</option>' % (i,sel,i))
print('</select>&nbsp;&nbsp;%s:&nbsp;<select name="fposting_year">' % l('year'))
PresentYear = int(date('Y'))
for i in range(thisYear-3,PresentYear + 3):
sel = html_option_selected(i == thisYear)
print('<option value="%s"%s>%s</option>' % (i,sel,i))
print('</select>&nbsp;&nbsp;%s:&nbsp;<select name="fposting_hour">' % l('hour'))
for i in range(0,24):
sel = html_option_selected(i == thisHour)
print('<option value="%s"%s>%s</option>' % (i,sel,i))
print('</select>&nbsp;&nbsp;%s:&nbsp;<select name="fposting_minute">' % l('minute'))
for i in range(0,60):
sel = html_option_selected(i == thisMinute)
print('<option value="%s"%s>%s</option>' % (i,sel,i))
print('</select></p>')
# ARTICLES FORM
def form_articles(contents, tentative={}):
session = tentative
id = None
edit_page = None
article_category = None
frm_fieldset = None
toggle_div = False
pos = None
mode = 'edit' if is_numeric(_GET.getvalue('id')) and (_GET.getvalue('id')) else 'create'
if mode == 'edit':
id = _GET.getvalue('id')
cur = dbconnection.cursor()
query = cur.execute('SELECT * FROM '+_PRE+'articles WHERE id=%s', [id])
r = cur.fetchone()
article_category = r['category']
pos = 1 if r['position'] == 0 else int(r['position'])
edit_page = r['page_extra']
extraid = r['extraid']
if pos == 1:
frm_fieldset = l('edit')+' '+l('article')
toggle_div = True
elif pos == 2:
frm_fieldset = l('edit')+' '+l('extra_contents')
toggle_div = True
elif pos == 3:
frm_fieldset = l('edit')+' '+l('page')
toggle_div = True
else:
assert(False)
frm_action = _SITE+'?action=process&amp;task=admin_article&amp;id='+id
frm_title = session['title'] if 'title' in session else r['title']
frm_sef_title = cleanSEF(session['seftitle'] if 'seftitle' in session else r['seftitle'])
frm_text = (session['text'] if 'text' in session else r['text']).replace('&', '&amp;')
frm_meta_desc = cleanSEF(session['description_meta']) if 'description_meta' in session else r['description_meta']
frm_meta_key = cleanSEF(session['keywords_meta']) if 'keywords_meta' in session else r['keywords_meta']
frm_display_title = 'ok' if r['displaytitle'] == 'YES' else ''
frm_display_info = 'ok' if r['displayinfo'] == 'YES' else ''
frm_publish = 'ok' if r['published'] == 1 else ''
show_in_subcats = 'ok' if r['show_in_subcats'] == 'YES' else ''
frm_showonhome = 'ok' if r['show_on_home'] == 'YES' else ''
frm_commentable = 'ok' if (r['commentable'] == 'YES' or r['commentable'] == 'FREEZ') else ''
frm_task = 'edit_article'
frm_submit = l('edit_button')
# Patch #11 - 1.7.0
else:
if contents == 'article_new':
frm_fieldset = l('article_new')
pos = 1
if contents == 'extra_new':
frm_fieldset = l('extra_new')
pos = 2
extraid = None
if contents == 'page_new':
frm_fieldset = l('page_new')
pos = 3
if not frm_fieldset:
frm_fieldset = l('article_new')
frm_action = _SITE+'?action=process&amp;task=admin_article'
frm_title = session['title'] if 'title' in session else ''
frm_sef_title = cleanSEF(session['seftitle'] if 'seftitle' in session else '')
frm_text = session['text'] if 'text' in session else ''
frm_meta_desc = cleanSEF(session['description_meta']) if 'description_meta' in session else ''
frm_meta_key = cleanSEF(session['keywords_meta']) if 'keywords_meta' in session else ''
frm_display_title = 'ok'
frm_display_info = '' if contents == 'extra_new' else 'ok'
frm_publish = 'ok'
show_in_subcats = 'ok'
frm_showonhome = 'ok' if s('display_new_on_home') == 'on' else ''
frm_commentable = '' if (contents == 'extra_new' or contents == 'page_new' or s('enable_comments') != 'YES') else 'ok'
frm_task = 'add_article'
frm_submit = l('submit')
cur = dbconnection.cursor()
cur.execute("SELECT COUNT(id) as catnum FROM %scategories" % _PRE)
catnum = cur.fetchone()
if contents == 'article_new' and catnum['catnum'] < 1:
print(l('create_cat'))
else:
print(html_input('form', '', 'post', '', '', '', '', '', '', '', '', '', 'post', frm_action, ''))
print('<div class="adminpanel">')
if toggle_div:
# Patch #19 - 1.7.1 - replaces fieldset string
print('<p class="admintitle"><a onclick="javascript:$(\'#edit_article\').toggle()" class="toggle" title="'+frm_fieldset+'">%s</a></p>' % frm_fieldset)
print('<div id="edit_article" style="display: none;">')
else:
print('<p class="admintitle">%s</p>' % frm_fieldset)
# Patch #19 - 1.7.1 - replaces fieldset string
print(html_input('text', 'title', 'at', frm_title, l('title'), '', 'onchange="genSEF(this,document.forms[\'post\'].seftitle)"', 'onkeyup="genSEF(this,document.forms[\'post\'].seftitle)"', '', '', '', '', '', '', ''))
if pos == 2:
print('<div style="display: none;">')
print(html_input('text', 'seftitle', 'as', frm_sef_title, l('sef_title'), '', '', '', '', '', '', '', '', '', ''))
print('</div>')
else:
print(html_input('text', 'seftitle', 'as', frm_sef_title, l('sef_title'), '', '', '', '', '', '', '', '', '', ''))
print(html_input('textarea', 'text', 'txt', frm_text, l('text'), '', '', '', '', '', '2', '100', '', '', ''))
buttons()
if pos != 3:
print('<p><label for="cat">')
print(l('appear_category') if (pos == 2) else l('category'))
if pos == 2:
print(':</label><br /><select name="define_category" id="cat" onchange="dependancy(\'extra\');">')
print('<option value="-1"'+html_option_selected(article_category == -1)+'>%s</option>' % l('all'))
print('<option value="-3"'+html_option_selected(article_category == -3)+'>%s</option>' % l('page_only'))
else:
print(':</label><br /><select name="define_category" id="cat" onchange="dependancy(\'snews_articles\');">')
category_query = 'SELECT id,name,subcat FROM '+_PRE+'categories WHERE published = \'YES\' AND subcat = 0 ORDER BY catorder,id ASC'
category_result = cur.execute(category_query)
for cat in cur.fetchall():
print('<option value="%s"' % cat['id'])
print(html_option_selected(article_category == cat['id']))
print('>%s</option>' % cat['name'])
subquery = 'SELECT id,name,subcat FROM '+_PRE+'categories WHERE subcat = %d ORDER BY catorder,id ASC' % cat['id']
cur2 = dbconnection.cursor()
subresult = cur2.execute(subquery)
for subcat in cur2.fetchall():
print('<option value="%s"' % subcat['id'])
print(html_option_selected(article_category == subcat['id']))
print('>--%s</option>' % subcat['name'])
print('</select></p>')
if pos == 2:
none_display = 'none' if article_category == -1 else 'inline'
print('<div id="def_page" style="display:'+none_display+';"><p><label for="dp">'+l('appear_page')+':</label><br /><select name="define_page" id="dp">')
print('<option value="0"'+html_option_selected(pos != 2)+'>%s</option>' % l('all'))
query = 'SELECT id,title FROM %sarticles WHERE position = 3 ORDER BY id ASC' % _PRE
result = cur.execute(query)
for r in cur.fetchall():
print('<option value="%s"' % r['id'])
print(html_option_selected(edit_page == r['id']))
print('>%s</option>' % r['title'])
print('</select><br />' + html_input('checkbox', 'show_in_subcats', 'asc', 'YES', l('show_in_subcats'), '', '', '', '', show_in_subcats, '', '', '', '', '')+'</p></div>')
if pos == 1:
print(html_input('checkbox', 'show_on_home', 'sho', 'YES', l('show_on_home'), '', '', '', '', frm_showonhome, '', '', '', '', ''))
print(html_input('checkbox', 'publish_article', 'pu', 'YES', l('publish_article'), '', '', '', '', frm_publish, '', '', '', '', ''))
if toggle_div:
print('</div>')
print('</div>')
#print '</fieldset></div>'
# Patch #19 - 1.7.1
print('<div class="adminpanel">')
# Patch #19 - 1.7.1 - replaces fieldset string
print('<p class="admintitle"><a onclick="javascript: $(\'#preview\').toggle()" class="toggle" title="'+l('preview')+'">%s</a></p>' % l('preview'))
print('<div id="preview" style="display: none;"></div>')
print('</div>')
#print '</fieldset></div>'
# Patch #19 - 1.7.1
print('<div class="adminpanel">')
# Patch #19 - 1.7.1 - replaces fieldset string
print('<p class="admintitle"><a onclick="javascript: $(\'#customize\').toggle()" class="toggle" title="'+l('customize')+'">%s</a></p>' % l('customize'))
print('<div id="customize" style="display: none;">')
if pos == 2:
if s('enable_extras') == 'YES':
print('<p><label for="ext">%s</label><br />' % l('define_extra'))
print('<select name="define_extra" id="ext">')
extra_query = 'SELECT id,name FROM %sextras ORDER BY id ASC' % _PRE
extra_result = cur.execute(extra_query)
for ex in cur.fetchall():
print('<option value="%s"' % ex['id'])
print(html_option_selected(extraid == ex['id']))
print('>%s</option>' % ex['name'])
print('</select></p>')
else:
print(html_input('hidden', 'define_extra', 'ext', 1, '', '', '', '', '', '', '', '', '', '', ''))
if mode == 'edit':
print('<p><label for="pos">'+l('position')+':</label><br /><select name="position" id="pos">')
print('<option value="1"'+html_option_selected(pos == 1)+'>%s</option>' % l('center'))
print('<option value="2"'+html_option_selected(pos == 2)+'>%s</option>' % l('side'))
print('<option value="3"'+html_option_selected(pos == 3)+'>%s</option>' % l('display_page'))
print('</select></p>')
else:
print(html_input('hidden', 'position', 'position', pos, '', '', '', '', '', '', '', '', '', '', ''))
if pos != 2:
print(html_input('text', 'description_meta', 'dm', frm_meta_desc, l('description_meta'), '', '', '', '', '', '', '', '', '', ''))
print(html_input('text', 'keywords_meta', 'km', frm_meta_key, l('keywords_meta'), '', '', '', '', '', '', '', '', '', ''))
print(html_input('checkbox', 'display_title', 'dti', 'YES', l('display_title'), '', '', '', '', frm_display_title, '', '', '', '', ''))
# Patch #2 - 1.7.0
if pos != 2:
print(html_input('checkbox', 'display_info', 'di', 'YES', l('display_info'), '', '', '', '', frm_display_info, '', '', '', '', ''))
print(html_input('checkbox', 'commentable', 'ca', 'YES', l('enable_commenting'), '', '', '', '', frm_commentable, '', '', '', '', ''))
if id:
checked = ' checked="checked"' if r['commentable'] == 'FREEZ' else ''
print('<p><input name="freeze" type="checkbox" id="fc" %s />' % checked)
print(' <label for="fc"> %s</label></p>' % l('freeze_comments'))
print('</div></div>')
#print '</div></fieldset></div>'
# Patch #19 - 1.7.1
if pos == 1:
print('<div class="adminpanel">')
# Patch #19 - 1.7.1 - replaces fieldset string
print('<p class="admintitle"><a onclick="javascript: $(\'#admin_publish_date\').toggle()" class="toggle" title="'+l('publish_date')+'">%s</a></p>' % l('publish_date'))
print('<div id="admin_publish_date" style="display: none;">')
# Patch Nov.22.09 - 1 new string, defines check-box status.
onoff_status = 'ok' if mode == 'edit' and r['published'] == '2' else ''
# Variable inserted in check-box string show is as checked if enabled.
print(html_input('checkbox', 'fposting', 'fp', 'YES', l('enable'), '', '', '', '', onoff_status, '', '', '', '', ''))
print('<p>'+l('server_time')+': %s</p>' % date('d.m.Y. H:i:s'))
print('<p>%s</p>' % l('article_date'))
if id:
posting_time(r['date'])
else:
posting_time()
print('</div></div>')
#print '</div></fieldset></div>'
# Patch #19 - 1.7.1
print('<p>')
print(html_input('hidden', 'task', 'task', 'admin_article', '', '', '', '', '', '', '', '', '', '', ''))
print(html_input('submit', frm_task, frm_task, frm_submit, '', 'button', '', '', '', '', '', '', '', '', ''))
if id:
print(html_input('hidden', 'article_category', 'article_category', article_category, '', '', '', '', '', '', '', '', '', '', ''))
print(html_input('hidden', 'id', 'id', id, '', '', '', '', '', '', '', '', '', '', ''))
print(html_input('submit', 'delete_article', 'delete_article', l('delete'), '','button', 'onclick="javascript: return pop()"', '', '', '', '', '', '', '', ''))
print('</p></form>')
# ARTICLES - ADMIN LIST - Patch #19 - 1.7.1 - in 5 locations
def admin_articles(contents):
global categorySEF, subcatSEF
cur = dbconnection.cursor()
link = '<a href="%s/' % (_SITE+categorySEF)
if contents == 'article_view':
title = l('articles')
sef = 'article_new'
goto = 'snews_articles'
p = 1
qw = 'position < 2 AND position >-1 '
if contents == 'extra_view':
title = l('extra_contents')
sef = 'extra_new'
goto = 'extra_contents'
p = 2
qw = 'position = 2 '
if contents == 'page_view':
title = l('pages')
sef = 'page_new'
p = 3
goto = 'snews_pages'
qw = 'position = 3 '
subquery = 'AND '+qw
if stats('articles',p) > 0:
add = ' - <a href="'+sef+'/" title="'+l('add_new')+'">'+l('add_new')+'</a> - '+l('see')+' ('+link+'">'+l('all')+'</a>) - '+l('filter')+' ('+link+l('year')+'">'+l('year')+'</a> / '+link+l('month')+'">'+l('month')+'</a>)'
else:
add = ''
tab = 1
if subcatSEF == l('year') or subcatSEF == l('month'):
query = 'SELECT DISTINCT(YEAR(date)) AS dyear FROM '+_PRE+'articles WHERE %s ORDER BY date DESC' % qw
result = cur.execute(query)
month_names = explode(', ', l('month_names'))
print('<div class="adminpanel">')
print('<p class="admintitle">%s</p>' % l('articles'))
# Patch #19 - 1.7.1 - replaces fieldset string
print(' - '+l('filter')+' <span style="color: #0000FF">'+subcatSEF+'</span> - '+l('see')+' ('+link+'">'+l('all')+'</a>) - '+l('filter')+' ('+link.l('year')+'">'+l('year')+'</a> / '+link.l('month')+'">%s</a>)</legend>' % l('month'))
if result:
for r in cur.fetchall():
ryear = r['dyear']
print((subcatSEF == '<span style="color: #0000FF">'+r['dyear']+'</span>' if l('month') else link.l('year')+'='+r['dyear']+'">'+r['dyear']+'</a> '))
if subcatSEF == l('month'):
qx = "SELECT DISTINCT(MONTH(date)) AS dmonth FROM "+_PRE+"articles WHERE qw AND YEAR(date)=ryear ORDER BY date ASC"
rqx = cur.execute(qx)
for rx in cur.fetchall():
m = rx['dmonth'] - 1
print(' '+l('divider')+' '+link.l('year')+'='+r['dyear']+';'+l('month')+'='+rx['dmonth']+'">%s</a> ' % month_names[m])
print('<br />')
print('</div>')
return
txtYear = l('year')
txtMonth = l('month')
year = month = None
if subcatSEF and subcatSEF[0:len(txtYear)] == txtYear:
year = subcatSEF[len(txtYear)+1, len(txtYear)+1+4]
find = strpos(subcatSEF,l('month'))
if find > 0:
month = subcatSEF[find + len(txtMonth) + 1: find + len(txtMonth) + 1 + 2]
filterquery = "AND YEAR(date)='"+year+"' " if year else ''
filterquery += "AND MONTH(date)='"+month+"' " if month else ''
no_content = '<p>'+l('no_content_for_filter')+'</p>' if filterquery else '<p>%s</p>' % l('article_not_exist')
print(html_input('form', '', 'post', '', '', '', '', '', '', '', '', '', 'post', '?action=process&amp;task=reorder', ''))
print('<div class="adminpanel">')
print('<p class="admintitle">%s</p>' % (title+add))
# Patch #19 - 1.7.1 - replaces fieldset string
print('<p><input type="hidden" name="order" id="order" value="%s" /></p>' % goto)
if contents == 'extra_view':
cat_array_irregular = ['-1','-3']
for cat_value in cat_array_irregular:
legend_label = l('pages') if cat_value == -3 else l('all')
page_only_xsql = 'page_extra ASC,' if cat_value == -3 else ''
sql = "SELECT id, title, seftitle, date, published, artorder, visible, default_page, page_extra FROM %sarticles WHERE category = %s AND position = %d %s ORDER BY %s artorder ASC, date DESC " % (_PRE,cat_value,p,filterquery, page_only_xsql)
query = cur.execute(sql)
num_rows = 0
tab = 1
print('<div class="innerpanel">')
print('<p class="admintitle">%s</p>' % legend_label)
# Patch #19 - 1.7.1 - replaces fieldset string
lbl_filter = -5
for r in cur.fetchall():
num_rows += 1
if cat_value == -3:
if lbl_filter != r['page_extra']:
assigned_page = retrieve('title','articles','id',r['page_extra'])
print(assigned_page if assigned_page else l('all_pages'))
order_input = '<input type="text" name="page_%s" value="%s" size="1" tabindex="%s" /> &nbsp;' % (r['id'],r['artorder'],tab)
# Patch #13 - 1.7.0 - next string replace 1 below it.
print('<p>'+order_input+'<strong title="'+date(s('date_format'), strtotime(r['date']))+'"> %s</strong> ' % r['title'])
#print '<p>'+order_input+'<strong title="'+date(s('date_format'), strtotime(r['date']))+'"> '+r['title']+'</strong> '+l('divider')+'<a href="'+_SITE+row['seftitle']+'/'+r['seftitle']+'/">%s</a> ' % l('view')
if r['default_page'] != 'YES':
print(l('divider')+' <a href="'+_SITE+'?action=admin_article&amp;id='+r['id']+'">%s</a> ' % l('edit'))
visiblity = '<a href="'+_SITE+'?action=process&amp;task=hide&amp;item='+item+'&amp;id='+r['id']+'">'+l('hide')+'</a>' if r['visible'] == 'YES' else l('hidden')+' ( <a href="'+_SITE+'?action=process&amp;task=show&amp;item='+item+'&amp;id='+r['id']+'">%s</a> )' % l('show')
print(' '+l('divider')+' '+visiblity)
if r['published'] == 2:
print(l('divider')+' ['+l('status')+' %s]' % l('future_posting'))
if r['published'] == 0:
print(l('divider')+' ['+l('status')+' %s]' % l('unpublished'))
print('</p>')
tab += 1
lbl_filter = r['page_extra']
if num_rows == 0:
print(no_content)
print('</div>')
if contents == 'article_view' or contents == 'extra_view':
item = 'extra_contents' if contents == 'extra_view' else 'snews_articles'
cat_query = "SELECT count(*) FROM "+_PRE+"categories WHERE subcat = 0"
cat_res = cur.execute(cat_query)
num = cur.fetchone()
if not cat_res or not num:
print('<p>%s</p>' % l('no_categories'))
else:
sql = "SELECT id, title, seftitle, date, published, artorder, visible, default_page FROM %sarticles WHERE category = '0' AND position = %s %s ORDER BY artorder ASC, date DESC " % (_PRE, p, subquery)
cur2 = dbconnection.cursor()
query = cur2.execute(sql)
num_rows = 0
for O in cur2.fetchall():
if num_rows == 0:
print('<div class="innerpanel">')
print('<p class="admintitle">%s</p>' % l('no_category_set'))
order_input = '<input type="text" name="page_%s" value="%s" size="1" tabindex="%s" /> &nbsp;' % (O['id'], O['artorder'], tab22)
print('<p>'+order_input+'<strong title="'+date(s('date_format'), strtotime(O['date']))+'">%s</strong> ' % O['title'])
if r['default_page'] != 'YES':
print(l('divider')+' <a href="'+_SITE+'?action=admin_article&amp;id='+O['id']+'">%s</a> ' % l('edit'))
visiblity = '<a href="'+_SITE+'?action=process&amp;task=hide&amp;item='+item+'&amp;id='+O['id']+'">'+l('hide')+'</a>' if r['visible'] == 'YES' else l('hidden')+' ( <a href="'+_SITE+'?action=process&amp;task=show&amp;item='+item+'&amp;id='+O['id']+'">%s</a> )' % l('show')
print(' '+l('divider')+' '+visiblity)
if r['published'] == 2:
print(l('divider')+' ['+l('status')+' %s]' % l('future_posting'))
if r['published'] == 0:
print(l('divider')+' ['+l('status')+' %s]' % l('unpublished'))
print('</p>')
tab22 += 1
if num_rows > 0:
print('</div>')
cat_query = "SELECT * FROM "+_PRE+"categories WHERE subcat = 0"
cat_res = cur.execute(cat_query)
for row in cur.fetchall():
print('<div class="adminpanel">')
print('<p class="admintitle">%s</p>' % row['name'])
# Patch #19 - 1.7.1 - replaces fieldset string
sql = "SELECT id, title, seftitle, date, published, artorder, visible, default_page FROM %sarticles WHERE category = %s AND position = %d %s %s ORDER BY artorder ASC, date DESC " % (_PRE,row['id'],p,subquery, filterquery)
query = cur.execute(sql)
num_rows = 0
for r in cur.fetchall():
num_rows += 1
order_input = '<input type="text" name="page_%s" value="%s" size="1" tabindex="%s" /> &nbsp;' % (r['id'],r['artorder'],tab)
print('<p>'+order_input+'<strong title="'+date(s('date_format'), strtotime(r['date']))+'">'+r['title']+'</strong> '+l('divider')+'<a href="'+_SITE+row['seftitle']+'/'+r['seftitle']+'/">%s</a> ' % l('view'))
if r['default_page'] != 'YES':
print(l('divider')+' <a href="'+_SITE+'?action=admin_article&amp;id=%s">%s</a> ' % (r['id'],l('edit')))
visiblity = '<a href="'+_SITE+'?action=process&amp;task=hide&amp;item='+item+'&amp;id=%d">%s</a>' % (r['id'],l('hide')) if r['visible'] == 'YES' else l('hidden')+' ( <a href="'+_SITE+'?action=process&amp;task=show&amp;item='+item+'&amp;id=%d">%s</a> )' % (r['id'],l('show'))
print(' '+l('divider')+' '+visiblity)
if r['published'] == 2:
print(l('divider')+' ['+l('status')+' %s]' % l('future_posting'))
if r['published'] == 0:
print(l('divider')+' ['+l('status')+' %s]' % l('unpublished'))
print('</p>')
tab += 1
if num_rows == 0:
print(no_content)
query2 = cur.execute("SELECT id, name, seftitle FROM %scategories WHERE subcat = '%s' ORDER BY catorder ASC" % (_PRE, row['id']))
tab2 = 1
for row2 in cur.fetchall():
print('<a class="subcat" onclick="javascript: $(\'#subcat%d\').toggle()" class="toggle">%s</a><br />' % (row2['id'],row2['name']))
print('<div id="subcat%s" style="display: none;" class="subcat">' % row2['id'])
catart_sql2 = "SELECT id, title, seftitle, date, published, artorder, visible FROM "+_PRE+"articles WHERE category = '%s' %s %s ORDER BY category ASC, artorder ASC, date DESC " % (row2['id'], subquery, filterquery)
cur2 = dbconnection.cursor()
catart_query2 = cur2.execute(catart_sql2)
num_rows2 = 0
for ca_r2 in cur2.fetchall():
num_rows2 += 1
order_input2 = '<input type="text" name="page_%d" value="%s" size="1" tabindex="%s" /> &nbsp;' % (ca_r2['id'],ca_r2['artorder'], tab2)
catSEF = cat_rel(row2['id'],'seftitle')
print('<p>'+order_input2+'<strong title="'+date(s('date_format'), strtotime(ca_r2['date']))+'">'+ca_r2['title']+'</strong> '+l('divider')+'<a href="'+_SITE+catSEF+'/'+ca_r2['seftitle']+'/">%s</a> ' % l('view'))
print(l('divider')+' <a href="'+_SITE+'?action=admin_article&amp;id=%s">%s</a> ' % (ca_r2['id'],l('edit')))
visiblity2 = '<a href="%s?action=process&amp;task=hide&amp;item=snews_articles&amp;id=%s">%s</a>' % (_SITE,ca_r2['id'],l('hide')) if ca_r2['visible'] == 'YES' else '%s ( <a href="'+_SITE+'?action=process&amp;task=show&amp;item=snews_articles&amp;id='+ca_r2['id']+'">'+l('show')+'</a> )' % l('hidden')
print(' '+l('divider')+' '+visiblity2)
if ca_r2['published'] == 2:
print(l('divider')+' ['+l('status')+' %s]' % l('future_posting'))
if ca_r2['published'] == 0:
print(l('divider')+' ['+l('status')+' %s]' % l('unpublished'))
print('</p>')
if num_rows2 == 0:
print(no_content)
print('</div>')
tab2 += 1
print('</div>')
elif contents == 'page_view':
sql = "SELECT id, title, seftitle, date, published, artorder, visible, default_page FROM %sarticles WHERE position = 3 %s ORDER BY artorder ASC, date DESC " % (_PRE,subquery)
cur = dbconnection.cursor()
query = cur.execute(sql)
count = 0
for r in cur.fetchall():
order_input = '<input type="text" name="page_%s" value="%s" size="1" tabindex="%s" /> &nbsp;' % (r['id'],r['artorder'],tab)
print('<p>'+order_input+'<strong title="'+date(s('date_format'), strtotime(r['date']))+'">'+r['title']+'</strong> '+l('divider')+'<a href="'+_SITE+r['seftitle']+'/">%s</a> ' % l('view'))
if r['default_page'] != 'YES':
print('%s <a href="%s?action=admin_article&amp;id=%s">%s</a> ' % (l('divider'),_SITE,r['id'],l('edit')))
visiblity = '<a href="'+_SITE+'?action=process&amp;task=hide&amp;item=snews_pages&amp;id=%s">%s</a>' % (r['id'],l('hide')) if r['visible'] == 'YES' else l('hidden')+' ( <a href="'+_SITE+'?action=process&amp;task=show&amp;item=snews_pages&amp;id=%s">%s</a> )' % (r['id'],l('show'))
print(' '+l('divider')+' '+visiblity)
if r['published'] == 2:
print(l('divider')+' ['+l('status')+' %s]' % l('future_posting'))
if r['published'] == 0:
print(l('divider')+' ['+l('status')+' %s]' % l('unpublished'))
print('</p>')
tab += 1
count += 1
if count == 0:
print('<p>%s</p>' % l('article_not_exist'))
print('<p>'+html_input('submit', 'reorder', 'reorder', l('order_content'), '', 'button', '', '', '', '', '', '', '', '', ''))
print('</p></div></form>')
#BUTTONS
def buttons():
print('<div class="clearer"></div><p>%s:<br class="clearer" />' % l('formatting'))
formatting = {
'strong': '',
'em': 'key',
'underline': 'key',
'del': 'key',
'p': '',
'br': ''
}
for key, var in formatting.items():
css = key if var == 'key' else 'buttons'
print('<input type="button" name="'+key+'" title="'+l(key)+'" class="'+css+'" onclick="tag(\''+key+'\')" value="'+l(key+'_value')+'" />')
print('</p><br class="clearer" /><p>%s: <br class="clearer" />' % l('insert'))
insert = ['img', 'link', 'include', 'func','intro']
for key in insert:
print('<input type="button" name="'+key+'" title="'+l(key)+'" class="buttons" onclick="tag(\''+key+'\')" value="'+l(key+'_value')+'" />')
print('<br class="clearer" /></p>')
# COMMENTS - EDIT
def edit_comment():
commentid = int(_GET.getvalue('commentid'))
cur = dbconnection.cursor()
query = cur.execute('SELECT id,articleid,name,url,comment,approved FROM '+_PRE+'comments WHERE id=%d' % commentid)
r = cur.fetchone()
articleTITLE = retrieve('title', 'articles', 'id', r['articleid'])
print(html_input('form', '', 'post', '', '', '', '', '', '', '', '', '', 'post', '?action=process&amp;task=editcomment', ''))
print('<div class="adminpanel">')
# Patch #19 - 1.7.1 - replaces fieldset string
print('<p class="admintitle">'+l('edit_comment')+' (<strong> %s</strong> )</p>' % articleTITLE)
print(html_input('textarea', 'editedcomment', 'ec', stripslashes(r['comment']), l('comment'), '', '', '', '', '', '2', '100', '', '', ''))
print(html_input('text', 'name', 'n', r['name'], l('name'), '', '', '', '', '', '', '', '', '', ''))
print(html_input('text', 'url', 'url', r['url'], l('url'), '', '', '', '', '', '', '', '', '', ''))
print(html_input('checkbox', 'approved', 'a', '', l('approved'), '', '', '', '', ('ok' if r['approved'] == 'True' else ''), '', '', '', '', ''))
print('</div><p>') # echo '</fieldset></div><p>'; # Patch #19 - 1.7.1
print(html_input('hidden', 'id', 'id', r['articleid'], '', '', '', '', '', '', '', '', '', '', ''))
print(html_input('submit', 'submit_text', 'submit_text', l('edit'), '', 'button', '', '', '', '', '', '', '', '', ''))
print(html_input('hidden', 'commentid', 'commentid', r['id'], '', '', '', '', '', '', '', '', '', '', ''))
print(html_input('submit', 'delete_text', 'delete_text', l('delete'), '', 'button', 'onclick="javascript: return pop()"', '', '', '', '', '', '', '', ''))
print('</p></form>')
def form_groupings():
if s('enable_extras') == 'YES':
if 'id' in _GET and _GET.getvalue('id') and is_numeric(_GET.getvalue('id')):
extraid = _GET.getvalue('id')
cur = dbconnection.cursor()
query = cur.execute('SELECT id,name,seftitle,description FROM '+_PRE+'extras'+' WHERE id='+extraid)
r = cur.fetchone()
frm_action = _SITE+'?action=process&amp;task=admin_groupings&amp;id='+extraid
frm_add_edit = l('edit')
frm_name = r['name']
frm_sef_title = r['seftitle']
frm_description = r['description']
frm_task = 'edit_groupings'
frm_submit = l('edit_button')
else:
frm_action = _SITE+'?action=process&amp;task=admin_groupings'
frm_add_edit = l('add_groupings')
frm_name = _POST['name']
frm_sef_title = cleanSEF(_POST['name']) if _POST['name'] == '' else cleanSEF(_POST['seftitle'])
frm_description = ''
frm_task = 'add_groupings'
frm_submit = l('add_groupings')
print((html_input('form', '', 'post', '', '', '', '', '', '', '', '', '', 'post', frm_action, '')))
print('<div class="adminpanel">')
print(('<p class="admintitle">'+frm_add_edit+'</p>'))
print((html_input('text', 'name', 't', frm_name, l('name'), '', 'onchange="genSEF(this,document.forms[\'post\'].seftitle)"', 'onkeyup="genSEF(this,document.forms[\'post\'].seftitle)"', '', '', '', '', '', '', '')))
print((html_input('text', 'seftitle', 's', frm_sef_title, l('extra_title'), '', '', '', '', '', '', '', '', '', '')))
print((html_input('text', 'description', 'desc', frm_description, l('description'), '', '', '', '', '', '', '', '', '', '')))
print('</div><p>')
print((html_input('hidden', 'task', 'task', 'admin_groupings', '', '', '', '', '', '', '', '', '', '', '')))
print((html_input('submit', frm_task, frm_task, frm_submit, '', 'button', '', '', '', '', '', '', '', '', '')))
if not not extraid:
print('&nbsp;&nbsp;')
print((html_input('hidden', 'id', 'id', extraid, '', '', '', '', '', '', '', '', '', '', '')))
if extraid != 1:
print((html_input('submit', 'delete_groupings', 'delete_groupings', l('delete'), '', 'button', 'onclick="javascript: return pop()"', '', '', '', '', '', '', '', '')))
print('</p></form>')
# ADMIN GROUPINGS
def admin_groupings():
if s('enable_extras') == 'YES':
if stats('extras','') > 0:
add = ' - <a href="admin_groupings/" title="%s">%s</a>' % (l('add_new'),l('add_new'))
else:
add = ''
print('<div class="adminpanel">')
print('<p class="admintitle">'+l('groupings')+add+'</p>') # Patch #19 - 1.7.1 - replaces fieldset string
cur = dbconnection.cursor()
cur.execute('SELECT id,name,description FROM %sextras ORDER BY id ASC' % _PRE)
num = 0
for r in cur.fetchall():
print('<p><strong>%s</strong> %s<a href="%s?action=admin_groupings&amp;id=%d" title="%s">%s</a></p>' % (r['name'],l('divider'),_SITE,r['id'],r['description'],l('edit')))
num += 1
if num == 0:
print('<p>%s</p>' % l('group_not_exist'))
print('</div>')
# PROCESSING (CATEGORIES, CONTENTS, COMMENTS)
def processing():
if not _ADMIN:
print((notification(1, l('error_not_logged_in'), 'home')))
else:
task = _GET.getvalue('task')
if type(task) is not str:
try:
task = clean(cleanXSS(task[0]))
except:
task = clean(cleanXSS(task))
cur = dbconnection.cursor()
action = clean(cleanXSS(_GET.getvalue('action')))
id = None
subcat = None
datestr = None
if 'id' in _GET:
id = clean(cleanXSS(_GET.getvalue('id')))
if not is_numeric(id): # XXX boggus validation
id = id[0]
id = int(id)
approved = 'True' if 'approved' in _POST and _POST['approved'] == 'on' else ''
name = clean(entity(_POST['name'])) if 'name' in _POST else None
category = _POST['define_category'] if 'define_category' in _POST else 0
description = clean(entity(_POST['description'])) if 'description' in _POST else ''
seftitle = _POST['seftitle'] if 'seftitle' in _POST else None
#XXX text = clean(_POST['text'])
#XXX date = date('Y-m-d H:i:s')
#XXX keywords_meta = entity(_POST['keywords_meta'])
try:
position = int(_POST['position'])
except:
position = 1
publish_category = 'YES' if 'publish' in _POST else 'NO'
fpost_enabled = False
if 'fposting' in _POST and _POST['fposting'] == 'on':
fpost_enabled = True
y = int(_POST['fposting_year'])
m = int(_POST['fposting_month'])
d = int(_POST['fposting_month'])
h = int(_POST['fposting_hour'])
i = int(_POST['fposting_minute'])
datestr = "%4d-%02d-%02d %02d:%02d:00" % (y,m,d,h,i)
if date('Y-m-d H:i:s') < datestr:
publish_article = 2
if task == 'save_settings':
if 'save' in _POST:
default_settings = {
'display_new_on_home' : 'off',
'enable_extras' : 'NO',
'enable_comments' : 'NO',
'file_extensions': '',
'approve_comments' : '',
'show_cat_names' : '',
'num_categories': '',
'allowed_files': '',
'allowed_images': '',
'mail_on_comments' : '',
'freeze_comments' : 'NO',
'word_filter_enable' : '',
'display_pagination' : '',
}
default_settings.update(_POST)
website_title = _POST['website_title']
home_sef = _POST['home_sef']
website_description = _POST['website_description']
website_keywords = _POST['website_keywords']
website_email = _POST['website_email']
contact_subject = _POST['contact_subject']
language = _POST['language']
charset = _POST['charset']
date_format = _POST['date_format']
article_limit = _POST['article_limit']
rss_limit = _POST['rss_limit']
display_page = _POST['display_page']
display_new_on_home = _POST['display_new_on_home'] if 'display_new_on_home' in _POST else 'off'
display_pagination = _POST['display_pagination'] if 'display_pagination' in _POST else ''
num_categories = _POST['num_categories'] if 'num_categories' in _POST else ''
show_cat_names = _POST['show_cat_names'] if 'show_cat_names' in _POST else ''
approve_comments = _POST['approve_comments'] if 'approve_comments' in _POST else ''
mail_on_comments = _POST['mail_on_comments'] if 'mail_on_comments' in _POST else ''
comments_order = _POST['comments_order']
comment_limit = _POST['comment_limit']
word_filter_enable = _POST['word_filter_enable'] if 'word_filter_enable' in _POST else ''
word_filter_file = _POST['word_filter_file']
word_filter_change = _POST['word_filter_change']
enable_extras = 'YES' if 'enable_extras' in _POST else 'NO'
enable_comments = 'YES' if 'enable_comments' in _POST else 'NO'
comment_repost_timer = _POST['comment_repost_timer'] if is_numeric(_POST['comment_repost_timer']) else '15'
freeze_comments = 'YES' if 'freeze_comments' in _POST else 'NO'
file_extensions = _POST['file_extensions']
allowed_file = _POST['allowed_file']
allowed_images = _POST['allowed_images']
ufield = {'website_title': website_title, 'home_sef': home_sef, 'website_description': website_description,
'website_keywords': website_keywords, 'website_email': website_email, 'contact_subject': contact_subject,
'language': language, 'charset': charset, 'date_format': date_format, 'article_limit': article_limit,
'rss_limit': rss_limit, 'display_page': display_page, 'comments_order': comments_order,
'comment_limit': comment_limit, 'word_filter_file': word_filter_file, 'word_filter_change': word_filter_change,
'display_new_on_home': display_new_on_home, 'display_pagination': display_pagination, 'num_categories': num_categories,
'show_cat_names': show_cat_names, 'approve_comments': approve_comments, 'mail_on_comments': mail_on_comments,
'word_filter_enable': word_filter_enable, 'enable_extras': enable_extras, 'enable_comments': enable_comments,
'freeze_comments': freeze_comments, 'comment_repost_timer': comment_repost_timer, 'file_extensions': file_extensions,
'allowed_files': allowed_file, 'allowed_images': allowed_images}
#print(ufield)
dictdiff = [k for k in ufield if k not in default_settings or ufield[k] != default_settings[k]]
print(dictdiff) # XXX DEBUG
for key, value in list(ufield.items()):
cur.execute("UPDATE %ssettings SET VALUE = %%s WHERE name = %%s LIMIT 1" % _PRE, [value,key])
print(notification(0, '', 'snews_settings'))
elif task == 'changeup':
if 'submit_pass' in _POST:
user = checkUserPass(_POST['uname'])
pass1 = checkUserPass(_POST['pass1'])
pass2 = checkUserPass(_POST['pass2'])
if user and pass1 and pass2 and pass1 == pass2:
uname = md5(user).hexdigest()
passwd = md5(pass2).hexdigest()
query = "UPDATE %ssettings SET VALUE=" % (_PRE)
cur.execute(query+("'%s' WHERE name='username' LIMIT 1" % uname))
cur.execute(query+("'%s' WHERE name='password' LIMIT 1" % passwd))
print(notification(0, '', 'administration'))
else:
die(notification(2, l('pass_mismatch'), 'snews_settings'))
elif task == 'admin_groupings':
if not name:
print(notification(1, l('err_TitleEmpty')+l('errNote')))
form_groupings()
elif not seftitle:
print(notification(1, l('err_SEFEmpty')+l('errNote')))
form_groupings()
elif check_if_unique('group_name', name, id, ''):
print(notification(1, l('err_TitleExists')+l('errNote')))
form_groupings()
elif check_if_unique('group_seftitle', seftitle, id, ''):
print(notification(1, l('err_SEFExists')+l('errNote')))
form_groupings()
elif cleancheckSEF(seftitle) == 'notok':
print(notification(1, l('err_SEFIllegal')+l('errNote')))
form_groupings()
else:
if 'add_groupings' in _POST:
cur.execute("INSERT INTO %sextras (name, seftitle, description) VALUES(%%s, %%s, %%s)" % _PRE,[name,seftitle,description])
elif 'edit_groupings' in _POST:
cur.execute("UPDATE %sextras SET name = '%s', seftitle = '%s', description = '%s' WHERE id = id LIMIT 1" % (_PRE,name,seftitle,description))
elif 'delete_groupings' in _POST:
cur.execute("DELETE FROM %sextras WHERE id = %d LIMIT 1" % (_PRE,id))
print(notification(0, '', 'groupings'))
elif task == 'admin_category' or task == 'admin_subcategory':
if 'subcat' in _POST:
subcat = _POST['subcat']
if not name:
print(notification(1, l('err_TitleEmpty')+l('errNote')))
form_categories()
elif not seftitle:
print(notification(1, l('err_SEFEmpty')+l('errNote')))
form_categories()
elif 'add_category' in _POST and check_if_unique('subcat_name', name, '', subcat):
print(notification(1, l('err_TitleExists')+l('errNote')))
form_categories()
elif 'add_category' in _POST and check_if_unique('subcat_seftitle', seftitle, '', subcat):
print(notification(1, l('err_SEFExists')+l('errNote')))
form_categories()
elif 'edit_category' in _POST and subcat == 0 and check_if_unique('cat_name_edit', name, id, ''):
print(notification(1, l('err_TitleExists')+l('errNote')))
form_categories()
elif 'edit_category' in _POST and subcat == 0 and check_if_unique('cat_seftitle_edit', seftitle, id, ''):
print(notification(1, l('err_SEFExists')+l('errNote')))
form_categories()
elif 'edit_category' in _POST and subcat != 0 and check_if_unique('subcat_name_edit', name, id, subcat):
print(notification(1, l('err_TitleExists')+l('errNote')))
form_categories()
elif 'edit_category' in _POST and subcat != 0 and check_if_unique('subcat_seftitle_edit', seftitle, id, subcat):
print(notification(1, l('err_SEFExists')+l('errNote')))
form_categories()
elif cleancheckSEF(seftitle) == 'notok':
print(notification(1, l('err_SEFIllegal')+l('errNote')))
form_categories()
elif subcat == id:
print(notification(1, l('errNote')))
form_categories()
else:
if 'add_category' in _POST:
cur.execute("SELECT MAX(catorder) as max FROM %scategories WHERE subcat = %s" % (_PRE,subcat))
catorder = cur.fetchone()
if catorder['max'] is None:
catorder['max'] = 0
catorder = catorder['max'] + 1
cur.execute("INSERT INTO %scategories (name, seftitle, description, published, catorder, subcat) VALUES(%%s, %%s, %%s, %%s, %%s,%%s)" % _PRE, [name,seftitle,description,publish_category,catorder,subcat])
elif 'edit_category' in _POST:
cur.execute("SELECT MAX(catorder) as max FROM %scategories WHERE subcat = %s" % (_PRE,subcat))
catorder = cur.fetchone()
catorder = _POST['catorder'] if 'catorder' in _POST else catorder['max'] + 1
cur.execute("""UPDATE %scategories SET
name = '%s',
seftitle = '%s',
description = '%s',
published = '%s',
subcat='%s',
catorder='%s'
WHERE id = %s LIMIT 1""" % (_PRE,name,seftitle,description,publish_category,subcat,catorder,id))
elif 'delete_category' in _POST:
any_subcats = retrieve('COUNT(id)', 'categories', 'subcat', id)
any_articles = retrieve('COUNT(id)', 'articles', 'category', id)
if any_subcats > 0 or any_articles > 0:
print(notification(1, l('warn_catnotempty'), ''))
print('<p><a href="%sadministration/" title="%s">%s</a>' % (_SITE, l('administration'), l('administration')))
print(' OR <a href="%s?action=process&amp;task=delete_category_all&amp;id=%s" onclick="javascript: return pop(\'x\')" title="%s">%s</a></p>' % (_SITE,id,l('administration'),l('empty_cat')))
notification(0, '', 'snews_categories')
else:
delete_cat(id)
elif task == 'reorder':
if 'reorder' in _POST:
if _POST['order'] == 'snews_articles' or _POST['order'] == 'extra_contents' or _POST['order'] == 'snews_pages':
table = 'articles'
order_type = 'artorder'
remove = 'page_'
elif _POST['order'] == 'snews_categories':
table = 'categories'
order_type = 'catorder'
remove = 'cat_'
for key, value in _POST:
type_id = str_replace(remove, '', key)
key = clean(cleanXSS(trim(value)))
if key != 'reorder' and key != 'order' and key != table and key != l('order_content') and key != _POST['order']:
query = "UPDATE %s%s SET order_type = %s WHERE id = %s LIMIT 1;" % (_PRE,table,value,type_id)
cur.execute(query)
print(notification(0, l('please_wait')))
print('<meta http-equiv="refresh" content="1; url=%s/">' % _SITE+_POST['order'])
elif task == 'admin_article':
assert('title' in _POST)
trace(str(_POST))
title = clean(entity(_POST['title']))
seftitle = _POST['seftitle']
text = _POST['text']
display_title = 'YES' if 'display_title' in _POST else 'NO'
publish_article = 1 if ('publish_article' in _POST) else 0
display_info = 'YES' if 'display_info' in _POST else 'NO'
commentable = 'YES' if 'commentable' in _POST else 'NO'
freez = 'YES' if 'freeze' in _POST else 'NO'
description_meta = entity(_POST['description_meta']) if 'description_meta' in _POST else ''
keywords_meta = entity(_POST['keywords_meta']) if 'keywords_meta' in _POST else ''
page = _POST['define_page'] if 'define_extra' in _POST else ''
define_extra = _POST['define_extra'] if 'define_extra' in _POST else ''
show_on_home = 'YES' if ('show_on_home' in _POST or position > 1) else 'NO'
show_in_subcats = 'YES' if 'show_in_subcats' in _POST else 'NO'
tentative = {
'title':title,
'seftitle':seftitle,
'text':text,
'description_meta':description_meta,
'keywords_meta':keywords_meta
}
if freez == 'YES' and commentable == 'YES':
commentable = 'FREEZ'
if not title:
print(notification(1, l('err_TitleEmpty')+l('errNote')))
form_articles('',tentative)
elif not seftitle:
print(notification(1, l('err_SEFEmpty')+l('errNote')))
form_articles('',tentative)
elif cleancheckSEF(seftitle) == 'notok':
print(notification(1, l('err_SEFIllegal')+l('errNote')))
form_articles('',tentative)
elif position == 1 and 'edit_article' in _POST and _POST['article_category'] != category and check_if_unique('article_title', title, category, ''):
print(notification(1, l('err_TitleExists')+l('errNote')))
form_articles('',tentative)
elif position == 1 and 'edit_article' in _POST and _POST['article_category'] != category and check_if_unique('article_seftitle', seftitle, category, ''):
print(notification(1, l('err_SEFExists')+l('errNote')))
form_articles('',tentative)
elif not 'delete_article' in _POST and not 'edit_article' in _POST and check_if_unique('article_title', title, category, ''):
print(notification(1, l('err_TitleExists')+l('errNote')))
form_articles('',tentative)
elif not 'delete_article' in _POST and not 'edit_article' in _POST and check_if_unique('article_seftitle', seftitle, category, ''):
print(notification(1, l('err_SEFExists')+l('errNote')))
form_articles('',tentative)
else:
pos = int(position)
sub = ' AND category = '+category if category else ''
curr_artorder = retrieve('artorder', 'articles', 'id', id)
if not curr_artorder:
artorder = 1
else:
artorder = curr_artorder
if pos == 1:
link = 'snews_articles'
elif pos == 2:
link = 'extra_contents'
elif pos == 3:
link = 'snews_pages'
assert (0 < pos < 4)
if 'add_article' in _POST:
trace("article insert")
ret = cur.execute("""INSERT INTO %sarticles (
title, seftitle, text, date, category,
position, extraid, page_extra, displaytitle,
displayinfo, commentable, published, description_meta,
keywords_meta, show_on_home, show_in_subcats, artorder)
VALUES(%%s, %%s, %%s, %%s, %%s,
%%s, %%s, %%s, %%s,
%%s, %%s, %%s, %%s,
%%s, %%s, %%s, %%s)""" % (_PRE),
[title,seftitle,text,datestr,category,
position,define_extra,page,display_title,
display_info,commentable, publish_article, description_meta,
keywords_meta, show_on_home, show_in_subcats, artorder])
elif 'edit_article' in _POST:
category = 0 if position == 3 else category
old_pos = retrieve('position', 'articles', 'id', id)
# Only do this if page is changed to art/extra
if position != old_pos and old_pos == 3:
chk_extra_query = "SELECT id FROM %sarticles WHERE position = 2 AND category = -3 AND page_extra = id" % _PRE
chk_extra_sql = cur.execute(chk_extra_query)
if chk_extra_sql:
for xtra in cur.fetchall():
xtra_id = xtra['id']
cur.execute("UPDATE %sarticles SET category = '0', page_extra = '' WHERE id = %s" % (_PRE,xtra_id))
if fpost_enabled:
future = "date = '%s'," % datestr # Patch #5 - 1.7.0
#allows backdating of article
publish_article = 1 if strtotime(datestr) < time.time() else publish_article
else:
future = ''
query = "UPDATE %sarticles SET" % _PRE + """
title=%s,
seftitle = %s,
text = %s,
""" + future + """
category = %s,
position = %s,
extraid = %s,
page_extra = %s,
displaytitle = %s,
displayinfo = %s,
commentable = %s,
published = %s,
description_meta = %s,
keywords_meta = %s,
show_on_home=%s,
show_in_subcats=%s,
artorder = %s
WHERE id = %s LIMIT 1"""
cur.execute(query, [title,seftitle,text,
category,position,define_extra,page,
display_title,display_info,commentable,publish_article,
description_meta, keywords_meta,show_on_home,show_on_home,artorder,
id])
trace(cur._last_executed)
elif 'delete_article' in _POST:
assert(id is not None)
if position == 3:
chk_extra_query = "SELECT id FROM %sarticles WHERE position = 2 AND category = -3 AND page_extra = %%s" % _PRE
chk_extra_sql = cur.execute(chk_extra_query, [id])
for xtra in cur.fetchall():
xtra_id = xtra['id']
cur.execute("UPDATE %sarticles SET category = '0',page_extra = '' WHERE id = %%s" % _PRE, [xtra_id])
cur.execute("DELETE FROM %sarticles WHERE id = %d " % (_PRE, id))
cur.execute("DELETE FROM %scomments WHERE articleid = %d" % (_PRE, id))
if id == s('display_page'):
cur.execute("UPDATE %ssettings SET VALUE = 0 WHERE name = 'display_page'" % _PRE)
print(notification(0, '', link))
elif task == 'editcomment':
url = cleanXSS(_POST['url'])
comment = _POST['editedcomment']
commentid = int(_POST['commentid']) if 'commentid' in _GET else ''
articleID = retrieve('articleid', 'comments', 'id', commentid)
articleSEF = retrieve('seftitle', 'articles', 'id', articleID)
articleCAT = retrieve('category', 'articles', 'seftitle', articleSEF)
postCat = cat_rel(articleCAT, 'seftitle')
link = postCat+'/'+articleSEF
if 'submit_text' in _POST:
cur.execute("""UPDATE %scomments SET
name = '%s',
url = '%s',
comment = '%s',
approved = '%s'
WHERE id = %d""" % (_PRE, name,url,comment,approved,commentid))
elif 'delete_text' in _POST:
cur.execute("DELETE FROM %scomments WHERE id = %d" % (_PRE,commentid))
print(notification(0, '', link))
elif task == 'deletecomment':
assert('commentid' in _GET)
commentid = int(_POST['commentid'])
articleid = retrieve('articleid', 'comments', 'id', commentid)
articleSEF = retrieve('seftitle', 'articles', 'id', articleid)
articleCAT = retrieve('category', 'articles', 'id', articleid)
postCat = cat_rel(articleCAT, 'seftitle')
link = postCat+'/'+articleSEF
cur.execute("DELETE FROM "+_PRE+"comments WHERE id = %s", [commentid])
print(notification(0, '', link))
print('<meta http-equiv="refresh" content="1; url='+_SITE+postCat+'/%s/">' % articleSEF)
elif task == 'delete_category_all':
assert(id is not None)
art_query = cur.execute("SELECT id FROM "+_PRE+"articles WHERE category = %s", [id])
for rart in cur.fetchall():
cur.execute("DELETE FROM "+_PRE+"comments WHERE articleid = %s", [rart['id']])
cur.execute("DELETE FROM "+_PRE+"articles WHERE category = %s", [id])
sub_query = cur.execute("SELECT id FROM "+_PRE+"categories WHERE subcat = %s", [id])
for rsub in cur.fetchall():
art_query = cur.execute("SELECT id FROM "+_PRE+"articles WHERE category = %s", [rsub['id']])
for rart in cur.fetchall():
cur.execute("DELETE FROM "+_PRE+"comments WHERE articleid = %s", [rart['id']])
cur.execute("DELETE FROM "+_PRE+"articles WHERE category = %s", [rsub['id']])
cur.execute("DELETE FROM "+_PRE+"categories WHERE subcat = %s", [id])
delete_cat(id)
print(notification(0, '', 'snews_categories'))
elif task == 'hide' or task == 'show':
id = _GET.getvalue('id')
item = _GET.getvalue('item')
back = _GET.getvalue('back')
is_visible = 'NO' if task == 'hide' else 'YES'
if item == 'snews_articles':
order = 'artorder'
link = 'snews_articles' if not back else back
elif item == 'extra_contents':
order = 'artorder'
link = 'extra_contents' if not back else back
elif item == 'snews_pages':
order = 'artorder'
link = 'snews_pages' if not back else back
else:
assert(item is None)
cur.execute("UPDATE %sarticles SET visible = '%s' WHERE id = %s" % (_PRE,is_visible,id))
print(notification(0, l('please_wait')))
print('<meta http-equiv="refresh" content="1; url=%s/">' % _SITE+link)
else:
print(("XXX Unknown processing task %s" % task))
assert(False)
def files():
# XXX TODO
assert(False)
def filelist():
# XXX TODO
assert(False)
dbconnection = None
# CONNECT TO DATABASE
def connect_to_db():
global dbconnection
cur = None
try:
# cursorclass=MySQLdb.cursors.DictCursor seems to be defined only after the 1st call ???
dbconnection = MySQLdb.connect(db('dbhost'), db('dbuname'), db('dbpass'), db('dbname'),charset='utf8')
dbconnection = MySQLdb.connect(db('dbhost'), db('dbuname'), db('dbpass'), db('dbname'),cursorclass=MySQLdb.cursors.DictCursor)
dbconnection.autocommit(True)
cur = dbconnection.cursor()
#cur.execute('set profiling = 1')
cur.execute("SHOW TABLES LIKE '"+_PRE+"articles'")
data = cur.fetchone()
# DEBUG print data
if data is None:
print(l('db_tables_error'))
# RAISE !
if cur:
cur.close
EN.l['ignored_items'] += s('language')+'.php'
except MySQLdb.Error as e:
print("Error %d: %s" % (e.args[0],e.args[1]))
if dbconnection:
dbconnection.close()
sys.exit(1)
# Get parent/child from an id
def cat_rel(var, column):
parent = ''
categoryid = var
cur = dbconnection.cursor()
join_result = cur.execute(
"""SELECT parent.%s FROM %scategories as child
INNER JOIN %scategories as parent
ON parent.id = child.subcat
WHERE child.id = %s""" % (column,_PRE,_PRE,categoryid))
for j in cur.fetchall():
parent = j[column]+'/'
subresult = cur.execute(
"""SELECT %s FROM %scategories
WHERE id = %s""" % (column,_PRE,categoryid))
for c in cur.fetchall():
child = c[column]
return parent+child
# SMART RETRIEVE FUNCTION
def populate_retr_cache():
global retr_cache_cat_id, retr_cache_cat_sef
cur = dbconnection.cursor()
cur.execute('SELECT id, seftitle, name FROM '+_PRE+'categories')
for r in cur.fetchall():
retr_cache_cat_id[r['id']] = r['seftitle']
retr_cache_cat_sef[r['seftitle']] = r['name']
retr_init = False
retr_cache_cat_id = retr_cache_cat_sef = {}
def retrieve(column, table, field, value):
if value is None:
return None
if table == 'categories':
global retr_cache_cat_id, retr_cache_cat_sef, retr_init
if not retr_init:
populate_retr_cache()
retr_init = True
if column == 'name':
return retr_cache_cat_sef[value]
elif column == 'seftitle':
return retr_cache_cat_id[value]
cur = dbconnection.cursor()
query = "SELECT %s FROM %s WHERE %s = %%s" % (column,_PRE+table,field)
cur.execute(query, [value])
retrieve = None
for r in cur.fetchall():
retrieve = r[column]
return retrieve
#NOTIFICATION
def notification(error=0, note='', link=''):
global _SITE
# adds a "Warning" option
title = l('operation_completed') if error == 0 else (l('admin_error') if error != 0 else l('warning'))
note = '' if (note is None or not note) else '<p>%s</p>' % note
if link is None:
goto = ''
elif link == 'home':
goto = '<p><a href="'+_SITE+'">%s</a></p>' % l('backhome')
elif link != 'home':
goto = '<p><a href="'+_SITE+link+'/" title="'+link+'">%s</a></p>' % l('back')
if error == 2:
_SESSION[_SITE+'fatal'] = '' if note == '' else '<h3>'+title+'</h3>'+note+goto
print('<meta http-equiv="refresh" content="0; url=%s/">' % (_SITE+link))
return
else:
output = '<h3>'+title+'</h3>'+note+goto
return output
# PREPARING ARTICLE FOR XML
def strip():
# XXX TODO
assert(False)
def entity(x):
return x # XXX ?
#FILE INCLUSION
def file_include(text, shorten):
fulltext = text[0:shorten]
if substr_count(fulltext, '&') > 0:
fulltext = str_replace('&', '&amp;', str_replace('&amp;', '&', fulltext))
if shorten < 9999000 and preg_match('<p>',fulltext):
if substr_count(fulltext, '<p>') > substr_count(fulltext, '</p>'):
fulltext += '</p>'
ins = strpos(fulltext, '[/func]')
if ins > 0:
text = str_replace('[func]', '|&|', fulltext)
text = str_replace('[/func]', '|&|', text)
text = explode('|&|', text)
num = len(text) - 1
i = 1
while i <= num:
func = explode(':|:', text[i])
# xxx ob_start()
#returned = call_user_func_array(func[0], explode(',',func[1]))
# xxx text[i] = ob_get_clean()
text[i] = "FUNCALL %s" % func[0]
if not text[i]:
text[i] = returned
i = i + 2
fulltext = "".join(text)
inc = strpos(fulltext, '[/include]')
if inc > 0:
text = str_replace('[include]', '|&|', fulltext)
text = str_replace('[/include]', '|&|', text)
text = explode('|&|', text)
num = len(text)
extension = explode(',', s('file_extensions'))
for i in range(0,num):
filename = text[i]
pos = filename.rfind('.')
ext = filename[pos+1:]
if pos > 0 and ext in extension:
if preg_match('^[a-z0-9_\-.\/]+$', filename):
if os.path.isfile(filename):
include(filename)
else:
print(l('error_file_exists'))
else:
print(l('error_file_name'))
else:
print(substr(text[i], 0))
else:
print(fulltext)
def clean(s):
# XXX VERIFY
return MySQLdb.escape_string(s)
def br2nl(s):
# XXX TODO
return s
# SEND EMAIL
# TODO : fix php to python
# TODO : test
def send_email(send_array):
for var, value in send_array:
var = value
body = status+"\n" if isset(status) else ''
if isset(message):
text = l('message')+': '+"\n"+br2nl(message)+"\n"
if isset(comment):
text = l('comment')+': '+"\n"+br2nl(comment)+"\n"
header = "MIME-Version: 1.0\n"
header+="Content-type: text/plain; charset="+s('charset')+"\n"
header+="From: $name <$email>\r\nReply-To: $name <$email>\r\nReturn-Path: <$email>\r\n"
if isset(ip):
header = "X-Sender-IP-Adress: $ip\n"
body+=l('name')+': '+name+"\n" if isset(name) else ''
body+=l('email')+': '+email+"\n" if isset(email) else ''
body+=isset(url) and l('url')+': '+url+"\n\n" if url != '' else ''
body+=text+"\n"
mail(to, subject, body, header)
# LOGIN LOGOUT LINK
def login_link():
login = '<a href="'+_SITE
login += ('administration/" title="'+l('administration')+'">'+l('administration')+'</a> '+l('divider')+' <a href="'+_SITE+'logout/" title="'+l('logout')+'">'+l('logout')) if _ADMIN else ('login/" title="'+l('login')+'">'+l('login'))
login += '</a>'
print(login)
# USER/PASS CHECK
def checkUserPass(input):
output = clean(cleanXSS(input))
output = strip_tags(output)
if output.isalnum() and len(output) > 3 and len(output) < 14:
return output
else:
return None
# MATH CAPTCHA - // Patch #18 - 1.7.1 - revised function by KikkoMax
def mathCaptcha():
# XXX TODO
return "mathCaptcha"
# CHECK MATH CAPTCHA RESULT
def checkMathCaptcha():
return True
#CATEGORY CHECK
def check_category(category):
global pagesList
return category in pagesList
def cleanSEF(str):
# XXX TODO
return str
# CLEAN CHECK SEF
def cleancheckSEF(string):
ret = 'notok' if not preg_match('/^[a-z0-9-_]+$/i', string) else 'ok'
return ret
# RETRIEVE CATEGORIES OR SUBCATEGORIES FROM DB
def retr_categories(parent=0):
global dbconnection
qwr = ' AND a.visible=\'YES\'' if not _ADMIN else ''
if s('num_categories') == 'on':
query = """SELECT c.seftitle, c.name, description, c.id AS parent, COUNT(DISTINCT a.id) as total
FROM %scategories AS c
LEFT OUTER JOIN %sarticles AS a
ON (a.category = c.id AND a.position = 1 AND a.published = 1 %s)
WHERE c.subcat = %d AND c.published = 'YES'
GROUP BY c.id
ORDER BY c.catorder,c.id""" % (_PRE, _PRE, qwr, parent)
else:
query = """SELECT c.seftitle, c.name, description, c.id AS parent
FROM %scategories AS c
WHERE c.subcat = %d AND c.published = 'YES'
GROUP BY c.id
ORDER BY c.catorder,c.id""" % (_PRE, parent)
cur = dbconnection.cursor()
cur.execute(query)
tab = []
for r in cur.fetchall():
tab.append(r)
return tab
# Print HTTP headers
def header(x):
print(x)
def getUrlInformation(urlstring):
global dbconnection
global commentsPage,pageNum
URI = urlstring.split('/')
while len(URI) > 0 and len(URI[0]) == 0:
del(URI[0])
while len(URI) > 0 and len(URI[len(URI) - 1]) == 0:
del(URI[len(URI) - 1])
if URI:
item = URI[len(URI) - 1]
if item.find(l('comment_pages')) == 0:
suffix = item[len(l('comment_pages')):]
if is_numeric(suffix):
commentsPage = int(suffix)
del(URI[len(URI) - 1])
if URI:
item = URI[len(URI)-1]
if item.find(l('paginator')) == 0:
suffix = item[len(l('paginator')):]
if is_numeric(suffix):
pageNum = int(suffix)
del(URI[len(URI)-1])
''' /*
/ Category / subcategory / article /
/ Category / subcategory /
/ Category / article /
/ Category /
/ Page /
*/'''
if _ADMIN:
pub_a = pub_c = pub_x = ''
else:
pub_a = ' AND a.published = 1'
pub_c = ' AND c.published =\'YES\''
pub_x = ' AND x.published =\'YES\''
trace("URL Len = %d" % len(URI))
if len(URI) == 3:
MainQuery = '''SELECT
a.id AS id, title, position, description_meta, keywords_meta,
c.id AS catID, c.name AS name, c.description, x.name AS xname,
x.seftitle as categorySEF, c.seftitle as subcatSEF
FROM '''+_PRE+'articles'+''' AS a,
'''+_PRE+'categories'+''' AS c
LEFT JOIN '''+_PRE+'categories'+''' AS x
ON c.subcat=x.id
WHERE a.category=c.id
'''+pub_a+pub_c+pub_x+'''
AND x.seftitle="'''+URI[0]+'''"
AND c.seftitle="'''+URI[1]+'''"
AND a.seftitle="'''+URI[2]+'"'
elif len(URI) == 2:
MainQuery = '''SELECT
a.id AS id, title, position, description_meta, keywords_meta,
c.id as catID, name, description, subcat, c.seftitle as categorySEF, NULL as xname, a.seftitle as subcatSEF
FROM '''+_PRE+'articles'+''' AS a
LEFT JOIN '''+_PRE+'categories'+''' AS c
ON category = c.id
WHERE c.seftitle = "'''+URI[0]+'''"
AND a.seftitle ="'''+URI[1]+'''"
'''+pub_a+pub_c+'''
AND subcat = 0
UNION
SELECT
NULL, NULL, 0, NULL, NULL, c.id, c.name, c.description, c.subcat, x.seftitle, x.name, c.seftitle
FROM '''+_PRE+'categories'+''' AS x
LEFT JOIN '''+_PRE+'categories'+''' AS c
ON c.subcat = x.id
WHERE x.seftitle = "'''+URI[0]+'''"
AND c.seftitle = "'''+URI[1]+'''"
'''+pub_c+pub_x
elif len(URI) == 1:
MainQuery = '''SELECT
a.id as id, title, description_meta, keywords_meta, position, category as catID, a.seftitle as categorySEF, name, description
FROM '''+_PRE+'articles'+''' AS a
LEFT JOIN '''+_PRE+'categories'+''' AS c
ON category = c.id
WHERE a.seftitle = "'''+URI[0]+'''"
'''+pub_a+'''
AND position = 3
UNION
SELECT
NULL, NULL, NULL, NULL, 0, c.id AS catID, seftitle, name, description
FROM '''+_PRE+'categories'+''' AS c
WHERE c.seftitle = "'''+URI[0]+'''"
AND subcat = 0
'''+pub_c
elif len(URI) == 0:
MainQuery = '''SELECT
id, title, category, description_meta, keywords_meta, position
FROM %sarticles AS a
WHERE id = %s
%s AND position = 3''' % (_PRE,s('display_page'), pub_a)
else:
# Too many path component in URL
MainQuery = None
D = None
if MainQuery:
trace(MainQuery)
cur = dbconnection.cursor()
result = cur.execute(MainQuery)
D = cur.fetchone()
if not D:
# ethier page not found or builtin page
D = {}
if 'action' in _GET:
# XXX do something
pass
elif len(URI) == 1 and check_category(URI[0]):
# Builtin pages (eg /administration)
D['categorySEF'] = URI[0]
elif len(URI):
D['categorySEF'] = '404'
D['description'] = '404'
header('Status: 404')
return D
# CHECK IF UNIQUE
def check_if_unique(what, text, not_id, subcat):
text = clean(text)
if what == 'article_seftitle':
sql = _PRE+'articles WHERE seftitle = "'+text+('" AND category = '+not_id if not_id else '"')
elif what == 'article_title':
sql = _PRE+'articles WHERE title = "'+text+('" AND category = '+not_id if not_id else '"')
elif what == 'subcat_seftitle':
sql = _PRE+'categories WHERE seftitle = "'+text+'" AND subcat = '+subcat
elif what == 'subcat_name':
sql = _PRE+'categories WHERE name = "'+text+'" AND subcat = '+subcat
elif what == 'cat_seftitle_edit':
sql = _PRE+'categories WHERE seftitle = "'+text+'" AND id != %d' % not_id
elif what == 'cat_name_edit':
sql = _PRE+'categories WHERE name = "'+text+'" AND id != %d' % not_id
elif what == 'subcat_seftitle_edit':
sql = _PRE+'categories WHERE seftitle = "'+text+'" AND subcat = '+subcat+' AND id != %d' % not_id
elif what == 'subcat_name_edit':
sql = _PRE+'categories WHERE name = "'+text+'" AND subcat = '+subcat+' AND id != %d' % not_id
elif what == 'group_seftitle':
sql = _PRE+'extras WHERE seftitle = "'+text+('" AND id != '+not_id if not_id else '"')
elif what == 'group_name':
sql = _PRE+'extras WHERE name = "'+text+('" AND id != '+not_id if not_id else '"')
cur = dbconnection.cursor()
result = cur.execute('SELECT count(id) FROM '+sql)
trace(cur._last_executed)
rows = cur.fetchone()
return rows == 0 # XXX test this function
# ARTICLES - FUTURE POSTING
def update_articles():
last_date = s('last_date')
updatetime = strtotime(last_date) if last_date else time.time()
dif_time = time.time() - updatetime
trace("# TEST dif_date %s" % str(dif_time))
cur = dbconnection.cursor()
if not(last_date) or dif_time > 1200:
cur = dbconnection.cursor()
cur.execute("""UPDATE %sarticles
SET published=1
WHERE published=2
AND date <= NOW()""" % _PRE)
cur.execute("""UPDATE %ssettings
SET value=NOW()
WHERE name='last_date'""" % _PRE)
def strip_tags(str):
# XXX TODO
str = str_replace('<', '&lt;', str)
str = str_replace('>', '&gt;', str)
return str
def cleanWords(s):
# XXX TODO
return s
def cleanXSS(s):
# XXX TODO
return s
def stripslashes(s):
return s.decode('string_escape')
# php/Python equiv
def trim(s):
return s.strip()
def str_replace(pattern,value,str):
return str.replace(pattern,value)
def substr_count(str,pattern):
return str.count(pattern)
def preg_match(pattern,string):
flags = 0
if pattern[-2:] == '/i':
pattern = pattern[:-2]
flags += re.I
if pattern[0:1] == '^':
pattern = pattern[1:]
return re.match(pattern, string, flags)
if pattern[0:2] == '/^':
pattern = pattern[2:]
return re.match(pattern, string, flags)
else:
return re.search(pattern, string, flags)
def strpos(string, pattern):
if string is None:
return None
return string.find(pattern)
def explode(separator,string):
return string.split(separator)
def is_numeric(string):
try:
int(string)
return True
except ValueError:
return False
except TypeError:
return False
def implode(s,array):
return s.join(array)
def unixtime():
return 0
def substr(s,start,len=None):
if len:
return s is not None and s[start:start+len]
else:
return s is not None and s[start:]
def date(f,s=None):
if s is None:
s = time.localtime()
# XXX TODO
if type(s) is float:
s = time.localtime(s)
if f == 'i':
return time.strftime('%M')
if f in ['d', 'm', 'Y', 'H']:
return time.strftime('%'+f)
elif f == 'd.m.Y. H:i:s':
return time.strftime("%d-%m-%Y %H:%M:%S",s)
elif f == 'Y-m-d H:i:s':
return time.strftime("%Y-%m-%d %H:%M:%S",s)
elif f == 'd.m.Y. H:i':
return time.strftime("%d-%m-%Y %H:%M",s)
trace("XXX unknown date format %s" % f)
return "Today"
def strtotime(t):
if t is None:
trace("strtotime unknown date : using dummy date")
t = "2012-08-16 22:10:00" # XXX Dummy date
if type(t) is str:
t = datetime.strptime(t,"%Y-%m-%d %H:%M:%S")
return time.mktime(t.timetuple())
elif type(t) is datetime:
return time.mktime(t.timetuple())
else:
assert False
def die(x):
if x: print(x)
exit()
def loginValidate():
if 'Loginform' in _POST and not _ADMIN:
user = checkUserPass(_POST['uname']) if 'uname' in _POST else ''
passwd = checkUserPass(_POST['pass']) if 'pass' in _POST else ''
# Patch #18 - 1.7.1 - revised string by KikkoMax
if checkMathCaptcha() and md5(user).hexdigest() == s('username') and md5(passwd).hexdigest() == s('password'):
_SESSION[_SITE+'Logged_In'] = True
notification(2,'','administration')
return True
else:
die(notification(2,l('err_Login'),'login'))
return False
connect_to_db()
register_page("404",'404 - Not found',page_error_404)
register_page("archive",l('archive'),archive)
register_page("login","login",login)
# XXX : register_page("contact",l('contact'),contact)
register_page("sitemap",l('sitemap'),sitemap)
if _ADMIN:
register_page("logout","Logout",logout,False)
register_page("administration","Administration",administration,False)
register_page("snews_settings","Snews Settings",settings,False)
register_page('snews_categories',"Categories",admin_categories,False)
register_page('snews_articles',"XXX title",(lambda: admin_articles('article_view')),False)
register_page('snews_pages',"XXX title",(lambda: admin_articles('page_view')),False)
register_page('extra_contents',"XXX title",(lambda: admin_articles('extra_view')),False)
register_page('extra_new',"XXX title",(lambda: form_articles('extra_new')),False)
register_page('page_new',"XXX title",(lambda: form_articles('page_new')),False)
register_page('article_new',"XXX title",(lambda: form_articles('article_new')),False)
register_page('admin_category',"XXX title",form_categories,False)
register_page('groupings',"XXX title",admin_groupings,False)
EN.l['cat_listSEF'] += ',admin_article,snews_files,logout,groupings,admin_groupings'
if 'PATH_INFO' in os.environ:
url = os.environ['PATH_INFO']
else:
url = '/'
R = getUrlInformation(url)
if 'categorySEF' in R: categorySEF = R['categorySEF']
if 'subcatSEF' in R: subcatSEF = R['subcatSEF']
if 'id' in R: _ID = R['id']
if 'title' in R: _TITLE = R['title']
if 'position' in R: _POS = R['position']
if 'catID' in R: _catID = R['catID']
if 'name' in R: _NAME = R['name']
if 'xname' in R: _XNAME = R['xname']
if 'description_meta' in R: _DESCR = R['description_meta']
elif 'description' in R: _DESCR = R['description']
else: _DESCR = None
# set comments page for / category / article /
headers()
loginValidate()
retr_categories()
update_articles()
def snewsdebug():
"""
DEBUG & TESTS
Everything that helps understand what goes wrong
"""
sys.path.append('Jinja2-2.6')
sys.path.append('Jinja2-2.6/jinja2')
from jinja2 import Environment, PackageLoader, Template
from loaders import FileSystemLoader
env = Environment(loader=FileSystemLoader('.'))
print("<HR><h3>BEGIN DEBUG</h3>")
print(_DEBUG['tracestr'])
print('<table border=1>')
for item in R:
print('<tr><td>'+item+'<td>'+str(R[item]))
print('</table>')
print("<p>ID %s _catID %s<p>" % (_ID,_catID))
print(R)
print("<p>")
#template = env.get_template('index.html')
#print template.render(title=s('website_title'), website_description=s('website_description'))
print("<p>")
print(_GET)
print("<pre>")
_SESSION.dump()
print("</pre>")
print("END DEBUG")
def snews_end():
trace(date('Y-m-d H:i:s'))
snewsdebug()
_SESSION.close()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment