codes****@googl*****
codes****@googl*****
2009年 4月 18日 (土) 22:24:13 JST
Author: tacahi
Date: Sat Apr 18 06:21:39 2009
New Revision: 1516
Added:
externals/geeklog-1.5.2sr4/public_html/
externals/geeklog-1.5.2sr4/public_html/404.php
externals/geeklog-1.5.2sr4/public_html/article.php
externals/geeklog-1.5.2sr4/public_html/backend/
externals/geeklog-1.5.2sr4/public_html/backend/geeklog.rss
externals/geeklog-1.5.2sr4/public_html/calendar/
externals/geeklog-1.5.2sr4/public_html/calendar/event.php
externals/geeklog-1.5.2sr4/public_html/calendar/images/
externals/geeklog-1.5.2sr4/public_html/calendar/images/calendar.png
(contents, props changed)
externals/geeklog-1.5.2sr4/public_html/calendar/images/delete_event.gif
(contents, props changed)
externals/geeklog-1.5.2sr4/public_html/calendar/images/delete_event.png
(contents, props changed)
externals/geeklog-1.5.2sr4/public_html/calendar/index.php
externals/geeklog-1.5.2sr4/public_html/calendar/style.css
externals/geeklog-1.5.2sr4/public_html/comment.php
externals/geeklog-1.5.2sr4/public_html/directory.php
externals/geeklog-1.5.2sr4/public_html/docs/
externals/geeklog-1.5.2sr4/public_html/docs/calendar.html
externals/geeklog-1.5.2sr4/public_html/docs/changed-files
externals/geeklog-1.5.2sr4/public_html/docs/changes.html
externals/geeklog-1.5.2sr4/public_html/docs/config.html
externals/geeklog-1.5.2sr4/public_html/docs/docstyle.css
externals/geeklog-1.5.2sr4/public_html/docs/history
externals/geeklog-1.5.2sr4/public_html/docs/images/
externals/geeklog-1.5.2sr4/public_html/docs/images/de.png (contents,
props changed)
externals/geeklog-1.5.2sr4/public_html/docs/images/fr.png (contents,
props changed)
externals/geeklog-1.5.2sr4/public_html/docs/images/jp.png (contents,
props changed)
externals/geeklog-1.5.2sr4/public_html/docs/images/newlogo.gif
(contents, props changed)
externals/geeklog-1.5.2sr4/public_html/docs/images/pl.png (contents,
props changed)
externals/geeklog-1.5.2sr4/public_html/docs/index.html
externals/geeklog-1.5.2sr4/public_html/docs/install.html
externals/geeklog-1.5.2sr4/public_html/docs/license
externals/geeklog-1.5.2sr4/public_html/docs/links.html
externals/geeklog-1.5.2sr4/public_html/docs/plugin.html
externals/geeklog-1.5.2sr4/public_html/docs/polls.html
externals/geeklog-1.5.2sr4/public_html/docs/spamx.html
externals/geeklog-1.5.2sr4/public_html/docs/staticpages.html
externals/geeklog-1.5.2sr4/public_html/docs/support.html
externals/geeklog-1.5.2sr4/public_html/docs/theme.html
externals/geeklog-1.5.2sr4/public_html/docs/themevars.html
externals/geeklog-1.5.2sr4/public_html/docs/trackback.html
externals/geeklog-1.5.2sr4/public_html/getimage.php
externals/geeklog-1.5.2sr4/public_html/help/
externals/geeklog-1.5.2sr4/public_html/help/advancedsearch.html
externals/geeklog-1.5.2sr4/public_html/help/cceventsubmission.html
externals/geeklog-1.5.2sr4/public_html/help/cclinksubmission.html
externals/geeklog-1.5.2sr4/public_html/help/ccstorysubmission.html
externals/geeklog-1.5.2sr4/public_html/help/submitevent.html
externals/geeklog-1.5.2sr4/public_html/help/submitlink.html
externals/geeklog-1.5.2sr4/public_html/help/submitstory.html
externals/geeklog-1.5.2sr4/public_html/index.php
externals/geeklog-1.5.2sr4/public_html/javascript/
externals/geeklog-1.5.2sr4/public_html/javascript/advanced_editor.js
externals/geeklog-1.5.2sr4/public_html/javascript/common.js
externals/geeklog-1.5.2sr4/public_html/javascript/configmanager.js
externals/geeklog-1.5.2sr4/public_html/javascript/moveusers.js
externals/geeklog-1.5.2sr4/public_html/javascript/profile_editor.js
externals/geeklog-1.5.2sr4/public_html/javascript/staticpages_fckeditor.js
externals/geeklog-1.5.2sr4/public_html/javascript/storyeditor_fckeditor.js
externals/geeklog-1.5.2sr4/public_html/javascript/submitcomment_fckeditor.js
externals/geeklog-1.5.2sr4/public_html/javascript/submitstory_fckeditor.js
externals/geeklog-1.5.2sr4/public_html/lib-common.php
externals/geeklog-1.5.2sr4/public_html/links/
externals/geeklog-1.5.2sr4/public_html/links/images/
externals/geeklog-1.5.2sr4/public_html/links/images/links.png
(contents, props changed)
externals/geeklog-1.5.2sr4/public_html/links/index.php
externals/geeklog-1.5.2sr4/public_html/links/portal.php
externals/geeklog-1.5.2sr4/public_html/pingback.php
externals/geeklog-1.5.2sr4/public_html/polls/
externals/geeklog-1.5.2sr4/public_html/polls/images/
externals/geeklog-1.5.2sr4/public_html/polls/images/polls.png
(contents, props changed)
externals/geeklog-1.5.2sr4/public_html/polls/index.php
externals/geeklog-1.5.2sr4/public_html/polls/polls_editor.js
externals/geeklog-1.5.2sr4/public_html/polls/style.css
externals/geeklog-1.5.2sr4/public_html/profiles.php
externals/geeklog-1.5.2sr4/public_html/robots.txt
externals/geeklog-1.5.2sr4/public_html/search.php
externals/geeklog-1.5.2sr4/public_html/siteconfig.php
externals/geeklog-1.5.2sr4/public_html/staticpages/
externals/geeklog-1.5.2sr4/public_html/staticpages/images/
externals/geeklog-1.5.2sr4/public_html/staticpages/images/staticpages.png
(contents, props changed)
externals/geeklog-1.5.2sr4/public_html/staticpages/index.php
externals/geeklog-1.5.2sr4/public_html/stats.php
externals/geeklog-1.5.2sr4/public_html/submit.php
externals/geeklog-1.5.2sr4/public_html/switchlang.php
externals/geeklog-1.5.2sr4/public_html/trackback.php
externals/geeklog-1.5.2sr4/public_html/users.php
externals/geeklog-1.5.2sr4/public_html/usersettings.php
externals/geeklog-1.5.2sr4/public_html/webservices/
externals/geeklog-1.5.2sr4/public_html/webservices/atom/
externals/geeklog-1.5.2sr4/public_html/webservices/atom/index.php
Log:
geeklog-1.5.2sr4をインポートします。(part 2)
Added: externals/geeklog-1.5.2sr4/public_html/404.php
==============================================================================
--- (empty file)
+++ externals/geeklog-1.5.2sr4/public_html/404.php Sat Apr 18 06:21:39 2009
@@ -0,0 +1,58 @@
+<?php
+
+/* Reminder: always indent with 4 spaces (no tabs). */
+//
+---------------------------------------------------------------------------+
+// | Geeklog
1.3 |
+//
+---------------------------------------------------------------------------+
+// |
404.php |
+//
|
|
+// | Geeklog "404 Not Found"
page |
+//
+---------------------------------------------------------------------------+
+// | Copyright (C) 2000-2005 by the following
authors: |
+//
|
|
+// | Authors: Tony Bibbs - tony AT tonybibbs DOT
com |
+// | Jason Whittenburg - jwhitten AT securitygeeks DOT
com |
+// | Dirk Haun - dirk AT haun-online DOT
de |
+//
+---------------------------------------------------------------------------+
+//
|
|
+// | This program is free software; you can redistribute it
and/or |
+// | modify it under the terms of the GNU General Public
License |
+// | as published by the Free Software Foundation; either version
2 |
+// | of the License, or (at your option) any later
version. |
+//
|
|
+// | This program is distributed in the hope that it will be
useful, |
+// | but WITHOUT ANY WARRANTY; without even the implied warranty
of |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
the |
+// | GNU General Public License for more
details. |
+//
|
|
+// | You should have received a copy of the GNU General Public
License |
+// | along with this program; if not, write to the Free Software
Foundation, |
+// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
USA. |
+//
|
|
+//
+---------------------------------------------------------------------------+
+//
+// $Id: 404.php,v 1.10 2005/06/23 08:06:09 dhaun Exp $
+
+require_once ('lib-common.php');
+
+$display = COM_siteHeader ('menu', $LANG_404[1]);
+$display .= COM_startBlock ($LANG_404[1]);
+if (isset ($_SERVER['SCRIPT_URI'])) {
+ $url = strip_tags ($_SERVER['SCRIPT_URI']);
+} else {
+ $pos = strpos ($_SERVER['REQUEST_URI'], '?');
+ if ($pos === false) {
+ $request = $_SERVER['REQUEST_URI'];
+ } else {
+ $request = substr ($_SERVER['REQUEST_URI'], 0, $pos);
+ }
+ $url = 'http://' . $_SERVER['HTTP_HOST'] . strip_tags ($request);
+}
+$display .= sprintf ($LANG_404[2], $url);
+$display .= $LANG_404[3];
+$display .= COM_endBlock ();
+$display .= COM_siteFooter ();
+
+echo $display
+
+?>
Added: externals/geeklog-1.5.2sr4/public_html/article.php
==============================================================================
--- (empty file)
+++ externals/geeklog-1.5.2sr4/public_html/article.php Sat Apr 18 06:21:39
2009
@@ -0,0 +1,385 @@
+<?php
+
+/* Reminder: always indent with 4 spaces (no tabs). */
+//
+---------------------------------------------------------------------------+
+// | Geeklog
1.5 |
+//
+---------------------------------------------------------------------------+
+// |
article.php |
+//
|
|
+// | Shows articles in various
formats. |
+//
+---------------------------------------------------------------------------+
+// | Copyright (C) 2000-2009 by the following
authors: |
+//
|
|
+// | Authors: Tony Bibbs - tony AT tonybibbs DOT
com |
+// | Jason Whittenburg - jwhitten AT securitygeeks DOT
com |
+// | Dirk Haun - dirk AT haun-online DOT
de |
+// | Vincent Furia - vinny01 AT users DOT sourceforge DOT
net |
+//
+---------------------------------------------------------------------------+
+//
|
|
+// | This program is free software; you can redistribute it
and/or |
+// | modify it under the terms of the GNU General Public
License |
+// | as published by the Free Software Foundation; either version
2 |
+// | of the License, or (at your option) any later
version. |
+//
|
|
+// | This program is distributed in the hope that it will be
useful, |
+// | but WITHOUT ANY WARRANTY; without even the implied warranty
of |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
the |
+// | GNU General Public License for more
details. |
+//
|
|
+// | You should have received a copy of the GNU General Public
License |
+// | along with this program; if not, write to the Free Software
Foundation, |
+// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
USA. |
+//
|
|
+//
+---------------------------------------------------------------------------+
+
+/**
+* This page is responsible for showing a single article in different modes
which
+* may, or may not, include the comments attached
+*
+* @author Jason Whittenburg
+* @author Tony Bibbbs <tony AT tonybibbs DOT com>
+* @author Vincent Furia <vinny01 AT users DOT sourceforge DOT net>
+*/
+
+/**
+* Geeklog common function library
+*/
+require_once 'lib-common.php';
+require_once $_CONF['path_system'] . 'lib-story.php';
+if ($_CONF['trackback_enabled']) {
+ require_once $_CONF['path_system'] . 'lib-trackback.php';
+}
+
+// Uncomment the line below if you need to debug the HTTP variables being
passed
+// to the script. This will sometimes cause errors but it will allow you
to see
+// the data being passed in a POST operation
+
+// echo COM_debug($_POST);
+
+// MAIN
+$display = '';
+
+$order = '';
+$query = '';
+$reply = '';
+if (isset ($_POST['mode'])) {
+ $sid = COM_applyFilter ($_POST['story']);
+ $mode = COM_applyFilter ($_POST['mode']);
+ if (isset ($_POST['order'])) {
+ $order = COM_applyFilter ($_POST['order']);
+ }
+ if (isset ($_POST['query'])) {
+ $query = COM_applyFilter ($_POST['query']);
+ }
+ if (isset ($_POST['reply'])) {
+ $reply = COM_applyFilter ($_POST['reply']);
+ }
+} else {
+ COM_setArgNames (array ('story', 'mode'));
+ $sid = COM_applyFilter (COM_getArgument ('story'));
+ $mode = COM_applyFilter (COM_getArgument ('mode'));
+ if (isset ($_GET['order'])) {
+ $order = COM_applyFilter ($_GET['order']);
+ }
+ if (isset ($_GET['query'])) {
+ $query = COM_applyFilter ($_GET['query']);
+ }
+ if (isset ($_GET['reply'])) {
+ $reply = COM_applyFilter ($_GET['reply']);
+ }
+}
+
+if (empty ($sid)) {
+ echo COM_refresh ($_CONF['site_url'] . '/index.php');
+ exit();
+}
+if ((strcasecmp ($order, 'ASC') != 0) && (strcasecmp ($order, 'DESC') !=
0)) {
+ $order = '';
+}
+
+$result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']}
WHERE sid = '$sid'" . COM_getPermSql ('AND'));
+$A = DB_fetchArray($result);
+if ($A['count'] > 0) {
+
+ $story = new Story();
+
+ $args = array (
+ 'sid' => $sid,
+ 'mode' => 'view'
+ );
+
+ $output = STORY_LOADED_OK;
+ $result = PLG_invokeService('story', 'get', $args, $output, $svc_msg);
+
+ if($result == PLG_RET_OK) {
+ /* loadFromArray cannot be used, since it overwrites the timestamp
*/
+ reset($story->_dbFields);
+
+ while (list($fieldname,$save) = each($story->_dbFields)) {
+ $varname = '_' . $fieldname;
+
+ if (array_key_exists($fieldname, $output)) {
+ $story->{$varname} = $output[$fieldname];
+ }
+ }
+ }
+
+ if ($output == STORY_PERMISSION_DENIED) {
+ $display .= COM_siteHeader ('menu', $LANG_ACCESS['accessdenied'])
+ . COM_startBlock ($LANG_ACCESS['accessdenied'], '',
+ COM_getBlockTemplate ('_msg_block', 'header'))
+ . $LANG_ACCESS['storydenialmsg']
+ . COM_endBlock (COM_getBlockTemplate
('_msg_block', 'footer'))
+ . COM_siteFooter ();
+ } elseif ( $output == STORY_INVALID_SID ) {
+ $display .= COM_refresh($_CONF['site_url'] . '/index.php');
+ } elseif (($mode == 'print') && ($_CONF['hideprintericon'] == 0)) {
+ $story_template = new Template($_CONF['path_layout'] . 'article');
+ $story_template->set_file('article', 'printable.thtml');
+ $story_template->set_var('xhtml', XHTML);
+ $story_template->set_var('direction', $LANG_DIRECTION);
+ $story_template->set_var('page_title',
+ $_CONF['site_name'] . ': ' .
$story->displayElements('title'));
+ $story_template->set_var('story_title',
+ $story->DisplayElements('title'));
+ header('Content-Type: text/html; charset=' . COM_getCharset());
+ $story_template->set_var('story_date',
$story->displayElements('date'));
+
+ if ($_CONF['contributedbyline'] == 1) {
+ $story_template->set_var('lang_contributedby', $LANG01[1]);
+ $authorname =
COM_getDisplayName($story->displayElements('uid'));
+ $story_template->set_var('author', $authorname);
+ $story_template->set_var('story_author', $authorname);
+ $story_template->set_var('story_author_username',
+ $story->DisplayElements('username'));
+ }
+
+ $story_template->set_var('story_introtext',
+ $story->DisplayElements('introtext'));
+ $story_template->set_var('story_bodytext',
+ $story->DisplayElements('bodytext'));
+
+ $story_template->set_var('site_url', $_CONF['site_url']);
+ $story_template->set_var('site_admin_url',
$_CONF['site_admin_url']);
+ $story_template->set_var('layout_url', $_CONF['layout_url']);
+ $story_template->set_var('site_name', $_CONF['site_name']);
+ $story_template->set_var('site_slogan', $_CONF['site_slogan']);
+ $story_template->set_var('story_id', $story->getSid());
+ $articleUrl = COM_buildUrl($_CONF['site_url']
+ . '/article.php?story=' .
$story->getSid());
+ if ($story->DisplayElements('commentcode') >= 0) {
+ $commentsUrl = $articleUrl . '#comments';
+ $comments = $story->DisplayElements('comments');
+ $numComments = COM_numberFormat($comments);
+ $story_template->set_var('story_comments', $numComments);
+ $story_template->set_var('comments_url', $commentsUrl);
+ $story_template->set_var('comments_text',
+ $numComments . ' ' . $LANG01[3]);
+ $story_template->set_var('comments_count', $numComments);
+ $story_template->set_var('lang_comments', $LANG01[3]);
+ $comments_with_count = sprintf($LANG01[121], $numComments);
+
+ if ($comments > 0) {
+ $comments_with_count = COM_createLink($comments_with_count,
+ $commentsUrl);
+ }
+ $story_template->set_var('comments_with_count',
+ $comments_with_count);
+ }
+ $story_template->set_var ('lang_full_article', $LANG08[33]);
+ $story_template->set_var ('article_url', $articleUrl);
+
+ COM_setLangIdAndAttribute($story_template);
+
+ $story_template->parse('output', 'article');
+ $display =
$story_template->finish($story_template->get_var('output'));
+ } else {
+ // Set page title
+ $pagetitle = $story->DisplayElements('title');
+
+ $rdf = '';
+ if ($story->DisplayElements('trackbackcode') == 0) {
+ if ($_CONF['trackback_enabled']) {
+ $permalink = COM_buildUrl ($_CONF['site_url']
+ . '/article.php?story=' .
$story->getSid());
+ $trackbackurl = TRB_makeTrackbackUrl ($story->getSid());
+ $rdf = '<!--' . LB
+ . TRB_trackbackRdf ($permalink, $pagetitle,
$trackbackurl)
+ . LB . '-->' . LB;
+ }
+ if ($_CONF['pingback_enabled']) {
+ header ('X-Pingback: ' .
$_CONF['site_url'] . '/pingback.php');
+ }
+ }
+ $display .= COM_siteHeader ('menu', $pagetitle, $rdf);
+
+ if (isset($_GET['msg'])) {
+ $msg = COM_applyFilter($_GET['msg'], true);
+ if ($msg > 0) {
+ $plugin = '';
+ if (isset($_GET['plugin'])) {
+ $plugin = COM_applyFilter($_GET['plugin']);
+ }
+ $display .= COM_showMessage($msg, $plugin);
+ }
+ }
+
+ DB_query ("UPDATE {$_TABLES['stories']} SET hits = hits + 1 WHERE
(sid = '".$story->getSid()."') AND (date <= NOW()) AND (draft_flag = 0)");
+
+ // Display whats related
+
+ $story_template = new Template($_CONF['path_layout'] . 'article');
+ $story_template->set_file('article','article.thtml');
+
+ $story_template->set_var('xhtml', XHTML);
+ $story_template->set_var('site_url', $_CONF['site_url']);
+ $story_template->set_var('site_admin_url',
$_CONF['site_admin_url']);
+ $story_template->set_var('layout_url', $_CONF['layout_url']);
+ $story_template->set_var('story_id', $story->getSid());
+ $story_template->set_var('story_title', $pagetitle);
+ $story_options = array ();
+ if (($_CONF['hideemailicon'] == 0) && (!empty ($_USER['username'])
||
+ (($_CONF['loginrequired'] == 0) &&
+ ($_CONF['emailstoryloginrequired'] == 0)))) {
+ $emailUrl = $_CONF['site_url'] . '/profiles.php?sid=' .
$story->getSid()
+ . '&what=emailstory';
+ $story_options[] = COM_createLink($LANG11[2], $emailUrl);
+ $story_template->set_var ('email_story_url', $emailUrl);
+ $story_template->set_var ('lang_email_story', $LANG11[2]);
+ $story_template->set_var ('lang_email_story_alt', $LANG01[64]);
+ }
+ $printUrl = COM_buildUrl ($_CONF['site_url']
+ . '/article.php?story=' .
$story->getSid() . '&mode=print');
+ if ($_CONF['hideprintericon'] == 0) {
+ $story_options[] = COM_createLink($LANG11[3], $printUrl,
array('rel' => 'nofollow'));
+ $story_template->set_var ('print_story_url', $printUrl);
+ $story_template->set_var ('lang_print_story', $LANG11[3]);
+ $story_template->set_var ('lang_print_story_alt', $LANG01[65]);
+ }
+ if ($_CONF['pdf_enabled'] == 1) {
+ $pdfUrl = $_CONF['site_url']
+ . '/pdfgenerator.php?pageType=2&pageData='
+ . urlencode ($printUrl);
+ $story_options[] = COM_createLink($LANG11[5], $pdfUrl);
+ $story_template->set_var ('pdf_story_url', $printUrl);
+ $story_template->set_var ('lang_pdf_story', $LANG11[5]);
+ }
+ if ($_CONF['backend'] == 1) {
+ $tid = $story->displayElements('tid');
+ $result = DB_query("SELECT filename, title, format FROM
{$_TABLES['syndication']} WHERE type = 'article' AND topic = '$tid' AND
is_enabled = 1");
+ $feeds = DB_numRows($result);
+ for ($i = 0; $i < $feeds; $i++) {
+ list($filename, $title, $format) = DB_fetchArray($result);
+ $feedUrl = SYND_getFeedUrl($filename);
+ $feedTitle = sprintf($LANG11[6], $title);
+ $feedType = SYND_getMimeType($format);
+ $feedClass = 'feed-link';
+ if (!empty($LANG_DIRECTION) && ($LANG_DIRECTION == 'rtl'))
{
+ $feedClass .= '-rtl';
+ }
+ $story_options[] = COM_createLink($feedTitle, $feedUrl,
+ array('type' =>
$feedType,
+ 'class' =>
$feedClass));
+ }
+ }
+ if ($_CONF['trackback_enabled'] &&
+ ($story->displayElements('trackbackcode') >= 0) &&
+ SEC_hasRights('story.ping') &&
+ ($story->displayElements('draft_flag') == 0) &&
+ ($story->displayElements('day') < time ())) {
+ $url = $_CONF['site_admin_url']
+ . '/trackback.php?mode=sendall&id=' .
$story->getSid();
+ $story_options[] = COM_createLink($LANG_TRB['send_trackback'],
$url);
+ }
+ $related = STORY_whatsRelated($story->displayElements('related'),
+ $story->displayElements('uid'),
+ $story->displayElements('tid'));
+ if (!empty ($related)) {
+ $related = COM_startBlock ($LANG11[1], '',
+ COM_getBlockTemplate ('whats_related_block', 'header'))
+ . $related
+ . COM_endBlock (COM_getBlockTemplate
('whats_related_block',
+ 'footer'));
+ }
+ if (count ($story_options) > 0) {
+ $optionsblock = COM_startBlock ($LANG11[4], '',
+ COM_getBlockTemplate ('story_options_block', 'header'))
+ . COM_makeList ($story_options, 'list-story-options')
+ . COM_endBlock (COM_getBlockTemplate
('story_options_block',
+ 'footer'));
+ } else {
+ $optionsblock = '';
+ }
+ $story_template->set_var ('whats_related', $related);
+ $story_template->set_var ('story_options', $optionsblock);
+ $story_template->set_var ('whats_related_story_options',
+ $related . $optionsblock);
+
+ $story_template->set_var ('formatted_article',
+ STORY_renderArticle ($story, 'n', '',
$query));
+
+ // display comments or not?
+ if ( (is_numeric($mode)) and ($_CONF['allow_page_breaks'] == 1) )
+ {
+ $story_page = $mode;
+ $mode = '';
+ if( $story_page <= 0 ) {
+ $story_page = 1;
+ }
+ $article_arr = explode( '[page_break]',
$story->displayElements('bodytext'));
+ $conf = $_CONF['page_break_comments'];
+ if (
+ ($conf == 'all') or
+ ( ($conf =='first') and ($story_page == 1) ) or
+ ( ($conf == 'last') and (count($article_arr) ==
($story_page)) )
+ ) {
+ $show_comments = true;
+ } else {
+ $show_comments = false;
+ }
+ } else {
+ $show_comments = true;
+ }
+
+ // Display the comments, if there are any ..
+ if (($story->displayElements('commentcode') >= 0) and
$show_comments) {
+ $delete_option = (SEC_hasRights('story.edit') &&
($story->getAccess() == 3)
+ ? true : false);
+ require_once ( $_CONF['path_system'] . 'lib-comment.php' );
+ $story_template->set_var ('commentbar',
+ CMT_userComments ($story->getSid(),
$story->displayElements('title'), 'article',
+ $order, $mode, 0, $page, false,
$delete_option, $story->displayElements('commentcode')));
+ }
+ if ($_CONF['trackback_enabled'] &&
($story->displayElements('trackbackcode') >= 0) &&
+ $show_comments) {
+ if (SEC_hasRights ('story.ping')) {
+ if (($story->displayElements('draft_flag') == 0) &&
+ ($story->displayElements('day') < time ())) {
+ $url = $_CONF['site_admin_url']
+ . '/trackback.php?mode=sendall&id=' .
$story->getSid();
+ $story_template->set_var ('send_trackback_link',
+ COM_createLink($LANG_TRB['send_trackback'], $url));
+ $story_template->set_var ('send_trackback_url', $url);
+ $story_template->set_var ('lang_send_trackback_text',
+ $LANG_TRB['send_trackback']);
+ }
+ }
+
+ $permalink = COM_buildUrl ($_CONF['site_url']
+ . '/article.php?story=' .
$story->getSid());
+ $story_template->set_var ('trackback',
+ TRB_renderTrackbackComments
($story->getSID(), 'article',
+
$story->displayElements('title'), $permalink));
+ } else {
+ $story_template->set_var ('trackback', '');
+ }
+ $display .= $story_template->finish ($story_template->parse
('output', 'article'));
+ $display .= COM_siteFooter ();
+ }
+} else {
+ $display .= COM_refresh($_CONF['site_url'] . '/index.php');
+}
+
+echo $display;
+
+?>
Added: externals/geeklog-1.5.2sr4/public_html/backend/geeklog.rss
==============================================================================
Added: externals/geeklog-1.5.2sr4/public_html/calendar/event.php
==============================================================================
--- (empty file)
+++ externals/geeklog-1.5.2sr4/public_html/calendar/event.php Sat Apr 18
06:21:39 2009
@@ -0,0 +1,726 @@
+<?php
+
+/* Reminder: always indent with 4 spaces (no tabs). */
+//
+---------------------------------------------------------------------------+
+// | Calendar Plugin
1.0 |
+//
+---------------------------------------------------------------------------+
+// |
event.php |
+//
|
|
+// | Shows details of an event or
events |
+//
+---------------------------------------------------------------------------+
+// | Copyright (C) 2000-2008 by the following
authors: |
+//
|
|
+// | Authors: Tony Bibbs - tony AT tonybibbs DOT
com |
+// | Mark Limburg - mlimburg AT users DOT sourceforge DOT
net |
+// | Jason Whittenburg - jwhitten AT securitygeeks DOT
com |
+// | Dirk Haun - dirk AT haun-online DOT
de |
+//
+---------------------------------------------------------------------------+
+//
|
|
+// | This program is free software; you can redistribute it
and/or |
+// | modify it under the terms of the GNU General Public
License |
+// | as published by the Free Software Foundation; either version
2 |
+// | of the License, or (at your option) any later
version. |
+//
|
|
+// | This program is distributed in the hope that it will be
useful, |
+// | but WITHOUT ANY WARRANTY; without even the implied warranty
of |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
the |
+// | GNU General Public License for more
details. |
+//
|
|
+// | You should have received a copy of the GNU General Public
License |
+// | along with this program; if not, write to the Free Software
Foundation, |
+// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
USA. |
+//
|
|
+//
+---------------------------------------------------------------------------+
+//
+// $Id: event.php,v 1.31 2008/05/24 08:28:17 dhaun Exp $
+
+require_once '../lib-common.php';
+
+if (!in_array('calendar', $_PLUGINS)) {
+ echo COM_refresh($_CONF['site_url'] . '/index.php');
+ exit;
+}
+
+require_once $_CONF['path_system'] . 'classes/calendar.class.php';
+
+/**
+* Adds an event to the user's calendar
+*
+* The user has asked that an event be added to their personal
+* calendar. Show a confirmation screen.
+*
+* @param string $eid event ID to add to user's calendar
+* @return string HTML for confirmation form
+*
+*/
+function adduserevent ($eid)
+{
+ global $_CONF, $_TABLES, $LANG_CAL_1;
+
+ $retval = '';
+
+ $eventsql = "SELECT * FROM {$_TABLES['events']} WHERE eid='$eid'" .
COM_getPermSql ('AND');
+ $result = DB_query($eventsql);
+ $nrows = DB_numRows($result);
+ if ($nrows == 1) {
+ $retval .= COM_startBlock (sprintf ($LANG_CAL_1[11],
+ COM_getDisplayName()));
+ $A = DB_fetchArray($result);
+ $cal_template = new
Template($_CONF['path'] . 'plugins/calendar/templates/');
+ $cal_template->set_file(array('addevent' => 'addevent.thtml'));
+ $cal_template->set_var('xhtml', XHTML);
+ $cal_template->set_var('site_url', $_CONF['site_url']);
+ $cal_template->set_var('site_admin_url', $_CONF['site_admin_url']);
+ $cal_template->set_var('layout_url', $_CONF['layout_url']);
+ $cal_template->set_var('intro_msg', $LANG_CAL_1[8]);
+ $cal_template->set_var('lang_event', $LANG_CAL_1[12]);
+ $event_title = stripslashes($A['title']);
+
+ if (!empty ($A['url']) && ($A['url'] != 'http://')) {
+ $cal_template->set_var ('event_url', $A['url']);
+ $event_title = COM_createLink($event_title, $A['url']);
+ } else {
+ $cal_template->set_var ('event_url', '');
+ }
+ $cal_template->set_var ('event_title', $event_title);
+ $cal_template->set_var('lang_starts', $LANG_CAL_1[13]);
+ $cal_template->set_var('lang_ends', $LANG_CAL_1[14]);
+
+ $thestart = COM_getUserDateTimeFormat($A['datestart'] . ' ' .
$A['timestart']);
+ $theend = COM_getUserDateTimeFormat($A['dateend'] . ' ' .
$A['timeend']);
+ if ($A['allday'] == 0) {
+ $cal_template->set_var('event_start', $thestart[0]);
+ $cal_template->set_var('event_end', $theend[0]);
+ } else {
+ $cal_template->set_var('event_start',
strftime($_CONF['shortdate'], $thestart[1]));
+ $cal_template->set_var('event_end',
strftime($_CONF['shortdate'], $theend[1]));
+ }
+
+ $cal_template->set_var('lang_where',$LANG_CAL_1[4]);
+ $location = stripslashes($A['location']) . '<br' . XHTML . '>'
+ . stripslashes ($A['address1']) . '<br' . XHTML . '>'
+ . stripslashes ($A['address2']) . '<br' . XHTML . '>'
+ . stripslashes ($A['city'])
+ . ', ' . stripslashes($A['state']) . ' ' . $A['zipcode'];
+ $cal_template->set_var('event_location', $location);
+ $cal_template->set_var('lang_description', $LANG_CAL_1[5]);
+ $description = stripslashes ($A['description']);
+ if (empty($A['postmode']) || ($A['postmode'] == 'plaintext')) {
+ $description = nl2br ($description);
+ }
+ $cal_template->set_var ('event_description',
+ PLG_replaceTags ($description));
+ $cal_template->set_var('event_id', $eid);
+ $cal_template->set_var('lang_addtomycalendar', $LANG_CAL_1[9]);
+ $cal_template->set_var('gltoken_name', CSRF_TOKEN);
+ $cal_template->set_var('gltoken', SEC_createToken());
+ $cal_template->parse('output', 'addevent');
+ $retval .= $cal_template->finish($cal_template->get_var('output'));
+ $retval .= COM_endBlock ();
+ } else {
+ $retval .= COM_showMessage(23);
+ }
+
+ return $retval;
+}
+
+/**
+* Save an event to user's personal calendar
+*
+* User has seen the confirmation screen and they still wants to
+* add this event to their calendar. Actually save it now.
+*
+* @param string $eid ID of event to save
+* @return string HTML refresh
+*
+*/
+function saveuserevent ($eid)
+{
+ global $_CONF, $_TABLES, $_USER;
+
+ if (isset ($_USER['uid']) && ($_USER['uid'] > 1)) {
+
+ // Try to delete the event first in case it has already been added
+ DB_query ("DELETE FROM {$_TABLES['personal_events']} WHERE
uid={$_USER['uid']} AND eid='$eid'");
+
+ $result = DB_query ("SELECT eid FROM {$_TABLES['events']} WHERE
(eid = '$eid')" . COM_getPermSql ('AND'));
+ if (DB_numRows ($result) == 1) {
+
+ $savesql = "INSERT INTO {$_TABLES['personal_events']} "
+ . "(eid,uid,title,event_type,datestart,dateend,timestart,timeend,allday,location,address1,address2,city,state,"
+ . "zipcode,url,description,group_id,owner_id,perm_owner,perm_group,perm_members,perm_anon)
SELECT
eid,"
+ .
$_USER['uid'] . ",title,event_type,datestart,dateend,timestart,timeend,allday,location,address1,address2,"
+ . "city,state,zipcode,url,description,group_id,owner_id,perm_owner,perm_group,perm_members,perm_anon
FROM "
+ . "{$_TABLES['events']} WHERE eid = '{$eid}'";
+
+ DB_query ($savesql);
+
+ return COM_refresh ($_CONF['site_url']
+ . '/calendar/index.php?mode=personal&msg=24');
+ }
+ }
+
+ return COM_refresh ($_CONF['site_url'] . '/index.php');
+}
+
+/**
+* Allows user to edit a personal calendar event
+*
+* @param array $A Record to display
+* @return string HTML for event editor
+*
+*/
+function editpersonalevent ($A)
+{
+ global $_CONF, $_CA_CONF, $LANG_CAL_1;
+
+ $cal_templates = new
Template($_CONF['path'] . 'plugins/calendar/templates/');
+ $cal_templates->set_file('form','editpersonalevent.thtml');
+ $cal_templates->set_var( 'xhtml', XHTML );
+ $cal_templates->set_var('site_url', $_CONF['site_url']);
+ $cal_templates->set_var('site_admin_url', $_CONF['site_admin_url']);
+ $cal_templates->set_var('layout_url', $_CONF['layout_url']);
+
+ $cal_templates->set_var ('lang_title', $LANG_CAL_1[28]);
+ $title = stripslashes ($A['title']);
+ $title = str_replace ('{', '{', $title);
+ $title = str_replace ('}', '}', $title);
+ $title = str_replace ('"', '"', $title);
+ $cal_templates->set_var ('event_title', $title);
+
+ $cal_templates->set_var('lang_eventtype', $LANG_CAL_1[37]);
+ $type_options = CALENDAR_eventTypeList($A['event_type']);
+ $cal_templates->set_var('type_options', $type_options);
+
+ // Handle start date/time
+ $cal_templates->set_var('lang_startdate', $LANG_CAL_1[21]);
+ $cal_templates->set_var('lang_starttime', $LANG_CAL_1[30]);
+ $A['startdate'] = $A['datestart'] . ' ' . $A['timestart'];
+
+ $start_month = date ('n', strtotime ($A['startdate']));
+ $month_options = COM_getMonthFormOptions ($start_month);
+ $cal_templates->set_var ('startmonth_options', $month_options);
+
+ $start_day = date ('j', strtotime ($A['startdate']));
+ $day_options = COM_getDayFormOptions ($start_day);
+ $cal_templates->set_var('startday_options', $day_options);
+
+ $start_year = date ('Y', strtotime ($A['startdate']));
+ $year_options = COM_getYearFormOptions ($start_year);
+ $cal_templates->set_var('startyear_options', $year_options);
+
+ if (isset ($_CA_CONF['hour_mode']) && ($_CA_CONF['hour_mode'] == 24)) {
+ $start_hour = date ('H', strtotime ($A['startdate']));
+ $hour_options = COM_getHourFormOptions ($start_hour, 24);
+ $cal_templates->set_var ('starthour_options', $hour_options);
+ } else {
+ $start_hour = date ('g', strtotime ($A['startdate']));
+ $hour_options = COM_getHourFormOptions ($start_hour);
+ $cal_templates->set_var ('starthour_options', $hour_options);
+ }
+
+ $startmin = intval (date ('i', strtotime ($A['startdate'])) / 15) * 15;
+ $cal_templates->set_var ('startminute_options',
+ COM_getMinuteFormOptions ($startmin, 15));
+
+ $ampm = date ('a', strtotime ($A['startdate']));
+ $cal_templates->set_var ('startampm_selection',
+ COM_getAmPmFormSelection ('startampm_selection',
$ampm));
+
+ // Handle end date/time
+ $cal_templates->set_var('lang_enddate', $LANG_CAL_1[18]);
+ $cal_templates->set_var('lang_endtime', $LANG_CAL_1[29]);
+ $A['enddate'] = $A['dateend'] . ' ' . $A['timeend'];
+
+ $end_month = date ('n', strtotime ($A['enddate']));
+ $month_options = COM_getMonthFormOptions ($end_month);
+ $cal_templates->set_var ('endmonth_options', $month_options);
+
+ $end_day = date ('j', strtotime ($A['enddate']));
+ $day_options = COM_getDayFormOptions ($end_day);
+ $cal_templates->set_var ('endday_options', $day_options);
+
+ $end_year = date ('Y', strtotime ($A['enddate']));
+ $year_options = COM_getYearFormOptions ($end_year);
+ $cal_templates->set_var ('endyear_options', $year_options);
+
+ if (isset ($_CA_CONF['hour_mode']) && ($_CA_CONF['hour_mode'] == 24)) {
+ $end_hour = date ('H', strtotime ($A['enddate']));
+ $hour_options = COM_getHourFormOptions ($end_hour, 24);
+ $cal_templates->set_var ('endhour_options', $hour_options);
+ } else {
+ $end_hour = date ('g', strtotime ($A['enddate']));
+ $hour_options = COM_getHourFormOptions ($end_hour);
+ $cal_templates->set_var ('endhour_options', $hour_options);
+ }
+
+ $endmin = intval (date ('i', strtotime ($A['enddate'])) / 15) * 15;
+ $cal_templates->set_var ('endminute_options',
+ COM_getMinuteFormOptions ($endmin, 15));
+
+ $ampm = date ('a', strtotime ($A['enddate']));
+ $cal_templates->set_var ('endampm_selection',
+ COM_getAmPmFormSelection ('endampm_selection',
$ampm));
+
+ $cal_templates->set_var ('lang_alldayevent', $LANG_CAL_1[31]);
+ if ($A['allday'] == 1) {
+ $cal_templates->set_var ('allday_checked', 'checked="checked"');
+ } else {
+ $cal_templates->set_var ('allday_checked', '');
+ }
+
+ $cal_templates->set_var('lang_location',$LANG_CAL_1[39]);
+ $cal_templates->set_var('event_location', stripslashes
($A['location']));
+
+ $cal_templates->set_var('lang_addressline1', $LANG_CAL_1[32]);
+ $cal_templates->set_var('event_address1', stripslashes
($A['address1']));
+ $cal_templates->set_var('lang_addressline2', $LANG_CAL_1[33]);
+ $cal_templates->set_var('event_address2', stripslashes
($A['address2']));
+
+ $cal_templates->set_var('lang_city', $LANG_CAL_1[34]);
+ $cal_templates->set_var('event_city', stripslashes ($A['city']));
+
+ $cal_templates->set_var('lang_state', $LANG_CAL_1[35]);
+ $cal_templates->set_var('state_options', '');
+ $cal_templates->set_var('event_state', stripslashes ($A['state']));
+
+ $cal_templates->set_var('lang_zipcode', $LANG_CAL_1[36]);
+ $cal_templates->set_var('event_zipcode', $A['zipcode']);
+
+ $cal_templates->set_var('lang_link', $LANG_CAL_1[43]);
+ $cal_templates->set_var('event_url', $A['url']);
+
+ $cal_templates->set_var('lang_description', $LANG_CAL_1[5]);
+ $cal_templates->set_var('event_description',
+ nl2br (stripslashes ($A['description'])));
+
+ $cal_templates->set_var('lang_htmlnotallowed', $LANG_CAL_1[44]);
+ $cal_templates->set_var('lang_submit', $LANG_CAL_1[45]);
+ $cal_templates->set_var('lang_delete', $LANG_CAL_1[51]);
+ $cal_templates->set_var('eid', $A['eid']);
+ $cal_templates->set_var('uid', $A['uid']);
+ if (isset ($_CA_CONF['hour_mode']) && ($_CA_CONF['hour_mode'] == 24)) {
+ $cal_templates->set_var ('hour_mode', 24);
+ } else {
+ $cal_templates->set_var ('hour_mode', 12);
+ }
+ $cal_templates->set_var('gltoken_name', CSRF_TOKEN);
+ $cal_templates->set_var('gltoken', SEC_createToken());
+
+ return $cal_templates->parse ('output', 'form');
+}
+
+/**
+* Set localised day and month names.
+*
+* @param object $aCalendar reference(!) to a Calendar object
+*
+*/
+function setCalendarLanguage (&$aCalendar)
+{
+ global $LANG_WEEK, $LANG_MONTH, $LANG_CAL_2;
+
+ $lang_days = array ('sunday' => $LANG_WEEK[1],
+ 'monday' => $LANG_WEEK[2],
+ 'tuesday' => $LANG_WEEK[3],
+ 'wednesday' => $LANG_WEEK[4],
+ 'thursday' => $LANG_WEEK[5],
+ 'friday' => $LANG_WEEK[6],
+ 'saturday' => $LANG_WEEK[7]);
+ $lang_months = array ('january' => $LANG_MONTH[1],
+ 'february' => $LANG_MONTH[2],
+ 'march' => $LANG_MONTH[3],
+ 'april' => $LANG_MONTH[4],
+ 'may' => $LANG_MONTH[5],
+ 'june' => $LANG_MONTH[6],
+ 'july' => $LANG_MONTH[7],
+ 'august' => $LANG_MONTH[8],
+ 'september' => $LANG_MONTH[9],
+ 'october' => $LANG_MONTH[10],
+ 'november' => $LANG_MONTH[11],
+ 'december' => $LANG_MONTH[12]);
+ $aCalendar->setLanguage ($lang_days, $lang_months);
+}
+
+
+// MAIN
+
+$display = '';
+
+$action = '';
+if (isset ($_REQUEST['action'])) {
+ $action = COM_applyFilter ($_REQUEST['action']);
+}
+
+switch ($action) {
+case 'addevent':
+ if (($_CA_CONF['personalcalendars'] == 1) && !COM_isAnonUser()) {
+ $display .= COM_siteHeader ();
+
+ $eid = COM_applyFilter ($_GET['eid']);
+ if (!empty ($eid)) {
+ $display .= adduserevent ($eid);
+ } else {
+ $display .= COM_showMessage (23);
+ }
+
+ $display .= COM_siteFooter ();
+ } else {
+ $display = COM_refresh ($_CONF['site_url'] . '/index.php');
+ }
+ break;
+
+case 'saveuserevent':
+ if (($_CA_CONF['personalcalendars'] == 1) && SEC_checkToken()) {
+ $eid = COM_applyFilter ($_POST['eid']);
+ if (!empty ($eid)) {
+ $display .= saveuserevent ($eid);
+ } else {
+ $display .= COM_siteHeader ();
+ $display .= COM_showMessage (23);
+ $display .= COM_siteFooter ();
+ }
+ } else {
+ $display = COM_refresh ($_CONF['site_url'] . '/index.php');
+ }
+ break;
+
+case $LANG_CAL_1[45]: // save edited personal event
+ if (!empty($LANG_CAL_1[45]) && ($_CA_CONF['personalcalendars'] == 1) &&
+ (!empty ($_USER['uid']) && ($_USER['uid'] > 1)) &&
+ (isset ($_POST['calendar_type']) &&
+ ($_POST['calendar_type'] == 'personal')) && SEC_checkToken())
{
+ $display = plugin_savesubmission_calendar ($_POST);
+ } else {
+ $display = COM_refresh ($_CONF['site_url'] . '/index.php');
+ }
+ break;
+
+case 'deleteevent':
+case $LANG_CAL_1[51]:
+ if (($_CA_CONF['personalcalendars'] == 1) && SEC_checkToken()) {
+ $eid = COM_applyFilter ($_REQUEST['eid']);
+ if (!empty ($eid) && (isset ($_USER['uid']) && ($_USER['uid'] >
1))) {
+ DB_query ("DELETE FROM {$_TABLES['personal_events']} WHERE
uid={$_USER['uid']} AND eid='$eid'");
+ $display .= COM_refresh ($_CONF['site_url']
+ . '/calendar/index.php?mode=personal&msg=26');
+ } else {
+ $display = COM_refresh ($_CONF['site_url'] . '/index.php');
+ }
+ } else {
+ $display = COM_refresh ($_CONF['site_url'] . '/index.php');
+ }
+ break;
+
+case 'edit':
+ if ($_CA_CONF['personalcalendars'] == 1) {
+ $eid = COM_applyFilter ($_GET['eid']);
+ if (!empty ($eid) && (isset ($_USER['uid']) && ($_USER['uid'] >
1))) {
+ $result = DB_query ("SELECT * FROM
{$_TABLES['personal_events']} WHERE (eid = '$eid') AND (uid =
{$_USER['uid']})");
+ if (DB_numRows ($result) == 1) {
+ $A = DB_fetchArray ($result);
+ $display .= COM_siteHeader ('menu', $LANG_CAL_2[38])
+ . COM_startBlock ($LANG_CAL_2[38])
+ . editpersonalevent ($A)
+ . COM_endBlock ()
+ . COM_siteFooter ();
+ } else {
+ $display = COM_refresh ($_CONF['site_url'] . '/index.php');
+ }
+ } else {
+ $display = COM_refresh ($_CONF['site_url'] . '/index.php');
+ }
+ } else {
+ $display = COM_refresh ($_CONF['site_url'] . '/index.php');
+ }
+ break;
+
+default:
+ $mode = '';
+ if (isset ($_GET['mode'])) {
+ $mode = COM_applyFilter ($_GET['mode']);
+ }
+ $eid = '';
+ if (isset ($_GET['eid'])) {
+ $eid = COM_applyFilter ($_GET['eid']);
+ }
+ $query = '';
+ if (isset($_GET['query'])) {
+ $query = COM_applyFilter($_GET['query']);
+ }
+ if (!empty ($eid)) {
+ if (($mode == 'personal') && ($_CA_CONF['personalcalendars'] == 1)
&&
+ (isset ($_USER['uid']) && ($_USER['uid'] > 1))) {
+ $datesql = "SELECT * FROM {$_TABLES['personal_events']} "
+ . "WHERE (eid = '$eid') AND (uid = {$_USER['uid']})";
+ $pagetitle = $LANG_CAL_2[28] . ' ' . COM_getDisplayName();
+ } else {
+ $datesql = "SELECT * FROM {$_TABLES['events']} WHERE eid
= '$eid'";
+ if (strpos ($LANG_CAL_2[9], '%') === false) {
+ $pagetitle = $LANG_CAL_2[9];
+ } else {
+ $pagetitle = sprintf ($LANG_CAL_2[9], $_CONF['site_name']);
+ }
+ DB_query ("UPDATE {$_TABLES['events']} SET hits = hits + 1
WHERE eid = '$eid'");
+ }
+
+ $display .= COM_siteHeader('menu', $pagetitle);
+ if (isset($_GET['msg'])) {
+ $msg = COM_applyFilter($_GET['msg'], true);
+ if ($msg > 0) {
+ $display .= COM_showMessage($msg, 'calendar');
+ }
+ }
+ $display .= COM_startBlock($pagetitle);
+
+ } else {
+ $year = 0;
+ if (isset ($_GET['year'])) {
+ $year = COM_applyFilter ($_GET['year'], true);
+ }
+ $month = 0;
+ if (isset ($_GET['month'])) {
+ $month = COM_applyFilter ($_GET['month'], true);
+ }
+ $day = 0;
+ if (isset ($_GET['day'])) {
+ $day = COM_applyFilter ($_GET['day'], true);
+ }
+ if (($year == 0) || ($month == 0) || ($day == 0)) {
+ $year = date ('Y');
+ $month = date ('n');
+ $day = date ('j');
+ }
+
+ $pagetitle = $LANG_CAL_2[10] . ' ' . strftime ($_CONF['shortdate'],
+ mktime (0, 0, 0, $month, $day,
$year));
+ $display .= COM_siteHeader ('menu', $pagetitle);
+ $display .= COM_startBlock ($pagetitle);
+
+ $thedate = sprintf ('%4d-%02d-%02d', $year, $month, $day);
+ $datesql = "SELECT * FROM {$_TABLES['events']} "
+ . "WHERE \"$thedate\" BETWEEN
DATE_FORMAT(datestart,'%Y-%m-%d') "
+ . "and DATE_FORMAT(dateend,'%Y-%m-%d') "
+ . "ORDER BY datestart ASC,timestart ASC,title";
+ }
+ $cal_templates = new
Template($_CONF['path'] . 'plugins/calendar/templates/');
+ $cal_templates->set_file (array (
+ 'events' => 'events.thtml',
+ 'details' => 'eventdetails.thtml',
+ 'addremove' => 'addremoveevent.thtml'
+ ));
+
+ $cal_templates->set_var ( 'xhtml', XHTML );
+ $cal_templates->set_var ('lang_addevent', $LANG_CAL_1[6]);
+ $cal_templates->set_var ('lang_backtocalendar', $LANG_CAL_1[15]);
+ if ($mode == 'personal') {
+ $cal_templates->set_var ('calendar_mode', '?mode=personal');
+ } else {
+ $cal_templates->set_var ('calendar_mode', '');
+ }
+
+ $result = DB_query($datesql);
+ $nrows = DB_numRows($result);
+ if ($nrows == 0) {
+ $cal_templates->set_var('lang_month','');
+ $cal_templates->set_var('event_year','');
+ $cal_templates->set_var('event_details','');
+ $cal_templates->set_var('site_url', $_CONF['site_url']);
+ $cal_templates->set_var('site_admin_url',
$_CONF['site_admin_url']);
+ $cal_templates->set_var('layout_url', $_CONF['layout_url']);
+ $cal_templates->parse('output','events');
+ $display .=
$cal_templates->finish($cal_templates->get_var('output'));
+ $display .= $LANG_CAL_1[2];
+ } else {
+ $cal = new Calendar();
+ setCalendarLanguage ($cal);
+
+ $currentmonth = '';
+ for ($i = 0; $i < $nrows; $i++) {
+ $A = DB_fetchArray($result);
+ if
(SEC_hasAccess($A['owner_id'],$A['group_id'],$A['perm_owner'],
+
$A['perm_group'],$A['perm_members'],$A['perm_anon']) > 0) {
+ if (strftime('%B',strtotime($A['datestart'])) !=
$currentmonth) {
+ $str_month =
$cal->getMonthName(strftime('%m',strtotime($A['datestart'])));
+ $cal_templates->set_var('lang_month', $str_month);
+ $cal_templates->set_var('event_year',
strftime('%Y',strtotime($A['datestart'])));
+ $currentmonth =
strftime('%B',strtotime($A['datestart']));
+ }
+ $cal_templates->set_var('event_title',
stripslashes($A['title']));
+ $cal_templates->set_var('site_url', $_CONF['site_url']);
+ $cal_templates->set_var('site_admin_url',
$_CONF['site_admin_url']);
+ $cal_templates->set_var('layout_url',
$_CONF['layout_url']);
+ $event_title = stripslashes($A['title']);
+ if (!empty($A['url'])) {
+ $event_title = COM_createLink($event_title, $A['url']);
+ $cal_templates->set_var('event_url', $A['url']);
+ }
+ $cal_templates->set_var('event_title', $event_title);
+ if (($_CA_CONF['personalcalendars'] == 1)
+ && !COM_isAnonUser()) {
+ $tmpresult = DB_query("SELECT * FROM
{$_TABLES['personal_events']} WHERE eid='{$A['eid']}' AND
uid={$_USER['uid']}");
+ $tmpnrows = DB_numRows($tmpresult);
+ if ($tmpnrows > 0) {
+ $token = SEC_createToken();
+ $addremovelink = $_CONF['site_url']
+ . '/calendar/event.php?eid=' . $A['eid']
+ . '&mode=personal&action=deleteevent&'
+ . CSRF_TOKEN . '=' . $token;
+ $addremovetxt = $LANG_CAL_1[10];
+ } else {
+ $addremovelink = $_CONF['site_url']
+ . '/calendar/event.php?eid=' . $A['eid']
+ . '&mode=personal&action=addevent';
+ $addremovetxt = $LANG_CAL_1[9];
+ }
+ $cal_templates->set_var('lang_addremovefromcal',
+ COM_createLink($addremovetxt, $addremovelink));
+ $cal_templates->parse('addremove_event','addremove');
+ }
+ $cal_templates->set_var('lang_when', $LANG_CAL_1[3]);
+ if ($A['allday'] == 0) {
+ $thedatetime = COM_getUserDateTimeFormat
($A['datestart'] .
+ ' ' .
$A['timestart']);
+ $cal_templates->set_var ('event_start',
$thedatetime[0]);
+
+ if ($A['datestart'] == $A['dateend']) {
+ $thedatetime[0] = strftime ($_CONF['timeonly'],
+ strtotime ($A['dateend'] . ' ' .
$A['timeend']));
+ } else {
+ $thedatetime = COM_getUserDateTimeFormat
($A['dateend']
+ . ' ' .
$A['timeend']);
+ }
+ $cal_templates->set_var ('event_end', $thedatetime[0]);
+ } else if ($A['allday'] == 1 AND $A['datestart'] <>
$A['dateend']) {
+ $thedatetime1 = strftime ('%A, ' . $_CONF['shortdate'],
+ strtotime ($A['datestart']));
+ $cal_templates->set_var ('event_start', $thedatetime1);
+ $thedatetime2 = strftime ('%A, ' . $_CONF['shortdate'],
+ strtotime
($A['dateend']));
+ $cal_templates->set_var ('event_end', $thedatetime2
+ . ' ' .
$LANG_CAL_2[26]);
+ } else {
+ $thedatetime = strftime ('%A, ' . $_CONF['shortdate'],
+ strtotime ($A['datestart']));
+ $cal_templates->set_var ('event_start', $thedatetime);
+ $cal_templates->set_var ('event_end', $LANG_CAL_2[26]);
+ }
+
+ // set the location variables
+ $cal_templates->set_var ('lang_where', $LANG_CAL_1[4]);
+ $cal_templates->set_var ('event_location',
+ stripslashes ($A['location']));
+ $cal_templates->set_var ('event_address1',
+ stripslashes ($A['address1']));
+ $cal_templates->set_var ('event_address2',
+ stripslashes ($A['address2']));
+ $cal_templates->set_var ('event_zip', $A['zipcode']);
+ $cal_templates->set_var ('event_city',
+ stripslashes ($A['city']));
+ $cal_templates->set_var ('event_state_only', $A['state']);
+ if (empty ($A['state']) || ($A['state'] == '--')) {
+ $cal_templates->set_var ('event_state', '');
+ $cal_templates->set_var ('event_state_name', '');
+ $cal_templates->set_var ('event_state_name_only', '');
+ } else {
+ $cal_templates->set_var ('event_state', ', ' .
$A['state']);
+ $cal_templates->set_var ('event_state_name',
$A['state']);
+ $cal_templates->set_var ('event_state_name_only',
+ $A['state']);
+ }
+
+ // now figure out which of the {brX} variables to set ...
+ $hasCityEtc = (!empty ($A['city']) || !empty ($A['zip']) ||
+ !empty ($A['state']));
+ if (empty ($A['location']) && empty ($A['address1']) &&
+ empty ($A['address2']) && !$hasCityEtc) {
+ $cal_templates->set_var ('br0', '');
+ $cal_templates->set_var ('br1', '');
+ $cal_templates->set_var ('br2', '');
+ } else {
+ if (empty ($A['location']) || (empty ($A['address1'])
&&
+ empty ($A['address2'])
&& !$hasCityEtc)) {
+ $cal_templates->set_var ('br0', '');
+ } else {
+ $cal_templates->set_var ('br0', '<br' .
XHTML . '>');
+ }
+ if (empty ($A['address1']) || (empty ($A['address2'])
&&
+ !$hasCityEtc)) {
+ $cal_templates->set_var ('br1', '');
+ } else {
+ $cal_templates->set_var ('br1', '<br' .
XHTML . '>');
+ }
+ if (empty ($A['address2']) || !$hasCityEtc) {
+ $cal_templates->set_var ('br2', '');
+ } else {
+ $cal_templates->set_var ('br2', '<br' .
XHTML . '>');
+ }
+ }
+
+ $cal_templates->set_var('lang_description',
$LANG_CAL_1[5]);
+ $description = stripslashes($A['description']);
+ if (empty($A['postmode']) || ($A['postmode']
== 'plaintext')) {
+ $description = nl2br($description);
+ }
+ $description = PLG_replaceTags($description);
+ if (!empty($query)) {
+ $description = COM_highlightQuery($description,
$query);
+ }
+ $cal_templates->set_var ('event_description',
$description);
+ $cal_templates->set_var ('lang_event_type',
$LANG_CAL_1[37]);
+ $cal_templates->set_var ('event_type', $A['event_type']);
+
+ if ($mode == 'personal') {
+ $editurl = $_CONF['site_url']
+ . '/calendar/event.php?action=edit' . '&eid='
+ . $A['eid'];
+ $cal_templates->set_var('event_edit',
+ COM_createLink($LANG01[4], $editurl));
+ $img = '<img src="' .
$_CONF['layout_url'] . '/images/edit.'
+ . $_IMAGE_TYPE . '" alt="' . $LANG01[4] . '"
title="'
+ . $LANG01[4] . '"' . XHTML . '>';
+ $cal_templates->set_var('edit_icon',
+ COM_createLink($img, $editurl));
+ } else if ((SEC_hasAccess ($A['owner_id'], $A['group_id'],
+ $A['perm_owner'], $A['perm_group'],
$A['perm_members'],
+ $A['perm_anon']) == 3) && SEC_hasRights
('calendar.edit')) {
+ $editurl = $_CONF['site_admin_url']
+ . '/plugins/calendar/index.php?mode=edit&eid='
+ . $A['eid'];
+ $cal_templates->set_var('event_edit',
+ COM_createLink($LANG01[4], $editurl));
+ $img = '<img src="' .
$_CONF['layout_url'] . '/images/edit.'
+ . $_IMAGE_TYPE . '" alt="' . $LANG01[4] . '"
title="'
+ . $LANG01[4] . '"' . XHTML . '>';
+ $cal_templates->set_var('edit_icon',
+ COM_createLink($img, $editurl));
+ $cal_templates->set_var('hits_admin',
+ COM_numberFormat($A['hits']));
+ $cal_templates->set_var('lang_hits_admin',
$LANG10[30]);
+ } else {
+ $cal_templates->set_var('event_edit', '');
+ $cal_templates->set_var('edit_icon', '');
+ }
+ if ($mode == 'personal') {
+ // personal events don't have a hits counter
+ $cal_templates->set_var('lang_hits', '');
+ $cal_templates->set_var('hits', '');
+ } else {
+ $cal_templates->set_var('lang_hits', $LANG10[30]);
+ $cal_templates->set_var('hits',
COM_numberFormat($A['hits']));
+ }
+ $cal_templates->parse ('event_details', 'details', true);
+ }
+ }
+
+ $cal_templates->parse ('output', 'events');
+ $display .= $cal_templates->finish ($cal_templates->get_var
('output'));
+ }
+
+ $display .= COM_endBlock() . COM_siteFooter();
+
+} // end switch
+
+echo $display;
+
+?>
Added: externals/geeklog-1.5.2sr4/public_html/calendar/images/calendar.png
==============================================================================
Binary file. No diff available.
Added:
externals/geeklog-1.5.2sr4/public_html/calendar/images/delete_event.gif
==============================================================================
Binary file. No diff available.
Added:
externals/geeklog-1.5.2sr4/public_html/calendar/images/delete_event.png
==============================================================================
Binary file. No diff available.
Added: externals/geeklog-1.5.2sr4/public_html/calendar/index.php
==============================================================================
--- (empty file)
+++ externals/geeklog-1.5.2sr4/public_html/calendar/index.php Sat Apr 18
06:21:39 2009
@@ -0,0 +1,1087 @@
+<?php
+
+/* Reminder: always indent with 4 spaces (no tabs). */
+//
+---------------------------------------------------------------------------+
+// | Calendar Plugin
1.0 |
+//
+---------------------------------------------------------------------------+
+// |
index.php |
+//
|
|
+// | Geeklog calendar
plugin |
+//
+---------------------------------------------------------------------------+
+// | Copyright (C) 2000-2008 by the following
authors: |
+//
|
|
+// | Authors: Tony Bibbs - tony AT tonybibbs DOT
com |
+// | Mark Limburg - mlimburg AT users DOT sourceforge DOT
net |
+// | Jason Whittenburg - jwhitten AT securitygeeks DOT
com |
+// | Dirk Haun - dirk AT haun-online DOT
de |
+//
+---------------------------------------------------------------------------+
+//
|
|
+// | This program is free software; you can redistribute it
and/or |
+// | modify it under the terms of the GNU General Public
License |
+// | as published by the Free Software Foundation; either version
2 |
+// | of the License, or (at your option) any later
version. |
+//
|
|
+// | This program is distributed in the hope that it will be
useful, |
+// | but WITHOUT ANY WARRANTY; without even the implied warranty
of |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
the |
+// | GNU General Public License for more
details. |
+//
|
|
+// | You should have received a copy of the GNU General Public
License |
+// | along with this program; if not, write to the Free Software
Foundation, |
+// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
USA. |
+//
|
|
+//
+---------------------------------------------------------------------------+
+//
+// $Id: index.php,v 1.27 2008/07/06 20:15:10 dhaun Exp $
+
+require_once '../lib-common.php';
+
+if (!in_array('calendar', $_PLUGINS)) {
+ echo COM_refresh($_CONF['site_url'] . '/index.php');
+ exit;
+}
+
+require_once $_CONF['path_system'] . 'classes/calendar.class.php';
+
+$display = '';
+
+if (empty ($_USER['username']) &&
+ (($_CONF['loginrequired'] == 1) || ($_CA_CONF['calendarloginrequired']
== 1))) {
+ $display .= COM_siteHeader('');
+ $display .= COM_startBlock ($LANG_LOGIN[1], '',
+ COM_getBlockTemplate
('_msg_block', 'header'));
+ $login = new Template($_CONF['path_layout'] . 'submit');
+ $login->set_file (array ('login'=>'submitloginrequired.thtml'));
+ $login->set_var ( 'xhtml', XHTML );
+ $login->set_var ('login_message', $LANG_LOGIN[2]);
+ $login->set_var ('site_url', $_CONF['site_url']);
+ $login->set_var ('site_admin_url', $_CONF['site_admin_url']);
+ $login->set_var ('layout_url', $_CONF['layout_url']);
+ $login->set_var ('lang_login', $LANG_LOGIN[3]);
+ $login->set_var ('lang_newuser', $LANG_LOGIN[4]);
+ $login->parse ('output', 'login');
+ $display .= $login->finish ($login->get_var('output'));
+ $display .= COM_endBlock (COM_getBlockTemplate
('_msg_block', 'footer'));
+ $display .= COM_siteFooter();
+ echo $display;
+ exit;
+}
+
+function getDayViewData($result, $cur_time = '')
+{
+ $max = 0;
+
+ // If no date/time passed used current timestamp
+ if (empty($cur_time)) {
+ $cur_time = time();
+ }
+
+ // Initialize array
+ $hourcols = array();
+ for ($i = 0; $i <= 23; $i++) {
+ $hourcols[$i] = 0;
+ }
+
+ // Get data and increment counters
+ $thedata = array();
+ $nrows = DB_numRows($result);
+
+ $alldaydata = array ();
+ for ($i = 1; $i <= $nrows; $i++) {
+ $A = DB_fetchArray($result);
+ if ($A['allday'] == 1 OR (($A['datestart'] <
date('Y-m-d',$cur_time)) AND ($A['dateend'] > date('Y-m-d',$cur_time)))) {
+ // This is an all day event
+ $alldaydata[$i] = $A;
+ } else {
+ // This is an event with start/end times
+ if ($A['datestart'] < date('Y-m-d', $cur_time) AND
$A['dateend'] >= date('Y-m-d', $cur_time)) {
+ $starthour = '00';
+ } else {
+ $starthour = date('G', strtotime($A['datestart'] . ' ' .
$A['timestart']));
+ }
+ $endhour = date('G', strtotime($A['dateend'] . ' ' .
$A['timeend']));
+ if (date('i', strtotime($A['dateend'] . ' ' . $A['timeend']))
== '00') {
+ $endhour = $endhour - 1;
+ }
+ $hourcols[$starthour] = $hourcols[$starthour] + 1;
+ if ($hourcols[$starthour] > $max) {
+ $max = $hourcols[$starthour];
+ }
+ $thedata[$i] = $A;
+ }
+ }
+
+ return array($hourcols, $thedata, $max, $alldaydata);
+}
+
+function setCalendarLanguage (&$aCalendar)
+{
+ global $_CONF, $LANG_WEEK, $LANG_MONTH;
+
+ $lang_days = array ('sunday' => $LANG_WEEK[1],
+ 'monday' => $LANG_WEEK[2],
+ 'tuesday' => $LANG_WEEK[3],
+ 'wednesday' => $LANG_WEEK[4],
+ 'thursday' => $LANG_WEEK[5],
+ 'friday' => $LANG_WEEK[6],
+ 'saturday' => $LANG_WEEK[7]);
+
+ $lang_months = array ('january' => $LANG_MONTH[1],
+ 'february' => $LANG_MONTH[2],
+ 'march' => $LANG_MONTH[3],
+ 'april' => $LANG_MONTH[4],
+ 'may' => $LANG_MONTH[5],
+ 'june' => $LANG_MONTH[6],
+ 'july' => $LANG_MONTH[7],
+ 'august' => $LANG_MONTH[8],
+ 'september' => $LANG_MONTH[9],
+ 'october' => $LANG_MONTH[10],
+ 'november' => $LANG_MONTH[11],
+ 'december' => $LANG_MONTH[12]);
+
+ $aCalendar->setLanguage ($lang_days, $lang_months,
$_CONF['week_start']);
+}
+
+/**
+* Returns an abbreviated day's name
+*
+* @param int $day 1 = Sunday, 2 = Monday, ...
+* @return string abbreviated day's name (2 characters)
+*
+*
+*/
+function shortDaysName ($day)
+{
+ global $LANG_WEEK;
+
+ return MBYTE_substr ($LANG_WEEK[$day], 0, 2);
+}
+
+function makeDaysHeadline ()
+{
+ global $_CONF;
+
+ $retval = '<tr><th>';
+ if ($_CONF['week_start'] == 'Mon') {
+ $retval .= shortDaysName (2) . '</th><th>'
+ . shortDaysName (3) . '</th><th>'
+ . shortDaysName (4) . '</th><th>'
+ . shortDaysName (5) . '</th><th>'
+ . shortDaysName (6) . '</th><th>'
+ . shortDaysName (7) . '</th><th>'
+ . shortDaysName (1) . '</th></tr>';
+ } else {
+ $retval .= shortDaysName (1) . '</th><th>'
+ . shortDaysName (2) . '</th><th>'
+ . shortDaysName (3) . '</th><th>'
+ . shortDaysName (4) . '</th><th>'
+ . shortDaysName (5) . '</th><th>'
+ . shortDaysName (6) . '</th><th>'
+ . shortDaysName (7) . '</th></tr>';
+ }
+
+ return $retval;
+}
+
+/**
+* Add the 'mode=' parameter to a URL
+*
+* @param string $mode the mode ('personal' or empty string)
+* @param boolean $more whether there are more parameters in the URL
or not
+* @param string 'mode' parameter for the URL or an empty string
+*
+*/
+function addMode ($mode, $more = true)
+{
+ $retval = '';
+
+ if (!empty ($mode)) {
+ $retval .= 'mode=' . $mode;
+ if ($more) {
+ $retval .= '&';
+ }
+ }
+
+ return $retval;
+}
+
+/**
+* Return link to "delete event" image
+*
+* Note: Personal events can be deleted if the current user is the owner of
the
+* calendar and has _read_ access to them.
+*
+* @param string $mode 'personal' for personal events
+* @param array $A event permissions and id
+* @param string $token security token
+* @return string link or empty string
+*
+*/
+function getDeleteImageLink($mode, $A, $token)
+{
+ global $_CONF, $LANG_ADMIN, $LANG_CAL_2, $_IMAGE_TYPE;
+
+ $retval = '';
+ $img = '<img src="' . $_CONF['site_url']
+ . '/calendar/images/delete_event.' . $_IMAGE_TYPE
+ . '" alt="' . $LANG_CAL_2[30] . '" title="'
+ . $LANG_CAL_2[30] . '"' . XHTML . '>';
+
+ if ($mode == 'personal') {
+ if (SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'],
+ $A['perm_group'], $A['perm_members'], $A['perm_anon']) >
0) {
+ $retval = COM_createLink($img, $_CONF['site_url']
+ . '/calendar/event.php?action=deleteevent&eid='
+ . $A['eid'] . '&' . CSRF_TOKEN . '=' . $token);
+ }
+ } else if (SEC_hasRights('calendar.edit')) {
+ if (SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'],
+ $A['perm_group'], $A['perm_members'], $A['perm_anon']) ==
3) {
+ $retval = COM_createLink($img, $_CONF['site_admin_url']
+ . '/plugins/calendar/index.php?mode='
+ . $LANG_ADMIN['delete'] . '&eid=' .
$A['eid'] . '&'
+ . CSRF_TOKEN . '=' . $token);
+ }
+ }
+
+ return $retval;
+}
+
+/**
+* Gets a small, text-only version of a calendar
+*
+* @param int $m Month to display
+* @param int $y Year to display
+* @return string HTML for small calendar
+*
+*/
+function getSmallCalendar ($m, $y, $mode = '')
+{
+ global $_CONF;
+
+ $retval = '';
+ $mycal = new Calendar ();
+ setCalendarLanguage ($mycal);
+ $mycal->setCalendarMatrix ($m, $y);
+
+ if (!empty ($mode)) {
+ $mode = '&mode=' . $mode;
+ }
+
+ $retval .= '<table class="smallcal">' . LB
+ . '<tr class="smallcal-headline"><td align="center"
colspan="7">'
+ . COM_createLink($mycal->getMonthName ($m), $_CONF['site_url']
+ . '/calendar/index.php?month=' . $m . '&year=' . $y .
$mode)
+ . '</td></tr>' . makeDaysHeadline () . LB;
+
+ for ($i = 1; $i <= 6; $i++) {
+ if ($i % 2 == 0) {
+ $tr = '<tr class="smallcal-week-even">' . LB;
+ } else {
+ $tr = '<tr class="smallcal-week-odd">' . LB;
+ }
+ $tr_sent = false;
+ for ($j = 1; $j <= 7; $j++) {
+ $curday = $mycal->getDayData ($i, $j);
+ if (!$tr_sent) {
+ if (empty ($curday)) {
+ $retval .= '<tr class="smallcal-week-empty">' . LB;
+ } else {
+ $retval .= $tr;
+ }
+ $tr_sent = true;
+ }
+ $retval .= '<td align="right"';
+ if (!empty ($curday)) {
+ if ($j % 2 == 0) {
+ $retval .= ' class="smallcal-day-even">' . LB;
+ } else {
+ $retval .= ' class="smallcal-day-odd">' . LB;
+ }
+ $retval .= $curday->daynumber;
+ } else {
+ $retval .= ' class="smallcal-day-empty"> ';
+ }
+ $retval .= '</td>' . LB;
+ }
+ $retval .= '</tr>' . LB;
+ }
+
+ $retval .= '</table>' . LB;
+
+ return $retval;
+}
+
+/**
+* Builds Quick Add form
+*
+*/
+function getQuickAdd($tpl, $month, $day, $year, $token)
+{
+ global $_CA_CONF, $LANG_CAL_2;
+
+ $tpl->set_var('month_options', COM_getMonthFormOptions($month));
+ $tpl->set_var('day_options', COM_getDayFormOptions($day));
+ $tpl->set_var('year_options', COM_getYearFormOptions($year));
+
+ $cur_hour = date('H', time ());
+ if ($cur_hour >= 12) {
+ $ampm = 'pm';
+ } else {
+ $ampm = 'am';
+ }
+ $cur_hour_24 = $cur_hour % 24;
+ if ($cur_hour > 12) {
+ $cur_hour = $cur_hour - 12;
+ } else if ($cur_hour == 0) {
+ $cur_hour = 12;
+ }
+ if (isset($_CA_CONF['hour_mode']) && ($_CA_CONF['hour_mode'] == 24)) {
+ $tpl->set_var('hour_mode', 24);
+ $tpl->set_var('hour_options',
+ COM_getHourFormOptions($cur_hour_24, 24));
+ } else {
+ $tpl->set_var('hour_mode', 12);
+ $tpl->set_var('hour_options', COM_getHourFormOptions($cur_hour));
+ }
+ $tpl->set_var('startampm_selection',
+ COM_getAmPmFormSelection('start_ampm', $ampm));
+ $cur_min = intval(date('i') / 15) * 15;
+ $tpl->set_var('minute_options', COM_getMinuteFormOptions($cur_min,
15));
+
+ $tpl->set_var('lang_event', $LANG_CAL_2[32]);
+ $tpl->set_var('lang_date', $LANG_CAL_2[33]);
+ $tpl->set_var('lang_time', $LANG_CAL_2[34]);
+ $tpl->set_var('lang_add', $LANG_CAL_2[31]);
+ $tpl->set_var('lang_quickadd', $LANG_CAL_2[35]);
+ $tpl->set_var('lang_submit', $LANG_CAL_2[36]);
+ $tpl->set_var('gltoken_name', CSRF_TOKEN);
+ $tpl->set_var('gltoken', $token);
+ $tpl->parse('quickadd_form', 'quickadd', true);
+
+ return $tpl;
+}
+
+/**
+* Returns timestamp for the prior sunday of a given day
+*
+*/
+function getPriorSunday($month, $day, $year)
+{
+ $thestamp = mktime(0, 0, 0, $month, $day, $year);
+ $newday = $day - date('w', $thestamp);
+ $newstamp = mktime(0,0,0,$month,$newday,$year);
+ $newday = date('j',$newstamp);
+ $newmonth = date('n', $newstamp);
+ $newyear = date('Y',$newstamp);
+
+ return array($newmonth, $newday, $newyear);
+}
+
+// MAIN
+$mode = '';
+if (isset ($_REQUEST['mode'])) {
+ $mode = COM_applyFilter ($_REQUEST['mode']);
+}
+
+if ($mode != 'personal' && $mode != 'quickadd') {
+ $mode = '';
+}
+
+if ($mode == 'personal') {
+ $display .= COM_siteHeader ('menu', $LANG_CAL_1[42]);
+} else {
+ $display .= COM_siteHeader ('menu', $LANG_CAL_1[41]);
+}
+
+// Set mode back to master if user refreshes screen after their session
expires
+if (($mode == 'personal') && COM_isAnonUser()) {
+ $mode = '';
+}
+
+if ($mode == 'personal' AND $_CA_CONF['personalcalendars'] == 0) {
+ // User is trying to use the personal calendar feature even though it
isn't
+ // turned on.
+ $display .= $LANG_CAL_2[37];
+ $display .= COM_siteFooter();
+ echo $display;
+ exit;
+}
+
+// after this point, we can safely assume that if $mode == 'personal',
+// the current user is actually allowed to use this personal calendar
+
+$msg = 0;
+if (isset ($_REQUEST['msg'])) {
+ $msg = COM_applyFilter ($_REQUEST['msg'], true);
+}
+if ($msg > 0) {
+ $display .= COM_showMessage ($msg, 'calendar');
+}
+
+$view = '';
+if (isset ($_REQUEST['view'])) {
+ $view = COM_applyFilter ($_REQUEST['view']);
+}
+
+if (!in_array ($view, array
('month', 'week', 'day', 'addentry', 'savepersonal'))) {
+ $view = '';
+}
+
+$year = 0;
+if (isset ($_REQUEST['year'])) {
+ $year = COM_applyFilter ($_REQUEST['year'], true);
+}
+$month = 0;
+if (isset ($_REQUEST['month'])) {
+ $month = COM_applyFilter ($_REQUEST['month'], true);
+}
+$day = 0;
+if (isset ($_REQUEST['day'])) {
+ $day = COM_applyFilter ($_REQUEST['day'], true);
+}
+
+$token = '';
+if ((($view == 'day') || ($view == 'week')) &&
+ (($mode == 'personal') || SEC_hasRights('calendar.edit'))) {
+ $token = SEC_createToken();
+}
+
+// Create new calendar object
+$cal = new Calendar();
+
+if ($view == 'week' AND (empty($month) AND empty($day) AND empty($year))) {
+ list($month, $day, $year) = getPriorSunday(date('m', time()),
date('j', time()), date('Y', time()));
+} else {
+ // Get current month
+ $currentmonth = date('m', time());
+ if (empty($month)) {
+ $month = $currentmonth;
+ }
+
+ // Get current year
+ $currentyear = date('Y', time());
+ if (empty($year)) {
+ $year = $currentyear;
+ }
+
+ // Get current day
+ $currentday = date('j', time());
+ if (empty($day)) {
+ $day = $currentday;
+ }
+}
+
+// Get previous month and year
+$prevmonth = $month - 1;
+if ($prevmonth == 0) {
+ $prevmonth = 12;
+ $prevyear = $year - 1;
+} else {
+ $prevyear = $year;
+}
+
+// Get next month and year
+$nextmonth = $month + 1;
+if ($nextmonth == 13) {
+ $nextmonth = 1;
+ $nextyear = $year + 1;
+} else {
+ $nextyear = $year;
+}
+
+setCalendarLanguage ($cal);
+
+// Build calendar matrix
+$cal->setCalendarMatrix ($month, $year);
+
+switch ($view) {
+case 'day':
+ $cal_templates = new
Template($_CONF['path'] . 'plugins/calendar/templates/dayview');
+ $cal_templates->set_file(array('column'=>'column.thtml',
+ 'event'=>'singleevent.thtml',
+ 'dayview'=>'dayview.thtml',
+ 'quickadd'=>'quickaddform.thtml'));
+ $cal_templates->set_var ( 'xhtml', XHTML );
+ $cal_templates->set_var ('site_url', $_CONF['site_url']);
+ $cal_templates->set_var ('site_admin_url', $_CONF['site_admin_url']);
+ $cal_templates->set_var ('layout_url', $_CONF['layout_url']);
+ $cal_templates->set_var('mode', $mode);
+ $cal_templates->set_var('lang_day', $LANG_CAL_2[39]);
+ $cal_templates->set_var('lang_week', $LANG_CAL_2[40]);
+ $cal_templates->set_var('lang_month', $LANG_CAL_2[41]);
+ list($wmonth, $wday, $wyear) = getPriorSunday($month, $day, $year);
+ $cal_templates->set_var('wmonth', $wmonth);
+ $cal_templates->set_var('wday', $wday);
+ $cal_templates->set_var('wyear', $wyear);
+ $cal_templates->set_var('month',$month);
+ $cal_templates->set_var('day', $day);
+ $cal_templates->set_var('year',$year);
+ $prevstamp = mktime(0, 0, 0,$month, $day - 1, $year);
+ $nextstamp = mktime(0, 0, 0,$month, $day + 1, $year);
+ $cal_templates->set_var('prevmonth', strftime('%m',$prevstamp));
+ $cal_templates->set_var('prevday', strftime('%d',$prevstamp));
+ $cal_templates->set_var('prevyear', strftime('%Y',$prevstamp));
+ $cal_templates->set_var('nextmonth', strftime('%m',$nextstamp));
+ $cal_templates->set_var('nextday', strftime('%d',$nextstamp));
+ $cal_templates->set_var('nextyear', strftime('%Y',$nextstamp));
+
+ $cal_templates->set_var('currentday', strftime('%A, %x',mktime(0, 0,
0,$month, $day, $year)));
+ if ($mode == 'personal') {
+ $cal_templates->set_var('calendar_title', '[' .
$LANG_CAL_2[28] . ' ' . COM_getDisplayName());
+ $cal_templates->set_var('calendar_toggle', '| '
+ . COM_createLink($LANG_CAL_2[11], $_CONF['site_url']
+ . "/calendar/index.php?view=day&month=$month&day=$day&year=$year") . ']'
+ );
+ } else {
+ $cal_templates->set_var('calendar_title', '[' .
$_CONF['site_name'] . ' ' . $LANG_CAL_2[29]);
+ if (!empty($_USER['uid']) AND $_CA_CONF['personalcalendars'] == 1)
{
+ $cal_templates->set_var('calendar_toggle', '| '
+ . COM_createLink($LANG_CAL_2[12], $_CONF['site_url']
+ . "/calendar/index.php?mode=personal&view=day&month=$month&day=$day&year=$year") . ']'
+ );
+ } else {
+ $cal_templates->set_var('calendar_toggle', ']');
+ }
+ }
+ $thedate = COM_getUserDateTimeFormat(mktime(0,0,0,$month,$day,$year));
+ $cal_templates->set_var('week_num',strftime('%V',$thedate[1]));
+ if ($mode == 'personal') {
+ $calsql = "SELECT
eid,title,datestart,dateend,timestart,timeend,allday,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon
FROM {$_TABLES['personal_events']} "
+ . "WHERE (uid = {$_USER['uid']}) "
+ . "AND ((allday=1 AND datestart = \"$year-$month-$day\") "
+ . "OR (datestart >= \"$year-$month-$day 00:00:00\" AND
datestart <= \"$year-$month-$day 23:59:59\") "
+ . "OR (dateend >= \"$year-$month-$day 00:00:00\" AND
dateend <= \"$year-$month-$day 23:59:59\") "
+ . "OR (\"$year-$month-$day\" BETWEEN datestart AND
dateend)) "
+ . "ORDER BY datestart,timestart";
+ } else {
+ $calsql = "SELECT
eid,title,datestart,dateend,timestart,timeend,allday,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon
FROM {$_TABLES['events']} WHERE ((allday=1 "
+ . "AND datestart = \"$year-$month-$day\") "
+ . "OR (datestart >= \"$year-$month-$day 00:00:00\" AND
datestart <= \"$year-$month-$day 23:59:59\") "
+ . "OR (dateend >= \"$year-$month-$day 00:00:00\" AND
dateend <= \"$year-$month-$day 23:59:59\") "
+ . "OR (\"$year-$month-$day\" BETWEEN datestart AND
dateend))" . COM_getPermSql ('AND')
+ . " ORDER BY datestart,timestart";
+ }
+ $result = DB_query($calsql);
+ $nrows = DB_numRows($result);
+ list($hourcols, $thedata, $max, $alldaydata) = getDayViewData($result);
+
+ // Get all day events
+ $alldaycount = count($alldaydata);
+ if ($alldaycount > 0) {
+ for ($i = 1; $i <= $alldaycount; $i++) {
+ $A = current($alldaydata);
+ $cal_templates->set_var('delete_imagelink',
+ getDeleteImageLink($mode, $A, $token));
+ $cal_templates->set_var('event_time', $LANG_CAL_2[26]);
+ $cal_templates->set_var('eid', $A['eid']);
+ $cal_templates->set_var('event_title',
stripslashes($A['title']));
+ if ($i < $alldaycount) {
+ $cal_templates->set_var('br', '<br' . XHTML . '>');
+ } else {
+ $cal_templates->set_var('br', '');
+ }
+ $cal_templates->parse('allday_events', 'event', true);
+ next($alldaydata);
+ }
+ } else {
+ $cal_templates->set_var('allday_events', ' ');
+ }
+
+ //$cal_templates->set_var('first_colspan', $maxcols);
+ //$cal_templates->set_var('title_colspan', $maxcols + 1);
+ for ($i = 0; $i <= 23; $i++) {
+ $numevents = $hourcols[$i];
+ if ($numevents > 0) {
+ // $colsleft = $maxcols;
+ $cal_templates->set_var ('layout_url',
$_CONF['path'] . 'plugins/calendar/templates/');
+ for ($j = 1; $j <= $numevents; $j++) {
+ $A = current ($thedata);
+ $cal_templates->set_var ('event_time',
+ strftime ($_CONF['timeonly'], strtotime
($A['datestart']
+ . ' ' . $A['timestart'])) . '-'
+ . strftime ($_CONF['timeonly'], strtotime
($A['dateend']
+ . ' ' . $A['timeend'])));
+ $cal_templates->set_var('delete_imagelink',
+ getDeleteImageLink($mode, $A,
$token));
+ $cal_templates->set_var('eid', $A['eid']);
+ $cal_templates->set_var('event_title',
stripslashes($A['title']));
+ if ($j < $numevents) {
+ $cal_templates->set_var('br', '<br' . XHTML . '>');
+ } else {
+ $cal_templates->set_var('br', '');
+ }
+ $cal_templates->parse ('event_entry', 'event',
+ ($j == 1) ? false : true);
+ // $colsleft = $colsleft - 1;
+ next($thedata);
+ }
+ } else {
+ $cal_templates->set_var('event_entry',' ');
+ }
+ $cal_templates->set_var ($i . '_hour',
+ strftime ($_CONF['timeonly'], mktime ($i, 0)));
+ $cal_templates->parse ($i . '_cols', 'column', true);
+ }
+
+ if ($mode == 'personal') {
+ $cal_templates = getQuickAdd($cal_templates, $month, $day, $year,
$token);
+ } else {
+ $cal_templates->set_var('quickadd_form','');
+ }
+ $display .= $cal_templates->parse('output', 'dayview');
+ $display .= COM_siteFooter();
+ break;
+
+case 'week':
+ $cal_templates = new
Template($_CONF['path'] . 'plugins/calendar/templates');
+ $cal_templates->set_file(array('week'=>'weekview/weekview.thtml',
+ 'events'=>'weekview/events.thtml',
+ 'quickadd'=>'dayview/quickaddform.thtml'));
+ $cal_templates->set_var ( 'xhtml', XHTML );
+ $cal_templates->set_var ('site_url', $_CONF['site_url']);
+ $cal_templates->set_var ('site_admin_url', $_CONF['site_admin_url']);
+ $cal_templates->set_var ('layout_url', $_CONF['layout_url']);
+ $cal_templates->set_var('mode', $mode);
+ $cal_templates->set_var('lang_week', $LANG_CAL_2[27]);
+ if ($mode == 'personal') {
+ $cal_templates->set_var('calendar_title', '[' .
$LANG_CAL_2[28] . ' ' . COM_getDisplayName());
+ $cal_templates->set_var('calendar_toggle', '| '
+ . COM_createLink($LANG_CAL_2[11], $_CONF['site_url']
+ . "/calendar/index.php?view=week&month=$month&day=$day&year=$year") . ']'
+ );
+ } else {
+ $cal_templates->set_var('calendar_title', '[' .
$_CONF['site_name'] . ' ' . $LANG_CAL_2[29]);
+ if (!empty($_USER['uid']) AND $_CA_CONF['personalcalendars'] == 1)
{
+ $cal_templates->set_var('calendar_toggle', '| '
+ . COM_createLink($LANG_CAL_2[12], $_CONF['site_url']
+ . "/calendar/index.php?mode=personal&view=week&month=$month&day=$day&year=$year") . ']'
+ );
+ } else {
+ $cal_templates->set_var('calendar_toggle', ']');
+ }
+ }
+ if ($mode == 'personal') {
+ $cal_templates = getQuickAdd($cal_templates, $month, $day, $year,
$token);
+ } else {
+ $cal_templates->set_var('quickadd_form','');
+ }
+ // Get data for previous week
+ $prevstamp = mktime(0,0,0,$month,$day-7,$year);
+ $nextstamp = mktime(0,0,0,$month,$day+7,$year);
+ $cal_templates->set_var('prevmonth',strftime('%m',$prevstamp));
+ $cal_templates->set_var('prevday',date('j',$prevstamp));
+ $cal_templates->set_var('prevyear',strftime('%Y',$prevstamp));
+ $cal_templates->set_var('nextmonth',strftime('%m',$nextstamp));
+ $cal_templates->set_var('nextday',date('j',$nextstamp));
+ $cal_templates->set_var('nextyear',strftime('%Y',$nextstamp));
+ $cal_templates->set_var ('lang_day', $LANG_CAL_2[39]);
+ $cal_templates->set_var ('lang_week', $LANG_CAL_2[40]);
+ $cal_templates->set_var ('lang_month', $LANG_CAL_2[41]);
+ if ($_CONF['week_start'] == 'Mon') {
+ $time_day1 = mktime (0, 0, 0, $month, $day + 1, $year);
+ $time_day7 = mktime (0, 0, 0, $month, $day + 7, $year);
+ $start_mname = strftime ('%B', $time_day1);
+ $eday = strftime ('%e', $time_day7);
+ $end_mname = strftime ('%B', $time_day7);
+ $end_ynum = strftime ('%Y', $time_day7);
+ $date_range = $start_mname . ' ' . strftime ('%e', $time_day1);
+ } else {
+ $start_mname = strftime ('%B', mktime (0, 0, 0, $month, $day,
$year));
+ $time_day6 = mktime (0, 0, 0, $month, $day + 6, $year);
+ $eday = strftime ('%e', $time_day6);
+ $end_mname = strftime ('%B', $time_day6);
+ $end_ynum = strftime ('%Y', $time_day6);
+ $date_range = $start_mname . ' ' . $day;
+ }
+ if ($year <> $end_ynum) {
+ $date_range .= ', ' . $year . ' - ';
+ } else {
+ $date_range .= ' - ';
+ }
+ if ($start_mname <> $end_mname) {
+ $date_range .= $end_mname . ' ' . $eday . ', ' . $end_ynum;
+ } else {
+ $date_range .= $eday . ', ' . $end_ynum;
+ }
+ $cal_templates->set_var('date_range', $date_range);
+ if ($_CONF['week_start'] == 'Mon') {
+ $thedate = COM_getUserDateTimeFormat (mktime (0, 0, 0, $month,
$day + 1,$year));
+ } else {
+ $thedate = COM_getUserDateTimeFormat (mktime (0, 0, 0, $month,
$day, $year));
+ }
+ $cal_templates->set_var('week_num',$thedate[1]);
+ for ($i = 1; $i <= 7; $i++) {
+ if ($_CONF['week_start'] == 'Mon') {
+ $dayname = (date ('w', $thedate[1]) == 0)
+ ? $cal->getDayName (7)
+ : $cal->getDayName (date ('w', $thedate[1]));
+ } else {
+ $dayname = $cal->getDayName (date ('w', $thedate[1]) + 1);
+ }
+ $monthnum = date('m', $thedate[1]);
+ $daynum = date('d', $thedate[1]);
+ $yearnum = date('Y', $thedate[1]);
+ if ($yearnum . '-' . $monthnum . '-' . $daynum ==
date('Y-m-d',time())) {
+ $cal_templates->set_var('class'.$i,'weekview-curday');
+ } else {
+ $cal_templates->set_var('class'.$i,'weekview-offday');
+ }
+ $monthname = $cal->getMonthName($monthnum);
+ $cal_templates->set_var ('day' . $i, $dayname . ', '
+ . COM_createLink( strftime ('%x', $thedate[1]),
+ $_CONF['site_url'] . '/calendar/index.php?' . addMode ($mode)
+ . "view=day&day$daynum&month=$monthnum&year=$yearnum")
+ );
+ if ($mode == 'personal') {
+ $add_str = $LANG_CAL_2[8];
+ } else {
+ $add_str = $LANG_CAL_2[42];
+ }
+
+ $cal_templates->set_var ('langlink_addevent' . $i,
+ COM_createLink($add_str,
$_CONF['site_url'] . '/submit.php?type=calendar&'
+ . addMode
($mode) . "day=$daynum&month=$monthnum&year=$yearnum")
+ );
+ if ($mode == 'personal') {
+ $calsql = "SELECT
eid,title,datestart,dateend,timestart,timeend,allday,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon
FROM {$_TABLES['personal_events']} WHERE (uid = {$_USER['uid']}) AND
((allday=1 AND datestart = \"$yearnum-$monthnum-$daynum\") OR (datestart >=
\"$yearnum-$monthnum-$daynum 00:00:00\" AND datestart <=
\"$yearnum-$monthnum-$daynum 23:59:59\") OR (dateend >=
\"$yearnum-$monthnum-$daynum 00:00:00\" AND dateend <=
\"$yearnum-$monthnum-$daynum 23:59:59\") OR (\"$yearnum-$monthnum-$daynum\"
BETWEEN datestart AND dateend)) ORDER BY datestart,timestart";
+ } else {
+ $calsql = "SELECT
eid,title,datestart,dateend,timestart,timeend,allday,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon
FROM {$_TABLES['events']} WHERE ((allday=1 AND datestart =
\"$yearnum-$monthnum-$daynum\") OR (datestart >=
\"$yearnum-$monthnum-$daynum 00:00:00\" AND datestart <=
\"$yearnum-$monthnum-$daynum 23:59:59\") OR (dateend >=
\"$yearnum-$monthnum-$daynum 00:00:00\" AND dateend <=
\"$yearnum-$monthnum-$daynum 23:59:59\") OR (\"$yearnum-$monthnum-$daynum\"
BETWEEN datestart AND dateend))" . COM_getPermSql ('AND') . " ORDER BY
datestart,timestart";
+ }
+ $result = DB_query($calsql);
+ $nrows = DB_numRows($result);
+ for ($j = 1; $j <= $nrows; $j++) {
+ $A = DB_fetchArray($result);
+ if ($A['allday'] == 1) {
+ $cal_templates->set_var('event_starttime',
$LANG_CAL_2[26]);
+ $cal_templates->set_var('event_endtime','');
+ } else {
+ $startstamp = strtotime($A['datestart'] . ' ' .
$A['timestart']);
+ $endstamp = strtotime($A['dateend'] . ' ' . $A['timeend']);
+ $startday = date('d',$startstamp);
+ $startmonth = date('n',$startstamp);
+ $endday = date('d', $endstamp);
+ $endmonth = date('n',$endstamp);
+ if (($startmonth == $monthnum && $daynum > $startday) OR
($startmonth <> $monthnum)) {
+ $starttime = date('n/j g:i a',$startstamp);
+ } else {
+ $starttime = date('g:i a', $startstamp);
+ }
+ if (($endmonth == $monthnum && $daynum < $endday) OR
($endmonth <> $monthnum)) {
+ $endtime = date('n/j g:i a', $endstamp);
+ } else {
+ $endtime = date('g:i a', $endstamp);
+ }
+ $cal_templates->set_var('event_starttime', $starttime);
+ $cal_templates->set_var('event_endtime', ' - ' . $endtime);
+ }
+ $cal_templates->set_var ('event_title_and_link',
+ COM_createLink(stripslashes($A['title']),
$_CONF['site_url']
+ . '/calendar/event.php?' . addMode ($mode)
+ . 'eid=' . $A['eid'])
+ );
+ // Provide delete event link if user has access
+ $cal_templates->set_var('delete_imagelink',
+ getDeleteImageLink($mode, $A, $token));
+ $cal_templates->parse ('events_day' . $i, 'events', true);
+ }
+ if ($nrows == 0) {
+ $cal_templates->set_var('event_starttime',' ');
+ $cal_templates->set_var('event_endtime','');
+ $cal_templates->set_var('event_title_and_link','');
+ $cal_templates->set_var('delete_imagelink','');
+ $cal_templates->parse('events_day'.$i,'events',true);
+ }
+ // Go to next day
+ $thedate = COM_getUserDateTimeFormat(mktime(0,0,0,$monthnum,
$daynum + 1, $yearnum));
+ }
+
+ $display .= $cal_templates->parse('output','week');
+ $display .= COM_siteFooter();
+ break;
+
+case 'addentry':
+ $display .= plugin_submit_calendar($mode);
+ $display .= COM_siteFooter();
+ break;
+
+case 'savepersonal':
+ if (SEC_checkToken()) {
+ $display = plugin_savesubmission_calendar($_POST);
+ } else {
+ $display = COM_refresh($_CONF['site_url'] . '/calendar/index.php');
+ }
+ break;
+
+default: // month view
+// Load templates
+
+$cal_templates = new
Template($_CONF['path'] . 'plugins/calendar/templates');
+$cal_templates->set_file (array (
+ 'calendar' => 'calendar.thtml',
+ 'week' => 'calendarweek.thtml',
+ 'day' => 'calendarday.thtml',
+ 'event' => 'calendarevent.thtml',
+ 'mastercal' => 'mastercalendaroption.thtml',
+ 'personalcal' => 'personalcalendaroption.thtml',
+ 'addevent' => 'addeventoption.thtml'
+ ));
+
+$cal_templates->set_var ( 'xhtml', XHTML );
+$cal_templates->set_var ('site_url', $_CONF['site_url']);
+$cal_templates->set_var ('site_admin_url', $_CONF['site_admin_url']);
+$cal_templates->set_var ('layout_url', $_CONF['layout_url']);
+$cal_templates->set_var ('mode', $mode);
+if ($mode == 'personal') {
+ $cal_templates->set_var ('start_block', COM_startBlock
($LANG_CAL_2[12]));
+ $cal_templates->set_var ('end_block', COM_endBlock ());
+} else {
+ $cal_templates->set_var ('start_block', COM_startBlock
($LANG_CAL_2[11]));
+ $cal_templates->set_var ('end_block', COM_endBlock ());
+}
+
+$smallcal_prev = getSmallCalendar ($prevmonth, $prevyear, $mode);
+$cal_templates->set_var ('previous_months_calendar', $smallcal_prev);
+$cal_templates->set_var ('previous_months_cal',
+ '<font size="-2">' . LB .
$smallcal_prev . '</font>');
+
+$smallcal_next = getSmallCalendar ($nextmonth, $nextyear, $mode);
+$cal_templates->set_var ('next_months_calendar', $smallcal_next);
+$cal_templates->set_var ('next_months_cal',
+ '<font size="-2">' . LB .
$smallcal_next . '</font>');
+
+$cal_templates->set_var('cal_prevmo_num', $prevmonth);
+$cal_templates->set_var('cal_prevyr_num', $prevyear);
+$cal_templates->set_var('cal_month_and_year',
$cal->getMonthName($month) . ' ' . $year);
+$cal_templates->set_var('cal_nextmo_num', $nextmonth);
+$cal_templates->set_var('cal_nextyr_num', $nextyear);
+
+if ($_CONF['week_start'] == 'Mon') {
+ $cal_templates->set_var('lang_sunday', $LANG_WEEK[2]);
+ $cal_templates->set_var('lang_monday', $LANG_WEEK[3]);
+ $cal_templates->set_var('lang_tuesday', $LANG_WEEK[4]);
+ $cal_templates->set_var('lang_wednesday', $LANG_WEEK[5]);
+ $cal_templates->set_var('lang_thursday', $LANG_WEEK[6]);
+ $cal_templates->set_var('lang_friday', $LANG_WEEK[7]);
+ $cal_templates->set_var('lang_saturday', $LANG_WEEK[1]);
+} else {
+ $cal_templates->set_var('lang_sunday', $LANG_WEEK[1]);
+ $cal_templates->set_var('lang_monday', $LANG_WEEK[2]);
+ $cal_templates->set_var('lang_tuesday', $LANG_WEEK[3]);
+ $cal_templates->set_var('lang_wednesday', $LANG_WEEK[4]);
+ $cal_templates->set_var('lang_thursday', $LANG_WEEK[5]);
+ $cal_templates->set_var('lang_friday', $LANG_WEEK[6]);
+ $cal_templates->set_var('lang_saturday', $LANG_WEEK[7]);
+}
+
+$cal_templates->set_var('lang_january', $LANG_MONTH[1]);
+if ($month == 1)
$cal_templates->set_var('selected_jan','selected="selected"');
+$cal_templates->set_var('lang_february', $LANG_MONTH[2]);
+if ($month == 2)
$cal_templates->set_var('selected_feb','selected="selected"');
+$cal_templates->set_var('lang_march', $LANG_MONTH[3]);
+if ($month == 3)
$cal_templates->set_var('selected_mar','selected="selected"');
+$cal_templates->set_var('lang_april', $LANG_MONTH[4]);
+if ($month == 4)
$cal_templates->set_var('selected_apr','selected="selected"');
+$cal_templates->set_var('lang_may', $LANG_MONTH[5]);
+if ($month == 5)
$cal_templates->set_var('selected_may','selected="selected"');
+$cal_templates->set_var('lang_june', $LANG_MONTH[6]);
+if ($month == 6)
$cal_templates->set_var('selected_jun','selected="selected"');
+$cal_templates->set_var('lang_july', $LANG_MONTH[7]);
+if ($month == 7)
$cal_templates->set_var('selected_jul','selected="selected"');
+$cal_templates->set_var('lang_august', $LANG_MONTH[8]);
+if ($month == 8)
$cal_templates->set_var('selected_aug','selected="selected"');
+$cal_templates->set_var('lang_september', $LANG_MONTH[9]);
+if ($month == 9)
$cal_templates->set_var('selected_sep','selected="selected"');
+$cal_templates->set_var('lang_october', $LANG_MONTH[10]);
+if ($month == 10)
$cal_templates->set_var('selected_oct','selected="selected"');
+$cal_templates->set_var('lang_november', $LANG_MONTH[11]);
+if ($month == 11)
$cal_templates->set_var('selected_nov','selected="selected"');
+$cal_templates->set_var('lang_december', $LANG_MONTH[12]);
+if ($month == 12)
$cal_templates->set_var('selected_dec','selected="selected"');
+
+$cal_templates->set_var('lang_day', $LANG_CAL_2[39]);
+$cal_templates->set_var('lang_week', $LANG_CAL_2[40]);
+$cal_templates->set_var('lang_month', $LANG_CAL_2[41]);
+
+if ($mode == 'personal') {
+ $cal_templates->set_var ('calendar_title',
+ $LANG_CAL_2[28] . ' ' . COM_getDisplayName());
+} else {
+ $cal_templates->set_var ('calendar_title',
+ $_CONF['site_name'] . ' ' . $LANG_CAL_2[29]);
+}
+
+$yroptions = '';
+for ($y = $currentyear - 5; $y <= $currentyear + 5; $y++) {
+ $yroptions .= '<option value="' . $y . '"';
+ if ($y == $year) {
+ $yroptions .= ' selected="selected"';
+ }
+ $yroptions .= '>' . $y . '</option>'.LB;
+}
+$cal_templates->set_var('year_options', $yroptions);
+
+for ($i = 1; $i <= 6; $i++) {
+ $wday = '';
+ for ($j = 1; $j <= 7; $j++) {
+ $curday = $cal->getDayData($i, $j);
+ if (!empty($curday)) {
+ // Cache first actual day of the week to build week view link
+ if (empty($wday)) {
+ $wday = $curday->daynumber;
+ }
+ if (($currentyear > $year) OR
+ ($currentmonth > $month && $currentyear == $year) OR
+ ($currentmonth == $month && $currentday >
$curday->daynumber && $currentyear == $year)) {
+ $cal_templates->set_var('cal_day_style', 'cal-oldday');
+ } else {
+ if ($currentyear == $year && $currentmonth == $month &&
$currentday == $curday->daynumber) {
+ $cal_templates->set_var('cal_day_style','cal-today');
+ } else {
+
$cal_templates->set_var('cal_day_style', 'cal-futureday');
+ }
+ }
+
+ if (strlen($curday->daynumber) == 1) {
+ $curday->daynumber = '0' . $curday->daynumber;
+ }
+
+ $cal_templates->set_var ('cal_day_anchortags',
+ COM_createLink($curday->daynumber, $_CONF['site_url']
+ . '/calendar/index.php?view=day&' . addMode ($mode)
+ . 'day=' .
$curday->daynumber . "&month=$month&year=$year",
+ array('class'=>'cal-date'))
+ . '<hr' . XHTML . '>'
+ );
+
+ if (strlen($month) == 1) {
+ $month = '0' . $month;
+ }
+
+ if ($mode == 'personal') {
+ $calsql_tbl = $_TABLES['personal_events'];
+ $calsql_filt = "AND (uid = {$_USER['uid']})";
+ } else {
+ $calsql_tbl = $_TABLES['events'];
+ $calsql_filt = COM_getPermSql ('AND');
+ }
+
+ $calsql = "SELECT
eid,title,datestart,dateend,timestart,timeend,allday,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon
FROM $calsql_tbl WHERE "
+ . "((datestart >= \"$year-$month-$curday->daynumber
00:00:00\" "
+ . "AND datestart <= \"$year-$month-$curday->daynumber
23:59:59\") "
+ . "OR (dateend >= \"$year-$month-$curday->daynumber
00:00:00\" "
+ . "AND dateend <= \"$year-$month-$curday->daynumber
23:59:59\") "
+ . "OR (\"$year-$month-$curday->daynumber\" BETWEEN
datestart AND dateend))"
+ . $calsql_filt . " ORDER BY datestart,timestart";
+
+ $query2 = DB_query($calsql);
+ $q2_numrows = DB_numRows($query2);
+
+ if ($q2_numrows > 0) {
+ $entries = '';
+ for ($z = 1; $z <= $q2_numrows; $z++) {
+ $results = DB_fetchArray ($query2);
+ if ($results['title']) {
+ $cal_templates->set_var ('cal_day_entries', '');
+ $entries .=
+ COM_createLink(
+ stripslashes ($results['title']),
+
$_CONF['site_url'] . '/calendar/event.php?' . addMode ($mode)
+ . 'eid=' . $results['eid'],
+ array('class'=>'cal-event'))
+ . '<hr' . XHTML . '>';
+ }
+ }
+ for ($z = $z; $z <= 4; $z++) {
+ $entries .= '<br' . XHTML . '>';
+ }
+
+ $cal_templates->set_var('event_anchortags', $entries);
+
+ } else {
+ if ($q2_numrows < 4) {
+ for ($t=0; $t < (4 - $q2_numrows); $t++) {
+ $cal_templates->set_var('cal_day_entries','<br' .
XHTML . '><br' . XHTML . '><br' . XHTML . '><br' . XHTML . '>');
+ }
+ }
+ }
+
+ $cal_templates->parse('cal_day_entries', 'event', true);
+ $cal_templates->set_var('event_anchortags','');
+ } else {
+ if ($i > 1) {
+ // Close out calendar if needed
+ for ($k = $j; $k <= 7; $k++) {
+ $cal_templates->set_var('cal_day_style','cal-nullday');
+ $cal_templates->set_var('cal_day_anchortags', '');
+ $cal_templates->set_var('cal_day_entries',' ');
+ if ($k < 7) $cal_templates->parse('cal_days', 'day',
true);
+ }
+ // for looping to stop...we are done now
+ $i = 7;
+ $j = 8;
+ } else {
+ // Print empty box for any days in the first week that
occur
+ // before the first day
+ $cal_templates->set_var('cal_day_style','cal-nullday');
+ $cal_templates->set_var('cal_day_anchortags', '');
+ $cal_templates->set_var('cal_day_entries',' ');
+ }
+ }
+ $cal_templates->parse('cal_days','day',true);
+ }
+ list($wmonth, $wday, $wyear) = getPriorSunday($month, $wday, $year);
+ $cal_templates->set_var('wmonth', $wmonth);
+ $cal_templates->set_var('wday', $wday);
+ $cal_templates->set_var('wyear', $wyear);
+ $cal_templates->parse('cal_week', 'week',true);
+ $cal_templates->set_var('cal_days','');
+
+ // check if we need to render the following week at all
+ if ($i < 6) {
+ $data = $cal->getDayData ($i + 1, 1);
+ if (empty ($data)) {
+ break;
+ }
+ }
+}
+
+if ($mode == 'personal') {
+ $cal_templates->set_var('lang_mastercal', $LANG_CAL_2[25] .
$LANG_CAL_2[11]);
+ $cal_templates->parse('master_calendar_option','mastercal',true);
+} else {
+ if (isset ($_USER['uid']) && ($_USER['uid'] > 1) &&
+ ($_CA_CONF['personalcalendars'] == 1)) {
+ $cal_templates->set_var('lang_mycalendar', $LANG_CAL_2[12]);
+
$cal_templates->parse('personal_calendar_option','personalcal',true);
+ } else {
+ $cal_templates->set_var('personal_calendar_option',' ');
+ }
+}
+
+
+$cal_templates->set_var('lang_cal_curmo', $LANG_MONTH[$currentmonth + 0]);
+$cal_templates->set_var('cal_curmo_num', $currentmonth);
+$cal_templates->set_var('cal_curyr_num', $currentyear);
+$cal_templates->set_var('lang_cal_displaymo', $LANG_MONTH[$month + 0]);
+$cal_templates->set_var('cal_displaymo_num', $month);
+$cal_templates->set_var('cal_displayyr_num', $year);
+if ($mode == 'personal') {
+ $cal_templates->set_var('lang_addevent', $LANG_CAL_2[8]);
+ $cal_templates->set_var('addevent_formurl', '/calendar/index.php');
+} else {
+ $cal_templates->set_var('lang_addevent', $LANG_CAL_2[42]);
+
$cal_templates->set_var('addevent_formurl', '/submit.php?type=calendar');
+}
+$cal_templates->parse('add_event_option','addevent',true);
+$cal_templates->parse('output','calendar');
+$display .= $cal_templates->finish($cal_templates->get_var('output'));
+
+$display .= COM_siteFooter();
+break;
+
+} // end switch
+
+echo $display;
+
+?>
Added: externals/geeklog-1.5.2sr4/public_html/calendar/style.css
==============================================================================
--- (empty file)
+++ externals/geeklog-1.5.2sr4/public_html/calendar/style.css Sat Apr 18
06:21:39 2009
@@ -0,0 +1,161 @@
+/* Calendar Plugin */
+
+.cal-body {
+ background:#FFFFFF;
+ border-bottom:#E7E7E7 1px solid;
+ border-left:#E7E7E7 1px solid;
+ border-right:#E7E7E7 1px solid;
+ border-top:#E7E7E7 1px solid;
+ color:#000000;
+ font-weight:bold;
+}
+.cal-day,
+.cal_day {
+ background:transparent;
+ border-bottom:#F7F7F7 1px dashed;
+ border-left:#F7F7F7 1px dashed;
+ border-top:#1A3955 2px solid;
+ color:#000000;
+ font-weight:bold;
+}
+.cal-dayview-times {
+ background:#F7F7F7;
+ border-bottom:#E7E7E7 1px solid;
+ border-left:#E7E7E7 1px solid;
+ border-right:#E7E7E7 1px solid;
+ border-top:#1A3955 1px dashed;
+ color:#000000;
+ font-weight:bold;
+ font-size:.8em;
+}
+.cal-dayx-body {
+ background:#E7E7E7
+}
+.cal-dayx-cur {
+ background:#FFFFFF;
+ color:#000000;
+ font-weight:bold;
+ font-size:.8em;
+}
+.cal-dayx-subcur {
+ background:#FFFFFF;
+ color:#000000;
+ font-weight:bold;
+ font-size:.8em;
+ padding-top:4px;
+}
+.cal-dayx-times {
+ border-bottom:#FFFFFF 1px solid;
+ border-left:#FFFFFF 1px solid;
+ border-right:#FFFFFF 1px solid;
+}
+.cal-dayx-times2 {
+ background:#FFFFFF
+}
+.cal-dayx-weekevent {
+ border-bottom:#FFFFFF 1px solid;
+ border-left:#FFFFFF 1px dashed;
+ border-right:#FFFFFF 1px dashed;
+ border-top:#E7E7E7 1px solid;
+}
+.cal-futureday {
+ background:#F7F7F7
+}
+.cal-header {
+ background:#FFFFFF;
+ border-bottom:#F7F7F7 1px solid;
+ border-left:#F7F7F7 1px solid;
+ border-right:#F7F7F7 1px solid;
+ border-top:#F7F7F7 1px solid;
+}
+.cal-hr {
+ background:#FFFFFF
+}
+.cal-month,
+.cal_month {
+ background:#F7F7F7;
+ color:#000000;
+ font-size:.9em;
+}
+.cal-nullday {
+ background:#FFFFFF;
+ border-bottom:#F7F7F7 1px dashed;
+ border-left:#F7F7F7 1px dashed;
+ border-top:#F7F7F7 1px dashed;
+ color:#000000;
+}
+.cal-oldday {
+ background:#E7E7E7;
+ color:#000000;
+}
+.cal-quickadd,
+.quickadd {
+ background:#F7F7F7;
+ border-bottom:#E7E7E7 1px solid;
+ border-left:#E7E7E7 1px solid;
+ border-right:#E7E7E7 1px solid;
+ border-top:#E7E7E7 1px solid;
+ padding:4px;
+}
+.cal-today {
+ background:#FFFFFF;
+ border-bottom:#1A3955 1px dashed;
+ border-left:#1A3955 1px dashed;
+ border-right:#1A3955 1px dashed;
+ border-top:#1A3955 1px dashed;
+}
+.cal-weekpointers {
+ border-bottom:#F7F7F7 1px dashed;
+ border-left:#F7F7F7 1px dashed;
+}
+.cal-weekview-addevent {
+ background:#FFFFFF;
+ border-right:#E7E7E7 1px solid;
+ border-top:#E7E7E7 1px solid;
+ color:#000000;
+ font-weight:bold;
+ font-size:.8em;
+ padding:4px;
+}
+.cal-weekview-caltitle {
+ background:#FFFFFF;
+ border-bottom:#E7E7E7 1px solid;
+ border-left:#E7E7E7 1px solid;
+ border-right:#E7E7E7 1px solid;
+ color:#000000;
+ font-weight:bold;
+ font-size:.8em;
+ padding:4px;
+}
+.cal-weekview-curday,
+.weekview_curday {
+ background:#F7F7F7;
+ color:#000000;
+}
+.cal-weekview-daterange {
+ background:#FFFFFF;
+ border-left:#E7E7E7 1px solid;
+ border-right:#E7E7E7 1px solid;
+ border-top:#E7E7E7 1px solid;
+ color:#000000;
+ font-weight:bold;
+ font-size:.8em;
+ padding:4px;
+}
+.cal-weekview-dayformat {
+ background:#FFFFFF;
+ border-left:#E7E7E7 1px solid;
+ border-top:#E7E7E7 1px solid;
+ color:#000000;
+ font-weight:bold;
+ font-size:.8em; padding:4px;
+}
+.cal-weekview-offday,
+.weekview_offday {
+ background:transparent;
+ color:#000000;
+}
+.smallcal-week-even {
+ background:#E7E7E7;
+ color:#000000;
+}
\ No newline at end of file
Added: externals/geeklog-1.5.2sr4/public_html/comment.php
==============================================================================
--- (empty file)
+++ externals/geeklog-1.5.2sr4/public_html/comment.php Sat Apr 18 06:21:39
2009
@@ -0,0 +1,364 @@
+<?php
+
+/* Reminder: always indent with 4 spaces (no tabs). */
+//
+---------------------------------------------------------------------------+
+// | Geeklog
1.5 |
+//
+---------------------------------------------------------------------------+
+// |
comment.php |
+//
|
|
+// | Let user comment on a story or
plugin. |
+//
+---------------------------------------------------------------------------+
+// | Copyright (C) 2000-2009 by the following
authors: |
+//
|
|
+// | Authors: Tony Bibbs - tony AT tonybibbs DOT
com |
+// | Mark Limburg - mlimburg AT users DOT sourceforge DOT
net |
+// | Jason Whittenburg - jwhitten AT securitygeeks DOT
com |
+// | Dirk Haun - dirk AT haun-online DOT
de |
+// | Vincent Furia - vinny01 AT users DOT sourceforge DOT
net |
+//
+---------------------------------------------------------------------------+
+//
|
|
+// | This program is free software; you can redistribute it
and/or |
+// | modify it under the terms of the GNU General Public
License |
+// | as published by the Free Software Foundation; either version
2 |
+// | of the License, or (at your option) any later
version. |
+//
|
|
+// | This program is distributed in the hope that it will be
useful, |
+// | but WITHOUT ANY WARRANTY; without even the implied warranty
of |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
the |
+// | GNU General Public License for more
details. |
+//
|
|
+// | You should have received a copy of the GNU General Public
License |
+// | along with this program; if not, write to the Free Software
Foundation, |
+// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
USA. |
+//
|
|
+//
+---------------------------------------------------------------------------+
+
+/**
+* This file is responsible for letting user enter a comment and saving the
+* comments to the DB. All comment display stuff is in lib-common.php
+*
+* @author Jason Whittenburg
+* @author Tony Bibbs <tonyAT tonybibbs DOT com>
+* @author Vincent Furia <vinny01 AT users DOT sourceforge DOT net>
+*
+*/
+
+/**
+* Geeklog common function library
+*/
+require_once 'lib-common.php';
+
+/**
+ * Geeklog comment function library
+ */
+require_once $_CONF['path_system'] . 'lib-comment.php';
+
+// Uncomment the line below if you need to debug the HTTP variables being
passed
+// to the script. This will sometimes cause errors but it will allow you
to see
+// the data being passed in a POST operation
+// echo COM_debug($_POST);
+
+/**
+ * Handles a comment submission
+ *
+ * @copyright Vincent Furia 2005
+ * @author Vincent Furia <vinny01 AT users DOT sourceforge DOT net>
+ * @return string HTML (possibly a refresh)
+ */
+function handleSubmit()
+{
+ global $_CONF, $_TABLES, $_USER, $LANG03;
+
+ $display = '';
+
+ $type = COM_applyFilter ($_POST['type']);
+ $sid = COM_applyFilter ($_POST['sid']);
+ switch ( $type ) {
+ case 'article':
+ $commentcode = DB_getItem ($_TABLES['stories'], 'commentcode',
+ "sid = '$sid'" .
COM_getPermSQL('AND')
+ . " AND (draft_flag = 0) AND (date
<= NOW()) "
+ . COM_getTopicSQL('AND'));
+ if (!isset($commentcode) || ($commentcode != 0)) {
+ return COM_refresh($_CONF['site_url'] . '/index.php');
+ }
+
+ $ret = CMT_saveComment ( strip_tags ($_POST['title']),
+ $_POST['comment'], $sid, COM_applyFilter ($_POST['pid'],
true),
+ 'article', COM_applyFilter ($_POST['postmode']));
+
+ if ( $ret > 0 ) { // failure //FIXME: some failures should not
return to comment form
+ $display .= COM_siteHeader ('menu', $LANG03[1])
+ . CMT_commentForm ($_POST['title'],
$_POST['comment'],
+ $sid, COM_applyFilter($_POST['pid']), $type,
+ $LANG03[14],
COM_applyFilter($_POST['postmode']))
+ . COM_siteFooter();
+ } else { // success
+ $comments = DB_count ($_TABLES['comments'], 'sid', $sid);
+ DB_change ($_TABLES['stories'], 'comments',
$comments, 'sid', $sid);
+ COM_olderStuff (); // update comment count in Older
Stories block
+ $display = COM_refresh (COM_buildUrl ($_CONF['site_url']
+ . "/article.php?story=$sid"));
+ }
+ break;
+ default: // assume plugin
+ if ( !($display = PLG_commentSave($type, strip_tags
($_POST['title']),
+ $_POST['comment'], $sid, COM_applyFilter
($_POST['pid'], true),
+ COM_applyFilter ($_POST['postmode']))) ) {
+ $display = COM_refresh ($_CONF['site_url'] . '/index.php');
+ }
+ break;
+ }
+
+ return $display;
+}
+
+/**
+ * Handles a comment submission
+ *
+ * @copyright Vincent Furia 2005
+ * @author Vincent Furia <vinny01 AT users DOT sourceforge DOT net>
+ * @return string HTML (possibly a refresh)
+ */
+function handleDelete()
+{
+ global $_CONF, $_TABLES;
+
+ $display = '';
+
+ $type = COM_applyFilter($_REQUEST['type']);
+ $sid = COM_applyFilter($_REQUEST['sid']);
+
+ switch ($type) {
+ case 'article':
+ $has_editPermissions = SEC_hasRights('story.edit');
+ $result = DB_query("SELECT
owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM
{$_TABLES['stories']} WHERE sid = '$sid'");
+ $A = DB_fetchArray($result);
+
+ if ($has_editPermissions && SEC_hasAccess($A['owner_id'],
+ $A['group_id'], $A['perm_owner'], $A['perm_group'],
+ $A['perm_members'], $A['perm_anon']) == 3) {
+ CMT_deleteComment(COM_applyFilter($_REQUEST['cid'], true),
$sid,
+ 'article');
+ $comments = DB_count($_TABLES['comments'], 'sid', $sid);
+ DB_change($_TABLES['stories'], 'comments', $comments,
+ 'sid', $sid);
+ $display .= COM_refresh(COM_buildUrl ($_CONF['site_url']
+ . "/article.php?story=$sid") . '#comments');
+ } else {
+ COM_errorLog("User {$_USER['username']} (IP:
{$_SERVER['REMOTE_ADDR']}) tried to illegally delete comment $cid from
$type $sid");
+ $display .= COM_refresh($_CONF['site_url'] . '/index.php');
+ }
+ break;
+
+ default: // assume plugin
+ if (!($display = PLG_commentDelete($type,
+ COM_applyFilter($_REQUEST['cid'], true),
$sid))) {
+ $display = COM_refresh($_CONF['site_url'] . '/index.php');
+ }
+ break;
+ }
+
+ return $display;
+}
+
+/**
+ * Handles a comment view request
+ *
+ * @copyright Vincent Furia 2005
+ * @author Vincent Furia <vinny01 AT users DOT sourceforge DOT net>
+ * @param boolean $view View or display (true for view)
+ * @return string HTML (possibly a refresh)
+ */
+function handleView($view = true)
+{
+ global $_CONF, $_TABLES, $_USER, $LANG_ACCESS;
+
+ $display = '';
+
+ if ($view) {
+ $cid = COM_applyFilter ($_REQUEST['cid'], true);
+ } else {
+ $cid = COM_applyFilter ($_REQUEST['pid'], true);
+ }
+
+ if ($cid <= 0) {
+ return COM_refresh($_CONF['site_url'] . '/index.php');
+ }
+
+ $sql = "SELECT sid, title, type FROM {$_TABLES['comments']} WHERE cid
= $cid";
+ $A = DB_fetchArray( DB_query($sql) );
+ $sid = $A['sid'];
+ $title = $A['title'];
+ $type = $A['type'];
+
+ $format = $_CONF['comment_mode'];
+ if( isset( $_REQUEST['format'] )) {
+ $format = COM_applyFilter( $_REQUEST['format'] );
+ }
+ if ( $format != 'threaded' && $format != 'nested' && $format != 'flat'
) {
+ if ( $_USER['uid'] > 1 ) {
+ $format = DB_getItem( $_TABLES['usercomment'], 'commentmode',
+ "uid = {$_USER['uid']}" );
+ } else {
+ $format = $_CONF['comment_mode'];
+ }
+ }
+
+ switch ( $type ) {
+ case 'article':
+ $sql = 'SELECT COUNT(*) AS count, commentcode, owner_id,
group_id, perm_owner, perm_group, '
+ . "perm_members, perm_anon FROM {$_TABLES['stories']}
WHERE (sid = '$sid') "
+ . 'AND (draft_flag = 0) AND (commentcode >= 0) AND (date
<= NOW())' . COM_getPermSQL('AND')
+ . COM_getTopicSQL('AND') . ' GROUP BY sid,owner_id,
group_id, perm_owner, perm_group,perm_members, perm_anon ';
+ $result = DB_query ($sql);
+ $B = DB_fetchArray ($result);
+ $allowed = $B['count'];
+
+ if ( $allowed == 1 ) {
+ $delete_option = ( SEC_hasRights( 'story.edit' ) &&
+ ( SEC_hasAccess( $B['owner_id'], $B['group_id'],
+ $B['perm_owner'], $B['perm_group'],
$B['perm_members'],
+ $B['perm_anon'] ) == 3 ) );
+ $order = '';
+ if (isset ( $_REQUEST['order'])) {
+ $order = COM_applyFilter ($_REQUEST['order']);
+ }
+ $page = 0;
+ if (isset ($_REQUEST['page'])) {
+ $page = COM_applyFilter ($_REQUEST['page'], true);
+ }
+ $display .= CMT_userComments ($sid, $title, $type, $order,
+ $format, $cid, $page, $view,
$delete_option,
+ $B['commentcode']);
+ } else {
+ $display .= COM_startBlock
($LANG_ACCESS['accessdenied'], '',
+ COM_getBlockTemplate
('_msg_block', 'header'))
+ . $LANG_ACCESS['storydenialmsg']
+ . COM_endBlock (COM_getBlockTemplate
('_msg_block', 'footer'));
+ }
+ break;
+
+ default: // assume plugin
+ if ( !($display = PLG_displayComment($type, $sid, $cid, $title,
+ COM_applyFilter ($_REQUEST['order']),
$format,
+ COM_applyFilter ($_REQUEST['page'],
true), $view)) ) {
+ return COM_refresh($_CONF['site_url'] . '/index.php');
+ }
+ break;
+ }
+
+ return COM_siteHeader('menu', $title) . $display . COM_siteFooter();
+}
+
+// MAIN
+$display = '';
+
+// If reply specified, force comment submission form
+if (isset ($_REQUEST['reply'])) {
+ $_REQUEST['mode'] = '';
+}
+
+$mode = '';
+if (!empty ($_REQUEST['mode'])) {
+ $mode = COM_applyFilter ($_REQUEST['mode']);
+}
+switch ($mode) {
+case $LANG03[14]: // Preview
+ $display .= COM_siteHeader('menu', $LANG03[14])
+ . CMT_commentForm (strip_tags ($_POST['title']),
$_POST['comment'],
+ COM_applyFilter ($_POST['sid']),
+ COM_applyFilter ($_POST['pid'], true),
+ COM_applyFilter ($_POST['type']), $mode,
+ COM_applyFilter ($_POST['postmode']))
+ . COM_siteFooter();
+ break;
+
+case $LANG03[11]: // Submit Comment
+ $display .= handleSubmit(); // moved to function for readibility
+ break;
+
+case 'delete':
+ if (SEC_checkToken()) {
+ $display .= handleDelete(); // moved to function for readibility
+ } else {
+ $display .= COM_refresh($_CONF['site_url'] . '/index.php');
+ }
+ break;
+
+case 'view':
+ $display .= handleView(true); // moved to function for readibility
+ break;
+
+case 'display':
+ $display .= handleView(false); // moved to function for readibility
+ break;
+
+case 'report':
+ $display .= COM_siteHeader('menu', $LANG03[27])
+ . CMT_reportAbusiveComment(COM_applyFilter($_GET['cid'],
true),
+ COM_applyFilter($_GET['type']))
+ . COM_siteFooter();
+ break;
+
+case 'sendreport':
+ if (SEC_checkToken()) {
+ $display .= CMT_sendReport(COM_applyFilter($_POST['cid'], true),
+ COM_applyFilter($_POST['type']));
+ } else {
+ $display .= COM_refresh($_CONF['site_url'] . '/index.php');
+ }
+ break;
+
+default: // New Comment
+ $abort = false;
+ $sid = COM_applyFilter ($_REQUEST['sid']);
+ $type = COM_applyFilter ($_REQUEST['type']);
+ $title = '';
+ if (isset ($_REQUEST['title'])) {
+ $title = strip_tags ($_REQUEST['title']);
+ }
+ $postmode = $_CONF['postmode'];
+ if (isset ($_REQUEST['postmode'])) {
+ $postmode = COM_applyFilter ($_REQUEST['postmode']);
+ }
+
+ if ($type == 'article') {
+ $dbTitle = DB_getItem($_TABLES['stories'], 'title',
+ "sid = '{$sid}'" . COM_getPermSQL('AND')
+ . " AND (draft_flag = 0) AND (date <=
NOW()) "
+ . COM_getTopicSQL('AND'));
+ if ($dbTitle === null) {
+ // no permissions, or no story of that title
+ $display = COM_refresh($_CONF['site_url'] . '/index.php');
+ $abort = true;
+ }
+ }
+ if (!$abort) {
+ if (!empty ($sid) && !empty ($type)) {
+ if (empty ($title)) {
+ if ($type == 'article') {
+ $title = $dbTitle;
+ }
+ $title = str_replace ('$', '$', $title);
+ // CMT_commentForm expects non-htmlspecial chars for
title...
+ $title = str_replace ( '&', '&', $title );
+ $title = str_replace ( '"', '"', $title );
+ $title = str_replace ( '<', '<', $title );
+ $title = str_replace ( '>', '>', $title );
+ }
+ $display .= COM_siteHeader('menu', $LANG03[1])
+ . CMT_commentForm ($title, '', $sid,
+ COM_applyFilter ($_REQUEST['pid'], true),
$type, $mode,
+ $postmode)
+ . COM_siteFooter();
+ } else {
+ $display .= COM_refresh($_CONF['site_url'] . '/index.php');
+ }
+ }
+ break;
+}
+
+echo $display;
+
+?>
Added: externals/geeklog-1.5.2sr4/public_html/directory.php
==============================================================================
--- (empty file)
+++ externals/geeklog-1.5.2sr4/public_html/directory.php Sat Apr 18
06:21:39 2009
@@ -0,0 +1,498 @@
+<?php
+
+/* Reminder: always indent with 4 spaces (no tabs). */
+//
+---------------------------------------------------------------------------+
+// | Geeklog
1.5 |
+//
+---------------------------------------------------------------------------+
+// |
directory.php |
+//
|
|
+// | Directory of all the stories on a Geeklog
site. |
+//
+---------------------------------------------------------------------------+
+// | Copyright (C) 2004-2008 by the following
authors: |
+//
|
|
+// | Authors: Dirk Haun - dirk AT haun-online DOT
de |
+//
+---------------------------------------------------------------------------+
+//
|
|
+// | This program is free software; you can redistribute it
and/or |
+// | modify it under the terms of the GNU General Public
License |
+// | as published by the Free Software Foundation; either version
2 |
+// | of the License, or (at your option) any later
version. |
+//
|
|
+// | This program is distributed in the hope that it will be
useful, |
+// | but WITHOUT ANY WARRANTY; without even the implied warranty
of |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
the |
+// | GNU General Public License for more
details. |
+//
|
|
+// | You should have received a copy of the GNU General Public
License |
+// | along with this program; if not, write to the Free Software
Foundation, |
+// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
USA. |
+//
|
|
+//
+---------------------------------------------------------------------------+
+//
+// $Id: directory.php,v 1.19 2008/06/20 19:12:56 dhaun Exp $
+
+require_once ('lib-common.php');
+
+// configuration option:
+// List stories for the current month on top of the overview page
+// (if set = true)
+$conf_list_current_month = false;
+
+// name of this script
+define ('THIS_SCRIPT', 'directory.php');
+
+$display = '';
+
+if (empty ($_USER['username']) && (($_CONF['loginrequired'] == 1) ||
+ ($_CONF['directoryloginrequired'] ==
1))) {
+ $display = COM_siteHeader ('menu', $LANG_DIR['title']);
+ $display .= COM_startBlock ($LANG_LOGIN[1], '',
+ COM_getBlockTemplate
('_msg_block', 'header'));
+ $login = new Template ($_CONF['path_layout'] . 'submit');
+ $login->set_file (array ('login' => 'submitloginrequired.thtml'));
+ $login->set_var ( 'xhtml', XHTML );
+ $login->set_var ('site_url', $_CONF['site_url']);
+ $login->set_var ('layout_url', $_CONF['layout_url']);
+ $login->set_var ('login_message', $LANG_LOGIN[2]);
+ $login->set_var ('lang_login', $LANG_LOGIN[3]);
+ $login->set_var ('lang_newuser', $LANG_LOGIN[4]);
+ $login->parse ('output', 'login');
+ $display .= $login->finish ($login->get_var ('output'));
+ $display .= COM_endBlock (COM_getBlockTemplate
('_msg_block', 'footer'));
+ $display .= COM_siteFooter ();
+ echo $display;
+ exit;
+}
+
+/**
+* Helper function: Calculate last day of a given month
+*
+* @param int $month Month
+* @param int $year Year
+* @return int Number of days in that month
+* @bugs Will fail from 2038 onwards ...
+*
+* "The last day of any given month can be expressed as the "0" day
+* of the next month", http://www.php.net/manual/en/function.mktime.php
+*
+*/
+function DIR_lastDayOfMonth ($month, $year)
+{
+ $month++;
+ if ($month > 12) {
+ $month = 1;
+ $year++;
+ }
+
+ $lastday = mktime (0, 0, 0, $month, 0, $year);
+
+ return intval(strftime('%d', $lastday));
+}
+
+/**
+* Display a topic selection drop-down menu
+*
+* @param string $topic current topic
+* @param int $year current year
+* @param int $month current month
+* @param bool $standalone true: don't display form inline
+*
+*/
+function DIR_topicList ($topic = 'all', $year = 0, $month = 0, $standalone
= false)
+{
+ global $_CONF, $LANG21;
+
+ $retval = '';
+
+ $url = $_CONF['site_url'] . '/' . THIS_SCRIPT;
+ $retval .= '<form action="' . $url . '" method="post"';
+ if (!$standalone) {
+ $retval .= ' style="display:inline; float:right"' . LB;
+ }
+ $retval .= '><div>' . LB;
+ $retval .= '<select name="topic" onchange="this.form.submit()">' . LB;
+ $retval .= '<option value="all"';
+ if ($topic == 'all') {
+ $retval .= ' selected="selected"';
+ }
+ $retval .= '>' . $LANG21[7] . '</option>' . LB;
+ $retval .= COM_topicList ('tid,topic', $topic);
+ $retval .= '</select>' . LB;
+ $retval .= '<input type="hidden" name="year" value="' . $year . '"' .
XHTML . '>';
+ $retval .= '<input type="hidden" name="month" value="' .
$month . '"' . XHTML . '>';
+ $retval .= '</div></form>' . LB;
+
+ return $retval;
+}
+
+/**
+* Build link to a month's page
+*
+* @param string $topic current topic
+* @param int $year year to link to
+* @param int $month month to link to
+* @param int $count number of stories for that month (may be 0)
+* @return string month name + count, as link or plain text
+*
+*/
+function DIR_monthLink ($topic, $year, $month, $count)
+{
+ global $_CONF, $LANG_MONTH;
+
+ $retval = $LANG_MONTH[$month] . ' (' . COM_numberFormat
($count) . ')' . LB;
+
+ if ($count > 0) {
+ $month_url = COM_buildUrl ($_CONF['site_url'] . '/'
+ . THIS_SCRIPT . '?topic=' . urlencode ($topic) . '&year='
+ . $year . '&month=' . $month);
+ $retval = COM_createLink ($retval, $month_url);
+ }
+
+ $retval .= LB;
+
+ return $retval;
+}
+
+/**
+* Display navigation bar
+*
+* @param string $topic current topic
+* @param int $year current year
+* @param int $month current month (or 0 for year view pages)
+* @return string navigation bar with prev, next, and "up" links
+*
+*/
+function DIR_navBar ($topic, $year, $month = 0)
+{
+ global $_CONF, $_TABLES, $LANG05, $LANG_DIR;
+
+ $retval = '';
+
+ $retval .= '<div class="pagenav">';
+
+ if ($month == 0) {
+ $prevyear = $year - 1;
+ $nextyear = $year + 1;
+ } else {
+ $prevyear = $year;
+ $prevmonth = $month - 1;
+ if ($prevmonth == 0) {
+ $prevmonth = 12;
+ $prevyear--;
+ }
+ $nextyear = $year;
+ $nextmonth = $month + 1;
+ if ($nextmonth > 12) {
+ $nextmonth = 1;
+ $nextyear++;
+ }
+ }
+
+ $result = DB_query ("SELECT MIN(YEAR(date)) AS year FROM
{$_TABLES['stories']}");
+ $A = DB_fetchArray ($result);
+ if ($prevyear < $A['year']) {
+ $prevyear = 0;
+ }
+
+ $currentyear = date ('Y', time ());
+ if ($nextyear > $currentyear) {
+ $nextyear = 0;
+ }
+
+ if ($prevyear > 0) {
+ $url = $_CONF['site_url'] . '/' . THIS_SCRIPT . '?topic='
+ . urlencode ($topic) . '&year=' . $prevyear;
+ if ($month > 0) {
+ $url .= '&month=' . $prevmonth;
+ }
+ $retval .= COM_createLink($LANG05[6], COM_buildUrl ($url));
+ } else {
+ $retval .= $LANG05[6];
+ }
+
+ $retval .= ' | ';
+
+ $url = $_CONF['site_url'] . '/' . THIS_SCRIPT;
+ if ($topic != 'all') {
+ $url = COM_buildUrl ($url . '?topic=' . urlencode ($topic));
+ }
+
+ $retval .= COM_createLink($LANG_DIR['nav_top'] , $url);
+
+ $retval .= ' | ';
+
+ if ($nextyear > 0) {
+ $url = $_CONF['site_url'] . '/' . THIS_SCRIPT . '?topic='
+ . urlencode ($topic) . '&year=' . $nextyear;
+ if ($month > 0) {
+ $url .= '&month=' . $nextmonth;
+ }
+ $retval .= COM_createLink($LANG05[5], COM_buildUrl ($url));
+ } else {
+ $retval .= $LANG05[5];
+ }
+
+ $retval .= '</div>' . LB;
+
+ return $retval;
+}
+
+/**
+* Display month view
+*
+* @param string $topic current topic
+* @param int $year year to display
+* @param int $month month to display
+* @param bool $main true: display view on its own page
+* @return string list of articles for the given month
+*
+*/
+function DIR_displayMonth ($topic, $year, $month, $main = false)
+{
+ global $_CONF, $_TABLES, $LANG_MONTH, $LANG_DIR;
+
+ $retval = '';
+
+ if ($main) {
+ $retval .= '<div><h1 style="display:inline">' . $LANG_MONTH[$month]
+ . ' ' . $year . '</h1> ' . DIR_topicList ($topic, $year,
$month)
+ . '</div>' . LB;
+ } else {
+ $retval .= '<h1>' . $LANG_MONTH[$month] . ' ' . $year . '</h1>' .
LB;
+ }
+
+ $start = sprintf ('%04d-%02d-01 00:00:00', $year, $month);
+ $lastday = DIR_lastDayOfMonth ($month, $year);
+ $end = sprintf ('%04d-%02d-%02d 23:59:59', $year, $month, $lastday);
+
+ $sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS
day,DATE_FORMAT(date, '%e') AS mday FROM {$_TABLES['stories']} WHERE (date
>= '$start') AND (date <= '$end') AND (draft_flag = 0) AND (date <= NOW())";
+ if ($topic != 'all') {
+ $sql .= " AND (tid = '$topic')";
+ }
+ $sql .= COM_getTopicSql ('AND') . COM_getPermSql ('AND')
+ . COM_getLangSQL ('sid', 'AND') . " ORDER BY date ASC";
+
+ $result = DB_query ($sql);
+ $numrows = DB_numRows ($result);
+
+ if ($numrows > 0) {
+ $entries = array ();
+ $mday = 0;
+
+ for ($i = 0; $i < $numrows; $i++) {
+ $A = DB_fetchArray ($result);
+
+ if ($mday != $A['mday']) {
+ if (sizeof ($entries) > 0) {
+ $retval .= COM_makeList ($entries);
+ $entries = array ();
+ }
+
+ $day = strftime ($_CONF['shortdate'], $A['day']);
+
+ $retval .= '<h2>' . $day . '</h2>' . LB;
+
+ $mday = $A['mday'];
+ }
+
+ $url = COM_buildUrl ($_CONF['site_url'] . '/article.php?story='
+ . $A['sid']);
+ $entries[] = COM_createLink(stripslashes ($A['title']), $url);
+ }
+
+ if (sizeof ($entries) > 0) {
+ $retval .= COM_makeList ($entries);
+ }
+
+ } else {
+ $retval .= '<p>' . $LANG_DIR['no_articles'] . '</p>';
+ }
+
+ $retval .= LB;
+
+ return $retval;
+}
+
+/**
+* Display year view
+*
+* @param string $topic current topic
+* @param int $year year to display
+* @param bool $main true: display view on its own page
+* @return string list of months (+ number of stories) for given
year
+*
+*/
+function DIR_displayYear ($topic, $year, $main = false)
+{
+ global $_CONF, $_TABLES, $LANG_MONTH, $LANG_DIR;
+
+ $retval = '';
+
+ if ($main) {
+ $retval .= '<div><h1 style="display:inline">' . $year . '</h1> '
+ . DIR_topicList ($topic, $year) . '</div>' . LB;
+ } else {
+ $retval .= '<h2>' . $year . '</h2>' . LB;
+ }
+
+ $currentyear = date ('Y', time ());
+ $currentmonth = date ('m', time ());
+
+ $start = sprintf ('%04d-01-01 00:00:00', $year);
+ $end = sprintf ('%04d-12-31 23:59:59', $year);
+
+ $monthsql = array();
+ $monthsql['mysql'] = "SELECT DISTINCT MONTH(date) AS month,COUNT(*) AS
count FROM {$_TABLES['stories']} WHERE (date >= '$start') AND (date
<= '$end') AND (draft_flag = 0) AND (date <= NOW())";
+ $monthsql['mssql'] = "SELECT MONTH(date) AS month,COUNT(sid) AS count
FROM {$_TABLES['stories']} WHERE (date >= '$start') AND (date <= '$end')
AND (draft_flag = 0) AND (date <= NOW())";
+ if ($topic != 'all') {
+ $monthsql['mysql'] .= " AND (tid = '$topic')";
+ $monthsql['mssql'] .= " AND (tid = '$topic')";
+ }
+ $monthsql['mysql'] .= COM_getTopicSql ('AND') . COM_getPermSql ('AND')
+ . COM_getLangSQL ('sid', 'AND');
+ $monthsql['mssql'] .= COM_getTopicSql ('AND') . COM_getPermSql ('AND')
+ . COM_getLangSQL ('sid', 'AND');
+
+ $msql = array();
+ $msql['mysql'] = $monthsql['mysql'] . " GROUP BY MONTH(date) ORDER BY
date ASC";
+ $msql['mssql'] = $monthsql['mssql'] . " GROUP BY MONTH(date) ORDER BY
month(date) ASC";
+
+ $mresult = DB_query ($msql);
+ $nummonths = DB_numRows ($mresult);
+
+ if ($nummonths > 0) {
+ $retval .= '<ul>' . LB;
+ $lastm = 1;
+ for ($j = 0; $j < $nummonths; $j++) {
+ $M = DB_fetchArray ($mresult);
+
+ for (; $lastm < $M['month']; $lastm++) {
+ $retval .= '<li>' . DIR_monthLink ($topic, $year, $lastm,
0)
+ . '</li>';
+ }
+ $lastm = $M['month'] + 1;
+
+ $retval .= '<li>' . DIR_monthLink ($topic, $year, $M['month'],
+ $M['count']) . '</li>';
+ }
+
+ if ($year == $currentyear) {
+ $fillm = $currentmonth;
+ } else {
+ $fillm = 12;
+ }
+
+ if ($lastm <= $fillm) {
+ for (; $lastm <= $fillm; $lastm++) {
+ $retval .= '<li>' . DIR_monthLink ($topic, $year, $lastm,
0)
+ . '</li>';
+ }
+ }
+
+ $retval .= '</ul>' . LB;
+ } else {
+ $retval .= '<p>' . $LANG_DIR['no_articles'] . '</p>';
+ }
+
+ $retval .= LB;
+
+ return $retval;
+}
+
+/**
+* Display main view (list of years)
+*
+* Displays an overview of all the years and months, starting with the first
+* year for which a story has been posted. Can optionally display a list of
+* the stories for the current month at the top of the page.
+*
+* @param string $topic current topic
+* @param bool $list_current_month true = list stories f. current
month
+* @return string list of all the years in the db
+*
+*/
+function DIR_displayAll ($topic, $list_current_month = false)
+{
+ global $_TABLES, $LANG_DIR;
+
+ $retval = '';
+
+ if ($list_current_month) {
+ $currentyear = date ('Y', time ());
+ $currentmonth = date ('n', time ());
+
+ $retval .= DIR_displayMonth ($topic, $currentyear, $currentmonth);
+
+ $retval .= '<hr' . XHTML . '>' . LB;
+ }
+
+ $retval .= '<div><h1 style="display:inline">' . $LANG_DIR['title']
+ . '</h1> ' . DIR_topicList ($topic) . '</div>' . LB;
+
+ $yearsql = array();
+ $yearsql['mysql'] = "SELECT DISTINCT YEAR(date) AS year,date FROM
{$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW())" .
COM_getTopicSql ('AND') . COM_getPermSql ('AND') . COM_getLangSQL
('sid', 'AND');
+ $yearsql['mssql'] = "SELECT YEAR(date) AS year FROM
{$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW())" .
COM_getTopicSql ('AND') . COM_getPermSql ('AND') . COM_getLangSQL
('sid', 'AND');
+ $ysql = array();
+ $ysql['mysql'] = $yearsql['mysql'] . " GROUP BY YEAR(date) ORDER BY
date DESC";
+ $ysql['mssql'] = $yearsql['mssql'] . " GROUP BY YEAR(date) ORDER BY
YEAR(date) DESC";
+
+ $yresult = DB_query ($ysql);
+ $numyears = DB_numRows ($yresult);
+
+ for ($i = 0; $i < $numyears; $i++) {
+ $Y = DB_fetchArray ($yresult);
+
+ $retval .= DIR_displayYear ($topic, $Y['year']);
+ }
+
+ return $retval;
+}
+
+// MAIN
+$display = '';
+
+if (isset ($_POST['topic']) && isset ($_POST['year']) && isset
($_POST['month'])) {
+ $topic = $_POST['topic'];
+ $year = $_POST['year'];
+ $month = $_POST['month'];
+} else {
+ COM_setArgNames (array ('topic', 'year', 'month'));
+ $topic = COM_getArgument ('topic');
+ $year = COM_getArgument ('year');
+ $month = COM_getArgument ('month');
+}
+
+$topic = COM_applyFilter ($topic);
+if (empty ($topic)) {
+ $topic = 'all';
+}
+$year = COM_applyFilter ($year, true);
+if ($year < 0) {
+ $year = 0;
+}
+$month = COM_applyFilter ($month, true);
+if (($month < 1) || ($month > 12)) {
+ $month = 0;
+}
+
+if (($year != 0) && ($month != 0)) {
+ $title = sprintf ($LANG_DIR['title_month_year'],
+ $LANG_MONTH[$month], $year);
+ $display .= COM_siteHeader ('menu', $title);
+ $display .= DIR_displayMonth ($topic, $year, $month, true);
+ $display .= DIR_navBar ($topic, $year, $month);
+} else if ($year != 0) {
+ $title = sprintf ($LANG_DIR['title_year'], $year);
+ $display .= COM_siteHeader ('menu', $title);
+ $display .= DIR_displayYear ($topic, $year, true);
+ $display .= DIR_navBar ($topic, $year);
+} else {
+ $display .= COM_siteHeader ('menu', $LANG_DIR['title']);
+ $display .= DIR_displayAll ($topic, $conf_list_current_month);
+}
+
+$display .= COM_siteFooter (true);
+
+echo $display;
+
+?>
Added: externals/geeklog-1.5.2sr4/public_html/docs/calendar.html
==============================================================================
--- (empty file)
+++ externals/geeklog-1.5.2sr4/public_html/docs/calendar.html Sat Apr 18
06:21:39 2009
@@ -0,0 +1,131 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML
4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+ <title>Geeklog Documentation - Calendar Plugin</title>
+ <link rel="stylesheet" type="text/css" href="docstyle.css" title="Dev
Stylesheet">
+</head>
+
+<body>
+<p><a href="index.html" style="background:transparent"><img
src="images/newlogo.gif" alt="Geeklog Documentation" width="243"
height="90"></a></p>
+<div class="menu"><a href="index.html">Geeklog Documentation</a> -
Calendar Plugin</div>
+
+<h1>Calendar Plugin</h1>
+
+<p>Events and the calendar used to be an integral part of the Geeklog core
code,
+but have been moved to a plugin as of Geeklog 1.4.1.</p>
+
+<h2><a name="config.php">Configuration</a></h2>
+
+<p>The calendar's configuration can be changed from the Configuration admin
+panel:</p>
+
+<h3><a name="general">General Calendar Settings</a></h3>
+
+<table>
+<tr><th style="width:25%">Variable</th>
+ <th style="width:25%">Default Value</th>
+ <th style="width:50%">Description</th>
+</tr>
+<tr>
+ <td><a name="desc_calendarloginrequired">calendarloginrequired</a></td>
+ <td>0</td>
+ <td>When set to 1, only registered users can access the calendar<br>
+ Please note that <code>$_CONF['<a
+ href="config.html#desc_loginrequired">loginrequired</a>']</code> in
+ Geeklog's main configuration takes precedence over this setting. So
when
+ <code>'loginrequired'</code> is set to 1, anonymous users can not
access
+ the calendar even when <code>'calendarloginrequired'</code> is set
+ to 0.</td>
+</tr>
+<tr class="r2">
+ <td><a name="desc_hidecalendarmenu">hidecalendarmenu</a></td>
+ <td>0</td>
+ <td>Whether to hide the "Calendar" entry from Geeklog's menu bar (when
set to
+ 1) or to show it (when set to 0).</td>
+</tr>
+<tr>
+ <td><a name="desc_personalcalendars">personalcalendars</a></td>
+ <td>0</td>
+ <td>Allow account holders to have a personal calendar</td>
+</tr>
+<tr class="r2">
+ <td><a name="desc_eventsubmission">eventsubmission</a></td>
+ <td>1</td>
+ <td>Whether events submitted by users will have to be approved by an
admin
+ first (when set = 1) or show up immediately (when set = 0).</td>
+</tr>
+<tr>
+ <td><a name="desc_showupcomingevents">showupcomingevents</a></td>
+ <td>1</td>
+ <td>Whether to show upcoming events (0 = no, 1 = yes) in a separate
+ block.</td>
+</tr>
+<tr class="r2">
+ <td><a name="desc_upcomingeventsrange">upcomingeventsrange</a></td>
+ <td>14</td>
+ <td>Number of days that the "Upcoming Events" block will look
+ ahead.</td>
+</tr>
+<tr>
+ <td><a name="desc_hour_mode">hour_mode</a></td>
+ <td>12</td>
+ <td>Which format to use when submitting or editing an event. Can be 12
(for
+ the 12 hours am/pm format) or 24 (for the 24 hours format).<br>
+ Uses the same value as <a
+ href="config.html#desc_hour_mode">$_CONF['hour_mode']</a> by
default.</td>
+</tr>
+<tr class="r2">
+ <td><a name="desc_event_types">event_types</a></td>
+ <td>Anniversary, Appointment, Birthday, Business, Education, Holiday,
Meeting, Miscellaneous, Personal, Phone Call, Special Occasion, Travel,
Vacation</td>
+ <td>The set of event types that are used both on the public calendar and
the
+ user's personal calendar.</td>
+</tr>
+<tr>
+ <td><a name="desc_notification">notification</a></td>
+ <td>0</td>
+ <td>Whether to send an email notification when a new event was submitted
for
+ the site's calendar (when set to = 1) or not (when set to = 0).<br>
+ No notification is ever sent for events in personal calendars.</td>
+</tr>
+<tr class="r2">
+ <td><a name="desc_delete_event">delete_event</a></td>
+ <td>0</td>
+ <td>Defines what to do when a user is deleted that is the owner of an
event.
+ When set to 0, all events owned by the deleted user will be assigned
to a
+ user of the "Root" group (e.g. the site admin). When set to 1, the
events
+ are deleted. This only applies to site events - a user's personal
events
+ are always deleted.</td>
+</tr>
+<tr>
+ <td><a name="desc_aftersave">aftersave</a></td>
+ <td>'list'</td>
+ <td>Which page to go to after an event has been saved:
+ <ul>
+ <li>'item': display the event details</li>
+ <li>'list': show admin's list of events (default)</li>
+ <li>'plugin': display the calendar</li>
+ <li>'home': display the site's homepage</li>
+ <li>'admin': go to the "Admin Home" page, i.e. Command &
Control</li>
+ </ul></td>
+</tr>
+</table>
+
+
+<h2><a name="others">Other Options</a></h2>
+
+<p>Please note that some of the options from Geeklog's main configuration
+are also relevant for the calendar plugin:</p>
+<ul>
+<li>Times and dates are formatted according to the current language and the
+ <a href="config.html#locale">locale settings</a> from Geeklog's main
+ configuration.</li>
+</ul>
+
+
+<div class="footer">
+ <a href="http://wiki.geeklog.net/">The Geeklog Documentation
Project</a><br>
+ All trademarks and copyrights on this page are owned by their
respective owners. Geeklog is copyleft.
+</div>
+
+</body>
+</html>
Added: externals/geeklog-1.5.2sr4/public_html/docs/changed-files
==============================================================================
--- (empty file)
+++ externals/geeklog-1.5.2sr4/public_html/docs/changed-files Sat Apr 18
06:21:39 2009
@@ -0,0 +1,6 @@
+geeklog-1.5.2sr4/public_html/admin/install/index.php
+geeklog-1.5.2sr4/public_html/docs/changed-files
+geeklog-1.5.2sr4/public_html/docs/changes.html
+geeklog-1.5.2sr4/public_html/docs/history
+geeklog-1.5.2sr4/public_html/siteconfig.php
+geeklog-1.5.2sr4/public_html/usersettings.php
Added: externals/geeklog-1.5.2sr4/public_html/docs/changes.html
==============================================================================
--- (empty file)
+++ externals/geeklog-1.5.2sr4/public_html/docs/changes.html Sat Apr 18
06:21:39 2009
@@ -0,0 +1,1287 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML
4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+ <title>Geeklog Documentation - Changes</title>
+ <link rel="stylesheet" type="text/css" href="docstyle.css" title="Dev
Stylesheet">
+</head>
+
+<body>
+<p><a href="index.html" style="background:transparent"><img
src="images/newlogo.gif" alt="Geeklog Documentation" width="243"
height="90"></a></p>
+<div class="menu"><a href="index.html">Geeklog Documentation</a> -
Changes</div>
+
+<h1>Changes</h1>
+
+<p>This document is intended to give a quick overview over the most
important
+and / or obvious changes. For a detailed list of changes, please consult
the
+<a href="history">ChangeLog</a>. The file <tt>docs/changed-files</tt> has
a list
+of files that have been changed since the last release.</p>
+
+<h2><a name="changes152sr4">Geeklog 1.5.2sr4</a></h2>
+
+<p>Bookoo of the Nine Situations Group posted another SQL injection
exploit, targetting an old bug in usersettings.php. As with the previous
issues, this allowed an attacker to extract the password hash for any
account and is fixed with this release.</p>
+
+
+<h2><a name="changes152sr3">Geeklog 1.5.2sr3</a></h2>
+
+<p>Bookoo of the Nine Situations Group posted another SQL injection
exploit, this time targetting the webservices API. As with the previous
issue, this allowed an attacker to extract the password hash for any
account and is fixed with this release.</p>
+
+
+<h2><a name="changes152sr2">Geeklog 1.5.2sr2</a></h2>
+
+<p>Bookoo of the Nine Situations Group posted an SQL injection exploit for
glFusion that also works with Geeklog. This issue allowed an attacker to
extract the password hash for any account and is fixed with this
release.</p>
+
+
+<h2><a name="changes152sr1">Geeklog 1.5.2sr1</a></h2>
+
+<p>Fernando Muñoz reported a possible <a
href="http://en.wikipedia.org/wiki/XSS" title="Click to look up 'XSS' on
Wikipedia" style="text-decoration: none; color: black; border-bottom: 1px
dotted black;">XSS</a> in the query form on most admin panels that we are
fixing with this release.</p>
+
+
+<h2><a name="changes152">Geeklog 1.5.2</a></h2>
+
+<h3>Bugfixes</h3>
+
+<ul>
+<li>Fixed a bug in the story preview where the story content was lost when
+ previewing a story with a duplicate story ID.</li>
+<li>Fixed another bug in the story preview that caused extra backslashes to
+ appear in the story's title.</li>
+<li>The Trackback editor didn't work since the security token was missing
from
+ the editor template.</li>
+<li>Fixed issues with clickable links in plain text postings.</li>
+<li>Fixed various problems with updating feeds, e.g. when changing topic
+ permissions.</li>
+</ul>
+
+<h3>Fixes in the bundled Plugins</h3>
+
+<ul>
+<li>Calendar: You couldn't add a new event to your personal calendar.</li>
+<li>Links: Changing a link's ID to one that was already in use overwrote
the
+ other link.</li>
+<li>Polls: Changing a poll's ID created a new poll. Also fixed an SQL error
+ when the poll question contained single quotes.</li>
+<li>Static Pages: Saving a static page changed the owner to the user who
saved
+ it.</li>
+</ul>
+
+<h3>Other Changes</h3>
+
+<ul>
+<li>Improved image quality when using gdlib to rescale uploaded
images.</li>
+<li>Theme changes are documented in the <a href="theme.html#changes">theme
+ documentation</a>, as usual. There are 4 bugfixes (one of which is in
the
+ templates for the Polls plugin) that should be applied to all themes
for
+ the 1.5.x series.</li>
+</ul>
+
+
+<h2><a name="changes151">Geeklog 1.5.1</a></h2>
+
+<p>Geeklog 1.5.1 is mostly a bugfix release and a recommended upgrade for
users
+of Geeklog 1.5.0. There were also a few minor feature additions.</p>
+
+<h3>Bugfixes</h3>
+
+<h4>Security related</h4>
+
+<ul>
+<li>The upload script for FCKeditor could be <a
+ href="http://www.geeklog.net/article.php/file-uploads">called
directly</a>
+ to upload various media files (but not executable scripts), as reported
+ by t0pP8uZz.</li>
+<li>The protection in various include files against direct execution did
not
+ work properly on non-case sensitive file systems, e.g. on Windows
+ (reported by Mark Evans).</li>
+<li>It was possible to view stories with a publication date in the future
and
+ stories that had the draft flag set if you knew their story ID.</li>
+<li>It was possible to post comments on unpublished stories if you knew
their
+ story ID.</li>
+<li>When a database backup fails, the database password is no longer
logged to
+ <tt>error.log</tt>.</li>
+</ul>
+
+<h4>Other Bugfixes</h4>
+
+<ul>
+<li>All right-side blocks were rendered twice, which not only took more
time
+ than necessary, but could also affect the functionality of add-ons like
+ the Chatterblock or Shoutbox.</li>
+<li>Fixed handling of security tokens (for CSRF protection) that prevented
+ you from deleting comments on a story that had trackbacks.</li>
+<li>Other fixes were applied to the user submission queue, story
submissions,
+ the list of draft stories and the support for MS SQL.</li>
+</ul>
+
+<h4>Fixes in the bundled Plugins</h4>
+
+<ul>
+<li>Calendar: Fixed display of events in the Upcoming Events block for the
+ current day (really this time ...).</li>
+<li>Links: Fixed SQL error when trying to change a category and fixed new
+ categories silently overwriting existing categories with the same
ID.</li>
+<li>Static Pages: Fixed printer friendly version when <tt>url_rewrite</tt>
is
+ enabled.</li>
+</ul>
+
+<h3>New Features and Improvements</h3>
+
+<ul>
+<li>Includes <a href="http://www.fckeditor.net/">FCKeditor</a> 2.6.3</li>
+<li>In multi-language setups, blocks can now also be multi-lingual.</li>
+<li>New "Subscribe to ..." feed story option when there is a separate feed
for
+ a story's topic.</li>
+<li>New option "All Frontpage Stories" for article feeds (skip stories
that have
+ the "Show only in topic" option set).</li>
+<li>Allow to unset Configuration options again after they have
been "restored",
+ e.g. after accidental activation.</li>
+<li>Configuration options can now be overwritten in
<tt>siteconfig.php</tt>.
+ This is mostly useful for the <code>$_CONF['rootdebug']</code>
option.</li>
+<li>Remotely authenticated users can now use the webservices (they need to
use
+ <tt>username @ servicename</tt> for their username).<br>
+ <strong>Note:</strong> OpenID users can <em>not</em> use the
webservices,
+ due to technical issues with the authentication method.</li>
+<li>Improved compatibility of the webservices (i.e. AtomPub).</li>
+</ul>
+
+<h3>Theme Changes</h3>
+
+<p>There was one mandatory theme change: The template file for
configuration
+ items, <tt>admin/config/config_element.thtml</tt> has to be updated
(copy
+ from the Professional theme). All other theme changes in this release
are
+ optional - see the <a href="theme.html#changes">theme documentation</a>
for
+ details.</p>
+
+
+<h2><a name="changes150">Geeklog 1.5.0</a></h2>
+
+<h3>Results from the Summer of Code</h3>
+
+<p>This release incorporates the following projects implemented during the
+the 2007 Google Summer of Code:</p>
+
+<ul>
+<li>New user-friendly install script by Matt West</li>
+<li>New Configuration GUI (replacing config.php) by Aaron Blankstein</li>
+<li>New Webservices API based on the Atom Publishing Protocol by Ramnath
R. Iyer</li>
+</ul>
+
+<h3>Other New Features and Improvements</h3>
+
+<ul>
+<li>OpenID support: You can now allow users to log into your site using an
+ OpenID, so that they don't need to create a new account with your site
but
+ still get all the benefits of a normal registered user.</li>
+<li>New LDAP remote authentication module.</li>
+<li>The Links plugin now has hierarchical (sub-)categories.</li>
+<li>Updated <a href="http://www.fckeditor.net/">FCKeditor</a> to version
2.6.</li>
+<li>Rewrite of the underlying story code. Amongst other things, this should
+ finally resolve all outstanding issues with the handling of special
+ characters, HTML entities, etc. in stories. Also introduces a new
+ <code>[raw]</code> tag as an inline complement to <code>[code]</code>
when
+ you want to post pieces of code (e.g. HTML) "as is", so that they are
not
+ interpreted.</li>
+<li>Comments can now be closed, i.e. existing comments will still be
displayed
+ but no new comment can be posted.</li>
+<li>The Polls plugin now allows for multiple questions per poll.</li>
+<li>The Static Pages plugin now supports comments.</li>
+<li>The database backup admin panel now lets you delete and download
+ backups.</li>
+<li>The default Professional theme is now HTML 4.01 Strict compliant.
Geeklog
+ now also <a href="theme.html#xhtml">supports XHTML</a> (given an XHTML
+ compliant theme).</li>
+</ul>
+
+<h3>Security</h3>
+
+<ul>
+<li>Geeklog now includes protection against <a
href="http://www.geeklog.net/article.php/csrf">cross-site request
forgery</a> attacks.</li>
+<li>Lukasz Pilorz reported <a
href="http://www.geeklog.net/article.php/kses">security issues in kses</a>,
the HTML filter we're using in Geeklog.</li>
+</ul>
+
+
+<h2><a name="changes141">Geeklog 1.4.1</a></h2>
+
+<h3>New Features</h3>
+
+<ul>
+<li>Support for Microsoft SQL Server. Starting with this release, Geeklog
can
+ now also be installed on Microsoft SQL Server, so it's no longer
restricted
+ to just MySQL. The MS SQL support was developed by Randy Kolenko.
+ Thanks, Randy!<br>
+ Please note that any third-party plugins will have to offer support for
+ MS SQL before they can be installed on Microsoft SQL Server. The
bundled
+ plugins (Calendar, Links, Polls, Spam-X, Static Pages) have already
been
+ updated accordingly.</li>
+<li><a href="calendar.html">Calendar plugin</a>. The formerly built-in
calendar
+ and events have now been moved into a separate plugin. This
complements the
+ move of the <a href="polls.html">polls</a> and <a
href="links.html">links</a> sections into plugins in Geeklog 1.4.0 and
makes Geeklog more modular as you
+ can now easily disable or replace functionality that you don't need for
+ your site.</li>
+<li><a
href="http://wiki.geeklog.net/wiki/index.php/Multi-Language_Support">Multi-language
support</a>. It is now possible to build truly multi-lingual sites
+ with Geeklog where not only the navigation but also the content of the
site
+ changes with the language.</li>
+<li>Ships with <a href="http://www.fckeditor.net/">FCKeditor</a> 2.3.1,
which once
+ again includes a file manager for uploading images.</li>
+<li>A function for mass-deletion of old or inactive users. The list
automatically
+ searches for users that have never logged in, only used the site for a
very
+ short time or have not been online since a very long time. The time
span can
+ be varied, and found users can be selectively deleted.</li>
+</ul>
+
+<h3>Security</h3>
+
+<p>In the light of the security issues discovered in Geeklog 1.4.0 and
earlier
+versions, the Geeklog source code has undergone a code review. We have
+identified and addressed several minor issues and introduced new measures
to
+enhance security in this release. As a welcome side effect, the code
reviews
+have also uncovered a few bugs and inconsistencies that we also fixed in
this
+release.</p>
+
+<h3>Spam Protection</h3>
+
+<p>With this release we are finally removing support for the <a
href="http://www.geeklog.net/article.php/mt-blacklist-discontinued">discontinued</a>
MT-Blacklist. In its place, we are now using a system called Spam Link
Verification (SLV) run by Russ Jones at <a
href="http://www.linksleeve.org/">www.linksleeve.org</a>. SLV could be
described as a community-driven, automatically updated blacklist. See the
documentation of the <a href="spamx.html" rel="nofollow">Spam-X plugin</a>
for details.</p>
+
+
+<h2><a name="changes140sr6">Geeklog 1.4.0sr6</a></h2>
+
+<p>MustLive pointed out a possible <a
href="http://en.wikipedia.org/wiki/XSS" title="Click to look up 'XSS' on
Wikipedia" style="text-decoration: none; color: black; border-bottom: 1px
dotted black;">XSS</a> in the form to email an article to a friend that
we're fixing with this release.</p>
+
+
+<h2><a name="changes140sr5-1">Geeklog 1.4.0sr5-1</a></h2>
+
+<p>This release fixes display problems in the comment preview that were
only
+introduced in Geeklog 1.4.0sr5.</p>
+
+
+<h2><a name="changes140sr5">Geeklog 1.4.0sr5</a></h2>
+
+<p>JPCERT/CC informed us about a possible <a
href="http://en.wikipedia.org/wiki/XSS" title="Click to look up 'XSS' on
Wikipedia" style="text-decoration: none; color: black; border-bottom: 1px
dotted black;">XSS</a> in the comment handling that we're fixing with this
release.</p>
+
+
+<h2><a name="changes140sr4">Geeklog 1.4.0sr4</a></h2>
+
+<p>Two exploits have been released by "rgod" for insecure Geeklog
installations and for a bug in the "mcpuk" file manager that we've been
shipping as part of FCKeditor in all previous 1.4.0 releases.</p>
+
+<ul>
+<li>Some of the files outside of the public_html directory were not
protected
+ against direct execution. If Geeklog was installed such that those
files
+ were accessible from a URL (which has always been strongly discouraged
in
+ the installation instructions) then those files could be used to load
and
+ execute malicious code from a remote server.
+ <br><br>
+ More information: <a
+ href="http://www.geeklog.net/article.php/so-called-exploit">So-called
+ Geeklog "exploit" posted</a>
+ <br><br>
+ In this release, we've added the missing execution prevention for all
files
+ outside of public_html. We would still, however, suggest that you fix
your
+ Geeklog install if the files outside of public_html are accessible
from a
+ URL (see our <a
+
href="http://www.geeklog.net/faqman/index.php?op=view&t=56">FAQ</a> for
+ details).
+</li>
+<li>The "mcpuk" file manager that we've integrated into FCKeditor allowed
the
+ upload of arbitrary PHP code (even if FCKeditor was disabled in
Geeklog's
+ config.php). Depending on your webserver's configuration, it was then
+ possible to execute that uploaded code.
+ <br><br>
+ More information: <a
href="http://www.geeklog.net/article.php/exploit-for-fckeditor-filemanager">Exploit
for FCKeditor's mcpuk file manager</a>
+ <br><br>
+ The file manager has been removed from this release. You will
therefore no
+ longer be able to upload files, e.g. images, through FCKeditor. Future
+ versions of Geeklog will ship with an updated version of FCKeditor and
its
+ included file manager.
+</li>
+</ul>
+
+<p>Note: This release also includes the <a
+href="http://www.geeklog.net/article.php/fighting-trackback-spam">updated
+lib-trackback.php</a> for better protection against Trackback spam.</p>
+
+
+<h2><a name="changes140sr3">Geeklog 1.4.0sr3</a></h2>
+
+<p>This release addresses the following security issues:</p>
+<ol>
+<li>Possible SQL injection and authentication bypass in
<tt>auth.inc.php</tt>
+ (reported by the Security Science Researchers Institute Of Iran).</li>
+<li>Possible XSS in <tt>getimage.php</tt>
+ (reported by the Security Science Researchers Institute Of Iran).</li>
+<li>Path disclosure in <tt>getimage.php</tt> and the
<tt>functions.php</tt> of
+ some themes, e.g. the Professional theme
+ (reported by the Security Science Researchers Institute Of Iran).</li>
+<li>Possible SQL injection in story submissions.</li>
+</ol>
+
+
+<h2><a name="changes140sr2">Geeklog 1.4.0sr2</a></h2>
+
+<p>This release addresses the following security issues:</p>
+<ul>
+<li>Konstantin Dyakoff found an old bug in the session handling that would
+ allow anyone to log in as any user.</li>
+<li>HTML was not stripped from the Location field in a user's profile.</li>
+</ul>
+
+
+<h2><a name="changes140sr1">Geeklog 1.4.0sr1</a></h2>
+
+<p>This release addresses the following security issues:</p>
+<ul>
+<li>James Bercegay of GulfTech Security Research reported several issues
with
+ Geeklog's cookie handling that made it vulnerable to SQL injections,
+ arbitrary file access, and even injection and execution of arbitrary
+ code.</li>
+</ul>
+
+
+<h2><a name="changes140">Geeklog 1.4.0</a></h2>
+
+<p><small>(Geeklog 1.4.0 was originally supposed to be called 1.3.12, so
any
+references you may find to a version 1.3.12 apply to version
1.4.0)</small></p>
+
+<h3>New Features</h3>
+
+<ul>
+<li>Geeklog now officially works with <code>register_globals = off</code>.
+ Please note that some plugins may still require it to be
<code>on</code>,
+ though.</li>
+<li>Added support for sending and receiving <a
+ href="http://en.wikipedia.org/wiki/Trackback">Trackback</a> and <a
+ href="http://en.wikipedia.org/wiki/Pingback">Pingback</a> comments.
Both
+ are supported for stories, but there is also a new plugin API so that
+ plugins can use this feature, too. Trackback and Pingback can be
disabled
+ in <tt>config.php</tt>.</li>
+<li>Added the ability to "ping" weblog directory services to advertise site
+ updates (preconfigured to ping <a
+ href="http://pingomatic.com">Ping-o-Matic</a>). As with Trackback and
+ Pingback, this is supported for stories, but plugins can also make use
of
+ this feature via the plugin API.</li>
+<li>New syndication framework so that Geeklog can now <strong>read and
+ write</strong> feeds in different formats (currently supported: RSS,
RDF,
+ and Atom).</li>
+<li>New administrator controlled user status. Including banning and
+ administrator activation of accounts.</li>
+<li>New Remote Authentication system to allow people with accounts on
remote
+ services such as Blogger.com or LiveJournal.com to login to your site
+ without having to directly register on your site. (Remote accounts can
be
+ banned as normal accounts).</li>
+<li>The Admin sections have been revamped to provide a more consistent
look and
+ sortable lists. "Command and Control" (<tt>moderation.php</tt>) now
also
+ comes with a new set of icons and has one icon for every Admin section.
+ Furthermore, the Admin block and Command and Control can be <a
+ href="config.html#desc_sort_admin">sorted</a> alphabetically.</li>
+<li>Ships with <a href="http://www.fckeditor.net/">FCKeditor</a> (WYSIWYG
+ editor). To <a href="config.html#desc_advanced_editor">enable</a>, set
+ <code>$_CONF['advanced_editor'] = true;</code> in your
+ <tt>config.php</tt>.</li>
+<li>The search now only displays a specified amount of results per page to
+ avoid running into timeouts when searching through large databases.<br>
+ <b>Note:</b> Plugins will have to be updated to support the "paged"
search.
+ Until then, Geeklog fakes the paged results for plugin searches, which
+ means that a plugin that hasn't been updated will still search through
the
+ entire database, but Geeklog will only display the results for the
current
+ result page.</li>
+<li>Introduced an "Article Directory", providing an overview of all past
+ articles, sorted by year and month.</li>
+<li>The default permissions for new objects (stories, topics, blocks,
etc.) can
+ now be set in config.php.</li>
+</ul>
+
+<h3>Compatibility</h3>
+
+<ul>
+<li>Due to the changes, themes will have to be updated to work with Geeklog
+ 1.4.0. See the <a href="theme.html#changes">list of theme changes</a>
for
+ details.</li>
+<li>The plugin API for comments has changed. Plugins using comments will
have
+ to be updated to work with Geeklog 1.4.0.</li>
+</ul>
+
+<h3>More Information</h3>
+
+<p>We have posted a series of stories on the Geeklog homepage that
highlight and explain some of the new features:</p>
+<ul>
+<li><a href="http://www.geeklog.net/article.php/advanced-editor">Geeklog's
Advanced Editor</a></li>
+<li><a
href="http://www.geeklog.net/article.php/remote-authentication">Remote
Authentication</a></li>
+<li><a
href="http://www.geeklog.net/article.php/trackback-pingback">Trackback and
Pingback</a></li>
+<li><a href="http://www.geeklog.net/article.php/ping">Sending a
Ping</a></li>
+<li><a href="http://www.geeklog.net/article.php/comment-plugin-api">New
Comment Plugin API</a></li>
+</ul>
+
+
+<h2><a name="changes1311sr7">Geeklog 1.3.11sr7</a></h2>
+
+<p>JPCERT/CC informed us about a possible <a
href="http://en.wikipedia.org/wiki/XSS" title="Click to look up 'XSS' on
Wikipedia" style="text-decoration: none; color: black; border-bottom: 1px
dotted black;">XSS</a> in the comment handling that we're fixing with this
release.</p>
+
+
+<h2><a name="changes1311sr6">Geeklog 1.3.11sr6</a></h2>
+
+<p>This release addresses the following security issues:</p>
+<ol>
+<li>Possible SQL injection and authentication bypass in
<tt>auth.inc.php</tt>
+ (reported by the Security Science Researchers Institute Of Iran).</li>
+<li>Possible XSS in <tt>getimage.php</tt>
+ (reported by the Security Science Researchers Institute Of Iran).</li>
+<li>Path disclosure in <tt>getimage.php</tt> and the
<tt>functions.php</tt> of
+ some themes, e.g. the Professional theme
+ (reported by the Security Science Researchers Institute Of Iran).</li>
+<li>Possible SQL injection in story submissions.</li>
+</ol>
+
+
+<h2><a name="changes1311sr5">Geeklog 1.3.11sr5</a></h2>
+
+<ul>
+<li>Konstantin Dyakoff found an old bug in the session handling that would
+ allow anyone to log in as any user.</li>
+</ul>
+
+
+<h2><a name="changes1311sr4">Geeklog 1.3.11sr4</a></h2>
+
+<p>This release addresses the following security issues:</p>
+<ul>
+<li>James Bercegay of GulfTech Security Research reported several issues
with
+ Geeklog's cookie handling that made it vulnerable to SQL injections,
+ arbitrary file access, and even injection and execution of arbitrary
+ code.</li>
+</ul>
+
+
+<h2><a name="changes1311sr3">Geeklog 1.3.11sr3</a></h2>
+
+<p>This release addresses the following security issues:</p>
+
+<ol>
+<li>Provided you knew the story id, it was possible to submit comments for
+ stories even if you did not have access to those stories
+ (reported by LWC). The same problem also existed with poll
comments.</li>
+<li>Supplying an illegal start or end date to the advanced search resulted
in a
+ warning message that disclosed the path to the Geeklog install on the
+ server (reported by r0t3d3Vil).<br>
+ It was <strong>not</strong> possible to use this for SQL
injections.</li>
+</ol>
+
+<p>Also included in this release are bugfixes, e.g. for the problems
editing
+static pages when URL rewriting was enabled, that were introduced in
+1.3.11sr2.</p>
+
+
+<h2><a name="changes1311sr2">Geeklog 1.3.11sr2</a></h2>
+
+<p>This release provides security enhancements and better spam protection
+originally developed for Geeklog 1.3.12. It also addresses a few bugs where
+the bugfix could be integrated with a reasonable amount of work (other
bugfixes
+will have to wait for the 1.3.12 release).
+
+<h3>Security and Spam protection</h3>
+<ul>
+<li>There is now a speed limit for login attempts, defaulting to three
tries
+ in a five minute period (<a
+ href="config.html#desc_login_attempts">configurable</a> in
+ <tt>config.php</tt>).</li>
+<li>Linefeeds are filtered from the To:, From:, and Subject: fields of any
+ email sent through <code>COM_mail</code>.</li>
+<li>When a new user account is created and the user submission queue is
enabled
+ in <tt>config.php</tt>, Geeklog now ensures that the new account is
properly
+ queued even in the unlikely event that the account creation fails
halfway
+ through.</li>
+<li>When a post is identified as spam, it now also triggers the speed limit
+ (ie. posters will have to wait for the speed limit to expire before
they
+ can make another submission).</li>
+<li>Spam posts now get a 403 "Forbidden" HTTP response code.</li>
+<li>Spam checks are now done for comments, story, link, and event
submissions,
+ the message sent with the "email story to a friend" option, and for the
+ contents of the user profile.</li>
+<li><a href="http://www.geeklog.net/article.php/spam-x-1.0.2"
+ rel="nofollow">Spam-X plugin 1.0.2</a> included.</li>
+</ul>
+
+<p>Please note that MT-Blacklist (used by Spam-X) has recently been <a
href="http://www.geeklog.net/article.php/mt-blacklist-discontinued">discontinued</a>.
The
+Spam-X plugin as included in this release is configured to get the last
version
+of the blacklist from geeklog.net, but there will be no more updates.</p>
+
+<h3>Bugfixes</h3>
+<ul>
+<li>Fixed an error message thrown up by PHP 5.0.5 or later when viewing the
+ article page (bug #483).</li>
+<li>Quote names in email addresses as soon as they contain any
non-alphanumeric
+ characters, apart from the blank (bug #368). This should help when
trying
+ to email users with special characters in their name.</li>
+<li>Upgraded included kses class to version 0.2.2 which fixes problems with
+ Japanese and Thai characters (bugs #94 and #119).</li>
+<li>Fixed SQL error when using the [staticpage:] autotag (bug #373).</li>
+</ul>
+<p>For a complete list of bugfixes, please see the Changelog.</p>
+
+<h3>Improvements</h3>
+<ul>
+<li>Added support for a <code>custom_usercheck</code> function (for the
+ custom registration code). See the included <tt>lib-custom.php</tt> for
+ details.</li>
+<li>Improved handling of the auto-archive option in <tt>index.php</tt>,
which
+ should slightly improve page load times.</li>
+<li>Includes several new and updated language files.</li>
+<li>Includes updated PEAR classes.</li>
+</ul>
+
+
+<h2><a name="changes1311sr1">Geeklog 1.3.11sr1</a></h2>
+<p>This release addresses the following security issue:</p>
+<ul>
+<li>Stefan Esser found an SQL injection that can, under certain
circumstances,
+be exploited to extract user data such as the user's password hash.</li>
+</ul>
+
+<h2><a name="changes1311">Geeklog 1.3.11</a></h2>
+
+<p>Geeklog 1.3.11 is a <strong>bugfix and security release</strong> over
Geeklog 1.3.10 and is meant to replace 1.3.10. The change in the version
number was necessary since one of the bugfixes involves a change in the
database.</p>
+
+<h3>Security issues</h3>
+<ol>
+<li>It was possible to submit stories anonymously even if anonymous
submissions
+ were turned off in <tt>config.php</tt> (reported by Barry Wong).<br>
+ These stories still ended up in the submission queue, though, unless
you
+ disabled it in <tt>config.php</tt>.</li>
+<li>Some of the parameters in link and event submissions weren't filtered,
+ leaving them open to potential SQL injections.</li>
+<li>The links for the What's Related block were created from the unfiltered
+ story text, opening the possibility of XSS attacks (reported by Vincent
+ Furia).</li>
+</ol>
+
+<h3>Bugfixes</h3>
+<ul>
+<li>Fixes the length of the 'sid' field in the gl_comments table. Using
story
+ IDs longer than 20 characters prevented comment posts from being
associated
+ with the story.</li>
+<li>Ensures compatibility with PHP 4.1.x (includes updated PEAR
packages).</li>
+<li>Fixes the archiving option being activated too early (bug #345).</li>
+<li>Properly deletes comments and story images when deleting entire topics
+ (bug #339).</li>
+<li>Deletes comments when deleting polls.</li>
+<li>Fixes several bugs in the calendar and improves overall handling of
both
+ the site calendar and the personal calendars (bugs #268, #336, #338,
and
+ others).</li>
+<li>Fixes "More by <i>author</i>" and "More from <i>topic</i>" links in
+ articles.</li>
+<li>Various other fixes, see <tt>docs/history</tt> for details.</li>
+</ul>
+
+<p>We strongly advise users of Geeklog 1.3.10 to upgrade to 1.3.11 ASAP.
Upgrading should be relatively painless, as there weren't any changes in
the themes, language files, or config.php over 1.3.10.</p>
+
+
+<h2><a name="changes1310">Geeklog 1.3.10</a></h2>
+
+<h3>New Default Theme</h3>
+
+<p>This release comes with a new default theme: We've chosen the
Professional
+theme, kindly provided by Victor B. Gonzalez (of <a
href="http://aeonserv.com">Aeonserv</a> fame). The theme has been modified
slightly and is now fully HTML 4.01 and CSS compliant.</p>
+
+<p>We've also decided to remove the old set of themes (Classic, Clean,
Digital Monochrome, Gameserver, Smooth Blue, XSilver, Yahoo) from the
distribution. They are now available as a separate tarball.</p>
+
+<h3>New Features</h3>
+
+<ul>
+<li><a href="spamx.html" rel="nofollow">Spam-X plugin</a> included. Tom
Willet
+ has kindly provided his spam detection plugin, which is now part of the
+ default Geeklog install.<br>
+ The plugin has been modified slightly to store the blacklists in the
+ database. Users of the previous version of the plugin will have to
import
+ their personal blacklist via the plugin's admin panel.</li>
+<li>Story Archive feature: It is now possible to move stories to
an "archive"
+ topic or have them deleted automatically at a given time.</li>
+<!-- li>PDF support: Stories can be converted into PDFs (requires
installation
+ of third-party software - see config.php for details).</li -->
+<li>Customizable menu bar: The site's menu bar can now be <a
+ href="config.html#desc_menu_elements">configured</a> in config.php,
i.e.
+ you can choose which entries should be displayed there and in which
order.
+ It's also possible to add custom entries by providing a function in
+ lib-custom.php.</li>
+<li>Clickable links in text postings: URLs in non-HTML postings are now
+ recognized by Geeklog and displayed as clickable links.</li>
+<li>Editable story IDs: The IDs of stories can now be changed (like the
IDs of
+ static pages) to provide more readable URLs (and further improve the
+ chances of being picked up by seach engines, especially when used with
+ URL rewriting).</li>
+<li>Autolinks are a new form of links that can be used in stories and
comments.
+ An autolink takes the form
+ <code>[<i>name</i>:<i>id</i> <i>link text</i>]</code> where
<i>name</i> is
+ the tag name, <i>id</i> is the ID of an object the link should be
pointing
+ to, and <i>link text</i> is used as the text of the link.<br>
+ Example: <code>[story:email-bug About the email bug]</code> would be
+ translated into <code><a
href="http://example.com/article.php/email-bug">About the email
bug</a></code><br>
+ For the built-in autotags, the <i>link text</i> is optional and Geeklog
+ will use the title of the object (story / event / static page) if it
is not
+ given.<br>
+ Predefined autotags are <code>[story:]</code> to link to stories and
+ <code>[event:]</code> to link to events. Plugins can define their own
+ autotags to provide links to objects under their control. The Static
Pages
+ plugin already provides a <code>[staticpage:]</code> autotag.</li>
+<li>Customizable welcome email: The email that is sent out to users
+ registering with your site is now fully customizable by providing the
+ text in a text file (/path/to/geeklog/data/welcome_email.txt).</li>
+<li>Timezone hack: The popular "<a
+
href="http://www.geeklog.net/forum/viewtopic.php?showtopic=40196">timezone
+ hack</a>" is now included. It lets you set the site's timezone for when
+ your server is located in another timezone.</li>
+</ul>
+
+<h3>Other Improvements</h3>
+
+<ul>
+<li>Various changes have been made to improve the overall performance.</li>
+<li>On fresh installs, there is now an option to use InnoDB tables
(instead of
+ MyISAM) if your MySQL version supports them (as of MySQL 4.0, or
3.x "Max"
+ builds). Existing databases can be converted to InnoDB by using the
script
+ <tt>admin/install/toinnodb.php</tt>.<br>
+ <strong>Warning:</strong> Using InnoDB tables makes database backups
+ somewhat more complicated. Small and medium-sized sites should work
just
+ fine with MyISAM tables, so if in doubt <em>don't</em> use InnoDB
+ tables.</li>
+<li>The calendar's week can now either start on a Sunday or a Monday.</li>
+<li>The Static Pages plugin now has an option to display a printer-friendly
+ version of a static page.</li>
+</ul>
+
+<h3>Comments</h3>
+
+<ul>
+<li>The comment code has undergone major changes to improve performance and
+ add improvements like the ability to link to individual comments,
+ paging comments, etc.</li>
+<li>Users can now report abusive comments to the site admin.</li>
+<li>The site admin can get an email notification when a new comment is
+ posted (similar to the notification emails for new stories, links,
+ events, and users).</li>
+<li>The IP addresses of comment posters are now tracked and can be looked
up
+ directly by linking to a Whois service (or you can install Tom Willet's
+ <a
href="http://sf.net/project/showfiles.php?group_id=68255&package_id=95743">NetTools</a>,
which include a Whois function).</li>
+</ul>
+
+<h3>Security-related fixes</h3>
+
+<p><strong>Note:</strong> All of the following bugs were problems with
+Geeklog's permissions system and fall into the "information leakage"
category,
+i.e. under certain circumstances, site content was visible to persons who
+shouldn't be able to see it. None of these bugs were exploitable in the
sense
+that they could be used to gain privileges or cause damage to Geeklog or
the
+environment it's running in.</p>
+
+<ul>
+<li>Group Admins were able to list the members of all groups, even if they
were
+ not members of those groups.</li>
+<li>Group Admins were given a list of all the groups in the system, even if
+ they were not members of those groups (bug #280).</li>
+<li>Story and Event Admins were always given a list of all the stories /
all
+ the events, even when they didn't have read access to them (bug
#269).</li>
+<li>It was possible to request comments from stories even if the user
didn't
+ have permission to read the story (provided you knew both the story and
+ the comment id).</li>
+<li>Event permissions in the calendar's day and week view weren't checked
+ properly, so that events may have been visible to users who shouldn't
+ have been able to see them.</li>
+<li>It was possible to add any event to the personal calender, even if you
+ didn't have permissions to see it in the site calendar (provided you
knew
+ the event id).</li>
+</ul>
+
+<h3>Other bugfixes</h3>
+
+<ul>
+<li>Previewing and saving a story submission left the submitted story in
the
+ submission queue, but did additionally save it as a new story.</li>
+<li>Deleting an event from the personal calendar didn't work (bug
#199).</li>
+<li>Old userphotos weren't removed when the new photo had a different file
+ type, e.g. when changing from a .gif to a .jpg (bug #228).</li>
+<li>Scaling images didn't work when the image exceeded the max. height but
+ not the max. width (bug #242).</li>
+<li>Keeping an unscaled image wasn't possible when using gdlib to rescale
+ images (bug #197).</li>
+<li>When using gdlib, GIF images were converted to PNG format, but Geeklog
+ was still trying to display the GIF version. Since the LZW patent has
+ now <a href="http://www.unisys.com/about__unisys/lzw">expired</a>, it
is
+ safe to use GIF images again and the PNG conversion has been
dropped.</li>
+<li>The tarball also includes updated PEAR packages which should address
the
+ email problems some users were having (bug #246).<br>
+ <strong>Note:</strong> These are the same PEAR packages that already
+ shipped with Geeklog 1.3.9sr2.</li>
+</ul>
+
+<p>Please note that there have also been <a href="theme.html#changes">theme
+changes</a>, some of which are important to make the new features work
(e.g.
+the editable story IDs and the story archive options)!</p>
+
+<p>This release contains various improvements provided by the Geeklog
community
+(see the <tt>docs/history</tt> file for proper credits). Thank you!</p>
+
+<h2><a name="changes139sr3">Geeklog 1.3.9sr3</a></h2>
+<p>This release addresses the following security issues:</p>
+
+<ol>
+<li>It was possible to submit stories anonymously even if anonymous
submissions
+ were turned off in <tt>config.php</tt> (reported by Barry Wong).<br>
+ These stories still ended up in the submission queue, though, unless
you
+ disabled it in <tt>config.php</tt>.</li>
+<li>Some of the parameters in link and event submissions weren't filtered,
+ leaving them open to potential SQL injections.</li>
+</ol>
+
+
+<h2><a name="changes139sr2">Geeklog 1.3.9sr2</a></h2>
+<p>This release addresses the following security issues:</p>
+
+<ol>
+<li>Fixed a cross site scripting vulnerability caused by using the variable
+ <code>$topic</code> in the language files (bug #293).</li>
+<li>Prevent comment posts on stories or polls were comment posting has been
+ disabled.</li>
+</ol>
+
+<h3>Other fixes</h3>
+<ul>
+<li>Fixed <tt>lib-plugins.php</tt> to work properly with PHP 5.</li>
+<li>The complete tarball also includes updated PEAR packaged that fix
+ some of the reported email problems.</li>
+</ul>
+
+
+<h2><a name="changes139sr1">Geeklog 1.3.9sr1</a></h2>
+<p>This release addresses the following security issues:</p>
+
+<ol>
+<li>It was possible to post anonymous comments, even when anonymous comment
+ posting had been switched off in config.php.<br>
+ This bug was apparently exploited by spammers to send hundreds of spam
+ posts to certain Geeklog sites.</li>
+<li>Added additional speed limit checks for comments and submissions.</li>
+<li>If none of the topics were visible for anonymous users, the site's
index
+ page may still have displayed some stories for anonymous users,
depending
+ on the stories' permissions.</li>
+<li>Users still got Daily Digest emails for topics from which they had been
+ removed (bug #178).</li>
+<li>It was possible to subscribe to the Daily Digest for all topics, even
if
+ the user did not have access to certain topics.</li>
+<li>Comments to stories were sometimes listed in a user's profile, even if
the
+ user viewing the profile didn't have permissions to access the story
the
+ comments belonged to.</li>
+</ol>
+
+<h3>Other fixes</h3>
+<ul>
+<li>Fixed an SQL error in <code>COM_showTopics</code> if users excluded
topics
+ from their preferences.</li>
+<li>Fixed sporadic "Duplicate entry '...' for key 1." messages in
error.log,
+ caused by the handling of pseudo-session ids for anonymous users.</li>
+<li>Fixed incorrect author names in Daily Digest (bug #207).</li>
+<li>The <code>plugin_profileblocksedit_<i>plugin-name</i></code> Plugin API
+ function wasn't working due to a missing piece of code in
+ usersettings.php.</li>
+<li><code>COM_extractLinks</code> will now ignore anchor tags that do not
+ contain "<code>href</code>" (bug #183).</li>
+</ul>
+
+
+<h2><a name="changes139">Geeklog 1.3.9</a></h2>
+
+<h3>New Features</h3>
+
+<ul>
+<li>Geeklog now uses PEAR::Mail to send all emails. This gives you the
option
+ to send emails via PHP's built-in mail() function (as before), via
+ sendmail or via SMTP.</li>
+<li>There is a new admin option called Content Syndication that lets you
+ create and configure (RSS) feeds. In addition to the standard feed
+ containing all the new stories, you can now create feeds per topic, for
+ upcoming events, and for links.<br>
+ This feature is extensible in that plugins can provide additional
feeds.
+ It is also possible to provide feeds in formats other than RSS 0.91 by
+ providing additional feed classes.</li>
+<li>Admins can change the block order easily from the list of blocks
now.</li>
+<li>There is an alternative interface to adding users to groups (requires
+ JavaScript).</li>
+<li>Users in the Group Admin group can now only assign other users to
groups
+ of which they themselves are a member.</li>
+<li>Image upload can now also use the GD library to scale images.</li>
+<li>Comments now use templates.</li>
+<li>To accomodate strict webhosts who don't allow file uploads to the
standard
+ image directory, you can now set a new configuration variable,
+ <code>$_CONF['path_images']</code> to point to a directory outside of
your
+ webtree where article images and user profile pictures will be
saved.</li>
+<li>Geeklog now supports URL rewriting for story URLs, i.e. you can have
URLs
+ like <tt>http://www.geeklog.net/article.php/20031229225326631</tt>
which
+ are known to be picked up by Google.</li>
+<li>Plugins can add their own section to Geeklog's What's New block.</li>
+<li>All URL fields can now hold up to 255 characters (requires theme
updates).</li>
+</ul>
+
+<p>Please see the <a href="theme.html#changes">themes documentation</a>
for a
+complete list of theme changes.</p>
+
+<p>Also included is the <a href="staticpages.html">Static Pages plugin
1.4</a>,
+which now has, among other improvements, a second option to include PHP in
+static pages without having to use the PHP <code>return</code>
statement.</p>
+
+
+<h3>Bugfixes</h3>
+
+<ul>
+<li>Words from a search query are now properly highlighted in comments.
Also
+ fixed a problem with highlighting when the search query contained '*'
+ characters.</li>
+<li>Various fixes in the search class.</li>
+<li>Fixed a bug that let users register with an empty username.</li>
+<li>When batch-importing users, those users were all subscribed to the
+ Daily Digest automatically (uses the $_CONF['emailstoriesperdefault']
+ setting instead now).</li>
+<li>Fixed option to delete comments, which previously was only available to
+ users in the Root group (e.g. Admin). Now those users that have
story.edit
+ permissions for the actual story can delete comments.</li>
+<li>Deleting a group may have left orphaned entries in the
group_assignments
+ table (this has been fixed now). When upgrading to 1.3.9, the install
+ script will remove any orphaned entries from the database.</li>
+</ul>
+
+<p>There have also been a lot of changes to improve security, especially
+against SQL injections.</p>
+
+
+<h2><a name="changes138-1sr6">Geeklog 1.3.8-1sr6</a></h2>
+<p>This release addresses the following security issues:</p>
+
+<ol>
+<li>Fixed a cross site scripting vulnerability caused by using the variable
+ <code>$topic</code> in the language files (bug #293).</li>
+<li>Prevent comment posts on stories or polls were comment posting has been
+ disabled.</li>
+</ol>
+
+
+<h2><a name="changes138-1sr5">Geeklog 1.3.8-1sr5</a></h2>
+<p>This release addresses the following security issue:</p>
+
+<ol>
+<li>It was possible to post anonymous comments, even when anonymous comment
+ posting had been switched off in config.php.<br>
+ This bug was apparently exploited by spammers to send hundreds of spam
+ posts to certain Geeklog sites.</li>
+</ol>
+
+
+<h2><a name="changes138-1sr4">Geeklog 1.3.8-1sr4</a></h2>
+<p>This release addresses the following security issues:</p>
+
+<ol>
+<li>It was possible for users in the Group Admin and User Admin groups to
+ become a member of the Root group (reported by Samuel M. Stone,
+ bug #135).</li>
+<li>Being admin for a certain area (e.g. Story Admin for stories) made it
+ possible to delete all objects in that area (e.g. stories) even if the
user
+ was not supposed to have access to them, provided the id of the object
was
+ known.</li>
+<li>It was possible to delete other people's personal events if you knew
the
+ event ID.</li>
+<li>It was possible to browse through the comments of a story even if the
user
+ did not have access to the actual story (reported by Peter
Roozemaal).</li>
+<li>Due to an XSS issue, it was possible to change someone's account
settings
+ (including the password) if you got them to click on a specially
crafted
+ link (reported by Jelmer, fix suggested by Vincent Furia).</li>
+<li>The comment display suffered from the possibility of an SQL injection
+ (reported by Jelmer).</li>
+<li>It was possible to inject Javascript code in the calendar (reported by
+ Jelmer).</li>
+<li>It was possible to execute (but not save) Javascript code in the
comment
+ preview (reported by Jelmer).</li>
+</ol>
+
+
+<h2><a name="changes138-1sr3">Geeklog 1.3.8-1sr3</a></h2>
+<p>This release addresses the following security-related issues:</p>
+
+<ol>
+<li>As "dr.wh0" pointed out, the category field for link submissions was
not
+ filtered at all. Although you probably can't cause too much harm with
+ those 32 characters, this has now been fixed.</li>
+<li>Vincent Furia found that the restrictions for the form to email users
+ could be circumvented and could even be used to spam users.
+ In addition to fixing theses issues, there is now also a speed limit
+ on that form (defaults to the speed limit for story submissions).</li>
+<li>There was a way to post comments anonymously even when posting for
+ anonymous users had been disabled.</li>
+<li>It was possible to post comments under someone else's username.</li>
+</ol>
+
+
+<h2><a name="changes138-1sr2">Geeklog 1.3.8-1sr2</a></h2>
+
+<p>Jouko Pynnonen found a way to trick the new "forgot password" feature,
introduced in 1.3.8, into letting an attacker change the password for
<em>any</em> account. This release addresses this issue - there were no
other changes.</p>
+
+<p>Obviously, we strongly recommend to upgrade as soon as possible.</p>
+
+
+<h2><a name="changes138-1sr1">Geeklog 1.3.8-1sr1</a></h2>
+
+<p>The purpose of this release is to address some of the security issues
reported in September and early October 2003. We strongly recommend
upgrading to this version.</p>
+
+<h3>Security issues</h3>
+<ol>
+<li>By including Ulf Harnhammar's <a
href="http://sourceforge.net/projects/kses/" title="kses homepage">kses</a>
HTML filter, this release addresses a variety of possible Javascript
injection and CSS defacement issues.</li>
+<li>Details of SQL errors will not be reported in the browser any more
(but only in Geeklog's error.log file). This will avoid disclosing any
sensitive information as part of the error message (which is so far the
only problem we have found with the alleged SQL injection issues that have
been reported).
+</ol>
+
+<p>Please note that at the moment we do <strong>not</strong> recommend to
use Geeklog with MySQL 4.1 (which, at the time of this writing, is in alpha
state and should not be used on production sites anyway). An upcoming
release of Geeklog will include more thorough filtering of SQL injections
attempts, thus also fixing the problems with MySQL 4.1.</p>
+
+<h3>Other fixes</h3>
+<ul>
+<li>Fixed the auto-detection of the value for the
<code>$_CONF['cookiedomain']</code> variable if the URL included a port
number (such as <tt>example.com:8080</tt>). This will fix the login
problems some users were reporting.</li>
+<li>The full 1.3.8-1sr1 tarball also includes updated French (Canada) and
Turkish language files.</li>
+</ul>
+
+
+<h2><a name="changes138-1">Geeklog 1.3.8-1</a></h2>
+
+<p>Geeklog 1.3.8-1 is a bugfix release over Geeklog 1.3.8. It contains a
+variety of (mostly minor) bugfixes. None of those fixes are
security-related.</p>
+
+<h3>Bugfixes</h3>
+
+<ul>
+<li>Fixes to the new search to restore pre-1.3.8 behavior (display search
form
+ again if no results are returned, handling of
+ <tt>$_CONF['searchloginrequired']</tt>, etc.). Also fixed the search by
+ date.</li>
+<li>Fixed problems in the install script when trying to identify the MySQL
+ version. The install script failed silently on PHP 4.0.4 and earlier
+ versions.</li>
+<li>Fixed a problem with the What's Related block on stories that contain
+ images.</li>
+<li>Skip user "Anonymous" when sending out the Daily Digest.
+<li>Prevent admin from changing a user's email address to one that's
already
+ used by another user.</li>
+<li>Update RSS feed and Older Stories block when deleting a story.</li>
+</ul>
+
+<p>The full 1.3.8-1 tarball also includes new and updated language files
+(see the Changelog for details).</p>
+
+
+<h2><a name="changes138">Geeklog 1.3.8</a></h2>
+
+<h3>New Features</h3>
+
+<p>Geeklog 1.3.8 Includes the <strong>Static Pages 1.3 plugin</strong>
which
+replaces <em>both</em> the Static Pages 1.1 and 1.2 plugins. See the <a
+href="staticpages.html">Static Pages documentation</a> for details.</p>
+
+<ul>
+ <li>The search function has been rewritten. You can now search for the
+ exact phrase, all the words, or any of the words from a query. Search
+ words are also highlighted in stories.
+ <li>New Privacy options: Users can decide whether they want to receive
+ email from other users and/or admins and whether they want to show up
in
+ the Who's Online block.
+ <li>You can now get a list of all users who are in a certain group (from
the
+ Admin's group editor).
+ <li>When scaling is configured for images in stories, you can now keep
the
+ unscaled image (has to be enabled in config.php first). In that case,
the
+ scaled-down image in the story will serve as a thumbnail and link to
the
+ unscaled image.
+ <li>You can now make one topic the default topic. The topic selection in
the
+ story submission form will then default to that topic. However, when
+ browsing by topic (index.php?topic=Geeklog etc.) new story submissions
will
+ default to the current topic.
+ <li>You can give your users the ability to change their username and
delete
+ their account. Both features have to be enabled in config.php.
+ <li>Extended Plugin API: Plugins can now display content in Geeklog's
+ center area, add their own information to the user profile, and add
+ information to the site's header (<code><head></code> section).
+ <li>There's a new API for custom registration forms (see
+ <tt>lib-custom.php</tt> for sample code).
+ <li>There have been quite a few theme changes in order to move most
larger
+ portions of hard-coded HTML to template files and to give theme
designers
+ more control over the layout. Please consult the <a
+ href="theme.html#changes138">themes documentation</a> for a list of
changes.</li>
+</ul>
+
+<h3>Bugfixes</h3>
+
+<ul>
+ <li>The "forgot password" function has been rewritten. Instead of
resetting
+ your old password and sending you a new one, you will now receive an
+ email with a unique link in it. If you follow this link, you can enter
a
+ new password directly. Otherwise, you can simply ignore the email and
your
+ old password will remain valid.
+ <li>Topic access was not always checked properly. If Story Admins report
+ getting access denied messages after upgrading to 1.3.8, check your
topic
+ permissions carefully.
+ <li>The poll editor let you enter one answer too many (i.e. when the max.
+ number of answers was set to 10 you could actually enter 11). Please
check
+ your existing polls or you may lose the last answer if you exceeded the
+ max. number of answers in a poll (adjust $_CONF['maxanswers']
accordingly,
+ if necessary).
+ <li>Geeklog should install and run again on old versions of MySQL
+ (specifically, 3.22.xx). Please note that some of these old versions
aren't
+ even supported by MySQL AB any more and MySQL installs older than
3.23.54
+ are having secu
==============================================================================
Diff truncated at 200k characters