Location: PHPKode > projects > Enigma > Enigma2/Enigma2_Install/PortalSources/Articles.php
<?php
/*
*****************************************************************

 Articles.php
 
*****************************************************************
LSP: Lunabyte Systems Portal
Open-Source Project Inspired by Zef Hemel (hide@address.com)
*****************************************************************
Software Version:                  LSP 2.0 "Enigma 2"
Software by:                         Lunabyte Systems (http://www.lunabyte.net)
Copyright 2002-2005 by:       Lunabyte Systems (http://www.lunabyte.net)
Support, News, Updates at:    http://www.lunabyte.net
*****************************************************************
This program is free software; you may redistribute it and/or modify it 
under the terms of the provided license as published by Lunabyte Systems.

This program is distributed in the hope that it is and will be useful,                  
but WITHOUT ANY WARRANTIES; without even any implied warranty of           
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.                        

See the "LSP_license.txt" file for details of the LSP license.
The latest version can always be found at http://www.lunabyte.net.
*****************************************************************
*/

if (!defined('ENIGMA'))
	die('<b>Access Violation</b><br />Direct Access to this location is not allowed.');

function ArticlesHub($home=0)
{
	global $context, $txt, $modSettings, $scripturl;

	loadPLanguage('Articles');

	if (empty($modSettings['enablearticles']))
		fatal_error($txt['art_off']);
	
	loadPTemplate('Articles');
	loadPLanguage('Articles');

	$context['thisAction'] = !empty($_REQUEST['sa']) ? $_REQUEST['sa'] : $_REQUEST['op'];
	$context['template_layers'][] = 'Art';
  	$context['page_title'] = $txt['art02'];

	$context['linktree'][] = array(
			'url'	=> $scripturl . '?op=Articles',
			'name'	=> $txt['art03'],
	);

	$op = !empty($_REQUEST['op']) ? $_REQUEST['op'] : NULL;
	$sa = (!empty($_POST['sa'])) ? $_POST['sa'] : 
		!empty($_REQUEST['sa']) ? $_REQUEST['sa'] : 
		!empty($_GET['sa']) ? $_GET['sa'] : '';

	$subActions = array(
		'articleIndex',
		'aarticle',
		'aarticle2',
		'archive',
		'delarticle',
		'earticle',
		'earticle2',
		'articles2',
	);

	if (in_array($sa, $subActions))
		$sa();
	elseif (isset($subActions[$sa]))
		$subActions[$sa]();
	elseif ($home)  // Are Articles set for the home page and are we displaying featured Articles?
	{
		$context['page_title'] = $context['forum_name'];
		SiteArticles('home');
	}

	elseif (!isset($subActions[$sa])) // is a sub-action set?
	{
		$context['page_title'] = $context['forum_name'] . $txt['art03'];
		SiteArticles();
	}
	
	else  // show the default Article display
	{
		$context['page_title'] = $context['forum_name'] . $txt['art03'];
		SiteArticles();
	}
	
}

function SiteArticles($home = 0)
{
	global $context, $settings, $modSettings, $scripturl, $txt, $db_prefix, $ID_MEMBER, $user_info, $sc;

	// if only one section was selected....
	if (!empty($_REQUEST['section']) && is_numeric($_REQUEST['section']))
		{ $secid = $_REQUEST['section']; }

	elseif (isset($_REQUEST['section']) && !is_numeric($_REQUEST['section']))
		{ $secid = '1'; }
	// ...then setup the query accordingly
	$sec_query = (isset($secid) && $secid >= 0) ? 'AND a.ID_SECTION = ' . $secid : '';
	
	// if only one article was selected....
	if (isset($_REQUEST['article']) && $_REQUEST['article'] != '' && $_REQUEST['article'] != 'none' && is_numeric($_REQUEST['article']))
		{ $artid = $_REQUEST['article']; }
	elseif (isset($_REQUEST['article']) && !is_numeric($_REQUEST['article']))
		{ redirectexit('?op=Articles'); }
	// ...then setup the query accordingly
	$art_query = (isset($artid) && $artid >= '0') ? 'AND a.ID_ARTICLE = \'' . $artid . '\'': '';

	// if user has reviewing rights, pull articles that have been approved AND are awaiting approval
	if (allowedTo('review_articles'))
	{
		$review_arts = 1;
		$stage = '(a.stage = 0 OR a.stage = 1 OR a.stage = 4)';
		$publish = '';
	}
	else 	// otherwise, only show approved articles
	{
		$review_arts = '';
		$publish = 'AND a.publish = 1';
		$stage = '(a.stage = 1 AND a.reviewFlag = 0)';
	}

	// Make a nice page listed display for the Articles page, or if the front page uses Articles.
	if (!isset($_GET['start']) || $_GET['start'] < 0)
	{
		$_GET['start'] = 0;
	}

	// just in case they don't have a default value. 
	if (empty($modSettings['maxAPdisplay']))
	{
		$modSettings['maxAPdisplay'] = 5;
	}

	// just in case they don't have a default value. 
	if (empty($modSettings['featuredarticles']))
	{
		$modSettings['featuredarticles'] = 5;
	}

	$nstart = isset($_GET['start']) ? $_GET['start'] : '0';
	$nend = isset($modSettings['maxAPdisplay']) ? $modSettings['maxAPdisplay'] : '5';
	$fpend = isset($modSettings['featuredarticles']) ? $modSettings['featuredarticles'] : '5';

	// Displaying this on the homepage?
	if($home)
	{
		$LIMIT = 'LIMIT ' . $nstart . ', ' . $fpend;
		$frontpage = 'AND a.featureFlag = 1';
		$context['home_page'] = 1;
	}
	
	// Did we only want 1 article?
	elseif(isset($_REQUEST['article']) && empty($_REQUEST['section']))
	{
		$LIMIT = 'LIMIT 1';
		$frontpage = '';
	}

	// Ok, let's see how many item we need to get. 
	else
	{
		$LIMIT = 'LIMIT ' . $nstart . ', ' . $nend;
		$frontpage = '';
	}		
		
		
	$result = db_query("
		SELECT
			a.ID_ARTICLE, a.ID_SECTION, a.stage, a.publish, a.featureFlag, 
			a.reviewFlag, ac.ID_SECTION, ac.memberGroups
		FROM ({$db_prefix}articles AS a)
			LEFT JOIN {$db_prefix}art_sections AS ac ON (ac.ID_SECTION = a.ID_SECTION)
		WHERE
			$stage
			$art_query
			$sec_query
			$publish
			$frontpage
		ORDER BY a.ID_ARTICLE DESC", __FILE__, __LINE__);

		$num_arts = 0;
		
		while ($row = mysql_fetch_assoc($result))
		{
			if (GroupPermissions($row['memberGroups'])) { $num_arts++; }
		}

		mysql_free_result($result);

	// if we're on the home page, set the page #'s
	if($home)
	{
		$context['art_pages'] = constructPageIndex($scripturl . '?Home' . ('') . (isset($filter) ? $filter['href'] : ''), $_GET['start'], $num_arts, $fpend);
		$context['start'] = $_GET['start'];
	}

	// if we're only showing one Article Category
	elseif (isset($_REQUEST['section']))
	{
		$context['art_pages'] = constructPageIndex($scripturl . '?op=Articles;section='. $secid . ('') . (isset($filter) ? $filter['href'] : ''), $_GET['start'], $num_arts, $nend);
		$context['start'] = $_GET['start'];
	}

	// are we only getting one article? A page display wouldn't be needed, let's give them a link back to main articles
	elseif (isset($_REQUEST['article']))
	{

		$context['art_pages'] = '<a href="' . $scripturl . '?op=Articles">' . $txt['art04'] . '</a>';
	}

	// We must be on the main Articles page, if the above conditions were not met
	else
	{
		$context['art_pages'] = constructPageIndex($scripturl . '?op=Articles' . ('') . (isset($filter) ? $filter['href'] : ''), $_GET['start'], $num_arts, $nend);
		$context['start'] = $_GET['start'];
	}

	// Ok, we have the page #'s now. Let's get the articles for the current page. 

	$get_arts = db_query("
		SELECT
			a.*, ac.*, mem.realName AS author, mem2.realName AS reviewer
		FROM ({$db_prefix}articles AS a)
			LEFT JOIN {$db_prefix}art_sections AS ac ON (ac.ID_SECTION = a.ID_SECTION)
			LEFT JOIN {$db_prefix}members AS mem ON (mem.ID_MEMBER = a.ID_POSTER)
			LEFT JOIN {$db_prefix}members AS mem2 ON (mem2.ID_MEMBER=a.ID_REVIEWER)
		WHERE
			$stage
			$sec_query
			$art_query
			$publish
			$frontpage
		ORDER BY a.ID_ARTICLE DESC 
		$LIMIT", __FILE__, __LINE__);

		while ($row = mysql_fetch_assoc($get_arts))
		{
			
			if (GroupPermissions($row['memberGroups'])) 
			{
				// find out the current status if the user is a reviewer
				if ($row['publish'] == 0 && $review_arts)
					$status = $txt['art438'];
				elseif ($review_arts && $row['stage'] != '1')
					$status = statusText($row['stage']);
				else
					$status = '';

				// Build the Article array
				$articlec[] = array(
						'author'		=>		empty($row['ID_POSTER']) ? $row['byline'] : '<a href="' . $scripturl . '?action=profile;u=' . $row['ID_POSTER'] . '">' . $row['author'] . '</a>',
						'reviewer'		=>		empty($row['ID_REVIEWER']) ? '' : 'Reviewed by: <a href="' . $scripturl . '?action=profile;u=' . $row['ID_REVIEWER'] . '">' . $row['reviewer'] . '</a>',
						'heading'		=>		!empty($row['heading']) ? $row['heading'] : '',
						'subheading'	=>		!empty($row['sub_heading']) ? $row['sub_heading'] : '',
						'summary'		=>		!empty($row['summary']) ? doUBBC($row['summary']) : '',
						'story'			=>		!empty($_REQUEST['article']) ? doUBBC($row['story']) : '<a href="' . $scripturl . '?op=Articles;article=' . $row['ID_ARTICLE'] . '">' . $txt['art06'] . '</a> ',
						'time'			=> 	timeformat($row['dateEntered']),
						'updated'		=> 	!empty($row['dateModified']) ? 'Last updated: ' . timeformat($row['dateEntered']) : '',
						'image'		=>		!empty($row['banner']) ? '<img src="' . $settings['images_url'] . '/Articles/' . $row['banner'] . '" title="' . $row['title'] . '" alt="' . $row['title'] . '" border="0" style="float: left; padding-right: 2px; padding-bottom: 2px;" />' : '<img src="' . $settings['images_url'] . '/Articles/default.jpg" title="'.$row['title'].'" alt="'.$row['title'].'" border="0" style="float: left; padding-right: 2px; padding-bottom: 2px;" />',
						'href' 			=> 	$scripturl . '?op=Articles;section=' . $row['ID_SECTION'],
						'arthref' 		=> 	$scripturl . '?op=Articles;article=' . $row['ID_ARTICLE'],
						'SecName'		=>		!empty($row['title']) ? $row['title'] : '',
						'SecLink'		=>		'<a href="' . $scripturl . '?op=Articles;section=' . $row['ID_SECTION'] .'">' . $row['title'] . '</a>',
						'status' 		=> 	$status,
					); 
			}

			
		}

	mysql_free_result($get_arts);

	if (empty($articlec))  // if by chance there aren't any articles, load a message saying that
	{
		$articlec = $txt['art05'];
	}

	// if one category was selected, add it's name to the page title
	if (isset($secid) && $secid >= '0' && $articlec && $articlec[0]['SecName'] != '')
	{
		$context['page_title'] .= ' - ' . $articlec[0]['SecName'];
	}

	$context['articleConsole'] = articleConsole();
	
	$context['sitearticles'] = $articlec;
	unset ($articlec);

	// set the names for the functions in the template file
	$context['sub_template'] = 'Article_body';

}

function aarticle()
{
	global $db_prefix, $ID_MEMBER, $modSettings, $mbname, $sc;
	global $scripturl, $imagesdir, $sectionfilter, $txt, $ubbcjspath;
	global $sourcedir, $context, $settings, $sc, $modSettings, $post_errors;
	
	isAllowedTo('submit_article');

	loadLanguage('Post');
	loadPLanguage('Articles');

	$context['page_title'] .= $txt['art463'];

	//get permissions - what can they see
	$subArtsAllowed = (AllowedTo('submit_article') == true) ? 1 : 0;
	$revArtsAllowed = (AllowedTo('review_article') == true) ? 1 : 0;

	$context['revArtsAllowed'] = $revArtsAllowed;	$context['linktree'][] = array(
			'name'	=> $txt['art463']
	);

	require_once($sourcedir . '/Subs-Post.php');
	loadTemplate('Post');

	// When was it last modified?
	if (!empty($row['modifiedTime']))
		$context['last_modified'] = '';

	$txt[70] = $txt['art464'];
	$txt['art526'] = $txt['art465'];

	$modSettings['enablesitenews']	= (int) false;
	$modSettings['enablearticles']	= (int) true;

	$settings['additional_options_collapsable'] = (int) false;

	$context['is_article']		= (int) true;
	$context['make_event']		= (int) false;
	$context['make_poll']		= (int) false;
	$context['current_board'] 	= (int) false;
	$context['event']		= (int) false;
	$context['current_attachments'] = (int) false;
	$context['can_post_attachment'] = (int) false;
	$context['num_allowed_attachments'] = (int) false;
	$context['num_replies']		= 0;
	$context['use_smileys']		= true;

	$context['publishChecked']	= (int) false;
	$context['featureChecked']	= (int) false;
	$context['can_announce']	= (int) false;
	$context['can_move']		= (int) false;
	$context['can_sticky']		= (int) false;
	$context['back_to_topic']	= (int) false;
	$context['can_lock']		= (int) false;
	$context['can_notify']		= (int) false;
	$context['locked']		= (int) false;
	$context['show_spellchecking']	= (int) false;
	$context['art_sections']	= array();
	$context['sub_heading']		= '';
	$context['subject']		= '';

	$context['is_article']		= (int) true;
	$context['post_box_name']	= $txt['art480'];
	$context['message']		= '';

	// Set the destinaton.
	$context['destination']		= ';op=Articles;sa=aarticle2';
	$context['submit_label']	= $txt[10];

	$context['icon']		= 'xx';
	$context['icons'] = array(
		array('value' => 'xx', 'name' => $txt[281])
	);

	$found = false;
	for ($i = 0, $n = count($context['icons']); $i < $n; $i++)
	{
		$context['icons'][$i]['selected'] = $context['icon'] == $context['icons'][$i]['value'];
		if ($context['icons'][$i]['selected'])
			$found = true;
	}
	if (!$found)
		array_unshift($context['icons'], array('value' => $context['icon'], 'name' => $txt['current_icon'], 'selected' => true));

	// Allow for things to be overridden.
	if (!isset($context['post_box_columns']))
		$context['post_box_columns'] = 60;
	if (!isset($context['post_box_rows']))
		$context['post_box_rows'] = 12;
	if (!isset($context['post_form']))
		$context['post_form'] = 'postmodify';

	$context['post_box_name'] = 'story';
	$context['sum_box_rows'] = $context['post_box_rows']/2;
	$context['sum_box_columns'] = $context['post_box_columns'];

	// Set a flag so the sub template knows what to do...
	$context['show_bbc'] = !empty($modSettings['enableBBC']) && !empty($settings['show_bbc']);

	// Generate a list of buttons that shouldn't be shown - this should be the fastest way to do this.
	if (!empty($modSettings['disabledBBC']))
	{
		$disabled_tags = explode(',', $modSettings['disabledBBC']);
		foreach ($disabled_tags as $tag)
			$context['disabled_tags'][trim($tag)] = true;
	}

	$request = db_query("
			SELECT *
			FROM {$db_prefix}art_sections
			ORDER BY position ASC", __FILE__, __LINE__);

	$i=0;	while ($result = mysql_fetch_assoc($request))
	{
		//only let them select from sections they are permitted to view
		if (groupPermissions($result['memberGroups']) == 'true')
			$context['art_sections'][$i++] = array(
					'ID_SECTION'	=> $result['ID_SECTION'],
					'title'		=> $result['title'],
			);
	}

	// Register this form in the session variables.
	checkSubmitOnce('register');
	obExit();
}

function aarticle2()
{
	global $db_prefix, $user_info, $scripturl, $sourcedir, $ID_MEMBER, $txt, $context;
	
	isAllowedTo('submit_article');

	// No errors as yet.
	$post_errors = array();

	// If the session has timed out, let the user re-submit their form.
	if (checkSession('post', '', false) != '')
		$post_errors[] = 'session_timeout';

	require_once($sourcedir . '/Subs-Post.php');
	loadLanguage('Post');

	if (isset($_REQUEST['preview']))
	{
		$context['form_data'] = array(
				'featureFlag'	=> $_REQUEST['featureFlag'],
				'publish'	=> $_REQUEST['publish'],
		);

		doFormJobie();
		aarticle();
		obExit();
	}

	$secid		= (int) $_REQUEST['article'];
	$featureFlag	= empty($_REQUEST['featureFlag']) ? 0 : 1;
	$publish	= empty($_REQUEST['publish']) ? 1 : 0;
	$posterIsGuest	= $user_info['is_guest'];

	$_REQUEST['heading'] = (string) $_REQUEST['subject'];

	//validate the entries
	if (!isset($_REQUEST['heading']) || htmltrim__recursive($_REQUEST['heading']) == '')
		$post_errors[] = 'no_heading';
	if (!isset($_REQUEST['sub_heading']) || htmltrim__recursive($_REQUEST['sub_heading']) == '')
		$post_errors[] = 'no_sub_heading';
	if (!isset($_REQUEST['summary']) || htmltrim__recursive($_REQUEST['summary']) == '')
		$post_errors[] = 'no_summary';
	if (!isset($_REQUEST['story']) || htmltrim__recursive($_REQUEST['story']) == '')
		$post_errors[] = 'no_story';

	if ($_REQUEST['section'] == '')
	  fatal_error($txt['art527']);

	//get permissions - what can they see	
	$subArtsAllowed = (AllowedTo('submit_article') == true) ? 1 : 0;
	$revArtsAllowed = (AllowedTo('review_article') == true) ? 1 : 0;

	//set the reviewFlag
	
	if ($revArtsAllowed == 1) { $reviewFlag = 0; $stage = 1; }
	elseif ($subArtsAllowed == 1 && $revArtsAllowed == 0) { $reviewFlag = 1; $stage = 4;}
	//get the time
	$time = time();

	// If poster is a Guest then evaluate the legality of name and email
	if ($posterIsGuest)
	{
		$_REQUEST['guestname']	= empty($_REQUEST['guestname']) ? '' : trim($_REQUEST['guestname']);
		$_REQUEST['email']	= empty($_REQUEST['email']) ? '' : trim($_REQUEST['email']);
		$_REQUEST['name']	= !empty($_REQUEST['guestname']) ? $_REQUEST['guestname'] : '';
		$_REQUEST['email']	= $_REQUEST['email'];

		if ($_REQUEST['name'] == '' || $_REQUEST['name'] == '_')
			$post_errors[] = 'no_name';
		if (strlen($_REQUEST['name']) > 25)
			$post_errors[] = 'long_name';
		if (!isset($_REQUEST['email']) || $_REQUEST['email'] == '')
			$post_errors[] = 'no_email';
		if (preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]+@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', stripslashes($_REQUEST['email'])) == 0)
			$post_errors[] = 'bad_email';

		$request = db_query("
			SELECT ID_MEMBER
			FROM {$db_prefix}members
			WHERE (memberName='$_REQUEST[name]' || realName='$_REQUEST[name]')", __FILE__, __LINE__);

		if (mysql_num_rows($request) != 0)
			fatal_error($txt[473]);

		// now make sure they arn't trying to use a reserved name
		$request = db_query("
			SELECT *
			FROM {$db_prefix}reserved_names
			ORDER BY setting", __FILE__, __LINE__);

		$matchword = $matchcase = $matchuser = $matchname = '';

		for ($i = 0; $i < 4; $i++)
		{
			$tmp = mysql_fetch_row($request);
			${$tmp[0]}=$tmp[1];
		}		$namecheck = $matchcase ? $_REQUEST['name'] : strtolower ($_REQUEST['name']);

		while ($tmp = mysql_fetch_row($request))
		{
			if ($tmp[0] == 'word')
			{
				$reserved = $tmp[1];
				$reservecheck = $matchcase ? $reserved : strtolower ($reserved);
				if ($matchname)
				{
					if ($matchword)
					{
						if ($namecheck == $reservecheck)
							fatal_error("$txt[244] $reserved");
					}
					else
					{
						if (strstr($namecheck, $reservecheck))
							fatal_error("$txt[244] $reserved");
					}
				}
			}
		}
	}

	if (!$posterIsGuest)		# If not guest, get name and email.
	{
		$_REQUEST['name']	= $user_info['username'];
		$_REQUEST['email']	= $user_info['email'];
	}

	// Any mistakes?
	if (!empty($post_errors))
	{
		loadLanguage('Errors');
		// Previewing.
		$_REQUEST['preview'] = true;

		$context['post_error'] = array('messages' => array());
		foreach ($post_errors as $post_error)
		{
			$context['post_error'][$post_error] = true;
			$context['post_error']['messages'][] = $txt['error_' . $post_error];
		}

		return aarticle();
	}

	// Add special html entities to the subject, message, name, and email.
	$_REQUEST['story']	= htmlspecialchars($_REQUEST['story'], ENT_QUOTES);
	$_REQUEST['heading']	= htmlspecialchars($_REQUEST['heading']);
	$_REQUEST['sub_heading']= htmlspecialchars($_REQUEST['sub_heading']);
	$_REQUEST['summary']	= htmlspecialchars($_REQUEST['summary']);
	$_REQUEST['name']	= htmlspecialchars($_REQUEST['name']);
	$_REQUEST['email']	= htmlspecialchars($_REQUEST['email']);

	// Preparse code. (Zef)
	if ($user_info['is_guest'])
		$user_info['name'] = $_REQUEST['name'];

	preparsecode($_REQUEST['summary']);
	preparsecode($_REQUEST['story']);

	// Cheat and fix entities in the subject line.
	$_REQUEST['heading'] = preg_replace('~&amp;#(\d{4,5}|[3-9]\d{2,4}|2[6-9]\d);~', '&#$1;', $_REQUEST['heading']);
	$_REQUEST['sub_heading'] = preg_replace('~&amp;#(\d{4,5}|[3-9]\d{2,4}|2[6-9]\d);~', '&#$1;', $_REQUEST['sub_heading']);

	// At this point, we want to make sure the subject isn't too long.  Stripslashes first to avoid a trailing slash.
	if (isset($_REQUEST['heading']) && strlen(stripslashes($_REQUEST['heading'])) > 100)
		$_REQUEST['heading'] = addslashes(substr(stripslashes($_REQUEST['heading']), 0, 100));
	if (isset($_REQUEST['subject']) && strlen(stripslashes($_REQUEST['subject'])) > 100)
		$_REQUEST['sub_heading'] = addslashes(substr(stripslashes($_REQUEST['sub_heading']), 0, 100));

	// Hack to make it so &#324324... can't happen.
	$_REQUEST['heading'] = preg_replace('~&#\d+$~', '', $_REQUEST['heading']);
	$_REQUEST['sub_heading'] = preg_replace('~&#\d+$~', '', $_REQUEST['sub_heading']);

	//submit it all into the database
	
	$add_article = db_query("
				INSERT INTO {$db_prefix}articles (ID_SECTION, stage, heading, sub_heading, summary, story, ID_POSTER, byline, posterEmail, dateEntered, publish, featureFlag, reviewFlag)
	  		VALUES ('$_REQUEST[section]', '$stage', '$_REQUEST[heading]', '$_REQUEST[sub_heading]',
				'$_REQUEST[summary]', '$_REQUEST[story]', '$ID_MEMBER', '$_REQUEST[name]', '$_REQUEST[email]',
				'$time', '$publish', '$featureFlag', '$reviewFlag')", __FILE__, __LINE__);

		redirectexit('op=Articles;sa=articleIndex', true);
}

function earticle()
{
	global $db_prefix, $ID_MEMBER, $modSettings, $mbname, $pptxt, $yytitle, $sc;
	global $scripturl, $scripturl, $imagesdir, $color, $sectionfilter, $txt, $ubbcjspath;
	global $sourcedir, $context, $settings, $sc, $modSettings, $post_errors;
	
	isAllowedTo('submit_article');

	loadLanguage('Post');
	loadPLanguage('Articles');

	$secid = $_REQUEST['article'];
	$context['page_title'] .= $txt['art_edit'];

	//get permissions - what can they see
	$subArtsAllowed = (AllowedTo('submit_article') == true) ? 1 : 0;
	$revArtsAllowed = (AllowedTo('review_article') == true) ? 1 : 0;
	
	$context['revArtsAllowed'] = $revArtsAllowed;	$context['linktree'][] = array(
			'name'	=> $txt['art_edit'],
	);

	require_once($sourcedir . '/Subs-Post.php');
	loadTemplate('Post');

	// When was it last modified?
	if (!empty($row['modifiedTime']))
		$context['last_modified'] = timeformat('');

	$txt[70] = $txt['art464'];	 // Subject change!
	$txt['art526'] = $txt['art465']; // Sub-Heading

	$modSettings['enablesitenews']	= (int) false;
	//$modSettings['enablearticles']	= (int) true;

	$settings['additional_options_collapsable'] = (int) false;

	$context['is_article']		= (int) true;
	$context['make_event']		= (int) false;
	$context['make_poll']		= (int) false;
	$context['current_board'] 	= (int) false;
	$context['event']		= (int) false;
	$context['current_attachments'] = (int) false;
	$context['can_post_attachment'] = (int) false;
	$context['num_allowed_attachments'] = (int) false;
	$context['num_replies']		= 0;
	$context['use_smileys']		= true;

	$context['is_article']		= (int) true;
	$context['post_box_name']	= $txt['art480'];
	$context['message']		= '';
	
	//pull the article from the database
	$get_article = db_query("
		SELECT 
			a.*, IFNULL(a.dateModified, a.dateEntered) AS time, s.*
		FROM ({$db_prefix}articles AS a)
			LEFT JOIN {$db_prefix}art_sections AS s ON (s.ID_SECTION = a.ID_SECTION)
		WHERE a.ID_ARTICLE = '$secid' 
		LIMIT 1", __FILE__, __LINE__);

	if (mysql_num_rows($get_article) == 0)
		redirectexit('op=Articles');

	$context['form_data'] = mysql_fetch_assoc($get_article);
	
	if ($row['ID_MEMBER'] == $ID_MEMBER && !allowedTo('modify_any'))
	{
		if ($context['form_data']['ID_MEMBER_POSTER'] == $ID_MEMBER && !allowedTo('modify_own'))
			isAllowedTo('modify_replies');
		else
			isAllowedTo('modify_own');
	}
	elseif ($context['form_data']['ID_MEMBER_POSTER'] == $ID_MEMBER && !allowedTo('modify_any'))
		isAllowedTo('modify_replies');
	else
		isAllowedTo('modify_any');

	// Get the stuff ready for the form.
	doFormJobie();

	// Set the destinaton.
	$context['destination']		= ';op=Articles;sa=earticle2;article=' . $secid;
	$context['submit_label']	= $txt[10];

	$context['icon']	= 'xx';
	$context['icons']	= array(
		array('value' => 'xx', 'name' => 'Disabled')
	);

	$found = false;
	for ($i = 0, $n = count($context['icons']); $i < $n; $i++)
	{
		$context['icons'][$i]['selected'] = $context['icon'] == $context['icons'][$i]['value'];
		if ($context['icons'][$i]['selected'])
			$found = true;
	}

	if (!$found)
		array_unshift($context['icons'], array('value' => $context['icon'], 'name' => $txt['current_icon'], 'selected' => true));

	// Allow for things to be overridden.
	if (!isset($context['post_box_columns']))
		$context['post_box_columns'] = 60;
	if (!isset($context['post_box_rows']))
		$context['post_box_rows'] = 12;
	if (!isset($context['post_form']))
		$context['post_form'] = 'postmodify';

	$context['post_box_name'] = 'story';
	$context['sum_box_rows'] = $context['post_box_rows']/2;
	$context['sum_box_columns'] = $context['post_box_columns'];

	// Set a flag so the sub template knows what to do...
	$context['show_bbc'] = !empty($modSettings['enableBBC']) && !empty($settings['show_bbc']);

	// Generate a list of buttons that shouldn't be shown - this should be the fastest way to do this.
	if (!empty($modSettings['disabledBBC']))
	{
		$disabled_tags = explode(',', $modSettings['disabledBBC']);
		foreach ($disabled_tags as $tag)
			$context['disabled_tags'][trim($tag)] = true;
	}

	$request = db_query("
			SELECT *
			FROM {$db_prefix}art_sections
			ORDER BY position ASC", __FILE__, __LINE__);

	$i=0;
	while ($result = mysql_fetch_assoc($request))
	{
		//only let them select from sections they are permitted to view
		if (groupPermissions($result['memberGroups']) == true)
			$context['art_sections'][$i++] = array(
				'ID_SECTION'	=> $result['ID_SECTION'],
				'title'		=> $result['title'],
			);
	}

	// Register this form in the session variables.
	checkSubmitOnce('register');
	obExit();
}

function earticle2()
{
	global $db_prefix, $ID_MEMBER, $txt, $scripturl, $sourcedir, $sc;
	
	$secid	= (int) $_REQUEST['article'];
	
	$_REQUEST['heading'] = $_REQUEST['subject'];

	$featureFlag	= empty($_REQUEST['featureFlag']) ? 0 : 1;

	$publish	= empty($_REQUEST['publish']) ? 1 : 0;
	
	// If the session has timed out, let the user re-submit their form.
	if (checkSession('post', '', false) != '')
		$post_errors[] = 'session_timeout';

	require_once($sourcedir . '/Subs-Post.php');


	//validate the entries
	if (trim($_REQUEST['subject']) == '')
		fatal_error($txt['art524']);
	if (trim($_REQUEST['sub_heading']) == ' ')
		fatal_error($txt['art524']);
	if (trim($_REQUEST['story']) == '')
		fatal_error($txt['art525']);
	if (trim($_REQUEST['summary']) == '')
		fatal_error($txt['art526']);
	if ($_REQUEST['section'] == '')
		fatal_error($pptxt[52]);

	//get permissions - what can they see	
	$subArtsAllowed = (allowedTo('submit_article') == true) ? 1 : 0;
	$revArtsAllowed = (allowedTo('review_article') == true) ? 1 : 0; //we need to update the workflow stage	//if it was edited by a reviewer, the stage changes to approved

	if ($revArtsAllowed == 1)
	{
		$stage = 1;
		$ID_REVIEWER = $ID_MEMBER;
	}
	//if it was edited by the submitter, the stage changes to re-submitted
	else if ($subArtsAllowed == 1)
	{
		$stage = 4;
		$ID_REVIEWER = 0;
	}
	//if it was edited by someone else, error out - there's a problem somewhere
	else fatal_error($txt['art484']);

	$time = time();

	//do some things for UBBC Markup
	$heading	= htmlspecialchars($_REQUEST['heading']);
	$sub_heading	= htmlspecialchars($_REQUEST['sub_heading']);
	$summary	= htmlspecialchars($_REQUEST['summary']);
	$story		= htmlspecialchars($_REQUEST['story'], ENT_QUOTES);
	$section	= (int) $_REQUEST['section'];
	
	//now run the update query
	db_query("UPDATE {$db_prefix}articles
		SET heading='$heading', sub_heading='$sub_heading',
			summary='$summary', story='$story', featureFlag='$featureFlag',
			publish='$publish', ID_SECTION='$section', stage='$stage',
			dateModified='$time', ID_REVIEWER='$ID_REVIEWER'
		WHERE 
			ID_ARTICLE = '$secid'", __FILE__, __LINE__);

	redirectexit('op=Articles;article=' .$secid, true);
}

// do redundent stuff for the forms...
function doFormJobie()
{
	global $context;
	
	$context['featureChecked'] = ($context['form_data']['featureFlag'] == 1) ? ' checked' : '';
	$context['publishChecked'] = ($context['form_data']['publish'] == 0) ? ' checked' : '';

	// Get the stuff ready for the form.
	$form_subject 		= $context['form_data']['heading'];
	$form_sub_heading	= $context['form_data']['sub_heading'];
	$form_summary		= preg_replace('|<br(?: /)?>|', "\n", $context['form_data']['summary']);
	$form_message		= preg_replace('|<br(?: /)?>|', "\n", $context['form_data']['story']);

	censorText($form_subject);
	censorText($form_sub_heading);
	censorText($form_summary);
	censorText($form_message);
		
	$context['subject']	= addcslashes($form_subject, '"');
	$context['sub_heading'] = addcslashes($form_sub_heading, '"');
	$context['summary']	= str_replace(array('"', '<', '>', '  '), array('&quot;', '&lt;', '&gt;', ' &nbsp;'), $form_summary);
	$context['message'] 	= str_replace(array('"', '<', '>', '  '), array('&quot;', '&lt;', '&gt;', ' &nbsp;'), $form_message);
}

function delarticle()
{
	global $db_prefix;

	if(!empty($_REQUEST['article']) && is_numeric($_REQUEST['article']))
	{
		$secid = $_REQUEST['article'];

		//run the delete query
		db_query("
			DELETE FROM {$db_prefix}articles
			WHERE ID_ARTICLE = '$secid'
			LIMIT 1", __FILE__, __LINE__);
	}

	redirectexit('op=Articles;sa=articleIndex', true);
}


function articleIndex()
{
	global $context, $db_prefix, $ID_MEMBER, $txt, $scripturl, $settings, $user_info, $sc;

	$context['page_title'] .= ' - Article Section Management';

	$context['linktree'][] = array(
			'url'	=> $scripturl . '?op=Articles;sa=aarticle',
			'name'	=> 'Submit Article',
	);

	loadPLanguage('Articles');
	
	//get permissions - what can they see
	//set up some conditionals for the mySQL query
	is_not_guest($txt['art12']);
	$revArtsAllowed = allowedTo('review_article');
	$subArtsAllowed = allowedTo('submit_article');
	
	if ($revArtsAllowed) {
		$user_query = '';
	}
	elseif ($subArtsAllowed) {
		$user_query = 'AND a.ID_POSTER = ' . $ID_MEMBER;
	}		
	else
	{  //these guys don't have rights - zero out the values
		loadPLanguage('PortalErrors');
		fatal_lang_error($txt['submit_news_error']);
	}

	// set the category filter, if a category was already selected
	if (!empty($_POST['catfilter']) && $_POST['catfilter'] != 'none')
		$catfilter = $_POST['catfilter'];
	elseif (!empty($_POST['catfilter']) && $_POST['catfilter'] == 'none')  // set category to 0 if the "none" cat was selected
		$catfilter = '0'; // *** the quotation marks are important on this one
	else
		$catfilter = '';


	// setup the category query based on the current selection
	$cat_query = ($catfilter >= '0') ? 'AND a.ID_SECTION = ' . $catfilter : '';
	// set the stage filter
	$stagef = (isset($_POST['stagef'])) ? $_POST['stagef'] : '';
	// set the stage query based on selection
	$stage_query = ($stagef == 9 || $stagef == '') ? '' : 'AND a.stage = ' . $stagef;

		
	// build the array for all the possible stages
	$context['artstage'] = array(
		'alid'	=> array(
			'option'	=> !empty($txt['art471']) ? $txt['art471'] : '',
			'stage'		=> '9',
			'selected'	=> ($stagef == 9 || $stagef == '') ? 'selected="selected" ' : ''),
		'peid'	=> array(
			'option'	=> !empty($txt['art400']) ? $txt['art400'] : '',
			'stage'		=> '0',
			'selected'	=> ($stagef == 0 && $stagef != '') ? 'selected="selected" ' : ''),
		'apid'	=> array(
			'option'	=> !empty($txt['art401']) ? $txt['art401'] : '',
			'stage'		=> '1',
			'selected'	=> ($stagef == 1) ? 'selected="selected" ' : ''),
		'rjid'	=> array(
			'option'	=> !empty($txt['art402']) ? $txt['art402'] : '',
			'stage'		=> '2',
			'selected'	=> ($stagef == 2) ? 'selected="selected" ' : ''),
		'caid'	=> array(
			'option'	=> !empty($txt['art403']) ? $txt['art403'] : '',
			'stage'		=> '3',
			'selected'	=> ($stagef == 3) ? 'selected="selected" ' : ''),
		'rsid'	=> array(
			'option'	=> !empty($txt['art404']) ? $txt['art404'] : '',
			'stage'		=> '4',
			'selected'	=> ($stagef == 4) ? 'selected="selected" ' : ''),
	);
	
     //setup the category filter
	// setup All category
	$context['filtercat'][] = array(
		'name'		=> !empty($txt['art13']) ? $txt['art13'] : '',
		'value'		=> '',
		'selected'	=> (($catfilter == '') ? 'selected="selected"' : ''),
	);
	// setup None category
	$context['filtercat'][] = array(
		'name'		=> !empty($txt['art14']) ? $txt['art14'] : '',
		'value'		=> 'none',
		'selected'	=> (($catfilter == '0') ? 'selected="selected"' : ''),
	);

	// get the rest of the categories
	$request = db_query("
			SELECT *
			FROM {$db_prefix}art_sections
			ORDER BY title ASC", __FILE__, __LINE__);
	// setup the rest of the filter array
	while ($cats = mysql_fetch_assoc($request))
	{
		if (groupPermissions($cats['memberGroups']) !== true)
		{
			continue;
		}
				
		$context['filtercat'][] = array(
			'name'		=> $cats['title'],
			'value'		=> $cats['ID_SECTION'],
			'selected'	=> (($catfilter == $cats['ID_SECTION']) ? 'selected="selected"' : ''),
		);
	}
	
	if (mysql_num_rows($request) <=0)
	{
		$context['error_title'] = 'Enigma Articles:';
		$context['error_message'] = 'There are no article sections set at this time';

		fatal_error('', false);
	}

	mysql_free_result ($request);

	//get all the relevant articles
	$result2 = db_query("
		SELECT 
			a.*, IFNULL(a.dateModified, a.dateEntered) AS mostrecent, s.*, 
			mem.realName AS submitter, mem2.realName AS reviewer
		 FROM ({$db_prefix}articles AS a, {$db_prefix}art_sections AS s)
	  		LEFT JOIN {$db_prefix}members AS mem ON (mem.ID_MEMBER=a.ID_POSTER)
		   	LEFT JOIN {$db_prefix}members AS mem2 ON (mem2.ID_MEMBER=a.ID_REVIEWER)
		WHERE a.ID_SECTION = s.ID_SECTION
			$stage_query
			$cat_query
			$user_query
				 ORDER BY mostrecent DESC", __FILE__, __LINE__);

	if (mysql_num_rows($result2) <=0)
	{
		$context['error_title'] = 'Enigma Articles:';
		$context['error_message'] = 'There are no articles set at this time';

		fatal_error('', false);
	}

	$i=0;
	while ($row = mysql_fetch_assoc($result2))
	{
		if (groupPermissions($row['memberGroups']) === true)
		{
			$context['Arts'][++$i]['title'] = $row['title'];
			$context['Arts'][$i]['ID_ARTICLE'] = $row['ID_ARTICLE'];
			$context['Arts'][$i]['heading'] = $row['heading'];

			//set up links for the posters
			if ($row['ID_POSTER'] <= 0)
			{
				$context['Arts'][$i]['subuser']['Email'] = $row['posterEmail'];
				$context['Arts'][$i]['subuser']['byline'] = $row['byline'];
			}
			else
			{
				$context['Arts'][$i]['subuser']['user'] = $row['submitter'];
				$context['Arts'][$i]['subuser']['url_'] = urlencode($row['ID_POSTER']);
			}

			//has this been reviewed?  Who reviewed it.
			$context['Arts'][$i]['reviewer_id']	= empty($row['ID_REVIEWER']) ? '' : $row['ID_REVIEWER'];
			$context['Arts'][$i]['reviewer']	= empty($row['ID_REVIEWER']) ? '' : $row['reviewer'];
			$context['Arts'][$i]['reviewer_lk']	= empty($row['ID_REVIEWER']) ? '' : urlencode($row['ID_REVIEWER']);			//get the text for the status
			$context['Arts'][$i]['status'] = statusText($row['stage']);

			if ($row['publish'] == 0 && ($row['reviewFlag'] == 0 || ($row['stage'] == 1 && $row['reviewFlag'] == 1 )))
			{
				$context['Arts'][$i]['status'] = $txt['art444'];
			}			if ($row['publish'] == 1 && $row['reviewFlag'] == 0)
			{
				$context['Arts'][$i]['status'] = $txt['art401'];
			}

			// Decode those dates.
			$context['Arts'][$i]['mdate'] = ''; //$row['posterTime'];
			$context['Arts'][$i]['subdate'] = timeformat($row['dateEntered']);

			if (!$row['dateModified']) { $context['Arts'][$i]['moddate'] = ''; }
			else { $context['Arts'][$i]['moddate'] = timeformat($row['dateModified']); }
		}
	}
	$context['sub_template'] = 'articleIndex';
}


function articleConsole()
{
	global $ID_MEMBER, $db_prefix, $txt, $user_info, $sc, $scripturl;

	$secid = !empty($_REQUEST['article']) ? $_REQUEST['article'] : '';

	$foobar = '
     <script language="JavaScript1.2" type="text/javascript"><!--
          function DoConfirm(message, url)
          {
               if (confirm(message))
                    location.href = url;
          }
     //--></script>';

	//get the permissions settings
	$subArtsAllowed = (AllowedTo('submit_article') == true) ? 1 : 0;
	$revArtsAllowed = (AllowedTo('review_article') == true) ? 1 : 0;

	//get the article
	$subs_query = db_query("SELECT a.*, IFNULL(m.realName, m.memberName) AS poster, IFNULL(mem.realName, mem.memberName) as reviewer
                         FROM ({$db_prefix}articles AS a)
                              LEFT JOIN {$db_prefix}members AS m ON (m.ID_MEMBER = a.ID_POSTER)
                              LEFT JOIN {$db_prefix}members AS mem ON (mem.ID_MEMBER = a.ID_REVIEWER)
                         WHERE ID_ARTICLE = '$secid'", __FILE__, __LINE__);
	$submissions = mysql_fetch_assoc($subs_query);

	if (!$submissions) {
		return '';
	}

	//We need to do some operation on that result set upfront
	if ($submissions['featureFlag'] == 1) { $artsf_ynchecked = "checked"; }
	if ($submissions['publish'] == 0) { $artsp_ynchecked = "checked"; }

	$statustext = statusText($submissions['stage']);
	$subdate = timeformat($submissions['dateEntered']);

	if (!$submissions['dateModified']) { $moddate = $subdate; }
	else { $moddate = timeformat($submissions['dateModified']); }
	if ($submissions['reviewer'] == '') { $submissions['reviewer'] = $txt['art406']; }
	if ($submissions['comment'] == '') { $submissions['comment'] = $txt['art407']; }

	//populate some values if they exist for the radio selections
	$achecked = $rchecked = $artsf_ynchecked = $artsp_ynchecked = '';
	if ($submissions['stage'] == 1) { $achecked = "checked"; }
	if ($submissions['stage'] == 2) { $rchecked = "checked"; }
	$artsf_ynchecked = $artsp_ynchecked = '';

	//set up the section filter
	$g_sections = db_query("SELECT * FROM {$db_prefix}art_sections", __FILE__, __LINE__);
	$sel_section = $txt['art486'] . ' <select name="section"><option value="0">' . $txt['art109'] . '</option>';
	while ($rg_sections = mysql_fetch_assoc($g_sections))
	{
		$selected = '';
		if ($submissions['ID_SECTION'] == $rg_sections['ID_SECTION'])
		{
			$selected = 'selected';
		}
		$sel_section .= '<option ' . $selected . ' value="' . $rg_sections['ID_SECTION'] . '">' . $rg_sections['title'] . '</option>';
	}
	$sel_section .= '</select>';


	//the person viewing the file has reviewer rights
	if (($revArtsAllowed == 1) && (!$user_info['is_guest']))
	{
		//the article was sent by a submitter, and the stage is pending, rejected, or re-submitted
		if ((($submissions['stage'] == 0) || ($submissions['stage'] == 4)) && ($submissions['reviewFlag'] == 1))
		{
			$subconsole = '
                    <td valign="top" align="left" class="windowbg" width="50%">' . $txt['art416'] . $statustext . '<br />' . $txt['art417'] . $submissions['reviewer'] . '<br />' . $txt['art418'] . $moddate . '</td>
                    <td valign="top" align="left" class="windowbg"><form action="index.php?op=Articles;sa=articles2" method="post"><input type="hidden" value="' . $qstr . '" name="qstr" />
                         <input type="hidden" value="' . $submissions['ID_ARTICLE'] . '" name="ID_ARTICLE" />
                         ' . $txt['art412'] . '<br /><textarea cols="50" rows="3" name="comment">' . $submissions['comment'] . '</textarea><br />' . $sel_section . '<br />
                         ' . $txt['art481'] . '<input type="checkbox" name="article_feature" value="1" ' . $artsf_ynchecked . '><br />
                         ' . $txt['art438'] . '<input type="checkbox" name="article_publish" value="1" ' . $artsp_ynchecked . '><br />
                         ' . $txt['art408'] . '<input type="radio" name="asource" value="4" ' . $achecked . '> ' . $txt['art436'] . '
                         <input type="radio" name="asource" value="5" ' . $rchecked . '> ' . $txt['art437'] . '<br /><br />
                         <input type="submit" name="submit" value="' . $txt['art410'] . '" />
                         <input type="reset" value="' . $txt['art278'] . '" />
                         </form>
                    </td>
               </tr>
               <tr>
                    <td colspan="2" valign="top" align="left" class="windowbg">' . $txt['art487'] . '<div align="center"><a href="' . $scripturl . '?op=Articles;sa=earticle;article=' . $submissions['ID_ARTICLE']. '">
                         ' . $txt['art_edit'] . '</a> | <a href="javascript:DoConfirm(\'' . $txt['art531'] . '\',\'' . $scripturl . '?op=Articles;sa=delarticle;article=' . $submissions['ID_ARTICLE'] . '\')">' . $txt['art_delete'] . '</a></div>
                    </td>';
		}
		//The article was sent by a reviewer, but the publishing was delayed
		else if (($submissions['reviewFlag'] == 0) && ($submissions['publish'] == 0))
		{
			$subconsole = '
                    <td colspan="2" valign="top" align="left" class="windowbg"><form action="index.php?op=Articles;sa=articles2" method="post">
                         ' . $txt['art488'] . '<input type="hidden" name="asource" value="6"><input type="hidden" value="' . $submissions['ID_ARTICLE'] . '" name="ID_ARTICLE" />
                         <input type="submit" name="submit" value="' . $txt['art446'] . '"></form><div align="center"><a href="' . $scripturl . '?op=Articles;sa=earticle;article=' . $submissions['ID_ARTICLE']. '">
                         ' . $txt['art_edit'] . '</a> | <a href="javascript:DoConfirm(\'' . $txt['art531'] . '\',\'' . $scripturl . '?op=Articles;sa=delarticle;article=' . $submissions['ID_ARTICLE'] . '\')">' . $txt['art_delete'] . '</a></div>
                    </td>';
		}
		//The article is published, just show the edit/delete links
		else if (($submissions['reviewFlag'] == 0) && ($submissions['publish'] == 1))
		{
			$subconsole = '
                    <td colspan="2" valign="top" align="left" class="windowbg">' . $txt['art490'] . '<div align="center"><a href="' . $scripturl . '?op=Articles;sa=earticle;article=' . $submissions['ID_ARTICLE']. '">
                         ' . $txt['art_edit'] . '</a> | <a href="javascript:DoConfirm(\'' . $txt['art531'] . '\',\'' . $scripturl . '?op=Articles;sa=delarticle;article=' . $submissions['ID_ARTICLE'] . '\')">' . $txt['art_delete'] . '</a></div>
                    </td>';
		}
		//The article was sent by a submitter, it was approved, but the publishing was delayed
		else if (($submissions['reviewFlag'] == 1) && ($submissions['publish'] == 0))
		{
			$subconsole = '
                    <td valign="top" align="left" class="windowbg" width="50%">' . $txt['art416'] . $statustext . '<br />' . $txt['art417'] . $submissions['reviewer'] . '<br />' . $txt['art418'] . $moddate . '</td>
                    <td valign="top" align="left" class="windowbg"><form action="index.php?op=Articles;sa=articles2" method="post"><input type="hidden" value="' . $qstr . '" name="qstr" /><input type="hidden" value="' . $submissions['ID_ARTICLE'] . '" name="ID_ARTICLE" />
                         ' . $txt['art412'] . '<br /><textarea cols="50" rows="3" name="comment">' . $submissions['comment'] . '</textarea><br />' . $sel_section . '<br />
                         ' . $txt['art481'] . '<input type="checkbox" name="article_feature" value="1" ' . $artsf_ynchecked . '><br />
                         ' . $txt['art438'] . '<input type="checkbox" name="article_publish" value="1" ' . $artsp_ynchecked . '><br />
                         ' . $txt['art408'] . '<input type="radio" name="asource" value="4" ' . $achecked . '> ' . $txt['art436'] . '
                         <input type="radio" name="asource" value="5" ' . $rchecked . '> ' . $txt['art437'] . '<br /><br />
                         <input type="submit" name="submit" value="' . $txt['art410'] . '" />
                         <input type="reset" value="' . $txt['art278'] . '" />
                         </form>
                     </td>
               </tr>
               <tr>
                    <td colspan="2" valign="top" align="left" class="windowbg"><form action="index.php?op=Articles;sa=articles2" method="post">
                         ' . $txt['art488'] . '<input type="hidden" name="asource" value="6"><input type="hidden" value="' . $submissions['ID_ARTICLE'] . '" name="ID_ARTICLE" />
                         <input type="submit" name="submit" value="' . $txt['art446'] . '"></form><div align="center"><a href="' . $scripturl . '?op=Articles;sa=earticle;article=' . $submissions['ID_ARTICLE']. '">
                         ' . $txt['art_edit'] . '</a> | <a href="javascript:DoConfirm(\'' . $txt['art531'] . '\',\'' . $scripturl . '?op=Articles;sa=delarticle;article=' . $submissions['ID_ARTICLE'] . '\')">' . $txt['art_delete'] . '</a></div>
                    </td>';
		}
		//If it has been approved or rejected, just show the summary, and the edit/delete links
		else
		{
			$subconsole = '
                    <td valign="top" align="left" class="windowbg" width="50%">' . $txt['art416'] . $statustext . '<br />' . $txt['art417'] . $submissions['reviewer'] . '<br />' . $txt['art418'] . $moddate . '</td>
                    <td valign="top" align="left" class="windowbg">' . $txt['art412'] . $submissions['comment'] . '</td>
               </tr>
               <tr>
                    <td colspan="2" valign="top" align="left" class="windowbg">' . $txt['art487'] . '<div align="center"><a href="' . $scripturl . '?op=Articles;sa=earticle;article=' . $submissions['ID_ARTICLE']. '">
                         ' . $txt['art_edit'] . '</a> | <a href="javascript:DoConfirm(\'' . $txt['art531'] . '\',\'' . $scripturl . '?op=Articles;sa=delarticle;article=' . $submissions['ID_ARTICLE'] . '\')">' . $txt['art_delete'] . '</a></div>
                    </td>';
		}
	}
	//the person viewing the article has submission rights, and they submitted this particular article
	else if (($subArtsAllowed == 1) && ($ID_MEMBER == $submissions['ID_POSTER']) && (!$user_info['is_guest'])){
          $subconsole = '
               <td valign="top" align="left" class="windowbg" width="50%">' . $txt['art416'] . $statustext . '<br />' . $txt['art417'] . $submissions['reviewer'] . '<br />' . $txt['art418'] . $moddate . '</td>
               <td valign="top" align="left" class="windowbg">' . $txt['art412'] . $submissions['comment'] . '</td>
          </tr>
          <tr>
               <td colspan="2" valign="top" align="center" class="windowbg">' . $txt['art489'] . '<br /><a href="' . $scripturl . '?op=Articles;sa=earticle;article=' . $submissions['ID_ARTICLE']. '">
                    ' . $txt['art_edit'] . '</a> | <a href="javascript:DoConfirm(\'' . $txt['art531'] . '\',\'' . $scripturl . '?op=Articles;sa=delarticle;article=' . $submissions['ID_ARTICLE'] . '\')">' . $txt['art_delete'] . '</a>
               </td>';
	}
	//these guys don't have rights - zero out the values
	else {
		$subconsole = '';
		return '';
	}

	//now we can output everthing
	$controlpanel = $foobar. '
               <table cellpadding="0" cellspacing="0" border="0" width="100%" class="bordercolor" align="center">
               <tr>
                    <td>
                         <table cellpadding="3" cellspacing="1" width="100%">
                         <tr>
                              <td colspan="2" valign="middle" align="left" class="titlebg">' . $txt['art415'] . '</td>
                         </tr>
                         <tr>
                              ' . $subconsole . '
                         </tr>
                         </table>
                    </td>
               </tr>
               </table>';

	return $controlpanel;
}

function archive()
{

	global $context, $settings, $modSettings, $scripturl, $txt, $db_prefix, $ID_MEMBER, $user_info, $sc;

	// Do we get just the sections, or the articles too?
	if (!isset($_REQUEST['section']))
	{

		// Get the Sections. We'll pull them all here, and allow/deny as appropriate with and if/continue combo in the while loop.
	
		$request = db_query("SELECT * FROM {$db_prefix}art_sections ORDER BY position ASC",__FILE__,__LINE__);

		while ($row = mysql_fetch_assoc($request))
		{
			if (GroupPermissions($row['memberGroups']))
			{
				$secs[] = array(
					'secID'		=>		'what up fool',
					'title'		=>		$row['title'],
					'banner'	=>		$row['banner'],
					'image'	=>		!empty($row['banner']) ? '<img src="' . $settings['images_url'] . '/Articles/' . $row['banner'] . '" title="' . $row['title'] . '" alt="' . $row['title'] . '" border="0" style="float: left; padding-right: 2px; padding-bottom: 2px;" />' : '<img src="' . $settings['images_url'] . '/Articles/default.jpg" title="'.$row['title'].'" alt="'.$row['title'].'" border="0" style="float: left; padding-right: 2px; padding-bottom: 2px;" />',
					'href' 		=> 	$scripturl . '?op=Articles;sa=archive;section=' . $row['ID_SECTION'],
					'SecLink'	=>		'<a href="' . $scripturl . '?op=Articles;sa=archive;section=' . $row['ID_SECTION'] .'">' . $row['title'] . '</a>',
				);
			}

			else
			{
				continue;
			}
		}

		if (!$secs)
		{
			$context['arterror'] = $txt['art05'];
		}

		elseif (!empty($secs))
		{
			$context['artsecs'] = $secs;
			$context['iscats'] = true;
		}

		unset ($secs);

		$context['sub_template'] = 'archive_body';
		$context['template_layers'][] = 'Art';
	}

	// Ok, we must need the articles to go with it. Double check to make sure it's numeric!
	elseif (isset($_REQUEST['section']) && is_numeric($_REQUEST['section']))
	{
		// if only one section was selected....
		if (!empty($_REQUEST['section']) && is_numeric($_REQUEST['section']))
			{ $secid = $_REQUEST['section']; }

		elseif (isset($_REQUEST['section']) && !is_numeric($_REQUEST['section']))
			{ $secid = '1'; }
		// ...then setup the query accordingly
		$sec_query = (isset($secid) && $secid >= 0) ? 'AND a.ID_SECTION = ' . $secid : '';

		// if user has reviewing rights, pull articles that have been approved AND are awaiting approval
		if (allowedTo('review_articles'))
		{
			$review_arts = 1;
			$stage = '(a.stage = 0 OR a.stage = 1 OR a.stage = 4)';
			$publish = '';
		}
		else 	// otherwise, only show approved articles
		{
			$review_arts = '';
			$publish = 'AND a.publish = 1';
			$stage = '(a.stage = 1 AND a.reviewFlag = 0)';
		}

		// Make a nice page listed display for the archive.
		if (!isset($_GET['start']) || $_GET['start'] < 0)
		{
			$_GET['start'] = 0;
		}

		$nstart = isset($_GET['start']) ? $_GET['start'] : '0';
		$nend = '50';


		// Ok, we're going to hard code a limit here, or someone would have 1000 results, and unhappy visitors!
		$LIMIT = 'LIMIT ' . $nstart . ', ' . $nend;


		$result = db_query("
			SELECT
				a.ID_ARTICLE, a.ID_SECTION, a.stage, a.publish, a.featureFlag, 
				a.reviewFlag, ac.ID_SECTION, ac.memberGroups
			FROM ({$db_prefix}articles AS a)
				LEFT JOIN {$db_prefix}art_sections AS ac ON (ac.ID_SECTION = a.ID_SECTION)
			WHERE
				$stage
				$sec_query
				$publish
			ORDER BY a.ID_ARTICLE DESC", __FILE__, __LINE__);

			$num_arts = 0;

		while ($row = mysql_fetch_assoc($result))
		{
			if (GroupPermissions($row['memberGroups'])) { $num_arts++; }
		}

		// we're only showing one Article Section, so make the page #'s reflect that. 
		$context['art_pages'] = constructPageIndex($scripturl . '?op=Articles;section='. $secid . ('') . (isset($filter) ? $filter['href'] : ''), $_GET['start'], $num_arts, $nend);
		$context['start'] = $_GET['start'];

		// Ok, we have the page #'s now. Let's get the section info, so we can only display it once.
		$get_sec = db_query("
			SELECT 
				* 
			FROM {$db_prefix}art_sections 
			WHERE 
				ID_SECTION = '$secid' 
			LIMIT 1",__FILE__,__LINE__); 

		while ($cat = mysql_fetch_assoc($get_sec))
		{
			$sec[] = array(
				'image'		=>		!empty($cat['banner']) ? '<img src="' . $settings['images_url'] . '/Articles/' . $cat['banner'] . '" title="' . $cat['title'] . '" alt="' . $cat['title'] . '" border="1" />' : '<img src="' . $settings['images_url'] . '/Articles/default.jpg" title="'.$cat['title'].'" alt="'.$cat['title'].'" border="1" />',
				'title'			=>		!empty($cat['title']) ? $cat['title'] : '',
				'SecLink'		=>		'<a href="' . $scripturl . '?op=Articles;section=' . $row['ID_SECTION'] .'">' . $cat['title'] . '</a>',
				'href'			=>		$scripturl . '?op=Articles;section=' . $cat['ID_SECTION'],
			);
		}
		
		if (!$sec)  // if by chance there aren't any articles, load a message saying that
		{
			$context['arterror'] = $txt['art05'];
		}

		elseif (!empty($sec))
		{
			$context['artsec'] = $sec;
		}		

		// Let's get the articles for the current page (finally)

		$get_arts = db_query("
			SELECT
				a.*, ac.*, mem.realName AS author, mem2.realName AS reviewer
			FROM ({$db_prefix}articles AS a)
				LEFT JOIN {$db_prefix}art_sections AS ac ON (ac.ID_SECTION = a.ID_SECTION)
				LEFT JOIN {$db_prefix}members AS mem ON (mem.ID_MEMBER = a.ID_POSTER)
				LEFT JOIN {$db_prefix}members AS mem2 ON (mem2.ID_MEMBER=a.ID_REVIEWER)
			WHERE
				$stage
				$sec_query
				$publish
			ORDER BY a.dateEntered DESC 
			$LIMIT", __FILE__, __LINE__);

		while ($row = mysql_fetch_assoc($get_arts))
		{
			
			if (GroupPermissions($row['memberGroups'])) 
			{
				// find out the current status if the user is a reviewer
				if ($row['publish'] == 0 && $review_arts)
					$status = $txt['art438'];
				elseif ($review_arts && $row['stage'] != '1')
					$status = statusText($row['stage']);
				else
					$status = '';

				// Build the Article array
				$articlec[] = array(
						'author'		=>		empty($row['ID_POSTER']) ? $row['byline'] : '<a href="' . $scripturl . '?action=profile;u=' . $row['ID_POSTER'] . '">' . $row['author'] . '</a>',
						'heading'		=>		!empty($row['heading']) ? $row['heading'] : '',
						'subheading'	=>		!empty($row['sub_heading']) ? $row['sub_heading'] : '',
						'story'			=>		'<a href="' . $scripturl . '?op=Articles;article=' . $row['ID_ARTICLE'] . '">' . $row['heading'] . '</a> ',
						'time'			=> 	timeformat($row['dateEntered']),
						'href' 			=> 	$scripturl . '?op=Articles;section=' . $row['ID_SECTION'],
						'SecName'		=>		!empty($row['title']) ? $row['title'] : '',
						'SecLink'		=>		'<a href="' . $scripturl . '?op=Articles;section=' . $row['ID_SECTION'] .'">' . $row['title'] . '</a>',
						'ArtLink'		=>		'<a href="' . $scripturl . '?op=Articles;article=' . $row['ID_ARTICLE'] .'">' . $txt['art06'] . '</a>',
						'status' 		=> 	$status,
					); 
			}
			
			else
			{
				continue;
			}

		}

		mysql_free_result($get_arts);

		if (empty($articlec))  // if by chance there aren't any articles, load a message saying that
		{
			$context['arterror'] = $txt['art05'];
		}

		elseif (!empty($articlec))
		{
			$context['sitearticles'] = $articlec;
			$context['isarchive'] = true;
		}
		
		// if one category was selected, add it's name to the page title
		if (isset($secid) && $secid >= '0' && !empty($articlec[0]['SecName']))
		{
			$context['page_title'] .= ' - ' . $articlec[0]['SecName'];
		}

		unset($articlec);

	}
	
	// set the name for the function in the template file
	$context['sub_template'] = 'archive_body';

	
}


// Renamed from articleRules for $sa purposes
function articles2()
{
	global $db_prefix, $ID_MEMBER, $user_info;

	/************************
	*  asource values       *
	*  4 = approve article  *
	*  5 = reject article   *
	*  6 = publish article  *
	*  9 = no submission    *
	************************/

	/*******************
	* workflow values  *
	* 0 = pending      *
	* 1 = approved     *
	* 2 = rejected     *
	* 3 = cancelled    *
	* 4 = resubmitted  *
	*******************/

	/********************
	* publish values    *
	* 1 = publish       *
	* 0 = delay publish *
	********************/

	// SMF doesn't break up the query stirng anymore so wee need to get these from $_REQUEST
	$ID_ARTICLE	= is_numeric($_REQUEST['ID_ARTICLE']) ? $_REQUEST['ID_ARTICLE'] : '';
	$publish	= is_numeric($_REQUEST['publish']) ? $_REQUEST['publish'] : '0';
	$section	= is_numeric($_REQUEST['section']) ? $_REQUEST['section'] : '';
	$asource	= $_REQUEST['asource'];
	$submitted	= $_REQUEST['submitted'];
	$comment	= htmlspecialchars($_REQUEST['comment'], ENT_QUOTES);
	$article_publish	= is_numeric($_REQUEST['article_publish']) ? $_REQUEST['article_publish'] : '0';
	$article_feature	= is_numeric($_REQUEST['article_feature']) ? $_REQUEST['article_feature'] : '0';

	// setup some variables so the queries are easier to process
	$time = time();
	$article_feature = !isset($article_feature) ? '0' : '1';
	$article_publish = !isset($article_publish) ? '0' : '1';

	// figure out who has permissions to do what
	$subArtsAllowed = (AllowedTo('submit_article') == true) ? 1 : 0;
	$revArtsAllowed = (AllowedTo('review_article') == true) ? 1 : 0;

	if ($subArtsAllowed == 1)
	{
		$reviewFlag = 1;
	}
	if (($revArtsAllowed == 1) && (!$user_info['is_guest']))
	{
		$reviewFlag = 0;
	}

	//reviewer clicked the approve button
	if ($asource == 4 && $reviewFlag == 0)
	{
		$request = db_query("UPDATE {$db_prefix}articles SET stage = 1, featureFlag = $article_feature, publish = $article_publish, ID_SECTION = $section, dateModified = $time, ID_REVIEWER = $ID_MEMBER, comment = '$comment' WHERE ID_ARTICLE = $ID_ARTICLE", __FILE__, __LINE__);
	}
	//reviewer clicked the reject button
	else if ($asource == 5 && $reviewFlag == 0) {
		$request = db_query("UPDATE {$db_prefix}articles SET stage = 2, featureFlag = $article_feature, publish = $article_publish, ID_SECTION = $section, dateModified = $time, ID_REVIEWER = $ID_MEMBER, comment = '$comment' WHERE ID_ARTICLE = $ID_ARTICLE", __FILE__, __LINE__);
	}
	//reviewer clicked the publish now button off a delayed publishing
	else if ($asource == 6 && $reviewFlag == 0) {
		$request = db_query("UPDATE {$db_prefix}articles SET publish = 1 WHERE ID_ARTICLE = $ID_ARTICLE", __FILE__, __LINE__);
	}
	else
	{
		//do nothing
	}
	redirectexit('op=Articles;sa=articleIndex', true);
}
?>
Return current item: Enigma