php-e107/submitnews.php

<?php
/*
 * e107 website system
 *
 * Copyright (C) 2008-2013 e107 Inc (e107.org)
 * Released under the terms and conditions of the
 * GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
 *
 */

 
if(!empty($_POST) && !isset($_POST['e-token']))
{
	// set e-token so it can be processed by class2
	$_POST['e-token'] = '';
} 
require_once("class2.php");
include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_'.e_PAGE);

require_once(HEADERF);

if (!isset($pref['subnews_class']))
{
	$pref['subnews_class'] = e_UC_MEMBER;
}


if (!check_class($pref['subnews_class']))
{
	$ns->tablerender(NWSLAN_12, NWSLAN_11);
	require_once(FOOTERF);
	exit;
}


if (!defined("USER_WIDTH")) { define("USER_WIDTH","width:95%"); }


class submitNews
{

	private $minWidth = 1024;
	private $minHeight = 768;


	function __construct()
	{

		$mes = e107::getMessage();

		$minDimensions = e107::pref('core','subnews_attach_minsize',false);

		if(empty($minDimensions))
		{
			$this->minWidth = 0;
			$this->minHeight = 0;
		}
		else
		{
			$tmp = explode('×',$minDimensions);
			$this->minWidth = intval($tmp[0]);
			$this->minHeight = intval($tmp[1]);
		}

		if(isset($_POST['submitnews_submit']) && !empty($_POST['submitnews_title']) && !empty($_POST['submitnews_item']))
		{
			$this->process();
		}

		echo $mes->render();

		$this->form();
	}


	function process()
	{
		$ip = e107::getIPHandler()->getIP(FALSE);
		$tp = e107::getParser();
		$pref = e107::pref('core');
		$sql = e107::getDb();
		$mes = e107::getMessage();

		$fp = new floodprotect;

		if ($fp->flood("submitnews", "submitnews_datestamp") == false)
		{
			e107::redirect();
			exit;
		}

		$submitnews_user  = (USER ? USERNAME  : trim($tp->toDB($_POST['submitnews_name'])));
		$submitnews_email = (USER ? USEREMAIL : trim(check_email($tp->toDB($_POST['submitnews_email']))));
		$submitnews_title = $tp->toDB($_POST['submitnews_title']);
		$submitnews_item  = $tp->toDB($_POST['submitnews_item']);
	//	$submitnews_item  = str_replace("src=&quot;e107_images", "src=&quot;".SITEURL."e107_images", $submitnews_item);
		$submitnews_file  = "";
		$submitnews_error = false;
		$submitnews_filearray = array();

		if (!$submitnews_user || !$submitnews_email)
		{
			$message = SUBNEWSLAN_7;
			$submitnews_error = TRUE;
		}

		// ==== Process File Upload ====
		if (FILE_UPLOADS && !empty($_FILES['file_userfile']) && vartrue($pref['subnews_attach']) && vartrue($pref['upload_enabled']) && check_class($pref['upload_class']))
		{
			$uploaded = e107::getFile()->getUploaded(e_UPLOAD, 'unique', array('file_mask' => 'jpg,gif,png', 'max_file_count' => 3));

			if (empty($uploaded)) // Non-specific error
			{
				$submitnews_error = true;
				$message = SUBNEWSLAN_8;
			}
			else
			{
				foreach($uploaded as $c=>$v)
				{
					// Check if images is too small.
					if(!empty($this->minWidth) && !empty($v['img-width']) && (intval($v['img-width']) < $this->minWidth || intval($v['img-width']) < $this->minHeight))
					{
						//TODO Lan and review wording.
						$mes->addWarning("One of your images has dimensions smaller than ".$this->minWidth."px  x ".$this->minHeight."px. Please correct the attachment and submit the form again. ");

						return false;
					}

					if (varset($uploaded[$c]['error'],0) != 0)
					{
						$submitnews_error = TRUE;
						$message = handle_upload_messages($uploaded);
					}
					else
					{
						if (isset($uploaded[$c]['name']) && isset($uploaded[$c]['type']) && isset($uploaded[$c]['size']))
						{
							$filename = $uploaded[$c]['name'];
							$filetype = $uploaded[$c]['type'];
							$filesize = $uploaded[$c]['size'];
							$fileext  = substr(strrchr($filename, "."), 1);

							$today = getdate();

							$submitnews_file = USERID."_".$today[0]."_".$c."_".str_replace(" ", "_", substr($submitnews_title, 0, 6)).".".$fileext;

							if (is_numeric($pref['subnews_resize']) && ($pref['subnews_resize'] > 30)  && ($pref['subnews_resize'] < 5000))
							{
								require_once(e_HANDLER.'resize_handler.php');

								if (!resize_image(e_UPLOAD.$filename, e_UPLOAD.$submitnews_file, $pref['subnews_resize']))
								{
								  rename(e_UPLOAD.$filename, e_UPLOAD.$submitnews_file);
								}
							}
							elseif ($filename)
							{
								rename(e_UPLOAD.$filename, e_UPLOAD.$submitnews_file);
							}
						}
					}

					if ($filename && file_exists(e_UPLOAD.$submitnews_file))
					{
						$submitnews_filearray[] = $submitnews_file;
					}

				}
			}

		}

		if ($submitnews_error === false)
		{

			$insertQry = array(
				'submitnews_id'             => 0,
				'submitnews_name'           => $submitnews_user,
				'submitnews_email'          => $submitnews_email,
				'submitnews_title'          => $submitnews_title,
				'submitnews_category'       => intval($_POST['cat_id']),
				'submitnews_item'           => $submitnews_item,
				'submitnews_datestamp'      => time(),
				'submitnews_ip'             => $ip,
				'submitnews_auth'           => '0',
				'submitnews_file'           => implode(',',$submitnews_filearray),
				'submitnews_keywords'       => $tp->filter($_POST['submitnews_keywords'], 'str'),
                'submitnews_description'    => $tp->filter($_POST['submitnews_description'], 'str'),
                'submitnews_summary'        => $tp->filter($_POST['submitnews_summary'], 'str'),
                'submitnews_media'          => json_encode($_POST['submitnews_media'],JSON_PRETTY_PRINT)
			);

			if(!$sql->insert("submitnews", $insertQry))
			{
				$mes->addError(LAN_134);
				return false;
			}


		//	$sql->insert("submitnews", "0, '$submitnews_user', '$submitnews_email', '$submitnews_title', '".intval($_POST['cat_id'])."', '$submitnews_item', '".time()."', '$ip', '0', '".implode(',',$submitnews_filearray)."' ");

			$edata_sn = array("user" => $submitnews_user, "email" => $submitnews_email, "itemtitle" => $submitnews_title, "catid" => intval($_POST['cat_id']), "item" => $submitnews_item, "image" => $submitnews_file, "ip" => $ip);

			e107::getEvent()->trigger("subnews", $edata_sn); // bc
			e107::getEvent()->trigger("user_news_submit", $edata_sn);


			$mes->addSuccess(LAN_134);
		//	echo $mes->render();
			unset($_POST);

			// $ns->tablerender(LAN_133, "<div style='text-align:center'>".LAN_134."</div>");

		}
		else
		{
		//	message_handler("P_ALERT", $message);
			$mes->addWarning($message);
		}
	}


	function form()
	{

		$tp = e107::getParser();
		$sql = e107::getDb();
		$ns = e107::getRender();
		$pref = e107::pref('core');
		$frm = e107::getForm();

		$text = "";

		if (!empty($pref['news_subheader']))
		{
			$text .= $tp->toHTML($pref['news_subheader'], true, "BODY");
		}


		$text .= "
			<div>
			  <form id='dataform' method='post' action='".e_SELF."' enctype='multipart/form-data' onsubmit='return frmVerify()'>
			    <table class='table fborder'>";



			if (!USER)
			{
			    $text .= "
				  <tr>
				    <td style='width:20%' class='forumheader3'>".LAN_7."</td>
				    <td style='width:80%' class='forumheader3'>
				      <input class='tbox' type='text' name='submitnews_name' size='60' value='".$tp->toHTML($_POST['submitnew_name'],FALSE,'USER_TITLE')."' maxlength='100' required />
				    </td>
				  </tr>
				  <tr>
				    <td style='width:20%' class='forumheader3'>".LAN_112."</td>
				    <td style='width:80%' class='forumheader3'>
				      <input class='tbox' type='text' name='submitnews_email' size='60' value='".$tp->filter($_POST['submitnews_email'], 'email')."' maxlength='100' required />
				    </td>
				  </tr>";
			}

			$text .= "
			<tr>
			  <td style='width:20%' class='forumheader3'>".NWSLAN_6.": </td>
				<td style='width:80%' class='forumheader3'>";

			if (!$sql->select("news_category"))
			{
				$text .= NWSLAN_10;
			}
			else
			{
				$text .= "<select name='cat_id' class='tbox form-control'>";
				while (list($cat_id, $cat_name, $cat_icon) = $sql->fetch('num'))
				{
					$sel = (varset($_POST['cat_id'],'') == $cat_id) ? "selected='selected'" : "";
					$text .= "<option value='{$cat_id}' {$sel}>".$tp->toHTML($cat_name, FALSE, "defs")."</option>";
				}
				$text .= "</select>";
			}

			$text .= "
			  </td>
			</tr>
			<tr>
			  <td style='width:20%' class='forumheader3'>".LAN_TITLE."</td>
				<td style='width:80%' class='forumheader3'>".e107::getForm()->text('submitnews_title',$tp->toHTML(vartrue($_POST['submitnews_title']),TRUE,'USER_TITLE'),200, array('required'=>1))."
			    </td>
			</tr>
			<tr>
			    <td style='width:20%' class='forumheader3'>".LAN_135."</td>
				<td style='width:80%' class='forumheader3'>
					".e107::getForm()->bbarea('submitnews_item', $tp->toForm(vartrue($_POST['submitnews_item'])),null, null, 'large')."
				</td>
			</tr>
			";



			/*  submitnews_keywords  varchar(255) NOT NULL default '',
  submitnews_description text NOT NULL,
  submitnews_summary text NOT NULL,
  submitnews_media text NOT NULL,
			*/
			$fields = array();
			$fields['submitnews_keywords']      = array('title'=>"Keywords", 'type'=>'tags');
			$fields['submitnews_summary']       = array('title'=>'Summary', 'type'=>'text', 'writeParms'=>array('maxlength'=>255, 'size'=>'xxlarge'));
			$fields['submitnews_description']   = array('title'=>'Meta Description', 'type'=>'textarea','writeParms'=>array('placeholder'=>'Used by Facebook etc.'));
			$fields['submitnews_media']         = array('title'=>'Media URLs', 'type'=>'method', 'method'=>'submitNewsForm::submitnews_media');


			foreach($fields as $key=>$fld)
			{
				$text .= "<tr><td style='width:20%' class='forumheader3'>
							".$fld['title']
							."</td>
							<td style='width:80%' class='forumheader3'>".$frm->renderElement($key, '', $fld)."</td>
						</tr>";

			}

			if ($pref['subnews_attach'] && $pref['upload_enabled'] && check_class($pref['upload_class']) && FILE_UPLOADS)
			{
				  $text .= "
				  <tr>
				    <td style='width:20%' class='forumheader3'>".SUBNEWSLAN_5."<br /><span class='smalltext'>".SUBNEWSLAN_6."</span>";




				   $text .= "
				    </td>
				    <td style='width:80%' class='forumheader3'>

				      <input class='tbox' type='file' name='file_userfile[]' multiple='multiple' />
				      ";

				     if(!empty($this->minWidth))
				   {
				        $text .= "<div class='alert alert-warning'>Minimum Dimensions: ".$this->minWidth."px × ".$this->minHeight."px</div>";
				   }

				      $text .= "
				    </td>
				  </tr>";
			}

			$text .= "
			      <tr>
			        <td colspan='2' style='text-align:center' class='forumheader'>
			          <input class='btn btn-success button' type='submit' name='submitnews_submit' value='".LAN_136."' />
			           <input type='hidden' name='e-token' value='".e_TOKEN."' />
			        </td>
			      </tr>
			    </table>
			  </form>
			</div>";

			$ns->tablerender(LAN_136, $text);


	}




}

class submitNewsForm extends e_form
{

	function submitnews_media($cur, $mode, $att)
	{
		$text = '';

		$placeholders = array(
			'eg. http://www.youtube.com/watch?v=Mxhn11_fzJQ',
			'eg. http://path-to-image/image.jpg',
			'eg. http://path-to-audio/file.mp3'
		);

		for($i = 0; $i <8; $i++)
		{
			$help = (isset($placeholders[$i])) ? $placeholders[$i] : '';
			$text .= "<div class='form-group'>";
			$text .= $this->text('submitnews_media['.$i.']', $_POST['submitnews_media'][$i], 255, array('placeholder'=>$help) );
			$text .= "</div>";
		}

		return $text;

	}


}


new submitNews;


if(!vartrue($pref['subnews_htmlarea'])) // check after bbarea is called.
{
	e107::wysiwyg(false);
}

require_once(FOOTERF);



?>