b2evolution PHP Cross Reference Blogging Systems

Source: /htsrv/anon_async.php - 913 lines - 27856 bytes - Summary - Text - Print

Description: This is the handler for ANONYMOUS (non logged in) asynchronous 'AJAX' calls. This file is part of the evoCore framework - {@link http://evocore.net/} See also {@link http://sourceforge.net/projects/evocms/}.

   1  <?php
   2  /**
   3   * This is the handler for ANONYMOUS (non logged in) asynchronous 'AJAX' calls.
   4   *
   5   * This file is part of the evoCore framework - {@link http://evocore.net/}
   6   * See also {@link http://sourceforge.net/projects/evocms/}.
   7   *
   8   * @copyright (c)2003-2014 by Francois Planque - {@link http://fplanque.com/}
   9   *
  10   * {@internal License choice
  11   * - If you have received this file as part of a package, please find the license.txt file in
  12   *   the same folder or the closest folder above for complete license terms.
  13   * - If you have received this file individually (e-g: from http://evocms.cvs.sourceforge.net/)
  14   *   then you must choose one of the following licenses before using the file:
  15   *   - GNU General Public License 2 (GPL) - http://www.opensource.org/licenses/gpl-license.php
  16   *   - Mozilla Public License 1.1 (MPL) - http://www.opensource.org/licenses/mozilla1.1.php
  17   * }}
  18   *
  19   * {@internal Open Source relicensing agreement:
  20   * }}
  21   *
  22   * @package evocore
  23   *
  24   * @version $Id: anon_async.php 6136 2014-03-08 07:59:48Z manuel $
  25   */
  26  
  27  
  28  /**
  29   * Do the MAIN initializations:
  30   */
  31  require_once dirname(__FILE__).'/../conf/_config.php';
  32  
  33  require_once $inc_path.'_main.inc.php';
  34  
  35  load_funcs( '../inc/skins/_skin.funcs.php' );
  36  
  37  global $skins_path, $ads_current_skin_path, $disp, $ctrl;
  38  param( 'action', 'string', '' );
  39  $item_ID = param( 'p', 'integer' );
  40  $blog_ID = param( 'blog', 'integer' );
  41  
  42  // Make sure the async responses are never cached:
  43  header_nocache();
  44  header_content_type( 'text/html', $io_charset );
  45  
  46  // Save current debug values
  47  $current_debug = $debug;
  48  $current_debug_jslog = $debug_jslog;
  49  
  50  // Do not append Debuglog to response!
  51  $debug = false;
  52  
  53  // Do not append Debug JSlog to response!
  54  $debug_jslog = false;
  55  
  56  // Init AJAX log
  57  $Ajaxlog = new Log();
  58  
  59  $Ajaxlog->add( sprintf( 'action: %s', $action ), 'note' );
  60  
  61  $params = param( 'params', 'array', array() );
  62  switch( $action )
  63  {
  64      case 'get_comment_form':
  65          // display comment form
  66          $ItemCache = & get_ItemCache();
  67          $Item = $ItemCache->get_by_ID( $item_ID );
  68          $BlogCache = & get_BlogCache();
  69          $Blog = $BlogCache->get_by_ID( $blog_ID );
  70  
  71          locale_activate( $Blog->get('locale') );
  72  
  73          // Re-Init charset handling, in case current_charset has changed:
  74          if( init_charsets( $current_charset ) )
  75          {
  76              // Reload Blog(s) (for encoding of name, tagline etc):
  77              $BlogCache->clear();
  78              $Blog = & $BlogCache->get_by_ID( $blog_ID );
  79          }
  80  
  81          $disp = param( 'disp', '/^[a-z0-9\-_]+$/', '' );
  82          $skin = '';
  83          $blog_skin_ID = $Blog->get_skin_ID();
  84          if( !empty( $blog_skin_ID ) )
  85          { // check if Blog skin has specific comment form
  86              $SkinCache = & get_SkinCache();
  87              $Skin = & $SkinCache->get_by_ID( $blog_skin_ID );
  88              $skin = $Skin->folder.'/';
  89              $ads_current_skin_path = $skins_path.$skin;
  90              if( ! file_exists( $skins_path.$skin.'_item_comment_form.inc.php' ) )
  91              {
  92                  $skin = '';
  93              }
  94          }
  95  
  96          require $skins_path.$skin.'_item_comment_form.inc.php';
  97          break;
  98  
  99  
 100      case 'get_msg_form':
 101          // display send message form
 102          $recipient_id = param( 'recipient_id', 'integer', 0 );
 103          $recipient_name = param( 'recipient_name', 'string', '' );
 104          $subject = param( 'subject', 'string', '' );
 105          $email_author = param( 'email_author', 'string', '' );
 106          $email_author_address = param( 'email_author_address', 'string', '' );
 107          $redirect_to = param( 'redirect_to', 'url', '' );
 108          $post_id = NULL;
 109          $comment_id = param( 'comment_id', 'integer', 0 );
 110          $BlogCache = & get_BlogCache();
 111          $Blog = $BlogCache->get_by_ID( $blog_ID );
 112  
 113          locale_activate( $Blog->get('locale') );
 114  
 115          // Re-Init charset handling, in case current_charset has changed:
 116          if( init_charsets( $current_charset ) )
 117          {
 118              // Reload Blog(s) (for encoding of name, tagline etc):
 119              $BlogCache->clear();
 120              $Blog = & $BlogCache->get_by_ID( $blog_ID );
 121          }
 122  
 123          if( $recipient_id > 0 )
 124          { // Get identity link for existed users
 125              $RecipientCache = & get_UserCache();
 126              $Recipient = $RecipientCache->get_by_ID( $recipient_id );
 127              $recipient_link = $Recipient->get_identity_link( array( 'link_text' => 'nickname' ) );
 128          }
 129          else if( $comment_id > 0 )
 130          { // Anonymous Users
 131              $gender_class = '';
 132              if( check_setting( 'gender_colored' ) )
 133              { // Set a gender class if the setting is ON
 134                  $gender_class = ' nogender';
 135              }
 136              $recipient_link = '<span class="user anonymous'.$gender_class.'" rel="bubbletip_comment_'.$comment_id.'">'.$recipient_name.'</span>';
 137          }
 138  
 139          require $skins_path.'_contact_msg.form.php';
 140          break;
 141  
 142  
 143      case 'get_user_bubbletip':
 144          // Get contents of a user bubbletip
 145          // Displays avatar & name
 146          $user_ID = param( 'userid', 'integer', 0 );
 147          $comment_ID = param( 'commentid', 'integer', 0 );
 148  
 149          if( strpos( $_SERVER["HTTP_REFERER"], $admin_url ) !== false )
 150          {    // If ajax is requested from admin page we should to set a variable $is_admin_page = true if user has permissions
 151              // Check global permission:
 152              if( empty($current_User) || ! $current_User->check_perm( 'admin', 'restricted' ) )
 153              {    // No permission to access admin...
 154                  require $adminskins_path.'_access_denied.main.php';
 155              }
 156              else
 157              {    // Set this page as admin page
 158                  $is_admin_page = true;
 159              }
 160          }
 161  
 162          if( $blog_ID > 0 )
 163          {    // Get Blog if ID is set
 164              $BlogCache = & get_BlogCache();
 165              $Blog = $BlogCache->get_by_ID( $blog_ID );
 166          }
 167  
 168          if( $user_ID > 0 )
 169          {    // Print info of the registered users
 170              $UserCache = & get_UserCache();
 171              $User = & $UserCache->get_by_ID( $user_ID );
 172  
 173              $Ajaxlog->add( 'User: #'.$user_ID.' '.$User->login );
 174  
 175              echo '<div class="bubbletip_user">';
 176  
 177              if( $User->check_status( 'is_closed' ) )
 178              { // display only info about closed accounts
 179                  echo T_( 'This account has been closed.' );
 180                  echo '</div>'; /* end of: <div class="bubbletip_user"> */
 181                  break;
 182              }
 183  
 184              $avatar_overlay_text = '';
 185              $link_overlay_class = '';
 186              if( is_admin_page() )
 187              {    // Set avatar size for Back-office
 188                  $avatar_size = $Settings->get('bubbletip_size_admin');
 189              }
 190              else if( is_logged_in() )
 191              {    // Set avatar size for logged in users in the Front-office
 192                  $avatar_size = $Settings->get('bubbletip_size_front');
 193              }
 194              else
 195              {    // Set avatar size for Anonymous users
 196                  $avatar_size = $Settings->get('bubbletip_size_anonymous');
 197                  $avatar_overlay_text = $Settings->get('bubbletip_overlay');
 198                  $link_overlay_class = 'overlay_link';
 199              }
 200  
 201              $width = $thumbnail_sizes[$avatar_size][1];
 202              $height = $thumbnail_sizes[$avatar_size][2];
 203              // Display user avatar with login
 204              // Attributes 'w' & 'h' we use for following js-scale div If image is downloading first time (Fix bubbletip)
 205              echo '<div class="center" w="'.$width.'" h="'.$height.'">';
 206              echo get_avatar_imgtag( $User->login, true, true, $avatar_size, 'avatar_above_login', '', $avatar_overlay_text, $link_overlay_class );
 207              echo '</div>';
 208  
 209              // Additional user info
 210              $user_info = array();
 211  
 212              // Preferred Name
 213              if( $User->get_preferred_name() != $User->login )
 214              {
 215                  $user_info[] = $User->get_preferred_name();
 216              }
 217  
 218              // Location
 219              $location = array();
 220              if( !empty( $User->city_ID ) )
 221              {    // City
 222                  $location[] = $User->get_city_name( false );
 223              }
 224              if( !empty( $User->subrg_ID ) )
 225              {    // Subregion
 226                  if( !is_logged_in() )
 227                  {    // Display subregion for not logged in users
 228                      $location[] = $User->get_subregion_name();
 229                  }
 230                  else if( $current_User->subrg_ID != $User->subrg_ID )
 231                  {    // If subregions are different
 232                      $location[] = $User->get_subregion_name();
 233                  }
 234              }
 235              if( !empty( $User->rgn_ID ) )
 236              {    // Region
 237                  if( !is_logged_in() )
 238                  {    // Display region for not logged in users
 239                      $location[] = $User->get_region_name();
 240                  }
 241                  else if( $current_User->rgn_ID != $User->rgn_ID )
 242                  {    // If regions are different
 243                      $location[] = $User->get_region_name();
 244                  }
 245              }
 246              if( !empty( $User->ctry_ID ) )
 247              {    // Country
 248                  if( !is_logged_in() )
 249                  {    // Display country for not logged in users
 250                      $location[] = $User->get_country_name();
 251                  }
 252                  else if( $current_User->ctry_ID != $User->ctry_ID )
 253                  {    // If countries are different
 254                      $location[] = $User->get_country_name();
 255                  }
 256              }
 257              if( !empty( $location ) )
 258              {    // Set location info
 259                  $user_info[] = implode( '<br />', $location );
 260              }
 261  
 262              // Age group
 263              if( !empty( $User->age_min ) && !empty( $User->age_max ) && $User->age_min != $User->age_max )
 264              {
 265                  $user_info[] = sprintf( T_('%d to %d years old '), $User->age_min, $User->age_max );
 266              }
 267              else if( !empty( $User->age_min ) || !empty( $User->age_max ) )
 268              {    // Min age equals max age
 269                  $age = !empty( $User->age_min ) ? $User->age_min : $User->age_max;
 270                  $user_info[] = sprintf( T_('%d years old '), $age );
 271              }
 272  
 273              if( !empty( $user_info ) )
 274              {    // Display additional user info
 275                  echo '<ul>';
 276                  foreach( $user_info as $info )
 277                  {
 278                      echo '<li>'.$info.'</li>';
 279                  }
 280                  echo '</ul>';
 281              }
 282  
 283              echo '</div>'; /* end of: <div class="bubbletip_user"> */
 284          }
 285          else if( $comment_ID > 0 )
 286          {    // Print info for an anonymous user who posted a comment
 287              $CommentCache = & get_CommentCache();
 288              $Comment = $CommentCache->get_by_ID( $comment_ID );
 289  
 290              $Ajaxlog->add( 'Comment: #'.$comment_ID.' '.$Comment->get_author_name() );
 291  
 292              echo '<div class="bubbletip_anon">';
 293  
 294              echo $Comment->get_avatar( 'fit-160x160', 'bCommentAvatarCenter' );
 295              echo '<div>'.$Comment->get_author_name_anonymous().'</div>';
 296              echo '<div>'.T_('This user is not registered on this site.').'</div>';
 297              echo $Comment->get_author_url_link( '', '<div>', '</div>');
 298  
 299              if( isset( $Blog ) )
 300              {    // Link to send message
 301                  echo '<div>';
 302                  $Comment->msgform_link( $Blog->get('msgformurl'), '', '', get_icon( 'email', 'imgtag' ).' '.T_('Send a message') );
 303                  echo '</div>';
 304              }
 305              echo '</div>';
 306          }
 307          else
 308          { // user_ID and comment_ID are both null, this can happen when the user was deleted
 309              echo '<div class="bubbletip_user">';
 310              echo T_( 'This account has been deleted.' );
 311              echo '</div>';
 312              break;
 313          }
 314  
 315          break;
 316  
 317  
 318      case 'set_comment_vote':
 319          // Used for quick SPAM vote of comments
 320          // Check that this action request is not a CSRF hacked request:
 321          $Session->assert_received_crumb( 'comment' );
 322  
 323          if( !is_logged_in( false ) )
 324          { // Only active logged in users can vote
 325              break;
 326          }
 327  
 328          // Check permission for spam voting
 329          $current_User->check_perm( 'blog_vote_spam_comments', 'edit', true, param( 'blogid', 'integer' ) );
 330  
 331          $type = param( 'type', 'string' );
 332          $commentid = param( 'commentid', 'integer' );
 333          if( $type != 'spam' || empty( $commentid ) )
 334          {    // Incorrect params
 335              break;
 336          }
 337  
 338          $edited_Comment = & Comment_get_by_ID( $commentid, false );
 339          if( $edited_Comment !== false )
 340          { // The comment still exists
 341              if( $current_User->ID == $edited_Comment->author_user_ID )
 342              { // Do not allow users to vote on their own comments
 343                  break;
 344              }
 345  
 346              $edited_Comment->set_vote( 'spam', param( 'vote', 'string' ) );
 347              $edited_Comment->dbupdate();
 348              $edited_Comment->vote_spam( '', '', '&amp;', true, true, array( 'display' => true ) );
 349          }
 350  
 351          break;
 352  
 353      case 'voting':
 354          // Actions for voting by AJAX
 355  
 356          // Check that this action request is not a CSRF hacked request:
 357          $Session->assert_received_crumb( 'voting' );
 358  
 359          if( !is_logged_in( false ) )
 360          { // Only active logged in users can vote
 361              break;
 362          }
 363  
 364          param( 'vote_action', 'string', '' );
 365          param( 'vote_type', 'string', '' );
 366          param( 'vote_ID', 'string', 0 );
 367          param( 'checked', 'integer', 0 );
 368          param( 'redirect_to', 'url', '' );
 369  
 370          $Ajaxlog->add( sprintf( 'vote action: %s', $vote_action ), 'note' );
 371          $Ajaxlog->add( sprintf( 'vote type: %s', $vote_type ), 'note' );
 372          $Ajaxlog->add( sprintf( 'vote ID: %s', $vote_ID ), 'note' );
 373  
 374          $voting_form_params = array(
 375                  'vote_type' => $vote_type,
 376              );
 377  
 378          switch( $vote_type )
 379          {
 380              case 'file':
 381                  // Vote on pictures
 382  
 383                  $file_ID = preg_replace( '/f(\d+)/i', '$1', $vote_ID );
 384                  if( empty( $file_ID ) )
 385                  { // No file ID
 386                      break 2;
 387                  }
 388  
 389                  $FileCache = & get_FileCache();
 390                  $File = $FileCache->get_by_ID( $file_ID, false );
 391                  if( !$File )
 392                  { // Incorrect file ID
 393                      break 2;
 394                  }
 395  
 396                  if( empty( $File->hash ) )
 397                  { // File hash still is not defined, we should create and save it
 398                      $File->set_param( 'hash', 'string', md5_file( $File->get_full_path() ) );
 399                      $File->dbsave();
 400                  }
 401  
 402                  if( !empty( $vote_action ) )
 403                  { // Vote for this file
 404                      file_vote( $file_ID, $current_User->ID, $vote_action, $checked );
 405                  }
 406  
 407                  $voting_form_params['vote_ID'] = $file_ID;
 408  
 409                  if( empty( $vote_action ) || in_array( $vote_action, array( 'like', 'noopinion', 'dontlike' ) ) )
 410                  { // Display a voting form if no action
 411                      // or Refresh a voting form only for these actions (in order to disable icons)
 412                      display_voting_form( $voting_form_params );
 413                  }
 414                  break;
 415  
 416              case 'comment':
 417                  // Vote on comments
 418  
 419                  $comment_ID = (int)$vote_ID;
 420                  if( empty( $comment_ID ) )
 421                  { // No comment ID
 422                      break 2;
 423                  }
 424  
 425                  $CommentCache = & get_CommentCache();
 426                  $Comment = $CommentCache->get_by_ID( $comment_ID, false );
 427                  if( !$Comment )
 428                  { // Incorrect comment ID
 429                      break 2;
 430                  }
 431  
 432                  if( $current_User->ID == $Comment->author_user_ID )
 433                  { // Do not allow users to vote on their own comments
 434                      break 2;
 435                  }
 436  
 437                  $comment_Item = & $Comment->get_Item();
 438                  $comment_Item->load_Blog();
 439  
 440                  if( ! $comment_Item->Blog->get_setting('allow_rating_comment_helpfulness') )
 441                  { // If Users cannot vote
 442                      break 2;
 443                  }
 444  
 445                  if( !empty( $vote_action ) )
 446                  { // Vote for this comment
 447                      switch( $vote_action )
 448                      { // Set field value
 449                          case 'like':
 450                              $field_value = 'yes';
 451                              break;
 452  
 453                          case 'dontlike':
 454                              $field_value = 'no';
 455                              break;
 456                      }
 457  
 458                      if( isset( $field_value ) )
 459                      { // Update a vote of current user
 460                          $Comment->set_vote( 'helpful', $field_value );
 461                          $Comment->dbupdate();
 462                      }
 463                  }
 464  
 465                  if( !empty( $redirect_to ) )
 466                  { // Redirect to back page, It is used by browsers without JavaScript
 467                      header_redirect( $redirect_to, 303 ); // Will EXIT
 468                      // We have EXITed already at this point!!
 469                  }
 470  
 471                  $Comment->vote_helpful( '', '', '&amp;', true, true );
 472                  break;
 473          }
 474          break;
 475  
 476      case 'get_user_new_field':
 477          // Used in the identity user form to add a new field
 478          $field_ID = param( 'field_id', 'integer', 0 );
 479          $user_ID = param( 'user_id', 'integer', 0 );
 480  
 481          if( $field_ID == 0 )
 482          {    // Bad request
 483              break;
 484          }
 485  
 486          $userfields = $DB->get_results( '
 487              SELECT ufdf_ID, "0" AS uf_ID, ufdf_type, ufdf_name, "" AS uf_varchar, ufdf_required, ufdf_options, ufdf_suggest, ufdf_duplicated, ufgp_ID, ufgp_name
 488                  FROM T_users__fielddefs
 489                  LEFT JOIN T_users__fieldgroups ON ufgp_ID = ufdf_ufgp_ID
 490              WHERE ufdf_ID = "'.$field_ID.'"' );
 491  
 492          if( $userfields[0]->ufdf_duplicated == 'forbidden' )
 493          {    // This field can be only one instance for one user
 494              echo '[0]'; // not duplicated field
 495  
 496              $user_field_exist = $DB->get_var( '
 497                  SELECT uf_ID
 498                      FROM T_users__fields
 499                  WHERE uf_user_ID = "'.$user_ID.'" AND uf_ufdf_ID = "'.$field_ID.'"' );
 500              if( $user_field_exist > 0 )
 501              {    // User already has a current field type
 502                  break;
 503              }
 504          }
 505          else
 506          {    // It Means: this field can be duplicated
 507              echo '[1]';
 508          }
 509  
 510          $Form = new Form();
 511          $Form->fieldstart = '#fieldstart#';
 512          $Form->fieldend = '#fieldend#';
 513          $Form->labelstart = '#labelstart#';
 514          $Form->labelend = '#labelend#';
 515          $Form->inputstart = '#inputstart#';
 516          $Form->inputend = '#inputend#';
 517  
 518          userfields_display( $userfields, $Form, 'add', false );
 519  
 520          break;
 521  
 522      case 'get_user_field_autocomplete':
 523          // Used for autocompletion of the user field
 524  
 525          /**
 526           * Possible values of var $attr_id
 527           * 1) 111 - this goes from filter search, it is ufdf_ID
 528           * 2) uf_new_222_ - field from identity form ( doesn't still exist in DB (recommened & required fields) )
 529           * 3) uf_add_222_ - field from identity form ( user want add this field )
 530           *             where 222 == ufdf_ID
 531           * 4) uf_333 - field exists in DB (where 333 == uf_ID from table T_users__fields)
 532          */
 533          $attr_id = param( 'attr_id', 'string' );
 534          $term = param( 'term', 'string' );
 535  
 536          $field_type_id = 0;
 537          if( (int)$attr_id > 0 )
 538          {    // From filter 'Specific criteria'
 539              $field_type_id = (int)$attr_id;
 540          }
 541          else if( preg_match( '/^uf_(new|add)_(\d+)_/i', $attr_id, $match ) )
 542          {    // From new fields we can get the value for uf_ufdf_ID
 543              $field_type_id = (int)$match[2];
 544          }
 545          else if( preg_match( '/^uf_(\d+)$/i', $attr_id, $match ) )
 546          {    // From fields in DB we can get only uf_ID, then we should get a value uf_ufdf_ID from DB
 547              $field_id = (int)$match[1];
 548              $field_type_id = $DB->get_var( '
 549                  SELECT uf_ufdf_ID
 550                    FROM T_users__fields
 551                   WHERE uf_ID = "'.$field_id.'"' );
 552          }
 553  
 554          if( $field_type_id == 0 )
 555          {    // Bad request
 556              break;
 557          }
 558  
 559          echo evo_json_encode( $DB->get_col( '
 560              SELECT DISTINCT ( uf_varchar )
 561                FROM T_users__fields
 562               WHERE uf_varchar LIKE '.$DB->quote('%'.$term.'%').'
 563                 AND uf_ufdf_ID = "'.$field_type_id.'"
 564               ORDER BY uf_varchar' ) );
 565  
 566          exit(0); // Exit here in order to don't display the AJAX debug info after JSON formatted data
 567  
 568          break;
 569  
 570      case 'get_widget_login_hidden_fields':
 571          // get the loginform crumb, the password encryption salt, and the Session ID
 572          $pwd_salt = $Session->get('core.pwd_salt');
 573          if( empty($pwd_salt) )
 574          { // Session salt is not generated yet, needs to generate
 575              $pwd_salt = generate_random_key(64);
 576              $Session->set( 'core.pwd_salt', $pwd_salt, 86400 /* expire in 1 day */ );
 577              $Session->dbsave(); // save now, in case there's an error later, and not saving it would prevent the user from logging in.
 578          }
 579          // display result to return
 580          echo get_crumb( 'loginform' ).' '.$pwd_salt.' '.$Session->ID;
 581          break;
 582  
 583      case 'get_userfields_criteria':
 584          // Get fieldset for users filter by Specific criteria
 585          $Form = new Form();
 586          $Form->switch_layout( 'blockspan' );
 587  
 588          echo '<br />';
 589          $Form->output = false;
 590          $criteria_input = $Form->text( 'criteria_value[]', '', 17, '', '', 50 );
 591          $criteria_input .= get_icon( 'add', 'imgtag', array( 'rel' => 'add_criteria' ) );
 592          $Form->output = true;
 593  
 594          global $user_fields_empty_name;
 595          $user_fields_empty_name = T_('Select...');
 596  
 597          $Form->select( 'criteria_type[]', '', 'callback_options_user_new_fields', T_('Specific criteria'), $criteria_input );
 598  
 599          break;
 600  
 601      case 'get_regions_option_list':
 602          // Get option list with regions by selected country
 603          $country_ID = param( 'ctry_id', 'integer', 0 );
 604          $region_ID = param( 'rgn_id', 'integer', 0 );
 605          $page = param( 'page', 'string', '' );
 606          $mode = param( 'mode', 'string', '' );
 607  
 608          $params = array();
 609          if( $page == 'edit' )
 610          {
 611              $params['none_option_text'] = T_( 'Unknown' );
 612          }
 613  
 614          load_funcs( 'regional/model/_regional.funcs.php' );
 615          echo get_regions_option_list( $country_ID, 0, $params );
 616  
 617          if( $mode == 'load_subregions' || $mode == 'load_all' )
 618          {    // Load also the subregions
 619              echo '-##-'.get_subregions_option_list( $region_ID, 0, $params );
 620          }
 621          if( $mode == 'load_all' )
 622          {    // Load also the cities
 623              echo '-##-'.get_cities_option_list( $country_ID, $region_ID, 0, 0, $params );
 624          }
 625  
 626          break;
 627  
 628      case 'get_subregions_option_list':
 629          // Get option list with sub-regions by selected region
 630          $country_ID = param( 'ctry_id', 'integer', 0 );
 631          $region_ID = param( 'rgn_id', 'integer', 0 );
 632          $page = param( 'page', 'string', '' );
 633          $mode = param( 'mode', 'string', '' );
 634  
 635          $params = array();
 636          if( $page == 'edit' )
 637          {
 638              $params['none_option_text'] = T_( 'Unknown' );
 639          }
 640  
 641          load_funcs( 'regional/model/_regional.funcs.php' );
 642          echo get_subregions_option_list( $region_ID, 0, $params );
 643  
 644          if( $mode == 'load_all' )
 645          {    // Load also the cities
 646              echo '-##-'.get_cities_option_list( $country_ID, $region_ID, 0, 0, $params );
 647          }
 648  
 649          break;
 650  
 651      case 'get_cities_option_list':
 652          // Get option list with cities by selected country, region or sub-region
 653          $country_ID = param( 'ctry_id', 'integer', 0 );
 654          $region_ID = param( 'rgn_id', 'integer', 0 );
 655          $subregion_ID = param( 'subrg_id', 'integer', 0 );
 656          $page = param( 'page', 'string', '' );
 657  
 658          $params = array();
 659          if( $page == 'edit' )
 660          {
 661              $params['none_option_text'] = T_( 'Unknown' );
 662          }
 663  
 664          load_funcs( 'regional/model/_regional.funcs.php' );
 665          echo get_cities_option_list( $country_ID, $region_ID, $subregion_ID, 0, $params );
 666  
 667          break;
 668  
 669      case 'get_field_bubbletip':
 670          // Get info for user field
 671          $field_ID = param( 'field_ID', 'integer', 0 );
 672  
 673          if( $field_ID > 0 )
 674          {    // Get field info from DB
 675              $field = $DB->get_row( '
 676                  SELECT ufdf_bubbletip, ufdf_duplicated
 677                    FROM T_users__fielddefs
 678                   WHERE ufdf_ID = '.$DB->quote( $field_ID ) );
 679  
 680              if( is_null( $field ) )
 681              {    // No field in DB
 682                  break;
 683              }
 684  
 685              if( !empty( $field->ufdf_bubbletip ) )
 686              {    // Field has a defined bubbletip text
 687                  $field_info = nl2br( $field->ufdf_bubbletip );
 688              }
 689              else if( in_array( $field->ufdf_duplicated, array( 'allowed', 'list' ) ) )
 690              {    // Default info for fields with multiple values
 691                  $field_info = T_('To enter multiple values,<br />please click on (+)');
 692              }
 693          }
 694  
 695          if( !empty( $field_info ) )
 696          {    // Replace mask text (+) with img tag
 697              echo str_replace( '(+)', get_icon( 'add' ), $field_info );
 698          }
 699  
 700          break;
 701  
 702      case 'collapse_filter':
 703      case 'expand_filter':
 704          // Save a value of state(collapse/expand) of the current filter
 705          param( 'target', 'string', '' );
 706          if( !empty( $target ) )
 707          {    // We want to record a 'collapse'/'expand' value:
 708              $target_status = $action == 'collapse_filter' ? 'collapsed' : 'expanded';
 709              if( preg_match( '/_(filters|colselect)$/', $target ) )
 710              {    // accept all _filters and _colselect open/close requests!
 711                  // We have a valid value:
 712                  $Session->set( $target, $target_status );
 713              }
 714              else
 715              {    // Warning: you may not see this on AJAX calls
 716                  $Ajaxlog->add( 'Cannot ['.$target_status.'] unknown param ['.$target.']', 'error' );
 717              }
 718          }
 719          break;
 720  
 721      case 'validate_login':
 722          // Validate if username is available
 723          param( 'login', 'string', '' );
 724          if( !empty( $login ) )
 725          {
 726              $SQL = new SQL( 'Validate if username is available' );
 727              $SQL->SELECT( 'user_ID' );
 728              $SQL->FROM( 'T_users' );
 729              $SQL->WHERE( 'user_login = "'.$DB->escape( $login ).'"' );
 730              if( $DB->get_var( $SQL->get() ) )
 731              {    // Login already exists
 732                  echo 'exists';
 733              }
 734              else
 735              {    // Login is available
 736                  echo 'available';
 737              }
 738          }
 739          break;
 740  
 741      case 'results':
 742          // Refresh a results table (To change page, page size, an order)
 743  
 744          /**
 745           * Variable to define a current request as ajax content
 746           * It is used to don't display a wrapper data such as header, footer and etc.
 747           * @see is_ajax_content()
 748           *
 749           * @var boolean
 750           */
 751          $ajax_content_mode = true;
 752  
 753          // get callback function param, this function will display the results content
 754          $callback_function = param( 'callback_function', 'string', '' );
 755          if( param( 'is_backoffice', 'integer', 0 ) )
 756          {
 757              global $current_User, $UserSettings, $is_admin_page;
 758              $admin_skin = $UserSettings->get( 'admin_skin', $current_User->ID );
 759              $params = array( 'skin_type' => 'admin', 'skin_name' => $admin_skin );
 760              $is_admin_page = true;
 761              /**
 762               * Load the AdminUI class for the skin.
 763               */
 764              require_once $adminskins_path.$admin_skin.'/_adminUI.class.php';
 765              $AdminUI = new AdminUI();
 766  
 767              // Get the requested params and memorize it to make correct links for paging, ordering and etc.
 768              param( 'ctrl', '/^[a-z0-9_]+$/', $default_ctrl, true );
 769              param( 'blog', 'integer', NULL, true );
 770              $ReqPath = $admin_url;
 771          }
 772          else
 773          {
 774              $BlogCache = &get_BlogCache();
 775              $Blog = & $BlogCache->get_by_ID( $blog_ID, true );
 776              $skin_ID = $Blog->get_skin_ID();
 777              $SkinCache = & get_SkinCache();
 778              $Skin = & $SkinCache->get_by_ID( $skin_ID );
 779              $params = array( 'skin_type' => 'front', 'skin_name' => $Skin->folder );
 780          }
 781  
 782          // load required resource for each callback function
 783          switch( $callback_function )
 784          {
 785              case 'hits_results_block':
 786                  load_funcs('sessions/model/_hitlog.funcs.php');
 787                  break;
 788  
 789              case 'items_created_results_block':
 790              case 'items_edited_results_block':
 791              case 'comments_results_block':
 792              case 'threads_results_block':
 793              case 'user_reports_results_block':
 794              case 'blogs_results_block':
 795              case 'items_list_block_by_page':
 796              case 'items_manual_results_block':
 797                  break;
 798  
 799              default:
 800                  $Ajaxlog->add( 'Incorrect callback function name!', 'error' );
 801                  debug_die( 'Incorrect callback function!' );
 802          }
 803  
 804          // Call the requested callback function to display the results
 805          call_user_func( $callback_function, $params );
 806          break;
 807  
 808      case 'get_recipients':
 809          // Get list of users by search word
 810          // Used for jQuery Tokeninput plugin ( when creating new messaging Thread )
 811  
 812          if( !is_logged_in() || !$current_User->check_perm( 'perm_messaging', 'reply' ) )
 813          {    // Check permission: User is not allowed to view threads
 814              exit(0);
 815          }
 816  
 817          if( check_create_thread_limit() )
 818          {    // user has already reached his limit, don't allow to get a users list
 819              exit(0);
 820          }
 821  
 822          param( 'term', 'string' );
 823  
 824          // Clear users cache and load only possible recipients who need right now, but keep shadow
 825          $where_condition = '( user_login LIKE '.$DB->quote( '%'.$term.'%' ).' ) AND ( user_ID != '.$DB->quote( $current_User->ID ).' )';
 826          $UserCache = & get_UserCache();
 827          $UserCache->clear( true );
 828          $UserCache->load_where( $where_condition );
 829  
 830          $result_users = array();
 831          while( ( $iterator_User = & $UserCache->get_next() ) != NULL )
 832          { // Iterate through UserCache
 833              if( !$iterator_User->check_status( 'can_receive_pm' ) )
 834              { // this user is probably closed so don't show it
 835                  continue;
 836              }
 837              $result_users[] = array(
 838                  'id'       => $iterator_User->ID,
 839                  'title'    => $iterator_User->get( 'login' ),
 840                  'fullname' => $iterator_User->get( 'fullname' ),
 841                  'picture'  => $iterator_User->get_avatar_imgtag( 'crop-top-32x32' )
 842              );
 843          }
 844  
 845          echo evo_json_encode( $result_users );
 846          exit(0);
 847  
 848      case 'moderate_comment':
 849          // Used for quick moderation of comments in front-office
 850  
 851          // Check that this action request is not a CSRF hacked request:
 852          $Session->assert_received_crumb( 'comment' );
 853  
 854          if( !is_logged_in() )
 855          { // Only logged in users can moderate comments
 856              break;
 857          }
 858  
 859          // Check comment moderate permission below after we have the $edited_Comment object
 860  
 861          $blog = param( 'blogid', 'integer' );
 862          $status = param( 'status', 'string' );
 863          $edited_Comment = & Comment_get_by_ID( param( 'commentid', 'integer' ), false );
 864          if( $edited_Comment !== false )
 865          { // The comment still exists
 866              // Check permission:
 867              $current_User->check_perm( 'comment!'.$status, 'moderate', true, $edited_Comment );
 868  
 869              $redirect_to = param( 'redirect_to', 'url', NULL );
 870  
 871              $edited_Comment->set( 'status', $status );
 872              // Comment moderation is done, handle moderation "secret"
 873              $edited_Comment->handle_qm_secret();
 874              if( $edited_Comment->dbupdate() !== false )
 875              {
 876                  if( $status == 'published' )
 877                  {
 878                      $edited_Comment->handle_notifications( false, $current_User->ID );
 879                  }
 880  
 881                  // Send new current status as ajax response
 882                  echo $edited_Comment->status;
 883                  // Also send the statuses which will be after raising/lowering of a status by current user
 884                  $comment_raise_status = $edited_Comment->get_next_status( true, $edited_Comment->status );
 885                  $comment_lower_status = $edited_Comment->get_next_status( false, $edited_Comment->status );
 886                  echo ':'.( $comment_raise_status ? $comment_raise_status[0] : '' );
 887                  echo ':'.( $comment_lower_status ? $comment_lower_status[0] : '' );
 888              }
 889          }
 890          break;
 891  
 892      default:
 893          $Ajaxlog->add( T_('Incorrect action!'), 'error' );
 894          break;
 895  }
 896  
 897  $disp = NULL;
 898  $ctrl = NULL;
 899  
 900  if( $current_debug || $current_debug_jslog )
 901  {    // debug is ON
 902      $Ajaxlog->display( NULL, NULL, true, 'all',
 903                      array(
 904                              'error' => array( 'class' => 'jslog_error', 'divClass' => false ),
 905                              'note'  => array( 'class' => 'jslog_note',  'divClass' => false ),
 906                          ), 'ul', 'jslog' );
 907  }
 908  
 909  echo '<!-- Ajax response end -->';
 910  
 911  exit(0);
 912  
 913  ?>

title

Description

title

Description

title

Description

title

title

Body