diff --git a/b2login.php b/b2login.php index 19dda22b13..c91880b89d 100644 --- a/b2login.php +++ b/b2login.php @@ -257,7 +257,7 @@ default: header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); /* different all the time */ header("Cache-Control: no-cache, must-revalidate"); /* to cope with HTTP/1.1 */ header("Pragma: no-cache"); - header("Location: wp-admin/b2edit.php"); + header("Location: wp-admin/"); exit(); } ?> @@ -297,7 +297,7 @@ if ($error) echo "
- +

diff --git a/wp-admin/b2edit.php b/wp-admin/b2edit.php index 0bffbfa8cf..7de319ed13 100644 --- a/wp-admin/b2edit.php +++ b/wp-admin/b2edit.php @@ -79,6 +79,7 @@ switch($action) { $comment_status = $HTTP_POST_VARS['comment_status']; $ping_status = $HTTP_POST_VARS['ping_status']; $post_password = addslashes($HTTP_POST_VARS['post_password']); + $post_name = sanitize_title($post_title); if ($user_level == 0) die ('Cheatin’ uh?'); @@ -101,15 +102,15 @@ switch($action) { if((get_settings('use_geo_positions')) && (strlen($latstr) > 2) && (strlen($lonstr) > 2) ) { $postquery ="INSERT INTO $tableposts - (ID, post_author, post_date, post_content, post_title, post_category, post_lat, post_lon, post_excerpt, post_status, comment_status, ping_status, post_password) + (ID, post_author, post_date, post_content, post_title, post_category, post_lat, post_lon, post_excerpt, post_status, comment_status, ping_status, post_password, post_name) VALUES - ('0','$user_ID','$now','$content','$post_title','$post_category',$post_latf,$post_lonf,'$excerpt', '$post_status', '$comment_status', '$ping_status', '$post_password') + ('0','$user_ID','$now','$content','$post_title','$post_category',$post_latf,$post_lonf,'$excerpt', '$post_status', '$comment_status', '$ping_status', '$post_password', '$post_name') "; } else { $postquery ="INSERT INTO $tableposts - (ID, post_author, post_date, post_content, post_title, post_category, post_excerpt, post_status, comment_status, ping_status, post_password) + (ID, post_author, post_date, post_content, post_title, post_category, post_excerpt, post_status, comment_status, ping_status, post_password, post_name) VALUES - ('0','$user_ID','$now','$content','$post_title','$post_category','$excerpt', '$post_status', '$comment_status', '$ping_status', '$post_password') + ('0','$user_ID','$now','$content','$post_title','$post_category','$excerpt', '$post_status', '$comment_status', '$ping_status', '$post_password', '$post_name') "; } $postquery = @@ -239,6 +240,7 @@ switch($action) { $comment_status = $HTTP_POST_VARS['comment_status']; $ping_status = $HTTP_POST_VARS['ping_status']; $post_password = addslashes($HTTP_POST_VARS['post_password']); + $post_name = sanitize_title($post_title); if (($user_level > 4) && (!empty($HTTP_POST_VARS['edit_date']))) { $aa = $HTTP_POST_VARS['aa']; @@ -266,7 +268,8 @@ switch($action) { post_status = '$post_status', comment_status = '$comment_status', ping_status = '$ping_status', - post_password = '$post_password' + post_password = '$post_password', + post_name = '$post_name' WHERE ID = $post_ID "); if (isset($sleep_after_edit) && $sleep_after_edit > 0) { @@ -276,7 +279,6 @@ switch($action) { // are we going from draft/private to published? if ((($prev_status == 'draft') || ($prev_status == 'private')) && ($post_status == 'publish')) { pingWeblogs($blog_ID); - pingCafelog($cafelogID, $post_title, $post_ID); pingBlogs($blog_ID); if ($post_pingback) { diff --git a/wp-admin/b2menutop.txt b/wp-admin/b2menutop.txt index 1874434c0a..1708655f52 100644 --- a/wp-admin/b2menutop.txt +++ b/wp-admin/b2menutop.txt @@ -1,4 +1,5 @@ -1 b2edit.php Post / Edit +1 wp-post.php Post +1 edit.php Edit 3 b2team.php Team 4 wp-options.php Options 3 b2categories.php Categories diff --git a/wp-admin/edit.php b/wp-admin/edit.php new file mode 100644 index 0000000000..f540e17210 --- /dev/null +++ b/wp-admin/edit.php @@ -0,0 +1,342 @@ + + +
+ + + + + + + + + +
+ Show posts: + + + + + + +
+
+ 0) { +?> + + + + + +
+
+
+ + + + +
+
+
+
+ + +   + +
+
+
+  to   +   + +
+
+
+ + + +
+ + + + + + +
+
+ + + +
+
+
+ + +
+
+
+ "; + $querycount++; + $arc_result=$wpdb->get_results("SELECT DISTINCT YEAR(post_date), MONTH(post_date) FROM $tableposts ORDER BY post_date DESC",ARRAY_A); + foreach ($arc_result as $arc_row) { + $arc_year = $arc_row["YEAR(post_date)"]; + $arc_month = $arc_row["MONTH(post_date)"]; + echo "\n"; + } + } elseif ($archive_mode == "daily") { + echo ""; + if (!isset($start_of_week)) { + $start_of_week = 1; + } + $archive_week_start_date_format = "Y/m/d"; + $archive_week_end_date_format = "Y/m/d"; + $archive_week_separator = " - "; + $querycount++; + $arc_result=$wpdb->geT_results("SELECT DISTINCT YEAR(post_date), MONTH(post_date), DAYOFMONTH(post_date), WEEK(post_date) FROM $tableposts ORDER BY post_date DESC", ARRAY_A); + $arc_w_last = ''; + foreach ($arc_result as $arc_row) { + $arc_year = $arc_row["YEAR(post_date)"]; + $arc_w = $arc_row["WEEK(post_date)"]; + if ($arc_w != $arc_w_last) { + $arc_w_last = $arc_w; + $arc_ymd = $arc_year."-".zeroise($arc_row["MONTH(post_date)"],2)."-" .zeroise($arc_row["DAYOFMONTH(post_date)"],2); + $arc_week = get_weekstartend($arc_ymd, $start_of_week); + $arc_week_start = date($archive_week_start_date_format, $arc_week['start']); + $arc_week_end = date($archive_week_end_date_format, $arc_week['end']); + echo "\n"; + } + } + } elseif ($archive_mode == "postbypost") { + echo ''; + echo '"; + ?> + +
+
+ + +

+ [ + $authordata->user_level) or ($user_login == $authordata->user_login)) { + echo " - Edit"; + echo " - Delete "; + } + if ('private' == $post->post_status) echo ' - Private'; + ?> + ] +
+ by (), in
+ + +

+ get_results("SELECT * FROM $tablecomments WHERE comment_post_ID = $id ORDER BY comment_date"); + if ($comments) { + ?> + +

Comments

+
    + + + +
  1. + @ + $authordata->user_level) or ($user_login == $authordata->user_login)) { + echo "[ comment_ID."\">Edit"; + echo " - ID."&comment=".$comment->comment_ID."\" onclick=\"return confirm('You are about to delete this comment by \'".$comment->comment_author."\'\\n \'OK\' to delete, \'Cancel\' to stop.')\">Delete ]"; + } // end if any comments to show + ?> +
    + ( / ) (IP: ) + +
  2. + + + '; + }//end if comments + if ($comment_error) + echo "

    Error: please fill the required fields (name & comment)

    "; + ?> + +

    Leave Comment

    + + + + +
    + + " /> +
    +
    +
    +
    + +
    + + + +
    + + +

    + No results found. +

    + + + +
+ + \ No newline at end of file diff --git a/wp-admin/index.php b/wp-admin/index.php index dd8dc149fd..eeabad8673 100644 --- a/wp-admin/index.php +++ b/wp-admin/index.php @@ -2,5 +2,5 @@ /* This will possibly be more later but for now let's just redirect. */ -header ('Location: b2edit.php'); +header ('Location: wp-post.php'); ?> \ No newline at end of file diff --git a/wp-admin/wp-edit.form.php b/wp-admin/wp-edit.form.php index ae46394267..779d89cef7 100644 --- a/wp-admin/wp-edit.form.php +++ b/wp-admin/wp-edit.form.php @@ -1,4 +1,3 @@ -

Go to: Post/Edit | Posts | Comments

-
+ @@ -72,7 +71,7 @@ window.onload = focusit;
-
+

@@ -205,7 +204,9 @@ if (get_settings('use_geo_positions')) { -

+

+ +

= $fileupload_minlevel) && (in_array($user_login, $allowed_users) || (trim($fileupload_allowedusers)=="")) ) { ?> diff --git a/wp-admin/wp-post.php b/wp-admin/wp-post.php new file mode 100644 index 0000000000..212142a553 --- /dev/null +++ b/wp-admin/wp-post.php @@ -0,0 +1,467 @@ + */ + +function add_magic_quotes($array) { + foreach ($array as $k => $v) { + if (is_array($v)) { + $array[$k] = add_magic_quotes($v); + } else { + $array[$k] = addslashes($v); + } + } + return $array; +} + +if (!get_magic_quotes_gpc()) { + $HTTP_GET_VARS = add_magic_quotes($HTTP_GET_VARS); + $HTTP_POST_VARS = add_magic_quotes($HTTP_POST_VARS); + $HTTP_COOKIE_VARS = add_magic_quotes($HTTP_COOKIE_VARS); +} + +$b2varstoreset = array('action', 'safe_mode', 'withcomments', 'c', 'posts', 'poststart', 'postend', 'content', 'edited_post_title', 'comment_error', 'profile', 'trackback_url', 'excerpt', 'showcomments', 'commentstart', 'commentend', 'commentorder'); + +for ($i=0; $i 2) && (strlen($lonstr) > 2 ) ) { + $post_latf = floatval($HTTP_POST_VARS['post_latf']); + $post_lonf = floatval($HTTP_POST_VARS['post_lonf']); + } + } + $post_status = $HTTP_POST_VARS['post_status']; + $comment_status = $HTTP_POST_VARS['comment_status']; + $ping_status = $HTTP_POST_VARS['ping_status']; + $post_password = addslashes($HTTP_POST_VARS['post_password']); + $post_name = sanitize_title($post_title); + + if ($user_level == 0) + die ('Cheatin’ uh?'); + + if (($user_level > 4) && (!empty($HTTP_POST_VARS['edit_date']))) { + $aa = $HTTP_POST_VARS['aa']; + $mm = $HTTP_POST_VARS['mm']; + $jj = $HTTP_POST_VARS['jj']; + $hh = $HTTP_POST_VARS['hh']; + $mn = $HTTP_POST_VARS['mn']; + $ss = $HTTP_POST_VARS['ss']; + $jj = ($jj > 31) ? 31 : $jj; + $hh = ($hh > 23) ? $hh - 24 : $hh; + $mn = ($mn > 59) ? $mn - 60 : $mn; + $ss = ($ss > 59) ? $ss - 60 : $ss; + $now = "$aa-$mm-$jj $hh:$mn:$ss"; + } else { + $now = date('Y-m-d H:i:s', (time() + ($time_difference * 3600))); + } + + if((get_settings('use_geo_positions')) && (strlen($latstr) > 2) && (strlen($lonstr) > 2) ) { + $postquery ="INSERT INTO $tableposts + (ID, post_author, post_date, post_content, post_title, post_category, post_lat, post_lon, post_excerpt, post_status, comment_status, ping_status, post_password, post_name) + VALUES + ('0','$user_ID','$now','$content','$post_title','$post_category',$post_latf,$post_lonf,'$excerpt', '$post_status', '$comment_status', '$ping_status', '$post_password', '$post_name') + "; + } else { + $postquery ="INSERT INTO $tableposts + (ID, post_author, post_date, post_content, post_title, post_category, post_excerpt, post_status, comment_status, ping_status, post_password, post_name) + VALUES + ('0','$user_ID','$now','$content','$post_title','$post_category','$excerpt', '$post_status', '$comment_status', '$ping_status', '$post_password', '$post_name') + "; + } + $postquery = + $result = $wpdb->query($postquery); + + $post_ID = $wpdb->get_var("SELECT ID FROM $tableposts ORDER BY ID DESC LIMIT 1"); + + if (isset($sleep_after_edit) && $sleep_after_edit > 0) { + sleep($sleep_after_edit); + } + + if ($post_status == 'publish') { + if((get_settings('use_geo_positions')) && ($post_latf != null) && ($post_lonf != null)) { + pingGeoUrl($post_ID); + } + pingWeblogs($blog_ID); + pingBlogs($blog_ID); + + if ($post_pingback) { + pingback($content, $post_ID); + } + + if (!empty($HTTP_POST_VARS['trackback_url'])) { + if (strlen($excerpt) > 0) { + $the_excerpt = (strlen(strip_tags($excerpt)) > 255) ? substr(strip_tags($excerpt), 0, 252) . '...' : strip_tags($excerpt) ; + } else { + $the_excerpt = (strlen(strip_tags($content)) > 255) ? substr(strip_tags($content), 0, 252) . '...' : strip_tags($content); + } + $excerpt = stripslashes($the_excerpt); + $trackback_urls = explode(',', $HTTP_POST_VARS['trackback_url']); + foreach($trackback_urls as $tb_url) { + $tb_url = trim($tb_url); + trackback($tb_url, stripslashes($post_title), $excerpt, $post_ID); + } + } + } // end if publish + + if (!empty($HTTP_POST_VARS['mode'])) { + switch($HTTP_POST_VARS['mode']) { + case 'bookmarklet': + $location = 'b2bookmarklet.php?a=b'; + break; + case 'sidebar': + $location = 'b2sidebar.php?a=b'; + break; + default: + $location = 'wp-post.php'; + break; + } + } else { + $location = 'wp-post.php'; + } + header("Location: $location"); + exit(); + break; + + case 'edit': + $title = 'Edit'; + + $standalone = 0; + require_once('b2header.php'); + + $post = $HTTP_GET_VARS['post']; + if ($user_level > 0) { + $postdata = get_postdata($post); + $authordata = get_userdata($postdata['Author_ID']); + if ($user_level < $authordata->user_level) + die ('You don’t have the right to edit '.$authordata[1].'’s posts.'); + + $content = $postdata['Content']; + $content = format_to_edit($content); + $edited_lat = $postdata["Lat"]; + $edited_lon = $postdata["Lon"]; + $excerpt = $postdata['Excerpt']; + $excerpt = format_to_edit($excerpt); + $edited_post_title = format_to_edit($postdata['Title']); + $post_status = $postdata['post_status']; + $comment_status = $postdata['comment_status']; + $ping_status = $postdata['ping_status']; + $post_password = $postdata['post_password']; + + include('wp-edit.form.php'); + } else { +?> +

Since you’re a newcomer, you’ll have to wait for an admin to raise your level to 1, + in order to be authorized to post.
+ You can also e-mail the admin + to ask for a promotion.
+ When you’re promoted, just reload this page and you’ll be able to blog. :) +

+= -90) && ($lonf != null) && ($lonf <= 360) && ($lonf >= -360) ) { + pingGeoUrl($post_ID); + $latlonaddition = " post_lat=".$latf.", post_lon =".$lonf.", "; + } else { + $latlonaddition = " post_lat=null, post_lon=null, "; + } + } + $post_status = $HTTP_POST_VARS['post_status']; + $prev_status = $HTTP_POST_VARS['prev_status']; + $comment_status = $HTTP_POST_VARS['comment_status']; + $ping_status = $HTTP_POST_VARS['ping_status']; + $post_password = addslashes($HTTP_POST_VARS['post_password']); + $post_name = sanitize_title($post_title); + + if (($user_level > 4) && (!empty($HTTP_POST_VARS['edit_date']))) { + $aa = $HTTP_POST_VARS['aa']; + $mm = $HTTP_POST_VARS['mm']; + $jj = $HTTP_POST_VARS['jj']; + $hh = $HTTP_POST_VARS['hh']; + $mn = $HTTP_POST_VARS['mn']; + $ss = $HTTP_POST_VARS['ss']; + $jj = ($jj > 31) ? 31 : $jj; + $hh = ($hh > 23) ? $hh - 24 : $hh; + $mn = ($mn > 59) ? $mn - 60 : $mn; + $ss = ($ss > 59) ? $ss - 60 : $ss; + $datemodif = ", post_date=\"$aa-$mm-$jj $hh:$mn:$ss\""; + } else { + $datemodif = ''; + } + + $result = $wpdb->query(" + UPDATE $tableposts SET + post_content = '$content', + post_excerpt = '$excerpt', + post_title = '$post_title', + post_category = '$post_category'".$datemodif.", + ".$latlonaddition." + post_status = '$post_status', + comment_status = '$comment_status', + ping_status = '$ping_status', + post_password = '$post_password', + post_name = '$post_name' + WHERE ID = $post_ID "); + + if (isset($sleep_after_edit) && $sleep_after_edit > 0) { + sleep($sleep_after_edit); + } + + // are we going from draft/private to published? + if ((($prev_status == 'draft') || ($prev_status == 'private')) && ($post_status == 'publish')) { + pingWeblogs($blog_ID); + pingBlogs($blog_ID); + + if ($post_pingback) { + pingback($content, $post_ID); + } + + if (!empty($HTTP_POST_VARS['trackback_url'])) { + $excerpt = (strlen(strip_tags($content)) > 255) ? substr(strip_tags($content), 0, 252) . '...' : strip_tags($content); + $excerpt = stripslashes($excerpt); + $trackback_urls = explode(',', $HTTP_POST_VARS['trackback_url']); + foreach($trackback_urls as $tb_url) { + $tb_url = trim($tb_url); + trackback($tb_url, stripslashes($post_title), $excerpt, $post_ID); + } + } + } // end if publish + + $location = "Location: wp-post.php"; + header ($location); + break; + + case 'delete': + + $standalone = 1; + require_once('./b2header.php'); + + if ($user_level == 0) + die ('Cheatin’ uh?'); + + $post = $HTTP_GET_VARS['post']; + $postdata = get_postdata($post) or die('Oops, no post with this ID. Go back!'); + $authordata = get_userdata($postdata['Author_ID']); + + if ($user_level < $authordata->user_level) + die ('You don’t have the right to delete '.$authordata[1].'’s posts.'); + + // send geoURL ping to "erase" from their DB + $query = "SELECT post_lat from $tableposts WHERE ID=$post"; + $rows = $wpdb->query($query); + $myrow = $rows[0]; + $latf = $myrow->post_lat; + if($latf != null ) { + pingGeoUrl($post); + } + + $result = $wpdb->query("DELETE FROM $tableposts WHERE ID=$post"); + if (!$result) + die('Error in deleting... contact the webmaster.'); + + $result = $wpdb->query("DELETE FROM $tablecomments WHERE comment_post_ID=$post"); + + if (isset($sleep_after_edit) && $sleep_after_edit > 0) { + sleep($sleep_after_edit); + } + + // pingWeblogs($blog_ID); + + header ('Location: ' . $HTTP_SERVER_VARS['HTTP_REFERER']); + + break; + + case 'editcomment': + $title = 'Edit Comment'; + $standalone = 0; + require_once ('b2header.php'); + + get_currentuserinfo(); + + if ($user_level == 0) { + die ('Cheatin’ uh?'); + } + + $comment = $HTTP_GET_VARS['comment']; + $commentdata = get_commentdata($comment, 1) or die('Oops, no comment with this ID. Go back!'); + $content = $commentdata['comment_content']; + $content = format_to_edit($content); + + include('wp-edit.form.php'); + + break; + + case 'deletecomment': + + $standalone = 1; + require_once('./b2header.php'); + + if ($user_level == 0) + die ('Cheatin’ uh?'); + + $comment = $HTTP_GET_VARS['comment']; + $p = $HTTP_GET_VARS['p']; + $commentdata = get_commentdata($comment) or die('Oops, no comment with this ID. Go back!'); + + $result = $wpdb->query("DELETE FROM $tablecomments WHERE comment_ID=$comment"); + + header ('Location: ' . $HTTP_SERVER_VARS['HTTP_REFERER']); + + break; + + case 'editedcomment': + + $standalone = 1; + require_once('./b2header.php'); + + if ($user_level == 0) + die ('Cheatin’ uh?'); + + $comment_ID = $HTTP_POST_VARS['comment_ID']; + $comment_post_ID = $HTTP_POST_VARS['comment_post_ID']; + $newcomment_author = $HTTP_POST_VARS['newcomment_author']; + $newcomment_author_email = $HTTP_POST_VARS['newcomment_author_email']; + $newcomment_author_url = $HTTP_POST_VARS['newcomment_author_url']; + $newcomment_author = addslashes($newcomment_author); + $newcomment_author_email = addslashes($newcomment_author_email); + $newcomment_author_url = addslashes($newcomment_author_url); + + if (($user_level > 4) && (!empty($HTTP_POST_VARS['edit_date']))) { + $aa = $HTTP_POST_VARS['aa']; + $mm = $HTTP_POST_VARS['mm']; + $jj = $HTTP_POST_VARS['jj']; + $hh = $HTTP_POST_VARS['hh']; + $mn = $HTTP_POST_VARS['mn']; + $ss = $HTTP_POST_VARS['ss']; + $jj = ($jj > 31) ? 31 : $jj; + $hh = ($hh > 23) ? $hh - 24 : $hh; + $mn = ($mn > 59) ? $mn - 60 : $mn; + $ss = ($ss > 59) ? $ss - 60 : $ss; + $datemodif = ", comment_date = 'aa-$mm-$jj $hh:$mn:$ss'"; + } else { + $datemodif = ''; + } + $content = balanceTags($content); + $content = format_to_post($content); + + $result = $wpdb->query(" + UPDATE $tablecomments SET + comment_content = '$content', + comment_author = '$newcomment_author', + comment_author_email = '$newcomment_author_email', + comment_author_url = '$newcomment_author_url'".$datemodif." + WHERE comment_ID = $comment_ID" + ); + + $referredby = $HTTP_SERVER_VARS['HTTP_REFERER']; + if (!empty($referredby)) header('Location: ' . $referredby); + else header ("Location: edit.php?p=$comment_post_ID&c=1#comments"); + + break; + + default: + $title = 'Create New Post'; + $standalone = 0; + require_once ('./b2header.php'); + + if ($user_level > 0) { + if ((!$withcomments) && (!$c)) { + + $action = 'post'; + get_currentuserinfo(); + $drafts = $wpdb->get_results("SELECT ID, post_title FROM $tableposts WHERE post_status = 'draft' AND post_author = $user_ID"); + if ($drafts) { + ?> +
+

Your Drafts: + post_title = stripslashes($draft->post_title); if ($draft->post_title == '') $draft->post_title = 'post-'.$draft->ID; + echo "$draft->post_title"; + ++$i; + } + ?>.

+
+
'; + } + + } else { + + +?> +
+

Since you’re a newcomer, you’ll have to wait for an admin to raise your level to 1, in order to be authorized to post.
+ You can also e-mail the admin to ask for a promotion.
+ When you’re promoted, just reload this page and you’ll be able to blog. :)

+
+ */ +include('b2footer.php'); +?> \ No newline at end of file