WB 2.08.x

Change Log

===============================================================================

Please note: This change log may not be accurate

$Id$

Legend:

+ = Added

- = Removed

# = Bugfix

! = Update/Change

------------------------------------- 2.6.1 -------------------------------------

12-Dec-2005 Ryan Djurovich

#	Fixed security vulnerability in class.login.php

#	Fixed typo in EN language file

#	Fixed captcha problems (when feature is disabled) in form module and sign-up

!	Added charset encoding to admin templates

!	Added extra code to check for selection of addon upon uninstalling

#	Fixed bugs in RSS news feeder

#	Fixed bug with PAGE_DESCRIPTION not being set on any page

------------------------------------- 2.6.0 -------------------------------------

28-Nov-2005 Ryan Djurovich

+	Added default charset option to (advanced) settings

#	Form module email fields now have email address validation

#	Fixed spacing in form submissions

27-Nov-2005 Ryan Djurovich

+	Added captcha verification to sign-up form

+	Added Captcha to News module

24-Nov-2005 Stefan Braunewell

!	Applied aportale's patch to use label instead of javascript toggle code

20-Nov-2005 Ryan Djurovich

!	News mod now hides read more link if no need for it (see ticket #56)

+	Added support for mailto: links in the menu link mod

#	Added direct-access redirection on some files (see ticket #37)

+	Added extra characters to convert.php (see ticket #64)

#	Fixed ticket #65 (last_reset check in account/forgot_form.php)

29-Sep-2005 Ryan Djurovich

!	Cleaned up form buttons in Settings

!	Moved some options into Advanced Settings

#	Semi-disabled "separate" page trash option

+	Created a backup module/tool for backing-up the database

	(thanks to John (pcwacht) for the original code)

+	Created new "blank template", which can be used in case where you don't

	want anything wrapping page-content.

19-Sep-2005 Ryan Djurovich

+	Added _license field for all add-ons to specify a license

!	Renamed _designed_for variables (for all addons) to _platform

+	Created addons table for faster internal referencing of installed addons

!	Fixed some links, including the "Help" button in Admin

#	Used nl2br to display body correctly when viewing form-submissions

15-Sep-2005 Stefan Braunewell

+	Added table module with columns 'name','type' and 'directory' as an

	index.

+	Added entry to settings table 'wb_version' which holds the version

	number and can be utilized in future upgrade scripts.

!	Added upgrade functionality also for templates and languages.

#/!	Template/modules installation now respects paths.

!	Moved updates from config.php to database.

	Created initialize.php (required by config.php) to read settings.

11-Sep-2005 Stefan Braunewell

!	HTMLArea is now a module instead of a core component. Files moved

	from "include" to "modules".

+	Implemented Installation of modules on top of an older version. This is 

	done via checking $module_version. Instead of install.php, upgrade.php

	is then called if it exists in the module package. 

	For module developers: $module_version and $new_module_version are 

	accessible in upgrade.php to find out what upgrade steps need to be taken.

!	Changed column names in mod_news_posts from short,long to content_short,

	content_long.

09-Sep-2005 Stefan Braunewell

+	Added new advanced setting "Rename Files On Upload". File extensions can be

	given so that respective files will have a ".txt" appended on media upload.

#	Fixed "None found" message bug when user has no top level page edit

	rights.

#	Fixed missing parent option 'none' - ticket #12 - and a minor scope bug.

+	Added breadcrumbs code. Call using $wb->breadcrumbs().

+	Added utf-8 character encoding meta tag into all stock templates.

#	Fixed bug when changing a page's parent

!	Changed the way blocks are treated. Added new frontend class attribute

	default_block_content that controls what is shown on pages such as

	search, login, etc. (Ticket #16)

+	Added support for WYSIWYG editor modules (wysiwygmod)

+	When trying to access a registered page, user is automatically redirected

	there on successful login.

#	Fixed various issues with system search (mainly related to stripslashes()

#	Removed stripslashes() in many places in the code. Added check for

	magic_quotes_gpc to new wb class method add_slashes(). Now database contest

	is independent of magic_quotes setting..

05-Sep-2005 Stefan Braunewell

#	Fixed bug concerning direct access of preferences page.

#	Reworked page visibility and menu item visibility code (frontend login

	problem).

#	Pages in link list in htmlarea popup are now correctly ordered.

#	Fixed bug where group with existing name can be added.

04-Sep-2005 Ryan Djurovich

+	Added and RSS newsfeed script to the News module

04-Sep-2005 Stefan Braunewell

!	Rewrote menu function. Parameters are now given as attributes to frontend class.

#	Fixed some occurrences of potential direct access path disclosure

#	Added directory check to browse.php to prevent xss exploit by trusted users.

!	Updated code to reflect move to Subversion repository system.

27-Aug-2005 Stefan Braunewell

#	Fixed bugs 4,5,6,8,9 in bug tracker

!	Removed 'USER_LANGUAGE' and 'GET_LANGUAGE' constants.

	A GET['lang'] now sets the session language variable.

26-Aug-2005 Stefan Braunewell

!	Moved redundant code into the new class functions. Created 

	'compatibility.php' for backward compatibility with

	modules and templates. Variables and functions can still be accessed

	in the old way.

!/+	Reorganized core frontend files, added new base class 'wb' from

	which 'admin' and the new 'frontend' class inherit. Moved all frontend

	function into new class. Completely rewrote core index.php.

	Now all variables and functions that are available to templates and

	modules are attributes and methods of the frontend and the wb classes

------------------------------------- 2.5.2 -------------------------------------

23-Jun-2005 Ryan Djurovich

!	create_access_file now creates all parent directories if needed

#	Fixed bug when moving page with subpages to another level

#	Fixed bug when saving "Settings" (in Admin) on Windows/IIS

#	Fixed bug where query was not setting error correctly in class.database.php

22-Jun-2005 Ryan Djurovich

#	Fixed bug where template permissions were not saved when a adding group

21-Jun-2005 Ryan Djurovich

#	Added htmlspecialchars for modifying WYSIWYG, news, etc. modules (Bug #78)

#	Fixed language problems in some area's of Admin. (Bug #70)

#	Added a space in website/page keywords (Bug #69)

#	Fixed bugs on settings2.php (Bug #52)

!	Links inserted with HTMLArea now use [wblink--PAGE_ID--] instead of raw URL

13-Jun-2005 Ryan Djurovich

#	Fixed bug (#88) with news module

!	Title of Administration login page now taken from language file (Bug #72)

#	Fixed redirection admin/home to admin/start on admin/index.php

#	Fixed bug with forgotten password page in admin (Bug #81)

25-Apr-2005 Ryan Djurovich

#	Fixed numerous bugs with module uninstallation

#	Fixed bug when uploading files in Administration -> Media

!	Installer no-longer requires you to accept the GNU GPL

------------------------------------- 2.5.1 -------------------------------------

16-Apr-2005 Ryan Djurovich

#	Fixed two bugs with account login/logout

------------------------------------- 2.5.1 -------------------------------------

15-Apr-2005 Ryan Djurovich

#	Fixed bug where non-english characters can get used in page filenames. Many

	measuers have been added (including a new file: wb/framework/convert.php),

	to prevent any possible errors that can occur in page filenames.

#	Fixed invalid meta tags in stock templates (meta tags were not closed)

#	Removed lines 401, 402, and 425 of wb/index.php - not needed

#	Fixed bug where search and account pages are shown in every block

	that is in a template

#	Fixed numerous bugs with media home directories feature

10-Apr-2005 Ryan Djurovich

#	Fixed bugs in account/login.php and logout.php where users

	gets redirected to /pages

------------------------------------- 2.5.0 -------------------------------------

08-Apr-2005 Ryan Djurovich

-	Removed section language feature

+	Added page language feature (replaces need for sections language feature)

#	Fixed bug where pages using menu_link module can have the URL changed

-	Page directory no longer stored in link field in pages table, it is now added

	when the page_link function is called - this makes changing the pages

	directory much easier and quicker

!	Pages with visibility of "none" are now no longer directly accessable

+	Added new visibility setting "hidden", acts exactly like none did previously

!	Template info file can now specify number of menu's available and relative names

!	Template info file can now specify number of blocks's available and relative names

------------------------------------- 2.4.3 -------------------------------------

07-Apr-2005 Ryan Djurovich

#	page_filename function has been rewritten using str_replace

	function, which should be faster and will allow characters

	from other languages into filenames

!	Created new media_filename function, which is now used

	by all media functions (create,upload,rename) to determine

	which characters should be removed from a desired filename

+	New button in Administration page list to view specific page

#	Updated the page_link function to now be compatible with menu link

	module when setting pages directory to root

#	Fixed bugs in search when using "Any Words" option

#	Fixed bug with news module when pages directory set to root

!	Changed URL of documentation website on Administration Start page

------------------------------------- 2.4.2 -------------------------------------

05-Apr-2005 Ryan Djurovich

#	Fixed bug where file could be renamed to nothing in Media

!	Optimised Media create folder, upload file, and rename functions

#	Fixed bug where stripslashes not run on news post titles in admin

05-Apr-2005 Stefan Braunewell

#	Fixed bug concerning usage of the private_sql variable

#	Fixed bug conerning sub-pages being displayed in menus incorrectly

------------------------------------- 2.4.1 -------------------------------------

04-Apr-2005 Ryan Djurovich

!	Pages with visibility of "none" are again directly accessable

#	Fixed bugs regarding renaming files and directories in Media section

!	When home folders disabled, all folders now visible in Media section

------------------------------------- 2.4.0 -------------------------------------

03-Apr-2005 Ryan Djurovich

-	Removed recently added visibility setting of "heading", and relative config vars

+	Added new "menu" field to pages table, and new setting "multiple menus"

	which replaces the need for the menu headings feature

+	Added links to top of groups and users sections, linking to each other

!	Change menu width in "Round" template to 170px (was 150px)

#	Change page "are you sure" deletion message to mention that it will delete

	all sub-pages as well

#	Fixed many bugs with news module when viewing posts by group

!	Pages with visibility of "none" are now no longer directly accessable

02-Apr-2005 Ryan Djurovich

-	Removed need to specify DB_URL when calling database class

#	Stopped fields without a type specified from being shown in form mod

#	Changed '/media' to MEDIA_DIRECTORY on HTMLArea popup windows

	for insert link and insert image

+	Added setting which allows you to specify the default WYSIWYG style

+	Added "Server Email" option, to specify what is used in "From" field when

	sending emails using the PHP mail function. Default is admins email address.

#	Search now excludes pages which have a visibility of none or heading

!	Pages are now given modified_when and modified_by when added

01-Apr-2005 Ryan Djurovich

+	Added option to News module to specify how many posts should be listed

	per page (by default it is set to unlimited, which functions like previous version)

#	Added stripslashes when display page titles in search

+	Page descriptions and last updated date now shown in search by default

30-Mar-2005 Ryan Djurovich

+	Added new feature for Media home folders, where a folder can be specified

	for a specific user or group of users only

!	Changed URL of Help button to http://www.websitebaker.org/docs/

+	Added new feature for "Page Trash" - two modes available: inline and separate

!	When pages are deleted, all sub-pages are now deleted (instead of being moved

	up a level)

29-Mar-2005 Ryan Djurovich

-	Removed Database Settings from Administration Settings (options will not be

	available in 3.x, so trying to match interface with WB 3.x plans

!	Changed the name of Path Settings to Filesystem Settings in Administration

	Settings, and removed ability to change path/url options - matching interface

	plans for WB 3.x

+	Added same options for OS and file permissions as installer to Settings

!	Sessions now named with APP_NAME.'_session_id' (e.g. default is wb_session_id)

28-Mar-2005 Ryan Djurovich

+	New functions available to templates to simplify creation of them. This aims

	to "future-proof" templates for WB 3.x plans.

!	Default templates updated to support some of the new functions

+	Added field to pages table "page_trail" which stores a list of the pages

	parents. This field was needed by the new page_menu function

+	Added option for page visibility "heading" to enabled support for multiple

	menu's. Also, this helps to "future-proof" templates for WB 3.x plans

+	Added option for page visibility "registered", which acts a little like

	private, but is still shown in the menu (although users need to log in to view

	the pages content)

+	Form module submissions now saved to database, and feature now added to

	limit number of submissions per hour to prevent spamming

+	New field for Form module: email. Allows you to specify their email in

	"from" field on module settings.

#	Fixed bug when displaying comments in News module (WB Bug #14)

+	New "under contruction" message if no pages exist

!	Cleaned-up wb/index.php

27-Mar-2005 Ryan Djurovich

+	Created advanced mkdir and chmod functions

#	Fixed bug in media where wrong file/folder is deleted

+	Complete overhall of installer - now only one step! It has been greatly

	simplified in many ways, has much better validation, reports error much more

	nicely, and automatically logs the user into the Administrations

+	Must now specify OS type - allows for customizable file permission settings

+	Sections can now have a language code assigned to them

+	Sections can now have a block name/id assigned to them

!	Home section of Administration renamed to Start, to save confusion with saying

	Homepage (because this term could either mean the main website or Home section

	in	Administration). Also, this aims to unify the interface with WB 3.x plans

!	Moved Users and Groups sections under Access section. This aims to unify the

	interface with WB 3.x plans, which help to unclutter the menu

!	Interface for Settings section has been imporved for usability purposes

#	Fixed HTMLArea where no scrollbar for "insert link" and "insert image" dialogs

	by placing media list inside an iframe

#	Fixed stripslashes problem for viewing news comments

!	Added code from Formesque module (an advanced version of the original Form

	module, modified by Rudolph Lartey from www.carbonect.com), and made further

	interface improvements for select box/checkbox group/radio group options.

#	Possibly fixed bugs where an S appears before file and dir modes

#	Fixed bug where users can be added with same emails (in Administration)

-	Removed support for PEAR, as it was deemed an unnecessary addition which only

	makes code more bulky, and removing it will decrease package size a lot

+	New "homepage redirect" option so first page is included and not redirected to

#	Fixed text not being shown when module uninstalled

!	Imporved interface for basic group permissions

26-Mar-2005 Stefan Braunewell

#	Fixed bug with front-end logins

#	Fixed bug when saving intro page 

+	Added check on sign-up if e-mail exists (thanks to P. Melief)

#	Fixed bugs concerning moving/deleting pages

#	Fixed list of parents in page settings

#	Fixed mkdir without mode parameter

#	Added a check on install to ensure PHP 4.1.x compatibility (thanks to Wanderer)

+	Added support for PAGES_DIRECTORY set to root

+	Search form now supports quotes (thanks to Manafta)

#	Fixed page section ordering

#	News items are displayed with name of poster instead of "Unknown"

#	Deletion confirmation popup window in media section now shows correct file name

------------------------------------- 2.3.1 -------------------------------------

03-Fed-2005 Ryan Djurovich

+	Now there is two types of "filesystem modes", one for directories and one

	for files. Having different settings is very common for most servers, so

	this addition should fix many problems people had with 2.3.0.

-	Removed filesystem mode options from installation

!	Removed duplicate text on installation step 3 for timezone

!	All "access files" for the news module now stored in pages/posts instead

	of a sub-dir relative to the page (this fixes many bugs)

#	Fixed major bugs when deleting pages with sub-pages

!	Removed the restrictions that prevent a user for changing a pages level

#	Fixed bug with "toggle" plus/minus in IE for pages list

#	Fixed some bugs where /pages was not replaced with PAGES_DIRECTORY constant

------------------------------------- 2.3.0 -------------------------------------

26-Jan-2005 Ryan Djurovich

#	Fixed bug in framework/functions.php that made root parent always equal 8

#	Added missing braces in lines 182 and 208 of admin/pages/settings2.php

#	Fixed SQL-query on line 172, placing a / after $old_link

#	Added eregi checks for PAGES_DIRECTORY on lines 140 and 150 of

	admin/pages/settings2.php

#	Added ordering cleaning to delete_post.php on line 53 for news module

!	GMT option is selected for "Default Timezone" in the installer, instead

	of the old "Please select" message (which had the same value as GMT)

28-Jan-2005 Ryan Djurovich

!	Ability to specify the chmod number when WB uploads files, etc.

!	Modified file headers (copyright/license notice) so they now look almost the

	same, independant of font. Also, it now covers copyright for 2005.

30-Jan-2005 Ryan Djurovich

#	Added code on wb/admin/pages/delete.php to remove sections from the sections

	table when a page is deleted.

+	New 'Smart Login' prevents users from using external password managers,

	and can be set to remember the users password using cookies.

!	SourceForge CVS module now called websitebaker2 (instead of just

	websitebaker). Also, all file versions have been reset.

01-Fed-2005 Ryan Djurovich

!	Added code to prevent from changing a pages level (it simply disables

	the select box), to prevent many possible bugs.

------------------------------------- 2.2.4 -------------------------------------

23-Dec-2004 Ryan Djurovich

!	Change 'EXACT_PHRASE' to 'EXACT_MATCH' on line 261 of wb/languages/EN.php

#	Fixed multi-language support in search

+	Added more detailed options to list of PHP error reporting level's

-	Removed ability to change language and PHP error reporting level

	on installation to make things easier for newbie's

+	Ability to select custom spacer for page filename's

!	Changed the way a language code is found on language installation

+	Added template permissions to groups

#	Fixed bug when trying to change email from Preferences (admin and frontend)

#	Fixed bug with auto-selection of "System Default" for Preferences

!	News module now use's WYSIWYG for modifying news posts

+	Ability to specify both the pages and media target directories

------------------------------------ 2.2.3-c ------------------------------------

22-Dec-2004 Ryan Djurovich

#	Fixed problem with DB password being reset if Settings saved in basic mode

------------------------------------ 2.2.3-b ------------------------------------

21-Dec-2004 Ryan Djurovich

#	Fixed minor bug on admin templates section

#	Fixed bug on rename.php and rename2.php in admin media section

------------------------------------- 2.2.3 -------------------------------------

20-Dec-2004 Ryan Djurovich

+	Added WB release version in Administration (top right corner)

!	New option to prevent users from adding level 0 pages

#	Fixed bug when deleting post's in News module

+	Added new field in pages table for "root" parent (level 0 parent), for

	extra flexability in creating templates

!	Round template now supports unlimited page levels

------------------------------------- 2.2.2 -------------------------------------

18-Dec-2004 Ryan Djurovich

+	New option under Search Settings for selecting custom template for search

+	New option when changing page settings to set the target

#	Fixed error when saving a user after editing

!	Users can now modify sub-page if they dont have permissions on the parent

------------------------------------- 2.2.1 -------------------------------------

15-Dec-2004 Ryan Djurovich

#	Fixed bug when changing password on preferences form (front-end)

#	Fixed bug when retrieving user details (administration)

#	Added check to see if module, template, or language is in use when deleting

#	Fixed up email that is sent to user from a submitted form

#	Fixed major problem with module permissions which stopped it from working

------------------------------------- 2.2.0 -------------------------------------

14-Dec-2004 (Correct date[s] unkown) Ryan Djurovich

+	Multiple-level page support

+	Multiple section's for pages (including interface)

!	Removed text created using two words on all areas

	(e.g. {Intro} {PAGE} is now {INTRO_PAGE})

	this is for better language support

+	Added Languages section

!	Moved Templates and Modules under Add-ons section

!	Changed name of "Default" template to "Round"

+	Added "All CSS" template

+	Added "Jump"

+	Added 

!	Modified "Box" template to support multiple page levels

+	Added "Menu Link" module

+	Added "News" module

+	Added "Code" module

+	Added "Form" module

+	Added "Wrapper" module

!	Changed name of "Normal Page" module to "WYSIWYG"

+	Created new admin wrapper script to ease module develpment

+	Media now automatically creates index.php file for every

	sub-folder made (for security purposes)

!	Change "Help" link in Administration menu so it now directs

	to the the new Website Baker documentation website found at:

	http://www.websitebaker.org/documentation

!	Password is now required to change email in preferences

+	User can now select custom Language and Date & Time Formats

+	Added search functionality, with three different "methods":

	1. Using all words  2. Using any words  3. Exact match

+	Added native MySQL database support

<?php

// $Id$

/*

 Website Baker Project <http://www.websitebaker.org/>

 Copyright (C) 2004-2005, Ryan Djurovich

 Website Baker is free software; you can redistribute it and/or modify

 it under the terms of the GNU General Public License as published by

 the Free Software Foundation; either version 2 of the License, or

 (at your option) any later version.

 Website Baker is distributed in the hope that it will be useful,

 but WITHOUT ANY WARRANTY; without even the implied warranty of

 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License

 along with Website Baker; if not, write to the Free Software

 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

*/

// Check that GET values have been supplied

if(isset($_GET['page_id']) AND is_numeric($_GET['page_id'])) {

	$page_id = $_GET['page_id'];

	define('PAGE_ID', $page_id);

} else {

	header('Location: '.WB_URL);

}

if(isset($_GET['group_id']) AND is_numeric($_GET['group_id'])) {

	$group_id = $_GET['group_id'];

	define('GROUP_ID', $group_id);

}

// Include WB files

require_once('../../config.php');

require_once(WB_PATH.'/framework/class.frontend.php');

$database = new database();

$wb = new frontend();

$wb->page_id = $page_id;

$wb->get_page_details();

$wb->get_website_settings();

// Sending XML header

header("Content-type: text/xml");

// Header info

// Required by CSS 2.0

echo "<rss version='2.0'>";

echo "<channel>";

echo "<title>".PAGE_TITLE."</title>";

echo "<link>".WB_URL."</link>";

echo "<description>".PAGE_DESCRIPTION."</description>";

// Optional header info

echo "<language>".DEFAULT_LANGUAGE."</language>";

echo "<copyright>".WB_URL."</copyright>";

echo "<managingEditor>".SERVER_EMAIL."</managingEditor>";

echo "<webMaster>".SERVER_EMAIL."</webMaster>";

echo "<category>".WEBSITE_TITLE."</category>";

echo "<generator>Website Baker Content Management System</generator>";

// Get news items from database

//Query

if(isset($group_id)) {

	$query = "SELECT * FROM ".TABLE_PREFIX."mod_news_posts WHERE group_id=".$group_id." AND page_id = ".$page_id." AND active=1 ORDER BY posted_when DESC";

} else {

	$query = "SELECT * FROM ".TABLE_PREFIX."mod_news_posts WHERE page_id=".$page_id." AND active=1 ORDER BY posted_when DESC";	

}

$result = $database->query($query);

//Generating the news items

while($item = $result->fetchRow($result)){

    echo "<item>";

    echo "<title>".$item["title"]."</title>";

    // Stripping HTML Tags for text-only visibility

    echo "<description>".strip_tags($item["content_short"])."</description>";

    echo "<link>".WB_URL."/pages".$item["link"].PAGE_EXTENSION."</link>";

    /* Add further (non required) information here like ie.

    echo "<author>".$item["posted_by"]."</author>");

    etc.

    */

    echo "</item>";

}

// Writing footer information

echo "</channel>";

echo "</rss>";

?>

<?php

// $Id$

/*

 Website Baker Project <http://www.websitebaker.org/>

 Copyright (C) 2004-2005, Ryan Djurovich

 Website Baker is free software; you can redistribute it and/or modify

 it under the terms of the GNU General Public License as published by

 the Free Software Foundation; either version 2 of the License, or

 (at your option) any later version.

 Website Baker is distributed in the hope that it will be useful,

 but WITHOUT ANY WARRANTY; without even the implied warranty of

 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License

 along with Website Baker; if not, write to the Free Software

 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

*/

// Make sure page cannot be accessed directly

if(!defined('WB_URL')) { header('Location: ../index.php'); }

// Get comments page template details from db

$query_settings = $database->query("SELECT comments_page,use_captcha FROM ".TABLE_PREFIX."mod_news_settings WHERE section_id = '".SECTION_ID."'");

if($query_settings->numRows() == 0) {

	header('Location: '.WB_URL.'/pages/');

} else {

	$settings = $query_settings->fetchRow();

	// Print comments page

	echo str_replace('[POST_TITLE]', POST_TITLE, ($settings['comments_page']));

	?>

	<form name="comment" action="<?php echo WB_URL.'/modules/news/submit_comment.php?page_id='.PAGE_ID.'&section_id='.SECTION_ID.'&post_id='.POST_ID; ?>" method="post">

	<?php echo $TEXT['TITLE']; ?>:

	<br />

	<input type="text" name="title" maxlength="255" style="width: 90%;"<?php if(isset($_SESSION['comment_title'])) { echo ' value="'.$_SESSION['comment_title'].'"'; unset($_SESSION['comment_title']); } ?> />

	<br /><br />

	<?php echo $TEXT['COMMENT']; ?>:

	<br />

	<textarea name="comment" style="width: 90%; height: 150px;"><?php if(isset($_SESSION['comment_body'])) { echo $_SESSION['comment_body']; unset($_SESSION['comment_body']); } ?></textarea>

	<br /><br />

	<?php

	if(isset($_SESSION['captcha_error'])) {

		echo '<font color="#FF0000">'.$_SESSION['captcha_error'].'</font><br />';

		unset($_SESSION['captcha_error']);

	}

	// Captcha

	if($settings['use_captcha']) {

	$_SESSION['captcha'] = '';

	for($i = 0; $i < 5; $i++) {

		$_SESSION['captcha'] .= rand(0,9);

	}

	?>

	<table cellpadding="2" cellspacing="0" border="0">

	<tr>

	<td><?php echo $TEXT['VERIFICATION']; ?>:</td>

	<td><img src="<?php echo WB_URL; ?>/include/captcha.php" alt="Captcha" /></td>

	<td><input type="text" name="captcha" maxlength="5" /></td>

	</tr></table>

	<br />

	<?php

	}

	?>

	<input type="submit" name="submit" value="<?php echo $TEXT['ADD']; ?> <?php echo $TEXT['COMMENT']; ?>" />

	</form>	

	<?php

}

?>

<?php

// $Id$

/*

 Website Baker Project <http://www.websitebaker.org/>

 Copyright (C) 2004-2005, Ryan Djurovich

 Website Baker is free software; you can redistribute it and/or modify

 it under the terms of the GNU General Public License as published by

 the Free Software Foundation; either version 2 of the License, or

 (at your option) any later version.

 Website Baker is distributed in the hope that it will be useful,

 but WITHOUT ANY WARRANTY; without even the implied warranty of

 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License

 along with Website Baker; if not, write to the Free Software

 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

*/

if(defined('WB_URL')) {

	$database->query("DROP TABLE IF EXISTS `".TABLE_PREFIX."mod_news_posts`");

	$mod_news = 'CREATE TABLE `'.TABLE_PREFIX.'mod_news_posts` ( '

					 . '`post_id` INT NOT NULL AUTO_INCREMENT,'

					 . '`section_id` INT NOT NULL,'

					 . '`page_id` INT NOT NULL,'

					 . '`group_id` INT NOT NULL,'

					 . '`active` INT NOT NULL,'

					 . '`position` INT NOT NULL,'

					 . '`title` VARCHAR(255) NOT NULL,'

					 . '`link` TEXT NOT NULL,'

					 . '`content_short` TEXT NOT NULL,'

					 . '`content_long` TEXT NOT NULL,'

					 . '`commenting` VARCHAR(7) NOT NULL,'

		   	    	 . '`posted_when` INT NOT NULL ,'

					 . '`posted_by` INT NOT NULL ,'

					 . 'PRIMARY KEY (post_id)'

                . ' )';

	$database->query($mod_news);

	$database->query("DROP TABLE IF EXISTS `".TABLE_PREFIX."mod_news_groups`");

	$mod_news = 'CREATE TABLE `'.TABLE_PREFIX.'mod_news_groups` ( '

					 . '`group_id` INT NOT NULL AUTO_INCREMENT,'

					 . '`section_id` INT NOT NULL,'

					 . '`page_id` INT NOT NULL,'

					 . '`active` INT NOT NULL,'

					 . '`position` INT NOT NULL,'

					 . '`title` VARCHAR(255) NOT NULL,'

					 . 'PRIMARY KEY (group_id)'

                . ' )';

	$database->query($mod_news);

	$database->query("DROP TABLE IF EXISTS `".TABLE_PREFIX."mod_news_comments`");

	$mod_news = 'CREATE TABLE `'.TABLE_PREFIX.'mod_news_comments` ( '

					 . '`comment_id` INT NOT NULL AUTO_INCREMENT,'

					 . '`section_id` INT NOT NULL,'

					 . '`page_id` INT NOT NULL,'

					 . '`post_id` INT NOT NULL,'

					 . '`title` VARCHAR(255) NOT NULL,'

					 . '`comment` TEXT NOT NULL,'

		   	    . '`commented_when` INT NOT NULL ,'

					 . '`commented_by` INT NOT NULL ,'

					 . 'PRIMARY KEY (comment_id)'

                . ' )';

	$database->query($mod_news);

	$database->query("DROP TABLE IF EXISTS `".TABLE_PREFIX."mod_news_settings`");

	$mod_news = 'CREATE TABLE `'.TABLE_PREFIX.'mod_news_settings` ( '

					 . '`section_id` INT NOT NULL,'

					 . '`page_id` INT NOT NULL,'

					 . '`header` TEXT NOT NULL,'

					 . '`post_loop` TEXT NOT NULL,'

					 . '`footer` TEXT NOT NULL,'

					 . '`posts_per_page` INT NOT NULL,'

					 . '`post_header` TEXT NOT NULL,'

					 . '`post_footer` TEXT NOT NULL,'

					 . '`comments_header` TEXT NOT NULL,'

					 . '`comments_loop` TEXT NOT NULL,'

					 . '`comments_footer` TEXT NOT NULL,'

					 . '`comments_page` TEXT NOT NULL,'

					 . '`commenting` VARCHAR(7) NOT NULL,'

					 . '`resize` INT NOT NULL,'

					 . ' `use_captcha` INT NOT NULL,'

					 . 'PRIMARY KEY (section_id)'

                . ' )';

	$database->query($mod_news);

	// Insert info into the search table

	// Module query info

	$field_info = array();

	$field_info['page_id'] = 'page_id';

	$field_info['title'] = 'page_title';

	$field_info['link'] = 'link';

	$field_info['description'] = 'description';

	$field_info['modified_when'] = 'modified_when';

	$field_info['modified_by'] = 'modified_by';

	$field_info = serialize($field_info);

	$database->query("INSERT INTO ".TABLE_PREFIX."search (name,value,extra) VALUES ('module', 'news', '$field_info')");

	// Query start

	$query_start_code = "SELECT [TP]pages.page_id, [TP]pages.page_title,	[TP]pages.link, [TP]pages.description, [TP]pages.modified_when, [TP]pages.modified_by	FROM [TP]mod_news_posts, [TP]mod_news_groups, [TP]mod_news_comments, [TP]mod_news_settings, [TP]pages WHERE ";

	$database->query("INSERT INTO ".TABLE_PREFIX."search (name,value,extra) VALUES ('query_start', '$query_start_code', 'news')");

	// Query body

	$query_body_code = "

	[TP]pages.page_id = [TP]mod_news_posts.page_id AND [TP]mod_news_posts.title LIKE \'%[STRING]%\'

	OR [TP]pages.page_id = [TP]mod_news_posts.page_id AND [TP]mod_news_posts.content_short LIKE \'%[STRING]%\'

	OR [TP]pages.page_id = [TP]mod_news_posts.page_id AND [TP]mod_news_posts.content_long LIKE \'%[STRING]%\'

	OR [TP]pages.page_id = [TP]mod_news_comments.page_id AND [TP]mod_news_comments.title LIKE \'%[STRING]%\'

	OR [TP]pages.page_id = [TP]mod_news_comments.page_id AND [TP]mod_news_comments.comment LIKE \'%[STRING]%\'

	OR [TP]pages.page_id = [TP]mod_news_settings.page_id AND [TP]mod_news_settings.header LIKE \'%[STRING]%\'

	OR [TP]pages.page_id = [TP]mod_news_settings.page_id AND [TP]mod_news_settings.footer LIKE \'%[STRING]%\'

	OR [TP]pages.page_id = [TP]mod_news_settings.page_id AND [TP]mod_news_settings.post_header LIKE \'%[STRING]%\'

	OR [TP]pages.page_id = [TP]mod_news_settings.page_id AND [TP]mod_news_settings.post_footer LIKE \'%[STRING]%\'

	OR [TP]pages.page_id = [TP]mod_news_settings.page_id AND [TP]mod_news_settings.comments_header LIKE \'%[STRING]%\'

	OR [TP]pages.page_id = [TP]mod_news_settings.page_id AND [TP]mod_news_settings.comments_footer LIKE \'%[STRING]%\'

	OR [TP]pages.page_id = [TP]mod_news_settings.page_id AND [TP]mod_news_settings.comments_footer LIKE \'%[STRING]%\'";

	$database->query("INSERT INTO ".TABLE_PREFIX."search (name,value,extra) VALUES ('query_body', '$query_body_code', 'news')");

	// Query end

	$query_end_code = "";	

	$database->query("INSERT INTO ".TABLE_PREFIX."search (name,value,extra) VALUES ('query_end', '$query_end_code', 'news')");

	// Insert blank row (there needs to be at least on row for the search to work)

	$database->query("INSERT INTO ".TABLE_PREFIX."mod_news_posts (section_id,page_id) VALUES ('0', '0')");

	$database->query("INSERT INTO ".TABLE_PREFIX."mod_news_groups (section_id,page_id) VALUES ('0', '0')");

	$database->query("INSERT INTO ".TABLE_PREFIX."mod_news_comments (section_id,page_id) VALUES ('0', '0')");

	$database->query("INSERT INTO ".TABLE_PREFIX."mod_news_settings (section_id,page_id) VALUES ('0', '0')");

	// Make news post access files dir

	make_dir(WB_PATH.PAGES_DIRECTORY.'/posts/');
+	

}

?>

<?php

// $Id$

/*

 Website Baker Project <http://www.websitebaker.org/>

 Copyright (C) 2004-2005, Ryan Djurovich

 Website Baker is free software; you can redistribute it and/or modify

 it under the terms of the GNU General Public License as published by

 the Free Software Foundation; either version 2 of the License, or

 (at your option) any later version.

 Website Baker is distributed in the hope that it will be useful,

 but WITHOUT ANY WARRANTY; without even the implied warranty of

 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License

 along with Website Baker; if not, write to the Free Software

 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

*/

require('../../config.php');

// Include WB admin wrapper script

require(WB_PATH.'/modules/admin.php');

// Get header and footer

$query_content = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_news_settings WHERE section_id = '$section_id'");

$fetch_content = $query_content->fetchRow();

// Set raw html <'s and >'s to be replace by friendly html code

$raw = array('<', '>');

$friendly = array('<', '>');

?>

<style type="text/css">

.setting_name {

	vertical-align: top;

}

</style>

<form name="modify" action="<?php echo WB_URL; ?>/modules/news/save_settings.php" method="post" style="margin: 0;">

<input type="hidden" name="section_id" value="<?php echo $section_id; ?>">

<input type="hidden" name="page_id" value="<?php echo $page_id; ?>">

<table cellpadding="2" cellspacing="0" border="0" width="100%">

<tr>

	<td class="setting_name" width="100"><?php echo $TEXT['HEADER']; ?>:</td>

	<td class="setting_name">

		<textarea name="header" style="width: 100%; height: 80px;"><?php echo ($fetch_content['header']); ?></textarea>

	</td>

</tr>

<tr>

	<td class="setting_name"><?php echo $TEXT['POST'].' '.$TEXT['LOOP']; ?>:</td>

	<td class="setting_name">

		<textarea name="post_loop" style="width: 100%; height: 60px;"><?php echo ($fetch_content['post_loop']); ?></textarea>

	</td>

</tr>

<tr>

	<td class="setting_name"><?php echo $TEXT['FOOTER']; ?>:</td>

	<td class="setting_name">

		<textarea name="footer" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, ($fetch_content['footer'])); ?></textarea>

	</td>

</tr>

<tr>

	<td class="setting_name"><?php echo $TEXT['POST_HEADER']; ?>:</td>

	<td class="setting_name">

		<textarea name="post_header" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, ($fetch_content['post_header'])); ?></textarea>

	</td>

</tr>

<tr>

	<td class="setting_name"><?php echo $TEXT['POST_FOOTER']; ?>:</td>

	<td class="setting_name">

		<textarea name="post_footer" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, ($fetch_content['post_footer'])); ?></textarea>

	</td>

</tr>

<tr>

	<td class="setting_name"><?php echo $TEXT['POSTS_PER_PAGE']; ?>:</td>

	<td class="setting_name">

		<select name="posts_per_page" style="width: 100%;">

			<option value=""><?php echo $TEXT['UNLIMITED']; ?></option>

			<?php

			for($i = 1; $i <= 20; $i++) {

				if($fetch_content['posts_per_page'] == ($i*5)) { $selected = ' selected'; } else { $selected = ''; }

				echo '<option value="'.($i*5).'"'.$selected.'>'.($i*5).'</option>';

			}

			?>

		</select>

	</td>

</tr>

<tr>

	<td><?php echo $TEXT['COMMENTING']; ?>:</td>

	<td>

		<select name="commenting" style="width: 100%;">

			<option value="none"><?php echo $TEXT['DISABLED']; ?></option>

			<option value="public" <?php if($fetch_content['commenting'] == 'public') { echo 'selected'; } ?>><?php echo $TEXT['PUBLIC']; ?></option>

			<option value="private" <?php if($fetch_content['commenting'] == 'private') { echo 'selected'; } ?>><?php echo $TEXT['PRIVATE']; ?></option>

		</select>

	</td>

</tr>

<?php if(extension_loaded('gd') AND function_exists('imageCreateFromJpeg')) { /* Make's sure GD library is installed */ ?>

<tr>

	<td class="setting_name"><?php echo $TEXT['CAPTCHA_VERIFICATION']; ?>:</td>

	<td>

		<input type="radio" name="use_captcha" id="use_captcha_true" value="1"<?php if($fetch_content['use_captcha'] == true) { echo ' checked'; } ?> />

		<label for="use_captcha_true"><?php echo $TEXT['ENABLED']; ?></label>

		<input type="radio" name="use_captcha" id="use_captcha_false" value="0"<?php if($fetch_content['use_captcha'] == false) { echo ' checked'; } ?> />

		<label for="use_captcha_false"><?php echo $TEXT['DISABLED']; ?></label>

	</td>

</tr>

<tr>

	<td>

		<?php echo $TEXT['RESIZE_IMAGE_TO']; ?>:

	</td>

	<td>

		<select name="resize" style="width: 100%;">

			<option value=""><?php echo $TEXT['NONE']; ?></option>

			<?php

			$SIZES['50'] = '50x50px';

			$SIZES['75'] = '75x75px';

			$SIZES['100'] = '100x100px';

			$SIZES['125'] = '125x125px';

			$SIZES['150'] = '150x150px';

			foreach($SIZES AS $size => $size_name) {

				if($fetch_content['resize'] == $size) { $selected = ' selected'; } else { $selected = ''; }

				echo '<option value="'.$size.'"'.$selected.'>'.$size_name.'</option>';

			}

			?>

		</select>

	</td>

</tr>

<?php } ?>

<tr>

	<td class="setting_name"><?php echo $TEXT['COMMENTS'].' '.$TEXT['HEADER']; ?>:</td>

	<td class="setting_name">

		<textarea name="comments_header" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, ($fetch_content['comments_header'])); ?></textarea>

	</td>

</tr>

<tr>

	<td class="setting_name"><?php echo $TEXT['COMMENTS'].' '.$TEXT['LOOP']; ?>:</td>

	<td class="setting_name">

		<textarea name="comments_loop" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, ($fetch_content['comments_loop'])); ?></textarea>

	</td>

</tr>

<tr>

	<td class="setting_name"><?php echo $TEXT['COMMENTS'].' '.$TEXT['FOOTER']; ?>:</td>

	<td class="setting_name">

		<textarea name="comments_footer" style="width: 100%; height: 60px;"><?php echo str_replace($raw, $friendly, ($fetch_content['comments_footer'])); ?></textarea>

	</td>

</tr>

<tr>

	<td class="setting_name"><?php echo $TEXT['COMMENTS'].' '.$TEXT['PAGE']; ?>:</td>

	<td class="setting_name">

		<textarea name="comments_page" style="width: 100%; height: 80px;"><?php echo str_replace($raw, $friendly, ($fetch_content['comments_page'])); ?></textarea>

	</td>

</tr>

</table>

<table cellpadding="0" cellspacing="0" border="0" width="100%">

<tr>

	<td width="105">&nbsp;</td>

	<td align="left">

		<input name="save" type="submit" value="<?php echo $TEXT['SAVE'].' '.$TEXT['SETTINGS']; ?>" style="width: 200px; margin-top: 5px;"></form>

	</td>

	<td align="right">

		<input type="button" value="<?php echo $TEXT['CANCEL']; ?>" onclick="javascript: window.location = '<?php echo ADMIN_URL; ?>/pages/modify.php?page_id=<?php echo $page_id; ?>';" style="width: 100px; margin-top: 5px;" />

	</td>

</tr>

</table>

<?php

// Print admin footer

$admin->print_footer();

?>

<?php

// $Id$

/*

 Website Baker Project <http://www.websitebaker.org/>

 Copyright (C) 2004-2005, Ryan Djurovich

 Website Baker is free software; you can redistribute it and/or modify

 it under the terms of the GNU General Public License as published by

 the Free Software Foundation; either version 2 of the License, or

 (at your option) any later version.

 Website Baker is distributed in the hope that it will be useful,

 but WITHOUT ANY WARRANTY; without even the implied warranty of

 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License

 along with Website Baker; if not, write to the Free Software

 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

*/

require('../../config.php');

// Include WB admin wrapper script

$update_when_modified = true; // Tells script to update when this page was last updated

require(WB_PATH.'/modules/admin.php');

// This code removes any <?php tags and adds slashes

$friendly = array('<', '>', '?php');

$raw = array('<', '>', '');

$header = $admin->add_slashes(str_replace($friendly, $raw, $_POST['header']));

$post_loop = $admin->add_slashes(str_replace($friendly, $raw, $_POST['post_loop']));

$footer = $admin->add_slashes(str_replace($friendly, $raw, $_POST['footer']));

$post_header = $admin->add_slashes(str_replace($friendly, $raw, $_POST['post_header']));

$post_footer = $admin->add_slashes(str_replace($friendly, $raw, $_POST['post_footer']));

$comments_header = $admin->add_slashes(str_replace($friendly, $raw, $_POST['comments_header']));

$comments_loop = $admin->add_slashes(str_replace($friendly, $raw, $_POST['comments_loop']));

$comments_footer = $admin->add_slashes(str_replace($friendly, $raw, $_POST['comments_footer']));

$comments_page = $admin->add_slashes(str_replace($friendly, $raw, $_POST['comments_page']));

$commenting = $_POST['commenting'];

$posts_per_page = $_POST['posts_per_page'];

if(extension_loaded('gd') AND function_exists('imageCreateFromJpeg')) {

	$resize = $_POST['resize'];

	$use_captcha = $_POST['use_captcha'];

} else {

	$resize = '';

	$use_captcha = false;

}

// Update settings

$database->query("UPDATE ".TABLE_PREFIX."mod_news_settings SET header = '$header', post_loop = '$post_loop', footer = '$footer', posts_per_page = '$posts_per_page', post_header = '$post_header', post_footer = '$post_footer', comments_header = '$comments_header', comments_loop = '$comments_loop', comments_footer = '$comments_footer', comments_page = '$comments_page', commenting = '$commenting', resize = '$resize', use_captcha = '$use_captcha' WHERE section_id = '$section_id'");

// Check if there is a db error, otherwise say successful

if($database->is_error()) {

	$admin->print_error($database->get_error(), ADMIN_URL.'/pages/modify.php?page_id='.$page_id);

} else {

	$admin->print_success($TEXT['SUCCESS'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id);

}

// Print admin footer

$admin->print_footer();

?>

<?php

// $Id$

/*

 Website Baker Project <http://www.websitebaker.org/>

 Copyright (C) 2004-2005, Ryan Djurovich

 Website Baker is free software; you can redistribute it and/or modify

 it under the terms of the GNU General Public License as published by

 the Free Software Foundation; either version 2 of the License, or

 (at your option) any later version.

 Website Baker is distributed in the hope that it will be useful,

 but WITHOUT ANY WARRANTY; without even the implied warranty of

 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License

 along with Website Baker; if not, write to the Free Software

 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

*/

// Include config file

require('../../config.php');

require_once(WB_PATH.'/framework/class.wb.php');

$wb = new wb;

// Check if we should show the form or add a comment

if(is_numeric($_GET['page_id']) AND is_numeric($_GET['section_id']) AND isset($_GET['post_id']) AND is_numeric($_GET['post_id']) AND isset($_POST['comment']) AND $_POST['comment'] != '') {

	// Check captcha

	if(extension_loaded('gd') AND function_exists('imageCreateFromJpeg')) { /* Make's sure GD library is installed */

		if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){

			// Check for a mismatch

			if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {

				$_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'];

				$_SESSION['comment_title'] = $_POST['title'];

				$_SESSION['comment_body'] = $_POST['comment'];

				exit(header('Location: '.WB_URL.'/modules/news/comment.php?id='.$_GET['post_id']));

			}

		} else {

			$_SESSION['captcha_error'] = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'];

			$_SESSION['comment_title'] = $_POST['title'];

			$_SESSION['comment_body'] = $_POST['comment'];

			exit(header('Location: '.WB_URL.'/modules/news/comment.php?id='.$_GET['post_id']));

		}

	}

	if(isset($_SESSION['catpcha'])) { unset($_SESSION['captcha']); }

	// Insert the comment into db

	$page_id = $_GET['page_id'];

	$section_id = $_GET['section_id'];

	$post_id = $_GET['post_id'];

	$title = $wb->add_slashes(strip_tags($_POST['title']));

	$comment = $wb->add_slashes(strip_tags($_POST['comment']));

	$commented_when = mktime();

	if($wb->is_authenticated() == true) {

		$commented_by = $wb->get_user_id();

	} else {

		$commented_by = '';

	}

	$query = $database->query("INSERT INTO ".TABLE_PREFIX."mod_news_comments (section_id,page_id,post_id,title,comment,commented_when,commented_by) VALUES ('$section_id','$page_id','$post_id','$title','$comment','$commented_when','$commented_by')");

	// Get page link

	$query_page = $database->query("SELECT link FROM ".TABLE_PREFIX."mod_news_posts WHERE post_id = '$post_id'");

	$page = $query_page->fetchRow();

	header('Location: '.$wb->page_link($page['link']).'?id='.$post_id);

} else {

	header('Location: '.WB_URL.'/pages/');

}

?>

<?php

// $Id$

/*

 Website Baker Project <http://www.websitebaker.org/>

 Copyright (C) 2004-2005, Ryan Djurovich

 Website Baker is free software; you can redistribute it and/or modify

 it under the terms of the GNU General Public License as published by

 the Free Software Foundation; either version 2 of the License, or

 (at your option) any later version.

 Website Baker is distributed in the hope that it will be useful,

 but WITHOUT ANY WARRANTY; without even the implied warranty of

 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License

 along with Website Baker; if not, write to the Free Software

 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

*/

// Must include code to stop this file being access directly

if(defined('WB_PATH') == false) { exit("Cannot access this file directly"); }

$header = '<style type=\"text/css\">

.post_title, .post_date { border-bottom: 1px solid #DDDDDD; }

.post_title { font-weight: bold; font-size: 12px; color: #000000; }

.post_date { text-align: right; font-weight: bold; }

.post_short { text-align: justify; padding-bottom: 5px; }

</style>

<table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\">';

$post_loop = '<tr class=\"post_top\">

<td class=\"post_title\"><a href=\"[LINK]\">[TITLE]</a></td>

<td class=\"post_date\">[TIME], [DATE]</td>

</tr>

<tr>

<td class=\"post_short\" colspan=\"2\">

[SHORT] 

<a href=\"[LINK]\">[TEXT_READ_MORE]</a>

</td>

</tr>';

$footer = '</table>

<table cellpadding="0" cellspacing="0" border="0" width="100%" style="display: [DISPLAY_PREVIOUS_NEXT_LINKS]">

<tr>

<td width="35%" align="left">[PREVIOUS_PAGE_LINK]</td>

<td width="30%" align="center">[OF]</td>

<td width="35%" align="right">[NEXT_PAGE_LINK]</td>

</tr>

</table>';

$post_header = addslashes('<table cellpadding="0" cellspacing="0" border="0" width="100%">

<tr>

<td height="30"><h1>[TITLE]</h1></td>

<td rowspan="3" style="display: [DISPLAY_IMAGE]"><img src="[GROUP_IMAGE]" alt="[GROUP_TITLE]" /></td>

</tr>

<tr>

<td valign="top"><b>Posted by [DISPLAY_NAME] ([USERNAME]) on [DATE] at [TIME]</b></td>

</tr>

<tr style="display: [DISPLAY_GROUP]">

<td valign="top"><a href="[BACK]">[PAGE_TITLE]</a> >> <a href="[BACK]?g=[GROUP_ID]">[GROUP_TITLE]</a></td>

</tr>

</table>

<p style="text-align: justify;">');

$post_footer = '</p>

<a href=\"[BACK]\">Back</a>';

$comments_header = addslashes('<br /><br />

<style type="text/css">

.comment_title { font-weight: bold; }

.comment_text { font-weight: bold; background-color: #FDFDFD; border-bottom: 1px solid #DDDDDD; padding-bottom: 15px; }

.comment_title, .comment_text { border-left: 1px solid #DDDDDD; }

.comment_info { text-align: right; border-right: 1px solid #DDDDDD; }

.comment_title, .comment_info { border-top: 1px solid #DDDDDD; background-color: #EEEEEE; }

</style>

<h2>Comments</h2>

<table cellpadding="2" cellspacing="0" border="0" width="100%">');

$comments_loop = addslashes('<tr>

<td class="comment_title">[TITLE]</td>

<td class="comment_info">By [DISPLAY_NAME] on [DATE] at [TIME]</td>

</tr>

<tr>

<td colspan="2" class="comment_text">[COMMENT]</td>

</tr>');

$comments_footer = '</table>

<br /><a href=\"[ADD_COMMENT_URL]\">Add Comment</a>';

$comments_page = '<h1>Comment</h1>

<h2>[POST_TITLE]</h2>

<br />';

$commenting = 'none';

$use_captcha = true;

$database->query("INSERT INTO ".TABLE_PREFIX."mod_news_settings (section_id,page_id,header,post_loop,footer,post_header,post_footer,comments_header,comments_loop,comments_footer,comments_page,commenting,use_captcha) VALUES ('$section_id','$page_id','$header','$post_loop','$footer','$post_header','$post_footer','$comments_header','$comments_loop','$comments_footer','$comments_page','$commenting','$use_captcha')");

?>

<?php

// $Id$

/*

 Website Baker Project <http://www.websitebaker.org/>

 Copyright (C) 2004-2005, Ryan Djurovich

 Website Baker is free software; you can redistribute it and/or modify

 it under the terms of the GNU General Public License as published by

 the Free Software Foundation; either version 2 of the License, or

 (at your option) any later version.

 Website Baker is distributed in the hope that it will be useful,

 but WITHOUT ANY WARRANTY; without even the implied warranty of

 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License

 along with Website Baker; if not, write to the Free Software

 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

*/

// Must include code to stop this file being access directly

if(defined('WB_PATH') == false) { exit("Cannot access this file directly"); }

// Check if there is a start point defined

if(isset($_GET['p']) AND is_numeric($_GET['p']) AND $_GET['p'] >= 0) {

	$position = $_GET['p'];

} else {

	$position = 0;

}

// Get user's username, display name, email, and id - needed for insertion into post info

$users = array();

$query_users = $database->query("SELECT user_id,username,display_name,email FROM ".TABLE_PREFIX."users");

if($query_users->numRows() > 0) {

	while($user = $query_users->fetchRow()) {

		// Insert user info into users array

		$user_id = $user['user_id'];

		$users[$user_id]['username'] = $user['username'];

		$users[$user_id]['display_name'] = $user['display_name'];

		$users[$user_id]['email'] = $user['email'];

	}

}

// Get groups (title, if they are active, and their image [if one has been uploaded])

$groups[0]['title'] = '';

$groups[0]['active'] = true;

$groups[0]['image'] = '';

$query_users = $database->query("SELECT group_id,title,active FROM ".TABLE_PREFIX."mod_news_groups WHERE section_id = '$section_id' ORDER BY position ASC");

if($query_users->numRows() > 0) {

	while($group = $query_users->fetchRow()) {

		// Insert user info into users array

		$group_id = $group['group_id'];

		$groups[$group_id]['title'] = ($group['title']);

		$groups[$group_id]['active'] = $group['active'];

		if(file_exists(WB_PATH.MEDIA_DIRECTORY.'/.news/image'.$group_id.'.jpg')) {

			$groups[$group_id]['image'] = WB_URL.MEDIA_DIRECTORY.'/.news/image'.$group_id.'.jpg';

		} else {

			$groups[$group_id]['image'] = '';

		}

	}

}

// Check if we should show the main page or a post itself

if(!defined('POST_ID') OR !is_numeric(POST_ID)) {

	// Check if we should only list posts from a certain group

	if(isset($_GET['g']) AND is_numeric($_GET['g'])) {

		$query_extra = " AND group_id = '".$_GET['g']."'";

		?>

		<style type="text/css">.selected_group_title { font-size: 14px; text-align: center; }</style>

		<?php

	} else {

		$query_extra = '';

	}

	// Get settings

	$query_settings = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_news_settings WHERE section_id = '$section_id'");

	if($query_settings->numRows() > 0) {

		$fetch_settings = $query_settings->fetchRow();

		$setting_header = ($fetch_settings['header']);

		$setting_post_loop = ($fetch_settings['post_loop']);

		$setting_footer = ($fetch_settings['footer']);

		$setting_posts_per_page = $fetch_settings['posts_per_page'];

	} else {

		$setting_header = '';

		$setting_post_loop = '';

		$setting_footer = '';

		$setting_posts_per_page = '';

	}

	// Get total number of posts

	$query_total_num = $database->query("SELECT post_id FROM ".TABLE_PREFIX."mod_news_posts WHERE section_id = '$section_id' AND active = '1' AND title != ''$query_extra");

	$total_num = $query_total_num->numRows();

	// Work-out if we need to add limit code to sql

	if($setting_posts_per_page != 0) {

		$limit_sql = " LIMIT $position,$setting_posts_per_page";

	} else {

		$limit_sql = "";

	}

	// Query posts (for this page)

	$query_posts = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_news_posts WHERE section_id = '$section_id' AND active = '1' AND title != ''$query_extra ORDER BY position DESC".$limit_sql);

	$num_posts = $query_posts->numRows();

	// Create previous and next links

	if($setting_posts_per_page != 0) {

		if($position > 0) {

			if(isset($_GET['g']) AND is_numeric($_GET['g'])) {

				$pl_prepend = '<a href="?p='.($position-$setting_posts_per_page).'&g='.$_GET['g'].'"><< ';

			} else {

				$pl_prepend = '<a href="?p='.($position-$setting_posts_per_page).'"><< ';

			}

			$pl_append = '</a>';

			$previous_link = $pl_prepend.$TEXT['PREVIOUS'].$pl_append;

			$previous_page_link = $pl_prepend.$TEXT['PREVIOUS_PAGE'].$pl_append;

		} else {

			$previous_link = '';

			$previous_page_link = '';

		}

		if($position+$setting_posts_per_page >= $total_num) {

			$next_link = '';

			$next_page_link = '';

		} else {

			if(isset($_GET['g']) AND is_numeric($_GET['g'])) {

				$nl_prepend = '<a href="?p='.($position+$setting_posts_per_page).'&g='.$_GET['g'].'"> ';

			} else {

				$nl_prepend = '<a href="?p='.($position+$setting_posts_per_page).'"> ';

			}

			$nl_append = ' >></a>';

			$next_link = $nl_prepend.$TEXT['NEXT'].$nl_append;

			$next_page_link = $nl_prepend.$TEXT['NEXT_PAGE'].$nl_append;

		}

		if($position+$setting_posts_per_page > $total_num) {

			$num_of = $position+$num_posts;

		} else {

			$num_of = $position+$setting_posts_per_page;

		}

		$out_of = ($position+1).'-'.$num_of.' '.strtolower($TEXT['OUT_OF']).' '.$total_num;

		$of = ($position+1).'-'.$num_of.' '.strtolower($TEXT['OF']).' '.$total_num;

		$display_previous_next_links = '';

	} else {

		$display_previous_next_links = 'none';

	}

	// Print header

	if($display_previous_next_links == 'none') {

		echo  str_replace(array('[NEXT_PAGE_LINK]','[NEXT_LINK]','[PREVIOUS_PAGE_LINK]','[PREVIOUS_LINK]','[OUT_OF]','[OF]','[DISPLAY_PREVIOUS_NEXT_LINKS]'), array('','','','','','', $display_previous_next_links), $setting_header);

	} else {

		echo str_replace(array('[NEXT_PAGE_LINK]','[NEXT_LINK]','[PREVIOUS_PAGE_LINK]','[PREVIOUS_LINK]','[OUT_OF]','[OF]','[DISPLAY_PREVIOUS_NEXT_LINKS]'), array($next_page_link, $next_link, $previous_page_link, $previous_link, $out_of, $of, $display_previous_next_links), $setting_header);

	}

	if($num_posts > 0) {

		if($query_extra != '') {

			?>

			<div class="selected_group_title">

				<?php echo '<a href="'.$_SERVER['PHP_SELF'].'">'.PAGE_TITLE.'</a> >> '.$groups[$_GET['g']]['title']; ?>

			</div>

			<?php

		}

		while($post = $query_posts->fetchRow()) {

			if(isset($groups[$post['group_id']]['active']) AND $groups[$post['group_id']]['active'] != false) { // Make sure parent group is active

				$uid = $post['posted_by']; // User who last modified the post

				// Workout date and time of last modified post

				$post_date = gmdate(DATE_FORMAT, $post['posted_when']+TIMEZONE);

				$post_time = gmdate(TIME_FORMAT, $post['posted_when']+TIMEZONE);

				// Work-out the post link

				$post_link = page_link($post['link']);

				if(isset($_GET['p']) AND $position > 0) {

					$post_link .= '?p='.$position;

				}

				if(isset($_GET['g']) AND is_numeric($_GET['g'])) {

					if(isset($_GET['p']) AND $position > 0) { $post_link .= '&'; } else { $post_link .= '?'; }

					$post_link .= 'g='.$_GET['g'];

				}

				// Get group id, title, and image

				$group_id = $post['group_id'];

				$group_title = $groups[$group_id]['title'];

				$group_image = $groups[$group_id]['image'];

				if($group_image == '') { $display_image = 'none'; } else { $display_image = ''; }

				if($group_id == 0) { $display_group = 'none'; } else { $display_group = ''; }

				// Replace [wblink--PAGE_ID--] with real link

				$short = ($post['content_short']);

				$wb->preprocess($short);

				// Replace vars with values

				$post_long_len = strlen($post['content_long']);

				$vars = array('[PAGE_TITLE]', '[GROUP_ID]', '[GROUP_TITLE]', '[GROUP_IMAGE]', '[DISPLAY_GROUP]', '[DISPLAY_IMAGE]', '[TITLE]', '[SHORT]', '[LINK]', '[DATE]', '[TIME]', '[USER_ID]', '[USERNAME]', '[DISPLAY_NAME]', '[EMAIL]', '[TEXT_READ_MORE]');

				if(isset($users[$uid]['username']) AND $users[$uid]['username'] != '') {

					if($post_long_len < 9) {

						$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $post['title'], $short, $post_link, $post_date, $post_time, $uid, $users[$uid]['username'], $users[$uid]['display_name'], $users[$uid]['email'], '');

					} else {

						$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $post['title'], $short, $post_link, $post_date, $post_time, $uid, $users[$uid]['username'], $users[$uid]['display_name'], $users[$uid]['email'], $TEXT['READ_MORE']);

					}

				} else {

					if($post_long_len < 9) {

						$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $post['title'], $short, $post_link, $post_date, $post_time, '', '', '', '', '');

					} else {

						$values = array(PAGE_TITLE, $group_id, $group_title, $group_image, $display_group, $display_image, $post['title'], $short, $post_link, $post_date, $post_time, '', '', '', '', $TEXT['READ_MORE']);

					}

				}

				echo str_replace($vars, $values, $setting_post_loop);

			}

		}

	}

	// Print footer

	if($display_previous_next_links == 'none') {

		echo  str_replace(array('[NEXT_PAGE_LINK]','[NEXT_LINK]','[PREVIOUS_PAGE_LINK]','[PREVIOUS_LINK]','[OUT_OF]','[OF]','[DISPLAY_PREVIOUS_NEXT_LINKS]'), array('','','','','','', $display_previous_next_links), $setting_footer);

	} else {

		echo str_replace(array('[NEXT_PAGE_LINK]','[NEXT_LINK]','[PREVIOUS_PAGE_LINK]','[PREVIOUS_LINK]','[OUT_OF]','[OF]','[DISPLAY_PREVIOUS_NEXT_LINKS]'), array($next_page_link, $next_link, $previous_page_link, $previous_link, $out_of, $of, $display_previous_next_links), $setting_footer);

	}

} elseif(defined('POST_ID') AND is_numeric(POST_ID)) {