editnews.php

1. <?php
2. /*
3. =====================================================
4.  DataLife Engine - Edit News on the SITE
5. -----------------------------------------------------
6.  Файл: editnews.php
7. -----------------------------------------------------
8.  Назначение: Редактирование новости посетителем
9. =====================================================
10. */
11.  
12. if( !defined( 'DATALIFEENGINE' ) ) {
13.     die( "Hacking attempt!" );
14. }
15.  
16. $allow_addnews = true;
17.  
18. include_once ENGINE_DIR . '/classes/parse.class.php';
19. $parse = new ParseFilter( Array (), Array (), 1, 1 );
20.  
21. if( $config['max_moderation'] and !$user_group[$member_id['user_group']]['moderation'] ) {
22.     $stats_approve = $db->super_query( "SELECT COUNT(*) as count FROM " . PREFIX . "_post WHERE approve != '1'" );
23.     $stats_approve = $stats_approve['count'];
24.  
25.     if( $stats_approve >= $config['max_moderation'] ) $allow_addnews = false;
26. }
27.  
28. if( $is_logged AND $config['news_restricted'] AND (($_TIME - $member_id['reg_date']) < ($config['news_restricted'] * 86400)) ) {
29.     $lang['add_err_9'] = str_replace( '{days}', intval($config['news_restricted']), $lang['news_info_7'] );
30.     $allow_addnews = false;
31. }
32.  
33. if( $member_id['restricted'] and $member_id['restricted_days'] and $member_id['restricted_date'] < $_TIME ) {
34.     $member_id['restricted'] = 0;
35.     $db->query( "UPDATE LOW_PRIORITY " . USERPREFIX . "_users SET restricted='0', restricted_days='0', restricted_date='' WHERE user_id='{$member_id['user_id']}'" );
36. }
37.  
38. if( $member_id['restricted'] == 1 or $member_id['restricted'] == 4 ) {
39.  
40.     if( $member_id['restricted_days'] ) {
41.         $lang['news_info_4'] = str_replace( '{date}', langdate( "j M Y H:i", $member_id['restricted_date'] ), $lang['news_info_4'] );
42.         $lang['add_err_9'] = $lang['news_info_4'];
43.     } else {
44.         $lang['add_err_9'] = $lang['news_info_5'];
45.     }
46.    
47.     $allow_addnews = false;
48.    
49. }
50.  
51. if( !$allow_addnews ) {
52.     msgbox( $lang['all_info'], $lang['add_err_9'] . "<br /><br /><a href=\"javascript:history.go(-1)\">$lang[all_prev]</a>" );
53. } else {
54.  
55.     if( isset( $_REQUEST['mod'] ) and $_REQUEST['mod'] == "editnews" and $is_logged and $user_group[$member_id['user_group']]['allow_adds'] ) {
56.  
57.         $stop = "";
58.  
59.         $allow_comm = intval( $_POST['allow_comm'] );
60.  
61.         if( $user_group[$member_id['user_group']]['allow_main'] ) $allow_main = intval( $_POST['allow_main'] );
62.         else $allow_main = 0;
63.        
64.         $allow_mail = isset( $_POST['allow_mail'] ) ? intval( $_POST['allow_mail'] ) : 0;
65.        
66.         $approve = intval( $_POST['approve'] );
67.         $allow_rating = intval( $_POST['allow_rating'] );
68.  
69.         $view_edit  = isset( $_POST['view_edit'] ) ? intval( $_POST['view_edit'] ) : 0;
70.        
71.         if( $user_group[$member_id['user_group']]['allow_fixed'] ) $news_fixed = intval( $_POST['news_fixed'] );
72.         else $news_fixed = 0;
73.  
74.         if( !count( $_POST['catlist'] ) ) {
75.             $catlist = array ();
76.             $catlist[] = '0';
77.         } else
78.             $catlist = $_POST['catlist'];
79.  
80.         $category_list = array();
81.    
82.         foreach ( $catlist as $value ) {
83.             $category_list[] = intval($value);
84.         }
85.  
86.         $category_list = $db->safesql( implode( ',', $category_list ) );
87.        
88.         $editreason = $db->safesql( htmlspecialchars( strip_tags( stripslashes( trim( $_POST['editreason'] ) ) ), ENT_QUOTES, $config['charset'] ) );
89.    
90.         if( !$config['allow_add_tags'] ) $_POST['tags'] = "";
91.         elseif( @preg_match( "/[\||\<|\>|\"|\!|\?|\$|\@|\/|\\\|\&\~\*\+]/", $_POST['tags'] ) ) $_POST['tags'] = "";
92.         else $_POST['tags'] = @$db->safesql( htmlspecialchars( strip_tags( stripslashes( trim( $_POST['tags'] ) ) ), ENT_COMPAT, $config['charset'] ) );
93.        
94.         if( $_POST['tags'] ) {
95.             $temp_array = array();
96.             $tags_array = array();
97.             $temp_array = explode (",", $_POST['tags']);
98.    
99.             if( count($temp_array) ) {
100.                 foreach ( $temp_array as $value ) {
101.                     if( trim($value) ) $tags_array[] = trim( $value );
102.                 }
103.             }
104.    
105.             $_POST['tags'] = ( count($tags_array) ) ? implode(", ", $tags_array) : "";
106.         }
107.  
108.         if( !$user_group[$member_id['user_group']]['moderation'] ) {
109.             $approve = 0;
110.             $allow_comm = 1;
111.             $allow_main = 1;
112.             $allow_rating = 1;
113.             $news_fixed = 0;
114.         }
115.  
116.         if( $approve ) $msg = $lang['add_ok_1_1'];
117.         else $msg = $lang['add_ok_2_1'];
118.  
119.         $allow_list = explode( ',', $user_group[$member_id['user_group']]['cat_add'] );
120.  
121.         if( $user_group[$member_id['user_group']]['moderation'] ) {
122.             foreach ( $catlist as $selected ) {
123.                 if( $allow_list[0] != "all" and ! in_array( $selected, $allow_list ) and $member_id['user_group'] != "1" ) {
124.                     $approve = 0;
125.                     $msg = $lang['add_ok_3_1'];
126.                 }
127.             }
128.         }
129.  
130.         $allow_list = explode( ',', $user_group[$member_id['user_group']]['cat_allow_addnews'] );
131.        
132.         if( $allow_list[0] != "all" ) {
133.             foreach ( $catlist as $selected ) {
134.                 if( !in_array( $selected, $allow_list ) AND $member_id['user_group'] != "1" ) {
135.                     $stop .= "<li>" . $lang['news_err_41'] . "</li>";
136.                 }
137.             }
138.         }
139.  
140.         if( !$user_group[$member_id['user_group']]['allow_html'] ) {
141.             $config['allow_site_wysiwyg'] = 0;
142.             $_POST['short_story'] = strip_tags ($_POST['short_story']);
143.             $_POST['full_story']  = strip_tags ($_POST['full_story']);
144.         }
145.        
146.         if( $config['allow_site_wysiwyg'] ) {
147.             $parse->allow_code = false;        
148.             $full_story  = $db->safesql( $parse->BB_Parse( $parse->process( $_POST['full_story'] ) ) );
149.             $short_story = $db->safesql( $parse->BB_Parse( $parse->process( $_POST['short_story'] ) ) );
150.             $allow_br = 0;
151.         } else {
152.             $full_story  = $db->safesql( $parse->BB_Parse( $parse->process( $_POST['full_story'] ), false ) );
153.             $short_story = $db->safesql( $parse->BB_Parse( $parse->process( $_POST['short_story'] ), false ) );
154.             $allow_br = 1;
155.         }
156.  
157.         if( $parse->not_allowed_text ) {
158.             $stop .= "<li>" . $lang['news_err_39'] . "</li>";
159.         }
160.  
161.         $parse->ParseFilter();
162.         $title = $db->safesql( $parse->process( trim( strip_tags ($_POST['title']) ) ) );
163.         $alt_name = trim( $parse->process( stripslashes( $_POST['alt_name'] ) ) );
164.        
165.         $autor = $db->safesql( $parse->process( trim( strip_tags ($_POST['autor']) ) ) );
166.  
167.         $parse = new ParseFilter( Array (), Array (), 1, 1 );
168.  
169.         $add_module = "yes";
170.         $xfieldsaction = "init";
171.         $category = $catlist;
172.         include (ENGINE_DIR . '/inc/xfields.php');
173.  
174.         if( $alt_name == "" or !$alt_name ) $alt_name = totranslit( stripslashes( $title ), true, false );
175.         else $alt_name = totranslit( $alt_name, true, false );
176.  
177.         if( $title == "" or !$title ) $stop .= $lang['add_err_1'];
178.         if( dle_strlen( $title, $config['charset'] ) > 200 ) $stop .= $lang['add_err_2'];
179.  
180.         $catalog_url = $config['create_catalog'] ? $db->safesql( dle_substr( htmlspecialchars( strip_tags( stripslashes( trim( $title ) ) ), ENT_QUOTES, $config['charset'] ), 0, 1, $config['charset'] ) ) : "";
181.  
182.         if( $user_group[$member_id['user_group']]['disable_news_captcha'] AND $member_id['news_num'] >= $user_group[$member_id['user_group']]['disable_news_captcha'] ) {
183.             $user_group[$member_id['user_group']]['news_question'] = false;
184.             $user_group[$member_id['user_group']]['news_sec_code'] = false;
185.         }
186.  
187.         if( $user_group[$member_id['user_group']]['news_sec_code']) {
188.             if( $config['allow_recaptcha'] ) {
189.                 require_once ENGINE_DIR . '/classes/recaptcha.php';
190.                 $sec_code = 1;
191.                 $sec_code_session = false;
192.    
193.                 if( $_POST["recaptcha_response_field"] AND $_POST["recaptcha_response_field"] ) {
194.                     $resp = recaptcha_check_answer ($config['recaptcha_private_key'],
195.                                                      $_SERVER["REMOTE_ADDR"],
196.                                                      $_POST["recaptcha_challenge_field"],
197.                                                      $_POST["recaptcha_response_field"]);
198.                
199.                         if( !$resp->is_valid ) {
200.                             $stop .= "<li>" . $lang['news_err_30'] . "</li>";
201.                         }
202.    
203.                 } else $stop .= "<li>" . $lang['news_err_30'] . "</li>";
204.  
205.             } elseif( $_REQUEST['sec_code'] != $_SESSION['sec_code_session'] OR !$_SESSION['sec_code_session'] ) $stop .= "<li>" . $lang['news_err_30'] . "</li>";
206.  
207.         }
208.  
209.         if( $user_group[$member_id['user_group']]['news_question'] ) {
210.             if( intval($_SESSION['question']) ) {
211.    
212.                 $answer  = $db->super_query("SELECT id, answer FROM " . PREFIX . "_question WHERE id='".intval($_SESSION['question'])."'");
213.                 $answers = explode( "\n", $answer['answer'] );
214.    
215.                 $pass_answer = false;
216.    
217.                 if( function_exists('mb_strtolower') ) {
218.                     $question_answer = trim(mb_strtolower($_POST['question_answer'], $config['charset']));
219.                 } else {
220.                     $question_answer = trim(strtolower($_POST['question_answer']));
221.                 }
222.    
223.                 if( count($answers) AND $question_answer ) {
224.                     foreach( $answers as $answer ){
225.    
226.                         if( function_exists('mb_strtolower') ) {
227.                             $answer = trim(mb_strtolower($answer, $config['charset']));
228.                         } else {
229.                             $answer = trim(strtolower($answer));
230.                         }
231.    
232.                         if( $answer AND $answer == $question_answer ) {
233.                             $pass_answer    = true;
234.                             break;
235.                         }
236.                     }
237.                 }
238.    
239.                 if( !$pass_answer ) $stop .= $lang['reg_err_24'];
240.    
241.             } else $stop .= $lang['reg_err_24'];
242.        
243.         }
244.  
245.         if( $user_group[$member_id['user_group']]['flood_news'] ) {
246.             if( flooder( $member_id['name'],  $user_group[$member_id['user_group']]['flood_news'] )) {
247.                 $stop .= "<li>" .$lang['news_err_4'] . " " . $lang['news_err_43'] . " {$user_group[$member_id['user_group']]['flood_news']} " . $lang['news_err_6']. "</li>";
248.             }
249.         }
250.  
251.         $max_detected = false;
252.         if( $user_group[$member_id['user_group']]['max_day_news'] ) {
253.             $row = $db->super_query( "SELECT COUNT(*) as count FROM " . PREFIX . "_post WHERE date >= '".date("Y-m-d", $_TIME)."' AND date < '".date("Y-m-d", $_TIME)."' + INTERVAL 24 HOUR AND autor = '{$member_id['name']}'");
254.             if ($row['count'] >= $user_group[$member_id['user_group']]['max_day_news'] ) {
255.                 $stop .= "<li>" .$lang['news_err_44'] . "</li>";
256.                 $max_detected = true;
257.             }
258.         }
259.  
260.         if( $stop ) {
261.             $stop = "<ul>" . $stop . "</ul><a href=\"javascript:history.go(-1)\">$lang[all_prev]</a>";
262.             msgbox( $lang['add_err_6'], $stop  );
263.         }
264.        
265.         if( !$stop ) {
266.  
267.             $_SESSION['sec_code_session'] = 0;
268.             $id = (isset( $_REQUEST['id'] )) ? intval( $_REQUEST['id'] ) : 0;
269.             $found = false;
270.  
271.             if( $id ) {
272.                 $row = $db->super_query( "SELECT * FROM " . PREFIX . "_post where id = '$id' and approve = '1'" );
273.                 if( $id == $row['id'] and ($member_id['name'] == $row['autor'] or $user_group[$member_id['user_group']]['allow_all_edit']) ) $found = true;
274.                 else $found = false;
275.             }
276.  
277.             $newdate  = strtotime( $_POST['newdate'] );
278.             $allow_date = intval ( $_POST['allow_date'] );
279.             $allow_now  = intval ( $_POST['allow_now'] );
280.  
281.             // Обработка даты и времени
282.             $added_time = time() + ($config['date_adjust'] * 60);
283.  
284.             if( $allow_date != "1" and $member_id['user_group'] < 4 ) {
285.                 if( $allow_now != "1" ) {
286.                     $thistime = date( "Y-m-d H:i:s", $newdate );
287.                 } else {
288.                     $thistime = date ('Y-m-d H:i:s', $added_time);
289.                 }
290.  
291.                 $db->query( "UPDATE " . PREFIX . "_post set title='$title', autor='$autor', date='$thistime', short_story='$short_story', full_story='$full_story', descr='{$metatags['description']}', keywords='{$metatags['keywords']}', xfields='$filecontents', category='$category_list', alt_name='$alt_name', allow_comm='$allow_comm', approve='$approve', allow_main='$allow_main', fixed='$news_fixed', allow_br='$allow_br', tags='" . $_POST['tags'] . "' WHERE id='$id'" );
292.                
293.                 $db->query( "UPDATE " . PREFIX . "_post_extras SET allow_rate='$allow_rating', reason='$editreason', view_edit='$view_edit', votes='$add_vote' WHERE news_id='$id'" );
294.  
295.             } else {
296.                 $db->query( "UPDATE " . PREFIX . "_post set title='$title', autor='$autor', short_story='$short_story', full_story='$full_story', xfields='$filecontents', category='$category_list', alt_name='$alt_name', allow_comm='$allow_comm', approve='$approve', allow_main='$allow_main', fixed='$news_fixed', allow_br='$allow_br', tags='" . $_POST['tags'] . "' WHERE id='$id'" );
297.                
298.                 $db->query( "UPDATE " . PREFIX . "_post_extras SET allow_rate='$allow_rating', reason='$editreason', view_edit='$view_edit', votes='$add_vote' WHERE news_id='$id'" );
299.             }
300.  
301.             // Облако тегов
302.             if( $_POST['tags'] != $row['tags'] or $approve ) {
303.                 $db->query( "DELETE FROM " . PREFIX . "_tags WHERE news_id = '{$row['id']}'" );
304.  
305.                 if( $_POST['tags'] != "" and $approve ) {
306.                     $tags = array ();
307.                     $_POST['tags'] = explode( ",", $_POST['tags'] );
308.                     foreach ( $_POST['tags'] as $value ) {
309.                         $tags[] = "('" . $row['id'] . "', '" . trim( $value ) . "')";
310.                     }
311.                     $tags = implode( ", ", $tags );
312.                     $db->query( "INSERT INTO " . PREFIX . "_tags (news_id, tag) VALUES " . $tags );
313.                 }
314.             }
315.  
316.             if( $config['allow_alt_url'] ) msgbox( $lang['add_ok_ok'], "{$msg} <a href=\"{$config['http_home_url']}\">$lang[all_prev]</a>" );
317.             else msgbox( $lang['add_ok_ok'] . $allow_now, "{$msg} <a href=\"{$config['http_home_url']}\">$lang[all_prev]</a>" );
318.  
319.             if( $config['allow_alt_url'] AND !$config['seo_type'] ) $cprefix = "full_";
320.             else $cprefix = "full_" . $id; 
321.  
322.             if( $approve ) {
323.                 clear_cache( array('news_', 'rss', $cprefix) );
324.             }
325.  
326.         }
327.  
328.     } elseif( $is_logged and $user_group[$member_id['user_group']]['allow_adds'] ) {
329.  
330.         $tpl->load_template( 'editnews.tpl' );
331.  
332.         $addtype = "addnews";
333.  
334.         if ( !$user_group[$member_id['user_group']]['allow_html'] ) {
335.             $config['allow_site_wysiwyg'] = 0;
336.         }
337.        
338.         if( $config['allow_site_wysiwyg'] ) {
339.             include_once ENGINE_DIR . '/editor/shortsite.php';
340.             include_once ENGINE_DIR . '/editor/fullsite.php';
341.             $bb_code = "";
342.         } else {
343.             $bb_editor = true;
344.             include_once ENGINE_DIR . '/modules/bbcode.php';
345.         }
346.  
347.         if( !$config['allow_site_wysiwyg'] ) {
348.             $tpl->set( '[not-wysywyg]', '' );
349.             $tpl->set( '[/not-wysywyg]', '' );
350.         } else
351.             $tpl->set_block( "'\\[not-wysywyg\\].*?\\[/not-wysywyg\\]'si", '' );
352.        
353.         if( $config['allow_site_wysiwyg'] ) {
354.             $tpl->set( '{shortarea}', $shortarea );
355.             $tpl->set( '{fullarea}', $fullarea );
356.         } else {
357.             $tpl->set( '{shortarea}', '' );
358.             $tpl->set( '{fullarea}', '' );
359.         }
360.        
361.         $id = (isset( $_REQUEST['id'] )) ? intval( $_REQUEST['id'] ) : 0;
362.         $found = false;
363.  
364.         if( $id ) {
365.             $row = $db->super_query( "SELECT * FROM " . PREFIX . "_post LEFT JOIN " . PREFIX . "_post_extras ON (" . PREFIX . "_post.id=" . PREFIX . "_post_extras.news_id) WHERE id = '{$id}'" );
366.             if( $id == $row['id'] and ($member_id['name'] == $row['autor'] or $user_group[$member_id['user_group']]['allow_all_edit']) ) $found = true;
367.             else $found = false;
368.         }
369.  
370.         $cat_list = explode( ',', $row['category'] );
371.         $categories_list = CategoryNewsSelection( $cat_list, 0 );
372.        
373.         $tpl->set( '{autor}', $row['autor'] );
374.         $tpl->set( '{title}', $parse->decodeBBCodes( $row['title'], false ) );
375.         $tpl->set( '{alt-name}', $row['alt_name'] );
376.         $tpl->set( '{datenews11}', $row['date'] );
377.            
378.         if( $config['allow_site_wysiwyg'] or $row['allow_br'] != '1' ) {
379.             $row['short_story'] = $parse->decodeBBCodes( $row['short_story'], TRUE, $config['allow_site_wysiwyg'] );
380.             $row['full_story']  = $parse->decodeBBCodes( $row['full_story'], TRUE, $config['allow_site_wysiwyg'] );
381.         } else {
382.             $row['short_story'] = $parse->decodeBBCodes( $row['short_story'], false );
383.             $row['full_story']  = $parse->decodeBBCodes( $row['full_story'], false );
384.         }
385.            
386.         $tpl->set( '{short-story}', $row['short_story'] );
387.         $tpl->set( '{full-story}', $row['full_story'] );
388.         $tpl->set( '{tags}', $row['tags'] );
389.  
390.         $relatednews = "
391. <SCRIPT LANGUAGE=\"javascript\">
392. function find_relates ( ) {
393.     var title = document.getElementById('title').value;
394.     ShowLoading('');
395.     $.post('engine/ajax/find_relates.php', {title: title}, function(data) {
396.         HideLoading('');
397.         $('#related_news').html(data);
398.     });
399.     return false;
400. };
401. </SCRIPT>
402.  
403.  <input class=\"bbcodes\" type=\"submit\" onclick=\"find_relates(); return false;\" value=\"Найти Похожие Новости\"><div id=\"related_news\"></div>";
404.  
405.         $tpl->set( '{related}',  $relatednews );
406.  
407.         $xfieldsaction = "categoryfilter";
408.         include_once ENGINE_DIR . '/inc/xfields.php';
409.        
410.         if( $config['allow_multi_category'] ) {
411.             $cats = "<select data-placeholder=\"{$lang['addnews_cat_sel']}\" name=\"catlist[]\" id=\"category\" onchange=\"onCategoryChange(this)\" style=\"width:350px; height:140px;\" multiple=\"multiple\" class=\"chosen-select\">";
412.         } else {
413.             $cats = "<select data-placeholder=\"{$lang['addnews_cat_sel']}\" name=\"catlist[]\" id=\"category\" onchange=\"onCategoryChange(this)\" style=\"width:350px;\" class=\"chosen-select\">";
414.         }
415.        
416.         $cats .= $categories_list;
417.         $cats .= "</select>";
418.  
419.         $tpl->set( '{bbcode}', $bb_code );
420.         $tpl->set( '{category}', $cats );
421.  
422.         if ($row['allow_comm'] == '1') $comm_chek = "checked=\"checked\"";
423.         if ($row['approve'] == '1') $app_chek = "checked=\"checked\"";
424.         if ($row['allow_main'] == '1') $main_chek = "checked=\"checked\"";
425.         if ($row['allow_rate'] == '1') $rate_chek = "checked=\"checked\"";
426.         if ($row['fixed'] == '1') $nfix_chek = "checked=\"checked\"";
427.        
428.         $edit_cheked = ($row['view_edit'] == '1') ? "checked" : "";
429.  
430.         if( $user_group[$member_id['user_group']]['moderation'] ) {
431.  
432.             $admintag = "<input type=\"checkbox\" name=\"allow_comm\" id=\"allow_comm\" value=\"1\" " . $comm_chek . " /><label for=\"allow_comm\">" . $lang['add_al_com'] . "</label>";
433.  
434.             if( $user_group[$member_id['user_group']]['allow_main'] ) $admintag .= "&nbsp;&nbsp;&nbsp;&nbsp;<input type=\"checkbox\" name=\"allow_main\" id=\"allow_main\" value=\"1\" ".$main_chek." /><label for=\"allow_main\">" . $lang['add_al_m'] . "</label>";
435.  
436.             $admintag .= "<br /><input type=\"checkbox\" name=\"approve\" id=\"approve\" value=\"1\" " . $app_chek . " /><label for=\"approve\"> {$lang['add_al_ap']}</label><br /><input type=\"checkbox\" name=\"allow_rating\" id=\"allow_rating\" value=\"1\" " . $rate_chek . " /><label for=\"allow_rating\"> {$lang['addnews_allow_rate']}</label>";
437.  
438.             if( $user_group[$member_id['user_group']]['allow_fixed'] ) $admintag .= "<br /><input type=\"checkbox\" name=\"news_fixed\" id=\"news_fixed\" value=\"1\" " . $nfix_chek . " /><label for=\"news_fixed\"> {$lang['add_al_fix']}</label>";
439.  
440.             $tpl->set( '{admintag}', $admintag );
441.                
442.             $reason = "<input type=\"checkbox\" id=\"view_edit\" name=\"view_edit\" value=\"1\" checked /><label for=\"view_edit\">Выводить информацию о том что новость отредактирована</label><br /><input type=\"text\" size=\"55\" style=\"width:316px\" name=\"editreason\" id=\"editreason\" value=\"{$row['reason']}\"> {$lang['news_edit_date']}";
443.            
444.             $tpl->set( '{reason}', $reason );
445.         } else {
446.             $tpl->set( '{reason}', '' );
447.             $tpl->set( '{admintag}', '' );
448.         }
449.  
450.         if( $is_logged and $member_id['user_group'] < 4 ) {
451.             $tpl->set( '[urltag]', '' );
452.             $tpl->set( '[/urltag]', '' );
453.         } else {
454.             $tpl->set_block( "'\\[urltag\\].*?\\[/urltag\\]'si", "" );
455.         }
456.  
457.         if( $is_logged and $member_id['user_group'] < 5 ) {
458.             $tpl->set( '[autor]', '' );
459.             $tpl->set( '[/autor]', '' );
460.         } else {
461.             $tpl->set_block( "'\\[autor\\].*?\\[/autor\\]'si", "" );
462.         }
463.  
464.         if( $is_logged and $member_id['user_group'] < 4 ) {
465.             $tpl->set( '[dateedadm]', '' );
466.             $tpl->set( '[/dateedadm]', '' );
467.         } else {
468.             $tpl->set_block( "'\\[dateedadm\\].*?\\[/dateedadm\\]'si", "" );
469.         }
470.  
471.         $xfieldsaction = "list";
472.         $xfieldmode = "site";
473.         $xfieldsid  = $row['xfields'];
474.         $xfieldscat = $row['category'];
475.         include (ENGINE_DIR . '/inc/xfields.php');
476.  
477.         if( !$config['allow_site_wysiwyg'] ) $output = str_replace("<!--panel-->", $bb_code, $output);
478.        
479.         $tpl->set( '{xfields}', $output );
480.  
481.         if( $user_group[$member_id['user_group']]['news_sec_code'] ) {
482.  
483.             if( $config['allow_recaptcha'] ) {
484.                 $tpl->set( '[recaptcha]', "" );
485.                 $tpl->set( '[/recaptcha]', "" );
486.                 $tpl->set( '{recaptcha}', '
487. <script type="text/javascript">
488. <!--
489.     var RecaptchaOptions = {
490.        theme: \''.$config['recaptcha_theme'].'\',
491.        lang: \''.$lang['wysiwyg_language'].'\'
492.     };
493.  
494. //-->
495. </script>
496. <script type="text/javascript" src="//www.google.com/recaptcha/api/challenge?k='.$config['recaptcha_public_key'].'"></script>' );
497.  
498.                 $tpl->set_block( "'\\[sec_code\\](.*?)\\[/sec_code\\]'si", "" );
499.                 $tpl->set( '{reg_code}', "" );
500.             } else {
501.                 $tpl->set( '[sec_code]', "" );
502.                 $tpl->set( '[/sec_code]', "" );
503.                 $path = parse_url( $config['http_home_url'] );
504.                 $tpl->set( '{sec_code}', "<span id=\"dle-captcha\"><img src=\"" . $path['path'] . "engine/modules/antibot/antibot.php\" alt=\"${lang['sec_image']}\" width=\"160\" height=\"80\" /><br /><a onclick=\"reload(); return false;\" href=\"#\">{$lang['reload_code']}</a></span>" );
505.                 $tpl->set_block( "'\\[recaptcha\\](.*?)\\[/recaptcha\\]'si", "" );
506.                 $tpl->set( '{recaptcha}', "" );
507.             }
508.         } else {
509.             $tpl->set( '{sec_code}', "" );
510.             $tpl->set( '{recaptcha}', "" );
511.             $tpl->set_block( "'\\[recaptcha\\](.*?)\\[/recaptcha\\]'si", "" );
512.             $tpl->set_block( "'\\[sec_code\\](.*?)\\[/sec_code\\]'si", "" );
513.         }
514.  
515.         if( !isset($path['path']) ) $path['path'] = "/";
516.  
517.         $save = ( $config['allow_site_wysiwyg'] == "2" ) ? "tinyMCE.triggerSave();" : "";      
518.  
519.         $script = "
520. <script language=\"javascript\" type=\"text/javascript\">
521. <!--
522. function preview(){";
523.        
524.         if( $config['allow_site_wysiwyg'] == "1" ) {
525.             $script .= "submit_all_data();";
526.         }
527.        
528.         $script .= "if(document.entryform.title.value == ''){ DLEalert('$lang[add_err_7]', dle_info); }
529.    else{
530.        dd=window.open('','prv','height=400,width=750,resizable=0,scrollbars=1')
531.        document.entryform.mod.value='preview';document.entryform.action='{$config['http_home_url']}engine/preview.php';document.entryform.target='prv'
532.        document.entryform.submit();dd.focus()
533.        setTimeout(\"document.entryform.mod.value='addnews';document.entryform.action='';document.entryform.target='_self'\",500)
534.    }
535. }";
536.        
537.         $script .= <<<HTML
538. function reload () {
539.     var rndval = new Date().getTime();
540.     document.getElementById('dle-captcha').innerHTML = '<img src="{$path['path']}engine/modules/antibot/antibot.php?rndval=' + rndval + '" width="160" height="80" alt="" /><br /><a onclick="reload(); return false;" href="#">{$lang['reload_code']}</a>';
541. }
542.  
543. function CheckStatus(Form) {
544.     if( Form.allow_date.checked ) {
545.         Form.allow_now.disabled = true;
546.         Form.allow_now.checked  = false;
547.     } else {
548.         Form.allow_now.disabled = false;
549.     }
550. }
551.  
552. function checkxf () {
553.     var status = '';
554.     {$save}
555.     $('[uid=\"essential\"]:visible').each(function(indx) {
556.         if($.trim($(this).find('[rel=\"essential\"]').val()).length < 1) {
557.             DLEalert('{$lang['addnews_xf_alert']}', dle_info);
558.             status = 'fail';
559.         }
560.     });
561.  
562.     if(document.entryform.title.value == ''){
563.         DLEalert('{$lang['add_err_7']}', dle_info);
564.         status = 'fail';
565.     }
566.  
567.     return status;
568. }
569. //-->
570. </script>
571. HTML;
572.  
573.         $script .= "<form method=\"post\" name=\"entryform\" id=\"entryform\" onsubmit=\"if(checkxf()=='fail') return false;\" action=\"\">";
574.  
575.         $tpl->copy_template = $categoryfilter . $script . $tpl->copy_template . "<input type=\"hidden\" name=\"mod\" value=\"editnews\" /></form>";
576.        
577.         $tpl->compile( 'content' );
578.         $tpl->clear();
579.    
580.     } else {
581.         msgbox( $lang['all_info'], "$lang[add_err_8]<br /><a href=\"javascript:history.go(-1)\">$lang[all_prev]</a>" );
582.     }
583.  
584. }
585.  
586. ?>