
795 lines
22 KiB

// $Id$
function node_help() {
global $mod;
if ($mod == "node") {
foreach (module_list() as $name) {
if (module_hook($name, "status") && $name != "node") {
print "<h3>". ucfirst($name) ." type</h3>";
print module_invoke($name, "help");
function node_access($op, $node = 0) {
if (user_access("administer nodes")) {
return 1;
else {
** Convert the node to an object if necessary:
if (is_array($node)) {
$node = node_object($node);
** Construct a function:
$function = $node->type ."_access";
if (function_exists($function)) {
return $function($op, $node);
else {
return 0;
function node_perm() {
return array("administer nodes", "access content", "post content");
function node_search($keys) {
global $user;
$result = db_query("SELECT n.nid, n.title, n.created, u.uid, u.name FROM node n LEFT JOIN users u ON n.uid = u.uid WHERE n.status = 1 AND (n.title LIKE '%$keys%' OR n.teaser LIKE '%$keys%' OR n.body LIKE '%$keys%') ORDER BY n.created DESC LIMIT 20");
while ($node = db_fetch_object($result)) {
$find[$i++] = array("title" => check_output($node->title), "link" => (user_access("administer nodes") ? "admin.php?mod=node&type=node&op=edit&id=$node->nid" : "node.php?id=$node->nid"), "user" => $node->name, "date" => $node->created);
return $find;
function node_conf_options() {
$output .= form_select(t("Default number of nodes to display"), "default_nodes_main", variable_get("default_nodes_main", 10), array(1 => 1, 2 => 2, 3 => 3, 4 => 4, 5 => 5, 6 => 6, 7 => 7, 8 => 8, 9 => 9, 10 => 10, 15 => 15, 20 => 20, 25 => 25, 30 => 30), t("The default maximum number of nodes to display on the main page."));
return $output;
function node_conf_filters() {
$output .= form_select(t("Enable HTML tags"), "filter_html", variable_get("filter_html", 0), array("Disabled", "Enabled"), t("Allow HTML and PHP tags in user-contributed content."));
$output .= form_textfield(t("Allowed HTML tags"), "allowed_html", variable_get("allowed_html", "<A><B><BLOCKQUOTE><DD><DL><DT><I><LI><OL><U><UL>"), 64, 128, t("If enabled, optionally specify tags which should not be stripped. 'STYLE' attributes, 'ON' attributes and unclosed tags are always stripped."));
$output .= "<hr />";
$output .= form_select(t("Enable link tags"), "filter_link", variable_get("filter_link", 0), array("Disabled", "Enabled"), t("Substitute special [[nodesubject|text]] tags. Your browser will display 'text', and when you click on it your browser will open the node with the subject 'nodesubject'. Please be aware that you'll need to copy the subject of the target node exactly in order to use this feature."));
$output .= "<hr />";
return $output;
function node_filter_html($text) {
$text = eregi_replace("([ \f\r\t\n\'\"])style=[^>]+", "\\1", $text);
$text = eregi_replace("([ \f\r\t\n\'\"])on[a-z]+=[^>]+", "\\1", $text);
$text = strip_tags($text, variable_get("allowed_html", ""));
return $text;
function node_filter_link($text) {
$src = array("/\[\[(([^\|]*?)(\|([^\|]*?))?)\]\]/e"); // [link|description]
$dst = array(format_tag('\\2', '\\4')); // [link|description]
return preg_replace($src, $dst, $text);
function node_filter($text) {
if (variable_get("filter_html", 0)) $text = node_filter_html($text);
if (variable_get("filter_link", 0)) $text = node_filter_link($text);
return $text;
function node_link($type, $node = 0) {
if ($type == "admin" && user_access("administer nodes")) {
$links[] = "<a href=\"admin.php?mod=node\">content management</a>";
if ($type == "page") {
$links[] = "<a href=\"module.php?mod=node&op=add\">submit</a>";
if ($type == "node") {
if ($node->links) {
$links = $node->links;
if ($node->teaser != $node->body) {
$links[] = "<a href=\"node.php?id=". $node->nid ."\">". t("read more") ."</a>";
if ($node->comment) {
$links[] = "<a href=\"node.php?id=". $node->nid ."\">". format_plural(node_get_comments($node->nid), "comment", "comments") ."</a>";
if (user_access("administer nodes")) {
$links[] = "<a href=\"admin.php?mod=node&op=edit&id=". $node->nid ."\">". t("edit") ."</a>";
return $links ? $links : array();
function node_admin_settings($edit = array()) {
global $op;
if ($op == t("Save configuration")) {
** Save the configuration options:
foreach ($edit as $name => $value) {
variable_set($name, $value);
if ($op == t("Reset to defaults")) {
** Reset the configuration options to their default value:
foreach ($edit as $name=>$value) {
$output .= "<h3>". t("Global node settings") ."</h3>";
$output .= node_conf_options();
foreach (module_list() as $name) {
if (module_hook($name, "conf_options") && module_hook($name, "node")) {
$output .= "<h3>". t(ucfirst(module_invoke($name, "node", "name")) ." settings") ."</h3>";
$output .= module_invoke($name, "conf_options");
$output .= form_submit(t("Save configuration"));
$output .= form_submit(t("Reset to defaults"));
return form($output);
function node_admin_edit($node) {
if (is_numeric($node)) {
$node = node_load(array("nid" => $node));
** Edit node:
$output .= "<h3>". t("Edit node") ."</h3>";
$output .= node_form($node);
** Edit revisions:
if ($node->revisions) {
$output .= "<h3>". t("Edit revisions") ."</h3>";
$output .= "<table border=\"1\" cellpadding=\"2\" cellspacing=\"2\">";
$output .= " <tr><th>older revisions</th><th colspan=\"3\">operations</th></tr>";
foreach ($node->revisions as $key => $revision) {
$output .= " <tr><td>". sprintf(t("revision #%d by %s on %s"), $key, format_name(user_load(array("uid" => $revision["uid"]))), format_date($revision["timestamp"])) ."</td><td><a href=\"node.php?id=$node->nid&revision=$key\">". t("view revision") ."</a></td><td><a href=\"admin.php?mod=node&op=rollback+revision&id=$node->nid&revision=$key\">". t("rollback revision") ."</a></td><td><a href=\"admin.php?mod=node&op=delete+revision&id=$node->nid&revision=$key\">". t("delete revision") ."</a></td></tr>";
$output .= "</table>";
** Edit comments:
$output .= "<h3>". t("Edit comments") ."</h3>";
$result = db_query("SELECT c.cid, c.subject, u.uid, u.name FROM comments c LEFT JOIN users u ON u.uid = c.uid WHERE lid = '". $node["nid"] ."' ORDER BY c.timestamp");
$output .= "<table border=\"1\" cellpadding=\"2\" cellspacing=\"2\">";
$output .= " <tr><th>title</th><th>author</th><th colspan=\"3\">operations</th></tr>";
while ($comment = db_fetch_object($result)) {
$output .= "<tr><td><a href=\"node.php?id=$node->nid&cid=$comment->cid#$comment->cid\">$comment->subject</a></td><td>". format_name($comment) ."</td><td><a href=\"node.php?id=$node->nid&cid=$comment->cid#$comment->cid\">". t("view comment") ."</a></td><td><a href=\"admin.php?mod=comment&op=edit&id=$comment->cid\">". t("edit comment") ."</a></td><td><a href=\"admin.php?mod=comment&op=delete&id=$comment->cid\">". t("delete comment") ."</a></td></tr>";
$output .= "</table>";
return $output;
function node_admin_nodes() {
global $query;
$queries = array(array("ORDER BY n.created DESC", "new nodes"), array("ORDER BY n.changed DESC", "updated nodes"), array("WHERE n.status = 1 AND n.moderate = 0 ORDER BY n.nid DESC", "published nodes"), array("WHERE n.status = 0 AND n.moderate = 0 ORDER BY n.nid DESC", "non-published nodes"), array("WHERE n.status = 1 AND n.moderate = 1 ORDER BY n.nid DESC", "pending nodes"), array("WHERE n.status = 1 AND n.promote = 1 ORDER BY n.nid DESC", "promoted nodes"));
$result = db_query("SELECT n.*, u.name, u.uid FROM node n LEFT JOIN users u ON n.uid = u.uid ". $queries[$query ? $query : 0][0] ." LIMIT 50");
foreach ($queries as $key => $value) {
$links[] = "<a href=\"admin.php?mod=node&op=nodes&query=$key\">$value[1]</a>";
$output .= "<small>". implode(" :: ", $links) ."</small><hr />";
$output .= "<table border=\"1\" cellpadding=\"2\" cellspacing=\"2\">\n";
$output .= " <tr><th>title</th><th>type</th><th>author</th><th>status</th><th colspan=\"2\">operations</th></tr>\n";
while ($node = db_fetch_object($result)) {
$output .= "<tr><td><a href=\"node.php?id=$node->nid\">". check_output($node->title) ."</a></td><td>$node->type</td><td nowrap=\"nowrap\">". format_name($node) ."</td><td>". ($node->status ? t("published") : t("not published")) ."</td><td nowrap=\"nowrap\"><a href=\"node.php?id=$node->nid\">view node</a></td><td nowrap=\"nowrap\"><a href=\"admin.php?mod=node&op=edit&id=$node->nid\">edit node</a></td></tr>";
$output .= "</table>";
return $output;
function node_revision_create($node) {
global $user;
if ($node->nid && $node->revision) {
$no = node_load(array("nid" => $node->nid));
$node->revisions = $no->revisions;
$node->revisions[] = array("uid" => $user->uid, "timestamp" => time(), "node" => $no);
return $node;
function node_revision_rollback($nid, $revision) {
global $user;
** Load the original/current node:
$node = node_load(array("nid" => $nid));
** Extract the specified revision:
$rev = $node->revisions[$revision]["node"];
** Inherit all the past revisions:
$rev->revisions = $node->revisions;
** Save the original/current node:
$rev->revisions[] = array("uid" => $user->uid, "timestamp" => time(), "node" => $node);
** Remove the specified revision:
** Save the node:
foreach ($node as $key => $value) {
$filter[] = $key;
node_save($rev, $filter);
watchdog("message", "node: rolled-back '$node->title'");
function node_revision_delete($nid, $revision) {
$node = node_load(array("nid" => $nid));
node_save($node, array("nid", "revisions"));
function node_admin() {
global $op, $id, $revision, $edit;
if (user_access("administer nodes")) {
** Compile a list of the administrative links:
$links[] = "<a href=\"admin.php?mod=node&op=nodes\">nodes</a>";
$links[] = "<a href=\"admin.php?mod=node&op=search\">search content</a>";
$links[] = "<a href=\"admin.php?mod=node&op=settings\">settings</a>";
$links[] = "<a href=\"admin.php?mod=node&op=help\">help</a>";
print "<small>". implode(" &middot; ", $links) ."</small><hr />";
switch ($op) {
case "help":
print node_help();
case "search":
print search_type("node", "admin.php?mod=node&op=search");
case t("Save configuration"):
case t("Reset to defaults"):
case "settings":
print node_admin_settings($edit);
case "edit":
print node_admin_edit($id);
case "rollback revision":
print node_revision_rollback($id, $revision);
case "delete revision":
print node_revision_delete($id, $revision);
case t("Preview"):
print node_preview($edit);
case t("Submit"):
print node_submit($edit);
print node_admin_nodes();
case t("Delete"):
print node_delete($edit);
print node_admin_nodes();
else {
print message_access();
function node_block() {
global $theme;
$block[0][subject] = t("Syndicate");
$block[0][content] = "<div align=\"center\"><a href=\"module.php?mod=node&op=feed\"><img src=\"". $theme->image("xml.gif") ."\" width=\"36\" height=\"14\" border=\"0\" alt=\"XML\" /></a></div>\n";
$block[0][info] = "Syndicate";
return $block;
function node_feed() {
$result = db_query("SELECT nid, type FROM node WHERE promote = '1' AND status = '1' ORDER BY created DESC LIMIT 15");
while ($node = db_fetch_object($result)) {
$item = node_load(array("nid" => $node->nid, "type" => $node->type));
$link = path_uri() ."node.php?id=$item->nid";
$items .= format_rss_item($item->title, $link, $item->teaser);
$output .= "<?xml version=\"1.0\" encoding=\"ISO-8859-1\" ?>\n";
$output .= "<!DOCTYPE rss [<!ENTITY % HTMLlat1 PUBLIC \"-//W3C//ENTITIES Latin 1 for XHTML//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml-lat1.ent\">\n";
$output .= "<rss version=\"0.91\">\n";
$output .= format_rss_channel(variable_get("site_name", "drupal"), path_uri(), variable_get("site_slogan", ""), $items);
$output .= "</rss>\n";
header("Content-Type: text/xml");
print $output;
function node_validate($node, $error = array()) {
global $user;
** Convert the node to an object if necessary:
$node = node_object($node);
** Validate the title field:
if (isset($node->title) && $node->title == "") {
$error["title"] = "<div style=\"color: red;\">". t("You have to specify a valid title.") ."</div>";
if (user_access("administer nodes")) {
** Setup default values if required:
if (!$node->name) {
$node->name = $user->name;
if (!$node->created) {
$node->created = time();
if (!$node->date) {
$node->date = date("M j, Y g:i a", $node->created);
** Validate the "authored by"-field:
if ($account = user_load(array("name" => $node->name))) {
$node->uid = $account->uid;
else {
$error["name"] = "<div style=\"color: red;\">". sprintf(t("The name '%s' does not exist."), $node->name) ."</div>";
** Validate the "authored on"-field:
if (strtotime($node->date) > 1000) {
$node->created = strtotime($node->date);
else {
$error["date"] = "<div style=\"color: red;\">". t("You have to specifiy a valid date.") ."</div>";
** Validate the "teaser"-field:
if ($node->teaser && count(explode(" ", $node->teaser)) < variable_get("minimum_node_size", 0)) {
$error["teaser"] = "<div style=\"color: red;\">". t("Your teaser is too short.") ."</div>";
return $node;
function node_form($edit) {
** Validate the node:
$edit = node_validate($edit, &$error);
** Get the node specific bits:
$function = $edit->type ."_form";
if (function_exists($function)) {
$form .= $function(&$edit, &$help, &$error);
$output .= "<div style=\"margin-right: 40px; float: left;\">";
** Add the help text:
if ($help) {
$output .= "<p>$help</p>";
** Add the default fields:
$output .= form_textfield(t("Title"), "title", $edit->title, 60, 64, $error["title"]);
if ($edit->body && !$edit->teaser) {
$edit->teaser = node_teaser($edit->body);
if ($edit->teaser) {
$output .= form_textarea(t("Teaser"), "teaser", $edit->teaser, 60, 5, $error["teaser"]);
** Add the node specific fields:
$output .= $form;
** Add the hidden fields:
if ($edit->nid) {
$output .= form_hidden("nid", $edit->nid);
if ($edit->uid) {
$output .= form_hidden("uid", $edit->uid);
if ($edit->created) {
$output .= form_hidden("created", $edit->created);
$output .= form_hidden("type", $edit->type);
** Add the buttons:
$output .= form_submit(t("Preview"));
if ($edit->title && $edit->type && !$error) {
$output .= form_submit(t("Submit"));
if ($edit->nid && node_access("delete", $edit)) {
$output .= form_submit(t("Delete"));
$output .= "</div>";
** Add the admin specific parts:
if (user_access("administer nodes")) {
$output .= "<div style=\"float: right;\">";
$output .= form_textfield(t("Authored by"), "name", $edit->name, 20, 25, $error["name"]);
$output .= form_textfield(t("Authored on"), "date", $edit->date, 20, 25, $error["date"]);
$output .= "<br />";
$output .= form_select(t("Set public/published"), "status", $edit->status, array("Disabled", "Enabled"));
$output .= form_select(t("Allow users comments"), "comment", $edit->comment, array("Disabled", "Enabled"));
$output .= form_select(t("Promote to front page"), "promote", $edit->promote, array("Disabled", "Enabled"));
$output .= form_select(t("Create new revision"), "revision", $edit->revision, array("Disabled", "Enabled"));
$output .= "</div>";
return form($output);
function node_add($type) {
global $user;
if ($type) {
$output = node_form(array("uid" => $user->uid, "type" => $type));
else {
$links = array();
foreach (module_list() as $name) {
if (($info = module_invoke($name, "node", "name")) && node_access("create", array("type" => $name))) {
$links[] = "<a href=\"module.php?mod=node&op=add&type=$name\">". t($info) ."</a>";
$output .= sprintf(t("Submit a %s."), implode(", ", $links));
return $output;
function node_edit($id) {
global $user;
$node = node_load(array("nid" => $id));
if (node_access("update", $node)) {
$output = node_form($node);
else {
$output = message_access();
return $output;
function node_preview($edit) {
** Load the user's name when needed:
if ($edit["name"]) {
$user = user_load(array("name" => $edit["name"]));
$edit["uid"] = $user->uid;
else if ($edit["uid"]) {
$user = user_load(array("uid" => $edit["uid"]));
$edit["name"] = $user->name;
** Set the created time when needed:
if (empty($edit["nid"])) {
$edit["created"] = time();
** Display a preview of the node:
return node_form($edit);
function node_submit($node) {
global $user;
** Fixup the node when required:
$node = node_validate($node);
** Create a new revision when required:
if ($node->revision) {
$node = node_revision_create($node);
if ($node->nid) {
** Check whether the current user has the proper access rights to
** perform this operation:
if (node_access("update", $node)) {
** Compile a list of the node fields and their default values that users
** and administrators are allowed to save when updating a node.
if (user_access("administer nodes")) {
$fields = array("nid", "uid", "body", "comment", "created", "promote", "moderate", "revisions", "status", "teaser", "title", "type" => $node->type);
else {
$fields = array("nid", "uid" => $user->uid, "body", "teaser", "title", "type" => $node->type);
node_save($node, array_merge($fields, module_invoke($node->type, "save", $node)));
$output = t("The node has been updated.");
else {
watchdog("warning", "node: not authorized to update node");
$output = t("You are not authorized to update this node.");
else {
** Check whether the current user has the proper access rights to
** perform this operation:
if (node_access("create", $node)) {
** Compile a list of the node fields and their default values that users
** and administrators are allowed to save when inserting a new node.
if (user_access("administer nodes")) {
$fields = array("uid", "body", "comment" => 1, "promote", "moderate", "status" => 1, "teaser", "title", "type" => $node->type);
else {
$fields = array("uid" => $user->uid, "body", "comment" => 1, "teaser", "title", "type" => $node->type);
node_save($node, array_merge($fields, module_invoke($node->type, "save", $node)));
$output = t("Thanks for your submission.");
else {
watchdog("warning", "node: not authorized to create node");
$output = t("You are not authorized to create this node.");
return $output;
function node_delete($edit) {
$node = node_load(array("nid" => $edit["nid"]));
if (node_access("delete", $node)) {
if ($edit["confirm"]) {
** Delete the specified node and its comments:
db_query("DELETE FROM node WHERE nid = '$node->nid'");
db_query("DELETE FROM comments WHERE lid = '$node->nid'");
** Call the node specific callback (if any):
module_invoke($node->type, "delete", &$node);
watchdog("special", "node: deleted '$node->title'");
$output = t("The node has been deleted.");
else {
$output .= form_item(t("Confirm deletion"), check_output($node->title));
$output .= form_hidden("nid", $node->nid);
$output .= form_hidden("confirm", 1);
$output .= form_submit(t("Delete"));
$output = form($output, "post", "admin.php?mod=node");
else {
watchdog("warning", "node: not authorized to remove node");
$output = t("You are not authorized to remove this node.");
return $output;
function node_page() {
global $op, $id, $user, $edit, $type, $theme, $meta, $date;
if ($op == "feed") {
switch ($op) {
case "add":
$theme->box(t("Node"), node_add($type));
case "edit":
$theme->box(t("Node"), node_edit($id));
case t("Preview"):
$theme->box(t("Node"), node_preview($edit));
case t("Submit"):
$theme->box(t("Node"), node_submit($edit));
case t("Delete"):
print node_delete($edit);
$result = db_query("SELECT nid, type FROM node WHERE ". ($meta ? "attributes LIKE '%". check_input($meta) ."%' AND " : "") ." promote = '1' AND status = '1' AND created <= '". ($date > 0 ? check_input($date) : time()) ."' ORDER BY created DESC LIMIT ". ($user->nodes ? $user->nodes : variable_get("default_nodes_main", 10)));
while ($node = db_fetch_object($result)) {
node_view(node_load(array("nid" => $node->nid, "type" => $node->type)), 1);