LD SoftwareBespoke Software, Web Design, Security Consultants and Host Services.

Menu

Sentinel
You have been warned!
We have caught 5844 shameful hackers.

NukeSentinel(tm)

Paypal Referral
Sign up for PayPal and start accepting credit card payments instantly.

Link Exchange
Join our free link exchange

Click Here
 
How to bypass article approval

18.8.1. How to bypass article approval

The standard workflow for a news article is that the user writes it, submits it for approval by the administrator, the administrator reads it, approves and publishes it on the site. This has some advantages:

  • Everybody can post, even anonymous users.

  • Since the posts are checked, there is no risk of getting flooded with garbage posts.

But it also has some disadvantages too:

  • Users have to wait to see their post published. This may not be what they expect, if actuality of content is highly important for the topics of your site.

  • The administrators have to spend time on approving news articles. Waiting content (Figure 18-11) can be quite an administrative headache, if the site receives many user submissions a day (see, for example phpnuke.org, where there are dozens of submissions awaiting approval at any given time).

Figure 18-11. Waiting Content block.

Waiting Content block.



Fortunately, to bypass article approval, the solution is relatively simple (see Automatic Article Posting):

  • For versions before PHP-Nuke 6.5:

    In the modules/Submit_News, in the function submitStory(), find this

    $result = sql_query("insert into ".$prefix."_queue 
    values (NULL, '$uid', '$name', '$subject', '$story', 
    '$storyext', now(), '$topic', '$catid', '$alanguage')", $dbi);
    

    Change it to this:

    $result = sql_query("insert into ".$prefix."_stories 
    values (NULL, '$catid', '$name', '$subject', now(), '$story', 
    '$storyext', '0', '0', '$topic', '$name', ", '0', '$alanguage', 
    '0','0', '0', '0', '0')", $dbi); 
    

    The story will get posted immediately, so you will want to make the Submit_News module only available to Users. Also, you will notice that it will now say "Posted By Some_user", and it will no longer show in italics.

  • For PHP-Nuke 6.5 and later, the solution is slightly different. Replace this:

    $sql = "INSERT INTO ".$prefix."_queue VALUES (NULL, '$uid', '$name', '$subject',
    '$story', '$storyext', now(), '$topic', '$alanguage')";
    

    with this:

    $sql = "insert into ".$prefix."_stories values (NULL, '$catid', '$name', '$subject',
    now(), '$story', '$storyext', '0', '0', '$topic', '$name', ", '0', '$alanguage', '0', '0', '0', '0','0', ")";
    

You will also want to change the language file "defines", or edit these lines in the function submitStory (this is what is displayed when the submission is sent.

echo "<center><font class=\"title\">"._SUBSENT."</font><br><br>"
."<font class=\"content\"><b>"._THANKSSUB."</b><br><br>"
.""._SUBTEXT.""
."<br>"._WEHAVESUB." $waiting "._WAITING."";

18.8.1.1. The formatAidHeader() function

If you want to make the "Posted By Some_user" also be a link to the User's profile, then you can edit the function formatAidHeader in your mainfile.php. The following refers to PHP-Nuke 6.5 and above.

The function is simple: it takes an argument, the author id $aid, searches the nuke_authors table for that author id and, if found, it prints a link to the web page of the author. Only if the web page link fiels of nuke_authors is empty for that author, it prints a link to the author's e-mail (which is always there):

function formatAidHeader($aid) {
    global $prefix, $db;
    $sql = "SELECT url, email FROM ".$prefix."_authors WHERE aid='$aid'";
    $result = $db->sql_query($sql);
    $row = $db->sql_fetchrow($result);
    $url = $row[url];
    $email = $row[email];
    if (isset($url)) {
        $aid = "<a href=\"$url\">$aid</a>";
    } elseif (isset($email)) {
        $aid = "<a href=\"mailto:$email\">$aid</a>";
    } else {
        $aid = $aid;
    }
    echo "$aid";
}

You could easily change this behaviour. For example, you could take out the check against the $url and leave only the e-mail part, if you wanted the "Posted By Some_user" to be an e-mail link, rather than a link to a web page (see Change Posted by... Name (Website) to Name (Email)):

function formatAidHeader($aid) {
    global $prefix, $db;
    $sql = "SELECT url, email FROM ".$prefix."_authors WHERE aid='$aid'";
    $result = $db->sql_query($sql);
    $row = $db->sql_fetchrow($result);
    $url = $row[url];
    $email = $row[email];
     if (isset($email)) {
        $aid = "<a href=\"mailto:$email\">$aid</a>";
    } else {
        $aid = $aid;
    }
    echo "$aid";
}

You could make it even more sophisticated, by making "Posted By Some_user" a link to the user's profile (see Section 18.6.2 for the related subject of user profile redirection). The formatAidHeader function should then be:

function formatAidHeader($aid) { 
    global $prefix, $db;
    $sql = "SELECT url, email FROM ".$prefix."_authors WHERE aid='$aid'";
    $result = $db->sql_query($sql);
    if($row = $db->sql_fetchrow($result)) {
        $url = $row[url]; 
        $email = $row[email]; 
        if (isset($url)) { 
            $aid = "<a href=\"$url\">$aid</a>";
        } elseif (isset($email)) {  
            $aid = "<a href=\"mailto:$email\">$aid</a>"; 
        } else {
            $aid = $aid;
        } 
   }else {
        $sql = "SELECT user_id FROM ".$prefix."_users WHERE username='$aid'"; 
        $result = $db->sql_query($sql); 
        $row = $db->sql_fetchrow($result);
        $user_id = $row[user_id];
        $aid = "<a
        href=\"modules.php?name=Forums&file=profile
&mode=viewprofile&u=$user_id\">$aid</a>";
    }
    echo "$aid"; 
}

Help us make a better PHP-Nuke HOWTO!

Want to contribute to this HOWTO? Have a suggestion or a solution to a problem that was not treated here? Post your comments on my PHP-Nuke Forum!

Chris Karakas, Maintainer PHP-Nuke HOWTO

 
You can syndicate our News with backend.php And our Forums with rss.php
You can also access our feeds via Feedburner Site News and LD Software Forums
© 2009 ld-software.co.uk All Rights Reserved.
PHP-Nuke Copyright © 2005 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.21 Seconds