function section_save()
{
    global $txpcfg;
    $in = psa(array('name', 'title', 'page', 'css', 'is_default', 'on_frontpage', 'in_rss', 'searchable', 'old_name'));
    extract(doSlash($in));
    if (empty($title)) {
        $title = $name;
    }
    //Prevent non url chars on section names
    include_once $txpcfg['txpath'] . '/lib/classTextile.php';
    $textile = new Textile();
    $title = $textile->TextileThis($title, 1);
    $name = dumbDown($textile->TextileThis($name, 1));
    $name = preg_replace("/[^[:alnum:]\\-_]/", "", str_replace(" ", "-", $name));
    if ($name == 'default') {
        safe_update("txp_section", "page='{$page}',css='{$css}'", "name='default'");
    } else {
        if ($is_default) {
            // note this means 'selected by default' not 'default page'
            safe_update("txp_section", "is_default=0", "name!='{$old_name}'");
        }
        safe_update("txp_section", "name         = '{$name}',\n\t\t\t\ttitle        = '{$title}',\n\t\t\t\tpage         = '{$page}',\n\t\t\t\tcss          = '{$css}',\n\t\t\t\tis_default   = '{$is_default}',\n\t\t\t\ton_frontpage = '{$on_frontpage}',\n\t\t\t\tin_rss       = '{$in_rss}',\n\t\t\t\tsearchable   = '{$searchable}'", "name = '{$old_name}'");
        safe_update("textpattern", "Section='{$name}'", "Section='{$old_name}'");
    }
    sec_section_list(messenger('section', $name, 'updated'));
}

function start_import()
{
    global $event, $vars;
    extract(psa($vars));
    $insert_into_section = $Section;
    $insert_with_status = $type;
    $default_comment_invite = $comments_invite;
    include_once txpath . '/include/import/import_' . $import_tool . '.php';
    $ini_time = ini_get('max_execution_time');
    @ini_set('max_execution_time', 300 + intval($ini_time));
    switch ($import_tool) {
        case 'mtdb':
            $out = doImportMTDB($importdblogin, $importdb, $importdbpass, $importdbhost, $blog_id, $insert_into_section, $insert_with_status, $default_comment_invite);
            rebuild_tree('root', 1, 'article');
            break;
        case 'mt':
            $file = check_import_file();
            if (!empty($file)) {
                $out = doImportMT($file, $insert_into_section, $insert_with_status, $comments_invite);
                //Rebuilding category tree
                rebuild_tree('root', 1, 'article');
            } else {
                $out = 'Import file not found';
            }
            break;
        case 'b2':
            $out = doImportB2($importdblogin, $importdb, $importdbpass, $importdbhost, $insert_into_section, $insert_with_status, $default_comment_invite);
            break;
        case 'wp':
            $out = doImportWP($importdblogin, $importdb, $importdbpass, $importdbhost, $wpdbprefix, $insert_into_section, $insert_with_status, $default_comment_invite);
            rebuild_tree('root', 1, 'article');
            break;
        case 'blogger':
            $file = check_import_file();
            if (!empty($file)) {
                $out = doImportBLOGGER($file, $insert_into_section, $insert_with_status, $comments_invite);
            } else {
                $out = gTxt('import_file_not_found');
            }
            break;
    }
    $out = tag('max_execution_time = ' . ini_get('max_execution_time'), 'p', ' style="color:red;"') . $out;
    pagetop(gTxt('txp_import'));
    $content = '<div id="' . $event . '_container" class="txp-container txp-list">';
    $content .= startTable('list');
    $content .= tr(tdcs(hed(gTxt('txp_import'), 3), 2));
    $content .= tr(td($out));
    $content .= endTable();
    $content .= '</div>';
    echo $content;
    $rs = safe_rows_start('parentid, count(*) as thecount', 'txp_discuss', 'visible=1 group by parentid');
    if (mysql_num_rows($rs) > 0) {
        while ($a = nextRow($rs)) {
            safe_update('textpattern', "comments_count=" . $a['thecount'], "ID=" . $a['parentid']);
        }
    }
}

 /**
  * Saves pane visibility.
  */
 public function visible()
 {
     extract(psa(array('pane', 'visible', 'origin')));
     send_xml_response();
     if ($this->valid_token($pane) && preg_match('/^[a-z0-9_-]+$/i', $pane)) {
         set_pref("pane_{$pane}_visible", (int) ($visible === 'true'), $origin, PREF_HIDDEN, 'yesnoradio', 0, PREF_PRIVATE);
         return;
     }
     trigger_error('invalid_pane', E_USER_WARNING);
 }

function section_save()
{
    $in = psa(array('name', 'page', 'css', 'is_default', 'on_frontpage', 'in_rss', 'searchable', 'old_name'));
    extract(doSlash($in));
    if ($is_default) {
        safe_update("txp_section", "is_default=0", "name!='{$old_name}'");
    }
    safe_update("txp_section", "name         = '{$name}',\n\t\t\tpage         = '{$page}',\n\t\t\tcss          = '{$css}',\n\t\t\tis_default   = '{$is_default}',\n\t\t\ton_frontpage = '{$on_frontpage}',\n\t\t\tin_rss       = '{$in_rss}',\n\t\t\tsearchable   = '{$searchable}'", "name = '{$old_name}'");
    safe_update("textpattern", "Section='{$name}'", "Section='{$old_name}'");
    section_list(messenger('section', $name, 'updated'));
}

function start_import()
{
    global $vars;
    extract(psa($vars));
    $insert_into_section = $Section;
    $insert_with_status = $type;
    $default_comment_invite = $comments_invite;
    include_once txpath . '/include/import/import_' . $import_tool . '.php';
    $ini_time = ini_get('max_execution_time');
    @ini_set('max_execution_time', 300 + intval($ini_time));
    switch ($import_tool) {
        case 'mtdb':
            $out = doImportMTDB($importdblogin, $importdb, $importdbpass, $importdbhost, $blog_id, $insert_into_section, $insert_with_status, $default_comment_invite);
            rebuild_tree('root', 1, 'article');
            break;
        case 'mt':
            $file = check_import_file();
            if (!empty($file)) {
                $out = doImportMT($file, $insert_into_section, $insert_with_status, $comments_invite);
                //Rebuilding category tree
                rebuild_tree('root', 1, 'article');
            } else {
                $out = 'Import file not found';
            }
            break;
        case 'b2':
            $out = doImportB2($importdblogin, $importdb, $importdbpass, $importdbhost, $insert_into_section, $insert_with_status, $default_comment_invite);
            break;
        case 'wp':
            $out = doImportWP($importdblogin, $importdb, $importdbpass, $importdbhost, $wpdbprefix, $insert_into_section, $insert_with_status, $default_comment_invite);
            rebuild_tree('root', 1, 'article');
            break;
        case 'blogger':
            $file = check_import_file();
            if (!empty($file)) {
                $out = doImportBLOGGER($file, $insert_into_section, $insert_with_status, $comments_invite);
            } else {
                $out = gTxt('import_file_not_found');
            }
            break;
    }
    $out = tag('max_execution_time = ' . ini_get('max_execution_time'), 'p', ' style="color:red;"') . $out;
    pagetop(gTxt('txp_import'));
    $content = startTable('list');
    $content .= tr(tdcs(hed(gTxt('txp_import'), 3), 2));
    $content .= tr(td($out));
    $content .= endTable();
    echo $content;
}

function author_save_new()
{
    extract(doSlash(psa(array('privs', 'name', 'email', 'RealName'))));
    $pw = generate_password(6);
    $nonce = md5(uniqid(rand(), true));
    if ($name) {
        $rs = safe_insert("txp_users", "privs    = '{$privs}',\n\t\t\t\t name     = '{$name}',\n\t\t\t\t email    = '{$email}',\n\t\t\t\t RealName = '{$RealName}',\n\t\t\t\t pass     =  password(lower('{$pw}')),\n\t\t\t\t nonce    = '{$nonce}'");
    }
    if ($rs) {
        send_password($pw, $email);
        admin(gTxt('password_sent_to') . sp . $email);
    } else {
        admin(gTxt('error_adding_new_author'));
    }
}

function author_save_new()
{
    require_privs('admin.edit');
    extract(doSlash(psa(array('privs', 'name', 'email', 'RealName'))));
    $privs = assert_int($privs);
    $length = function_exists('mb_strlen') ? mb_strlen($name, '8bit') : strlen($name);
    if ($name and $length <= 64 and is_valid_email($email)) {
        $exists = safe_field('name', 'txp_users', "name = '" . $name . "'");
        if ($exists) {
            author_list(array(gTxt('author_already_exists', array('{name}' => $name)), E_ERROR));
            return;
        }
        $password = generate_password(PASSWORD_LENGTH);
        $hash = doSlash(txp_hash_password($password));
        $nonce = doSlash(md5(uniqid(mt_rand(), TRUE)));
        $rs = safe_insert('txp_users', "\n\t\t\t\tprivs    = {$privs},\n\t\t\t\tname     = '{$name}',\n\t\t\t\temail    = '{$email}',\n\t\t\t\tRealName = '{$RealName}',\n\t\t\t\tnonce    = '{$nonce}',\n\t\t\t\tpass     = '{$hash}'\n\t\t\t");
        if ($rs) {
            send_password($RealName, $name, $email, $password);
            author_list(gTxt('password_sent_to') . sp . $email);
            return;
        }
    }
    author_list(array(gTxt('error_adding_new_author'), E_ERROR));
}

function comments_preview($atts)
{
    global $has_comments_preview;
    if (!ps('preview')) {
        return;
    }
    extract(lAtts(array('form' => 'comments', 'wraptag' => '', 'class' => __FUNCTION__), $atts));
    assert_article();
    $preview = psa(array('name', 'email', 'web', 'message', 'parentid', 'remember'));
    $preview['time'] = time();
    $preview['discussid'] = 0;
    $preview['name'] = strip_tags($preview['name']);
    $preview['email'] = clean_url($preview['email']);
    if ($preview['message'] == '') {
        $in = getComment();
        $preview['message'] = $in['message'];
    }
    $preview['message'] = markup_comment(substr(trim($preview['message']), 0, 65535));
    // it is called 'message', not 'novel'
    $preview['web'] = clean_url($preview['web']);
    $GLOBALS['thiscomment'] = $preview;
    $comments = parse_form($form) . n;
    unset($GLOBALS['thiscomment']);
    $out = doTag($comments, $wraptag, $class);
    # set a flag, to tell the comments_form tag that it doesn't have to show a preview
    $has_comments_preview = true;
    return $out;
}

function section_save()
{
    global $app_mode;
    $in = array_map('assert_string', psa(array('name', 'title', 'old_name', 'section_page', 'css')));
    if (empty($in['title'])) {
        $in['title'] = $in['name'];
    }
    // Prevent non url chars on section names
    include_once txpath . '/lib/classTextile.php';
    $textile = new Textile();
    $in['title'] = $textile->TextileThis($in['title'], 1);
    $in['name'] = strtolower(sanitizeForUrl($in['name']));
    extract($in);
    $in = doSlash($in);
    extract($in, EXTR_PREFIX_ALL, 'safe');
    if ($name != strtolower($old_name)) {
        if (safe_field('name', 'txp_section', "name='{$safe_name}'")) {
            // Invalid input. Halt all further processing (e.g. plugin event handlers).
            $message = array(gTxt('section_name_already_exists', array('{name}' => $name)), E_ERROR);
            //				modal_halt($message);
            sec_section_list($message);
            return;
        }
    }
    $ok = false;
    if ($name == 'default') {
        $ok = safe_update('txp_section', "page = '{$safe_section_page}', css = '{$safe_css}'", "name = 'default'");
    } else {
        if ($name) {
            extract(array_map('assert_int', psa(array('on_frontpage', 'in_rss', 'searchable'))));
            if ($safe_old_name) {
                $ok = safe_update('txp_section', "\n\t\t\t\t\tname         = '{$safe_name}',\n\t\t\t\t\ttitle        = '{$safe_title}',\n\t\t\t\t\tpage         = '{$safe_section_page}',\n\t\t\t\t\tcss          = '{$safe_css}',\n\t\t\t\t\ton_frontpage = {$on_frontpage},\n\t\t\t\t\tin_rss       = {$in_rss},\n\t\t\t\t\tsearchable   = {$searchable}\n\t\t\t\t\t", "name = '{$safe_old_name}'");
                // Manually maintain referential integrity
                if ($ok) {
                    $ok = safe_update('textpattern', "Section = '{$safe_name}'", "Section = '{$safe_old_name}'");
                }
            } else {
                $ok = safe_insert('txp_section', "\n\t\t\t\t\tname         = '{$safe_name}',\n\t\t\t\t\ttitle        = '{$safe_title}',\n\t\t\t\t\tpage         = '{$safe_section_page}',\n\t\t\t\t\tcss          = '{$safe_css}',\n\t\t\t\t\ton_frontpage = {$on_frontpage},\n\t\t\t\t\tin_rss       = {$in_rss},\n\t\t\t\t\tsearchable   = {$searchable}");
            }
        }
    }
    if ($ok) {
        update_lastmod();
    }
    if ($ok) {
        sec_section_list(gTxt($safe_old_name ? 'section_updated' : 'section_created', array('{name}' => $name)));
    } else {
        sec_section_list(array(gTxt('section_save_failed'), E_ERROR));
    }
}

/**
 * Saves or clones a page template.
 */
function page_save()
{
    extract(doSlash(array_map('assert_string', psa(array('savenew', 'html', 'copy')))));
    $name = sanitizeForPage(assert_string(ps('name')));
    $newname = sanitizeForPage(assert_string(ps('newname')));
    $save_error = false;
    $message = '';
    if (!$newname) {
        $message = array(gTxt('page_name_invalid'), E_ERROR);
        $save_error = true;
    } else {
        if ($copy && $name === $newname) {
            $newname .= '_copy';
            $_POST['newname'] = $newname;
        }
        $exists = safe_field("name", 'txp_page', "name = '" . doSlash($newname) . "'");
        if ($newname !== $name && $exists !== false) {
            $message = array(gTxt('page_already_exists', array('{name}' => $newname)), E_ERROR);
            if ($savenew) {
                $_POST['newname'] = '';
            }
            $save_error = true;
        } else {
            if ($savenew or $copy) {
                if ($newname) {
                    if (safe_insert('txp_page', "name = '" . doSlash($newname) . "', user_html = '{$html}'")) {
                        update_lastmod('page_created', compact('newname', 'name', 'html'));
                        $message = gTxt('page_created', array('{name}' => $newname));
                    } else {
                        $message = array(gTxt('page_save_failed'), E_ERROR);
                        $save_error = true;
                    }
                } else {
                    $message = array(gTxt('page_name_invalid'), E_ERROR);
                    $save_error = true;
                }
            } else {
                if (safe_update('txp_page', "user_html = '{$html}', name = '" . doSlash($newname) . "'", "name = '" . doSlash($name) . "'")) {
                    safe_update('txp_section', "page = '" . doSlash($newname) . "'", "page = '" . doSlash($name) . "'");
                    update_lastmod('page_saved', compact('newname', 'name', 'html'));
                    $message = gTxt('page_updated', array('{name}' => $name));
                } else {
                    $message = array(gTxt('page_save_failed'), E_ERROR);
                    $save_error = true;
                }
            }
        }
    }
    if ($save_error === true) {
        $_POST['save_error'] = '1';
    } else {
        callback_event('page_saved', '', 0, $name, $newname);
    }
    page_edit($message);
}

function getComment()
{
    // comment spam filter plugins: call this function to fetch comment contents
    $c = psa(array('parentid', 'name', 'email', 'web', 'message', 'backpage', 'remember'));
    $n = array();
    foreach (stripPost() as $k => $v) {
        if (preg_match('#^[A-Fa-f0-9]{32}$#', $k . $v)) {
            $n[] = doSlash($k . $v);
        }
    }
    $c['nonce'] = '';
    $c['secret'] = '';
    if (!empty($n)) {
        $rs = safe_row('nonce, secret', 'txp_discuss_nonce', "nonce in ('" . join("','", $n) . "')");
        $c['nonce'] = $rs['nonce'];
        $c['secret'] = $rs['secret'];
    }
    $c['message'] = ps(md5('message' . $c['secret']));
    return $c;
}

/**
 * Saves a category from HTTP POST data.
 *
 * @param string $event Type of category
 * @param string $table Affected database table
 */
function cat_event_category_save($event, $table_name)
{
    extract(doSlash(array_map('assert_string', psa(array('id', 'name', 'description', 'old_name', 'parent', 'title')))));
    $id = assert_int($id);
    $rawname = $name;
    $name = sanitizeForUrl($rawname);
    // Make sure the name is valid.
    if (!$name) {
        $message = array(gTxt($event . '_category_invalid', array('{name}' => $rawname)), E_ERROR);
        return cat_event_category_edit($event, $message);
    }
    // Don't allow rename to clobber an existing category.
    $existing_id = safe_field("id", 'txp_category', "name = '{$name}' AND type = '{$event}'");
    if ($existing_id and $existing_id != $id) {
        $message = array(gTxt($event . '_category_already_exists', array('{name}' => $name)), E_ERROR);
        return cat_event_category_edit($event, $message);
    }
    // TODO: validate parent?
    $parent = $parent ? $parent : 'root';
    $message = array(gTxt('category_save_failed'), E_ERROR);
    if (safe_update('txp_category', "name = '{$name}', parent = '{$parent}', title = '{$title}', description = '{$description}'", "id = {$id}") && safe_update('txp_category', "parent = '{$name}'", "parent = '{$old_name}' AND type = '{$event}'")) {
        rebuild_tree_full($event);
        if ($event == 'article') {
            if (safe_update('textpattern', "Category1 = '{$name}'", "Category1 = '{$old_name}'") && safe_update('textpattern', "Category2 = '{$name}'", "Category2 = '{$old_name}'")) {
                $message = gTxt($event . '_category_updated', array('{name}' => doStrip($name)));
            }
        } else {
            if (safe_update($table_name, "category = '{$name}'", "category = '{$old_name}'")) {
                $message = gTxt($event . '_category_updated', array('{name}' => doStrip($name)));
            }
        }
    }
    cat_category_list($message);
}

/**
 * Processes multi-edit actions.
 */
function list_multi_edit()
{
    global $txp_user, $statuses, $all_cats, $all_authors, $all_sections;
    extract(psa(array('selected', 'edit_method')));
    if (!$selected || !is_array($selected)) {
        return list_list();
    }
    $selected = array_map('assert_int', $selected);
    // Empty entry to permit clearing the categories.
    $categories = array('');
    foreach ($all_cats as $row) {
        $categories[] = $row['name'];
    }
    $allowed = array();
    $field = $value = '';
    switch ($edit_method) {
        // Delete.
        case 'delete':
            if (!has_privs('article.delete')) {
                if (has_privs('article.delete.own')) {
                    $allowed = safe_column_num("ID", 'textpattern', "ID IN (" . join(',', $selected) . ") AND AuthorID = '" . doSlash($txp_user) . "'");
                }
                $selected = $allowed;
            }
            if ($selected && safe_delete('textpattern', "ID IN (" . join(',', $selected) . ")")) {
                safe_update('txp_discuss', "visible = " . MODERATE, "parentid IN (" . join(',', $selected) . ")");
                callback_event('articles_deleted', '', 0, $selected);
                callback_event('multi_edited.articles', 'delete', 0, compact('selected', 'field', 'value'));
                update_lastmod('articles_deleted', $selected);
                now('posted', true);
                now('expires', true);
                return list_list(messenger('article', join(', ', $selected), 'deleted'));
            }
            return list_list();
            break;
            // Change author.
        // Change author.
        case 'changeauthor':
            $value = ps('AuthorID');
            if (has_privs('article.edit') && in_array($value, $all_authors, true)) {
                $field = 'AuthorID';
            }
            break;
            // Change category1.
        // Change category1.
        case 'changecategory1':
            $value = ps('Category1');
            if (in_array($value, $categories, true)) {
                $field = 'Category1';
            }
            break;
            // Change category2.
        // Change category2.
        case 'changecategory2':
            $value = ps('Category2');
            if (in_array($value, $categories, true)) {
                $field = 'Category2';
            }
            break;
            // Change comment status.
        // Change comment status.
        case 'changecomments':
            $field = 'Annotate';
            $value = (int) ps('Annotate');
            break;
            // Change section.
        // Change section.
        case 'changesection':
            $value = ps('Section');
            if (in_array($value, $all_sections, true)) {
                $field = 'Section';
            }
            break;
            // Change status.
        // Change status.
        case 'changestatus':
            $value = (int) ps('Status');
            if (array_key_exists($value, $statuses)) {
                $field = 'Status';
            }
            if (!has_privs('article.publish') && $value >= STATUS_LIVE) {
                $value = STATUS_PENDING;
            }
            break;
    }
    $selected = safe_rows("ID, AuthorID, Status", 'textpattern', "ID IN (" . join(',', $selected) . ")");
    foreach ($selected as $item) {
        if ($item['Status'] >= STATUS_LIVE && has_privs('article.edit.published') || $item['Status'] >= STATUS_LIVE && $item['AuthorID'] === $txp_user && has_privs('article.edit.own.published') || $item['Status'] < STATUS_LIVE && has_privs('article.edit') || $item['Status'] < STATUS_LIVE && $item['AuthorID'] === $txp_user && has_privs('article.edit.own')) {
            $allowed[] = $item['ID'];
        }
    }
    $selected = $allowed;
    if ($selected) {
        $message = messenger('article', join(', ', $selected), 'modified');
        if ($edit_method === 'duplicate') {
            $rs = safe_rows_start("*", 'textpattern', "ID IN (" . join(',', $selected) . ")");
            if ($rs) {
//.........这里部分代码省略.........

/**
 * Saves the active language.
 */
function save_language()
{
    global $textarray, $locale;
    extract(psa(array('language')));
    if (safe_field("lang", 'txp_lang', "lang = '" . doSlash($language) . "' LIMIT 1")) {
        $locale = $prefs['locale'] = Txp::get('\\Textpattern\\L10n\\Locale')->getLanguageLocale($language);
        Txp::get('\\Textpattern\\L10n\\Locale')->setLocale(LC_ALL, $language);
        set_pref('locale', $locale);
        set_pref('language', $language);
        $textarray = load_lang($language);
        list_languages(gTxt('preferences_saved'));
        return;
    }
    list_languages(array(gTxt('language_not_installed', array('{name}' => $language)), E_ERROR));
}

function createTxp()
{
    $GLOBALS['textarray'] = setup_load_lang(ps('lang'));
    if (ps('name') == '') {
        echo n . '<div id="setup_container" class="txp-container">' . txp_setup_progress_meter(3) . n . '<div class="txp-setup">' . n . graf('<span class="error">' . setup_gTxt('name_required') . '</span>') . n . setup_back_button() . n . '</div>' . n . '</div>';
        exit;
    }
    if (!ps('pass')) {
        echo n . '<div id="setup_container" class="txp-container">' . txp_setup_progress_meter(3) . n . '<div class="txp-setup">' . n . graf('<span class="error">' . setup_gTxt('pass_required') . '</span>') . n . setup_back_button() . n . '</div>' . n . '</div>';
        exit;
    }
    if (!is_valid_email(ps('email'))) {
        echo n . '<div id="setup_container" class="txp-container">' . txp_setup_progress_meter(3) . n . '<div class="txp-setup">' . n . graf('<span class="error">' . setup_gTxt('email_required') . '</span>') . n . setup_back_button() . n . '</div>' . n . '</div>';
        exit;
    }
    global $txpcfg;
    if (!isset($txpcfg['db'])) {
        require txpath . '/config.php';
    }
    $ddb = $txpcfg['db'];
    $duser = $txpcfg['user'];
    $dpass = $txpcfg['pass'];
    $dhost = $txpcfg['host'];
    $dclient_flags = isset($txpcfg['client_flags']) ? $txpcfg['client_flags'] : 0;
    $dprefix = $txpcfg['table_prefix'];
    $dbcharset = $txpcfg['dbcharset'];
    $siteurl = str_replace("http://", '', ps('siteurl'));
    $siteurl = rtrim($siteurl, "/");
    $urlpath = preg_replace('#^[^/]+#', '', $siteurl);
    define("PFX", trim($dprefix));
    define('TXP_INSTALL', 1);
    include_once txpath . '/lib/txplib_update.php';
    include txpath . '/setup/txpsql.php';
    // This has to come after txpsql.php, because otherwise we can't call mysql_real_escape_string
    extract(doSlash(psa(array('name', 'pass', 'RealName', 'email', 'theme'))));
    $nonce = md5(uniqid(rand(), true));
    $hash = doSlash(txp_hash_password($pass));
    mysql_query("INSERT INTO `" . PFX . "txp_users` VALUES\n\t\t\t(1,'{$name}','{$hash}','{$RealName}','{$email}',1,now(),'{$nonce}')");
    mysql_query("update `" . PFX . "txp_prefs` set val = '" . doSlash($siteurl) . "' where `name`='siteurl'");
    mysql_query("update `" . PFX . "txp_prefs` set val = '" . LANG . "' where `name`='language'");
    mysql_query("update `" . PFX . "txp_prefs` set val = '" . getlocale(LANG) . "' where `name`='locale'");
    mysql_query("update `" . PFX . "textpattern` set Body = replace(Body, 'siteurl', '" . doSlash($urlpath) . "'), Body_html = replace(Body_html, 'siteurl', '" . doSlash($urlpath) . "') WHERE ID = 1");
    // cf. update/_to_4.2.0.php.
    // TODO: Position might need altering when prefs panel layout is altered
    $theme = $theme ? $theme : 'classic';
    mysql_query("insert `" . PFX . "txp_prefs` set prefs_id = 1, name = 'theme_name', val = '" . doSlash($theme) . "', type = '1', event = 'admin', html = 'themename', position = '160'");
    echo fbCreate();
}

/**
 * Creates a new user.
 */
function author_save_new()
{
    require_privs('admin.edit');
    extract(psa(array('privs', 'name', 'email', 'RealName')));
    $privs = assert_int($privs);
    if (is_valid_username($name) && is_valid_email($email)) {
        if (user_exists($name)) {
            author_list(array(gTxt('author_already_exists', array('{name}' => $name)), E_ERROR));
            return;
        }
        $password = generate_password(PASSWORD_LENGTH);
        $rs = create_user($name, $email, $password, $RealName, $privs);
        if ($rs) {
            send_password($RealName, $name, $email, $password);
            author_list(gTxt('password_sent_to') . sp . $email);
            return;
        }
    }
    author_list(array(gTxt('error_adding_new_author'), E_ERROR));
}

function author_save_new()
{
    require_privs('admin.edit');
    extract(doSlash(psa(array('privs', 'name', 'email', 'RealName'))));
    $privs = assert_int($privs);
    if ($name && is_valid_email($email)) {
        $password = doSlash(generate_password(6));
        $nonce = doSlash(md5(uniqid(mt_rand(), TRUE)));
        $rs = safe_insert('txp_users', "\n\t\t\t\tprivs    = {$privs},\n\t\t\t\tname     = '{$name}',\n\t\t\t\temail    = '{$email}',\n\t\t\t\tRealName = '{$RealName}',\n\t\t\t\tnonce    = '{$nonce}',\n\t\t\t\tpass     = password(lower('{$password}'))\n\t\t\t");
        if ($rs) {
            send_password($RealName, $name, $email, $password);
            admin(gTxt('password_sent_to') . sp . $email);
            return;
        }
    }
    admin(gTxt('error_adding_new_author'));
}

function section_save()
{
    global $txpcfg;
    extract(doSlash(psa(array('page', 'css', 'old_name'))));
    extract(psa(array('name', 'title')));
    if (empty($title)) {
        $title = $name;
    }
    // Prevent non url chars on section names
    include_once txpath . '/lib/classTextile.php';
    $textile = new Textile();
    $title = doSlash($textile->TextileThis($title, 1));
    $name = doSlash(sanitizeForUrl($name));
    if ($old_name && strtolower($name) != strtolower($old_name)) {
        if (safe_field('name', 'txp_section', "name='{$name}'")) {
            $message = gTxt('section_name_already_exists', array('{name}' => $name));
            sec_section_list($message);
            return;
        }
    }
    if ($name == 'default') {
        safe_update('txp_section', "page = '{$page}', css = '{$css}'", "name = 'default'");
        update_lastmod();
    } else {
        extract(array_map('assert_int', psa(array('is_default', 'on_frontpage', 'in_rss', 'searchable'))));
        // note this means 'selected by default' not 'default page'
        if ($is_default) {
            safe_update("txp_section", "is_default = 0", "name != '{$old_name}'");
        }
        safe_update('txp_section', "\n\t\t\t\tname         = '{$name}',\n\t\t\t\ttitle        = '{$title}',\n\t\t\t\tpage         = '{$page}',\n\t\t\t\tcss          = '{$css}',\n\t\t\t\tis_default   = {$is_default},\n\t\t\t\ton_frontpage = {$on_frontpage},\n\t\t\t\tin_rss       = {$in_rss},\n\t\t\t\tsearchable   = {$searchable}\n\t\t\t", "name = '{$old_name}'");
        safe_update('textpattern', "Section = '{$name}'", "Section = '{$old_name}'");
        update_lastmod();
    }
    $message = gTxt('section_updated', array('{name}' => $name));
    sec_section_list($message);
}

/**
 * Saves a form template.
 */
function form_save()
{
    global $essential_forms, $form_types;
    extract(doSlash(array_map('assert_string', psa(array('savenew', 'Form', 'type', 'copy')))));
    $name = sanitizeForPage(assert_string(ps('name')));
    $newname = sanitizeForPage(assert_string(ps('newname')));
    $save_error = false;
    $message = '';
    if (in_array($name, $essential_forms)) {
        $newname = $name;
        $type = fetch('type', 'txp_form', 'name', $newname);
        $_POST['newname'] = $newname;
    }
    if (!$newname) {
        $message = array(gTxt('form_name_invalid'), E_ERROR);
        $save_error = true;
    } else {
        if (!isset($form_types[$type])) {
            $message = array(gTxt('form_type_missing'), E_ERROR);
            $save_error = true;
        } else {
            if ($copy && $name === $newname) {
                $newname .= '_copy';
                $_POST['newname'] = $newname;
            }
            $exists = safe_field('name', 'txp_form', "name = '" . doSlash($newname) . "'");
            if ($newname !== $name && $exists !== false) {
                $message = array(gTxt('form_already_exists', array('{name}' => $newname)), E_ERROR);
                if ($savenew) {
                    $_POST['newname'] = '';
                }
                $save_error = true;
            } else {
                if ($savenew or $copy) {
                    if ($newname) {
                        if (safe_insert('txp_form', "Form = '{$Form}',\n                                type = '{$type}',\n                                name = '" . doSlash($newname) . "'")) {
                            update_lastmod();
                            $message = gTxt('form_created', array('{name}' => $newname));
                        } else {
                            $message = array(gTxt('form_save_failed'), E_ERROR);
                            $save_error = true;
                        }
                    } else {
                        $message = array(gTxt('form_name_invalid'), E_ERROR);
                        $save_error = true;
                    }
                } else {
                    if (safe_update('txp_form', "Form = '{$Form}',\n                            type = '{$type}',\n                            name = '" . doSlash($newname) . "'", "name = '" . doSlash($name) . "'")) {
                        update_lastmod();
                        $message = gTxt('form_updated', array('{name}' => $name));
                    } else {
                        $message = array(gTxt('form_save_failed'), E_ERROR);
                        $save_error = true;
                    }
                }
            }
        }
    }
    if ($save_error === true) {
        $_POST['save_error'] = '1';
    } else {
        callback_event('form_saved', '', 0, $name, $newname);
    }
    form_edit($message);
}

/**
 * Creates a new user.
 */
function author_save_new()
{
    require_privs('admin.edit');
    extract(psa(array('privs', 'name', 'email', 'RealName')));
    $privs = assert_int($privs);
    if (is_valid_username($name) && is_valid_email($email)) {
        if (user_exists($name)) {
            author_edit(array(gTxt('author_already_exists', array('{name}' => $name)), E_ERROR));
            return;
        }
        $password = Txp::get('\\Textpattern\\Password\\Random')->generate(PASSWORD_LENGTH);
        $rs = create_user($name, $email, $password, $RealName, $privs);
        if ($rs) {
            $message = send_account_activation($name);
            author_list($message);
            return;
        }
    }
    author_edit(array(gTxt('error_adding_new_author'), E_ERROR));
}