public function save_content_field($data, $delete_the_cache = true) { $adm = $this->app->user_manager->is_admin(); $table = $this->tables['content_fields']; $table_drafts = $this->tables['content_fields_drafts']; if ($adm == false) { return false; } if (!is_array($data)) { $data = array(); } if (isset($data['is_draft'])) { $table = $table_drafts; } $data = $this->app->format->strip_unsafe($data); if (isset($data['is_draft']) and isset($data['url'])) { $draft_url = $this->app->database_manager->escape_string($data['url']); $last_saved_date = date("Y-m-d H:i:s", strtotime("-1 week")); $history_files_params = array(); $history_files_params['order_by'] = 'id desc'; $history_files_params['fields'] = 'id'; $history_files_params['field'] = $data['field']; $history_files_params['rel_type'] = $data['rel_type']; $history_files_params['rel_id'] = $data['rel_id']; $history_files_params['is_draft'] = 1; $history_files_params['limit'] = 20; $history_files_params['url'] = $draft_url; $history_files_params['current_page'] = 2; $history_files_params['created_at'] = '[lt]' . $last_saved_date; $history_files = $this->edit_field($history_files_params); if (is_array($history_files)) { $history_files_ids = $this->app->format->array_values($history_files); } if (isset($history_files_ids) and is_array($history_files_ids) and !empty($history_files_ids)) { ContentFields::whereIn('id', $history_files_ids)->delete(); } } if (!isset($data['rel_type']) or !isset($data['rel_id'])) { mw_error('Error: ' . __FUNCTION__ . ' rel and rel_id is required'); } if (isset($data['field']) and !isset($data['is_draft'])) { $fld = $this->app->database_manager->escape_string($data['field']); $fld_rel = $this->app->database_manager->escape_string($data['rel_type']); $del_params = array(); $del_params['rel_type'] = $fld_rel; $del_params['field'] = $fld; $del_params['table'] = $table; if (isset($data['rel_id'])) { $i = $data['rel_id']; $del_params['rel_id'] = $i; } else { $del_params['rel_id'] = 0; } $del = $this->app->database_manager->get($del_params); if (!empty($del)) { foreach ($del as $item) { $this->app->database_manager->delete_by_id($table, $item['id']); } } $cache_group = guess_cache_group('content_fields/' . $data['rel_type'] . '/' . $data['rel_id']); $this->app->cache_manager->delete($cache_group); } if (isset($fld)) { $this->app->cache_manager->delete('content_fields/' . $fld); $this->app->cache_manager->delete('content_fields/global/' . $fld); } $this->app->cache_manager->delete('content_fields/global'); if (isset($data['rel_type']) and isset($data['rel_id'])) { $cache_group = guess_cache_group('content_fields/' . $data['rel_type'] . '/' . $data['rel_id']); $this->app->cache_manager->delete($cache_group); $this->app->cache_manager->delete('content/' . $data['rel_id']); } if (isset($data['rel_type'])) { $this->app->cache_manager->delete('content_fields/' . $data['rel_type']); } if (isset($data['rel_type']) and isset($data['rel_id'])) { $this->app->cache_manager->delete('content_fields/' . $data['rel_type'] . '/' . $data['rel_id']); $this->app->cache_manager->delete('content_fields/global/' . $data['rel_type'] . '/' . $data['rel_id']); } if (isset($data['field'])) { $this->app->cache_manager->delete('content_fields/' . $data['field']); } $this->app->cache_manager->delete('content_fields/global'); $data['table'] = $table; $data['allow_html'] = 1; $save = $this->app->database_manager->save($data); $this->app->cache_manager->delete('content_fields'); return $save; }
public function load($module_name, $attrs = array()) { $is_element = false; $custom_view = false; if (isset($attrs['view'])) { $custom_view = $attrs['view']; $custom_view = trim($custom_view); $custom_view = str_replace('\\', '/', $custom_view); $attrs['view'] = $custom_view = str_replace('..', '', $custom_view); } if ($custom_view != false and strtolower($custom_view) == 'admin') { if ($this->app->user_manager->is_admin() == false) { mw_error('Not logged in as admin'); } } $module_name = trim($module_name); $module_name = str_replace('\\', '/', $module_name); $module_name = str_replace('..', '', $module_name); // prevent hack of the directory $module_name = reduce_double_slashes($module_name); $module_namei = $module_name; if (strstr($module_name, 'admin')) { $module_namei = str_ireplace('\\admin', '', $module_namei); $module_namei = str_ireplace('/admin', '', $module_namei); } //$module_namei = str_ireplace($search, $replace, $subject)e $uninstall_lock = $this->app->modules->get('one=1&ui=any&module=' . $module_namei); if (isset($uninstall_lock["installed"]) and $uninstall_lock["installed"] != '' and intval($uninstall_lock["installed"]) != 1) { return ''; } if (!defined('ACTIVE_TEMPLATE_DIR')) { $this->app->content_manager->define_constants(); } $module_in_template_dir = ACTIVE_TEMPLATE_DIR . 'modules/' . $module_name . ''; $module_in_template_dir = normalize_path($module_in_template_dir, 1); $module_in_template_file = ACTIVE_TEMPLATE_DIR . 'modules/' . $module_name . '.php'; $module_in_template_file = normalize_path($module_in_template_file, false); $try_file1 = false; $mod_d = $module_in_template_dir; $mod_d1 = normalize_path($mod_d, 1); $try_file1zz = $mod_d1 . 'index.php'; $in_dir = false; if ($custom_view == true) { $try_file1zz = $mod_d1 . trim($custom_view) . '.php'; } else { $try_file1zz = $mod_d1 . 'index.php'; } if (is_dir($module_in_template_dir) and is_file($try_file1zz)) { $try_file1 = $try_file1zz; $in_dir = true; } elseif (is_file($module_in_template_file)) { $try_file1 = $module_in_template_file; $in_dir = false; } else { $module_in_default_dir = modules_path() . $module_name . ''; $module_in_default_dir = normalize_path($module_in_default_dir, 1); // d($module_in_default_dir); $module_in_default_file = modules_path() . $module_name . '.php'; $module_in_default_file_custom_view = modules_path() . $module_name . '_' . $custom_view . '.php'; $element_in_default_file = elements_path() . $module_name . '.php'; $element_in_default_file = normalize_path($element_in_default_file, false); // $module_in_default_file = normalize_path($module_in_default_file, false); if (is_file($module_in_default_file)) { $in_dir = false; if ($custom_view == true and is_file($module_in_default_file_custom_view)) { $try_file1 = $module_in_default_file_custom_view; } else { $try_file1 = $module_in_default_file; } } else { if (is_dir($module_in_default_dir)) { $in_dir = true; $mod_d1 = normalize_path($module_in_default_dir, 1); if ($custom_view == true) { $try_file1 = $mod_d1 . trim($custom_view) . '.php'; } else { $try_file1 = $mod_d1 . 'index.php'; } } elseif (is_file($element_in_default_file)) { $in_dir = false; $is_element = true; $try_file1 = $element_in_default_file; } } } // if (isset($try_file1) != false and $try_file1 != false and is_file($try_file1)) { if (isset($attrs) and is_array($attrs) and !empty($attrs)) { $attrs2 = array(); foreach ($attrs as $attrs_k => $attrs_v) { $attrs_k2 = substr($attrs_k, 0, 5); if (strtolower($attrs_k2) == 'data-') { $attrs_k21 = substr($attrs_k, 5); $attrs2[$attrs_k21] = $attrs_v; } elseif (!isset($attrs['data-' . $attrs_k])) { $attrs2['data-' . $attrs_k] = $attrs_v; } $attrs2[$attrs_k] = $attrs_v; } $attrs = $attrs2; } $config['path_to_module'] = $config['mp'] = $config['path'] = normalize_path(dirname($try_file1) . '/', true); $config['the_module'] = $module_name; $config['module'] = $module_name; $module_name_dir = dirname($module_name); $config['module_name'] = $module_name_dir; $config['module_name_url_safe'] = $this->module_name_encode($module_name); $find_base_url = $this->app->url_manager->current(1); if ($pos = strpos($find_base_url, ':' . $module_name) or $pos = strpos($find_base_url, ':' . $config['module_name_url_safe'])) { $find_base_url = substr($find_base_url, 0, $pos) . ':' . $config['module_name_url_safe']; } $config['url'] = $find_base_url; $config['url_main'] = $config['url_base'] = strtok($find_base_url, '?'); if ($in_dir != false) { $mod_api = str_replace('/admin', '', $module_name); } else { $mod_api = str_replace('/admin', '', $module_name_dir); } $config['module_api'] = $this->app->url_manager->site('api/' . $mod_api); $config['module_view'] = $this->app->url_manager->site('module/' . $module_name); $config['ns'] = str_replace('/', '\\', $module_name); $config['module_class'] = $this->module_css_class($module_name); $config['url_to_module'] = $this->app->url_manager->link_to_file($config['path_to_module']); if (isset($attrs['id'])) { $attrs['id'] = str_replace('__MODULE_CLASS_NAME__', $config['module_class'], $attrs['id']); $template = false; } //$config['url_to_module'] = rtrim($config['url_to_module'], '///'); $lic = $this->app->modules->license($module_name); // $lic = 'valid'; if ($lic != false) { $config['license'] = $lic; } if (isset($attrs['module-id']) and $attrs['module-id'] != false) { $attrs['id'] = $attrs['module-id']; } if (!isset($attrs['id'])) { global $mw_mod_counter; $mw_mod_counter++; // $seg_clean = $this->app->url_manager->segment(0); $seg_clean = $this->app->url_manager->segment(0, url_current()); if (defined('IS_HOME')) { $seg_clean = ''; } $seg_clean = str_replace('%20', '-', $seg_clean); $seg_clean = str_replace(' ', '-', $seg_clean); $seg_clean = str_replace('.', '', $seg_clean); $attrs1 = crc32(serialize($attrs) . $seg_clean . $mw_mod_counter); $attrs1 = str_replace('%20', '-', $attrs1); $attrs1 = str_replace(' ', '-', $attrs1); $attrs['id'] = $config['module_class'] . '-' . $attrs1; } if (isset($attrs['id']) and strstr($attrs['id'], '__MODULE_CLASS_NAME__')) { $attrs['id'] = str_replace('__MODULE_CLASS_NAME__', $config['module_class'], $attrs['id']); //$attrs['id'] = ('__MODULE_CLASS__' . '-' . $attrs1); } $l1 = new \Microweber\View($try_file1); $l1->config = $config; $l1->app = $this->app; if (!isset($attrs['module'])) { $attrs['module'] = $module_name; } if (!isset($attrs['parent-module'])) { $attrs['parent-module'] = $module_name; } if (!isset($attrs['parent-module-id'])) { $attrs['parent-module-id'] = $attrs['id']; } // $mw_restore_get = mw_var('mw_restore_get'); // if ($mw_restore_get != false and is_array($mw_restore_get)) { // $l1->_GET = $mw_restore_get; // $_GET = $mw_restore_get; // } if (defined('MW_MODULE_ONDROP')) { if (!isset($attrs['ondrop'])) { $attrs['ondrop'] = true; } } $l1->params = $attrs; if ($config) { $this->current_module = $config; } if ($attrs) { $this->current_module_params = $attrs; } if (isset($attrs['view']) && trim($attrs['view']) == 'empty') { $module_file = EMPTY_MOD_STR; } elseif (isset($attrs['view']) && trim($attrs['view']) == 'admin') { $module_file = $l1->__toString(); } else { if (isset($attrs['display']) && trim($attrs['display']) == 'custom') { $module_file = $l1->__get_vars(); return $module_file; } else { if (isset($attrs['format']) && trim($attrs['format']) == 'json') { $module_file = $l1->__get_vars(); header("Content-type: application/json"); exit(json_encode($module_file)); } else { $module_file = $l1->__toString(); } } } // $l1 = null; unset($l1); if ($lic != false and isset($lic["error"]) and $lic["error"] == 'no_license_found') { $lic_l1_try_file1 = MW_ADMIN_VIEWS_DIR . 'activate_license.php'; $lic_l1 = new \Microweber\View($lic_l1_try_file1); $lic_l1->config = $config; $lic_l1->params = $attrs; $lic_l1e_file = $lic_l1->__toString(); unset($lic_l1); $module_file = $lic_l1e_file . $module_file; } // $mw_loaded_mod_memory[$function_cache_id] = $module_file; return $module_file; } else { //define($cache_content, FALSE); // $mw_loaded_mod_memory[$function_cache_id] = false; return false; } }
public function api($api_function = false, $params = false) { if (isset($_REQUEST['api_key']) and user_id() == 0) { api_login($_REQUEST['api_key']); } if (!defined('MW_API_CALL')) { define('MW_API_CALL', true); } $set_constants = true; $mod_class_api = false; $mod_class_api_called = false; $mod_class_api_class_exist = false; $caller_commander = false; if ($api_function == false) { $api_function_full = $this->app->url_manager->string(); $api_function_full = $this->app->format->replace_once('api_html', '', $api_function_full); $api_function_full = $this->app->format->replace_once('api/api', 'api', $api_function_full); $api_function_full = $this->app->format->replace_once('api', '', $api_function_full); $api_function_full = trim($api_function_full, '/'); //$api_function_full = substr($api_function_full, 4); } else { $api_function_full = $api_function; } if (isset($api_function_full) and $api_function_full != '') { if (ltrim($api_function_full, '/') == 'module') { $set_constants = false; } } if ($set_constants == true) { $this->app->content_manager->define_constants(); } if (defined('TEMPLATE_DIR')) { $load_template_functions = TEMPLATE_DIR . 'functions.php'; if (is_file($load_template_functions)) { include_once $load_template_functions; } } //$api_function_full = str_ireplace('api/', '', $api_function_full); $api_function_full = str_replace('..', '', $api_function_full); $api_function_full = str_replace('\\', '/', $api_function_full); $api_function_full = str_replace('//', '/', $api_function_full); $api_function_full = $this->app->database_manager->escape_string($api_function_full); if (is_string($api_function_full)) { $mod_api_class = explode('/', $api_function_full); } else { $mod_api_class = $api_function_full; } $try_class_func = array_pop($mod_api_class); // $try_class_func2 = array_pop($mod_api_class); $mod_api_class_copy = $mod_api_class; $try_class_func2 = array_pop($mod_api_class_copy); $mod_api_class2 = implode(DS, $mod_api_class_copy); $mod_api_class = implode(DS, $mod_api_class); $mod_api_class_clean = ltrim($mod_api_class, '/'); $mod_api_class_clean = ltrim($mod_api_class_clean, '\\'); $mod_api_class_clean_uc1 = ucfirst($mod_api_class_clean); $mod_api_class1 = normalize_path(modules_path() . $mod_api_class, false) . '.php'; $mod_api_class_native = normalize_path(mw_includes_path() . $mod_api_class, false) . '.php'; $mod_api_class_native_system = normalize_path(dirname(MW_PATH) . DS . $mod_api_class, false) . '.php'; $mod_api_class_native_global_ns = normalize_path(mw_includes_path() . 'classes' . DS . $mod_api_class2, false) . '.php'; $mod_api_class1_uc1 = normalize_path(modules_path() . $mod_api_class_clean_uc1, false) . '.php'; $mod_api_class_native_uc1 = normalize_path(mw_includes_path() . $mod_api_class_clean_uc1, false) . '.php'; $mod_api_class_native_global_ns_uc1 = normalize_path(mw_includes_path() . 'classes' . DS . $mod_api_class_clean_uc1, false) . '.php'; $mod_api_class2 = normalize_path(modules_path() . DS . $mod_api_class_clean . DS . $mod_api_class_clean, false) . '.php'; $mod_api_class2_uc1 = normalize_path(modules_path() . DS . $mod_api_class_clean . DS . $mod_api_class_clean, false) . '.php'; $try_class = '\\' . str_replace('/', '\\', $mod_api_class); if (class_exists($try_class, false)) { $caller_commander = 'class_is_already_here'; $mod_class_api_class_exist = true; } else { if (is_file($mod_api_class1)) { $mod_class_api = true; include_once $mod_api_class1; } elseif (is_file($mod_api_class_native_system)) { $mod_class_api = true; include_once $mod_api_class_native_system; } elseif (is_file($mod_api_class1_uc1)) { $mod_class_api = true; include_once $mod_api_class1_uc1; } elseif (is_file($mod_api_class_native_global_ns_uc1)) { $try_class = str_replace('/', '\\', $mod_api_class2); $mod_class_api = true; include_once $mod_api_class_native_global_ns_uc1; } elseif (is_file($mod_api_class_native_global_ns)) { $try_class = str_replace('/', '\\', $mod_api_class2); $mod_class_api = true; include_once $mod_api_class_native_global_ns; } elseif (is_file($mod_api_class_native_uc1)) { $mod_class_api = true; include_once $mod_api_class_native_uc1; } elseif (is_file($mod_api_class_native)) { $mod_class_api = true; include_once $mod_api_class_native; } elseif (is_file($mod_api_class2)) { $mod_class_api = true; include_once $mod_api_class2; } elseif (is_file($mod_api_class2_uc1)) { $mod_class_api = true; include_once $mod_api_class2_uc1; } } $api_exposed = ''; // user functions $api_exposed .= 'user_login user_logout social_login_process'; // content functions $api_exposed .= 'set_language '; $api_exposed .= api_expose(true); if (is_logged()) { $api_exposed .= api_expose_user(true); } if (is_admin()) { $api_exposed .= api_expose_admin(true); } $api_exposed = explode(' ', $api_exposed); $api_exposed = array_unique($api_exposed); $api_exposed = array_trim($api_exposed); $hooks = api_bind(true); if (is_logged()) { $hooks_admin = api_bind_user(true); if (is_array($hooks_admin)) { $hooks = array_merge($hooks, $hooks_admin); } } if (is_admin()) { $hooks_admin = api_bind_admin(true); if (is_array($hooks_admin)) { $hooks = array_merge($hooks, $hooks_admin); } } if ($api_function == false) { $api_function = $this->app->url_manager->segment(1); } if (!defined('MW_API_RAW')) { if ($mod_class_api != false) { $url_segs = $this->app->url_manager->segment(-1); } } else { if (is_array($api_function)) { $url_segs = $api_function; } else { $url_segs = explode('/', $api_function); } } if (!defined('MW_API_FUNCTION_CALL')) { define('MW_API_FUNCTION_CALL', $api_function); } switch ($caller_commander) { case 'class_is_already_here': if ($params != false) { $data = $params; } elseif (!$_POST and !$_REQUEST) { $data = $this->app->url_manager->params(true); if (empty($data)) { $data = $this->app->url_manager->segment(2); } } else { //$data = $_REQUEST; $data = array_merge($_GET, $_POST); } static $loaded_classes = array(); //$try_class_n = src_ if (isset($loaded_classes[$try_class]) == false) { $res = new $try_class($data); $loaded_classes[$try_class] = $res; } else { $res = $loaded_classes[$try_class]; // } if (method_exists($res, $try_class_func) or method_exists($res, $try_class_func2)) { if (method_exists($res, $try_class_func2)) { $try_class_func = $try_class_func2; } $res = $res->{$try_class_func}($data); if (defined('MW_API_RAW')) { $mod_class_api_called = true; } return $this->_api_responce($res); } break; default: $res = false; if (isset($hooks[$api_function_full])) { $data = array_merge($_GET, $_POST); $call = $hooks[$api_function_full]; if (!empty($call)) { foreach ($call as $call_item) { $res = call_user_func($call_item, $data); } } if ($res != false) { return $this->_api_responce($res); } } if ($mod_class_api == true and $mod_api_class != false) { $mod_api_class = str_replace('..', '', $mod_api_class); $try_class = str_replace('/', '\\', $mod_api_class); $try_class_full = str_replace('/', '\\', $api_function_full); $try_class_full2 = str_replace('\\', '/', $api_function_full); $mod_api_class_test = explode('/', $try_class_full2); $try_class_func_test = array_pop($mod_api_class_test); $mod_api_class_test_full = implode('/', $mod_api_class_test); $mod_api_err = false; if (!defined('MW_API_RAW')) { if (!in_array($try_class_full, $api_exposed) and !in_array($try_class_full2, $api_exposed) and !in_array($mod_api_class_test_full, $api_exposed)) { $mod_api_err = true; foreach ($api_exposed as $api_exposed_value) { if ($mod_api_err == true) { if ($api_exposed_value == $try_class_full) { $mod_api_err = false; } elseif (strtolower('\\' . $api_exposed_value) == strtolower($try_class_full)) { $mod_api_err = false; } elseif ($api_exposed_value == $try_class_full2) { $mod_api_err = false; } else { $convert_slashes = str_replace('\\', '/', $try_class_full); if ($convert_slashes == $api_exposed_value) { $mod_api_err = false; } } } } } else { $mod_api_err = false; } } if ($mod_class_api and $mod_api_err == false) { if (!class_exists($try_class, false)) { $remove = $url_segs; $last_seg = array_pop($remove); $last_prev_seg = array_pop($remove); $last_prev_seg2 = array_pop($remove); if (class_exists($last_prev_seg, false)) { $try_class = $last_prev_seg; } elseif (class_exists($last_prev_seg2, false)) { $try_class = $last_prev_seg2; } } if (!class_exists($try_class, false)) { $try_class_mw = ltrim($try_class, '/'); $try_class_mw = ltrim($try_class_mw, '\\'); $try_class = $try_class_mw; } if (class_exists($try_class, false)) { if ($params != false) { $data = $params; } elseif (!$_POST and !$_REQUEST) { $data = $this->app->url_manager->params(true); if (empty($data)) { $data = $this->app->url_manager->segment(2); } } else { $data = array_merge($_GET, $_POST); } $res = new $try_class($data); if (method_exists($res, $try_class_func) or method_exists($res, $try_class_func2)) { if (method_exists($res, $try_class_func2)) { $try_class_func = $try_class_func2; } $res = $res->{$try_class_func}($data); $mod_class_api_called = true; return $this->_api_responce($res); } } else { mw_error('The api class ' . $try_class . ' does not exist'); } } } break; } if ($api_function) { } else { $api_function = 'index'; } if ($api_function == 'module' and $mod_class_api_called == false) { $this->module(); } else { $err = false; if (!in_array($api_function, $api_exposed)) { $err = true; } if ($err == true) { foreach ($api_exposed as $api_exposed_item) { if ($api_exposed_item == $api_function) { $err = false; } } } if (isset($api_function_full)) { foreach ($api_exposed as $api_exposed_item) { if (is_string($api_exposed_item) and is_string($api_function_full)) { $api_function_full = str_replace('\\', '/', $api_function_full); $api_function_full = ltrim($api_function_full, '/'); if (strtolower($api_exposed_item) == strtolower($api_function_full)) { $err = false; } } } } if ($err == false) { if ($mod_class_api_called == false) { if (!$_POST and !$_REQUEST) { // $data = $this->app->url_manager->segment(2); $data = $this->app->url_manager->params(true); if (empty($data)) { $data = $this->app->url_manager->segment(2); } } else { //$data = $_REQUEST; $data = array_merge($_GET, $_POST); } $api_function_full_2 = explode('/', $api_function_full); unset($api_function_full_2[count($api_function_full_2) - 1]); $api_function_full_2 = implode('/', $api_function_full_2); if (function_exists($api_function)) { $res = $api_function($data); } elseif (class_exists($api_function, false)) { // $segs = $this->app->url_manager->segment(); $mmethod = array_pop($segs); $class = new $api_function($this->app); if (method_exists($class, $mmethod)) { $res = $class->{$mmethod}($data); } } else { $api_function_full_2 = str_replace(array('..', '/'), array('', '\\'), $api_function_full_2); $api_function_full_2 = __NAMESPACE__ . '\\' . $api_function_full_2; if (class_exists($api_function_full_2, false)) { // $segs = $this->app->url_manager->segment(); $mmethod = array_pop($segs); $class = new $api_function_full_2($this->app); if (method_exists($class, $mmethod)) { $res = $class->{$mmethod}($data); } } elseif (isset($api_function_full)) { $api_function_full = str_replace('\\', '/', $api_function_full); $api_function_full1 = explode('/', $api_function_full); $mmethod = array_pop($api_function_full1); $mclass = array_pop($api_function_full1); if (class_exists($mclass, false)) { $class = new $mclass($this->app); if (method_exists($class, $mmethod)) { $res = $class->{$mmethod}($data); } } } } } if (isset($res) and isset($hooks[$api_function]) and is_array($hooks[$api_function]) and !empty($hooks[$api_function])) { foreach ($hooks[$api_function] as $hook_key => $hook_value) { if ($hook_value != false and $hook_value != null) { $hook_value($res); } } } else { //error('The api function ' . $api_function . ' does not exist', __FILE__, __LINE__); } // print $api_function; } else { $api_function = mw()->format->clean_html($api_function); $api_function = mw()->format->clean_xss($api_function); mw_error('The api function ' . $api_function . ' is not defined in the allowed functions list'); } if (isset($res)) { return $this->_api_responce($res); } return; } }
<?php $rand = uniqid(); if (is_admin() == false) { mw_error('Must be admin'); } $id = false; if (isset($params['item-id'])) { $id = intval($params['item-id']); } if ($id == 0) { $data = array(); $data['id'] = $id; $data['parent_id'] = 0; if (isset($params['parent_id'])) { $data['parent_id'] = intval($params['parent_id']); } else { if (isset($params['menu-id'])) { $data['parent_id'] = intval($params['menu-id']); } } if (!isset($params['content_id'])) { $data['content_id'] = ''; } else { $data['content_id'] = $params['content_id']; } if (!isset($params['categories_id'])) { $data['categories_id'] = ''; } else { $data['categories_id'] = $params['categories_id']; }
public function apply_updates_queue() { $a = $this->app->user_manager->is_admin(); if ($a == false) { mw_error('Must be admin!'); } $c_id = $this->updates_queue_cache_id; $cache_group = $this->updates_queue_cache_group; $cache_content = $this->app->cache_manager->get($c_id, $cache_group); if (!empty($cache_content)) { $work = $cache_content; if (is_array($work) and !empty($work)) { foreach ($work as $k => $items) { if (is_array($items) and !empty($items)) { foreach ($items as $ik => $item) { $msg = ''; if ($k == 'mw_version') { $msg .= "Installing Core Update..." . "\n"; } elseif ($k == 'modules') { $msg .= "Installing module..." . "\n"; } elseif ($k == 'templates') { $msg .= "Installing template..." . "\n"; } elseif ($k == 'module_templates') { $msg .= "Installing module skin..." . "\n"; } else { $msg .= "Installing..." . "\n"; } $msg .= $item . "\n"; $queue = array($k => array(0 => $item)); $is_done = $this->apply_updates($queue); $msg_log = $this->_log_msg(true); if (!empty($msg_log)) { $msg .= implode("\n", $msg_log) . "\n"; } if (isset($is_done[0])) { if (isset($is_done[0]['success'])) { $msg .= $is_done[0]['success'] . "\n"; } elseif (isset($is_done[0]['warning'])) { $msg .= $is_done[0]['warning'] . "\n"; } elseif (isset($is_done[0]['message'])) { $msg .= $is_done[0]['message'] . "\n"; } } else { $msg .= "ERROR..." . "\n"; $msg .= print_r($is_done, true); } unset($work[$k][$ik]); $this->app->cache_manager->save($work, $c_id, $cache_group); return $msg; } } else { unset($work[$k]); /// $this->composer_run(); if ($k == 'mw_version') { $install = array('mw_version' => 'latest'); $is_done = $this->apply_updates($install); } $this->app->cache_manager->save($work, $c_id, $cache_group); // $msg = "Installed all " . $k . "\n"; // $msg = "Installed " . "\n"; $msg = 'done'; return $msg; } } } else { $this->app->cache_manager->save(false, $c_id, $cache_group); } } else { $this->app->cache_manager->save(false, $c_id, $cache_group); } return 'done'; }
public function delete_module_as_template($data) { if ($this->app->user_manager->is_admin() == false) { return false; } $table = 'module_templates'; $save = false; // d($table); $adm = $this->app->user_manager->is_admin(); if ($adm == false) { mw_error('Error: not logged in as admin.' . __FILE__ . __LINE__); } if (isset($data['id'])) { $c_id = intval($data['id']); $this->app->database_manager->delete_by_id($table, $c_id); } if (isset($data['ids']) and is_array($data['ids'])) { foreach ($data['ids'] as $value) { $c_id = intval($value); $this->app->database_manager->delete_by_id($table, $c_id); } } }
<?php only_admin_access(); $ord = mw()->shop_manager->get_order_by_id($params['order-id']); $cart_items = array(); if (is_array($ord)) { $cart_items = false; if (empty($cart_items)) { $cart_items = mw()->shop_manager->order_items($ord['id']); } } else { mw_error("Invalid order id"); } ?> <div id="mw-order-table-holder"> <div class="section-header"> <a class="mw-ui-btn pull-right" href="#vieworder=0"><span class="mw-icon-back"></span> <?php _e("Back to Orders"); ?> </a> <h2> <?php _e("Order"); ?> #<?php print $ord['id']; ?> </h2> </div> <div class="mw-ui-row" id="orders-info-row">
/** * \Files\Api::get * * Get an array that represents directory and files * * @package modules * @subpackage files * @subpackage files\api * @category files module api * @version 1.0 * @since 0.320 * @return mixed Array with files * * @param array $params = array() the params * @param string $params['directory'] The directory * @param string $params['keyword'] If set it will seach the dir and subdirs */ static function get($params) { if (is_admin() == false) { mw_error("Must be admin"); } $params = parse_params($params); if (!isset($params['directory'])) { mw_error("You must define directory"); } else { $directory = $params['directory']; } $from_search = 0; $arrayItems = array(); if (isset($params['search']) and strval($params['search']) != '') { $from_search = 1; $arrayItems_search = rglob($pattern = DS . '*' . $params['search'] . '*', $flags = 0, $directory); } else { //$paths = glob($directory . DS . '*', GLOB_ONLYDIR | GLOB_NOSORT); //$files = glob($directory . DS . '*', 0); //$arrayItems_search = array_merge($paths, $files); if (!is_dir($directory . DS)) { return false; } $arrayItems_search = array(); $myDirectory = opendir($directory . DS); // get each entry while ($entryName = readdir($myDirectory)) { if ($entryName != '..' and $entryName != '.') { $arrayItems_search[] = $entryName; } } // close directory closedir($myDirectory); } if (!empty($arrayItems_search)) { if (isset($params['sort_by']) and strval($params['sort_by']) != '') { if (isset($params['sort_order']) and strval($params['sort_order']) != '') { $ord = SORT_DESC; if (strtolower($params['sort_order']) == 'asc') { $ord = SORT_ASC; } array_multisort(array_map($params['sort_by'], $arrayItems_search), SORT_NUMERIC, $ord, $arrayItems_search); // d($arrayItems_search); } } //usort($myarray, create_function('$a,$b', 'return filemtime($a) - filemtime($b);')); $arrayItems_f = array(); $arrayItems_d = array(); foreach ($arrayItems_search as $file) { if ($from_search == 0) { $file = $directory . DS . $file; } if (is_file($file)) { $df = normalize_path($file, false); if (!in_array($df, $arrayItems_f)) { $arrayItems_f[] = $df; } } else { $df = normalize_path($file, 1); if (!in_array($df, $arrayItems_d)) { $arrayItems_d[] = $df; } } } $arrayItems['files'] = $arrayItems_f; $arrayItems['dirs'] = $arrayItems_d; } return $arrayItems; }
public function save($data) { $s = array(); if (isset($data['content-id'])) { $t = trim($data['content-id']); $s['rel_id'] = $t; $s['rel_type'] = 'content'; } elseif (isset($data['content_id'])) { $t = trim($data['content_id']); $s['rel_id'] = $t; $s['rel_type'] = 'content'; } if (isset($data['for'])) { $t = trim($data['for']); $t = $this->app->database_manager->assoc_table_name($t); $s['rel_type'] = $t; } if (isset($data['rel_id'])) { $t = $data['rel_id']; $s['rel_id'] = $t; } if (isset($data['rel_type'])) { $t = $data['rel_type']; $s['rel_type'] = $t; } if (isset($data['for-id'])) { $t = trim($data['for-id']); $s['rel_id'] = $t; } if (isset($data['for_id'])) { $t = trim($data['for_id']); $s['rel_id'] = $t; } if (isset($data['id'])) { $t = intval($data['id']); $s['id'] = $t; } if (isset($data['title'])) { $t = $data['title']; $s['title'] = $t; } if (!isset($data['src']) and isset($data['filename'])) { $data['src'] = $data['filename']; } if (isset($data['src'])) { $host = parse_url(site_url()); $host_dir = false; if (isset($host['host'])) { $host_dir = $host['host']; $host_dir = str_ireplace('www.', '', $host_dir); $host_dir = str_ireplace('.', '-', $host_dir); } $url2dir = $this->app->url_manager->to_path($data['src']); $uploaded_files_dir = media_base_path() . DS . 'uploaded'; if (isset($s['rel_type']) and isset($s['rel_id'])) { $move_uploaded_files_dir = media_base_path() . DS . $host_dir . DS . $s['rel_type'] . DS; $move_uploaded_files_dir_index = media_base_path() . DS . $host_dir . DS . $s['rel_type'] . DS . 'index.php'; $uploaded_files_dir = normalize_path($uploaded_files_dir); if (!is_dir($move_uploaded_files_dir)) { mkdir_recursive($move_uploaded_files_dir); @touch($move_uploaded_files_dir_index); } $url2dir = normalize_path($url2dir, false); $newfile = basename($url2dir); $newfile = preg_replace('/[^\\w\\._]+/', '_', $newfile); $newfile = $move_uploaded_files_dir . $newfile; if (is_file($newfile)) { $newfile = date('YmdHis') . basename($url2dir); $newfile = preg_replace('/[^\\w\\._]+/', '_', $newfile); $newfile = $move_uploaded_files_dir . $newfile; } if (is_file($url2dir)) { $data['src'] = $this->app->url_manager->link_to_file($url2dir); } } $s['filename'] = $data['src']; } if (!isset($data['position']) and !isset($s['id'])) { $s['position'] = 9999999; } if (isset($data['for_id'])) { $t = trim($data['for_id']); $s['rel_id'] = $t; } if (!isset($s['id']) and isset($s['filename']) and !isset($data['media_type'])) { $ext = get_file_extension($s['filename']); switch ($ext) { case 'jpeg': case 'jpg': case 'png': case 'gif': case 'bpm': case 'svg': $data['media_type'] = 'picture'; break; case 'avi': case 'ogg': case 'flv': case 'mp4': case 'qt': case 'mpeg': $data['media_type'] = 'video'; break; case 'mp3': case 'wav': case 'flac': $data['media_type'] = 'audio'; break; } } if (isset($data['media_type'])) { $t = $this->app->database_manager->escape_string($data['media_type']); $s['media_type'] = $t; } if (isset($s['rel_type']) and isset($s['rel_id'])) { $s['rel_id'] = trim($s['rel_id']); $table = $this->tables['media']; $s = $this->app->database_manager->save($table, $s); $this->app->cache_manager->delete('media'); return $s; } elseif (isset($s['id'])) { $table = $this->tables['media']; $s = $this->app->database_manager->save($table, $s); $this->app->cache_manager->delete('media'); return $s; } else { mw_error('Invalid data'); } }
function reorder($data) { $adm = is_admin(); if ($adm == false) { mw_error('Error: not logged in as admin.' . __FILE__ . __LINE__); } $table = $this->table; foreach ($data as $value) { if (is_array($value)) { $indx = array(); $i = 0; foreach ($value as $value2) { $indx[$i] = $value2; $i++; } $this->app->database_manager->update_position_field($table, $indx); return true; // d($indx); } } }
<?php if (is_admin() == false) { mw_error("Must be admin"); } $user_params = array(); if (isset($params['sortby'])) { $user_params['order_by'] = $params['sortby']; } if (isset($params['is_admin'])) { $user_params['is_admin'] = $params['is_admin']; } if (isset($params['is_active'])) { $user_params['is_active'] = $params['is_active']; } $users_per_page = 100; $paging_param = $params['id'] . '_page'; $current_page_from_url = url_param($paging_param); if (intval($current_page_from_url) > 0) { $user_params['current_page'] = intval($current_page_from_url); } elseif (isset($params['current_page'])) { $current_page_from_url = $user_params['current_page'] = $params['current_page']; } if (isset($params['search'])) { if (isset($params['search'])) { $user_params['keyword'] = $params['search']; } if (isset($params['keyword'])) { $user_params['search_in_fields'] = array('username', 'email', 'first_name', 'last_name'); } $user_params['search_by_keyword'] = $params['search'];
static function save($data) { $adm = is_admin(); $table = MODULE_DB_COMMENTS; mw_var('FORCE_SAVE', $table); if (isset($data['id'])) { if ($adm == false) { mw_error('Error: Only admin can edit comments!'); } } if (isset($data['action']) and isset($data['id'])) { if ($adm == false) { mw_error('Error: Only admin can edit comments!'); } else { $action = strtolower($data['action']); switch ($action) { case 'publish': $data['is_moderated'] = 1; break; case 'unpublish': $data['is_moderated'] = 0; break; case 'spam': $data['is_moderated'] = 0; break; case 'delete': $del = mw()->database_manager->delete_by_id($table, $id = intval($data['id']), $field_name = 'id'); return $del; break; default: break; } // d(); } } else { if (!isset($data['rel_type'])) { return array('error' => 'Error: invalid data'); } if (!isset($data['rel_id'])) { return array('error' => 'Error: invalid data'); } else { if (trim($data['rel_id']) == '') { return array('error' => 'Error: invalid data'); } } if (!isset($data['captcha'])) { return array('error' => 'Please enter the captcha answer!'); } else { $cap = mw()->user_manager->session_get('captcha'); if ($cap == false) { return array('error' => 'You must load a captcha first!'); } if (intval($data['captcha']) != $cap) { // d($cap); if ($adm == false) { return array('error' => 'Invalid captcha answer!'); } } } } if (!isset($data['id']) and isset($data['comment_body'])) { if (!isset($data['comment_email']) and user_id() == 0) { return array('error' => 'You must type your email or be logged in order to comment.'); } $data['from_url'] = mw()->url_manager->current(1); } if ($adm == true and !isset($data['id']) and !isset($data['is_moderated'])) { $data['is_moderated'] = 1; } else { $require_moderation = get_option('require_moderation', 'comments'); if ($require_moderation != 'y') { $data['is_moderated'] = 1; } } // d( $require_moderation); $saved_data = mw()->database_manager->save($table, $data); if (!isset($data['id']) and isset($data['comment_body'])) { $notif = array(); $notif['module'] = "comments"; $notif['rel_type'] = $data['rel_type']; $notif['rel_id'] = $data['rel_id']; $notif['title'] = "You have new comment"; $notif['description'] = "New comment is posted on " . mw()->url_manager->current(1); $notif['content'] = mw('format')->limit($data['comment_body'], 800); mw()->notifications_manager->save($notif); $email_on_new_comment = get_option('email_on_new_comment', 'comments') == 'y'; $email_on_new_comment_value = get_option('email_on_new_comment_value', 'comments'); if ($email_on_new_comment == true) { $subject = "You have new comment"; $data2 = $data; unset($data2['rel_type']); unset($data2['rel_id']); $data3 = array(); foreach ($data2 as $key => $value) { $key2 = str_ireplace('comment_', ' ', $key); if ($key2 == 'body') { $key2 = 'text'; } $data3[$key2] = nl2br($value); } $message = "Hi, <br/> You have new comment posted on " . mw()->url_manager->current(1) . ' <br /> '; $message .= "IP:" . MW_USER_IP . ' <br /> '; $message .= mw('format')->array_to_ul($data3); \Microweber\email\Sender::send($email_on_new_comment_value, $subject, $message, 1); } } return $saved_data; }
<?php if (!is_admin()) { mw_error("must be admin"); } ?> <?php $load_module = url_param('load_module'); if ($load_module == true) { ?> <?php $mod = str_replace('___', DS, $load_module); $mod = load_module($mod, $attrs = array('view' => 'admin', 'backend' => 'true')); print $mod; } else { ?> <?php $mod_params = array(); $mod_params['ui'] = 'any'; if (isset($params['reload_modules'])) { $s = 'skip_cache=1'; if (isset($params['cleanup_db'])) { $s .= '&cleanup_db=1'; } $mods = scan_for_modules($s); } if (isset($params['category'])) { $mod_params['category'] = $params['category']; } if (isset($params['keyword'])) {
public function menu_delete($id = false) { $params = parse_params($id); if (!isset($params['id'])) { mw_error('Error: id param is required.'); } $id = $params['id']; $id = $this->app->database_manager->escape_string($id); $id = htmlspecialchars_decode($id); $table = $this->tables['menus']; $this->app->database_manager->delete_by_id($table, trim($id), $field_name = 'id'); $this->app->cache_manager->delete('menus/global'); return true; }
function download($params) { if (!is_admin()) { mw_error("must be admin"); } ini_set('memory_limit', '512M'); set_time_limit(0); if (isset($params['id'])) { $id = $params['id']; } else { if (isset($_GET['filename'])) { $id = $params['filename']; } else { if (isset($_GET['file'])) { $id = $params['file']; } } } $id = str_replace('..', '', $id); // Check if the file has needed args if ($id == NULL) { return array('error' => "You have not provided filename to download."); die; } $here = $this->get_bakup_location(); // Generate filename and set error variables $filename = $here . $id; $filename = str_replace('..', '', $filename); if (!is_file($filename)) { return array('error' => "You have not provided a existing filename to download."); die; } // Check if the file exist. if (file_exists($filename)) { // Add headers $name = basename($filename); $type = 'sql'; header('Cache-Control: public'); header('Content-Description: File Transfer'); header('Content-Disposition: attachment; filename=' . $name); header('Content-Length: ' . filesize($filename)); // Read file $this->readfile_chunked($filename); } else { die('File does not exist'); } }
public function save($data) { $s = array(); if (isset($data['content-id'])) { $t = trim($data['content-id']); $s['rel_id'] = $t; $s['rel_type'] = 'content'; } elseif (isset($data['content_id'])) { $t = trim($data['content_id']); $s['rel_id'] = $t; $s['rel_type'] = 'content'; $s['rel_type'] = 'content'; } if (isset($data['for'])) { $t = trim($data['for']); $t = $this->app->database_manager->assoc_table_name($t); $s['rel_type'] = $t; } if (isset($data['rel_id'])) { $t = $data['rel_id']; $s['rel_id'] = $t; } if (isset($data['rel_type'])) { $t = $data['rel_type']; $s['rel_type'] = $t; } if (isset($data['for-id'])) { $t = trim($data['for-id']); $s['rel_id'] = $t; } if (isset($data['for_id'])) { $t = trim($data['for_id']); $s['rel_id'] = $t; } if (isset($data['id'])) { $t = intval($data['id']); $s['id'] = $t; } if (isset($data['title'])) { $t = $data['title']; $s['title'] = $t; } if (!isset($data['src']) and isset($data['filename'])) { $data['src'] = $data['filename']; } if (isset($data['src'])) { $host = parse_url(site_url()); $host_dir = false; if (isset($host['host'])) { $host_dir = $host['host']; $host_dir = str_ireplace('www.', '', $host_dir); $host_dir = str_ireplace('.', '-', $host_dir); } $url2dir = $this->app->url_manager->to_path($data['src']); $uploaded_files_dir = media_base_path() . DS . 'uploaded'; if (isset($s['rel_type']) and isset($s['rel_id'])) { $s['rel_type'] = str_replace('..', '', $s['rel_type']); $move_uploaded_files_dir = media_base_path() . 'downloaded' . DS . $s['rel_type'] . DS; $move_uploaded_files_dir_index = media_base_path() . 'downloaded' . DS . $s['rel_type'] . DS . 'index.php'; $uploaded_files_dir = normalize_path($uploaded_files_dir); if (!is_dir($move_uploaded_files_dir)) { mkdir_recursive($move_uploaded_files_dir); @touch($move_uploaded_files_dir_index); } $url2dir = normalize_path($url2dir, false); $dl_remote = $this->download_remote_images; if (isset($data['allow_remote_download']) and $data['allow_remote_download']) { $dl_remote = $data['allow_remote_download']; } if ($dl_remote and isset($data['src'])) { $ext = get_file_extension($data['src']); $data['media_type'] = $this->_guess_media_type_from_file_ext($ext); if ($data['media_type'] != false) { // starting download $is_remote = strtolower($data['src']); if (strstr($is_remote, 'http:') || strstr($is_remote, 'https:')) { $dl_host = parse_url($is_remote); $dl_host_host_dir = false; if (isset($dl_host['host'])) { $dl_host_host_dir = $dl_host['host']; $dl_host_host_dir = str_ireplace('www.', '', $dl_host_host_dir); $dl_host_host_dir = str_ireplace('.', '-', $dl_host_host_dir); } $move_uploaded_files_dir = $move_uploaded_files_dir . 'external' . DS; if ($dl_host_host_dir) { $move_uploaded_files_dir = $move_uploaded_files_dir . $dl_host_host_dir . DS; } if (!is_dir($move_uploaded_files_dir)) { mkdir_recursive($move_uploaded_files_dir); } $newfile = basename($data['src']); $newfile = preg_replace('/[^\\w\\._]+/', '_', $newfile); $newfile = $move_uploaded_files_dir . $newfile; if (!is_file($newfile)) { mw()->http->url($data['src'])->download($newfile); } if (is_file($newfile)) { $url2dir = $this->app->url_manager->to_path($newfile); } } } } if (is_file($url2dir)) { $data['src'] = $this->app->url_manager->link_to_file($url2dir); } } $s['filename'] = $data['src']; } if (!isset($data['position']) and !isset($s['id'])) { $s['position'] = 9999999; } if (isset($data['for_id'])) { $t = trim($data['for_id']); $s['rel_id'] = $t; } if ((!isset($s['id']) or isset($s['id']) and $s['id'] == 0) and isset($s['filename']) and isset($s['rel_id']) and isset($s['rel_type'])) { $s['filename'] = str_replace(site_url(), '{SITE_URL}', $s['filename']); $check = array(); $check['rel_type'] = $s['rel_type']; $check['rel_id'] = $s['rel_id']; $check['filename'] = $s['filename']; $check['single'] = true; $check = $this->get_all($check); if (isset($check['id'])) { $s['id'] = $check['id']; } } if (!isset($s['id']) and isset($s['filename']) and !isset($data['media_type'])) { $ext = get_file_extension($s['filename']); $data['media_type'] = $this->_guess_media_type_from_file_ext($ext); } if (isset($data['media_type'])) { $t = $this->app->database_manager->escape_string($data['media_type']); $s['media_type'] = $t; } if (isset($s['rel_type']) and isset($s['rel_id'])) { $s['rel_id'] = trim($s['rel_id']); $table = $this->tables['media']; $s = $this->app->database_manager->save($table, $s); $this->app->cache_manager->delete('media'); return $s; } elseif (isset($s['id'])) { $table = $this->tables['media']; $s = $this->app->database_manager->save($table, $s); $this->app->cache_manager->delete('media'); return $s; } else { mw_error('Invalid data'); } }