Beispiel #1
0
function wurfl_admin_delete()
{
    if (!xarSecurityCheck('ManageWurfl')) {
        return;
    }
    if (!xarVarFetch('name', 'str:1', $name, 'wurfl_wurfl', XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('itemid', 'int', $data['itemid'], '', XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('confirm', 'str:1', $data['confirm'], false, XARVAR_NOT_REQUIRED)) {
        return;
    }
    $data['object'] = DataObjectMaster::getObject(array('name' => $name));
    $data['object']->getItem(array('itemid' => $data['itemid']));
    $data['tplmodule'] = 'wurfl';
    $data['authid'] = xarSecGenAuthKey('wurfl');
    if ($data['confirm']) {
        // Check for a valid confirmation key
        if (!xarSecConfirmAuthKey()) {
            return;
        }
        // Delete the item
        $item = $data['object']->deleteItem();
        // Jump to the next page
        xarController::redirect(xarModURL('wurfl', 'admin', 'view'));
        return true;
    }
    return $data;
}
Beispiel #2
0
/**
 *  Get products
 */
function shop_userapi_getproducts($args)
{
    $startnum = 1;
    extract($args);
    if (!xarSecurityCheck('ViewShop')) {
        return;
    }
    if (!isset($items_per_page)) {
        $items_per_page = xarModVars::get('shop', 'items_per_page');
    }
    $data['items_per_page'] = $items_per_page;
    // Load the DD master object class. This line will likely disappear in future versions
    sys::import('modules.dynamicdata.class.objects.master');
    sys::import('modules.dynamicdata.class.properties.master');
    // Get the object we'll be working with. Note this is a so called object list
    $mylist = DataObjectMaster::getObjectList(array('name' => 'shop_products'));
    $data['sort'] = xarMod::ApiFunc('shop', 'admin', 'sort', array('sortfield_fallback' => 'id', 'ascdesc_fallback' => 'ASC'));
    // We have some filters for the items
    $filters = array('startnum' => $startnum, 'status' => DataPropertyMaster::DD_DISPLAYSTATE_ACTIVE, 'sort' => $data['sort']);
    if (isset($where)) {
        $filters['where'] = $where;
    }
    // Get the items
    $products = $mylist->getItems($filters);
    // return the products
    $data['products'] = $products;
    // Return the template variables defined in this function
    return $data;
}
Beispiel #3
0
function calendar_admin_add_event()
{
    // Security check
    if (!xarSecurityCheck('Admincalendar')) {
        return;
    }
    // Generate a one-time authorisation code for this operation
    $data = xarMod::apiFunc('calendar', 'admin', 'get_calendars');
    $data['authid'] = xarSecGenAuthKey();
    $data['default_cal'] = unserialize(xarModVars::get('calendar', 'default_cal'));
    // Variables from phpIcalendar config.inc.php
    $data['updatebutton'] = xarVarPrepForDisplay(xarML('Create event'));
    //TODO: should I include this stuff? --amoro
    /*    $hooks = xarModCallHooks('module', 'modifyconfig', 'calendar',
            array('module' => 'calendar'));
        if (empty($hooks)) {
            $data['hooks'] = '';
        } elseif (is_array($hooks)) {
            $data['hooks'] = join('', $hooks);
        } else {
            $data['hooks'] = $hooks;
        }
    */
    // Return the template variables defined in this function
    return $data;
}
Beispiel #4
0
/**
 * view statistics
 */
function publications_admin_stats($args = array())
{
    if (!xarSecurityCheck('AdminPublications')) {
        return;
    }
    if (!xarVarFetch('group', 'isset', $group, array(), XARVAR_NOT_REQUIRED)) {
        return;
    }
    extract($args);
    if (!empty($group)) {
        $newgroup = array();
        foreach ($group as $field) {
            if (empty($field)) {
                continue;
            }
            $newgroup[] = $field;
        }
        $group = $newgroup;
    }
    if (empty($group)) {
        $group = array('pubtype_id', 'state', 'owner');
    }
    $data = array();
    $data['group'] = $group;
    $data['stats'] = xarModAPIFunc('publications', 'admin', 'getstats', array('group' => $group));
    $data['pubtypes'] = xarModAPIFunc('publications', 'user', 'get_pubtypes');
    $data['statelist'] = xarModAPIFunc('publications', 'user', 'getstates');
    $data['fields'] = array('pubtype_id' => xarML('Publication Type'), 'state' => xarML('Status'), 'owner' => xarML('Author'), 'pubdate_year' => xarML('Publication Year'), 'pubdate_month' => xarML('Publication Month'), 'pubdate_day' => xarML('Publication Day'), 'locale' => xarML('Language'));
    return $data;
}
Beispiel #5
0
function publications_admin_modify_pubtype($args)
{
    if (!xarSecurityCheck('AdminPublications')) {
        return;
    }
    extract($args);
    // Get parameters
    if (!xarVarFetch('itemid', 'isset', $data['itemid'], NULL, XARVAR_DONT_SET)) {
        return;
    }
    if (!xarVarFetch('returnurl', 'str:1', $data['returnurl'], 'view', XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('name', 'str:1', $name, '', XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('tab', 'str:1', $data['tab'], '', XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('confirm', 'bool', $data['confirm'], false, XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (empty($name) && empty($itemid)) {
        return xarResponse::NotFound();
    }
    // Get our object
    $data['object'] = DataObjectMaster::getObject(array('name' => 'publications_types'));
    if (!empty($data['itemid'])) {
        $data['object']->getItem(array('itemid' => $data['itemid']));
    } else {
        $type_list = DataObjectMaster::getObjectList(array('name' => 'publications_types'));
        $where = 'name = ' . $name;
        $items = $type_list->getItems(array('where' => $where));
        $item = current($items);
        $data['object']->getItem(array('itemid' => $item['id']));
    }
    // Send the publication type and the object properties to the template
    $data['properties'] = $data['object']->getProperties();
    // Get the settings of the publication type we are using
    $data['settings'] = xarModAPIFunc('publications', 'user', 'getsettings', array('ptid' => $data['itemid']));
    if ($data['confirm']) {
        // Check for a valid confirmation key
        if (!xarSecConfirmAuthKey()) {
            return;
        }
        // Get the data from the form
        $isvalid = $data['object']->checkInput();
        if (!$isvalid) {
            // Bad data: redisplay the form with error messages
            return xarTplModule('publications', 'admin', 'modify_pubtype', $data);
        } else {
            // Good data: create the item
            $itemid = $data['object']->updateItem(array('itemid' => $data['itemid']));
            // Jump to the next page
            xarController::redirect(xarModURL('publications', 'admin', 'view_pubtypes'));
            return true;
        }
    }
    return $data;
}
Beispiel #6
0
/**
 * View items of the wurfl object
 *
 */
function wurfl_admin_view($args)
{
    if (!xarSecurityCheck('ManageWurfl')) {
        return;
    }
    $modulename = 'wurfl';
    // Define which object will be shown
    if (!xarVarFetch('objectname', 'str', $objectname, null, XARVAR_DONT_SET)) {
        return;
    }
    if (!empty($objectname)) {
        xarModUserVars::set($modulename, 'defaultmastertable', $objectname);
    }
    // Set a return url
    xarSession::setVar('ddcontext.' . $modulename, array('return_url' => xarServer::getCurrentURL()));
    // Get the available dropdown options
    $object = DataObjectMaster::getObjectList(array('objectid' => 1));
    $data['objectname'] = xarModUserVars::get($modulename, 'defaultmastertable');
    $items = $object->getItems();
    $options = array();
    foreach ($items as $item) {
        if (strpos($item['name'], $modulename) !== false) {
            $options[] = array('id' => $item['name'], 'name' => $item['name']);
        }
    }
    $data['options'] = $options;
    return $data;
}
Beispiel #7
0
/**
 * Publications Module
 *
 * @package modules
 * @subpackage publications module
 * @category Third Party Xaraya Module
 * @version 2.0.0
 * @copyright (C) 2011 Netspan AG
 * @license GPL {@link http://www.gnu.org/licenses/gpl.html}
 * @author Marc Lutolf <*****@*****.**>
 */
function publications_user_view_pages($args)
{
    extract($args);
    if (!xarSecurityCheck('ManagePublications')) {
        return;
    }
    // Accept a parameter to allow selection of a single tree.
    xarVarFetch('contains', 'id', $contains, 0, XARVAR_NOT_REQUIRED);
    $data = xarMod::apiFunc('publications', 'user', 'getpagestree', array('key' => 'index', 'dd_flag' => false, 'tree_contains_pid' => $contains));
    if (empty($data['pages'])) {
        // TODO: pass to template.
        return $data;
        //xarML('NO PAGES DEFINED');
    } else {
        $data['pages'] = xarMod::apiFunc('publications', 'tree', 'array_maptree', $data['pages']);
    }
    $data['contains'] = $contains;
    // Check modify and delete privileges on each page.
    // EditPage - allows basic changes, but no moving or renaming (good for sub-editors who manage content)
    // AddPage - new pages can be added (further checks may limit it to certain page types)
    // DeletePage - page can be renamed, moved and deleted
    if (!empty($data['pages'])) {
        // Bring in the access property for security checks
        sys::import('modules.dynamicdata.class.properties.master');
        $accessproperty = DataPropertyMaster::getProperty(array('name' => 'access'));
        $accessproperty->module = 'publications';
        $accessproperty->component = 'Page';
        foreach ($data['pages'] as $key => $page) {
            $thisinstance = $page['name'] . ':' . $page['ptid']['name'];
            // Do we have admin access?
            $args = array('instance' => $thisinstance, 'level' => 800);
            $adminaccess = $accessproperty->check($args);
            // Decide whether this page can be modified by the current user
            /*try {
                  $args = array(
                      'instance' => $thisinstance,
                      'group' => $page['access']['modify_access']['group'],
                      'level' => $page['access']['modify_access']['level'],
                  );
              } catch (Exception $e) {
                  $args = array();
              }*/
            $data['pages'][$key]['edit_allowed'] = $adminaccess || $accessproperty->check($args);
            /*
                        // Decide whether this page can be deleted by the current user
                       try {
                            $args = array(
                                'instance' => $thisinstance,
                                'group' => $page['access']['delete_access']['group'],
                                'level' => $page['access']['delete_access']['level'],
                            );
                        } catch (Exception $e) {
                            $args = array();
                        }*/
            $data['pages'][$key]['delete_allowed'] = $adminaccess || $accessproperty->check($args);
        }
    }
    return $data;
}
Beispiel #8
0
/**
 *  Modify a customer
 */
function shop_admin_modifycustomer()
{
    if (!xarVarFetch('itemid', 'id', $data['itemid'], NULL, XARVAR_DONT_SET)) {
        return;
    }
    if (!xarVarFetch('confirm', 'bool', $data['confirm'], false, XARVAR_NOT_REQUIRED)) {
        return;
    }
    $objectname = 'shop_customers';
    $data['objectname'] = $objectname;
    // Check if we still have no id of the item to modify.
    if (empty($data['itemid'])) {
        $msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', 'item id', 'admin', 'modify', 'shop');
        throw new Exception($msg);
    }
    if (!xarSecurityCheck('AdminShop', 1, 'Item', $data['itemid'])) {
        return;
    }
    sys::import('modules.dynamicdata.class.objects.master');
    $object = DataObjectMaster::getObject(array('name' => $objectname));
    $data['object'] = $object;
    $data['label'] = $object->label;
    $object->getItem(array('itemid' => $data['itemid']));
    $values = $object->getFieldValues();
    foreach ($values as $name => $value) {
        $data[$name] = xarVarPrepForDisplay($value);
    }
    $rolesobject = DataObjectMaster::getObject(array('name' => 'roles_users'));
    $rolesobject->getItem(array('itemid' => $data['itemid']));
    if ($data['confirm']) {
        // Check for a valid confirmation key
        if (!xarSecConfirmAuthKey()) {
            return xarTplModule('privileges', 'user', 'errors', array('layout' => 'bad_author'));
        }
        // Get the data from the form
        $isvalid = $object->checkInput();
        if (!$isvalid) {
            // Bad data: redisplay the form with the data we picked up and with error messages
            return xarTplModule('shop', 'admin', 'modifycustomer', $data);
        } elseif (isset($data['preview'])) {
            // Show a preview, same thing as the above essentially
            return xarTplModule('shop', 'admin', 'modifycustomer', $data);
        } else {
            $first_name = $object->properties['first_name']->getValue();
            $last_name = $object->properties['last_name']->getValue();
            $rolesobject->properties['name']->setValue($first_name . ' ' . $last_name);
            $rolesobject->updateItem();
            $object->updateItem();
            // Jump to the next page
            xarResponse::redirect(xarModURL('shop', 'admin', 'modifycustomer', array('itemid' => $data['itemid'])));
            return $data;
        }
    } else {
        // Get that specific item of the object
        $object->getItem(array('itemid' => $data['itemid']));
    }
    // Return the template variables defined in this function
    return $data;
}
Beispiel #9
0
/**
 * get next article
 * Note : the following parameters are all optional (except id and ptid)
 *
 * @param $args['id'] the article ID we want to have the next article of
 * @param $args['ptid'] publication type ID (for news, sections, reviews, ...)
 * @param $args['sort'] sort order ('date','title','hits','rating',...)
 * @param $args['owner'] the ID of the author
 * @param $args['state'] array of requested status(es) for the publications
 * @param $args['enddate'] publications published before enddate
 *                         (unix timestamp format)
 * @return array of article fields, or false on failure
 */
function publications_userapi_getnext($args)
{
    // Get arguments from argument array
    extract($args);
    // Optional argument
    if (empty($sort)) {
        $sort = 'date';
    }
    if (!isset($state)) {
        // frontpage or approved
        $state = array(PUBLICATIONS_STATE_FRONTPAGE, PUBLICATIONS_STATE_APPROVED);
    }
    // Default fields in publications (for now)
    $fields = array('id', 'title');
    // Security check
    if (!xarSecurityCheck('ViewPublications')) {
        return;
    }
    // Database information
    $dbconn = xarDB::getConn();
    // Get the field names and LEFT JOIN ... ON ... parts from publications
    // By passing on the $args, we can let leftjoin() create the WHERE for
    // the publications-specific columns too now
    $publicationsdef = xarModAPIFunc('publications', 'user', 'leftjoin', $args);
    // Create the query
    $query = "SELECT {$publicationsdef['id']}, {$publicationsdef['title']}, {$publicationsdef['pubtype_id']}, {$publicationsdef['owner']}\n                FROM {$publicationsdef['table']} WHERE ";
    // we rely on leftjoin() to create the necessary publications clauses now
    if (!empty($publicationsdef['where'])) {
        $query .= " {$publicationsdef['where']} AND ";
    }
    // Get current article
    $current = xarModAPIFunc('publications', 'user', 'get', array('id' => $id));
    // Create the ORDER BY part
    switch ($sort) {
        case 'title':
            $query .= $publicationsdef['title'] . ' > ' . $dbconn->qstr($current['title']) . ' ORDER BY ' . $publicationsdef['title'] . ' ASC, ' . $publicationsdef['id'] . ' ASC';
            break;
        case 'id':
            $query .= $publicationsdef['id'] . ' > ' . $current['id'] . ' ORDER BY ' . $publicationsdef['id'] . ' ASC';
            break;
        case 'data':
        default:
            $query .= $publicationsdef['pubdate'] . ' > ' . $dbconn->qstr($current['pubdate']) . ' ORDER BY ' . $publicationsdef['pubdate'] . ' ASC, ' . $publicationsdef['id'] . ' ASC';
    }
    // Run the query - finally :-)
    $result =& $dbconn->SelectLimit($query, 1, 0);
    if (!$result) {
        return;
    }
    $item = array();
    list($item['id'], $item['title'], $item['pubtype_id'], $item['owner']) = $result->fields;
    $result->Close();
    // TODO: grab categories & check against them too
    // check security - don't generate an exception here
    if (!xarSecurityCheck('ViewPublications', 0, 'Publication', "{$item['pubtype_id']}:All:{$item['owner']}:{$item['id']}")) {
        return array();
    }
    return $item;
}
Beispiel #10
0
function publications_admin_view_pubtypes()
{
    if (!xarSecurityCheck('AdminPublications')) {
        return;
    }
    // Return the template variables defined in this function
    return array();
}
Beispiel #11
0
/**
 * Create a new publication type
 *
 * @param $args['name'] name of the publication type
 * @param $args['descr'] description of the publication type
 * @param $args['config'] configuration of the publication type
 * @return int publication type ID on success, false on failure
 */
function publications_adminapi_createpubtype($args)
{
    // Get arguments from argument array
    extract($args);
    // Argument check - make sure that all required arguments are present
    // and in the right format, if not then set an appropriate error
    // message and return
    // Note : since we have several arguments we want to check here, we'll
    // report all those that are invalid at the same time...
    $invalid = array();
    if (!isset($name) || !is_string($name) || empty($name)) {
        $invalid[] = 'name';
    }
    if (!isset($config) || !is_array($config) || count($config) == 0) {
        $invalid[] = 'configuration';
    }
    if (count($invalid) > 0) {
        $msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', join(', ', $invalid), 'admin', 'createpubtype', 'Publications');
        throw new BadParameterException(null, $msg);
    }
    if (empty($descr)) {
        $descr = $name;
    }
    // Publication type names *must* be lower-case for now
    $name = strtolower($name);
    // Security check - we require ADMIN rights here
    if (!xarSecurityCheck('AdminPublications')) {
        return;
    }
    if (!xarModAPILoad('publications', 'user')) {
        return;
    }
    // Make sure we have all the configuration fields we need
    $pubfields = xarModAPIFunc('publications', 'user', 'getpubfields');
    foreach ($pubfields as $field => $value) {
        if (!isset($config[$field])) {
            $config[$field] = '';
        }
    }
    // Get database setup
    $dbconn = xarDB::getConn();
    $xartable = xarDB::getTables();
    $pubtypestable = $xartable['publication_types'];
    // Get next ID in table
    $nextId = $dbconn->GenId($pubtypestable);
    // Insert the publication type
    $query = "INSERT INTO {$pubtypestable} (pubtype_id, pubtypename,\n            pubtypedescr, pubtypeconfig)\n            VALUES (?,?,?,?)";
    $bindvars = array($nextId, $name, $descr, serialize($config));
    $result =& $dbconn->Execute($query, $bindvars);
    if (!$result) {
        return;
    }
    // Get ptid to return
    $ptid = $dbconn->PO_Insert_ID($pubtypestable, 'pubtype_id');
    // Don't call creation hooks here...
    //xarModCallHooks('item', 'create', $ptid, 'ptid');
    return $ptid;
}
Beispiel #12
0
function wurfl_admin_modifyconfig()
{
    // Security Check
    if (!xarSecurityCheck('AdminWurfl')) {
        return;
    }
    if (!xarVarFetch('phase', 'str:1:100', $phase, 'modify', XARVAR_NOT_REQUIRED, XARVAR_PREP_FOR_DISPLAY)) {
        return;
    }
    if (!xarVarFetch('tab', 'str:1:100', $data['tab'], 'general', XARVAR_NOT_REQUIRED)) {
        return;
    }
    $data['module_settings'] = xarMod::apiFunc('base', 'admin', 'getmodulesettings', array('module' => 'wurfl'));
    $data['module_settings']->setFieldList('items_per_page, use_module_alias, module_alias_name, enable_short_urls');
    $data['module_settings']->getItem();
    switch (strtolower($phase)) {
        case 'modify':
        default:
            switch ($data['tab']) {
                case 'general':
                    break;
                case 'tab2':
                    break;
                case 'tab3':
                    break;
                default:
                    break;
            }
            break;
        case 'update':
            // Confirm authorisation code
            if (!xarSecConfirmAuthKey()) {
                return;
            }
            switch ($data['tab']) {
                case 'general':
                    $isvalid = $data['module_settings']->checkInput();
                    if (!$isvalid) {
                        return xarTplModule('wurfl', 'admin', 'modifyconfig', $data);
                    } else {
                        $itemid = $data['module_settings']->updateItem();
                    }
                    break;
                case 'tab2':
                    break;
                case 'tab3':
                    break;
                default:
                    break;
            }
            xarController::redirect(xarModURL('wurfl', 'admin', 'modifyconfig', array('tab' => $data['tab'])));
            // Return
            return true;
            break;
    }
    $data['authid'] = xarSecGenAuthKey();
    return $data;
}
Beispiel #13
0
function publications_admin_templates_page($args)
{
    if (!xarSecurityCheck('AdminPublications')) {
        return;
    }
    extract($args);
    if (!xarVarFetch('confirm', 'int', $confirm, 0, XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('ptid', 'id', $data['ptid'], 0, XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('itemid', 'id', $data['itemid'], 0, XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('file', 'str', $data['file'], 'summary', XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('source_data', 'str', $data['source_data'], '', XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (empty($data['itemid']) || empty($data['ptid'])) {
        return xarResponse::NotFound();
    }
    $pubtypeobject = DataObjectMaster::getObject(array('name' => 'publications_types'));
    $pubtypeobject->getItem(array('itemid' => $data['ptid']));
    $pubtype = explode('_', $pubtypeobject->properties['name']->value);
    $pubtype = isset($pubtype[1]) ? $pubtype[1] : $pubtype[0];
    $data['object'] = DataObjectMaster::getObject(array('name' => $pubtypeobject->properties['name']->value));
    $basepath = sys::code() . "modules/publications/xartemplates/objects/" . $pubtype;
    $sourcefile = $basepath . "/" . $data['file'] . "_" . $data['itemid'] . ".xt";
    $overridepath = "themes/" . xarModVars::get('themes', 'default_theme') . "/modules/publications/objects/" . $pubtype;
    $overridefile = $overridepath . "/" . $data['file'] . "-" . $data['itemid'] . ".xt";
    // If we are saving, write the file now
    if ($confirm && !empty($data['source_data'])) {
        xarMod::apiFunc('publications', 'admin', 'write_file', array('file' => $overridefile, 'data' => $data['source_data']));
    }
    // Let the template know what kind of file this is
    if (file_exists($overridefile)) {
        $data['filetype'] = 'theme';
        $filepath = $overridefile;
        $data['writable'] = is_writable($overridefile);
    } else {
        $data['filetype'] = 'module';
        $filepath = $sourcefile;
        $data['writable'] = is_writeable_dir($overridepath);
    }
    $data['source_data'] = trim(xarMod::apiFunc('publications', 'admin', 'read_file', array('file' => $filepath)));
    // Initialize the template
    if (empty($data['source_data'])) {
        $data['source_data'] = '<xar:template xmlns:xar="http://xaraya.com/2004/blocklayout">';
        $data['source_data'] .= "\n";
        $data['source_data'] .= "\n" . '</xar:template>';
    }
    $data['files'] = array(array('id' => 'summary', 'name' => 'summary display'), array('id' => 'detail', 'name' => 'detail display'));
    return $data;
}
Beispiel #14
0
function calendar_admin_viewevents($args)
{
    if (!xarSecurityCheck('EditCalendar')) {
        return;
    }
    $data['object'] = xarMod::apiFunc('dynamicdata', 'user', 'getobjectlist', array('name' => 'calendar_event'));
    $data['object']->getItems();
    return xarTplModule('calendar', 'admin', 'view', $data);
}
Beispiel #15
0
/**
 * Import an object definition or an object item from XML
 */
function publications_admin_importpubtype($args)
{
    if (!xarSecurityCheck('AdminPublications')) {
        return;
    }
    if (!xarVarFetch('import', 'isset', $import, NULL, XARVAR_DONT_SET)) {
        return;
    }
    if (!xarVarFetch('xml', 'isset', $xml, NULL, XARVAR_DONT_SET)) {
        return;
    }
    extract($args);
    $data = array();
    $data['menutitle'] = xarML('Dynamic Data Utilities');
    $data['warning'] = '';
    $data['options'] = array();
    $basedir = 'modules/publications';
    $filetype = 'xml';
    $files = xarModAPIFunc('dynamicdata', 'admin', 'browse', array('basedir' => $basedir, 'filetype' => $filetype));
    if (!isset($files) || count($files) < 1) {
        $files = array();
        $data['warning'] = xarML('There are currently no XML files available for import in "#(1)"', $basedir);
    }
    if (!empty($import) || !empty($xml)) {
        if (!xarSecConfirmAuthKey()) {
            return;
        }
        if (!empty($import)) {
            $found = '';
            foreach ($files as $file) {
                if ($file == $import) {
                    $found = $file;
                    break;
                }
            }
            if (empty($found) || !file_exists($basedir . '/' . $file)) {
                $msg = xarML('File not found');
                throw new BadParameterException(null, $msg);
            }
            $ptid = xarModAPIFunc('publications', 'admin', 'importpubtype', array('file' => $basedir . '/' . $file));
        } else {
            $ptid = xarModAPIFunc('publications', 'admin', 'importpubtype', array('xml' => $xml));
        }
        if (empty($ptid)) {
            return;
        }
        $data['warning'] = xarML('Publication type #(1) was successfully imported', $ptid);
    }
    natsort($files);
    array_unshift($files, '');
    foreach ($files as $file) {
        $data['options'][] = array('id' => $file, 'name' => $file);
    }
    $data['authid'] = xarSecGenAuthKey();
    return $data;
}
Beispiel #16
0
/**
 * Main user GUI function, entry point
 *
 */
function wurfl_user_main()
{
    // Security Check
    if (!xarSecurityCheck('ReadWurfl')) {
        return;
    }
    // success
    return array();
    //true;
}
Beispiel #17
0
/**
 *  List the product attributes 
 */
function shop_admin_attributes()
{
    if (!xarVarFetch('startnum', 'isset', $data['startnum'], NULL, XARVAR_DONT_SET)) {
        return;
    }
    if (!xarVarFetch('user_id', 'isset', $user_id, NULL, XARVAR_DONT_SET)) {
        return;
    }
    $objectname = 'shop_attributes';
    $data['objectname'] = $objectname;
    // Security check - important to do this as early as possible to avoid
    // potential security holes or just too much wasted processing
    if (!xarSecurityCheck('AdminShop')) {
        return;
    }
    $data['items_per_page'] = xarModVars::get('shop', 'items_per_page');
    // Load the DD master object class. This line will likely disappear in future versions
    sys::import('modules.dynamicdata.class.objects.master');
    // Get the object label for the template
    $object = DataObjectMaster::getObject(array('name' => $objectname));
    $data['label'] = $object->label;
    // Get the fields to display in the admin interface
    $config = $object->configuration;
    if (!empty($config['adminfields'])) {
        $data['adminfields'] = $config['adminfields'];
    } else {
        $data['adminfields'] = array_keys($object->getProperties());
    }
    // Get the object we'll be working with. Note this is a so called object list
    $mylist = DataObjectMaster::getObjectList(array('name' => $objectname));
    // Load the DD master property class. This line will likely disappear in future versions
    sys::import('modules.dynamicdata.class.properties.master');
    $data['sort'] = xarMod::ApiFunc('shop', 'admin', 'sort', array('sortfield_fallback' => 'ID', 'ascdesc_fallback' => 'ASC'));
    // We have some filters for the items
    $filters = array('startnum' => $data['startnum'], 'status' => DataPropertyMaster::DD_DISPLAYSTATE_ACTIVE, 'sort' => $data['sort']);
    if (isset($user_id)) {
        $filters['where'] = 'user_id eq ' . $user_id;
    }
    // Get the items
    $items = $mylist->getItems($filters);
    if (isset($user_id)) {
        // Get the object we'll be working with. Note this is a so called object list
        $mylist2 = DataObjectMaster::getObjectList(array('name' => 'shop_customers'));
        $filters = array();
        if (isset($user_id)) {
            $filters['where'] = 'ID eq ' . $user_id;
        }
        $items2 = $mylist2->getItems($filters);
        $data['fname'] = $items2[$user_id]['FirstName'];
        $data['lname'] = $items2[$user_id]['LastName'];
    }
    $data['mylist'] = $mylist;
    // Return the template variables defined in this function
    return $data;
}
Beispiel #18
0
/**
 * Overview displays standard Overview page
 */
function publications_admin_overview()
{
    /* Security Check */
    if (!xarSecurityCheck('EditPublications', 0)) {
        return;
    }
    $data = array();
    /* if there is a separate overview function return data to it
     * else just call the main function that usually displays the overview 
     */
    return xarTplModule('publications', 'admin', 'main', $data, 'main');
}
Beispiel #19
0
function publications_admin_stylesheet_type($args)
{
    if (!xarSecurityCheck('AdminPublications')) {
        return;
    }
    extract($args);
    if (!xarVarFetch('confirm', 'int', $confirm, 0, XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('ptid', 'id', $data['ptid'], xarModVars::get('publications', 'defaultpubtype'), XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('file', 'str', $data['file'], '', XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('source_data', 'str', $data['source_data'], '', XARVAR_NOT_REQUIRED)) {
        return;
    }
    $pubtypeobject = DataObjectMaster::getObject(array('name' => 'publications_types'));
    $pubtypeobject->getItem(array('itemid' => $data['ptid']));
    $pubtype = explode('_', $pubtypeobject->properties['name']->value);
    $pubtype = isset($pubtype[1]) ? $pubtype[1] : $pubtype[0];
    $data['object'] = DataObjectMaster::getObject(array('name' => $pubtypeobject->properties['name']->value));
    $basepath = sys::code() . "modules/publications/xarstyles";
    $sourcefile = $basepath . "/" . $data['file'] . ".css";
    $overridepath = "themes/" . xarModVars::get('themes', 'default_theme') . "/modules/publications/style";
    $overridefile = $overridepath . "/" . $data['file'] . ".css";
    // If we are saving, write the file now
    if ($confirm && !empty($data['file']) && !empty($data['source_data'])) {
        xarMod::apiFunc('publications', 'admin', 'write_file', array('file' => $overridefile, 'data' => $data['source_data']));
    }
    // Let the template know what kind of file this is
    if (empty($data['file'])) {
        $data['filetype'] = 'empty';
        $filepath = '';
        $data['writable'] = 0;
    } elseif (file_exists($overridefile)) {
        $data['filetype'] = 'theme';
        $filepath = $overridefile;
        $data['writable'] = is_writable($overridefile);
    } elseif (file_exists($sourcefile)) {
        $data['filetype'] = 'module';
        $filepath = $sourcefile;
        $data['writable'] = is_writeable_dir($overridepath);
    } else {
        $data['filetype'] = 'unknown';
        $filepath = $overridefile;
        $data['writable'] = is_writeable_dir($overridepath);
    }
    $data['source_data'] = trim(xarMod::apiFunc('publications', 'admin', 'read_file', array('file' => $filepath)));
    return $data;
}
Beispiel #20
0
function calendar_admin_view_calendars()
{
    // Security check
    if (!xarSecurityCheck('Admincalendar')) {
        return;
    }
    // Generate a one-time authorisation code for this operation
    $data['authid'] = xarSecGenAuthKey();
    $data['default_cal'] = unserialize(xarModVars::get('calendar', 'default_cal'));
    // Return the template variables defined in this function
    $data['calendars'] = xarMod::apiFunc('calendar', 'user', 'getall');
    return $data;
}
Beispiel #21
0
/**
 * Main admin GUI function, entry point
 *
 */
function wurfl_admin_main()
{
    if (!xarSecurityCheck('ManageWurfl')) {
        return;
    }
    if (xarModVars::get('modules', 'disableoverview') == 0) {
        return array();
    } else {
        xarController::redirect(xarModURL('wurfl', 'admin', 'modifyconfig'));
    }
    // success
    return true;
}
Beispiel #22
0
/**
 *  Create a new product
 */
function shop_admin_newproduct()
{
    // See if the current user has the privilege to add an item. We cannot pass any extra arguments here
    if (!xarSecurityCheck('Addshop')) {
        return;
    }
    if (!xarVarFetch('objectid', 'id', $data['objectid'], NULL, XARVAR_DONT_SET)) {
        return;
    }
    $objectname = 'shop_products';
    $data['objectname'] = $objectname;
    // Load the DD master object class. This line will likely disappear in future versions
    sys::import('modules.dynamicdata.class.objects.master');
    $object = DataObjectMaster::getObject(array('name' => $objectname));
    $data['label'] = $object->label;
    $data['object'] = $object;
    // Check if we are in 'preview' mode from the input here - the rest is handled by checkInput()
    // Here we are testing for a button clicked, so we test for a string
    if (!xarVarFetch('preview', 'str', $data['preview'], NULL, XARVAR_DONT_SET)) {
        return;
    }
    // Check if we are submitting the form
    // Here we are testing for a hidden field we define as true on the template, so we can use a boolean (true/false)
    if (!xarVarFetch('confirm', 'bool', $data['confirm'], false, XARVAR_NOT_REQUIRED)) {
        return;
    }
    if ($data['confirm']) {
        // Check for a valid confirmation key. The value is automatically gotten from the template
        if (!xarSecConfirmAuthKey()) {
            return xarTplModule('privileges', 'user', 'errors', array('layout' => 'bad_author'));
        }
        // Get the data from the form and see if it is all valid
        // Either way the values are now stored in the object
        $isvalid = $data['object']->checkInput();
        if (!$isvalid) {
            // Bad data: redisplay the form with the data we picked up and with error messages
            return xarTplModule('shop', 'admin', 'newproduct', $data);
        } elseif (isset($data['preview'])) {
            // Show a preview, same thing as the above essentially
            return xarTplModule('shop', 'admin', 'newproduct', $data);
        } else {
            $itemid = $data['object']->createItem();
            // Jump to the next page
            xarResponse::redirect(xarModURL('shop', 'admin', 'products'));
            return true;
        }
    }
    // Return the template variables defined in this function
    return $data;
}
Beispiel #23
0
function publications_admin_create()
{
    if (!xarVarFetch('ptid', 'id', $data['ptid'])) {
        return;
    }
    if (!xarVarFetch('new_cids', 'array', $cids, NULL, XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('preview', 'str', $data['preview'], NULL, XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('save', 'str', $save, NULL, XARVAR_NOT_REQUIRED)) {
        return;
    }
    // Confirm authorisation code
    // This has been disabled for now
    // if (!xarSecConfirmAuthKey()) return;
    $data['items'] = array();
    $pubtypeobject = DataObjectMaster::getObject(array('name' => 'publications_types'));
    $pubtypeobject->getItem(array('itemid' => $data['ptid']));
    $data['object'] = DataObjectMaster::getObject(array('name' => $pubtypeobject->properties['name']->value));
    $isvalid = $data['object']->checkInput();
    $data['settings'] = xarModAPIFunc('publications', 'user', 'getsettings', array('ptid' => $data['ptid']));
    if ($data['preview'] || !$isvalid) {
        // Show debug info if called for
        if (!$isvalid && xarModVars::get('publications', 'debugmode') && in_array(xarUserGetVar('uname'), xarConfigVars::get(null, 'Site.User.DebugAdmins'))) {
            var_dump($data['object']->getInvalids());
        }
        // Preview or bad data: redisplay the form
        $data['properties'] = $data['object']->getProperties();
        if ($data['preview']) {
            $data['tab'] = 'preview';
        }
        return xarTplModule('publications', 'admin', 'new', $data);
    }
    // Create the object
    $id = $data['object']->createItem();
    // if we can edit publications, go to admin view, otherwise go to user view
    if (xarSecurityCheck('EditPublications', 0, 'Publication', $data['ptid'] . ':All:All:All')) {
        // Redirect if we came from somewhere else
        $cuurent_listview = xarSession::getVar('publications_current_listview');
        if (!empty($cuurent_listview)) {
            xarController::redirect($cuurent_listview);
        }
        xarController::redirect(xarModURL('publications', 'admin', 'view', array('ptid' => $data['ptid'])));
    } else {
        xarController::redirect(xarModURL('publications', 'user', 'view', array('ptid' => $data['ptid'])));
    }
    return true;
}
Beispiel #24
0
/**
 * Delete a publication type
 *
 * @param $args['ptid'] ID of the publication type
 * @return bool true on success, false on failure
 */
function publications_adminapi_deletepubtype($args)
{
    // Get arguments from argument array
    extract($args);
    // Argument check - make sure that all required arguments are present
    // and in the right format, if not then set an appropriate error
    // message and return
    if (!isset($ptid) || !is_numeric($ptid) || $ptid < 1) {
        $msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', 'publication type ID', 'admin', 'deletepubtype', 'Publications');
        throw new BadParameterException(null, $msg);
    }
    // Security check - we require ADMIN rights here
    if (!xarSecurityCheck('AdminPublications', 1, 'Publication', "{$ptid}:All:All:All")) {
        return;
    }
    // Load user API to obtain item information function
    if (!xarModAPILoad('publications', 'user')) {
        return;
    }
    // Get current publication types
    $pubtypes = xarModAPIFunc('publications', 'user', 'get_pubtypes');
    if (!isset($pubtypes[$ptid])) {
        $msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', 'publication type ID', 'admin', 'deletepubtype', 'Publications');
        throw new BadParameterException(null, $msg);
    }
    // Get database setup
    $dbconn = xarDB::getConn();
    $xartable = xarDB::getTables();
    $pubtypestable = $xartable['publication_types'];
    // Delete the publication type
    $query = "DELETE FROM {$pubtypestable}\n            WHERE pubtype_id = ?";
    $result =& $dbconn->Execute($query, array($ptid));
    if (!$result) {
        return;
    }
    $publicationstable = $xartable['publications'];
    // Delete all publications for this publication type
    $query = "DELETE FROM {$publicationstable}\n            WHERE pubtype_id = ?";
    $result =& $dbconn->Execute($query, array($ptid));
    if (!$result) {
        return;
    }
    // TODO: call some kind of itemtype delete hooks here, once we have those
    //xarModCallHooks('itemtype', 'delete', $ptid,
    //                array('module' => 'publications',
    //                      'itemtype' =>'ptid'));
    return true;
}
Beispiel #25
0
function mailer_user_view_mailer()
{
    if (!xarSecurityCheck('ReadMailer')) {
        return;
    }
    if (!xarVarFetch('name', 'str', $name, 'mailer_mails', XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('itemid', 'int', $data['itemid'], 0, XARVAR_NOT_REQUIRED)) {
        return;
    }
    $data['object'] = DataObjectMaster::getObject(array('name' => $name));
    $data['object']->getItem(array('itemid' => $data['itemid']));
    $data['tplmodule'] = 'mailer';
    return $data;
}
Beispiel #26
0
/**
 * Call a test page
 *
 */
function wurfl_admin_test()
{
    if (!xarSecurityCheck('ManageWurfl')) {
        return;
    }
    sys::import('modules.wurfl.wurfl_init');
    $wurflManager = wurfl_init();
    $data['wurflInfo'] = $wurflManager->getWURFLInfo();
    if (!xarVarFetch('ua', 'str', $data['ua'], '', XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('mode', 'str', $data['mode'], 'performance', XARVAR_NOT_REQUIRED)) {
        return;
    }
    $data['requestingDevice'] = xarMod::apiFunc('wurfl', 'user', 'get_device', array('ua' => $data['ua'], 'mode' => $data['mode']));
    if (empty($data['ua'])) {
        $data['ua'] = $_SERVER['HTTP_USER_AGENT'];
    }
    return $data;
}
Beispiel #27
0
function publications_user_create()
{
    if (!xarVarFetch('ptid', 'id', $data['ptid'])) {
        return;
    }
    if (!xarVarFetch('new_cids', 'array', $cids, NULL, XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('preview', 'str', $data['preview'], NULL, XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('save', 'str', $save, NULL, XARVAR_NOT_REQUIRED)) {
        return;
    }
    // Confirm authorisation code
    // This has been disabled for now
    //    if (!xarSecConfirmAuthKey()) return;
    $data['items'] = array();
    $pubtypeobject = DataObjectMaster::getObject(array('name' => 'publications_types'));
    $pubtypeobject->getItem(array('itemid' => $data['ptid']));
    $data['object'] = DataObjectMaster::getObject(array('name' => $pubtypeobject->properties['name']->value));
    $isvalid = $data['object']->checkInput();
    $data['settings'] = xarModAPIFunc('publications', 'user', 'getsettings', array('ptid' => $data['ptid']));
    if ($data['preview'] || $isvalid) {
        // Preview or bad data: redisplay the form
        $data['properties'] = $data['object']->getProperties();
        if ($data['preview']) {
            $data['tab'] = 'preview';
        }
        return xarTplModule('publications', 'user', 'new', $data);
    }
    // Create the object
    $id = $data['object']->createItem();
    // if we can edit publications, go to admin view, otherwise go to user view
    if (xarSecurityCheck('EditPublications', 0, 'Publication', $data['ptid'] . ':All:All:All')) {
        xarResponse::redirect(xarModURL('publications', 'admin', 'view', array('ptid' => $data['ptid'])));
    } else {
        xarResponse::redirect(xarModURL('publications', 'user', 'view', array('ptid' => $data['ptid'])));
    }
    return true;
}
Beispiel #28
0
/**
 * Display a product
 */
function shop_user_product($args)
{
    if (!xarVarFetch('itemid', 'id', $itemid, NULL, XARVAR_DONT_SET)) {
        return;
    }
    extract($args);
    if (!empty($objectid)) {
        $itemid = $objectid;
    }
    if (empty($itemid)) {
        $msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', 'item id', 'user', 'display', 'shop');
        throw new Exception($msg);
    }
    // Make sure user has read privileges for the item
    if (!xarSecurityCheck('ReadShop', 1, 'Item', $itemid)) {
        return;
    }
    // Load the DD master object class. This line will likely disappear in future versions
    sys::import('modules.dynamicdata.class.objects.master');
    // Get the object definition we'll be working with
    $object = DataObjectMaster::getObject(array('name' => 'shop_products'));
    $data['object'] = $object;
    //We don't really have the item until we call getItem()
    $some_id = $object->getItem(array('itemid' => $itemid));
    //Make sure we got something
    if (!isset($some_id) || $some_id != $itemid) {
        return;
    }
    //Get the property names and values for the item with the getFieldValues() method
    $values = $object->getFieldValues();
    $data['itemid'] = $itemid;
    //$values is an associative array of property names and values, so...
    foreach ($values as $name => $value) {
        $data[$name] = xarVarPrepForDisplay($value);
    }
    $data['editurl'] = '';
    if (xarSecurityCheck('EditShop', 1)) {
        $data['editurl'] = xarModURL('shop', 'admin', 'modify', array('itemid' => $itemid, 'name' => 'shop_products'));
    }
    return xarTplModule('shop', 'user', 'product', $data);
}
Beispiel #29
0
/**
 * Publications Module
 *
 * @package modules
 * @subpackage publications module
 * @category Third Party Xaraya Module
 * @version 2.0.0
 * @license GPL {@link http://www.gnu.org/licenses/gpl.html}
 * @author mikespub
 */
function publications_adminapi_browse($args)
{
    // Get arguments from argument array
    extract($args);
    // Argument check - make sure that all required arguments are present
    // and in the right format, if not then set an appropriate error
    // message and return
    if (empty($basedir) || empty($filetype)) {
        $msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', 'base directory', 'admin', 'browse', 'Publications');
        throw new BadParameterException(null, $msg);
    }
    $filelist = array();
    // Security Check
    if (!xarSecurityCheck('SubmitPublications', 0)) {
        return $filelist;
    }
    // not supported under safe_mode
    @set_time_limit(120);
    $todo = array();
    $basedir = realpath($basedir);
    array_push($todo, $basedir);
    while (count($todo) > 0) {
        $curdir = array_shift($todo);
        if ($dir = @opendir($curdir)) {
            while (($file = @readdir($dir)) !== false) {
                $curfile = $curdir . '/' . $file;
                if (preg_match("/\\.{$filetype}\$/", $file) && is_file($curfile) && filesize($curfile) > 0) {
                    $curfile = preg_replace('#' . preg_quote($basedir, '#') . '/#', '', $curfile);
                    $filelist[] = $curfile;
                } elseif ($file != '.' && $file != '..' && is_dir($curfile)) {
                    array_push($todo, $curfile);
                }
            }
            closedir($dir);
        }
    }
    natsort($filelist);
    return $filelist;
}
Beispiel #30
0
function wurfl_admin_new()
{
    if (!xarSecurityCheck('AddWurfl')) {
        return;
    }
    if (!xarVarFetch('name', 'str', $name, 'wurfl_wurfl', XARVAR_NOT_REQUIRED)) {
        return;
    }
    if (!xarVarFetch('confirm', 'bool', $data['confirm'], false, XARVAR_NOT_REQUIRED)) {
        return;
    }
    $data['object'] = DataObjectMaster::getObject(array('name' => $name));
    $data['tplmodule'] = 'wurfl';
    $data['authid'] = xarSecGenAuthKey('wurfl');
    if ($data['confirm']) {
        // we only retrieve 'preview' from the input here - the rest is handled by checkInput()
        if (!xarVarFetch('preview', 'str', $preview, NULL, XARVAR_DONT_SET)) {
            return;
        }
        // Check for a valid confirmation key
        if (!xarSecConfirmAuthKey()) {
            return;
        }
        // Get the data from the form
        $isvalid = $data['object']->checkInput();
        if (!$isvalid) {
            // Bad data: redisplay the form with error messages
            return xarTplModule('wurfl', 'admin', 'new', $data);
        } else {
            // Good data: create the item
            $itemid = $data['object']->createItem();
            // Jump to the next page
            xarController::redirect(xarModURL('wurfl', 'admin', 'view'));
            return true;
        }
    }
    return $data;
}