function wurfl_admin_delete()
{
if (!xarSecurityCheck('ManageWurfl')) {
return;
}
if (!xarVarFetch('name', 'str:1', $name, 'wurfl_wurfl', XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('itemid', 'int', $data['itemid'], '', XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('confirm', 'str:1', $data['confirm'], false, XARVAR_NOT_REQUIRED)) {
return;
}
$data['object'] = DataObjectMaster::getObject(array('name' => $name));
$data['object']->getItem(array('itemid' => $data['itemid']));
$data['tplmodule'] = 'wurfl';
$data['authid'] = xarSecGenAuthKey('wurfl');
if ($data['confirm']) {
// Check for a valid confirmation key
if (!xarSecConfirmAuthKey()) {
return;
}
// Delete the item
$item = $data['object']->deleteItem();
// Jump to the next page
xarController::redirect(xarModURL('wurfl', 'admin', 'view'));
return true;
}
return $data;
}
/**
* Get products
*/
function shop_userapi_getproducts($args)
{
$startnum = 1;
extract($args);
if (!xarSecurityCheck('ViewShop')) {
return;
}
if (!isset($items_per_page)) {
$items_per_page = xarModVars::get('shop', 'items_per_page');
}
$data['items_per_page'] = $items_per_page;
// Load the DD master object class. This line will likely disappear in future versions
sys::import('modules.dynamicdata.class.objects.master');
sys::import('modules.dynamicdata.class.properties.master');
// Get the object we'll be working with. Note this is a so called object list
$mylist = DataObjectMaster::getObjectList(array('name' => 'shop_products'));
$data['sort'] = xarMod::ApiFunc('shop', 'admin', 'sort', array('sortfield_fallback' => 'id', 'ascdesc_fallback' => 'ASC'));
// We have some filters for the items
$filters = array('startnum' => $startnum, 'status' => DataPropertyMaster::DD_DISPLAYSTATE_ACTIVE, 'sort' => $data['sort']);
if (isset($where)) {
$filters['where'] = $where;
}
// Get the items
$products = $mylist->getItems($filters);
// return the products
$data['products'] = $products;
// Return the template variables defined in this function
return $data;
}
function calendar_admin_add_event()
{
// Security check
if (!xarSecurityCheck('Admincalendar')) {
return;
}
// Generate a one-time authorisation code for this operation
$data = xarMod::apiFunc('calendar', 'admin', 'get_calendars');
$data['authid'] = xarSecGenAuthKey();
$data['default_cal'] = unserialize(xarModVars::get('calendar', 'default_cal'));
// Variables from phpIcalendar config.inc.php
$data['updatebutton'] = xarVarPrepForDisplay(xarML('Create event'));
//TODO: should I include this stuff? --amoro
/* $hooks = xarModCallHooks('module', 'modifyconfig', 'calendar',
array('module' => 'calendar'));
if (empty($hooks)) {
$data['hooks'] = '';
} elseif (is_array($hooks)) {
$data['hooks'] = join('', $hooks);
} else {
$data['hooks'] = $hooks;
}
*/
// Return the template variables defined in this function
return $data;
}
/**
* view statistics
*/
function publications_admin_stats($args = array())
{
if (!xarSecurityCheck('AdminPublications')) {
return;
}
if (!xarVarFetch('group', 'isset', $group, array(), XARVAR_NOT_REQUIRED)) {
return;
}
extract($args);
if (!empty($group)) {
$newgroup = array();
foreach ($group as $field) {
if (empty($field)) {
continue;
}
$newgroup[] = $field;
}
$group = $newgroup;
}
if (empty($group)) {
$group = array('pubtype_id', 'state', 'owner');
}
$data = array();
$data['group'] = $group;
$data['stats'] = xarModAPIFunc('publications', 'admin', 'getstats', array('group' => $group));
$data['pubtypes'] = xarModAPIFunc('publications', 'user', 'get_pubtypes');
$data['statelist'] = xarModAPIFunc('publications', 'user', 'getstates');
$data['fields'] = array('pubtype_id' => xarML('Publication Type'), 'state' => xarML('Status'), 'owner' => xarML('Author'), 'pubdate_year' => xarML('Publication Year'), 'pubdate_month' => xarML('Publication Month'), 'pubdate_day' => xarML('Publication Day'), 'locale' => xarML('Language'));
return $data;
}
function publications_admin_modify_pubtype($args)
{
if (!xarSecurityCheck('AdminPublications')) {
return;
}
extract($args);
// Get parameters
if (!xarVarFetch('itemid', 'isset', $data['itemid'], NULL, XARVAR_DONT_SET)) {
return;
}
if (!xarVarFetch('returnurl', 'str:1', $data['returnurl'], 'view', XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('name', 'str:1', $name, '', XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('tab', 'str:1', $data['tab'], '', XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('confirm', 'bool', $data['confirm'], false, XARVAR_NOT_REQUIRED)) {
return;
}
if (empty($name) && empty($itemid)) {
return xarResponse::NotFound();
}
// Get our object
$data['object'] = DataObjectMaster::getObject(array('name' => 'publications_types'));
if (!empty($data['itemid'])) {
$data['object']->getItem(array('itemid' => $data['itemid']));
} else {
$type_list = DataObjectMaster::getObjectList(array('name' => 'publications_types'));
$where = 'name = ' . $name;
$items = $type_list->getItems(array('where' => $where));
$item = current($items);
$data['object']->getItem(array('itemid' => $item['id']));
}
// Send the publication type and the object properties to the template
$data['properties'] = $data['object']->getProperties();
// Get the settings of the publication type we are using
$data['settings'] = xarModAPIFunc('publications', 'user', 'getsettings', array('ptid' => $data['itemid']));
if ($data['confirm']) {
// Check for a valid confirmation key
if (!xarSecConfirmAuthKey()) {
return;
}
// Get the data from the form
$isvalid = $data['object']->checkInput();
if (!$isvalid) {
// Bad data: redisplay the form with error messages
return xarTplModule('publications', 'admin', 'modify_pubtype', $data);
} else {
// Good data: create the item
$itemid = $data['object']->updateItem(array('itemid' => $data['itemid']));
// Jump to the next page
xarController::redirect(xarModURL('publications', 'admin', 'view_pubtypes'));
return true;
}
}
return $data;
}
/**
* View items of the wurfl object
*
*/
function wurfl_admin_view($args)
{
if (!xarSecurityCheck('ManageWurfl')) {
return;
}
$modulename = 'wurfl';
// Define which object will be shown
if (!xarVarFetch('objectname', 'str', $objectname, null, XARVAR_DONT_SET)) {
return;
}
if (!empty($objectname)) {
xarModUserVars::set($modulename, 'defaultmastertable', $objectname);
}
// Set a return url
xarSession::setVar('ddcontext.' . $modulename, array('return_url' => xarServer::getCurrentURL()));
// Get the available dropdown options
$object = DataObjectMaster::getObjectList(array('objectid' => 1));
$data['objectname'] = xarModUserVars::get($modulename, 'defaultmastertable');
$items = $object->getItems();
$options = array();
foreach ($items as $item) {
if (strpos($item['name'], $modulename) !== false) {
$options[] = array('id' => $item['name'], 'name' => $item['name']);
}
}
$data['options'] = $options;
return $data;
}
/**
* Publications Module
*
* @package modules
* @subpackage publications module
* @category Third Party Xaraya Module
* @version 2.0.0
* @copyright (C) 2011 Netspan AG
* @license GPL {@link http://www.gnu.org/licenses/gpl.html}
* @author Marc Lutolf <*****@*****.**>
*/
function publications_user_view_pages($args)
{
extract($args);
if (!xarSecurityCheck('ManagePublications')) {
return;
}
// Accept a parameter to allow selection of a single tree.
xarVarFetch('contains', 'id', $contains, 0, XARVAR_NOT_REQUIRED);
$data = xarMod::apiFunc('publications', 'user', 'getpagestree', array('key' => 'index', 'dd_flag' => false, 'tree_contains_pid' => $contains));
if (empty($data['pages'])) {
// TODO: pass to template.
return $data;
//xarML('NO PAGES DEFINED');
} else {
$data['pages'] = xarMod::apiFunc('publications', 'tree', 'array_maptree', $data['pages']);
}
$data['contains'] = $contains;
// Check modify and delete privileges on each page.
// EditPage - allows basic changes, but no moving or renaming (good for sub-editors who manage content)
// AddPage - new pages can be added (further checks may limit it to certain page types)
// DeletePage - page can be renamed, moved and deleted
if (!empty($data['pages'])) {
// Bring in the access property for security checks
sys::import('modules.dynamicdata.class.properties.master');
$accessproperty = DataPropertyMaster::getProperty(array('name' => 'access'));
$accessproperty->module = 'publications';
$accessproperty->component = 'Page';
foreach ($data['pages'] as $key => $page) {
$thisinstance = $page['name'] . ':' . $page['ptid']['name'];
// Do we have admin access?
$args = array('instance' => $thisinstance, 'level' => 800);
$adminaccess = $accessproperty->check($args);
// Decide whether this page can be modified by the current user
/*try {
$args = array(
'instance' => $thisinstance,
'group' => $page['access']['modify_access']['group'],
'level' => $page['access']['modify_access']['level'],
);
} catch (Exception $e) {
$args = array();
}*/
$data['pages'][$key]['edit_allowed'] = $adminaccess || $accessproperty->check($args);
/*
// Decide whether this page can be deleted by the current user
try {
$args = array(
'instance' => $thisinstance,
'group' => $page['access']['delete_access']['group'],
'level' => $page['access']['delete_access']['level'],
);
} catch (Exception $e) {
$args = array();
}*/
$data['pages'][$key]['delete_allowed'] = $adminaccess || $accessproperty->check($args);
}
}
return $data;
}
/**
* Modify a customer
*/
function shop_admin_modifycustomer()
{
if (!xarVarFetch('itemid', 'id', $data['itemid'], NULL, XARVAR_DONT_SET)) {
return;
}
if (!xarVarFetch('confirm', 'bool', $data['confirm'], false, XARVAR_NOT_REQUIRED)) {
return;
}
$objectname = 'shop_customers';
$data['objectname'] = $objectname;
// Check if we still have no id of the item to modify.
if (empty($data['itemid'])) {
$msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', 'item id', 'admin', 'modify', 'shop');
throw new Exception($msg);
}
if (!xarSecurityCheck('AdminShop', 1, 'Item', $data['itemid'])) {
return;
}
sys::import('modules.dynamicdata.class.objects.master');
$object = DataObjectMaster::getObject(array('name' => $objectname));
$data['object'] = $object;
$data['label'] = $object->label;
$object->getItem(array('itemid' => $data['itemid']));
$values = $object->getFieldValues();
foreach ($values as $name => $value) {
$data[$name] = xarVarPrepForDisplay($value);
}
$rolesobject = DataObjectMaster::getObject(array('name' => 'roles_users'));
$rolesobject->getItem(array('itemid' => $data['itemid']));
if ($data['confirm']) {
// Check for a valid confirmation key
if (!xarSecConfirmAuthKey()) {
return xarTplModule('privileges', 'user', 'errors', array('layout' => 'bad_author'));
}
// Get the data from the form
$isvalid = $object->checkInput();
if (!$isvalid) {
// Bad data: redisplay the form with the data we picked up and with error messages
return xarTplModule('shop', 'admin', 'modifycustomer', $data);
} elseif (isset($data['preview'])) {
// Show a preview, same thing as the above essentially
return xarTplModule('shop', 'admin', 'modifycustomer', $data);
} else {
$first_name = $object->properties['first_name']->getValue();
$last_name = $object->properties['last_name']->getValue();
$rolesobject->properties['name']->setValue($first_name . ' ' . $last_name);
$rolesobject->updateItem();
$object->updateItem();
// Jump to the next page
xarResponse::redirect(xarModURL('shop', 'admin', 'modifycustomer', array('itemid' => $data['itemid'])));
return $data;
}
} else {
// Get that specific item of the object
$object->getItem(array('itemid' => $data['itemid']));
}
// Return the template variables defined in this function
return $data;
}
/**
* get next article
* Note : the following parameters are all optional (except id and ptid)
*
* @param $args['id'] the article ID we want to have the next article of
* @param $args['ptid'] publication type ID (for news, sections, reviews, ...)
* @param $args['sort'] sort order ('date','title','hits','rating',...)
* @param $args['owner'] the ID of the author
* @param $args['state'] array of requested status(es) for the publications
* @param $args['enddate'] publications published before enddate
* (unix timestamp format)
* @return array of article fields, or false on failure
*/
function publications_userapi_getnext($args)
{
// Get arguments from argument array
extract($args);
// Optional argument
if (empty($sort)) {
$sort = 'date';
}
if (!isset($state)) {
// frontpage or approved
$state = array(PUBLICATIONS_STATE_FRONTPAGE, PUBLICATIONS_STATE_APPROVED);
}
// Default fields in publications (for now)
$fields = array('id', 'title');
// Security check
if (!xarSecurityCheck('ViewPublications')) {
return;
}
// Database information
$dbconn = xarDB::getConn();
// Get the field names and LEFT JOIN ... ON ... parts from publications
// By passing on the $args, we can let leftjoin() create the WHERE for
// the publications-specific columns too now
$publicationsdef = xarModAPIFunc('publications', 'user', 'leftjoin', $args);
// Create the query
$query = "SELECT {$publicationsdef['id']}, {$publicationsdef['title']}, {$publicationsdef['pubtype_id']}, {$publicationsdef['owner']}\n FROM {$publicationsdef['table']} WHERE ";
// we rely on leftjoin() to create the necessary publications clauses now
if (!empty($publicationsdef['where'])) {
$query .= " {$publicationsdef['where']} AND ";
}
// Get current article
$current = xarModAPIFunc('publications', 'user', 'get', array('id' => $id));
// Create the ORDER BY part
switch ($sort) {
case 'title':
$query .= $publicationsdef['title'] . ' > ' . $dbconn->qstr($current['title']) . ' ORDER BY ' . $publicationsdef['title'] . ' ASC, ' . $publicationsdef['id'] . ' ASC';
break;
case 'id':
$query .= $publicationsdef['id'] . ' > ' . $current['id'] . ' ORDER BY ' . $publicationsdef['id'] . ' ASC';
break;
case 'data':
default:
$query .= $publicationsdef['pubdate'] . ' > ' . $dbconn->qstr($current['pubdate']) . ' ORDER BY ' . $publicationsdef['pubdate'] . ' ASC, ' . $publicationsdef['id'] . ' ASC';
}
// Run the query - finally :-)
$result =& $dbconn->SelectLimit($query, 1, 0);
if (!$result) {
return;
}
$item = array();
list($item['id'], $item['title'], $item['pubtype_id'], $item['owner']) = $result->fields;
$result->Close();
// TODO: grab categories & check against them too
// check security - don't generate an exception here
if (!xarSecurityCheck('ViewPublications', 0, 'Publication', "{$item['pubtype_id']}:All:{$item['owner']}:{$item['id']}")) {
return array();
}
return $item;
}
function publications_admin_view_pubtypes()
{
if (!xarSecurityCheck('AdminPublications')) {
return;
}
// Return the template variables defined in this function
return array();
}
/**
* Create a new publication type
*
* @param $args['name'] name of the publication type
* @param $args['descr'] description of the publication type
* @param $args['config'] configuration of the publication type
* @return int publication type ID on success, false on failure
*/
function publications_adminapi_createpubtype($args)
{
// Get arguments from argument array
extract($args);
// Argument check - make sure that all required arguments are present
// and in the right format, if not then set an appropriate error
// message and return
// Note : since we have several arguments we want to check here, we'll
// report all those that are invalid at the same time...
$invalid = array();
if (!isset($name) || !is_string($name) || empty($name)) {
$invalid[] = 'name';
}
if (!isset($config) || !is_array($config) || count($config) == 0) {
$invalid[] = 'configuration';
}
if (count($invalid) > 0) {
$msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', join(', ', $invalid), 'admin', 'createpubtype', 'Publications');
throw new BadParameterException(null, $msg);
}
if (empty($descr)) {
$descr = $name;
}
// Publication type names *must* be lower-case for now
$name = strtolower($name);
// Security check - we require ADMIN rights here
if (!xarSecurityCheck('AdminPublications')) {
return;
}
if (!xarModAPILoad('publications', 'user')) {
return;
}
// Make sure we have all the configuration fields we need
$pubfields = xarModAPIFunc('publications', 'user', 'getpubfields');
foreach ($pubfields as $field => $value) {
if (!isset($config[$field])) {
$config[$field] = '';
}
}
// Get database setup
$dbconn = xarDB::getConn();
$xartable = xarDB::getTables();
$pubtypestable = $xartable['publication_types'];
// Get next ID in table
$nextId = $dbconn->GenId($pubtypestable);
// Insert the publication type
$query = "INSERT INTO {$pubtypestable} (pubtype_id, pubtypename,\n pubtypedescr, pubtypeconfig)\n VALUES (?,?,?,?)";
$bindvars = array($nextId, $name, $descr, serialize($config));
$result =& $dbconn->Execute($query, $bindvars);
if (!$result) {
return;
}
// Get ptid to return
$ptid = $dbconn->PO_Insert_ID($pubtypestable, 'pubtype_id');
// Don't call creation hooks here...
//xarModCallHooks('item', 'create', $ptid, 'ptid');
return $ptid;
}
function wurfl_admin_modifyconfig()
{
// Security Check
if (!xarSecurityCheck('AdminWurfl')) {
return;
}
if (!xarVarFetch('phase', 'str:1:100', $phase, 'modify', XARVAR_NOT_REQUIRED, XARVAR_PREP_FOR_DISPLAY)) {
return;
}
if (!xarVarFetch('tab', 'str:1:100', $data['tab'], 'general', XARVAR_NOT_REQUIRED)) {
return;
}
$data['module_settings'] = xarMod::apiFunc('base', 'admin', 'getmodulesettings', array('module' => 'wurfl'));
$data['module_settings']->setFieldList('items_per_page, use_module_alias, module_alias_name, enable_short_urls');
$data['module_settings']->getItem();
switch (strtolower($phase)) {
case 'modify':
default:
switch ($data['tab']) {
case 'general':
break;
case 'tab2':
break;
case 'tab3':
break;
default:
break;
}
break;
case 'update':
// Confirm authorisation code
if (!xarSecConfirmAuthKey()) {
return;
}
switch ($data['tab']) {
case 'general':
$isvalid = $data['module_settings']->checkInput();
if (!$isvalid) {
return xarTplModule('wurfl', 'admin', 'modifyconfig', $data);
} else {
$itemid = $data['module_settings']->updateItem();
}
break;
case 'tab2':
break;
case 'tab3':
break;
default:
break;
}
xarController::redirect(xarModURL('wurfl', 'admin', 'modifyconfig', array('tab' => $data['tab'])));
// Return
return true;
break;
}
$data['authid'] = xarSecGenAuthKey();
return $data;
}
function publications_admin_templates_page($args)
{
if (!xarSecurityCheck('AdminPublications')) {
return;
}
extract($args);
if (!xarVarFetch('confirm', 'int', $confirm, 0, XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('ptid', 'id', $data['ptid'], 0, XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('itemid', 'id', $data['itemid'], 0, XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('file', 'str', $data['file'], 'summary', XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('source_data', 'str', $data['source_data'], '', XARVAR_NOT_REQUIRED)) {
return;
}
if (empty($data['itemid']) || empty($data['ptid'])) {
return xarResponse::NotFound();
}
$pubtypeobject = DataObjectMaster::getObject(array('name' => 'publications_types'));
$pubtypeobject->getItem(array('itemid' => $data['ptid']));
$pubtype = explode('_', $pubtypeobject->properties['name']->value);
$pubtype = isset($pubtype[1]) ? $pubtype[1] : $pubtype[0];
$data['object'] = DataObjectMaster::getObject(array('name' => $pubtypeobject->properties['name']->value));
$basepath = sys::code() . "modules/publications/xartemplates/objects/" . $pubtype;
$sourcefile = $basepath . "/" . $data['file'] . "_" . $data['itemid'] . ".xt";
$overridepath = "themes/" . xarModVars::get('themes', 'default_theme') . "/modules/publications/objects/" . $pubtype;
$overridefile = $overridepath . "/" . $data['file'] . "-" . $data['itemid'] . ".xt";
// If we are saving, write the file now
if ($confirm && !empty($data['source_data'])) {
xarMod::apiFunc('publications', 'admin', 'write_file', array('file' => $overridefile, 'data' => $data['source_data']));
}
// Let the template know what kind of file this is
if (file_exists($overridefile)) {
$data['filetype'] = 'theme';
$filepath = $overridefile;
$data['writable'] = is_writable($overridefile);
} else {
$data['filetype'] = 'module';
$filepath = $sourcefile;
$data['writable'] = is_writeable_dir($overridepath);
}
$data['source_data'] = trim(xarMod::apiFunc('publications', 'admin', 'read_file', array('file' => $filepath)));
// Initialize the template
if (empty($data['source_data'])) {
$data['source_data'] = '<xar:template xmlns:xar="http://xaraya.com/2004/blocklayout">';
$data['source_data'] .= "\n";
$data['source_data'] .= "\n" . '</xar:template>';
}
$data['files'] = array(array('id' => 'summary', 'name' => 'summary display'), array('id' => 'detail', 'name' => 'detail display'));
return $data;
}
function calendar_admin_viewevents($args)
{
if (!xarSecurityCheck('EditCalendar')) {
return;
}
$data['object'] = xarMod::apiFunc('dynamicdata', 'user', 'getobjectlist', array('name' => 'calendar_event'));
$data['object']->getItems();
return xarTplModule('calendar', 'admin', 'view', $data);
}
/**
* Import an object definition or an object item from XML
*/
function publications_admin_importpubtype($args)
{
if (!xarSecurityCheck('AdminPublications')) {
return;
}
if (!xarVarFetch('import', 'isset', $import, NULL, XARVAR_DONT_SET)) {
return;
}
if (!xarVarFetch('xml', 'isset', $xml, NULL, XARVAR_DONT_SET)) {
return;
}
extract($args);
$data = array();
$data['menutitle'] = xarML('Dynamic Data Utilities');
$data['warning'] = '';
$data['options'] = array();
$basedir = 'modules/publications';
$filetype = 'xml';
$files = xarModAPIFunc('dynamicdata', 'admin', 'browse', array('basedir' => $basedir, 'filetype' => $filetype));
if (!isset($files) || count($files) < 1) {
$files = array();
$data['warning'] = xarML('There are currently no XML files available for import in "#(1)"', $basedir);
}
if (!empty($import) || !empty($xml)) {
if (!xarSecConfirmAuthKey()) {
return;
}
if (!empty($import)) {
$found = '';
foreach ($files as $file) {
if ($file == $import) {
$found = $file;
break;
}
}
if (empty($found) || !file_exists($basedir . '/' . $file)) {
$msg = xarML('File not found');
throw new BadParameterException(null, $msg);
}
$ptid = xarModAPIFunc('publications', 'admin', 'importpubtype', array('file' => $basedir . '/' . $file));
} else {
$ptid = xarModAPIFunc('publications', 'admin', 'importpubtype', array('xml' => $xml));
}
if (empty($ptid)) {
return;
}
$data['warning'] = xarML('Publication type #(1) was successfully imported', $ptid);
}
natsort($files);
array_unshift($files, '');
foreach ($files as $file) {
$data['options'][] = array('id' => $file, 'name' => $file);
}
$data['authid'] = xarSecGenAuthKey();
return $data;
}
/**
* Main user GUI function, entry point
*
*/
function wurfl_user_main()
{
// Security Check
if (!xarSecurityCheck('ReadWurfl')) {
return;
}
// success
return array();
//true;
}
/**
* List the product attributes
*/
function shop_admin_attributes()
{
if (!xarVarFetch('startnum', 'isset', $data['startnum'], NULL, XARVAR_DONT_SET)) {
return;
}
if (!xarVarFetch('user_id', 'isset', $user_id, NULL, XARVAR_DONT_SET)) {
return;
}
$objectname = 'shop_attributes';
$data['objectname'] = $objectname;
// Security check - important to do this as early as possible to avoid
// potential security holes or just too much wasted processing
if (!xarSecurityCheck('AdminShop')) {
return;
}
$data['items_per_page'] = xarModVars::get('shop', 'items_per_page');
// Load the DD master object class. This line will likely disappear in future versions
sys::import('modules.dynamicdata.class.objects.master');
// Get the object label for the template
$object = DataObjectMaster::getObject(array('name' => $objectname));
$data['label'] = $object->label;
// Get the fields to display in the admin interface
$config = $object->configuration;
if (!empty($config['adminfields'])) {
$data['adminfields'] = $config['adminfields'];
} else {
$data['adminfields'] = array_keys($object->getProperties());
}
// Get the object we'll be working with. Note this is a so called object list
$mylist = DataObjectMaster::getObjectList(array('name' => $objectname));
// Load the DD master property class. This line will likely disappear in future versions
sys::import('modules.dynamicdata.class.properties.master');
$data['sort'] = xarMod::ApiFunc('shop', 'admin', 'sort', array('sortfield_fallback' => 'ID', 'ascdesc_fallback' => 'ASC'));
// We have some filters for the items
$filters = array('startnum' => $data['startnum'], 'status' => DataPropertyMaster::DD_DISPLAYSTATE_ACTIVE, 'sort' => $data['sort']);
if (isset($user_id)) {
$filters['where'] = 'user_id eq ' . $user_id;
}
// Get the items
$items = $mylist->getItems($filters);
if (isset($user_id)) {
// Get the object we'll be working with. Note this is a so called object list
$mylist2 = DataObjectMaster::getObjectList(array('name' => 'shop_customers'));
$filters = array();
if (isset($user_id)) {
$filters['where'] = 'ID eq ' . $user_id;
}
$items2 = $mylist2->getItems($filters);
$data['fname'] = $items2[$user_id]['FirstName'];
$data['lname'] = $items2[$user_id]['LastName'];
}
$data['mylist'] = $mylist;
// Return the template variables defined in this function
return $data;
}
/**
* Overview displays standard Overview page
*/
function publications_admin_overview()
{
/* Security Check */
if (!xarSecurityCheck('EditPublications', 0)) {
return;
}
$data = array();
/* if there is a separate overview function return data to it
* else just call the main function that usually displays the overview
*/
return xarTplModule('publications', 'admin', 'main', $data, 'main');
}
function publications_admin_stylesheet_type($args)
{
if (!xarSecurityCheck('AdminPublications')) {
return;
}
extract($args);
if (!xarVarFetch('confirm', 'int', $confirm, 0, XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('ptid', 'id', $data['ptid'], xarModVars::get('publications', 'defaultpubtype'), XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('file', 'str', $data['file'], '', XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('source_data', 'str', $data['source_data'], '', XARVAR_NOT_REQUIRED)) {
return;
}
$pubtypeobject = DataObjectMaster::getObject(array('name' => 'publications_types'));
$pubtypeobject->getItem(array('itemid' => $data['ptid']));
$pubtype = explode('_', $pubtypeobject->properties['name']->value);
$pubtype = isset($pubtype[1]) ? $pubtype[1] : $pubtype[0];
$data['object'] = DataObjectMaster::getObject(array('name' => $pubtypeobject->properties['name']->value));
$basepath = sys::code() . "modules/publications/xarstyles";
$sourcefile = $basepath . "/" . $data['file'] . ".css";
$overridepath = "themes/" . xarModVars::get('themes', 'default_theme') . "/modules/publications/style";
$overridefile = $overridepath . "/" . $data['file'] . ".css";
// If we are saving, write the file now
if ($confirm && !empty($data['file']) && !empty($data['source_data'])) {
xarMod::apiFunc('publications', 'admin', 'write_file', array('file' => $overridefile, 'data' => $data['source_data']));
}
// Let the template know what kind of file this is
if (empty($data['file'])) {
$data['filetype'] = 'empty';
$filepath = '';
$data['writable'] = 0;
} elseif (file_exists($overridefile)) {
$data['filetype'] = 'theme';
$filepath = $overridefile;
$data['writable'] = is_writable($overridefile);
} elseif (file_exists($sourcefile)) {
$data['filetype'] = 'module';
$filepath = $sourcefile;
$data['writable'] = is_writeable_dir($overridepath);
} else {
$data['filetype'] = 'unknown';
$filepath = $overridefile;
$data['writable'] = is_writeable_dir($overridepath);
}
$data['source_data'] = trim(xarMod::apiFunc('publications', 'admin', 'read_file', array('file' => $filepath)));
return $data;
}
function calendar_admin_view_calendars()
{
// Security check
if (!xarSecurityCheck('Admincalendar')) {
return;
}
// Generate a one-time authorisation code for this operation
$data['authid'] = xarSecGenAuthKey();
$data['default_cal'] = unserialize(xarModVars::get('calendar', 'default_cal'));
// Return the template variables defined in this function
$data['calendars'] = xarMod::apiFunc('calendar', 'user', 'getall');
return $data;
}
/**
* Main admin GUI function, entry point
*
*/
function wurfl_admin_main()
{
if (!xarSecurityCheck('ManageWurfl')) {
return;
}
if (xarModVars::get('modules', 'disableoverview') == 0) {
return array();
} else {
xarController::redirect(xarModURL('wurfl', 'admin', 'modifyconfig'));
}
// success
return true;
}
/**
* Create a new product
*/
function shop_admin_newproduct()
{
// See if the current user has the privilege to add an item. We cannot pass any extra arguments here
if (!xarSecurityCheck('Addshop')) {
return;
}
if (!xarVarFetch('objectid', 'id', $data['objectid'], NULL, XARVAR_DONT_SET)) {
return;
}
$objectname = 'shop_products';
$data['objectname'] = $objectname;
// Load the DD master object class. This line will likely disappear in future versions
sys::import('modules.dynamicdata.class.objects.master');
$object = DataObjectMaster::getObject(array('name' => $objectname));
$data['label'] = $object->label;
$data['object'] = $object;
// Check if we are in 'preview' mode from the input here - the rest is handled by checkInput()
// Here we are testing for a button clicked, so we test for a string
if (!xarVarFetch('preview', 'str', $data['preview'], NULL, XARVAR_DONT_SET)) {
return;
}
// Check if we are submitting the form
// Here we are testing for a hidden field we define as true on the template, so we can use a boolean (true/false)
if (!xarVarFetch('confirm', 'bool', $data['confirm'], false, XARVAR_NOT_REQUIRED)) {
return;
}
if ($data['confirm']) {
// Check for a valid confirmation key. The value is automatically gotten from the template
if (!xarSecConfirmAuthKey()) {
return xarTplModule('privileges', 'user', 'errors', array('layout' => 'bad_author'));
}
// Get the data from the form and see if it is all valid
// Either way the values are now stored in the object
$isvalid = $data['object']->checkInput();
if (!$isvalid) {
// Bad data: redisplay the form with the data we picked up and with error messages
return xarTplModule('shop', 'admin', 'newproduct', $data);
} elseif (isset($data['preview'])) {
// Show a preview, same thing as the above essentially
return xarTplModule('shop', 'admin', 'newproduct', $data);
} else {
$itemid = $data['object']->createItem();
// Jump to the next page
xarResponse::redirect(xarModURL('shop', 'admin', 'products'));
return true;
}
}
// Return the template variables defined in this function
return $data;
}
function publications_admin_create()
{
if (!xarVarFetch('ptid', 'id', $data['ptid'])) {
return;
}
if (!xarVarFetch('new_cids', 'array', $cids, NULL, XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('preview', 'str', $data['preview'], NULL, XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('save', 'str', $save, NULL, XARVAR_NOT_REQUIRED)) {
return;
}
// Confirm authorisation code
// This has been disabled for now
// if (!xarSecConfirmAuthKey()) return;
$data['items'] = array();
$pubtypeobject = DataObjectMaster::getObject(array('name' => 'publications_types'));
$pubtypeobject->getItem(array('itemid' => $data['ptid']));
$data['object'] = DataObjectMaster::getObject(array('name' => $pubtypeobject->properties['name']->value));
$isvalid = $data['object']->checkInput();
$data['settings'] = xarModAPIFunc('publications', 'user', 'getsettings', array('ptid' => $data['ptid']));
if ($data['preview'] || !$isvalid) {
// Show debug info if called for
if (!$isvalid && xarModVars::get('publications', 'debugmode') && in_array(xarUserGetVar('uname'), xarConfigVars::get(null, 'Site.User.DebugAdmins'))) {
var_dump($data['object']->getInvalids());
}
// Preview or bad data: redisplay the form
$data['properties'] = $data['object']->getProperties();
if ($data['preview']) {
$data['tab'] = 'preview';
}
return xarTplModule('publications', 'admin', 'new', $data);
}
// Create the object
$id = $data['object']->createItem();
// if we can edit publications, go to admin view, otherwise go to user view
if (xarSecurityCheck('EditPublications', 0, 'Publication', $data['ptid'] . ':All:All:All')) {
// Redirect if we came from somewhere else
$cuurent_listview = xarSession::getVar('publications_current_listview');
if (!empty($cuurent_listview)) {
xarController::redirect($cuurent_listview);
}
xarController::redirect(xarModURL('publications', 'admin', 'view', array('ptid' => $data['ptid'])));
} else {
xarController::redirect(xarModURL('publications', 'user', 'view', array('ptid' => $data['ptid'])));
}
return true;
}
/**
* Delete a publication type
*
* @param $args['ptid'] ID of the publication type
* @return bool true on success, false on failure
*/
function publications_adminapi_deletepubtype($args)
{
// Get arguments from argument array
extract($args);
// Argument check - make sure that all required arguments are present
// and in the right format, if not then set an appropriate error
// message and return
if (!isset($ptid) || !is_numeric($ptid) || $ptid < 1) {
$msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', 'publication type ID', 'admin', 'deletepubtype', 'Publications');
throw new BadParameterException(null, $msg);
}
// Security check - we require ADMIN rights here
if (!xarSecurityCheck('AdminPublications', 1, 'Publication', "{$ptid}:All:All:All")) {
return;
}
// Load user API to obtain item information function
if (!xarModAPILoad('publications', 'user')) {
return;
}
// Get current publication types
$pubtypes = xarModAPIFunc('publications', 'user', 'get_pubtypes');
if (!isset($pubtypes[$ptid])) {
$msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', 'publication type ID', 'admin', 'deletepubtype', 'Publications');
throw new BadParameterException(null, $msg);
}
// Get database setup
$dbconn = xarDB::getConn();
$xartable = xarDB::getTables();
$pubtypestable = $xartable['publication_types'];
// Delete the publication type
$query = "DELETE FROM {$pubtypestable}\n WHERE pubtype_id = ?";
$result =& $dbconn->Execute($query, array($ptid));
if (!$result) {
return;
}
$publicationstable = $xartable['publications'];
// Delete all publications for this publication type
$query = "DELETE FROM {$publicationstable}\n WHERE pubtype_id = ?";
$result =& $dbconn->Execute($query, array($ptid));
if (!$result) {
return;
}
// TODO: call some kind of itemtype delete hooks here, once we have those
//xarModCallHooks('itemtype', 'delete', $ptid,
// array('module' => 'publications',
// 'itemtype' =>'ptid'));
return true;
}
function mailer_user_view_mailer()
{
if (!xarSecurityCheck('ReadMailer')) {
return;
}
if (!xarVarFetch('name', 'str', $name, 'mailer_mails', XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('itemid', 'int', $data['itemid'], 0, XARVAR_NOT_REQUIRED)) {
return;
}
$data['object'] = DataObjectMaster::getObject(array('name' => $name));
$data['object']->getItem(array('itemid' => $data['itemid']));
$data['tplmodule'] = 'mailer';
return $data;
}
/**
* Call a test page
*
*/
function wurfl_admin_test()
{
if (!xarSecurityCheck('ManageWurfl')) {
return;
}
sys::import('modules.wurfl.wurfl_init');
$wurflManager = wurfl_init();
$data['wurflInfo'] = $wurflManager->getWURFLInfo();
if (!xarVarFetch('ua', 'str', $data['ua'], '', XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('mode', 'str', $data['mode'], 'performance', XARVAR_NOT_REQUIRED)) {
return;
}
$data['requestingDevice'] = xarMod::apiFunc('wurfl', 'user', 'get_device', array('ua' => $data['ua'], 'mode' => $data['mode']));
if (empty($data['ua'])) {
$data['ua'] = $_SERVER['HTTP_USER_AGENT'];
}
return $data;
}
function publications_user_create()
{
if (!xarVarFetch('ptid', 'id', $data['ptid'])) {
return;
}
if (!xarVarFetch('new_cids', 'array', $cids, NULL, XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('preview', 'str', $data['preview'], NULL, XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('save', 'str', $save, NULL, XARVAR_NOT_REQUIRED)) {
return;
}
// Confirm authorisation code
// This has been disabled for now
// if (!xarSecConfirmAuthKey()) return;
$data['items'] = array();
$pubtypeobject = DataObjectMaster::getObject(array('name' => 'publications_types'));
$pubtypeobject->getItem(array('itemid' => $data['ptid']));
$data['object'] = DataObjectMaster::getObject(array('name' => $pubtypeobject->properties['name']->value));
$isvalid = $data['object']->checkInput();
$data['settings'] = xarModAPIFunc('publications', 'user', 'getsettings', array('ptid' => $data['ptid']));
if ($data['preview'] || $isvalid) {
// Preview or bad data: redisplay the form
$data['properties'] = $data['object']->getProperties();
if ($data['preview']) {
$data['tab'] = 'preview';
}
return xarTplModule('publications', 'user', 'new', $data);
}
// Create the object
$id = $data['object']->createItem();
// if we can edit publications, go to admin view, otherwise go to user view
if (xarSecurityCheck('EditPublications', 0, 'Publication', $data['ptid'] . ':All:All:All')) {
xarResponse::redirect(xarModURL('publications', 'admin', 'view', array('ptid' => $data['ptid'])));
} else {
xarResponse::redirect(xarModURL('publications', 'user', 'view', array('ptid' => $data['ptid'])));
}
return true;
}
/**
* Display a product
*/
function shop_user_product($args)
{
if (!xarVarFetch('itemid', 'id', $itemid, NULL, XARVAR_DONT_SET)) {
return;
}
extract($args);
if (!empty($objectid)) {
$itemid = $objectid;
}
if (empty($itemid)) {
$msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', 'item id', 'user', 'display', 'shop');
throw new Exception($msg);
}
// Make sure user has read privileges for the item
if (!xarSecurityCheck('ReadShop', 1, 'Item', $itemid)) {
return;
}
// Load the DD master object class. This line will likely disappear in future versions
sys::import('modules.dynamicdata.class.objects.master');
// Get the object definition we'll be working with
$object = DataObjectMaster::getObject(array('name' => 'shop_products'));
$data['object'] = $object;
//We don't really have the item until we call getItem()
$some_id = $object->getItem(array('itemid' => $itemid));
//Make sure we got something
if (!isset($some_id) || $some_id != $itemid) {
return;
}
//Get the property names and values for the item with the getFieldValues() method
$values = $object->getFieldValues();
$data['itemid'] = $itemid;
//$values is an associative array of property names and values, so...
foreach ($values as $name => $value) {
$data[$name] = xarVarPrepForDisplay($value);
}
$data['editurl'] = '';
if (xarSecurityCheck('EditShop', 1)) {
$data['editurl'] = xarModURL('shop', 'admin', 'modify', array('itemid' => $itemid, 'name' => 'shop_products'));
}
return xarTplModule('shop', 'user', 'product', $data);
}
/**
* Publications Module
*
* @package modules
* @subpackage publications module
* @category Third Party Xaraya Module
* @version 2.0.0
* @license GPL {@link http://www.gnu.org/licenses/gpl.html}
* @author mikespub
*/
function publications_adminapi_browse($args)
{
// Get arguments from argument array
extract($args);
// Argument check - make sure that all required arguments are present
// and in the right format, if not then set an appropriate error
// message and return
if (empty($basedir) || empty($filetype)) {
$msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', 'base directory', 'admin', 'browse', 'Publications');
throw new BadParameterException(null, $msg);
}
$filelist = array();
// Security Check
if (!xarSecurityCheck('SubmitPublications', 0)) {
return $filelist;
}
// not supported under safe_mode
@set_time_limit(120);
$todo = array();
$basedir = realpath($basedir);
array_push($todo, $basedir);
while (count($todo) > 0) {
$curdir = array_shift($todo);
if ($dir = @opendir($curdir)) {
while (($file = @readdir($dir)) !== false) {
$curfile = $curdir . '/' . $file;
if (preg_match("/\\.{$filetype}\$/", $file) && is_file($curfile) && filesize($curfile) > 0) {
$curfile = preg_replace('#' . preg_quote($basedir, '#') . '/#', '', $curfile);
$filelist[] = $curfile;
} elseif ($file != '.' && $file != '..' && is_dir($curfile)) {
array_push($todo, $curfile);
}
}
closedir($dir);
}
}
natsort($filelist);
return $filelist;
}
function wurfl_admin_new()
{
if (!xarSecurityCheck('AddWurfl')) {
return;
}
if (!xarVarFetch('name', 'str', $name, 'wurfl_wurfl', XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('confirm', 'bool', $data['confirm'], false, XARVAR_NOT_REQUIRED)) {
return;
}
$data['object'] = DataObjectMaster::getObject(array('name' => $name));
$data['tplmodule'] = 'wurfl';
$data['authid'] = xarSecGenAuthKey('wurfl');
if ($data['confirm']) {
// we only retrieve 'preview' from the input here - the rest is handled by checkInput()
if (!xarVarFetch('preview', 'str', $preview, NULL, XARVAR_DONT_SET)) {
return;
}
// Check for a valid confirmation key
if (!xarSecConfirmAuthKey()) {
return;
}
// Get the data from the form
$isvalid = $data['object']->checkInput();
if (!$isvalid) {
// Bad data: redisplay the form with error messages
return xarTplModule('wurfl', 'admin', 'new', $data);
} else {
// Good data: create the item
$itemid = $data['object']->createItem();
// Jump to the next page
xarController::redirect(xarModURL('wurfl', 'admin', 'view'));
return true;
}
}
return $data;
}