Ejemplo n.º 1
0
 /**
  * Runs checks and stores a page.
  *
  * @param string $action   What kind of action this is: add or edit.
  * @param mixed $id        Page to edit if any.
  */
 private function _store($action, $id = false)
 {
     // Sanity checks
     if ($action == 'edit' && !$id) {
         throw new Exception('Trying to edit page when $id is false.');
     }
     use_helper('Validate');
     $data = $_POST['page'];
     $data['is_protected'] = !empty($data['is_protected']) ? 1 : 0;
     Flash::set('post_data', (object) $data);
     $pagesetting = array();
     //For homepage info & about page info okstmtcc
     if ($id == 1 || $id == 4) {
         $upload = $_POST['upload'];
         $pagesetting = $_POST['pagesetting'];
         //Flash::set('post_settingdata', (object) $pagesetting);
     }
     // Add pre-save checks here
     $errors = false;
     $error_fields = false;
     // CSRF checks
     if (isset($_POST['csrf_token'])) {
         $csrf_token = $_POST['csrf_token'];
         $csrf_id = '';
         if ($action === 'edit') {
             $csrf_id = '/' . $id;
         }
         if (!SecureToken::validateToken($csrf_token, BASE_URL . 'page/' . $action . $csrf_id)) {
             $errors[] = __('Invalid CSRF token found!');
         }
     } else {
         $errors[] = __('No CSRF token found!');
     }
     $data['title'] = trim($data['title']);
     if (empty($data['title'])) {
         $error_fields[] = __('Page Title');
     }
     /** homepage setting check okstmtcc **/
     if ($id == 1) {
         /** homepage page title **/
         if (empty($pagesetting['homepage_discover_title'])) {
             $error_fields[] = __('Homepage Title');
         }
         if (empty($pagesetting['homepage_discover_teaser'])) {
             $error_fields[] = __('Homepage Teaser');
         }
         /** highlight 1 **/
         // if (empty($pagesetting['highlight_title'])){
         //     $error_fields[] = __('Highlight 1´s Title');
         // }
         // if (empty($pagesetting['highlight_text1'])){
         //     $error_fields[] = __('Highlight 1´s Text 1');
         // }
         // if (empty($pagesetting['highlight_url'])){
         //     $error_fields[] = __('Highlight 1´s Read More URL');
         // }
         // $pagesetting_ori = PageSetting::init();
         // if (isset($_FILES)) {
         //     if(empty($_FILES['upload_highlight_image']['name'])){
         //         $pagesetting['highlight_image'] =  $pagesetting_ori->highlight_image;
         //     } else {
         //         $pagesetting['highlight_image'] = $_FILES['upload_highlight_image']['name'];
         //     }
         // } else {
         //     $pagesetting['highlight_image'] =  $pagesetting_ori->highlight_image;
         // }
         // if (empty($pagesetting['highlight_image'])){
         //     $error_fields[] = __('Highlight 1´s Image');
         // }
         // /** highlight 2 **/
         // if (empty($pagesetting['highlight2_title'])){
         //     $error_fields[] = __('Highlight 2´s Title');
         // }
         // if (empty($pagesetting['highlight2_text1'])){
         //     $error_fields[] = __('Highlight 2´s Text 1');
         // }
         // if (empty($pagesetting['highlight2_url'])){
         //     $error_fields[] = __('Highlight 2´s Read More URL');
         // }
         // if (isset($_FILES)) {
         //     if(empty($_FILES['upload_highlight2_image']['name'])){
         //         $pagesetting['highlight2_image'] =  $pagesetting_ori->highlight2_image;
         //     } else {
         //         $pagesetting['highlight2_image'] = $_FILES['upload_highlight2_image']['name'];
         //     }
         // } else {
         //     $pagesetting['highlight2_image'] =  $pagesetting_ori->highlight2_image;
         // }
         // if (empty($pagesetting['highlight2_image'])){
         //     $error_fields[] = __('Highlight 2´s Image');
         // }
         // if (isset($_FILES)) {
         //     if(empty($_FILES['upload_newdev_image']['name'])){
         //         $pagesetting['newdev_image'] =  $pagesetting_ori->newdev_image;
         //     } else {
         //         $pagesetting['newdev_image'] = $_FILES['upload_newdev_image']['name'];
         //     }
         // } else {
         //     $pagesetting['newdev_image'] =  $pagesetting_ori->newdev_image;
         // }
         // if (empty($pagesetting['newdev_image'])){
         //     $error_fields[] = __('New Development Image');
         // }
     }
     /** homepage setting check okstmtcc **/
     $data['slug'] = !empty($data['slug']) ? trim($data['slug']) : '';
     if (empty($data['slug']) && $id != '1') {
         $error_fields[] = __('Slug');
     } else {
         if ($data['slug'] == ADMIN_DIR) {
             $errors[] = __('You cannot have a slug named :slug!', array(':slug' => ADMIN_DIR));
         }
         if (!Validate::slug($data['slug']) && (!empty($data['slug']) && $id == '1')) {
             $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'slug'));
         }
     }
     // Check all numerical fields for a page
     $fields = array('parent_id', 'layout_id', 'needs_login');
     foreach ($fields as $field) {
         if (!Validate::digit($data[$field])) {
             $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
         }
     }
     // Check all date fields for a page
     $fields = array('created_on', 'published_on', 'valid_until');
     foreach ($fields as $field) {
         if (isset($data[$field])) {
             $data[$field] = trim($data[$field]);
             if (!empty($data[$field]) && !(bool) preg_match('/^[0-9]{4}-[0-9]{2}-[0-9]{2}$/D', (string) $data[$field])) {
                 $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
             }
         }
     }
     // Check all time fields for a page
     $fields = array('created_on_time', 'published_on_time', 'valid_until_time');
     foreach ($fields as $field) {
         if (isset($data[$field])) {
             $data[$field] = trim($data[$field]);
             if (!empty($data[$field]) && !(bool) preg_match('/^[0-9]{2}:[0-9]{2}:[0-9]{2}$/D', (string) $data[$field])) {
                 $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
             }
         }
     }
     // Check alphanumerical fields
     $fields = array('keywords', 'description');
     foreach ($fields as $field) {
         use_helper('Kses');
         $data[$field] = kses(trim($data[$field]), array());
         /*
                     if (!empty($data[$field]) && !Validate::alpha_comma($data[$field])) {
            $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
                     }
         *
         */
     }
     // Check behaviour_id field
     if (!empty($data['behaviour_id']) && !Validate::slug($data['behaviour_id'])) {
         $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'behaviour_id'));
     }
     // Make sure the title doesn't contain HTML
     if (Setting::get('allow_html_title') == 'off') {
         use_helper('Kses');
         $data['title'] = kses(trim($data['title']), array());
     }
     // Create the page object to be manipulated and populate data
     if ($action == 'add') {
         $page = new Page($data);
     } else {
         $page = Record::findByIdFrom('Page', $id);
         $page->setFromData($data);
     }
     // Upon errors, rebuild original page and return to screen with errors
     if (false !== $errors || $error_fields !== false) {
         $tags = $_POST['page_tag'];
         // Rebuild time fields
         if (isset($page->created_on) && isset($page->created_on_time)) {
             $page->created_on = $page->created_on . ' ' . $page->created_on_time;
         }
         if (isset($page->published_on) && isset($page->published_on_time)) {
             $page->published_on = $page->published_on . ' ' . $page->published_on_time;
         }
         if (isset($page->valid_until)) {
             $page->valid_until = $page->valid_until . ' ' . $page->valid_until_time;
         }
         // Rebuild parts
         $part = '';
         if (!empty($_POST['part'])) {
             $part = $_POST['part'];
             $tmp = false;
             foreach ($part as $key => $val) {
                 $tmp[$key] = (object) $val;
             }
             $part = $tmp;
         }
         // Set the errors to be displayed.
         $err_msg = $errors != false ? implode('<br/>', $errors) : '';
         $err_msg .= $error_fields != false ? '<br />Please specify these fields: ' . implode(', ', $error_fields) : '';
         Flash::setNow('error', $err_msg);
         //$settingdata = 'aaa';
         // display things ...
         $this->setLayout('backend');
         $pagesettingobj = new stdClass();
         foreach ($pagesetting as $name => $value) {
             $pagesettingobj->{$name} = $value;
         }
         $this->display('page/edit', array('action' => $action, 'csrf_token' => SecureToken::generateToken(BASE_URL . 'page/' . $action), 'page' => (object) $page, 'pagesetting' => $pagesettingobj, 'tags' => $tags, 'filters' => Filter::findAll(), 'behaviors' => Behavior::findAll(), 'page_parts' => $part, 'layouts' => Record::findAllFrom('Layout')));
     }
     // Notify
     if ($action == 'add') {
         Observer::notify('page_add_before_save', $page);
     } else {
         Observer::notify('page_edit_before_save', $page);
     }
     // Time to actually save the page
     // @todo rebuild this so parts are already set before save?
     // @todo determine lazy init impact
     $page->newwindow = !empty($data['newwindow']) ? '1' : '0';
     if ($page->save()) {
         // Get data for parts of this page
         $data_parts = $_POST['part'];
         Flash::set('post_parts_data', (object) $data_parts);
         if ($action == 'edit') {
             $old_parts = PagePart::findByPageId($id);
             // check if all old page part are passed in POST
             // if not ... we need to delete it!
             foreach ($old_parts as $old_part) {
                 $not_in = true;
                 foreach ($data_parts as $part_id => $data) {
                     $data['name'] = trim($data['name']);
                     if ($old_part->name == $data['name']) {
                         $not_in = false;
                         // this will not really create a new page part because
                         // the id of the part is passed in $data
                         $part = new PagePart($data);
                         $part->page_id = $id;
                         Observer::notify('part_edit_before_save', $part);
                         $part->save();
                         Observer::notify('part_edit_after_save', $part);
                         unset($data_parts[$part_id]);
                         break;
                     }
                 }
                 if ($not_in) {
                     $old_part->delete();
                 }
             }
         }
         // add the new parts
         foreach ($data_parts as $data) {
             $data['name'] = trim($data['name']);
             $part = new PagePart($data);
             $part->page_id = $page->id;
             Observer::notify('part_add_before_save', $part);
             $part->save();
             Observer::notify('part_add_after_save', $part);
         }
         // save tags
         $page->saveTags($_POST['page_tag']['tags']);
         // save homepage banner info okstmtcc
         if ($id == 1) {
             // upload home banner image 1, 2
             if (isset($_FILES) && !empty($_FILES['upload_banner_image1']['name'])) {
                 //okstmtcc 20150827 Replace image filename spaces
                 $_FILES['upload_banner_image1']['name'] = str_replace(array(" ", "(", ")"), array("_", "", ""), $_FILES['upload_banner_image1']['name']);
                 $file = $this->upload_file($_FILES['upload_banner_image1']['name'], FILES_DIR . '/pagesetting/images/', $_FILES['upload_banner_image1']['tmp_name'], $overwrite);
                 if ($file === false) {
                     Flash::set('error', __('Home banner could not be uploaded!'));
                     redirect(get_url('page/edit/1'));
                 } else {
                     $pagesetting['banner_image1'] = $file;
                 }
             }
             if (isset($_FILES) && !empty($_FILES['upload_banner_image2']['name'])) {
                 //okstmtcc 20150827 Replace image filename spaces
                 $_FILES['upload_banner_image2']['name'] = str_replace(array(" ", "(", ")"), array("_", "", ""), $_FILES['upload_banner_image2']['name']);
                 $file = $this->upload_file($_FILES['upload_banner_image2']['name'], FILES_DIR . '/pagesetting/images/', $_FILES['upload_banner_image2']['tmp_name'], $overwrite);
                 if ($file === false) {
                     Flash::set('error', __('Home banner could not be uploaded!'));
                     redirect(get_url('page/edit/1'));
                 } else {
                     $pagesetting['banner_image2'] = $file;
                 }
             }
             PageSetting::saveFromData($pagesetting);
         }
         // save homepage banner info okstmtcc
         // save about banner info okstmtcc
         if ($id == 4) {
             // upload about page image 1
             if (isset($_FILES) && !empty($_FILES['upload_about_image1']['name'])) {
                 //okstmtcc 20150827 Replace image filename spaces
                 $_FILES['upload_about_image1']['name'] = str_replace(array(" ", "(", ")"), array("_", "", ""), $_FILES['upload_about_image1']['name']);
                 $file = $this->upload_file($_FILES['upload_about_image1']['name'], FILES_DIR . '/pagesetting/images/', $_FILES['upload_about_image1']['tmp_name'], $overwrite);
                 if ($file === false) {
                     Flash::set('error', __('Home banner could not be uploaded!'));
                     redirect(get_url('page/edit/1'));
                 } else {
                     $pagesetting['about_image1'] = $file;
                 }
             }
             PageSetting::saveFromData($pagesetting);
         }
         // save about banner info okstmtcc
         Flash::set('success', __('Page has been saved.'));
     } else {
         Flash::set('error', __('Page has not been saved!'));
         $url = 'page/';
         $url .= $action == 'edit' ? 'edit/' . $id : 'add/';
         redirect(get_url($url));
     }
     if ($action == 'add') {
         Observer::notify('page_add_after_save', $page);
     } else {
         Observer::notify('page_edit_after_save', $page);
     }
     // save and quit or save and continue editing ?
     if (isset($_POST['commit'])) {
         redirect(get_url('page'));
     } else {
         redirect(get_url('page/edit/' . $page->id));
     }
 }
Ejemplo n.º 2
0
 /**
  * Runs checks and stores a page.
  *
  * @param string $action   What kind of action this is: add or edit.
  * @param mixed $id        Page to edit if any.
  */
 private function _store($action, $id = false)
 {
     // Sanity checks
     if ($action == 'edit' && !$id) {
         throw new Exception('Trying to edit page when $id is false.');
     }
     use_helper('Validate');
     $data = $_POST['page'];
     $data['is_protected'] = !empty($data['is_protected']) ? 1 : 0;
     Flash::set('post_data', (object) $data);
     // Add pre-save checks here
     $errors = false;
     // CSRF checks
     if (isset($_POST['csrf_token'])) {
         $csrf_token = $_POST['csrf_token'];
         if (!SecureToken::validateToken($csrf_token, BASE_URL . 'page/' . $action)) {
             $errors[] = __('Invalid CSRF token found!');
         }
     } else {
         $errors[] = __('No CSRF token found!');
     }
     $data['title'] = trim($data['title']);
     if (empty($data['title'])) {
         $errors[] = __('You have to specify a title!');
     }
     $data['slug'] = trim($data['slug']);
     if (empty($data['slug']) && $id != '1') {
         $errors[] = __('You have to specify a slug!');
     } else {
         if ($data['slug'] == ADMIN_DIR) {
             $errors[] = __('You cannot have a slug named :slug!', array(':slug' => ADMIN_DIR));
         }
         if (!Validate::slug($data['slug']) && (!empty($data['slug']) && $id == '1')) {
             $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'slug'));
         }
     }
     // Check all numerical fields for a page
     $fields = array('parent_id', 'layout_id', 'needs_login');
     foreach ($fields as $field) {
         if (!Validate::digit($data[$field])) {
             $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
         }
     }
     // Check all date fields for a page
     $fields = array('created_on', 'published_on', 'valid_until');
     foreach ($fields as $field) {
         if (isset($data[$field])) {
             $data[$field] = trim($data[$field]);
             if (!empty($data[$field]) && !(bool) preg_match('/^[0-9]{4}-[0-9]{2}-[0-9]{2}$/D', (string) $data[$field])) {
                 $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
             }
         }
     }
     // Check all time fields for a page
     $fields = array('created_on_time', 'published_on_time', 'valid_until_time');
     foreach ($fields as $field) {
         if (isset($data[$field])) {
             $data[$field] = trim($data[$field]);
             if (!empty($data[$field]) && !(bool) preg_match('/^[0-9]{2}:[0-9]{2}:[0-9]{2}$/D', (string) $data[$field])) {
                 $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
             }
         }
     }
     // Check alphanumerical fields
     $fields = array('keywords', 'description');
     foreach ($fields as $field) {
         use_helper('Kses');
         $data[$field] = kses(trim($data[$field]), array());
         /*
                     if (!empty($data[$field]) && !Validate::alpha_comma($data[$field])) {
            $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
                     }
         * 
         */
     }
     // Check behaviour_id field
     if (!empty($data['behaviour_id']) && !Validate::slug($data['behaviour_id'])) {
         $errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'behaviour_id'));
     }
     // Make sure the title doesn't contain HTML
     if (Setting::get('allow_html_title') == 'off') {
         use_helper('Kses');
         $data['title'] = kses(trim($data['title']), array());
     }
     // Create the page object to be manipulated and populate data
     if ($action == 'add') {
         $page = new Page($data);
     } else {
         $page = Record::findByIdFrom('Page', $id);
         $page->setFromData($data);
     }
     // Upon errors, rebuild original page and return to screen with errors
     if (false !== $errors) {
         $tags = $_POST['page_tag'];
         // Rebuild time fields
         if (isset($page->created_on)) {
             $page->created_on = $page->created_on . ' ' . $page->created_on_time;
         }
         if (isset($page->published_on)) {
             $page->published_on = $page->published_on . ' ' . $page->published_on_time;
         }
         if (isset($page->valid_until)) {
             $page->valid_until = $page->valid_until . ' ' . $page->valid_until_time;
         }
         // Rebuild parts
         $part = $_POST['part'];
         if (!empty($part)) {
             $tmp = false;
             foreach ($part as $key => $val) {
                 $tmp[$key] = (object) $val;
             }
             $part = $tmp;
         }
         // Set the errors to be displayed.
         Flash::setNow('error', implode('<br/>', $errors));
         // display things ...
         $this->setLayout('backend');
         $this->display('page/edit', array('action' => $action, 'csrf_token' => SecureToken::generateToken(BASE_URL . 'page/' . $action), 'page' => (object) $page, 'tags' => $tags, 'filters' => Filter::findAll(), 'behaviors' => Behavior::findAll(), 'page_parts' => (object) $part, 'layouts' => Record::findAllFrom('Layout')));
     }
     // Notify
     if ($action == 'add') {
         Observer::notify('page_add_before_save', $page);
     } else {
         Observer::notify('page_edit_before_save', $page);
     }
     // Time to actually save the page
     // @todo rebuild this so parts are already set before save?
     // @todo determine lazy init impact
     if ($page->save()) {
         // Get data for parts of this page
         $data_parts = $_POST['part'];
         Flash::set('post_parts_data', (object) $data_parts);
         if ($action == 'edit') {
             $old_parts = PagePart::findByPageId($id);
             // check if all old page part are passed in POST
             // if not ... we need to delete it!
             foreach ($old_parts as $old_part) {
                 $not_in = true;
                 foreach ($data_parts as $part_id => $data) {
                     $data['name'] = trim($data['name']);
                     if ($old_part->name == $data['name']) {
                         $not_in = false;
                         // this will not really create a new page part because
                         // the id of the part is passed in $data
                         $part = new PagePart($data);
                         $part->page_id = $id;
                         Observer::notify('part_edit_before_save', $part);
                         $part->save();
                         Observer::notify('part_edit_after_save', $part);
                         unset($data_parts[$part_id]);
                         break;
                     }
                 }
                 if ($not_in) {
                     $old_part->delete();
                 }
             }
         }
         // add the new parts
         foreach ($data_parts as $data) {
             $data['name'] = trim($data['name']);
             $part = new PagePart($data);
             $part->page_id = $page->id;
             Observer::notify('part_add_before_save', $part);
             $part->save();
             Observer::notify('part_add_after_save', $part);
         }
         // save tags
         $page->saveTags($_POST['page_tag']['tags']);
         Flash::set('success', __('Page has been saved!'));
     } else {
         Flash::set('error', __('Page has not been saved!'));
         $url = 'page/';
         $url .= $action == 'edit' ? 'edit/' . $id : 'add/';
         redirect(get_url($url));
     }
     if ($action == 'add') {
         Observer::notify('page_add_after_save', $page);
     } else {
         Observer::notify('page_edit_after_save', $page);
     }
     // save and quit or save and continue editing ?
     if (isset($_POST['commit'])) {
         redirect(get_url('page'));
     } else {
         redirect(get_url('page/edit/' . $page->id));
     }
 }
Ejemplo n.º 3
0
 public function edit($id = null)
 {
     if (is_null($id)) {
         redirect(get_url('page'));
     }
     $page = Page::findById($id);
     if (!$page) {
         Flash::set('error', __('Page not found!'));
         redirect(get_url('page'));
     }
     // check for protected page and editor user
     if (!AuthUser::hasPermission('administrator') && !AuthUser::hasPermission('developer') && $page->is_protected) {
         Flash::set('error', __('You do not have permission to access the requested page!'));
         redirect(get_url('page'));
     }
     // check if trying to save
     if (get_request_method() == 'POST') {
         return $this->_edit($id);
     }
     // find all page_part of this pages
     $page_parts = PagePart::findByPageId($id);
     if (empty($page_parts)) {
         $page_parts = array(new PagePart());
     }
     $tag_array = array();
     foreach ($page->tags() as $tag) {
         $tag_array[] = $tag->name();
     }
     // display things ...
     $this->setLayout('backend');
     $this->display('page/edit', array('action' => 'edit', 'page' => $page, 'tags' => $tag_array, 'filters' => Filter::findAll(), 'behaviors' => Behavior::findAll(), 'page_parts' => $page_parts, 'layouts' => Layout::find(array('order' => 'position'))));
 }