}
}
/**
*
* Apply album to page
*
*/
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $do_action == 'apply-album') {
FbX::SetFeedbackLocation('lightbox.Manage.php', 'page_id=' . $page_id);
try {
if (!empty($album_name)) {
FbX::SetFeedbackLocation('lightbox.Manage.php', 'page_id=' . $page_id . '&album=' . $album_name);
// Only if current user has the rights
if ($perm->is_level_okay('manageModLightbox', $_SESSION['ccms_userLevel'])) {
// Posted variables
$topage = getPOSTparam4Filename('albumtopage');
$description = getPOSTparam4DisplayHTML('description');
$infofile = BASE_PATH . '/media/albums/' . $album_name . '/info.txt';
if ($handle = fopen($infofile, 'w+')) {
if (fwrite($handle, $topage . "\r\n" . $description)) {
header('Location: ' . makeAbsoluteURI('lightbox.Manage.php?page_id=' . $page_id . '&album=' . $album_name . '&status=notice&msg=' . rawurlencode($ccms['lang']['backend']['settingssaved'])));
exit;
} else {
throw new FbX($ccms['lang']['system']['error_write']);
}
} else {
throw new FbX($ccms['lang']['system']['error_write']);
}
} else {
throw new FbX($ccms['lang']['auth']['featnotallowed']);
}
header('Content-type: text/html; charset=UTF-8');
// Define default location
if (!defined('BASE_PATH')) {
$base = str_replace('\\', '/', dirname(dirname(dirname(dirname(__FILE__)))));
define('BASE_PATH', $base);
}
// Include general configuration
/*MARKER*/
require_once BASE_PATH . '/lib/sitemap.php';
class FbX extends CcmsAjaxFbException
{
}
// nasty way to do 'shorthand in PHP -- I do miss my #define macros! :'-|
// Security functions
// Set default variables
$page_id = getPOSTparam4Filename('page_id');
$cfgID = getPOSTparam4Number('cfgID');
$do_action = getGETparam4IdOrNumber('action');
/**
*
* Show comments
*
*/
if ($_SERVER['REQUEST_METHOD'] == 'GET' && $do_action == 'show-comments' && !empty($_SESSION['ccms_captcha'])) {
// Pagination variables
$page_id = getGETparam4IdOrNumber('page_id');
$rs = $db->SelectSingleRow($cfg['db_prefix'] . 'cfgcomment', array('page_id' => MySQL::SQLValue($page_id, MySQL::SQLVALUE_NUMBER)), array('showMessage', 'showLocale'));
if (!$rs) {
$db->Kill();
}
$rsCfg = $rs->showMessage;
*/
if ($do_action == 'liverename' && $_SERVER['REQUEST_METHOD'] == 'POST' && checkAuth()) {
$page_idcode = explode('-', getPOSTparam4IdOrNumber('id'), 2);
$page_id = filterParam4Number(count($page_idcode) == 2 ? $page_idcode[1] : 0);
if ($page_id > 0) {
$row = $db->SelectSingleRow($cfg['db_prefix'] . 'pages', array('page_id' => MySQL::SQLValue($page_id, MySQL::SQLVALUE_NUMBER)));
if (!$row) {
$db->Kill();
}
$owner = explode('||', strval($row->user_ids));
$oldname = $row->urlpage;
if (checkSpecialPageName($row->urlpage, SPG_IS_NONREMOVABLE) || in_array($row->urlpage, $cfg['restrict']) && !in_array($_SESSION['ccms_userID'], $owner) && !$perm->is_level_okay('managePages', $_SESSION['ccms_userLevel']) || !$perm->is_level_okay('managePages', $_SESSION['ccms_userLevel'])) {
die($ccms['lang']['system']['error_forged'] . ' (' . __FILE__ . ', ' . __LINE__ . ')');
// feature not allowed, really...
} else {
$newname = getPOSTparam4Filename('newname');
if (empty($newname) || strlen($newname) < 3 || strlen($newname) > 240) {
die($ccms['lang']['system']['error_value']);
}
$old_filepath = BASE_PATH . '/content/' . $oldname . '.php';
$new_filepath = BASE_PATH . '/content/' . $newname . '.php';
if ($old_filepath == $new_filepath) {
// no actual rename happening...
die($ccms['lang']['backend']['success']);
} else {
if (!file_exists($old_filepath)) {
die($ccms['lang']['system']['error_deleted']);
} else {
if (file_exists($new_filepath)) {
die($ccms['lang']['system']['error_rename_target_exists']);
} else {
