function securefile($_params)
{
global $REX;
$myself = 'xmediapool_password';
$m = OOMedia::getMediaByFilename($_params['filename']);
$password = $m->getValue('med_' . $myself . '_password');
// htaccess-Datei auslesen
$htaccess_path = rtrim($REX['MEDIAFOLDER'], '/\\') . '/.htaccess';
$htaccess = '';
if (file_exists($htaccess_path)) {
$htaccess = file_get_contents($htaccess_path);
}
// RewriteBase ermitteln
$base = trim(str_replace('\\', '/', substr(realpath($REX['MEDIAFOLDER']), strlen(realpath($_SERVER['DOCUMENT_ROOT'])))), '/');
$frontend = str_replace('//', '/', '/' . trim(str_replace('\\', '/', substr(realpath($REX['FRONTEND_PATH']), strlen(realpath($_SERVER['DOCUMENT_ROOT'])))), '/') . '/');
$lines = array();
$lines[] = "RewriteEngine On\nRewriteBase /" . $base;
// vorhandene Passwort geschützte Dateien auslesen
$already_secured = false;
if (preg_match_all('~^RewriteRule \\^(.*)\\$\\s.*$~im', $htaccess, $matches, PREG_SET_ORDER)) {
foreach ($matches as $match) {
// Wenn bei einer Datei ein Passwort gelöscht wurde, dann diese Datei nicht mehr schützen
if ($match[1] == preg_quote($_params['filename'], '~')) {
if (!strlen($password)) {
continue;
} else {
$already_secured = true;
}
}
$lines[] = sprintf('RewriteRule ^%s$ http://%%{HTTP_HOST}%s%s [R=302,L]', $match[1], $frontend, ltrim(rex_geturl($REX['ADDON']['DOWNLOAD_FORM_ARTICLE_ID'][$myself], '', array($myself . '_filename' => stripslashes($match[1])), '&'), '/'));
}
}
// neue passwortgeschützte Datei hinzufügen
if (!$already_secured and strlen($password)) {
$lines[] = sprintf('RewriteRule ^%s$ http://%%{HTTP_HOST}/%s%s [R=302,L]', preg_quote($_params['filename'], '~'), $frontend, ltrim(rex_geturl($REX['ADDON']['DOWNLOAD_FORM_ARTICLE_ID'][$myself], '', array($myself . '_filename' => $_params['filename']), '&'), '/'));
}
// Daten in die htaccess-Datei schreiben
file_put_contents($htaccess_path, implode("\n", $lines));
}
/**
* Indexes a certain article.
*
* @param int $_id
* @param mixed $_clang
*
* @return int
*/
function indexArticle($_id, $_clang = false)
{
global $REX;
if ($_clang === false) {
$langs = $this->languages;
} else {
$langs = array(intval($_clang) => $this->languages[intval($_clang)]);
}
$return = array();
$keywords = array();
foreach ($langs as $langID => $v) {
if (in_array($_id, $this->excludeIDs)) {
$return[$v] = A587_ART_EXCLUDED;
continue;
}
$REX['CUR_CLANG'] = $langID;
$delete = new rex_sql();
$where = sprintf("ftable = '%s' AND fid = %d AND clang = %d", $delete->escape($this->tablePrefix . 'article'), $_id, $langID);
// delete from cache
$select = new rex_sql();
$select->setTable($this->tablePrefix . '587_searchindex');
$select->setWhere($where);
$select->select('id');
$indexIds = array();
foreach ($select->getArray() as $result) {
$indexIds[] = $result['id'];
}
$this->deleteCache($indexIds);
// delete old
$delete->setTable($this->tablePrefix . '587_searchindex');
$delete->setWhere($where);
$delete->delete();
// index article
$article = OOArticle::getArticleById(intval($_id), $langID);
if (is_object($article) and ($article->isOnline() or $this->indexOffline)) {
$this->beginFrontendMode();
if (ini_get('allow_url_fopen') and $this->indexViaHTTP) {
$articleText = @file_get_contents('http://' . $_SERVER['HTTP_HOST'] . substr($_SERVER['PHP_SELF'], 0, strpos($_SERVER['PHP_SELF'], '/redaxo/') + 1) . rex_geturl($_id, $langID, '', '&'));
} elseif ($_id != 0 and $this->dontIndexRedirects) {
$rex_article = new rex_article(intval($_id), $langID);
$article_content_file = $this->generatedPath . '/articles/' . $_id . '.' . $langID . '.content';
if (!file_exists($article_content_file)) {
include_once $this->includePath . "/functions/function_rex_generate.inc.php";
$generated = rex_generateArticleContent($_id, $langID);
if ($generated !== true) {
$return[$v] = A587_ART_IDNOTFOUND;
continue;
}
}
if (file_exists($article_content_file) and preg_match($this->encodeRegex('~(header\\s*\\(\\s*["\']\\s*Location\\s*:)|(rex_redirect\\s*\\()~is'), rex_get_file_contents($article_content_file))) {
$return[$v] = A587_ART_REDIRECT;
continue;
}
if ($this->indexWithTemplate) {
$articleText = $rex_article->getArticleTemplate();
} else {
$articleText = $rex_article->getArticle();
}
if ($this->ep_outputfilter) {
$tmp = array('artid' => $REX['ARTICLE_ID'], 'clang' => $REX['CUR_CLANG']);
$REX['ARTICLE_ID'] = $_id;
$REX['CUR_CLANG'] = $langID;
$articleText = rex_register_extension_point('OUTPUT_FILTER', $articleText, array('environment' => 'frontend', 'sendcharset' => false));
$REX['ARTICLE_ID'] = $tmp['artid'];
$REX['CUR_CLANG'] = $tmp['clang'];
}
}
$insert = new rex_sql();
$articleData = array();
$articleData['texttype'] = 'article';
$articleData['ftable'] = $this->tablePrefix . 'article';
$articleData['fcolumn'] = NULL;
$articleData['clang'] = $article->getClang();
$articleData['fid'] = intval($_id);
$articleData['catid'] = $article->getCategoryId();
$articleData['unchangedtext'] = $insert->escape($articleText);
$articleData['plaintext'] = $insert->escape($plaintext = $this->getPlaintext($articleText));
if (array_key_exists($REX['TABLE_PREFIX'] . 'article', $this->includeColumns)) {
$additionalValues = array();
$select->flush();
$select->setTable($REX['TABLE_PREFIX'] . 'article');
$select->setWhere('id = ' . $_id . ' AND clang = ' . $langID);
$select->select('`' . implode('`,`', $this->includeColumns[$REX['TABLE_PREFIX'] . 'article']) . '`');
foreach ($this->includeColumns[$REX['TABLE_PREFIX'] . 'article'] as $col) {
$additionalValues[$col] = $select->getValue($col);
}
$articleData['values'] = $insert->escape(serialize($additionalValues));
}
foreach (preg_split($this->encodeRegex('~[[:punct:][:space:]]+~ism'), $plaintext) as $keyword) {
if ($this->significantCharacterCount <= mb_strlen($keyword, 'UTF-8')) {
$keywords[] = array('search' => $keyword, 'clang' => $langID);
}
}
$articleData['teaser'] = $insert->escape($this->getTeaserText($plaintext));
$insert->setTable($this->tablePrefix . '587_searchindex');
$insert->setValues($articleData);
$insert->insert();
$this->endFrontendMode();
$return[$langID] = A587_ART_GENERATED;
}
}
$this->storeKeywords($keywords, false);
return $return;
}
$value = $values[$nummer];
$zaehler = $zaehler + 1;
$outback .= '<div class="bereichswrapper"><h2>Bereich ' . $zaehler . '</h2>' . PHP_EOL;
/****
*
* Link
*
****/
$link = '';
$linkanfang = '';
$linkende = '';
$outback_link = '';
if ($value['link_intern'] or $value['link_extern'] != '') {
$outback_link .= '<h3>Link</h3>' . PHP_EOL;
if ($value['link_intern'] != 0) {
$linkanfang = '<a href="' . rex_geturl($value['link_intern'], rex_clang::getCurrentId()) . '">';
$article = rex_article::get($value['link_intern']);
$name = $article->getName();
$outback_link .= '
<div class="form-group">
<label class="col-sm-3 control-label">Link intern</label>
<div class="col-sm-9">
<a href="index.php?page=content&article_id=' . $value['link_intern'] . '&mode=edit">' . $name . ' (ID = ' . $value['link_intern'] . ')</a>
</div>
</div>' . PHP_EOL;
}
if ($value['link_extern'] != '') {
$linkanfang = '<a class="extern" href="' . $value['link_extern'] . '">';
$outback_link .= '
<div class="form-group">
<label class="col-sm-3 control-label">Link extern</label>
/**
* gbook_form_output
*
* @param Admin-EMail
* @param Danke-Text
* @param DebugLevel Verschiedene Stufen zur Debugausgabe (vorerst nur per EMail)
*
*/
function gbook_form_output($notificationEmail, $danke_text, $debuglevel, $formular_an_aus)
{
global $REX;
// vordefinieren einiger Variablen
$error = '';
$name = '';
$email = '';
$url = 'http://';
$city = '';
$text = '';
if (!isset($danke_text)) {
$danke_text = '';
}
/**
* Um Spameinträge zu erschweren wurden die Feldnamen 'email' und 'url'
* im Formular untereinander getauscht. Diese müssen nun zurückgetauscht werden.
* Der normale Benutzer sollte davon nichts bemerken.
*/
if (isset($_POST['email']) and $_POST['email'] != '') {
$url_temp = $_POST['email'];
} else {
$url_temp = '';
}
if (isset($_POST['url']) and $_POST['url'] != '') {
$email_temp = $_POST['url'];
} else {
$email_temp = '';
}
// gib den POST-Variablen die richtigen Werte
$_POST['url'] = $url_temp;
$_POST['email'] = $email_temp;
// Wird true, wenn eine Eintrag erfolgreich geschrieben wurde
$Eintrag_geschrieben = false;
if (!isset($_POST['name'])) {
$_POST['name'] = '';
}
if (!isset($_POST['text'])) {
$_POST['text'] = '';
}
if (!isset($_POST['url'])) {
$_POST['url'] = '';
}
if (!isset($_POST['email'])) {
$_POST['email'] = '';
}
if (!isset($_POST['city'])) {
$_POST['city'] = '';
}
// gbook_formularPostCheck($postvars, $domainname = false)
if (($errorfields = validFields()) === true and gbook_formularPostCheck(array($_POST['name'], $_POST['text'], $_POST['url'], $_POST['email'], $_POST['city']))) {
$author_value = checkPostVarForMySQL($_POST['name']);
$message_value = checkPostVarForMySQL($_POST['text']);
// wurde keine URL angegeben, entferne die "HTTP://"-Vorgabe
if ($_POST['url'] == 'http://') {
$_POST['url'] = '';
}
$url_value = checkPostVarForMySQL($_POST['url'], 'NULL');
$email_value = checkPostVarForMySQL($_POST['email'], 'NULL');
$city_value = checkPostVarForMySQL($_POST['city'], 'NULL');
// Thema Sicherheit:
// $status ist endweder 1, 0 oder false
// die Funktion gbook_readStatusFromFile() läßt keine andere Rückgabe zu
$status = gbook_readStatusFromFile();
if ($status === false) {
echo 'Fehler bei Statusermittlung des Eintrages aufgetreten. Setze Defaultwert 0. ';
$status_db = 'status = "0",';
} else {
$status_db = 'status = "' . $status . '",';
}
//$qry = 'INSERT INTO '.TBL_GBOOK.' SET author = "'.$author.'", message = "'.$message.'", url ="'.$url.'", email="'.$email.'", city="'.$city.'", created = UNIX_TIMESTAMP()';
$qry = 'INSERT INTO ' . TBL_GBOOK . ' SET ' . $status_db . ' author = ' . $author_value . ', message = ' . $message_value . ',
url = ' . $url_value . ', email = ' . $email_value . ', city = ' . $city_value . ',
created = UNIX_TIMESTAMP()';
$sql = new rex_sql();
//$sql->debugsql = true;
$sql->setQuery($qry);
$Eintrag_geschrieben = true;
// EMail an Admin
if ($notificationEmail != '') {
// DEBUG-Informationen zusammenstellen
$debug_inhalt = '';
if ($debuglevel == 1) {
$debug_inhalt = "\r\n\r\n ==== DEBUG-INFORMATIONEN ==== \r\n";
if (isset($_POST) and count($_POST) != 0) {
$debug_inhalt .= "\n === POST ===\n";
foreach ($_POST as $key => $wert) {
$debug_inhalt .= $key . ': ' . $wert . "\n";
}
}
if (isset($_GET) and count($_GET) != 0) {
$debug_inhalt .= "\n === GET ===\n";
foreach ($_GET as $key => $wert) {
$debug_inhalt .= $key . ': ' . $wert . "\n";
}
}
if (isset($_SERVER) and count($_SERVER) != 0) {
$debug_inhalt .= "\n === SERVER ===\n";
foreach ($_SERVER as $key => $wert) {
$debug_inhalt .= $key . ': ' . $wert . "\n";
}
}
}
// if ($debuglevel == 1)
$mail_host = !strstr($REX['SERVER'], 'http://') && !strstr($REX['SERVER'], 'https://') ? 'http://' . $REX['SERVER'] : $REX['SERVER'];
if ($mail_host[strlen($mail_host) - 1] != '/') {
$mail_host .= '/';
}
$mail_server = $mail_host . '/redaxo';
/* $mail_author = htmlspecialchars(rex_post('name', 'string'));
$mail_message = htmlspecialchars(rex_post('text', 'string'));
$mail_url = htmlspecialchars(rex_post('url', 'string'));
$mail_email = htmlspecialchars(rex_post('email', 'string'));
$mail_city = htmlspecialchars(rex_post('city', 'string'));
*/
$mail_author = strip_tags(rex_post('name', 'string'));
$mail_message = strip_tags(rex_post('text', 'string'));
$mail_url = strip_tags(rex_post('url', 'string'));
$mail_email = strip_tags(rex_post('email', 'string'));
$mail_city = strip_tags(rex_post('city', 'string'));
$mail_betreff = 'Neuer Gästebucheintrag für ' . $mail_host;
$mail_nachricht = 'Im Gästebuch für die Webseite "' . $mail_host . '" wurde ein neuer Eintrag erstellt.' . "\r\n\r\n";
$mail_nachricht .= 'Name: ' . $mail_author . "\r\n";
$mail_nachricht .= 'Homepage: ' . $mail_url . "\r\n";
$mail_nachricht .= 'eMail: ' . $mail_email . "\r\n";
$mail_nachricht .= 'Wohnort: ' . $mail_city . "\r\n\r\n";
$mail_nachricht .= 'Nachricht: ' . $mail_message . "\r\n\r\n\r\n";
//$nachricht .= 'Hinweis: Dieser Eintrag wurde bei der Einstellung "Ver�ffentlichung nach Freigabe" deaktiviert gespeichert und erscheint erst dann in Ihren G�stebuch, wenn Sie den Eintrag aktiviert haben. Zum Log-In Bereich geht es unter '.$server."\r\n";
// DebugInfo anhängen, falls gewünscht
$mail_nachricht .= $debug_inhalt;
$header = 'MIME-Version: 1.0' . "\r\n";
//$header .= 'Content-type: text/plain; charset=iso-8859-1'."\r\n";
$header .= 'Content-type: text/plain; charset=utf-8' . "\r\n";
$header .= 'Content-Transfer-Encoding: 8bit' . "\r\n";
$header .= 'X-Mailer: PHP/' . phpversion() . "\r\n";
$header .= 'From: ' . $notificationEmail . "\r\n";
// $header .= 'Bcc: foo@david.koala'."\r\n";
if (class_exists('rex_mailer')) {
$mail = new rex_mailer();
$mail->AddAddress($notificationEmail);
$mail->Sender = $notificationEmail;
$mail->From = $notificationEmail;
//$mail->FromName = "REX_VALUE[8] |".$REX['SERVERNAME'];
$mail->Subject = $mail_betreff;
$mail->Body = $mail_nachricht;
$mail->Send();
// Versenden
} else {
// Fallback
mail($notificationEmail, $mail_betreff, $mail_nachricht, $header);
}
}
} else {
// if (($errorfields = validFields()) === true)
// der Danke-Text erscheint nur nach dem erfolgreichen absenden des Formulares
$danke_text = '';
// Wurde eine falsche Eingabe festgestellt, fülle die Eingabefelder wieder
// mit den ursprünglichen Werten und gibt eine Fehlernachricht aus.
if (!empty($_POST['gbook_save'])) {
// var_dump($_POST);
// Felder mit Werten füllen
$name = $_POST['name'];
$email = $_POST['email'];
$url = $_POST['url'];
$city = $_POST['city'];
$text = $_POST['text'];
$error = '<ul class="error">';
foreach ($errorfields as $fieldname) {
$error .= '<li>Pflichtfeld "' . ucwords($fieldname) . '" bitte korrekt ausfüllen!</li>';
}
$error .= '</ul>';
}
// if (!empty ($_POST['gbook_save']))
}
// else { // if (($errorfields = validFields()) === true)
// AUSGABE der Seite
// wenn Template-Klasse noch nicht eingebunden, dann hole sie jetzt rein
if (!class_exists('Template')) {
include_once $REX['INCLUDE_PATH'] . '/addons/guestbook/classes/template.inc.php';
}
//$_ROOT['template'] = $REX['INCLUDE_PATH'].'/addons/guestbook/templates/';
/* create Template instance called $t */
$t = new Template(GBOOK_TEMPLATEPATH, "remove");
//$t->debug = 7;
$danketext_templ = 'gb_frontend_danketext.html';
$formular_templ = 'gb_frontend_form.html';
$frontend_templ = 'gb_frontend.html';
/* lese Template-Datei */
$t->set_file(array('danketext' => $danketext_templ, 'formular' => $formular_templ, 'start' => $frontend_templ));
// Danketext
$t->set_var(array("DANKE_TEXT_VALUE" => $danke_text));
// Formular
//$adresse = rex_geturl($GLOBALS['article_id']);
$adresse = rex_geturl(&$REX['ARTICLE_ID']);
$t->set_var(array("FEHLERMELDUNG_VALUE" => $error, "ADRESSE_VALUE" => $adresse, "NAME_VALUE" => $name, "EMAIL_VALUE" => $email, "URL_VALUE" => $url, "WOHNORT_VALUE" => $city, "TEXT_VALUE" => $text));
// Teilseite zusammensetzen
if (trim($danke_text) != '') {
$danke_text_value = $t->parse("output", "danketext");
} else {
$danke_text_value = '';
}
// soll nur der Danke-Text ausgegeben werden, erstelle keine Formularseite
if ($formular_an_aus == 0 and $Eintrag_geschrieben) {
$formular_value = '';
} else {
// Teilseite zusammensetzen
$formular_value = $t->parse("output", 'formular');
}
// Seite zusammensetzen
$t->set_var(array("DANKE_TEXT" => $danke_text_value, 'FORMULAR' => $formular_value));
/* create Template instance called $t */
// $t = new Template(GBOOK_TEMPLATEPATH, "remove");
//$t->debug = 7;
// $start_dir = 'gb_frontend_form.html';
/* lese Template-Datei */
/* $t->set_file(array("start" => $start_dir));
$t->set_var(array("DANKE_TEXT_VALUE" => $danke_text,
"FEHLERMELDUNG_VALUE" => $error,
"ARTICLE_ID_VALUE" => $GLOBALS['article_id'],
"CLANG_VALUE" => $GLOBALS['clang'],
"NAME_VALUE" => $name,
"EMAIL_VALUE" => $email,
"URL_VALUE" => $url,
"WOHNORT_VALUE" => $city,
"TEXT_VALUE" => $text
));
*/
// komplette Seite ausgeben
$t->pparse("output", "start");
}
