public function show($id = NULL, $params = NULL, $fn_argument = NULL) { global $auth; ### echo debug output ### if (isset($auth->cur_user)) { $user_name = $auth->cur_user->name; } else { $user_name = '__not_logged_in__'; } $crawler = Auth::isCrawler() ? 'crawler' : ''; log_message($user_name . '@' . getServerVar('REMOTE_ADDR', true) . " -> {$id} " . getServerVar('REQUEST_URI') . " (" . getServerVar('HTTP_USER_AGENT') . ") {$crawler}", LOG_MESSAGE_DEBUG); if (!$id) { $this->show('home'); exit; } else { if ($id != asAlphaNumeric($id)) { new FeedbackWarning("Ignored invalid page '" . asCleanString($id) . "'"); $this->show('home'); exit; } else { if (!isset($this->hash[$id])) { trigger_error('try to show undefined page-id ' . $id, E_USER_WARNING); $this->show('error'); return; } } } $handle = $this->hash[$id]; ### not authenticated ### if (!isset($auth) || !$auth->cur_user) { if (!$handle->valid_for_anonymous) { new FeedbackWarning("As an anonymous user you have not enough rights to view page '{$id}'"); $this->show('loginForm'); exit; } } ### check sufficient user-rights ### if ($handle->rights_required && !($handle->rights_required & $auth->cur_user->user_rights)) { $this->abortWarning("insufficient rights"); } ### hide modification pages from guests ### /** * Note: for some reason, this interfers with unit testing. Using the user agent for this * check here is extremely dirty, because it can be faked from attackers. This will not lead * to a result, because it switches the database for unit testing, though. */ if (getServerVar('HTTP_USER_AGENT') != 'streber_unit_tester') { if (isset($auth) && $auth->isAnonymousUser() && !$handle->valid_for_anonymous && ($handle->type == 'form' || $handle->type == 'subm' || $handle->type == 'func')) { $this->abortWarning("insufficient rights"); } } require_once $handle->req; #--- set page-handler-curpage --- $keep_cur_page_id = $this->cur_page_id; # show() might be called again, so we have to keep the page_id $this->cur_page_id = $id; $keep_cur_page = $this->cur_page; $this->cur_page = $handle; ### submit ### if ($handle->type = 'subm') { $tmp = get('from'); if ($tmp) { $this->cur_page_md5 = $tmp; } } #--- set params --- if ($params) { # global $vars; # foreach($params as $key=>$value) { # $vars[$key]=$value; # } # $vars['go']=$id; $params['go'] = $id; addRequestVars($params); } #--- avoid endless traps --- if (count($this->recursions) > MAX_PAGE_RECURSIONS) { trigger_error("maximum page recursions reached! (" . implode(",", $this->recursions) . ")", E_USER_ERROR); return; } $this->recursions[] = $id; #--- use id as function-name ---- if (function_exists($id)) { if ($fn_argument) { $id($fn_argument); # pass additional paramenter (eg. non-db-objects to xxxNew()-functions) } else { $id(); } } else { $this->abortWarning("page-call to undefined functions '{$id}'", ERROR_FATAL); } $this->cur_page_id = $keep_cur_page_id; $this->cur_page = $keep_cur_page; }
public function __toString() { # global $tabs, $cur_tab, $str, $header_cur_tab_bg; $buffer = '<div id="sections">'; $tab_found = false; if (!isset($this->page->tabs) || !is_array($this->page->tabs)) { trigger_error("tabs not defined", E_USER_WARNING); return; } $page = $this->page; foreach ($page->tabs as $tab => $values) { $bg = isset($values['bg']) ? $values['bg'] : "misc"; $active = ""; /** * ignore tabs with out target (e.g. disable links) */ $target = isset($values['target']) ? $values['target'] : ''; if (!$target) { continue; } #--- current tab ---- if ($tab === $this->page->cur_tab) { $active = "current"; $page->section_scheme = $bg; $tab_found = true; } else { $bg .= "_shade"; # shade non-active tabs } $bg = "bg_{$bg}"; $accesskey = isset($values['accesskey']) ? $accesskey = 'accesskey="' . $values['accesskey'] . '" ' : ""; $tooltip = isset($values['tooltip']) ? 'title="' . asHtml($values['tooltip']) . '" ' : ""; $html = isset($values['html']) ? $html = $values['html'] : ""; $active == "" ? $buffer .= "<span id=\"tab_{$tab}\" class=\"section {$bg}\" {$tooltip}>\n" : ($buffer .= "<span id=\"tab_{$tab}\" class=\"section {$active} {$bg}\" {$tooltip}>\n"); $buffer .= "<a href=\"{$target}\" {$accesskey}>"; $buffer .= $values['title']; $buffer .= '</a>'; $buffer .= $html; $buffer .= "</span>"; } $buffer .= '</div><b class=doclear></b>'; /** * we do not display sections for crawlers, to do not complain */ global $auth; if (!$tab_found && !Auth::isCrawler()) { trigger_error("Could not find tab '{$this->page->cur_tab}' in list...", E_USER_NOTICE); } return $buffer; }