public function show($id = NULL, $params = NULL, $fn_argument = NULL)
 {
     global $auth;
     ### echo debug output ###
     if (isset($auth->cur_user)) {
         $user_name = $auth->cur_user->name;
     } else {
         $user_name = '__not_logged_in__';
     }
     $crawler = Auth::isCrawler() ? 'crawler' : '';
     log_message($user_name . '@' . getServerVar('REMOTE_ADDR', true) . " -> {$id} " . getServerVar('REQUEST_URI') . "  (" . getServerVar('HTTP_USER_AGENT') . ") {$crawler}", LOG_MESSAGE_DEBUG);
     if (!$id) {
         $this->show('home');
         exit;
     } else {
         if ($id != asAlphaNumeric($id)) {
             new FeedbackWarning("Ignored invalid page '" . asCleanString($id) . "'");
             $this->show('home');
             exit;
         } else {
             if (!isset($this->hash[$id])) {
                 trigger_error('try to show undefined page-id ' . $id, E_USER_WARNING);
                 $this->show('error');
                 return;
             }
         }
     }
     $handle = $this->hash[$id];
     ### not authenticated ###
     if (!isset($auth) || !$auth->cur_user) {
         if (!$handle->valid_for_anonymous) {
             new FeedbackWarning("As an anonymous user you have not enough rights to view page '{$id}'");
             $this->show('loginForm');
             exit;
         }
     }
     ### check sufficient user-rights ###
     if ($handle->rights_required && !($handle->rights_required & $auth->cur_user->user_rights)) {
         $this->abortWarning("insufficient rights");
     }
     ### hide modification pages from guests ###
     /**
      * Note: for some reason, this interfers with unit testing. Using the user agent for this
      * check here is extremely dirty, because it can be faked from attackers. This will not lead
      * to a result, because it switches the database for unit testing, though.
      */
     if (getServerVar('HTTP_USER_AGENT') != 'streber_unit_tester') {
         if (isset($auth) && $auth->isAnonymousUser() && !$handle->valid_for_anonymous && ($handle->type == 'form' || $handle->type == 'subm' || $handle->type == 'func')) {
             $this->abortWarning("insufficient rights");
         }
     }
     require_once $handle->req;
     #--- set page-handler-curpage ---
     $keep_cur_page_id = $this->cur_page_id;
     # show() might be called again, so we have to keep the page_id
     $this->cur_page_id = $id;
     $keep_cur_page = $this->cur_page;
     $this->cur_page = $handle;
     ### submit ###
     if ($handle->type = 'subm') {
         $tmp = get('from');
         if ($tmp) {
             $this->cur_page_md5 = $tmp;
         }
     }
     #--- set params ---
     if ($params) {
         #            global $vars;
         #            foreach($params as $key=>$value) {
         #                $vars[$key]=$value;
         #            }
         #            $vars['go']=$id;
         $params['go'] = $id;
         addRequestVars($params);
     }
     #--- avoid endless traps ---
     if (count($this->recursions) > MAX_PAGE_RECURSIONS) {
         trigger_error("maximum page recursions reached! (" . implode(",", $this->recursions) . ")", E_USER_ERROR);
         return;
     }
     $this->recursions[] = $id;
     #--- use id as function-name ----
     if (function_exists($id)) {
         if ($fn_argument) {
             $id($fn_argument);
             # pass additional paramenter (eg. non-db-objects to xxxNew()-functions)
         } else {
             $id();
         }
     } else {
         $this->abortWarning("page-call to undefined functions '{$id}'", ERROR_FATAL);
     }
     $this->cur_page_id = $keep_cur_page_id;
     $this->cur_page = $keep_cur_page;
 }
Example #2
0
 public function __toString()
 {
     #   global $tabs, $cur_tab, $str, $header_cur_tab_bg;
     $buffer = '<div id="sections">';
     $tab_found = false;
     if (!isset($this->page->tabs) || !is_array($this->page->tabs)) {
         trigger_error("tabs not defined", E_USER_WARNING);
         return;
     }
     $page = $this->page;
     foreach ($page->tabs as $tab => $values) {
         $bg = isset($values['bg']) ? $values['bg'] : "misc";
         $active = "";
         /**
          * ignore tabs with out target (e.g. disable links)
          */
         $target = isset($values['target']) ? $values['target'] : '';
         if (!$target) {
             continue;
         }
         #--- current tab ----
         if ($tab === $this->page->cur_tab) {
             $active = "current";
             $page->section_scheme = $bg;
             $tab_found = true;
         } else {
             $bg .= "_shade";
             # shade non-active tabs
         }
         $bg = "bg_{$bg}";
         $accesskey = isset($values['accesskey']) ? $accesskey = 'accesskey="' . $values['accesskey'] . '" ' : "";
         $tooltip = isset($values['tooltip']) ? 'title="' . asHtml($values['tooltip']) . '" ' : "";
         $html = isset($values['html']) ? $html = $values['html'] : "";
         $active == "" ? $buffer .= "<span id=\"tab_{$tab}\" class=\"section {$bg}\" {$tooltip}>\n" : ($buffer .= "<span id=\"tab_{$tab}\" class=\"section {$active} {$bg}\" {$tooltip}>\n");
         $buffer .= "<a href=\"{$target}\"  {$accesskey}>";
         $buffer .= $values['title'];
         $buffer .= '</a>';
         $buffer .= $html;
         $buffer .= "</span>";
     }
     $buffer .= '</div><b class=doclear></b>';
     /**
      * we do not display sections for crawlers, to do not complain
      */
     global $auth;
     if (!$tab_found && !Auth::isCrawler()) {
         trigger_error("Could not find tab '{$this->page->cur_tab}' in list...", E_USER_NOTICE);
     }
     return $buffer;
 }