function makeActions()
{
global $site;
global $parametersMod;
require_once BASE_DIR . MODULE_DIR . 'administrator/email_queue/module.php';
if (isset($_REQUEST['cm_group']) && isset($_REQUEST['cm_name'])) {
$menuModule = Db::getMenuModModule(null, $_REQUEST['cm_group'], $_REQUEST['cm_name']);
if ($menuModule) {
eval(' $new_module = new \\Modules\\standard\\content_management\\Widgets\\' . $menuModule['g_name'] . '\\' . $menuModule['m_name'] . '\\Module(); ');
$new_module->makeActions();
}
}
if (isset($_POST['id'])) {
$road = $site->getZone($site->currentZone)->getRoadToElement($_POST['id']);
$urlVars = array();
foreach ($road as $key => $value) {
$urlVars[] = $value->getUrl();
}
echo 'window.location.href = \'' . $site->generateUrl(null, $site->currentZone, $urlVars) . '\';';
}
if (isset($_POST['action']) && $_POST['action'] == 'sitemap_list') {
$list = $this->getSitemapInList();
echo $list;
}
\Db::disconnect();
exit;
}
public function setup()
{
global $baseParams;
$db = new Db($baseParams['__YKVAL_DB_DSN__'], 'root', 'lab', $baseParams['__YKVAL_DB_OPTIONS__']);
$db->connect();
# $db->truncateTable('queue');
$db->disconnect();
}
function __construct()
{
session_name(SESSION_NAME);
session_start();
if (sizeof($_POST) > 0 || sizeof($_GET) > 0) {
//CSRF atack check
if ((!isset($_REQUEST['security_token']) || $this->securityToken() != $_REQUEST['security_token']) && (!isset($_REQUEST['action']) || $_REQUEST['action'] != "login" || isset($_REQUEST['module_id']))) {
global $cms;
echo '
<script type="text/javascript">document.location=\'admin.php\'</script>
';
/* trigger_error("Possible CSRF atack.\n Referer:".(isset($_SERVER['HTTP_REFERER'])?"No":$_SERVER["http_referer"])."\n Destination:".$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]);*/
\Db::disconnect();
exit;
}
}
}
function makeActions()
{
if (isset($_REQUEST['action'])) {
switch ($_REQUEST['action']) {
case 'getSystemInfo':
$module = new Module();
$systemInfo = $module->getSystemInfo();
if (isset($_REQUEST['afterLogin'])) {
// request after login.
if ($systemInfo == '') {
$_SESSION['modules']['administrator']['system']['show_system_message'] = false;
//don't display system alert at the top.
return;
} else {
$md5 = \DbSystem::getSystemVariable('last_system_message_shown');
if ($systemInfo && (!$md5 || $md5 != md5($systemInfo))) {
//we have a new message
$newMessage = false;
foreach (json_decode($systemInfo) as $infoKey => $infoValue) {
if ($infoValue->type != 'status') {
$newMessage = true;
}
}
$_SESSION['modules']['administrator']['system']['show_system_message'] = $newMessage;
//display system alert
} else {
//this message was already seen.
$_SESSION['modules']['administrator']['system']['show_system_message'] = false;
//don't display system alert at the top.
return;
}
}
} else {
//administrator/system tab.
\DbSystem::setSystemVariable('last_system_message_shown', md5($systemInfo));
$_SESSION['modules']['administrator']['system']['show_system_message'] = false;
//don't display system alert at the top.
}
echo $systemInfo;
break;
}
}
\Db::disconnect();
exit;
}
private function makeRedirect()
{
$curEl = $this->getCurrentElement();
if ($curEl) {
//if page exist.
switch ($curEl->getType()) {
case 'subpage':
case 'redirect':
$currentUrl = $this->getCurrentUrl();
if (isset($_SESSION['frontend']['redirects'][$currentUrl])) {
unset($_SESSION['frontend']['redirects']);
return;
//infinite redirect loop. Stop redirecting;
} else {
if (!isset($_GET['cms_action']) || $_GET['cms_action'] != 'manage_content') {
$_SESSION['frontend']['redirects'][$currentUrl] = 1;
//to detect infinite loop
header('HTTP/1.1 301 Moved Permanently');
header('Location: ' . $curEl->getLink());
\Db::disconnect();
exit;
}
}
break;
}
}
unset($_SESSION['frontend']['redirects']);
}
public static function makeActions($zoneName)
{
global $site;
global $parametersMod;
global $log;
$newsletterZone = $site->getZoneByModule('community', 'newsletter');
if (!$newsletterZone) {
return;
}
if (isset($_REQUEST['action'])) {
switch ($_REQUEST['action']) {
case 'subscribe':
if (isset($_REQUEST['email']) && Db::subscribed($_REQUEST['email'], $site->currentLanguage['id'])) {
$status = 'subscribed';
$url = $site->generateUrl(null, $zoneName, array("subscribed"));
} elseif (!preg_match('#^[a-z0-9.!\\#$%&\'*+-/=?^_`{|}~]+@([0-9.]+|([^\\s]+\\.+[a-z]{2,6}))$#si', $_REQUEST['email'])) {
$status = 'incorrect_email';
$url = $site->generateUrl(null, $zoneName, array("incorrect_email"));
} else {
$site->requireTemplate('community/newsletter/template.php');
if ($_REQUEST['email'] && !Db::registeredAndNotActivated($_REQUEST['email'], $site->currentLanguage['id'])) {
Db::subscribe($_REQUEST['email'], $site->currentLanguage['id']);
}
$subscriber = Db::getSubscriberByEmail($_REQUEST['email'], $site->currentLanguage['id']);
$emailQueue = new \Modules\administrator\email_queue\Module();
$link = $site->generateUrl(null, $newsletterZone->getName(), array(), array("action" => "conf", "id" => $subscriber['id'], "code" => $subscriber['verification_code']));
$emailHtml = Template::subscribeConfirmation($link);
$emailQueue->addEmail($parametersMod->getValue('standard', 'configuration', 'main_parameters', 'email'), $parametersMod->getValue('standard', 'configuration', 'main_parameters', 'name'), $_REQUEST['email'], '', $parametersMod->getValue('community', 'newsletter', 'subscription_translations', 'subject_confirmation'), $emailHtml, true, true, null);
$emailQueue->send();
$status = 'email_confirmation';
$url = $site->generateUrl(null, $zoneName, array("email_confirmation"));
}
echo '
{
"status":"' . $status . '",
"url":"' . $url . '"
}';
$log->log('community/newsletter', 'Start subscribtion', $_REQUEST['email']);
\Db::disconnect();
exit;
break;
case 'unsubscribe':
//unsubscribe through website
if ($parametersMod->getValue('community', 'newsletter', 'options', 'show_unsubscribe_button')) {
//if unsubscribe through webpage is allowed
Db::unsubscribe($_REQUEST['email'], $site->currentLanguage['id']);
echo '
{
"status":"email_confirmation",
"url":"' . $site->generateUrl(null, $zoneName, array("unsubscribed")) . '"
}';
$log->log('community/newsletter', 'Unsubscribe (website form)', $_REQUEST['email']);
\Db::disconnect();
exit;
}
break;
case 'cancel':
//unsubscribe through e-mail link
if (isset($_REQUEST['id']) && isset($_REQUEST['code'])) {
$record = DB::getSubscriber($_REQUEST['id']);
$log->log('community/newsletter', 'Unsubscribe (e-mail link)', $record['email']);
Db::unsubscribe($_REQUEST['email'], $site->currentLanguage['id'], $_REQUEST['id'], $_REQUEST['code']);
header('location: ' . $site->generateUrl(null, $newsletterZone->getName(), array("unsubscribed"), array()));
\Db::disconnect();
exit;
}
break;
case 'conf':
if (isset($_GET['id']) && isset($_GET['code'])) {
if (Db::confirm($_GET['id'], $_GET['code'], $site->currentLanguage['id'])) {
header('location: ' . $site->generateUrl(null, $newsletterZone->getName(), array("subscribed"), array()));
$record = DB::getSubscriber($_GET['id']);
$log->log('community/newsletter', 'Confirm subscribtion', $record['email']);
} else {
header('location: ' . $site->generateUrl(null, $newsletterZone->getName(), array("error_confirmation"), array()));
$log->log('community/newsletter', 'Incorrect confirmation link', $_GET['id'] . ' ' . $_GET['code']);
}
}
break;
case 'get_link':
if (isset($_REQUEST['page'])) {
switch ($_REQUEST['page']) {
case 'error_confirmation':
echo $site->generateUrl(null, $zoneName, array("error_confirmation"));
break;
case 'email_confirmation':
echo $site->generateUrl(null, $zoneName, array("email_confirmation"));
break;
case 'subscribed':
echo $site->generateUrl(null, $zoneName, array("subscribed"));
break;
case 'incorrect_email':
echo $site->generateUrl(null, $zoneName, array("incorrect_email"));
break;
case 'unsubscribed':
echo $site->generateUrl(null, $zoneName, array("unsubscribed"));
break;
}
}
\Db::disconnect();
exit;
break;
}
}
}
switch ($_REQUEST['action']) {
case 'delete':
$db->deleteNote($activeNoteId);
$newId = $db->getMaxId();
setcookie("ACTIVE_NOTE_ID", $newId);
$activeNoteId = $newId;
break;
case 'update':
$db->updateNote($_COOKIE['ACTIVE_NOTE_ID'], $_REQUEST['content']);
break;
case 'new':
$db->createNote("New note.");
$newId = $db->getMaxId();
setcookie("ACTIVE_NOTE_ID", $newId);
$activeNoteId = $newId;
break;
case 'navigate':
setcookie("ACTIVE_NOTE_ID", $_REQUEST['id']);
$activeNoteId = $_REQUEST['id'];
break;
}
}
// create Smarty template
$template = new Smarty();
// pass the variables to the corresponding template and display it
$template->assign("ACTIVE_NOTE_ID", $activeNoteId);
$template->assign("notes", $db->getNotes());
$template->display('index.tpl');
//disconnect
$db->disconnect();
public function __destruct()
{
Db::disconnect();
}
function ajax_action()
{
global $parametersMod;
global $cms;
if (isset($_POST['action'])) {
switch ($_POST['action']) {
case 'new_row_number':
$sql = "update `" . DB_PREF . $this->current_area->db_table . "` set `" . mysql_real_escape_string($this->current_area->sort_field) . "` = '" . mysql_real_escape_string($_POST['new_row_number']) . "'\n\t\t\t\twhere `" . $this->current_area->db_key . "` = '" . mysql_real_escape_string($_POST['key_id']) . "'";
$rs = mysql_query($sql);
if (!$rs) {
trigger_error($sql . " " . mysql_error());
}
\Db::disconnect();
exit;
break;
case 'row_number_increase':
$sql_current = "select `" . $this->current_area->db_key . "`, `" . mysql_real_escape_string($this->current_area->sort_field) . "` from `" . DB_PREF . $this->current_area->db_table . "` where `" . $this->current_area->db_key . "` = '" . mysql_real_escape_string($_POST['key_id']) . "'";
$rs_current = mysql_query($sql_current);
if ($rs_current) {
if ($lock_current = mysql_fetch_assoc($rs_current)) {
//current record (need to be moved up)
/*searching upper record*/
if ($this->level > 0) {
$sql_add = " and " . $this->current_area->get_db_reference() . " = '" . mysql_real_escape_string($this->up_area->get_parent_id()) . "' ";
} else {
$sql_add = '';
}
$sql_upper = "select `" . $this->current_area->db_key . "`, `" . mysql_real_escape_string($this->current_area->sort_field) . "`\n\t\t\t\t\t\tfrom `" . DB_PREF . $this->current_area->db_table . "` \n\t\t\t\t\t\twhere `" . mysql_real_escape_string($this->current_area->sort_field) . "` >= '" . mysql_real_escape_string($lock_current[$this->current_area->sort_field]) . "' \n\t\t\t\t\t\tand `" . $this->current_area->db_key . "` <> '" . mysql_real_escape_string($lock_current[$this->current_area->db_key]) . "' " . $sql_add . "\n\t\t\t\t\t\torder by `" . mysql_real_escape_string($this->current_area->sort_field) . "` asc limit 1";
$rs_upper = mysql_query($sql_upper);
if ($rs_upper) {
if ($lock_upper = mysql_fetch_assoc($rs_upper)) {
//upper record (need to be moved down)
if ($lock_upper[$this->current_area->sort_field] == $lock_current[$this->current_area->sort_field]) {
$sql_update = "update `" . DB_PREF . $this->current_area->db_table . "`\n\t\t\t\t\t\t\t\t\tset `" . mysql_real_escape_string($this->current_area->sort_field) . "` = `" . mysql_real_escape_string($this->current_area->sort_field) . "` - 1 \n\t\t\t\t\t\t\t\t\twhere `" . mysql_real_escape_string($this->current_area->sort_field) . "` <= " . mysql_real_escape_string($lock_upper[$this->current_area->sort_field]) . " and `" . $this->current_area->db_key . "` <> '" . mysql_real_escape_string($lock_current[$this->current_area->db_key]) . "' " . $sql_add . " ";
$rs_update = mysql_query($sql_update);
if (!$rs_update) {
trigger_error($sql . " " . mysql_error());
}
} else {
$sql_update = "update `" . DB_PREF . $this->current_area->db_table . "`\n\t\t\t\t\t\t\t\t\tset `" . mysql_real_escape_string($this->current_area->sort_field) . "` = " . mysql_real_escape_string($lock_current[$this->current_area->sort_field]) . "\n\t\t\t\t\t\t\t\t\twhere `" . $this->current_area->db_key . "` = '" . mysql_real_escape_string($lock_upper[$this->current_area->db_key]) . "' " . $sql_add . " limit 1";
$rs_update = mysql_query($sql_update);
if (!$rs_update) {
trigger_error($sql_update . " " . mysql_error());
}
$sql_update = "update `" . DB_PREF . $this->current_area->db_table . "`\n\t\t\t\t\t\t\t\t\tset `" . mysql_real_escape_string($this->current_area->sort_field) . "` = " . mysql_real_escape_string($lock_upper[$this->current_area->sort_field]) . " \n\t\t\t\t\t\t\t\t\twhere `" . $this->current_area->db_key . "` = '" . mysql_real_escape_string($lock_current[$this->current_area->db_key]) . "' " . $sql_add . " limit 1";
$rs_update = mysql_query($sql_update);
if (!$rs_update) {
trigger_error($sql . " " . mysql_error());
}
}
}
}
} else {
trigger_error($sql . " Element does not exist");
}
}
echo "\n window.location = window.location;\t\t\t\t\t \n ";
\Db::disconnect();
exit;
break;
case 'row_number_decrease':
$sql_current = "select `" . $this->current_area->db_key . "`, `" . mysql_real_escape_string($this->current_area->sort_field) . "`\n \t\t\t\tfrom `" . DB_PREF . $this->current_area->db_table . "` \n \t\t\t\twhere `" . $this->current_area->db_key . "` = '" . mysql_real_escape_string($_POST['key_id']) . "'";
$rs_current = mysql_query($sql_current);
if ($rs_current) {
if ($lock_current = mysql_fetch_assoc($rs_current)) {
//current record (need to be moved down)
/*searching under record*/
if ($this->level > 0) {
$sql_add = " and " . $this->current_area->get_db_reference() . " = '" . mysql_real_escape_string($this->up_area->get_parent_id()) . "' ";
} else {
$sql_add = '';
}
$sql_under = "select `" . $this->current_area->db_key . "`, `" . mysql_real_escape_string($this->current_area->sort_field) . "`\n \t\t\t\t\t\tfrom `" . DB_PREF . $this->current_area->db_table . "` \n \t\t\t\t\t\twhere `" . mysql_real_escape_string($this->current_area->sort_field) . "` <= '" . mysql_real_escape_string($lock_current[$this->current_area->sort_field]) . "' " . $sql_add . "\n \t\t\t\t\t\tand `" . $this->current_area->db_key . "` <> '" . mysql_real_escape_string($lock_current[$this->current_area->db_key]) . "'\n \t\t\t\t\t\torder by `" . mysql_real_escape_string($this->current_area->sort_field) . "` desc limit 1";
$rs_under = mysql_query($sql_under);
if ($rs_under) {
if ($lock_under = mysql_fetch_assoc($rs_under)) {
//under record (need to be moved up)
if ($lock_under[$this->current_area->sort_field] == $lock_current[$this->current_area->sort_field]) {
$sql_update = "update `" . DB_PREF . $this->current_area->db_table . "`\n \t\t\t\t\t\t\t\t\tset `" . mysql_real_escape_string($this->current_area->sort_field) . "` = `" . mysql_real_escape_string($this->current_area->sort_field) . "` + 1\n \t\t\t\t\t\t\t\t\twhere `" . mysql_real_escape_string($this->current_area->sort_field) . "` >= " . mysql_real_escape_string($lock_under[$this->current_area->sort_field]) . " and `" . $this->current_area->db_key . "` <> '" . mysql_real_escape_string($lock_current[$this->current_area->db_key]) . "' " . $sql_add . "";
$rs_update = mysql_query($sql_update);
if (!$rs_update) {
trigger_error($sql_update . " " . mysql_error());
}
} else {
$sql_update = "update `" . DB_PREF . $this->current_area->db_table . "`\n \t\t\t\t\t\t\t\t\tset `" . mysql_real_escape_string($this->current_area->sort_field) . "` = " . $lock_current[$this->current_area->sort_field] . " \n \t\t\t\t\t\t\t\t\twhere `" . $this->current_area->db_key . "` = '" . mysql_real_escape_string($lock_under[$this->current_area->db_key]) . "' " . $sql_add . " limit 1";
$rs_update = mysql_query($sql_update);
if (!$rs_update) {
trigger_error($sql_update . " " . mysql_error());
}
$sql_update = "update `" . DB_PREF . $this->current_area->db_table . "`\n \t\t\t\t\t\t\t\t\tset `" . mysql_real_escape_string($this->current_area->sort_field) . "` = " . $lock_under[$this->current_area->sort_field] . " \n \t\t\t\t\t\t\t\t\twhere `" . $this->current_area->db_key . "` = '" . mysql_real_escape_string($lock_current[$this->current_area->db_key]) . "' " . $sql_add . " limit 1";
$rs_update = mysql_query($sql_update);
if (!$rs_update) {
trigger_error($sql_update . " " . mysql_error());
}
}
}
}
} else {
trigger_error($sql . " Element does not exist");
}
}
echo "document.location = document.location;";
\Db::disconnect();
exit;
break;
case 'delete':
if ($this->allow_delete($this->current_area, $_REQUEST['key_id'], $this->current_area, $_REQUEST['key_id'])) {
$this->delete($this->current_area, $_REQUEST['key_id']);
echo "delete_row(" . $_POST['key_id'] . ")";
}
\Db::disconnect();
exit;
break;
case 'insert':
$parameters = array();
//parameters for main sql for current area table.
foreach ($this->current_area->get_elements() as $key => $element) {
$new_error = $element->check_field("i_n_" . $key, "insert");
if ($new_error != null) {
$this->errors[$key] = $new_error;
}
}
if (sizeof($this->errors) == 0) {
foreach ($this->current_area->get_elements() as $key => $element) {
$new_parameter = $element->get_parameters("insert", "i_n_" . $key);
if ($new_parameter) {
$parameters[] = $new_parameter;
}
}
$sql = "insert into `" . DB_PREF . "" . $this->current_area->get_db_table() . "` set `" . $this->current_area->db_key . "`= DEFAULT ";
$need_comma = true;
if ($this->level > 0) {
$sql .= ", `" . $this->current_area->get_db_reference() . "` = '" . mysql_real_escape_string($this->up_area->parent_id) . "' ";
$need_comma = true;
}
foreach ($parameters as $key => $parameter) {
if ($need_comma) {
$sql .= ", `" . $parameter['name'] . "` = '" . mysql_real_escape_string($parameter['value']) . "' ";
} else {
$sql .= " `" . $parameter['name'] . "` = '" . mysql_real_escape_string($parameter['value']) . "' ";
$need_comma = true;
}
}
$rs = mysql_query($sql);
if (!$rs) {
trigger_error("Impossible to insert new data " . $sql);
} else {
$last_insert_id = mysql_insert_id();
/* update sort field value */
if ($this->current_area->sort_field && $this->current_area->new_record_position == 'top') {
/* increase all sort field numbers */
$sql = "update `" . DB_PREF . "" . $this->current_area->get_db_table() . "` set `" . mysql_real_escape_string($this->current_area->sort_field) . "` = `" . mysql_real_escape_string($this->current_area->sort_field) . "` + 1";
$rs = mysql_query($sql);
if (!$rs) {
trigger_error("Can't change sort numbers " . $sql . " " . mysql_error());
}
/* find lowest walue */
if ($this->level > 0) {
$sql = "select min(`" . mysql_real_escape_string($this->current_area->sort_field) . "`) as 'min_value' from `" . DB_PREF . "" . $this->current_area->get_db_table() . "` where " . $this->current_area->get_db_reference() . " = '" . mysql_real_escape_string($this->up_area->get_parent_id()) . "' and `" . $this->current_area->db_key . "` <> " . (int) $last_insert_id . " ";
} else {
$sql = "select min(`" . mysql_real_escape_string($this->current_area->sort_field) . "`) as 'min_value' from `" . DB_PREF . "" . $this->current_area->get_db_table() . "` where `" . $this->current_area->db_key . "` <> " . (int) $last_insert_id . " ";
}
$rs = mysql_query($sql);
if ($rs) {
if ($lock = mysql_fetch_assoc($rs)) {
/* update inserted record to have the smallest sort field number*/
$sql2 = "update `" . DB_PREF . "" . $this->current_area->get_db_table() . "` set `" . mysql_real_escape_string($this->current_area->sort_field) . "` = (" . $lock['min_value'] . " - 1) where `" . $this->current_area->db_key . "` = " . $last_insert_id . " ";
$rs = mysql_query($sql2);
if (!$rs) {
trigger_error($sql . " " . mysql_error());
}
}
} else {
trigger_error("Can't find lowest value " . $sql . " " . mysql_error());
}
}
if ($this->current_area->sort_field && $this->current_area->new_record_position == 'bottom') {
/* find biggest walue */
if ($this->level > 0) {
$sql = "select max(`" . mysql_real_escape_string($this->current_area->sort_field) . "`) as 'max_value' from `" . DB_PREF . "" . $this->current_area->get_db_table() . "` where " . $this->current_area->get_db_reference() . " = '" . mysql_real_escape_string($this->up_area->get_parent_id()) . "' and `" . $this->current_area->db_key . "` <> " . (int) $last_insert_id . "";
} else {
$sql = "select max(`" . mysql_real_escape_string($this->current_area->sort_field) . "`) as 'max_value' from `" . DB_PREF . "" . $this->current_area->get_db_table() . "` where `" . $this->current_area->db_key . "` <> " . (int) $last_insert_id . "";
}
$rs = mysql_query($sql);
if ($rs) {
if ($lock = mysql_fetch_assoc($rs)) {
/* update inserted record to have the smallest sort field number*/
$sql2 = "update `" . DB_PREF . "" . $this->current_area->get_db_table() . "` set `" . mysql_real_escape_string($this->current_area->sort_field) . "` = (" . $lock['max_value'] . " + 1) where `" . $this->current_area->db_key . "` = " . $last_insert_id . " ";
$rs = mysql_query($sql2);
if (!$rs) {
trigger_error($sql . " " . mysql_error());
}
}
} else {
trigger_error("Can't find lowest value " . $sql . " " . mysql_error());
}
}
foreach ($this->current_area->get_elements() as $key => $element) {
$new_parameter = $element->process_insert("i_n_" . $key, $this->current_area, $last_insert_id);
}
if (method_exists($this->current_area, 'after_insert')) {
$this->current_area->after_insert($last_insert_id);
}
$elements =& $this->current_area->get_elements();
for ($i = 0; $i < sizeof($elements); $i++) {
$elements[$i]->reset("i_n_" . $i);
}
}
$answer = "\n <html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n </head>\n <body>\n <script type=\"text/javascript\">\n parent.window.location.reload(true);\n parent.window.location.href = parent.window.location.href;\n \n </script>\n </body></html>\n ";
echo $answer;
\Db::disconnect();
exit;
} else {
$answer = "\n <html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n </head>\n <body>\n <script type=\"text/javascript\">\n var errors = new Array();\n var new_fields = new Array();\n ";
foreach ($this->errors as $key => $error) {
$answer .= "\n var error = ['i_n_" . addslashes($key) . "', '" . addslashes($error) . "'];\n errors.push(error);\n ";
}
$answer .= "\n </script>\n </body></html>\n ";
echo $answer;
\Db::disconnect();
exit;
/*$elements = &$this->current_area->get_elements();
for($i=0; $i<sizeof($elements); $i++){
$elements[$i]->memorize("i_n_".$i);
}*/
}
break;
case 'update':
$parameters = array();
//parameters for main sql for current area table.
foreach ($this->up_area->get_elements() as $key => $element) {
$new_error = $element->check_field("i_" . $key, "update");
if ($new_error != null) {
$this->errors[$key] = $new_error;
}
}
if (sizeof($this->errors) == 0) {
if (method_exists($this->up_area, 'before_update')) {
$this->up_area->before_update(mysql_real_escape_string($this->up_area->parent_id));
}
foreach ($this->up_area->get_elements() as $key => $element) {
$new_parameter = $element->get_parameters("update", "i_" . $key);
if ($new_parameter) {
$parameters[] = $new_parameter;
}
}
$main_update = false;
if (sizeof($parameters) > 0) {
$sql = "update `" . DB_PREF . "" . $this->up_area->get_db_table() . "` set ";
$need_comma = false;
foreach ($parameters as $key => $parameter) {
if ($need_comma) {
$sql .= ", `" . $parameter['name'] . "` = '" . mysql_real_escape_string($parameter['value']) . "' ";
} else {
$sql .= " `" . $parameter['name'] . "` = '" . mysql_real_escape_string($parameter['value']) . "' ";
$need_comma = true;
}
}
$sql .= " where `" . $this->up_area->get_db_key() . "` = '" . mysql_real_escape_string($this->up_area->parent_id) . "' ";
$rs = mysql_query($sql);
if (!$rs) {
trigger_error("Impossible to update " . $sql);
} else {
$main_update = true;
}
} else {
$main_update = true;
}
if ($main_update) {
foreach ($this->up_area->get_elements() as $key => $element) {
$new_parameter = $element->process_update("i_" . $key, $this->up_area, mysql_real_escape_string($this->up_area->parent_id));
}
}
if (method_exists($this->up_area, 'after_update')) {
$this->up_area->after_update(mysql_real_escape_string($this->up_area->parent_id));
}
$elements =& $this->up_area->get_elements();
for ($i = 0; $i < sizeof($elements); $i++) {
$elements[$i]->reset();
}
$answer = "\n <html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n </head>\n <body>\n <script type=\"text/javascript\">\n parent.window.location.reload(true);\n parent.window.location.href = parent.window.location.href;\n \n </script>\n </body></html>\n ";
echo $answer;
\Db::disconnect();
exit;
} else {
$answer = "\n <html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n </head>\n <body>\n <script type=\"text/javascript\">\n var errors = new Array();\n var new_fields = new Array();\n ";
foreach ($this->errors as $key => $error) {
$answer .= "\n var error = ['i_n_" . addslashes($key) . "', '" . addslashes($error) . "'];\n errors.push(error);\n ";
}
$answer .= "\n </script>\n </body></html>\n ";
echo $answer;
\Db::disconnect();
exit;
}
break;
}
}
}
/**
* test_setAttribute_withArgs()
*
* setAttribute()のテスト(引数指定時)
*/
public function test_setAttribute_withArgs()
{
$params = ["driver" => $GLOBALS['DB_DRIVER'], "user" => $GLOBALS['DB_USER'], "pass" => $GLOBALS['DB_PASSWORD'], "dbname" => $GLOBALS['DB_DBNAME'], "host" => $GLOBALS['DB_HOST'], "persistent" => false];
$instance = new Db();
$instance->connect($params);
$before_val = $instance->getAttribute('FETCH_MODE');
$tmp_result = $instance->setAttribute(\PDO::ATTR_DEFAULT_FETCH_MODE, \PDO::FETCH_OBJ);
$after_val = $instance->getAttribute('FETCH_MODE');
$this->assertTrue($tmp_result);
$this->assertNotEquals($before_val, $after_val);
$this->assertNotEquals(\PDO::FETCH_OBJ, $after_val);
$instance->disconnect();
unset($instance);
}
function manage()
{
global $cms;
$answer = '';
if (isset($_REQUEST['type']) == 'ajax' && $_REQUEST['action'] == 'install') {
if ($_REQUEST['action'] == 'install') {
$errors = ModulesInstallation::getErrors($_REQUEST['module_group'], $_REQUEST['module']);
if ($errors) {
$tmp_answer = '';
foreach ($errors as $key => $error) {
if ($tmp_answer != '') {
$tmp_answer .= "\\n\\n";
}
$tmp_answer .= addslashes(str_replace("\n", "", str_replace("\r", "", $error)));
}
$answer .= 'alert(\'' . $tmp_answer . '\')';
} else {
ModulesInstallation::install($_REQUEST['module_group'], $_REQUEST['module']);
$answer .= '
window.location = \'' . $cms->generateUrl() . '\';
';
}
}
echo $answer;
\Db::disconnect();
exit;
} else {
//$this->standard_module->before_content = $this->find_new_modules(); widgets installation disabled
return $this->standard_module->manage();
}
}
function makeActions()
{
global $site;
global $parametersMod;
global $session;
global $log;
$userZone = $site->getZoneByModule('community', 'user');
if (!$userZone) {
return;
}
if (isset($_REQUEST['action'])) {
switch ($_REQUEST['action']) {
case 'password_reset':
$standardForm = new \Library\Php\Form\Standard(\Modules\community\user\Config::getPasswordResetFields());
$errors = $standardForm->getErrors();
$tmpUser = Db::userByEmail($_POST['email']);
if (!$tmpUser) {
$errors['email'] = $parametersMod->getValue('community', 'user', 'errors', 'email_doesnt_exist');
}
if (!isset($_POST['password']) || $_POST['password'] == '' || $parametersMod->getValue('community', 'user', 'options', 'type_password_twice') && $_POST['password'] != $_POST['confirm_password']) {
$errors['password'] = $parametersMod->getValue('community', 'user', 'errors', 'passwords_dont_match');
$errors['confirm_password'] = $parametersMod->getValue('community', 'user', 'errors', 'passwords_dont_match');
}
if (sizeof($errors) > 0) {
$html = $standardForm->generateErrorAnswer($errors);
} else {
$tmp_code = md5(uniqid(rand(), true));
if ($parametersMod->getValue('community', 'user', 'options', 'encrypt_passwords')) {
$additionalFields['new_password'] = md5($_POST['password'] . \Modules\community\user\Config::$hashSalt);
} else {
$additionalFields['new_password'] = $_POST['password'];
}
$additionalFields['verification_code'] = $tmp_code;
$standardForm->updateDatabase(DB_PREF . 'm_community_user', 'id', $tmpUser['id'], $additionalFields);
$this->sendPasswordResetLink($_POST['email'], $tmp_code, $tmpUser['id']);
$html = "\n <html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" /></head><body>\n <script type=\"text/javascript\">\n parent.window.location = '" . $site->generateUrl(null, $userZone->getName(), array(Config::$urlPasswordResetSentText)) . "';\n </script>\n </body></html> \n ";
}
echo $html;
\Db::disconnect();
exit;
break;
case 'password_reset_verification':
$current = Db::userById($_REQUEST['id']);
if ($current && $current['verified']) {
if ($current['verification_code'] == $_REQUEST['code']) {
if ($current['new_password'] != '') {
if (Db::verifyNewPassword($current['id'])) {
$site->dispatchEvent('community', 'user', 'password_reset', array('user_id' => $current['id']));
header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlPasswordResetVerified)));
} else {
header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlPasswordResetVerificationError)));
}
} else {
header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlPasswordResetVerified)));
}
} else {
header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlPasswordResetVerificationError)));
}
} else {
header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlPasswordResetVerificationError)));
}
\Db::disconnect();
exit;
break;
case 'register':
$html = '';
if (!$parametersMod->getValue('community', 'user', 'options', 'enable_registration')) {
\Db::disconnect();
exit;
}
$standardForm = new \Library\Php\Form\Standard(\Modules\community\user\Config::getRegistrationFields());
$errors = $standardForm->getErrors();
$sameEmailUser = Db::userByEmail($_POST['email']);
if ($_POST['email'] && $sameEmailUser) {
$errors['email'] = $parametersMod->getValue('community', 'user', 'errors', 'already_registered');
}
if ($parametersMod->getValue('community', 'user', 'options', 'login_type') == 'login') {
$sameLoginUser = Db::userByLogin($_POST['login']);
if ($sameLoginUser) {
$errors['login'] = $parametersMod->getValue('community', 'user', 'errors', 'already_registered');
}
}
if ($parametersMod->getValue('community', 'user', 'options', 'type_password_twice') && $_POST['password'] != $_POST['confirm_password']) {
$errors['password'] = $parametersMod->getValue('community', 'user', 'errors', 'passwords_dont_match');
$errors['confirm_password'] = $parametersMod->getValue('community', 'user', 'errors', 'passwords_dont_match');
}
if (sizeof($errors) > 0) {
$html = $standardForm->generateErrorAnswer($errors);
} else {
$tmp_code = md5(uniqid(rand(), true));
if ($parametersMod->getValue('community', 'user', 'options', 'encrypt_passwords')) {
$password = md5($_POST['password'] . \Modules\community\user\Config::$hashSalt);
} else {
$password = $_POST['password'];
}
if ($parametersMod->getValue('community', 'user', 'options', 'require_email_confirmation')) {
$verified = '0';
} else {
$verified = '1';
}
$insert_id = $standardForm->writeToDatabase(DB_PREF . 'm_community_user', array('verified' => $verified, 'verification_code' => $tmp_code, 'password' => $password, 'last_login' => date("Y-m-d"), 'language_id' => $site->currentLanguage['id']));
if ($insert_id !== false) {
$site->dispatchEvent('community', 'user', 'register', array('user_id' => $insert_id));
if ($parametersMod->getValue('community', 'user', 'options', 'require_email_confirmation')) {
$this->sendVerificationLink($_POST['email'], $tmp_code, $insert_id);
$html = "\n <html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" /></head><body>\n <script type=\"text/javascript\">\n parent.window.location = '" . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRegistrationVerificationRequired)) . "';\n </script>\n </body></html>\n ";
} else {
if ($parametersMod->getValue('community', 'user', 'options', 'autologin_after_registration')) {
$tmpUser = Db::userById($insert_id);
if ($tmpUser) {
$this->login($tmpUser);
$html = $this->redirectAfterLogin();
}
} else {
$html = "\n <html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" /></head><body>\n <script type=\"text/javascript\">\n parent.window.location.href = '" . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRegistrationVerified)) . "';\n </script>\n </body></html>\n ";
}
}
} else {
trigger_error("Cannot register new user");
}
}
echo $html;
\Db::disconnect();
exit;
break;
case 'update_profile':
if ($session->loggedIn()) {
$standardForm = new \Library\Php\Form\Standard(\Modules\community\user\Config::getProfileFields());
$errors = $standardForm->getErrors();
$tmpUser = Db::userById($session->userId());
if (isset($_POST['email']) && $_POST['email'] != $tmpUser['email']) {
$user_by_new_email = Db::userByEmail($_POST['email']);
if ($user_by_new_email && $user_by_new_email['verified']) {
$errors['email'] = $parametersMod->getValue('community', 'user', 'errors', 'already_registered');
}
}
if ($parametersMod->getValue('community', 'user', 'options', 'type_password_twice') && $_POST['password'] != $_POST['confirm_password']) {
$errors['password'] = $parametersMod->getValue('community', 'user', 'errors', 'passwords_dont_match');
$errors['confirm_password'] = $parametersMod->getValue('community', 'user', 'errors', 'passwords_dont_match');
}
if (sizeof($errors) > 0) {
$html = $standardForm->generateErrorAnswer($errors);
} else {
if ($tmpUser) {
$additionalFields = array();
if (isset($_POST['email']) && $_POST['email'] != $tmpUser['email']) {
$tmp_code = md5(uniqid(rand(), true));
$additionalFields['new_email'] = $_POST['email'];
$additionalFields['verification_code'] = $tmp_code;
}
if (isset($_POST['password']) && $_POST['password'] != '') {
if ($parametersMod->getValue('community', 'user', 'options', 'encrypt_passwords')) {
$additionalFields['password'] = md5($_POST['password'] . \Modules\community\user\Config::$hashSalt);
} else {
$additionalFields['password'] = $_POST['password'];
}
}
$standardForm->updateDatabase(DB_PREF . 'm_community_user', 'id', $tmpUser['id'], $additionalFields);
$site->dispatchEvent('community', 'user', 'update_profile', array('user_id' => $tmpUser['id']));
if (isset($_POST['email']) && $_POST['email'] != $tmpUser['email']) {
$this->sendUpdateVerificationLink($_POST['email'], $tmp_code, $tmpUser['id']);
$html = "\n <html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" /></head><body>\n <script type=\"text/javascript\">\n parent.window.location = '" . $site->generateUrl(null, $userZone->getName(), array(Config::$urlEmailVerificationRequired)) . "';\n </script>\n </body></html>\n ";
} else {
$html = "\n <html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" /></head><body>\n <script type=\"text/javascript\">\n parent.window.location = '" . $site->generateUrl(null, $userZone->getName(), array(Config::$urlProfile), array("message" => "updated")) . "';\n </script>\n </body></html>\n ";
}
} else {
trigger_error("Something goes wrong. " . $session->userId() . " " . $_POST['email']);
}
}
echo $html;
\Db::disconnect();
exit;
}
break;
case 'login':
if ($parametersMod->getValue('community', 'user', 'options', 'login_type') == 'login') {
$tmpUser = Db::userByLogin($_POST['login']);
} else {
$tmpUser = Db::userByEmail($_POST['email']);
}
if ($parametersMod->getValue('community', 'user', 'options', 'encrypt_passwords')) {
$tmp_password = md5($_POST['password'] . \Modules\community\user\Config::$hashSalt);
} else {
$tmp_password = $_POST['password'];
}
if ($tmpUser && isset($_POST['password']) && $tmp_password == $tmpUser['password']) {
$this->login($tmpUser);
if ($parametersMod->getValue('community', 'user', 'options', 'enable_autologin') && isset($_POST['autologin']) && $_POST['autologin']) {
setCookie(Config::$autologinCookieName, json_encode(array('id' => $tmpUser['id'], 'pass' => md5($tmpUser['password'] . $tmpUser['created_on']))), time() + $parametersMod->getValue('community', 'user', 'options', 'autologin_time') * 60 * 60 * 24, Config::$autologinCookiePath, Config::getCookieDomain());
}
$html = $this->redirectAfterLogin();
} else {
$standardForm = new \Library\Php\Form\Standard(\Modules\community\user\Config::getRegistrationFields());
$errors = array();
$globalError = null;
$site->dispatchEvent('community', 'user', 'incorrect_login', array('post' => $_POST));
if ($parametersMod->getValue('community', 'user', 'options', 'login_type') == 'login') {
$globalError = $parametersMod->getValue('community', 'user', 'errors', 'incorrect_login_data');
$errors['login'] = '';
} else {
$globalError = $parametersMod->getValue('community', 'user', 'errors', 'incorrect_email_data');
$errors['email'] = '';
}
$errors['password'] = '';
$log->log('community/user', 'incorrect frontend login', $_SERVER['REMOTE_ADDR']);
$html = $standardForm->generateErrorAnswer($errors, $globalError);
}
echo $html;
\Db::disconnect();
exit;
break;
case 'registration_verification':
$current = Db::userById($_REQUEST['id']);
if ($current) {
$sameEmailUser = Db::userByEmail($current['email']);
$sameLoginUser = Db::userByLogin($current['login']);
if ($current['verification_code'] == $_REQUEST['code']) {
if ($sameEmailUser && $sameEmailUser['id'] != $current['id']) {
header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlVerificationErrorEmailExist)));
} elseif ($parametersMod->getValue('community', 'user', 'options', 'login_type') == 'login' && $sameLoginUser && $sameLoginUser != $current['id']) {
header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlVerificationErrorUserExist)));
} else {
Db::verify($current['id']);
$site->dispatchEvent('community', 'user', 'registration_verification', array('user_id' => $current['id']));
if ($parametersMod->getValue('community', 'user', 'options', 'autologin_after_registration')) {
$this->login($current);
$this->redirectAfterLoginHeader();
} else {
header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRegistrationVerified)));
}
}
} else {
header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRegistrationVerificationError)));
}
} else {
header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRegistrationVerificationError)));
}
\Db::disconnect();
exit;
break;
case 'new_email_verification':
$sameEmailUser = Db::userById($_REQUEST['id']);
if ($sameEmailUser) {
if ($sameEmailUser['verification_code'] == $_REQUEST['code']) {
$user_with_new_email = Db::userByEmail($sameEmailUser['new_email']);
if ($user_with_new_email) {
if ($user_with_new_email['id'] == $sameEmailUser['id']) {
header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRegistrationVerified)));
} else {
header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlNewEmailVerificationError)));
}
} else {
if ($sameEmailUser['new_email'] == '') {
header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRegistrationVerified)));
} else {
Db::verifyNewEmail($sameEmailUser['id']);
$site->dispatchEvent('community', 'user', 'new_email_verification', array('user_id' => $sameEmailUser['id']));
header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlNewEmailVerified)));
}
}
} else {
header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlNewEmailVerificationError)));
}
} else {
header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlNewEmailVerificationError)));
}
\Db::disconnect();
exit;
break;
case 'logout':
if ($session->loggedIn()) {
$site->dispatchEvent('community', 'user', 'logout', array('user_id' => $session->userId()));
}
$session->logout();
if ($parametersMod->getValue('community', 'user', 'options', 'enable_autologin')) {
setCookie(Config::$autologinCookieName, '', time() - 60, Config::$autologinCookiePath, Config::getCookieDomain());
}
header('location: ' . BASE_URL);
\Db::disconnect();
exit;
break;
case 'renew_registration':
if (isset($_GET['id'])) {
if (Db::renewRegistration($_GET['id']) == 1) {
$site->dispatchEvent('community', 'user', 'renew_registration', array('user_id' => $_GET['id']));
header('location: ' . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRenewedRegistration)));
} else {
header('location: ' . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRenewRegistrationError)));
}
} else {
header('location: ' . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRenewRegistrationError)));
}
\Db::disconnect();
exit;
break;
}
}
}
public function testDisconnectClearsPdo()
{
$this->db->disconnect();
$this->assertEmpty($this->db->getPdo());
}
/**
* Generates sitemap XML
* @param int $nr Number of sitemap. Big sites are split into several sitemaps. Begining from 0.
* @return string Sitemap XML
*/
function getSitemap($zone, $languageId, $nr)
{
global $parametersMod;
global $site;
if (!isset($this->mappedZones[$zone]) || $site->getZone($zone) == false) {
header('HTTP/1.0 404 Not Found');
\Db::disconnect();
exit;
}
header('Content-type: application/xml; charset="' . CHARSET . '"', true);
$answer = '';
$answer .= '<' . '?xml version="1.0" encoding="' . CHARSET . '"?' . '>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
';
if ($this->mappedZones[$zone] == -1) {
//unlimited depth
$pages = $this->getPages($site->getZone($zone), $languageId);
} else {
$pages = $this->getPages($site->getZone($zone), $languageId, $this->mappedZones[$zone]);
}
//var_dump($pages);
for ($i = $nr * SITEMAP_MAX_LENGTH; $i < ($nr + 1) * SITEMAP_MAX_LENGTH; $i++) {
if (isset($pages[$i])) {
$answer .= '
<url>
<loc>' . $pages[$i]->getLink() . '</loc>
';
if ($pages[$i]->getLastModified()) {
$answer .= '<lastmod>' . substr($pages[$i]->getLastModified(), 0, 10) . '</lastmod>
';
}
if ($frequency = $pages[$i]->getModifyFrequency()) {
$tmp_freq = '';
if ($frequency < 60 * 30) {
//30 min
$tmp_freq = 'always';
} elseif ($frequency < 60 * 60) {
//1 hour
$tmp_freq = 'hourly';
} elseif ($frequency < 60 * 60 * 24) {
//1 day
$tmp_freq = 'daily';
} elseif ($frequency < 60 * 60 * 24 * 7) {
//1 week
$tmp_freq = 'weekly';
} elseif ($frequency < 60 * 60 * 24 * 30) {
//1 month
$tmp_freq = 'monthly';
} elseif ($frequency < 60 * 60 * 24 * 360 * 2) {
//2 years
$tmp_freq = 'yearly';
} else {
$tmp_freq = 'never';
}
$answer .= '<changefreq>' . $tmp_freq . '</changefreq>
';
}
if ($tmpPriority = $pages[$i]->getPriority()) {
$answer .= '<priority>' . $tmpPriority . '</priority>
';
}
$answer .= '
</url>
';
}
}
$answer .= '
</urlset>';
return $answer;
}
function manage()
{
global $cms;
$answer = '';
if (isset($_REQUEST['type']) == 'ajax' && $_REQUEST['action'] == 'install') {
if ($_REQUEST['action'] == 'install') {
$installation = new \Modules\developer\modules\ModulesInstallation();
$errors = $installation->getErrors($_REQUEST['module_group'], $_REQUEST['module']);
if ($errors) {
$tmp_answer = '';
foreach ($errors as $key => $error) {
if ($tmp_answer != '') {
$tmp_answer .= "\\n\\n";
}
$tmp_answer .= addslashes(str_replace("\n", "", str_replace("\r", "", $error)));
}
$answer .= 'alert(\'' . $tmp_answer . '\')';
} else {
$installation->recursiveInstall($_REQUEST['module_group'], $_REQUEST['module']);
$answer .= '
window.location = \'' . $cms->generateUrl() . '\';
';
}
}
echo $answer;
\Db::disconnect();
exit;
} else {
$installation = new \Modules\developer\modules\ModulesInstallation();
$this->standardModule->before_content = $installation->findNewModules();
return $this->standardModule->manage();
}
}
function makeActions()
{
global $site;
global $parametersMod;
if (!isset($_REQUEST['action'])) {
return;
}
switch ($_REQUEST['action']) {
case 'getLanguages':
if (!$this->_adminAccess()) {
return;
}
$answer = array('response' => ModelTree::getLanguages(), 'status' => 'success');
$this->_printJson($answer);
break;
case 'getZones':
if (!$this->_adminAccess()) {
return;
}
if (!isset($_REQUEST['includeNonManagedZones'])) {
trigger_error('Required parameters is not set');
return;
}
$answer = array('response' => ModelTree::getZones($_REQUEST['includeNonManagedZones']), 'status' => 'success');
$this->_printJson($answer);
break;
case 'getZonePages':
if (!$this->_adminAccess()) {
return;
}
if (!isset($_REQUEST['languageId'])) {
trigger_error('Language id is not set');
return;
}
if (!isset($_REQUEST['zoneName'])) {
trigger_error('Zone name is not set');
return;
}
$answer = array('response' => ModelTree::getZonePages($_REQUEST['languageId'], $_REQUEST['zoneName']), 'status' => 'success');
$this->_printJson($answer);
break;
case 'getPages':
if (!$this->_adminAccess()) {
return;
}
if (!isset($_REQUEST['parentId'])) {
trigger_error('Parent ID is not set');
return;
}
$answer = array('response' => ModelTree::getPages($_REQUEST['parentId']), 'status' => 'success');
$this->_printJson($answer);
break;
case 'getData':
if (!$this->_adminAccess()) {
return;
}
if (!isset($_REQUEST['pageId'])) {
trigger_error('Page ID is not set');
return;
}
$pageId = $_REQUEST['pageId'];
$pages = array($this->_getPageDataRecursion($pageId));
$data = array('status' => 'success', 'response' => $pages);
$this->_printJson($data);
break;
}
\Db::disconnect();
exit;
}
$site = new \Frontend\Site();
/*to generate links to site and get other data about frontend*/
$site->init();
$cms = new Cms();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>ImpressPages CMS</title>
<link rel="SHORTCUT ICON" href="favicon.ico" />
</head>
<frameset rows="64px,*" framespacing="0" border="0">
<frame name="header" noresize="noresize" frameborder=0 scrolling="no" src="<?php
echo $cms->generateActionurl('tep_modules');
?>
">
<frame id="frameContent" name="content" frameborder=0 src="<?php
echo $cms->generateActionurl('first_module');
?>
">
<noframes>
<body>Your browser don't support frames!</body>
</noframes>
</frameset>
</html>
<?php
\Db::disconnect();
} else {
trigger_error('Database access');
}
function ajaxAction()
{
global $parametersMod;
global $cms;
if (isset($_POST['action'])) {
switch ($_POST['action']) {
case 'new_row_number':
if (method_exists($this->currentArea, 'beforeSort')) {
$this->currentArea->beforeSort();
}
$sql = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = '" . mysql_real_escape_string($_POST['new_row_number']) . "'\n\t\t\t\twhere `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($_POST['key_id']) . "'";
$rs = mysql_query($sql);
if (!$rs) {
trigger_error($sql . " " . mysql_error());
}
if (method_exists($this->currentArea, 'afterSort')) {
$this->currentArea->afterSort();
}
\Db::disconnect();
exit;
break;
case 'row_number_increase':
if (method_exists($this->currentArea, 'beforeSort')) {
$this->currentArea->beforeSort();
}
$sql_current = "select `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "`, `" . mysql_real_escape_string($this->currentArea->sortField) . "` from `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($_POST['key_id']) . "'";
$rs_current = mysql_query($sql_current);
if ($rs_current) {
if ($lock_current = mysql_fetch_assoc($rs_current)) {
//current record (need to be moved up)
/*searching upper record*/
if ($this->level > 0) {
$sql_add = " and `" . mysql_real_escape_string($this->currentArea->dbReference) . "` = '" . mysql_real_escape_string($this->upArea->parentId) . "' ";
} else {
$sql_add = '';
}
$sql_upper = "select `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "`, `" . mysql_real_escape_string($this->currentArea->sortField) . "`\n from `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n where `" . mysql_real_escape_string($this->currentArea->sortField) . "` >= '" . mysql_real_escape_string($lock_current[$this->currentArea->sortField]) . "'\n and `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` <> '" . mysql_real_escape_string($lock_current[$this->currentArea->dbPrimaryKey]) . "' " . $sql_add . "\n order by `" . $this->currentArea->sortField . "` asc limit 1";
$rs_upper = mysql_query($sql_upper);
if ($rs_upper) {
if ($lock_upper = mysql_fetch_assoc($rs_upper)) {
//upper record (need to be moved down)
if ($lock_upper[$this->currentArea->sortField] == $lock_current[$this->currentArea->sortField]) {
$sql_update = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = `" . mysql_real_escape_string($this->currentArea->sortField) . "` - 1\n where `" . mysql_real_escape_string($this->currentArea->sortField) . "` <= " . mysql_real_escape_string($lock_upper[$this->currentArea->sortField]) . " and `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` <> '" . mysql_real_escape_string($lock_current[$this->currentArea->dbPrimaryKey]) . "' " . $sql_add . " ";
$rs_update = mysql_query($sql_update);
if (!$rs_update) {
trigger_error($sql . " " . mysql_error());
}
} else {
$sql_update = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = " . (int) $lock_current[$this->currentArea->sortField] . "\n where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($lock_upper[$this->currentArea->dbPrimaryKey]) . "' " . $sql_add . " limit 1";
$rs_update = mysql_query($sql_update);
if (!$rs_update) {
trigger_error($sql_update . " " . mysql_error());
}
$sql_update = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n\t\t\t\t\t\t\t\t\tset `" . mysql_real_escape_string($this->currentArea->sortField) . "` = " . (int) $lock_upper[$this->currentArea->sortField] . "\n\t\t\t\t\t\t\t\t\twhere `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($lock_current[$this->currentArea->dbPrimaryKey]) . "' " . $sql_add . " limit 1";
$rs_update = mysql_query($sql_update);
if (!$rs_update) {
trigger_error($sql . " " . mysql_error());
}
}
}
}
} else {
trigger_error($sql . " Element does not exist");
}
}
echo "\n window.location = window.location;\t\t\t\t\t \n ";
if (method_exists($this->currentArea, 'afterSort')) {
$this->currentArea->afterSort();
}
\Db::disconnect();
exit;
break;
case 'row_number_decrease':
if (method_exists($this->currentArea, 'beforeSort')) {
$this->currentArea->beforeSort();
}
$sql_current = "select `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "`, `" . mysql_real_escape_string($this->currentArea->sortField) . "`\n from `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($_POST['key_id']) . "'";
$rs_current = mysql_query($sql_current);
if ($rs_current) {
if ($lock_current = mysql_fetch_assoc($rs_current)) {
//current record (need to be moved down)
/*searching under record*/
if ($this->level > 0) {
$sql_add = " and `" . mysql_real_escape_string($this->currentArea->dbReference) . "` = '" . mysql_real_escape_string($this->upArea->parentId) . "' ";
} else {
$sql_add = '';
}
$sql_under = "select `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "`, `" . mysql_real_escape_string($this->currentArea->sortField) . "`\n from `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n where `" . mysql_real_escape_string($this->currentArea->sortField) . "` <= '" . mysql_real_escape_string($lock_current[$this->currentArea->sortField]) . "' " . $sql_add . "\n and `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` <> '" . mysql_real_escape_string($lock_current[$this->currentArea->dbPrimaryKey]) . "'\n order by `" . mysql_real_escape_string($this->currentArea->sortField) . "` desc limit 1";
$rs_under = mysql_query($sql_under);
if ($rs_under) {
if ($lock_under = mysql_fetch_assoc($rs_under)) {
//under record (need to be moved up)
if ($lock_under[$this->currentArea->sortField] == $lock_current[$this->currentArea->sortField]) {
$sql_update = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = `" . mysql_real_escape_string($this->currentArea->sortField) . "` + 1\n where `" . mysql_real_escape_string($this->currentArea->sortField) . "` >= " . mysql_real_escape_string($lock_under[$this->currentArea->sortField]) . "\n and `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` <> '" . mysql_real_escape_string($lock_current[$this->currentArea->dbPrimaryKey]) . "' " . $sql_add . "";
$rs_update = mysql_query($sql_update);
if (!$rs_update) {
trigger_error($sql_update . " " . mysql_error());
}
} else {
$sql_update = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = " . (int) $lock_current[$this->currentArea->sortField] . "\n where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($lock_under[$this->currentArea->dbPrimaryKey]) . "' " . $sql_add . " limit 1";
$rs_update = mysql_query($sql_update);
if (!$rs_update) {
trigger_error($sql_update . " " . mysql_error());
}
$sql_update = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = " . (int) $lock_under[$this->currentArea->sortField] . "\n where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($lock_current[$this->currentArea->dbPrimaryKey]) . "' " . $sql_add . " limit 1";
$rs_update = mysql_query($sql_update);
if (!$rs_update) {
trigger_error($sql_update . " " . mysql_error());
}
}
}
}
} else {
trigger_error($sql . " Element does not exist");
}
}
echo "document.location = document.location;";
if (method_exists($this->currentArea, 'afterSort')) {
$this->currentArea->afterSort();
}
\Db::disconnect();
exit;
break;
case 'delete':
if ($this->allowDelete($this->currentArea, $_REQUEST['key_id'])) {
$this->delete($this->currentArea, $_REQUEST['key_id']);
echo "delete_row(" . $_POST['key_id'] . ")";
}
\Db::disconnect();
exit;
break;
case 'insert':
$allowInsert = true;
$parameters = array();
//parameters for main sql for current area table.
foreach ($this->currentArea->elements as $key => $element) {
$new_error = $element->checkField("i_n_" . $key, "insert", $this->currentArea);
if ($new_error != null) {
$this->errors[$key] = $new_error;
}
}
if (sizeof($this->errors) == 0) {
//allow insert
if (method_exists($this->currentArea, 'allowInsert')) {
$allowInsert = $this->currentArea->allowInsert($this->currentArea->currentId);
if (!$allowInsert) {
if (method_exists($this->currentArea, 'lastError')) {
echo "\n <html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n </head>\n <body>\n <script type=\"text/javascript\"> \n alert('" . addslashes($this->currentArea->lastError('insert')) . "');\n </script>\n </body>\n </html>\n ";
} else {
echo "\n <html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n </head>\n <body>\n <script type=\"text/javascript\"> \n alert('" . addslashes($parametersMod->getValue('developer', 'std_mod', 'admin_translations', 'cant_insert')) . "');\n </script>\n </body>\n </html>\n \n ";
}
return false;
}
}
//allow insert
if (method_exists($this->currentArea, 'beforeInsert')) {
$this->currentArea->beforeInsert();
}
foreach ($this->currentArea->elements as $key => $element) {
$new_parameter = $element->getParameters("insert", "i_n_" . $key, $this->currentArea);
if ($new_parameter) {
$parameters[] = $new_parameter;
}
}
$sql = "insert into `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` set `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "`= DEFAULT ";
$need_comma = true;
if ($this->level > 0) {
$sql .= ", `" . mysql_real_escape_string($this->currentArea->dbReference) . "` = '" . mysql_real_escape_string($this->upArea->parentId) . "' ";
$need_comma = true;
}
$sortFieldDefined = false;
foreach ($parameters as $key => $parameter) {
if ($parameter['name'] == $this->currentArea->sortField) {
$sortFieldDefined = true;
}
if ($parameter['value'] === null) {
$value = " NULL ";
} else {
$value = "'" . mysql_real_escape_string($parameter['value']) . "'";
}
if ($need_comma) {
$sql .= ", `" . mysql_real_escape_string($parameter['name']) . "` = " . $value . " ";
} else {
$sql .= " `" . mysql_real_escape_string($parameter['name']) . "` = " . $value . " ";
$need_comma = true;
}
}
if (!$sortFieldDefined) {
if ($need_comma) {
$sql .= ", `" . mysql_real_escape_string($this->currentArea->sortField) . "` = 0 ";
} else {
$sql .= " `" . mysql_real_escape_string($this->currentArea->sortField) . "` = 0 ";
$need_comma = true;
}
}
$rs = mysql_query($sql);
if (!$rs) {
trigger_error("Impossible to insert new data " . $sql . " " . mysql_error());
} else {
$lastInsertId = mysql_insert_id();
/* update sort field value */
if ($this->currentArea->sortable && $this->currentArea->sortField && $this->currentArea->newRecordPosition == 'top') {
/* increase all sort field numbers */
$sql = "update `" . mysql_real_escape_string(DB_PREF . "" . $this->currentArea->dbTable) . "` set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = `" . mysql_real_escape_string($this->currentArea->sortField) . "` + 1";
$rs = mysql_query($sql);
if (!$rs) {
trigger_error("Can't change sort numbers " . $sql . " " . mysql_error());
}
/* find lowest walue */
if ($this->level > 0) {
$sql = "select min(`" . mysql_real_escape_string($this->currentArea->sortField) . "`) as 'min_value' from `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` where `" . mysql_real_escape_string($this->currentArea->dbReference) . "` = '" . mysql_real_escape_string($this->upArea->parentId) . "' and `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` <> " . (int) $lastInsertId . " ";
} else {
$sql = "select min(`" . mysql_real_escape_string($this->currentArea->sortField) . "`) as 'min_value' from `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` <> " . (int) $lastInsertId . " ";
}
$rs = mysql_query($sql);
if ($rs) {
if ($lock = mysql_fetch_assoc($rs)) {
/* update inserted record to have the smallest sort field number*/
$sql2 = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = (" . (int) $lock['min_value'] . " - 1) where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($lastInsertId) . "' ";
$rs = mysql_query($sql2);
if (!$rs) {
trigger_error($sql . " " . mysql_error());
}
}
} else {
trigger_error("Can't find lowest value " . $sql . " " . mysql_error());
}
}
if ($this->currentArea->sortable && $this->currentArea->sortField && $this->currentArea->newRecordPosition == 'bottom') {
/* find biggest walue */
if ($this->level > 0) {
$sql = "select max(`" . mysql_real_escape_string($this->currentArea->sortField) . "`) as 'max_value' from `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` where `" . mysql_real_escape_string($this->currentArea->dbReference) . "` = '" . mysql_real_escape_string($this->upArea->parentId) . "' and `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` <> " . (int) $lastInsertId . "";
} else {
$sql = "select max(`" . mysql_real_escape_string($this->currentArea->sortField) . "`) as 'max_value' from `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` <> " . (int) $lastInsertId . "";
}
$rs = mysql_query($sql);
if ($rs) {
if ($lock = mysql_fetch_assoc($rs)) {
/* update inserted record to have the smallest sort field number*/
$sql2 = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = (" . (int) $lock['max_value'] . " + 1) where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($lastInsertId) . "' ";
$rs = mysql_query($sql2);
if (!$rs) {
trigger_error($sql . " " . mysql_error());
}
}
} else {
trigger_error("Can't find lowest value " . $sql . " " . mysql_error());
}
}
foreach ($this->currentArea->elements as $key => $element) {
$new_parameter = $element->processInsert("i_n_" . $key, $lastInsertId, $this->currentArea);
}
if (method_exists($this->currentArea, 'afterInsert')) {
$this->currentArea->afterInsert($lastInsertId);
//$this->upArea->afterInsert($lastInsertId);
}
}
$answer = "\n <html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n </head>\n <body>\n <script type=\"text/javascript\">\n //parent.window.location.reload(true); throws browser alert to post data again if there was a search before insert.\n \n //parent.window.location.href = parent.window.location.href; don't work with #xxx\n \n var ipUrl = parent.window.location.href.split('#');\n \n parent.window.location = ipUrl[0] + '&anticache=' + Math.floor(Math.random()*1000); //Firefox5 don't reload if the same url.\n </script>\n </body></html>\n ";
echo $answer;
\Db::disconnect();
exit;
} else {
$answer = "\n <html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n </head>\n <body>\n <script type=\"text/javascript\">\n var errors = new Array();\n var new_fields = new Array();\n ";
foreach ($this->errors as $key => $error) {
$answer .= "\n var error = ['i_n_" . addslashes($key) . "', '" . addslashes($error) . "'];\n errors.push(error);\n ";
}
$answer .= "\n </script>\n </body></html>\n ";
echo $answer;
\Db::disconnect();
exit;
}
break;
case 'update':
$parameters = array();
//parameters for main sql for current area table.
foreach ($this->currentArea->elements as $key => $element) {
$new_error = $element->checkField("i_n_" . $key, "update", $this->currentArea);
if ($new_error != null) {
$this->errors[$key] = $new_error;
}
}
if (sizeof($this->errors) == 0) {
if (method_exists($this->currentArea, 'allowUpdate')) {
$allowUpdate = $this->currentArea->allowUpdate($this->currentArea->currentId);
if (!$allowUpdate) {
if (method_exists($this->currentArea, 'lastError')) {
echo "\n <html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n </head>\n <body>\n <script type=\"text/javascript\"> \n alert('" . addslashes($this->currentArea->lastError('update')) . "');\n </script>\n </body>\n </html>\n ";
} else {
echo "\n <html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n </head>\n <body>\n <script type=\"text/javascript\"> \n alert('" . addslashes($parametersMod->getValue('developer', 'std_mod', 'admin_translations', 'cant_update')) . "');\n </script>\n </body>\n </html>\n \n ";
}
return false;
}
}
if (method_exists($this->currentArea, 'beforeUpdate')) {
$this->currentArea->beforeUpdate($this->currentArea->currentId);
}
foreach ($this->currentArea->elements as $key => $element) {
$new_parameter = $element->getParameters("update", "i_n_" . $key, $this->currentArea);
if ($new_parameter) {
$parameters[] = $new_parameter;
}
}
$main_update = false;
if (sizeof($parameters) > 0) {
$sql = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` set ";
$need_comma = false;
foreach ($parameters as $key => $parameter) {
if ($parameter['value'] === null) {
$value = " NULL ";
} else {
$value = "'" . mysql_real_escape_string($parameter['value']) . "'";
}
if ($need_comma) {
$sql .= ", `" . mysql_real_escape_string($parameter['name']) . "` = " . $value . " ";
} else {
$sql .= " `" . mysql_real_escape_string($parameter['name']) . "` = " . $value . " ";
$need_comma = true;
}
}
$sql .= " where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($this->currentArea->currentId) . "' ";
$rs = mysql_query($sql);
if (!$rs) {
trigger_error("Impossible to update " . $sql);
} else {
$main_update = true;
}
} else {
$main_update = true;
}
if ($main_update) {
foreach ($this->currentArea->elements as $key => $element) {
$new_parameter = $element->processUpdate("i_n_" . $key, $this->currentArea->currentId, $this->currentArea);
}
}
if (method_exists($this->currentArea, 'afterUpdate')) {
$this->currentArea->afterUpdate($this->currentArea->currentId);
}
$answer = "\n <html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n </head>\n <body>\n <script type=\"text/javascript\">\n //parent.window.location.reload(true);\n //parent.window.location.href = parent.window.location.href;\n //parent.window.location.href = '" . str_replace('&', '&', $this->generateUrlBack()) . "';\n parent.window.location.href = '" . str_replace('&', '&', $_POST['back_url']) . "';\n </script>\n </body></html>\n ";
echo $answer;
\Db::disconnect();
exit;
} else {
$answer = "\n <html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n </head>\n <body>\n <script type=\"text/javascript\">\n var errors = new Array();\n var new_fields = new Array();\n ";
foreach ($this->errors as $key => $error) {
$answer .= "\n var error = ['i_n_" . addslashes($key) . "', '" . addslashes($error) . "'];\n errors.push(error);\n ";
}
$answer .= "\n </script>\n </body></html>\n ";
echo $answer;
\Db::disconnect();
exit;
}
break;
}
}
}
