/** * Logic to save an item * * @access public * @return void * @since 1.0 */ function save() { // Check for request forgeries JRequest::checkToken() or jexit('Invalid Token'); //echo '<html> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <body>'; // Initialize variables $app = JFactory::getApplication(); $db = JFactory::getDBO(); $user = JFactory::getUser(); $config = JFactory::getConfig(); $session = JFactory::getSession(); $task = JRequest::getVar('task'); $ctrl_task = 'task=items.'; // ********************* // Get data from request // ********************* // Retrieve form data these are subject to basic filtering $data = JRequest::getVar('jform', array(), 'post', 'array'); // Core Fields and and item Parameters $custom = JRequest::getVar('custom', array(), 'post', 'array'); // Custom Fields $jfdata = JRequest::getVar('jfdata', array(), 'post', 'array'); // Joomfish Data // Set into model: id (needed for loading correct item), and type id (e.g. needed for getting correct type parameters for new items) $data_id = (int) $data['id']; $isnew = $data_id == 0; // If new make sure that type id is set too, before creating the model if ($isnew) { $typeid = JRequest::setvar('typeid', (int) @$data['type_id']); } // Get the model $model = $this->getModel('item'); $model->setId($data_id); // Make sure id is correct // Get some flags this will also trigger item loading if not already loaded $isOwner = $model->get('created_by') == $user->get('id'); // Get merged parameters: component, type, menu (FE) $params = new JRegistry(); $model_params = $model->getComponentTypeParams(); $params->merge($model_params); // Unique id for new items, needed by some fields for temporary data $unique_tmp_itemid = JRequest::getVar('unique_tmp_itemid'); // Auto title for some content types if ($params->get('auto_title', 0)) { $data['title'] = (int) $data['id']; } // item id or ZERO for new items // ************************************* // ENFORCE can change category ACL perms // ************************************* $perms = FlexicontentHelperPerm::getPerm(); // Per content type change category permissions $current_type_id = $isnew || !$model->get('type_id') ? (int) @$data['type_id'] : $model->get('type_id'); // GET current (existing/old) item TYPE ID $CanChangeFeatCat = $user->authorise('flexicontent.change.cat.feat', 'com_flexicontent.type.' . $current_type_id); $CanChangeSecCat = $user->authorise('flexicontent.change.cat.sec', 'com_flexicontent.type.' . $current_type_id); $CanChangeCat = $user->authorise('flexicontent.change.cat', 'com_flexicontent.type.' . $current_type_id); $AutoApproveChanges = $perms->AutoApproveChanges; $enable_featured_cid_selector = $perms->MultiCat && $CanChangeFeatCat; $enable_cid_selector = $perms->MultiCat && $CanChangeSecCat; $enable_catid_selector = $isnew && !$params->get('catid_default') || !$isnew && !$model->get('catid') || $CanChangeCat; // Enforce maintaining featured categories $featured_cats_parent = $params->get('featured_cats_parent', 0); $featured_cats = array(); if ($featured_cats_parent && !$enable_featured_cid_selector) { $featured_tree = flexicontent_cats::getCategoriesTree($published_only = 1, $parent_id = $featured_cats_parent, $depth_limit = 0); $disabled_cats = $params->get('featured_cats_parent_disable', 1) ? array($featured_cats_parent) : array(); $featured_cid = array(); if (!$isnew) { foreach ($model->get('categories') as $item_cat) { if (isset($featured_tree[$item_cat]) && !isset($disabled_cats[$item_cat])) { $featured_cid[] = $item_cat; } } } $data['featured_cid'] = $featured_cid; } // Enforce maintaining secondary categories if (!$enable_cid_selector) { if ($isnew) { $data['cid'] = $params->get('cid_default'); } else { if (isset($featured_cid)) { $featured_cid_arr = array_flip($featured_cid); $sec_cid = array(); foreach ($model->get('cats') as $item_cat) { if (!isset($featured_cid_arr[$item_cat])) { $sec_cid[] = $item_cat; } } $data['cid'] = $sec_cid; } else { $data['cid'] = $model->get('cats'); } } } if (!$enable_catid_selector) { if ($isnew && $params->get('catid_default')) { $data['catid'] = $params->get('catid_default'); } else { if ($model->get('catid')) { $data['catid'] = $model->get('catid'); } } } // ************************** // Basic Form data validation // ************************** // Get the JForm object, but do not pass any data we only want the form object, // in order to validate the data and not create a filled-in form $form = $model->getForm(); // Validate Form data for core fields and for parameters $post = $model->validate($form, $data); // Check for validation error if (!$post) { // Get the validation messages and push up to three validation messages out to the user $errors = $form->getErrors(); for ($i = 0, $n = count($errors); $i < $n && $i < 3; $i++) { $app->enqueueMessage($errors[$i] instanceof Exception ? $errors[$i]->getMessage() : $errors[$i], 'error'); } // Set POST form date into the session, so that they get reloaded $app->setUserState($form->option . '.edit.' . $form->context . '.data', $data); // Save the jform data in the session $app->setUserState($form->option . '.edit.' . $form->context . '.custom', $custom); // Save the custom fields data in the session $app->setUserState($form->option . '.edit.' . $form->context . '.jfdata', $jfdata); // Save the falang translations into the session $app->setUserState($form->option . '.edit.' . $form->context . '.unique_tmp_itemid', $unique_tmp_itemid); // Save temporary unique item id into the session // Redirect back to the item form $this->setRedirect($_SERVER['HTTP_REFERER']); if (JRequest::getVar('fc_doajax_submit')) { echo flexicontent_html::get_system_messages_html(); exit; // Ajax submit, do not rerender the view } return false; //die('error'); } // Some values need to be assigned after validation $post['attribs'] = @$data['attribs']; // Workaround for item's template parameters being clear by validation since they are not present in item.xml $post['custom'] =& $custom; // Assign array of custom field values, they are in the 'custom' form array instead of jform $post['jfdata'] =& $jfdata; // Assign array of Joomfish field values, they are in the 'jfdata' form array instead of jform // Assign template parameters of the select ilayout as an sub-array (the DB model will handle the merging of parameters) $ilayout = $data['attribs']['ilayout']; if (!empty($data['layouts'][$ilayout])) { //echo "<pre>"; print_r($post['attribs']); //$post['attribs'] = array_merge($post['attribs'], $data['layouts'][$ilayout]); $post['attribs']['layouts'] = $data['layouts']; //echo "<pre>"; print_r($post['attribs']); exit; } // USEFULL FOR DEBUGING for J2.5 (do not remove commented code) //$diff_arr = array_diff_assoc ( $data, $post); //echo "<pre>"; print_r($diff_arr); jexit(); // Make sure Content ID in the REQUEST is set, this is needed in BACKEND, needed in some cases // NOTE this is not the same as jform['cid'] which is the category IDs of the Content Item JRequest::setVar('cid', array($model->getId()), 'post', 'array'); // ******************************************************************************** // PERFORM ACCESS CHECKS, NOTE: we need to check access again, despite having // checked them on edit form load, because user may have tampered with the form ... // ******************************************************************************** $itemAccess = $model->getItemAccess(); $canAdd = $itemAccess->get('access-create'); // includes check of creating in at least one category $canEdit = $itemAccess->get('access-edit'); // includes privileges edit and edit-own $type_id = (int) @$post['type_id']; // Typecast to int, (already done for J2.5 via validating) if (!$isnew && $model->get('type_id') == $type_id) { // Existing item with Type not being ALTERED, content type can be maintained regardless of privilege $canCreateType = true; } else { // New item or existing item with Type is being ALTERED, check privilege to create items of this type $canCreateType = $model->canCreateType(array($type_id), true, $types); } // ***************************************************************** // Calculate user's CREATE / EDIT privileges on current content item // ***************************************************************** $hasCoupon = false; // Normally used in frontend only if (!$isnew) { // If no edit privilege, check if item is editable till logoff if (!$canEdit) { if ($session->has('rendered_uneditable', 'flexicontent')) { $rendered_uneditable = $session->get('rendered_uneditable', array(), 'flexicontent'); $canEdit = isset($rendered_uneditable[$model->get('id')]) && $rendered_uneditable[$model->get('id')]; $hasCoupon = isset($rendered_uneditable[$model->get('id')]) && $rendered_uneditable[$model->get('id')] == 2; // editable via coupon } } } else { // No special CREATE allowing case for backend } // New item: check if user can create in at least one category if ($isnew && !$canAdd) { JError::raiseWarning(403, JText::_('FLEXI_NO_ACCESS_CREATE')); $this->setRedirect($_SERVER['HTTP_REFERER']); if (JRequest::getVar('fc_doajax_submit')) { echo flexicontent_html::get_system_messages_html(); exit; // Ajax submit, do not rerender the view } return; } // Existing item: Check if user can edit current item if (!$isnew && !$canEdit) { JError::raiseWarning(403, JText::_('FLEXI_NO_ACCESS_EDIT')); $this->setRedirect($_SERVER['HTTP_REFERER']); if (JRequest::getVar('fc_doajax_submit')) { echo flexicontent_html::get_system_messages_html(); exit; // Ajax submit, do not rerender the view } return; } if (!$canCreateType) { $msg = isset($types[$type_id]) ? JText::sprintf('FLEXI_NO_ACCESS_CREATE_CONTENT_OF_TYPE', JText::_($types[$type_id]->name)) : ' Content Type ' . $type_id . ' was not found OR is not published'; JError::raiseWarning(403, $msg); $this->setRedirect($_SERVER['HTTP_REFERER']); if (JRequest::getVar('fc_doajax_submit')) { echo flexicontent_html::get_system_messages_html(); exit; // Ajax submit, do not rerender the view } return; } // Get "BEFORE SAVE" categories for information mail $before_cats = array(); if (!$isnew) { $query = 'SELECT DISTINCT c.id, c.title FROM #__categories AS c' . ' JOIN #__flexicontent_cats_item_relations AS rel ON rel.catid = c.id' . ' WHERE rel.itemid = ' . (int) $model->get('id'); $db->setQuery($query); $before_cats = $db->loadObjectList('id'); $before_maincat = $model->get('catid'); $original_item = $model->getItem($post['id'], $check_view_access = false, $no_cache = true, $force_version = 0); } // **************************************** // Try to store the form data into the item // **************************************** if (!$model->store($post)) { // Set error message about saving failed, and also the reason (=model's error message) $msg = JText::_('FLEXI_ERROR_STORING_ITEM'); JError::raiseWarning(500, $msg . ": " . $model->getError()); // Set POST form date into the session, so that they get reloaded $app->setUserState($form->option . '.edit.' . $form->context . '.data', $data); // Save the jform data in the session $app->setUserState($form->option . '.edit.' . $form->context . '.custom', $custom); // Save the custom fields data in the session $app->setUserState($form->option . '.edit.' . $form->context . '.jfdata', $jfdata); // Save the falang translations into the session $app->setUserState($form->option . '.edit.' . $form->context . '.unique_tmp_itemid', $unique_tmp_itemid); // Save temporary unique item id into the session // Saving has failed check-in and redirect back to the item form, // redirect back to the item form reloading the posted data $model->checkin(); $this->setRedirect($_SERVER['HTTP_REFERER']); if (JRequest::getVar('fc_doajax_submit')) { echo flexicontent_html::get_system_messages_html(); exit; // Ajax submit, do not rerender the view } return; //die('save error'); } // ************************************************** // Check in model and get item id in case of new item // ************************************************** $model->checkin(); $post['id'] = $isnew ? (int) $model->get('id') : $post['id']; // Get items marked as newly submitted $newly_submitted = $session->get('newly_submitted', array(), 'flexicontent'); if ($isnew) { // Mark item as newly submitted, to allow to a proper "THANKS" message after final save & close operation (since user may have clicked add instead of add & close) $newly_submitted[$model->get('id')] = 1; $session->set('newly_submitted', $newly_submitted, 'flexicontent'); } $newly_submitted_item = @$newly_submitted[$model->get('id')]; // *********************************************************************************************************** // Get newly saved -latest- version (store task gets latest) of the item, and also calculate publish privelege // *********************************************************************************************************** $item = $model->getItem($post['id'], $check_view_access = false, $no_cache = true, $force_version = -1); $canPublish = $model->canEditState($item, $check_cat_perm = true) || $hasCoupon; // ******************************************************************************************** // Use session to detect multiple item saves to avoid sending notification EMAIL multiple times // ******************************************************************************************** $is_first_save = true; if ($session->has('saved_fcitems', 'flexicontent')) { $saved_fcitems = $session->get('saved_fcitems', array(), 'flexicontent'); $is_first_save = $isnew ? true : !isset($saved_fcitems[$model->get('id')]); } // Add item to saved items of the corresponding session array $saved_fcitems[$model->get('id')] = $timestamp = time(); // Current time as seconds since Unix epoc; $session->set('saved_fcitems', $saved_fcitems, 'flexicontent'); // ******************************************** // Get categories added / removed from the item // ******************************************** $query = 'SELECT DISTINCT c.id, c.title FROM #__categories AS c' . ' JOIN #__flexicontent_cats_item_relations AS rel ON rel.catid = c.id' . ' WHERE rel.itemid = ' . (int) $model->get('id'); $db->setQuery($query); $after_cats = $db->loadObjectList('id'); if (!$isnew) { $cats_added_ids = array_diff(array_keys($after_cats), array_keys($before_cats)); foreach ($cats_added_ids as $cats_added_id) { $cats_added_titles[] = $after_cats[$cats_added_id]->title; } $cats_removed_ids = array_diff(array_keys($before_cats), array_keys($after_cats)); foreach ($cats_removed_ids as $cats_removed_id) { $cats_removed_titles[] = $before_cats[$cats_removed_id]->title; } $cats_altered = count($cats_added_ids) + count($cats_removed_ids); $after_maincat = $model->get('catid'); } // ******************************************************************************************************************* // We need to get emails to notify, from Global/item's Content Type parameters -AND- from item's categories parameters // ******************************************************************************************************************* $notify_emails = array(); if ($is_first_save || $cats_altered || $params->get('nf_enable_debug', 0)) { // Get needed flags regarding the saved items $approve_version = 2; $pending_approval_state = -3; $draft_state = -4; $current_version = FLEXIUtilities::getCurrentVersions($item->id, true); // Get current item version $last_version = FLEXIUtilities::getLastVersions($item->id, true); // Get last version (=latest one saved, highest version id), // $post variables vstate & state may have been (a) tampered in the form, and/or (b) altered by save procedure so better not use them $needs_version_reviewal = !$isnew && $last_version > $current_version && !$canPublish && !$AutoApproveChanges; $needs_publication_approval = $isnew && $item->state == $pending_approval_state && !$canPublish; $draft_from_non_publisher = $item->state == $draft_state && !$canPublish; if ($draft_from_non_publisher) { // Suppress notifications for draft-state items (new or existing ones), for these each author will publication approval manually via a button $nConf = false; } else { // Get notifications configuration and select appropriate emails for current saving case $nConf = $model->getNotificationsConf($params); //echo "<pre>"; print_r($nConf); "</pre>"; } if ($nConf) { $states_notify_new = $params->get('states_notify_new', array(1, 0, FLEXI_J16GE ? 2 : -1, -3, -4, -5)); if (empty($states_notify_new)) { $states_notify_new = array(); } else { if (!is_array($states_notify_new)) { $states_notify_new = !FLEXI_J16GE ? array($states_notify_new) : explode("|", $states_notify_new); } } $states_notify_existing = $params->get('states_notify_existing', array(1, 0, FLEXI_J16GE ? 2 : -1, -3, -4, -5)); if (empty($states_notify_existing)) { $states_notify_existing = array(); } else { if (!is_array($states_notify_existing)) { $states_notify_existing = !FLEXI_J16GE ? array($states_notify_existing) : explode("|", $states_notify_existing); } } $n_state_ok = in_array($item->state, $states_notify_new); $e_state_ok = in_array($item->state, $states_notify_existing); if ($needs_publication_approval) { $notify_emails = $nConf->emails->notify_new_pending; } else { if ($isnew && $n_state_ok) { $notify_emails = $nConf->emails->notify_new; } else { if ($isnew) { $notify_emails = array(); } else { if ($needs_version_reviewal) { $notify_emails = $nConf->emails->notify_existing_reviewal; } else { if (!$isnew && $e_state_ok) { $notify_emails = $nConf->emails->notify_existing; } else { if (!$isnew) { $notify_emails = array(); } } } } } } if ($needs_publication_approval) { $notify_text = $params->get('text_notify_new_pending'); } else { if ($isnew) { $notify_text = $params->get('text_notify_new'); } else { if ($needs_version_reviewal) { $notify_text = $params->get('text_notify_existing_reviewal'); } else { if (!$isnew) { $notify_text = $params->get('text_notify_existing'); } } } } //print_r($notify_emails); jexit(); } } // ********************************************************************************************************************* // If there are emails to notify for current saving case, then send the notifications emails, but // ********************************************************************************************************************* if (!empty($notify_emails) && count($notify_emails)) { $notify_vars = new stdClass(); $notify_vars->needs_version_reviewal = $needs_version_reviewal; $notify_vars->needs_publication_approval = $needs_publication_approval; $notify_vars->isnew = $isnew; $notify_vars->notify_emails = $notify_emails; $notify_vars->notify_text = $notify_text; $notify_vars->before_cats = $before_cats; $notify_vars->after_cats = $after_cats; $notify_vars->original_item = @$original_item; $model->sendNotificationEmails($notify_vars, $params, $manual_approval_request = 0); } // *************************************************** // CLEAN THE CACHE so that our changes appear realtime // *************************************************** $cache = FLEXIUtilities::getCache($group = '', 0); $cache->clean('com_flexicontent_items'); $cache->clean('com_flexicontent_filters'); $cache = FLEXIUtilities::getCache($group = '', 1); $cache->clean('com_flexicontent_items'); $cache->clean('com_flexicontent_filters'); // **************************************************************************************************************************** // Recalculate EDIT PRIVILEGE of new item. Reason for needing to do this is because we can have create permission in a category // and thus being able to set this category as item's main category, but then have no edit/editown permission for this category // **************************************************************************************************************************** $asset = 'com_content.article.' . $model->get('id'); $canEdit = $user->authorise('core.edit', $asset) || $user->authorise('core.edit.own', $asset) && $isOwner; // ALTERNATIVE 1 //$canEdit = $model->getItemAccess()->get('access-edit'); // includes privileges edit and edit-own // ALTERNATIVE 2 //$rights = FlexicontentHelperPerm::checkAllItemAccess($user->get('id'), 'item', $model->get('id')); //$canEdit = in_array('edit', $rights) || (in_array('edit.own', $rights) && $isOwner) ; // ******************************************************************************************************* // Check if user can not edit item further (due to changed main category, without edit/editown permission) // ******************************************************************************************************* if (!$canEdit) { if ($task == 'apply' || $task == 'apply_type') { // APPLY TASK: Temporarily set item to be editable till closing it and not through all session // (we will/should clear this flag when item is closed, since we have another flag to indicate new items $rendered_uneditable = $session->get('rendered_uneditable', array(), 'flexicontent'); $rendered_uneditable[$model->get('id')] = -1; $session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent'); $canEdit = 1; } else { if ($newly_submitted_item) { // NEW ITEM: Do not use editable till logoff behaviour // ALSO: Clear editable FLAG set in the case that 'apply' button was used during new item creation if (!$params->get('items_session_editable', 0)) { $rendered_uneditable = $session->get('rendered_uneditable', array(), 'flexicontent'); if (isset($rendered_uneditable[$model->get('id')])) { unset($rendered_uneditable[$model->get('id')]); $session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent'); } } } else { // EXISTING ITEM: (if enabled) Use the editable till logoff behaviour if ($params->get('items_session_editable', 0)) { // Set notice for existing item being editable till logoff JError::raiseNotice(403, JText::_('FLEXI_CANNOT_EDIT_AFTER_LOGOFF')); // Allow item to be editable till logoff $rendered_uneditable = $session->get('rendered_uneditable', array(), 'flexicontent'); $rendered_uneditable[$model->get('id')] = 1; $session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent'); $canEdit = 1; } } } // Set notice about saving an item that cannot be changed further if (!$canEdit) { $app->enqueueMessage(JText::_('FLEXI_CANNOT_MAKE_FURTHER_CHANGES_TO_CONTENT'), 'message'); } } // **************************************************************** // Check for new Content Item is being closed, and clear some flags // **************************************************************** if ($task != 'apply' && $task != 'apply_type' && $newly_submitted_item) { // Clear item from being marked as newly submitted unset($newly_submitted[$model->get('id')]); $session->set('newly_submitted', $newly_submitted, 'flexicontent'); // The 'apply' task may set 'editable till logoff' FLAG ... // CLEAR IT, since NEW content this is meant to be used temporarily if (!$params->get('items_session_editable', 0)) { $rendered_uneditable = $session->get('rendered_uneditable', array(), 'flexicontent'); if (isset($rendered_uneditable[$model->get('id')])) { unset($rendered_uneditable[$model->get('id')]); $session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent'); } } } // **************************************** // Saving is done, decide where to redirect // **************************************** switch ($task) { case 'apply': case 'apply_type': $link = 'index.php?option=com_flexicontent&' . $ctrl_task . 'edit&cid=' . (int) $model->get('id'); break; case 'saveandnew': $link = $type_id ? 'index.php?option=com_flexicontent&view=item&typeid=' . $type_id : 'index.php?option=com_flexicontent&view=item'; break; default: $link = 'index.php?option=com_flexicontent&view=items'; break; } $msg = JText::_('FLEXI_ITEM_SAVED'); $this->setRedirect($link, $msg); if (JRequest::getVar('fc_doajax_submit')) { JFactory::getApplication()->enqueueMessage($msg, 'message'); echo flexicontent_html::get_system_messages_html(); exit; // Ajax submit, do not rerender the view } }
function addCurrentVersionData($item_id = null, $clean_database = false) { // check if the section was chosen to avoid adding data on static contents if (!FLEXI_CAT_EXTENSION) { return true; } $db =& $this->_db; $nullDate = $db->getNullDate(); // @TODO: move somewhere else $this->formatFlexiPlugins(); // Clean categories cache $catscache = JFactory::getCache('com_flexicontent_cats'); $catscache->clean(); // Get some basic info of all items, or of the given item $query = "SELECT c.id,c.catid,c.version,c.created,c.modified,c.created_by,c.introtext,c.`fulltext`" . " FROM #__content as c" . " JOIN #__categories as cat ON c.catid=cat.id " . " WHERE cat.extension='" . FLEXI_CAT_EXTENSION . "'" . ($item_id ? " AND c.id=" . $item_id : ""); $db->setQuery($query); $rows = $db->loadObjectList('id'); if (!$item_id) { // Get current version ids of ALL ITEMS not having current versions $diff_arrays = $this->getDiffVersions(); } else { // Get current version id of a SPECIFIC ITEM $diff_arrays = array(FLEXIUtilities::getCurrentVersions($item_id)); } //$jcorefields = flexicontent_html::getJCoreFields(); $add_cats = true; $add_tags = true; // For all items not having the current version, add it foreach ($diff_arrays as $item) { $item_id = @(int) $item["id"]; if (isset($rows[$item_id])) { $row =& $rows[$item_id]; // Get field values of the current item version $query = "SELECT f.id,fir.value,f.field_type,f.name,fir.valueorder,f.iscore " . " FROM #__flexicontent_fields_item_relations as fir" . " LEFT JOIN #__flexicontent_fields as f on f.id=fir.field_id " . " WHERE fir.item_id=" . $row->id . " AND f.iscore=0"; // old versions stored categories & tags into __flexicontent_fields_item_relations $db->setQuery($query); $fieldsvals = $db->loadObjectList(); // Delete existing unversioned (current version) field values ONLY if we are asked to 'clean' the database if ($clean_database && $fieldsvals) { $query = 'DELETE FROM #__flexicontent_fields_item_relations WHERE item_id = ' . $row->id; $db->setQuery($query); $db->query(); } // Delete any existing versioned field values to avoid conflicts, this maybe redudant, since they should not exist, // but we do it anyway because someone may have truncated or delete records only in table 'flexicontent_versions' ... // NOTE: we do not delete data with field_id negative as these exist only in the versioning table $query = 'DELETE FROM #__flexicontent_items_versions WHERE item_id = ' . $row->id . ' AND version= ' . $row->version . ' AND field_id > 0'; $db->setQuery($query); $db->query(); // Add the 'maintext' field to the fields array for adding to versioning table $f = new stdClass(); $f->id = 1; $f->iscore = 1; $f->valueorder = 1; $f->field_type = "maintext"; $f->name = "text"; $f->value = $row->introtext; if (JString::strlen($row->fulltext) > 1) { $f->value .= '<hr id="system-readmore" />' . $row->fulltext; } if (substr($f->value, 0, 3) != "<p>") { $f->value = "<p>" . $f->value . "</p>"; } $fieldsvals[] = $f; // Add the 'categories' field to the fields array for adding to versioning table $query = "SELECT catid FROM #__flexicontent_cats_item_relations WHERE itemid='" . $row->id . "';"; $db->setQuery($query); $categories = FLEXI_J16GE ? $db->loadColumn() : $db->loadResultArray(); if (!$categories || !count($categories)) { $categories = array($catid = $row->catid); $query = "INSERT INTO #__flexicontent_cats_item_relations VALUES('{$catid}','" . $row->id . "', '0');"; $db->setQuery($query); $db->query(); } $f = new stdClass(); $f->id = 13; $f->iscore = 1; $f->valueorder = 1; $f->version = (int) $row->version; $f->value = serialize($categories); if ($add_cats) { $fieldsvals[] = $f; } // Add the 'tags' field to the fields array for adding to versioning table $query = "SELECT tid FROM #__flexicontent_tags_item_relations WHERE itemid='" . $row->id . "';"; $db->setQuery($query); $tags = FLEXI_J16GE ? $db->loadColumn() : $db->loadResultArray(); $f = new stdClass(); $f->id = 14; $f->iscore = 1; $f->valueorder = 1; $f->version = (int) $row->version; $f->value = serialize($tags); if ($add_tags) { $fieldsvals[] = $f; } // Add field values to field value versioning table foreach ($fieldsvals as $fieldval) { // add the new values to the database $obj = new stdClass(); $obj->field_id = $fieldval->id; $obj->item_id = $row->id; $obj->valueorder = $fieldval->valueorder; $obj->version = (int) $row->version; $obj->value = $fieldval->value; //echo "version: ".$obj->version.",fieldid : ".$obj->field_id.",value : ".$obj->value.",valueorder : ".$obj->valueorder."<br />"; //echo "inserting into __flexicontent_items_versions<br />"; $db->insertObject('#__flexicontent_items_versions', $obj); if ($clean_database && !$fieldval->iscore) { // If clean_database is on we need to re-add the deleted values unset($obj->version); //echo "inserting into __flexicontent_fields_item_relations<br />"; $db->insertObject('#__flexicontent_fields_item_relations', $obj); } //$searchindex .= @$fieldval->search; } // ********************************************************************************** // Add basic METADATA of current item version (kept in table #__flexicontent_versions) // ********************************************************************************** $v = new stdClass(); $v->item_id = (int) $row->id; $v->version_id = (int) $row->version; $v->created = $row->modified && $row->modified != $nullDate ? $row->modified : $row->created; $v->created_by = $row->created_by; $v->comment = ''; //echo "inserting into __flexicontent_versions<br />"; $db->insertObject('#__flexicontent_versions', $v); } } return true; }
/** * @param int $id * @param UserTable $user */ private function deletePreparaty( $id, $user ) { global $_CB_framework; $db = JFactory::getDBO(); require_once ( $_CB_framework->getCfg( 'absolute_path' ) . '/components/com_flexicontent/classes/flexicontent.helper.php' ); //require_once (JPATH_COMPONENT_SITE.DS.'classes'.DS.'flexicontent.helper.php'); $state = -2; $app = JFactory::getApplication(); $user = JFactory::getUser(); $dispatcher = JDispatcher::getInstance(); JRequest::setVar("isflexicontent", "yes"); static $event_failed_notice_added = false; $query = 'SELECT id FROM #__content' . ' WHERE id = '.(int)$id. " AND created_by = " . (int) $user->get( 'id' ); $db->setQuery( $query ); if(!$db->loadResult()){ $profileUrl = $_CB_framework->userProfileUrl( $user->get( 'id' ) , false, '' ); cbRedirect( $profileUrl, CBTxt::T( 'You can\'t deleted this drug!' ) ); } if ( $id ) { $v = FLEXIUtilities::getCurrentVersions((int)$id); $query = 'UPDATE #__content' . ' SET state = ' . (int)$state . ' WHERE id = '.(int)$id //. ' AND ( checked_out = 0 OR ( checked_out = ' . (int) $user->get('id'). ' ) )' ; $db->setQuery( $query ); $db->query(); if ( $db->getErrorNum() ) if (FLEXI_J16GE) throw new Exception($db->getErrorMsg(), 500); else JError::raiseError(500, $db->getErrorMsg()); $query = 'UPDATE #__flexicontent_items_tmp' . ' SET state = ' . (int)$state . ' WHERE id = '.(int)$id //. ' AND ( checked_out = 0 OR ( checked_out = ' . (int) $user->get('id'). ' ) )' ; $db->setQuery( $query ); $db->query(); if ( $db->getErrorNum() ) if (FLEXI_J16GE) throw new Exception($db->getErrorMsg(), 500); else JError::raiseError(500, $db->getErrorMsg()); $query = 'UPDATE #__flexicontent_items_versions' . ' SET value = ' . (int)$state . ' WHERE item_id = '.(int)$id . ' AND valueorder = 1' . ' AND field_id = 10' . ' AND version = ' .(int)$v['version'] ; $db->setQuery( $query ); $db->query(); if ( $db->getErrorNum() ) if (FLEXI_J16GE) throw new Exception($db->getErrorMsg(), 500); else JError::raiseError(500, $db->getErrorMsg()); } // **************************************************************** // Trigger Event 'onContentChangeState' of Joomla's Content plugins // **************************************************************** if (FLEXI_J16GE) { // Make sure we import flexicontent AND content plugins since we will be triggering their events JPluginHelper::importPlugin('content'); // PREPARE FOR TRIGGERING content events // We need to fake joomla's states ... when triggering events $fc_state = $state; if ( in_array($fc_state, array(1,-5)) ) $jm_state = 1; // published states else if ( in_array($fc_state, array(0,-3,-4)) ) $jm_state = 0; // unpublished states else $jm_state = $fc_state; // trashed & archive states $fc_itemview = $app->isSite() ? FLEXI_ITEMVIEW : 'item'; $item = new stdClass(); // Compatibility steps (including Joomla compatible state), // so that 3rd party plugins using the change state event work properly JRequest::setVar('view', 'article'); JRequest::setVar('option', 'com_content'); $item->state = $jm_state; $result = $dispatcher->trigger($this->event_change_state, array('com_content.article', (array) $id, $jm_state)); // Revert compatibilty steps ... the $item->state is not used further regardless if it was changed, // besides the event_change_state using plugin should have updated DB state value anyway JRequest::setVar('view', $fc_itemview); JRequest::setVar('option', 'com_flexicontent'); if ($item->state == $jm_state) $item->state = $fc_state; // this check is redundant, item->state is not used further ... if (in_array(false, $result, true) && !$event_failed_notice_added) { JError::raiseNotice(10, JText::_('One of plugin event handler for onContentChangeState failed') ); $event_failed_notice_added = true; return false; } } $profileUrl = $_CB_framework->userProfileUrl( $user->get( 'id' ) , false, '' ); cbRedirect( $profileUrl, CBTxt::T( 'Drug deleted successfully!' ) ); }
/** * Method to CHECK item's -VIEWING- ACCESS, this could be moved to the controller, * if we do this, then we must check the view variable, because DISPLAY() CONTROLLER TASK * is shared among all views ... or create a separate FRONTEND controller for the ITEM VIEW * * @access private * @return array * @since 1.5 */ function _check_viewing_access($version = false) { global $globalcats; $app = JFactory::getApplication(); $user = JFactory::getUser(); $session = JFactory::getSession(); $aid = (int) $user->get('aid'); $gid = (int) $user->get('gid'); $cid = $this->_cid; $params = $this->_item->parameters; $cparams = $this->_cparams; $fcreturn = serialize(array('id' => @$this->_item->id, 'cid' => $cid)); // a special url parameter, used by some SEF code $referer = @$_SERVER['HTTP_REFERER']; // the previously viewed page (refer) // a basic item title string $title_str = "<br />" . JText::_('FLEXI_TITLE') . ": " . $this->_item->title . '[id: ' . $this->_item->id . ']'; // Since we will check access for VIEW (=read) only, we skip checks if TASK Variable is set, // the edit() or add() or other controller task, will be responsible for checking permissions. if (@$this->_item->id && !JRequest::getVar('task', false) && JRequest::getVar('view') == FLEXI_ITEMVIEW) { //************************************************************* // STEP A: Calculate ownership, edit permission and read access // (a) isOwner, (b) canedititem, (c) canviewitem //************************************************************* // (a) Calculate if owned by current user $isOwner = $this->_item->created_by == $user->get('id'); // (b) Calculate edit access ... // NOTE: we will allow view access if current user can edit the item (but set a warning message about it, see bellow) $canedititem = $params->get('access-edit'); $caneditstate = $params->get('access-edit-state'); if (!$caneditstate) { // Item not editable, check if item is editable till logoff if ($session->has('rendered_uneditable', 'flexicontent')) { $rendered_uneditable = $session->get('rendered_uneditable', array(), 'flexicontent'); $canedititem = isset($rendered_uneditable[$this->_item->id]); } } // (c) Calculate read access ... $canviewitem = $params->get('access-view'); // ********************************************************************************* // STEP B: Calculate SOME ITEM PUBLICATION STATE FLAGS, used to decide if current item is active // FLAGS: item_is_published, item_is_scheduled, item_is_expired, cats_are_published // ********************************************************************************* $item_is_published = $this->_item->state == 1 || $this->_item->state == -5 || $this->_item->state == (FLEXI_J16GE ? 2 : -1); $item_is_scheduled = $this->_item->publication_scheduled; $item_is_expired = $this->_item->publication_expired; if ($cid) { // cid is set, check state of current item category only // NOTE: J1.6+ all ancestor categories from current one to the root, for J1.5 only the current one ($cid) if (!isset($this->_item->ancestor_cats_published)) { $ancestor_cats_published = true; foreach ($globalcats[$cid]->ancestorsarray as $pcid) { $ancestor_cats_published = $ancestor_cats_published && $globalcats[$pcid]->published == 1; } $this->_item->ancestor_cats_published = $ancestor_cats_published; } $cats_are_published = $this->_item->ancestor_cats_published; //$this->_item->catpublished; $cats_np_err_mssg = JText::sprintf('FLEXI_CONTENT_UNAVAILABLE_ITEM_CURRCAT_UNPUBLISHED', $cid); } else { // cid is not set, we have no current category, the item is visible if it belongs to at one published category $itemcats = $this->_item->categories; $cats_are_published = true; foreach ($itemcats as $catid) { if (!isset($globalcats[$catid])) { continue; } $cats_are_published |= $globalcats[$catid]->published; // For J1.6+ check all ancestor categories from current one to the root foreach ($globalcats[$catid]->ancestorsarray as $pcid) { $cats_are_published = $cats_are_published && $globalcats[$pcid]->published == 1; } } $cats_np_err_mssg = JText::_('FLEXI_CONTENT_UNAVAILABLE_ITEM_ALLCATS_UNPUBLISHED'); } // Calculate if item is active ... and viewable is also it's (current or All) categories are published $item_active = $item_is_published && !$item_is_scheduled && !$item_is_expired; $item_n_cat_active = $item_active && $cats_are_published; $previewing_and_unlogged = $version && $user->guest; // this is a flag indicates to redirect to login instead of 404 error $ignore_publication = $canedititem || $caneditstate || $isOwner || $previewing_and_unlogged; $inactive_notice_set = false; $item_state_pending = $this->_item->state == -3; $item_state_draft = $this->_item->state == -4; //*********************************************************************************************************************** // STEP C: CHECK item state, if publication state is not ignored terminate with 404 NOT found, otherwise add a notice // NOTE: Asking all users to login when item is not active maybe wrong approach, so instead we raise 404 error, but we // will ask them to login only if previewing a latest or specific version (so ignore publication FLAG includes this case) // (a) Check that item is PUBLISHED (1,-5) or ARCHIVED (-1) // (b) Check that item has expired publication date // (c) Check that item has scheduled publication date // (d) Check that current item category or all items categories are published //*********************************************************************************************************************** // (a) Check that item is PUBLISHED (1,-5) or ARCHIVED (-1) if (!$caneditstate && ($item_state_pending || $item_state_draft) && $isOwner) { // SPECIAL workflow case, regardless of (view/edit privilege), allow users to view unpublished owned content, (a) if waiting for approval, or (b) if can request approval $inactive_notice_set = true; } else { if (!$item_is_published && !$ignore_publication) { // Raise error that the item is unpublished $msg = JText::_('FLEXI_CONTENT_UNAVAILABLE_ITEM_UNPUBLISHED') . $title_str; if (FLEXI_J16GE) { throw new Exception($msg, 404); } else { JError::raiseError(404, $msg); } } else { if (!$item_is_published && !$inactive_notice_set) { // Item edittable, set warning that ... JError::raiseNotice(404, JText::_('FLEXI_CONTENT_UNAVAILABLE_ITEM_UNPUBLISHED')); $inactive_notice_set = true; } } } // NOTE: First, we check for expired publication, since if item expired, scheduled publication is meaningless // (b) Check that item has expired publication date if ($item_is_expired && !$ignore_publication) { // Raise error that the item is scheduled for publication $msg = JText::_('FLEXI_CONTENT_UNAVAILABLE_ITEM_EXPIRED') . $title_str; if (FLEXI_J16GE) { throw new Exception($msg, 404); } else { JError::raiseError(404, $msg); } } else { if ($item_is_expired && !$inactive_notice_set) { // Item edittable, set warning that ... JError::raiseNotice(404, JText::_('FLEXI_CONTENT_UNAVAILABLE_ITEM_EXPIRED')); $inactive_notice_set = true; } } // (c) Check that item has scheduled publication date if ($item_is_scheduled && !$ignore_publication) { // Raise error that the item is scheduled for publication $msg = JText::_('FLEXI_CONTENT_UNAVAILABLE_ITEM_SCHEDULED') . $title_str; if (FLEXI_J16GE) { throw new Exception($msg, 404); } else { JError::raiseError(404, $msg); } } else { if ($item_is_scheduled && !$inactive_notice_set) { // Item edittable, set warning that ... JError::raiseNotice(404, JText::_('FLEXI_CONTENT_UNAVAILABLE_ITEM_SCHEDULED')); $inactive_notice_set = true; } } // (d) Check that current item category or all items categories are published if (!$cats_are_published && !$ignore_publication) { // Terminate execution with a HTTP not-found Server Error $msg = $cats_np_err_mssg . $title_str; if (FLEXI_J16GE) { throw new Exception($msg, 404); } else { JError::raiseError(404, $msg); } } else { if (!$cats_are_published && !$inactive_notice_set) { // Item edittable, set warning that item's (ancestor) category is unpublished JError::raiseNotice(404, $cats_np_err_mssg); $inactive_notice_set = true; } } //******************************************************************************************* // STEP D: CHECK viewing access in relation to if user being logged and being owner / editor // (a) redirect user previewing a non-current item version, to either current item version or to refer if has no edit permission // (b) redirect item owner to previous page if user has no access (read/edit) to the item // (c) redirect unlogged user to login, so that user can possible login to privileged account // (d) redirect unauthorized logged user to the unauthorized page (if this is set) // (e) finally raise a 403 forbidden Server Error if user is unauthorized to access item //******************************************************************************************* // SPECIAL case when previewing an non-current version of an item, this is allowed only if user can edit the item $current_version = FLEXIUtilities::getCurrentVersions($this->_id, true); // Get current item version if ($version && $version != $current_version && !$canedititem && !$previewing_and_unlogged) { // (a) redirect user previewing a non-current item version, to either current item version or to refer if has no edit permission JError::raiseNotice(403, JText::_('FLEXI_ALERTNOTAUTH_PREVIEW_UNEDITABLE') . "<br />" . JText::_('FLEXI_ALERTNOTAUTH_TASK')); if ($item_n_cat_active && $canviewitem) { $app->redirect(JRoute::_(FlexicontentHelperRoute::getItemRoute($this->_item->slug, $this->_item->categoryslug, 0, $this->_item))); } else { $app->redirect($referer); // Item not viewable OR no view access, redirect to refer page } } else { if (!$item_n_cat_active && !$previewing_and_unlogged) { if (!$caneditstate && ($item_state_pending || $item_state_draft) && $isOwner) { // no redirect, SET message to owners, to wait for approval or to request approval of their content $app->enqueueMessage(JText::_($item_state_pending ? 'FLEXI_ALERT_VIEW_OWN_PENDING_STATE' : 'FLEXI_ALERT_VIEW_OWN_DRAFT_STATE'), 'notice'); } else { if (!$canedititem && !$caneditstate && $isOwner) { // (b) redirect item owner to previous page if user cannot access (read/edit) the item JError::raiseNotice(403, JText::_($item_state_pending ? 'FLEXI_ALERTNOTAUTH_VIEW_OWN_PENDING' : 'FLEXI_ALERTNOTAUTH_VIEW_OWN_UNPUBLISHED')); $app->redirect($referer); } else { if ($canedititem || $caneditstate) { // no redirect, SET notice to the editors, that they are viewing unreadable content because they can edit the item $app->enqueueMessage(JText::_('FLEXI_CONTENT_ACCESS_ALLOWED_BECAUSE_EDITABLE_PUBLISHABLE'), 'notice'); } else { $app->enqueueMessage('INTERNAL ERROR: item inactive but checks were ignored despite current user not begin item owner or item assigned editor', 'notice'); $app->redirect($referer); } } } } else { if (!$canviewitem && !$canedititem || !$item_n_cat_active) { if ($user->guest) { // (c) redirect unlogged user to login, so that user can possible login to privileged account $uri = JFactory::getURI(); $return = $uri->toString(); $com_users = FLEXI_J16GE ? 'com_users' : 'com_user'; $url = $cparams->get('login_page', 'index.php?option=' . $com_users . '&view=login'); $return = strtr(base64_encode($return), '+/=', '-_,'); $url .= '&return=' . $return; //$url .= '&return='.base64_encode($return); $url .= '&fcreturn=' . base64_encode($fcreturn); JError::raiseWarning(403, JText::sprintf("FLEXI_LOGIN_TO_ACCESS", $url)); $app->redirect($url); } else { $msg = JText::_('FLEXI_ALERTNOTAUTH_VIEW'); $msg .= $item->type_id && !$item->has_type_access ? "<br/>" . JText::_("FLEXI_ALERTNOTAUTH_VIEW_TYPE") : ''; $msg .= $item->catid && !$item->has_mcat_access ? "<br/>" . JText::_("FLEXI_ALERTNOTAUTH_VIEW_MCAT") : ''; if ($cparams->get('unauthorized_page', '')) { // (d) redirect unauthorized logged user to the unauthorized page (if this is set) JError::raiseNotice(403, $msg); $app->redirect($cparams->get('unauthorized_page')); } else { // (e) finally raise a 403 forbidden Server Error if user is unauthorized to access item if (FLEXI_J16GE) { throw new Exception($msg, 403); } else { JError::raiseError(403, $msg); } } } } else { } } } } // End of Existing item (not new) }
/** * Method to change the state of an item * * @access public * @return boolean True on success * @since 1.0 */ function setitemstate($id, $state = 1) { $app = JFactory::getApplication(); $user = JFactory::getUser(); $dispatcher = JDispatcher::getInstance(); JRequest::setVar("isflexicontent", "yes"); static $event_failed_notice_added = false; if ($id) { $v = FLEXIUtilities::getCurrentVersions((int) $id); $query = 'UPDATE #__content' . ' SET state = ' . (int) $state . ' WHERE id = ' . (int) $id; $this->_db->setQuery($query); $this->_db->query(); if ($this->_db->getErrorNum()) { if (FLEXI_J16GE) { throw new Exception($this->_db->getErrorMsg(), 500); } else { JError::raiseError(500, $this->_db->getErrorMsg()); } } $query = 'UPDATE #__flexicontent_items_tmp' . ' SET state = ' . (int) $state . ' WHERE id = ' . (int) $id; $this->_db->setQuery($query); $this->_db->query(); if ($this->_db->getErrorNum()) { if (FLEXI_J16GE) { throw new Exception($this->_db->getErrorMsg(), 500); } else { JError::raiseError(500, $this->_db->getErrorMsg()); } } $query = 'UPDATE #__flexicontent_items_versions' . ' SET value = ' . (int) $state . ' WHERE item_id = ' . (int) $id . ' AND valueorder = 1' . ' AND field_id = 10' . ' AND version = ' . (int) $v['version']; $this->_db->setQuery($query); $this->_db->query(); if ($this->_db->getErrorNum()) { if (FLEXI_J16GE) { throw new Exception($this->_db->getErrorMsg(), 500); } else { JError::raiseError(500, $this->_db->getErrorMsg()); } } } // **************************************************************** // Trigger Event 'onContentChangeState' of Joomla's Content plugins // **************************************************************** if (FLEXI_J16GE) { // Make sure we import flexicontent AND content plugins since we will be triggering their events JPluginHelper::importPlugin('content'); // PREPARE FOR TRIGGERING content events // We need to fake joomla's states ... when triggering events $fc_state = $state; if (in_array($fc_state, array(1, -5))) { $jm_state = 1; } else { if (in_array($fc_state, array(0, -3, -4))) { $jm_state = 0; } else { $jm_state = $fc_state; } } // trashed & archive states $fc_itemview = $app->isSite() ? FLEXI_ITEMVIEW : 'item'; $item = new stdClass(); // Compatibility steps (including Joomla compatible state), // so that 3rd party plugins using the change state event work properly JRequest::setVar('view', 'article'); JRequest::setVar('option', 'com_content'); $item->state = $jm_state; $result = $dispatcher->trigger($this->event_change_state, array('com_content.article', (array) $id, $jm_state)); // Revert compatibilty steps ... the $item->state is not used further regardless if it was changed, // besides the event_change_state using plugin should have updated DB state value anyway JRequest::setVar('view', $fc_itemview); JRequest::setVar('option', 'com_flexicontent'); if ($item->state == $jm_state) { $item->state = $fc_state; } // this check is redundant, item->state is not used further ... if (in_array(false, $result, true) && !$event_failed_notice_added) { JError::raiseNotice(10, JText::_('One of plugin event handler for onContentChangeState failed')); $event_failed_notice_added = true; return false; } } return true; }
/** * Logic to save an item * * @access public * @return void * @since 1.0 */ function save() { // Check for request forgeries JRequest::checkToken() or jexit( 'Invalid Token' ); // Initialize variables $app = JFactory::getApplication(); $db = JFactory::getDBO(); $user = JFactory::getUser(); $menu = $app->getMenu()->getActive(); $config = JFactory::getConfig(); $session = JFactory::getSession(); $task = JRequest::getVar('task'); $model = $this->getModel(FLEXI_ITEMVIEW); $isnew = !$model->getId(); $ctrl_task = FLEXI_J16GE ? 'task=items.' : 'controller=items&task='; $fc_params = JComponentHelper::getParams( 'com_flexicontent' ); $dolog = $fc_params->get('print_logging_info'); // Get the COMPONENT only parameters $comp_params = JComponentHelper::getComponent('com_flexicontent')->params; $params = FLEXI_J16GE ? clone ($comp_params) : new JParameter( $comp_params ); // clone( JComponentHelper::getParams('com_flexicontent') ); // Merge the type parameters $tparams = $model->getTypeparams(); $tparams = FLEXI_J16GE ? new JRegistry($tparams) : new JParameter($tparams); $params->merge($tparams); // Merge the menu parameters if ($menu) { $menu_params = FLEXI_J16GE ? $menu->params : new JParameter($menu->params); $params->merge($menu_params); } // Get needed parameters $submit_redirect_url_fe = $params->get('submit_redirect_url_fe', ''); $allowunauthorize = $params->get('allowunauthorize', 0); // ********************* // Get data from request // ********************* if (FLEXI_J16GE) { // Retrieve form data these are subject to basic filtering $data = JRequest::getVar('jform', array(), 'post', 'array'); // Core Fields and and item Parameters $custom = JRequest::getVar('custom', array(), 'post', 'array'); // Custom Fields $jfdata = JRequest::getVar('jfdata', array(), 'post', 'array'); // Joomfish Data if ( ! @ $data['rules'] ) $data['rules'] = array(); } else { // Retrieve form data these are subject to basic filtering $data = JRequest::get( 'post' ); // Core & Custom Fields and item Parameters } // Set data id into model in case not already set ? $model->setId((int) $data['id']); // ************************************* // ENFORCE can change category ACL perms // ************************************* $perms = FlexicontentHelperPerm::getPerm(); // Per content type change category permissions if (FLEXI_J16GE) { $current_type_id = ($isnew || !$model->get('type_id')) ? $data['type_id'] : $model->get('type_id'); // GET current (existing/old) item TYPE ID $CanChangeFeatCat = $user->authorise('flexicontent.change.cat.feat', 'com_flexicontent.type.' . $current_type_id); $CanChangeSecCat = $user->authorise('flexicontent.change.cat.sec', 'com_flexicontent.type.' . $current_type_id); $CanChangeCat = $user->authorise('flexicontent.change.cat', 'com_flexicontent.type.' . $current_type_id); } else { $CanChangeFeatCat = 1; $CanChangeSecCat = 1; $CanChangeCat = 1; } $featured_cats_parent = $params->get('featured_cats_parent', 0); $featured_cats = array(); $enable_featured_cid_selector = $perms->MultiCat && $CanChangeFeatCat; $enable_cid_selector = $perms->MultiCat && $CanChangeSecCat; $enable_catid_selector = ($isnew && !$tparams->get('catid_default')) || (!$isnew && !$model->get('catid')) || $CanChangeCat; // Enforce maintaining featured categories $featured_cats_parent = $params->get('featured_cats_parent', 0); $featured_cats = array(); if ( $featured_cats_parent && !$enable_featured_cid_selector ) { $featured_tree = flexicontent_cats::getCategoriesTree($published_only=1, $parent_id=$featured_cats_parent, $depth_limit=0); $featured_cid = array(); if (!$isnew) { foreach($model->get('categories') as $item_cat) if (isset($featured_tree[$item_cat])) $featured_cid[] = $item_cat; } $data['featured_cid'] = $featured_cid; } // Enforce maintaining secondary categories if (!$enable_cid_selector) { if ($isnew) { $data['cid'] = $tparams->get('cid_default'); } else if ( isset($featured_cid) ) { $featured_cid_arr = array_flip($featured_cid); $sec_cid = array(); foreach($model->get('cats') as $item_cat) if (!isset($featured_cid_arr[$item_cat])) $sec_cid[] = $item_cat; $data['cid'] = $sec_cid; } else { $data['cid'] = $model->get('cats'); } } if (!$enable_catid_selector) { if ($isnew && $tparams->get('catid_default')) $data['catid'] = $tparams->get('catid_default'); else if ($model->get('catid')) $data['catid'] = $model->get('catid'); } // ************************** // Basic Form data validation // ************************** if (FLEXI_J16GE) { // *** MANUALLY CHECK CAPTCHA *** $use_captcha = $params->get('use_captcha', 1); // 1 for guests, 2 for any user $captcha_formop = $params->get('captcha_formop', 0); // 0 for submit, 1 for submit/edit (aka always) $is_submitop = ((int) $data['id']) == 0; $display_captcha = $use_captcha >= 2 || ( $use_captcha == 1 && $user->guest ); $display_captcha = $display_captcha && ( $is_submitop || $captcha_formop); // for submit operation we do not need to check 'captcha_formop' ... if ($display_captcha) { // Try to force the use of recaptcha plugin JFactory::getConfig()->set('captcha', 'recaptcha'); if ( $app->getCfg('captcha') == 'recaptcha' && JPluginHelper::isEnabled('captcha', 'recaptcha') ) { JPluginHelper::importPlugin('captcha'); $dispatcher = JDispatcher::getInstance(); $result = $dispatcher->trigger('onCheckAnswer', JRequest::getString('recaptcha_response_field')); if (!$result[0]) { $errmsg = JText::_('FLEXI_CAPTCHA_FAILED'); $errmsg .= ' '.JText::_('FLEXI_MUST_REFILL_SOME_FIELDS'); echo "<script>alert('".$errmsg."');"; echo "window.history.back();"; echo "</script>"; jexit(); } } } // Validate Form data for core fields and for parameters $form = $model->getForm(); // Do not pass any data we only want the form object in order to validate the data and not create a filled-in form $post = $model->validate($form, $data); // Check for validation error if (!$post) { // Get the validation messages. $errors = $form->getErrors(); // Push up to three validation messages out to the user. for ($i = 0, $n = count($errors); $i < $n && $i < 3; $i++) { if ($errors[$i] instanceof Exception) $app->enqueueMessage($errors[$i]->getMessage(), 'notice'); else $app->enqueueMessage($errors[$i], 'notice'); } // Save the jform data in the session. $app->setUserState($form->option.'.edit.'.$form->context.'.data', $data); // Save the custom fields data in the session. $app->setUserState($form->option.'.edit.'.$form->context.'.custom', $custom); // Redirect back to the registration form. $this->setRedirect( $_SERVER['HTTP_REFERER'] ); return false; //die('error'); } /*if (!$post) { //JError::raiseWarning( 500, "Error while validating data: " . $model->getError() ); echo "Error while validating data: " . $model->getError(); echo '<span class="fc_return_msg">'.JText::sprintf('FLEXI_CLICK_HERE_TO_RETURN', '"JavaScript:window.history.back();"').'</span>'; jexit(); }*/ // Some values need to be assigned after validation $post['attribs'] = @$data['attribs']; // Workaround for item's template parameters being clear by validation since they are not present in item.xml $post['custom'] = & $custom; // Assign array of custom field values, they are in the 'custom' form array instead of jform $post['jfdata'] = & $jfdata; // Assign array of Joomfish field values, they are in the 'jfdata' form array instead of jform // Assign template parameters of the select ilayout as an sub-array (the DB model will handle the merging of parameters) $ilayout = @ $data['attribs']['ilayout']; // normal not be set if frontend template editing is not shown if( $ilayout && !empty($data['layouts'][$ilayout]) ) $post['attribs']['layouts'] = $data['layouts']; //echo "<pre>"; print_r($post['attribs']); exit; } else { $post = $data; // Some values need to be assigned after validation $post['text'] = JRequest::getVar( 'text', '', 'post', 'string', JREQUEST_ALLOWRAW ); // Workaround for allowing raw text field // Assign template parameters of the select ilayout as an sub-array (the DB model will handle the merging of parameters) $ilayout = @ $post['params']['ilayout']; // normal not be set if frontend template editing is not shown if( $ilayout && !empty($post['layouts'][$ilayout]) ) $post['params']['layouts'] = $post['layouts']; //echo "<pre>"; print_r($post['params']); exit; } // USEFULL FOR DEBUGING for J2.5 (do not remove commented code) //$diff_arr = array_diff_assoc ( $data, $post); //echo "<pre>"; print_r($diff_arr); jexit(); // ******************************************************************************** // PERFORM ACCESS CHECKS, NOTE: we need to check access again, despite having // checked them on edit form load, because user may have tampered with the form ... // ******************************************************************************** $type_id = (int) @ $post['type_id']; // Typecast to int, (already done for J2.5 via validating) if ( !$isnew && $model->get('type_id') == $type_id ) { // Existing item with Type not being ALTERED, content type can be maintained regardless of privilege $canCreateType = true; } else { // New item or existing item with Type is being ALTERED, check privilege to create items of this type $canCreateType = $model->canCreateType( array($type_id), true, $types ); } // **************************************************************** // Calculate user's privileges on current content item // ... canPublish IS RECALCULATED after saving, maybe comment out ? // **************************************************************** if (!$isnew) { if (FLEXI_J16GE) { $asset = 'com_content.article.' . $model->get('id'); $canPublish = $user->authorise('core.edit.state', $asset) || ($user->authorise('core.edit.state.own', $asset) && $model->get('created_by') == $user->get('id')); $canEdit = $user->authorise('core.edit', $asset) || ($user->authorise('core.edit.own', $asset) && $model->get('created_by') == $user->get('id')); // ALTERNATIVE 1 //$canEdit = $model->getItemAccess()->get('access-edit'); // includes privileges edit and edit-own // ALTERNATIVE 2 //$rights = FlexicontentHelperPerm::checkAllItemAccess($user->get('id'), 'item', $model->get('id')); //$canEdit = in_array('edit', $rights) || (in_array('edit.own', $rights) && $model->get('created_by') == $user->get('id')) ; } else if ($user->gid >= 25) { $canPublish = true; $canEdit = true; } else if (FLEXI_ACCESS) { $rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, $model->get('id'), $model->get('catid')); $canPublish = in_array('publish', $rights) || (in_array('publishown', $rights) && $model->get('created_by') == $user->get('id')) ; $canEdit = in_array('edit', $rights) || (in_array('editown', $rights) && $model->get('created_by') == $user->get('id')) ; } else { $canPublish = $user->authorize('com_content', 'publish', 'content', 'all'); $canEdit = $user->authorize('com_content', 'edit', 'content', 'all') || ($user->authorize('com_content', 'edit', 'content', 'own') && $model->get('created_by') == $user->get('id')); //$canPublish = ($user->gid >= 21); // At least J1.5 Publisher //$canEdit = ($user->gid >= 20); // At least J1.5 Editor } if ( !$canEdit ) { // No edit privilege, check if item is editable till logoff if ($session->has('rendered_uneditable', 'flexicontent')) { $rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent'); $canEdit = isset($rendered_uneditable[$model->get('id')]) && $rendered_uneditable[$model->get('id')]; } } } else { if (FLEXI_J16GE) { $canAdd = $model->getItemAccess()->get('access-create'); // includes check of creating in at least one category $not_authorised = !$canAdd; $canPublish = $user->authorise('core.edit.state', 'com_flexicontent') || $user->authorise('core.edit.state.own', 'com_flexicontent'); } else if ($user->gid >= 25) { $canAdd = 1; } else if (FLEXI_ACCESS) { $canAdd = FAccess::checkUserElementsAccess($user->gmid, 'submit'); $canAdd = @$canAdd['content'] || @$canAdd['category']; $canPublishAll = FAccess::checkAllContentAccess('com_content','publish','users',$user->gmid,'content','all'); $canPublishOwnAll = FAccess::checkAllContentAccess('com_content','publishown','users',$user->gmid,'content','all'); $canPublish = ($user->gid < 25) ? $canPublishAll || $canPublishOwnAll : 1; } else { $canAdd = $user->authorize('com_content', 'add', 'content', 'all'); //$canAdd = ($user->gid >= 19); // At least J1.5 Author $not_authorised = ! $canAdd; $canPublish = ($user->gid >= 21); } if ( $allowunauthorize ) { $canAdd = true; $canCreateType = true; } } // ... we use some strings from administrator part // load english language file for 'com_flexicontent' component then override with current language file JFactory::getLanguage()->load('com_flexicontent', JPATH_ADMINISTRATOR, 'en-GB', true); JFactory::getLanguage()->load('com_flexicontent', JPATH_ADMINISTRATOR, null, true); // Check for new content if ( ($isnew && !$canAdd) || (!$isnew && !$canEdit)) { $msg = JText::_( 'FLEXI_ALERTNOTAUTH' ); if (FLEXI_J16GE) throw new Exception($msg, 403); else JError::raiseError(403, $msg); } if ( !$canCreateType ) { $msg = isset($types[$type_id]) ? JText::sprintf( 'FLEXI_NO_ACCESS_CREATE_CONTENT_OF_TYPE', JText::_($types[$type_id]->name) ) : ' Content Type '.$type_id.' was not found OR is not published'; if (FLEXI_J16GE) throw new Exception($msg, 403); else JError::raiseError(403, $msg); return; } // Get "BEFORE SAVE" categories for information mail $before_cats = array(); if ( !$isnew ) { $query = 'SELECT DISTINCT c.id, c.title FROM #__categories AS c' . ' JOIN #__flexicontent_cats_item_relations AS rel ON rel.catid = c.id' . ' WHERE rel.itemid = '.(int) $model->get('id'); $db->setQuery( $query ); $before_cats = $db->loadObjectList('id'); $before_maincat = $model->get('catid'); $original_item = $model->getItem($post['id'], $check_view_access=false, $no_cache=true, $force_version=0); } // **************************************** // Try to store the form data into the item // **************************************** if ( ! $model->store($post) ) { // Set error message about saving failed, and also the reason (=model's error message) $msg = JText::_( 'FLEXI_ERROR_STORING_ITEM' ); JError::raiseWarning( 500, $msg .": " . $model->getError() ); // Since an error occured, check if (a) the item is new and (b) was not created if ($isnew && !$model->get('id')) { $msg = ''; $link = 'index.php?option=com_flexicontent&'.$ctrl_task.'add&id=0&typeid='.$type_id.'&'. (FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken()) .'=1'; $this->setRedirect($link, $msg); } else { $msg = ''; $link = 'index.php?option=com_flexicontent&'.$ctrl_task.'edit&id='.$model->get('id').'&'. (FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken()) .'=1'; $this->setRedirect($link, $msg); } // Saving has failed check-in and return, (above redirection will be used) $model->checkin(); return; } // ************************************************** // Check in model and get item id in case of new item // ************************************************** $model->checkin(); $post['id'] = $isnew ? (int) $model->get('id') : $post['id']; // Get items marked as newly submitted $newly_submitted = $session->get('newly_submitted', array(), 'flexicontent'); if ($isnew) { // Mark item as newly submitted, to allow to a proper "THANKS" message after final save & close operation (since user may have clicked add instead of add & close) $newly_submitted[$model->get('id')] = 1; $session->set('newly_submitted', $newly_submitted, 'flexicontent'); } $newly_submitted_item = @ $newly_submitted[$model->get('id')]; // *********************************************************************************************************** // Get newly saved -latest- version (store task gets latest) of the item, and also calculate publish privelege // *********************************************************************************************************** $item = $model->getItem($post['id'], $check_view_access=false, $no_cache=true, $force_version=-1); $canPublish = $model->canEditState( $item, $check_cat_perm=true ); // ******************************************************************************************** // Use session to detect multiple item saves to avoid sending notification EMAIL multiple times // ******************************************************************************************** $is_first_save = true; if ($session->has('saved_fcitems', 'flexicontent')) { $saved_fcitems = $session->get('saved_fcitems', array(), 'flexicontent'); $is_first_save = $isnew ? true : !isset($saved_fcitems[$model->get('id')]); } // Add item to saved items of the corresponding session array $saved_fcitems[$model->get('id')] = $timestamp = time(); // Current time as seconds since Unix epoc; $session->set('saved_fcitems', $saved_fcitems, 'flexicontent'); // ******************************************** // Get categories added / removed from the item // ******************************************** $query = 'SELECT DISTINCT c.id, c.title FROM #__categories AS c' . ' JOIN #__flexicontent_cats_item_relations AS rel ON rel.catid = c.id' . ' WHERE rel.itemid = '.(int) $model->get('id'); $db->setQuery( $query ); $after_cats = $db->loadObjectList('id'); if ( !$isnew ) { $cats_added_ids = array_diff(array_keys($after_cats), array_keys($before_cats)); foreach($cats_added_ids as $cats_added_id) { $cats_added_titles[] = $after_cats[$cats_added_id]->title; } $cats_removed_ids = array_diff(array_keys($before_cats), array_keys($after_cats)); foreach($cats_removed_ids as $cats_removed_id) { $cats_removed_titles[] = $before_cats[$cats_removed_id]->title; } $cats_altered = count($cats_added_ids) + count($cats_removed_ids); $after_maincat = $model->get('catid'); } // ******************************************************************************************************************* // We need to get emails to notify, from Global/item's Content Type parameters -AND- from item's categories parameters // ******************************************************************************************************************* $notify_emails = array(); if ( $is_first_save || $cats_altered || $params->get('nf_enable_debug',0) ) { // Get needed flags regarding the saved items $approve_version = 2; $pending_approval_state = -3; $draft_state = -4; $current_version = FLEXIUtilities::getCurrentVersions($item->id, true); // Get current item version $last_version = FLEXIUtilities::getLastVersions($item->id, true); // Get last version (=latest one saved, highest version id), // $post variables vstate & state may have been (a) tampered in the form, and/or (b) altered by save procedure so better not use them $needs_version_reviewal = !$isnew && ($last_version > $current_version) && !$canPublish; $needs_publication_approval = $isnew && ($item->state == $pending_approval_state) && !$canPublish; $draft_from_non_publisher = $item->state==$draft_state && !$canPublish; if ($draft_from_non_publisher) { // Suppress notifications for draft-state items (new or existing ones), for these each author will publication approval manually via a button $nConf = false; } else { // Get notifications configuration and select appropriate emails for current saving case $nConf = $model->getNotificationsConf($params); //echo "<pre>"; print_r($nConf); "</pre>"; } if ($nConf) { $states_notify_new = $params->get('states_notify_new', array(1,0,(FLEXI_J16GE ? 2:-1),-3,-4,-5)); if ( empty($states_notify_new) ) $states_notify_new = array(); else if ( ! is_array($states_notify_new) ) $states_notify_new = !FLEXI_J16GE ? array($states_notify_new) : explode("|", $states_notify_new); $states_notify_existing = $params->get('states_notify_existing', array(1,0,(FLEXI_J16GE ? 2:-1),-3,-4,-5)); if ( empty($states_notify_existing) ) $states_notify_existing = array(); else if ( ! is_array($states_notify_existing) ) $states_notify_existing = !FLEXI_J16GE ? array($states_notify_existing) : explode("|", $states_notify_existing); $n_state_ok = in_array($item->state, $states_notify_new); $e_state_ok = in_array($item->state, $states_notify_existing); if ($needs_publication_approval) $notify_emails = $nConf->emails->notify_new_pending; else if ($isnew && $n_state_ok) $notify_emails = $nConf->emails->notify_new; else if ($isnew) $notify_emails = array(); else if ($needs_version_reviewal) $notify_emails = $nConf->emails->notify_existing_reviewal; else if (!$isnew && $e_state_ok) $notify_emails = $nConf->emails->notify_existing; else if (!$isnew) $notify_emails = array(); if ($needs_publication_approval) $notify_text = $params->get('text_notify_new_pending'); else if ($isnew) $notify_text = $params->get('text_notify_new'); else if ($needs_version_reviewal) $notify_text = $params->get('text_notify_existing_reviewal'); else if (!$isnew) $notify_text = $params->get('text_notify_existing'); //print_r($notify_emails); jexit(); } } // ********************************************************************************************************************* // If there are emails to notify for current saving case, then send the notifications emails, but // ********************************************************************************************************************* if ( !empty($notify_emails) && count($notify_emails) ) { $notify_vars = new stdClass(); $notify_vars->needs_version_reviewal = $needs_version_reviewal; $notify_vars->needs_publication_approval = $needs_publication_approval; $notify_vars->isnew = $isnew; $notify_vars->notify_emails = $notify_emails; $notify_vars->notify_text = $notify_text; $notify_vars->before_cats = $before_cats; $notify_vars->after_cats = $after_cats; $notify_vars->original_item = @ $original_item; $model->sendNotificationEmails($notify_vars, $params, $manual_approval_request=0); } // *************************************************** // CLEAN THE CACHE so that our changes appear realtime // *************************************************** if (FLEXI_J16GE) { $cache = FLEXIUtilities::getCache($group='', 0); $cache->clean('com_flexicontent_items'); $cache->clean('com_flexicontent_filters'); $cache = FLEXIUtilities::getCache($group='', 1); $cache->clean('com_flexicontent_items'); $cache->clean('com_flexicontent_filters'); } else { $itemcache = JFactory::getCache('com_flexicontent_items'); $itemcache->clean(); $filtercache = JFactory::getCache('com_flexicontent_filters'); $filtercache->clean(); } // **************************************************************************************************************************** // Recalculate EDIT PRIVILEGE of new item. Reason for needing to do this is because we can have create permission in a category // and thus being able to set this category as item's main category, but then have no edit/editown permission for this category // **************************************************************************************************************************** if (FLEXI_J16GE) { $asset = 'com_content.article.' . $model->get('id'); $canEdit = $user->authorise('core.edit', $asset) || ($user->authorise('core.edit.own', $asset) && $model->get('created_by') == $user->get('id')); // ALTERNATIVE 1 //$canEdit = $model->getItemAccess()->get('access-edit'); // includes privileges edit and edit-own // ALTERNATIVE 2 //$rights = FlexicontentHelperPerm::checkAllItemAccess($user->get('id'), 'item', $model->get('id')); //$canEdit = in_array('edit', $rights) || (in_array('edit.own', $rights) && $model->get('created_by') == $user->get('id')) ; } else if (FLEXI_ACCESS && $user->gid < 25) { $rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, $model->get('id'), $model->get('catid')); $canEdit = in_array('edit', $rights) || (in_array('editown', $rights) && $model->get('created_by') == $user->get('id')) ; } else { // This is meaningful when executed in frontend, since all backend users (managers and above) can edit items $canEdit = $user->authorize('com_content', 'edit', 'content', 'all') || ($user->authorize('com_content', 'edit', 'content', 'own') && $model->get('created_by') == $user->get('id')); } // ******************************************************************************************************* // Check if user can not edit item further (due to changed main category, without edit/editown permission) // ******************************************************************************************************* if (!$canEdit) { if ($task=='apply') { // APPLY TASK: Temporarily set item to be editable till closing it $rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent'); $rendered_uneditable[$model->get('id')] = 1; $session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent'); $canEdit = 1; } else if ( $newly_submitted_item ) { // NEW ITEM: Do not use editable till logoff behaviour // ALSO: Clear editable FLAG set in the case that 'apply' button was used during new item creation if ( !$params->get('items_session_editable', 0) ) { $rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent'); if ( isset($rendered_uneditable[$model->get('id')]) ) { unset( $rendered_uneditable[$model->get('id')] ); $session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent'); } } } else { // EXISTING ITEM: (if enabled) Use the editable till logoff behaviour if ( $params->get('items_session_editable', 0) ) { // Set notice for existing item being editable till logoff JError::raiseNotice( 403, JText::_( 'FLEXI_CANNOT_EDIT_AFTER_LOGOFF' ) ); // Allow item to be editable till logoff $rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent'); $rendered_uneditable[$model->get('id')] = 1; $session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent'); $canEdit = 1; } } // Set notice about saving an item that cannot be changed further if ( !$canEdit ) { $app->enqueueMessage(JText::_( 'FLEXI_CANNOT_MAKE_FURTHER_CHANGES_TO_CONTENT' ), 'message' ); } } // **************************************************************** // Check for new Content Item is being closed, and clear some flags // **************************************************************** if ($task!='apply' && $newly_submitted_item ) { // Clear item from being marked as newly submitted unset($newly_submitted[$model->get('id')]); $session->set('newly_submitted', $newly_submitted, 'flexicontent'); // The 'apply' task may set 'editable till logoff' FLAG ... // CLEAR IT, since NEW content this is meant to be used temporarily if ( !$params->get('items_session_editable', 0) ) { $rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent'); if ( isset($rendered_uneditable[$model->get('id')]) ) { unset( $rendered_uneditable[$model->get('id')] ); $session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent'); } } } // **************************************** // Saving is done, decide where to redirect // **************************************** // REDIRECT CASE FOR APPLYING: Save and reload the item edit form if ($task=='apply') { $msg = JText::_( 'FLEXI_ITEM_SAVED' ); // Create the URL global $globalcats; $Itemid = JRequest::getInt('Itemid', 0); // maintain current menu item if this was given $item_url = JRoute::_(FlexicontentHelperRoute::getItemRoute($item->id.':'.$item->alias, $globalcats[$item->catid]->slug, $Itemid)); $link = $item_url .(strstr($item_url, '?') ? '&' : '?').'task=edit' ; // Important pass referer back to avoid making the form itself the referer // but also check that referer URL is 'safe' (allowed) , e.g. not an offsite URL, otherwise set referer to HOME page $referer = JRequest::getString('referer', JURI::base(), 'post'); if ( ! flexicontent_html::is_safe_url($referer) ) $referer = JURI::base(); $return = '&return='.base64_encode( $referer ); $link .= $return; } // REDIRECT CASES FOR SAVING else { // REDIRECT CASE: Return to a custom page after creating a new item (e.g. a thanks page) if ( $newly_submitted_item && $submit_redirect_url_fe ) { $link = $submit_redirect_url_fe; $msg = JText::_( 'FLEXI_ITEM_SAVED' ); } // REDIRECT CASE: Save and preview the latest version else if ($task=='save_a_preview') { $msg = JText::_( 'FLEXI_ITEM_SAVED' ); $link = JRoute::_(FlexicontentHelperRoute::getItemRoute($model->_item->id.':'.$model->_item->alias, $model->_item->catid, 0, $model->_item).'&preview=1', false); } // REDIRECT CASE: Return to the form 's referer (previous page) after item saving else { $msg = $newly_submitted_item ? JText::_( 'FLEXI_THANKS_SUBMISSION' ) : JText::_( 'FLEXI_ITEM_SAVED' ); // Check that referer URL is 'safe' (allowed) , e.g. not an offsite URL, otherwise for returning to HOME page $link = JRequest::getString('referer', JURI::base(), 'post'); if ( ! flexicontent_html::is_safe_url($link) ) { if ( $dolog ) JFactory::getApplication()->enqueueMessage( 'refused redirection to possible unsafe URL: '.$link, 'notice' ); $link = JURI::base(); } } } $this->setRedirect($link, $msg); }
function save_import() { // Check for request forgeries //JRequest::checkToken() or jexit( 'Invalid Token' ); //mara $arr_countries = array('AL' => 'Albania', 'AM' => 'Armenia' , 'ARG' =>'Argentina' , 'AU' => 'Australia' , 'AUT' => 'Austria' , 'AZ' =>'Azerbaidjan' , 'BEL' => 'Belgium' , 'BGD' => 'Bangladesh' , 'BLG' => 'Bulgaria' , 'BLR' => 'Belarus' , 'BOS' => 'Bosnia-Herzegovina' , 'BRA' => 'Brazil' , 'CAN' => 'Canada' , 'CB' => 'Cuba' , 'CHE' => 'Switzerland' , 'CHI' => 'China' , 'CHL' => 'Chile' , 'CS' => 'Czech Republic' , 'DEU' => 'Germany' , 'DNK' => 'Denmark' , 'EGP' => 'Egypt' , 'EST' => 'Estonia' , 'FIN' => 'Finland' , 'FRA' => 'France' , 'GBR' => 'Great Britain' , 'GBRUSA' => 'Great Britain' , 'GEO' => 'Georgia' , 'GR' => 'Greece' , 'HK' => 'Hong Kong' , 'HOR' => 'Croatia' , 'HUN' => 'Hungary' , 'IDZ' => 'Indonesia' , 'IND' => 'India' , 'IOR' => 'Jordan' , 'IRA' => 'Iran' , 'IRL' => 'Ireland' , 'ISL' => 'Iceland' , 'ISR' => 'Israel' , 'ITA' => 'Italy' , 'JPN' => 'Japan' , 'KAZ' => 'Kazakhstan' , 'KGZ' => 'Kyrgyzstan' , 'KIP' => 'Cyprus' , 'LAT' => 'Latvia' , 'LIT' => 'Lithuania' , 'LUX' => 'Luxembourg' , 'MAK' => 'Macedonia' , 'ME' => 'Montenegro' , 'MEK' => 'Mexico' , 'MLT' => 'Malta' , 'MOL' => 'Moldavia' , 'MON' => 'Monaco' , 'NID' => 'Netherlands' , 'NOR' => 'Norway' , 'PAK' => 'Pakistan' , 'POL' => 'Poland' , 'PORT' => 'Portugal' , 'PR' => 'Puerto Rico' , 'PS' => 'Palestinian Territory' , 'RS' => 'Serbia' , 'RUM' => 'Romania' , 'RUS' => 'Russian Federation' , 'SA' => 'Saudi Arabia' , 'SCH' => 'Serbia' , 'SGP' => 'Singapore' , 'SHE' => 'Switzerland' , 'SKO' => 'South Korea' , 'SLO' => 'Slovenia' , 'SLR' => 'Slovak Republic' , 'SM' => 'San Marino' , 'SPN' => 'Spain' , 'SWE' => 'Sweden' , 'SYR' => 'Syria' , 'TA' => 'Thailand' , 'TUR' => 'Turkey' , 'UAR' => 'South Africa' , 'UGS' => 'Serbia' , 'UKR' => 'Ukraine' , 'unk' => 'Unknown' , 'USA' => 'United States' , 'USAFRA' => 'United States' , 'Uzb' => 'Uzbekistan' , 'VTN' => 'Vietnam'); mysql_connect('localhost', 'root', 'staSPE8e'); mysql_select_db('vidal'); mysql_query("SET NAMES utf8"); $query = "SELECT pa.ATCCode,m.LatName,n.NozologyCode,Document.DocumentID," ."Document.RusName,Document.EngName,Document.CompiledComposition,Document.PhInfluence,Document.PhKinetics," ."Document.Dosage,Document.OverDosage,Document.Interaction,Document.Lactation,Document.SideEffects," ."Document.StorageCondition,Document.Indication,Document.ContraIndication,Document.SpecialInstruction " . "FROM Document" ." LEFT JOIN Document_IndicNozology as n ON Document.DocumentID = n.DocumentID" ." LEFT JOIN Molecule_Document as md ON md.DocumentID = Document.DocumentID" ." LEFT JOIN Molecule as m ON m.MoleculeID = md.MoleculeID" ." LEFT JOIN Product_Document as pd ON pd.DocumentID = Document.DocumentID" ." LEFT JOIN Product_ATC as pa ON pd.ProductID = pa.ProductID" ." GROUP BY Document.DocumentID"; $result = mysql_query($query) or die(mysql_error()); while($all = mysql_fetch_array($result)){ // Initialize variables $app = JFactory::getApplication(); $db = JFactory::getDBO(); $user = JFactory::getUser(); $menu = $app->getMenu()->getActive(); $config = JFactory::getConfig(); $session = JFactory::getSession(); $task = JRequest::getVar('task'); $model = $this->getModel(FLEXI_ITEMVIEW); $isnew = !$model->getId(); $ctrl_task = FLEXI_J16GE ? 'task=items.' : 'controller=items&task='; $fc_params = JComponentHelper::getParams( 'com_flexicontent' ); $dolog = $fc_params->get('print_logging_info'); // Get the COMPONENT only parameters $comp_params = JComponentHelper::getComponent('com_flexicontent')->params; $params = FLEXI_J16GE ? clone ($comp_params) : new JParameter( $comp_params ); // clone( JComponentHelper::getParams('com_flexicontent') ); // Merge the type parameters $tparams = $model->getTypeparams(); $tparams = FLEXI_J16GE ? new JRegistry($tparams) : new JParameter($tparams); $params->merge($tparams); // Merge the menu parameters if ($menu) { $menu_params = FLEXI_J16GE ? $menu->params : new JParameter($menu->params); $params->merge($menu_params); } // Get needed parameters $submit_redirect_url_fe = $params->get('submit_redirect_url_fe', ''); $allowunauthorize = $params->get('allowunauthorize', 0); $data = array(); $data['title'] = $all['RusName']; //content $data['text'] = $all['CompiledComposition'].$all['PhInfluence'].$all['PhKinetics'].$all['Dosage'].$all['OverDosage'].$all['Interaction'].$all['Lactation'].$all['SideEffects'].$all['StorageCondition'].$all['Indication'].$all['ContraIndication'].$all['SpecialInstruction']; $data['state'] = 1; $data['catid'] = 45; $data['type_id'] = 2; $data['id'] = 0; //insert into content //flexicontent_fields_item_relations //15 field RusName EngName //19 field Zabolev $zab = ''; if($all['NozologyCode']){ $tmp = $all['NozologyCode']; $zab_cif = substr($tmp,1,2); $alpha = substr($tmp,0,1); switch($alpha){ case 'A' : $zab = 'A00–B99'; break; case 'B' : $zab = 'A00–B99';break; case 'C' : $zab = 'C00–D48';break; case 'D' : $zab = $zab_cif <= 48 ? 'C00–D48' : 'D50–D89';break; case 'E' : $zab = 'E00–E90';break; case 'F' : $zab = 'F00–F99';break; case 'G' : $zab = 'G00–G99';break; case 'H' : $zab = $zab_cif <= 59 ? 'H00–H59' : 'H60–H95';break; case 'I' : $zab = 'I00–I99';break; case 'J' : $zab = 'J00–J99';break; case 'K' : $zab = 'K00–K93';break; case 'L' : $zab = 'L00–L99';break; case 'M' : $zab = 'M00–M99';break; case 'N' : $zab = 'N00–N99';break; case 'O' : $zab = 'O00–O99';break; case 'P' : $zab = 'P00–P96'; break; case 'R' : $zab = 'R00–R99'; break; case 'S' : $zab = 'S00–T98'; break; case 'V' : $zab = 'V01–Y98';break; case 'Z' : $zab = 'Z00–Z99';break; case 'U' : $zab = 'U00–U99'; break; default: $zab = ''; } } $custom = array(); $custom['zabolevanie'] = $zab; $custom['field24'] = $all['ATCCode']; /*$custom['field24_1'] = ''; $custom['field24_2'] = ''; $custom['field24_3'] = ''; $custom['field24_4'] = ''; $custom['field24_5'] = '';*/ $custom['preparat'][0] = addslashes($all['RusName']); $custom['preparat'][1] = addslashes($all['EngName']); $custom['field22'][0] = addslashes($all['LatName']); $query = "SELECT p.DateOfCloseRegistration, p.RegistrationNumber, p.Composition, p.ZipInfo, " ." c.LocalName, c.CountryCode " . "FROM Product as p" ." JOIN Product_Company as pc ON pc.ProductID = p.ProductID" ." JOIN Company as c ON c.CompanyID = pc.CompanyID" ." JOIN Product_Document d ON d.ProductID = p.ProductID" ." WHERE d.DocumentID = ".$all['DocumentID']; $result1 = mysql_query($query) or die(mysql_error()); $field_pr = array(); $z = 0; while($proizv = mysql_fetch_array($result1)){ if(isset($arr_countries[$proizv['CountryCode']])){ $custom['field21'][0]['country'][$z] = addslashes($arr_countries[$proizv['CountryCode']]); $custom['field21'][0]['naimen'][$z] = addslashes($proizv['LocalName']);//."<br />".$proizv['Composition']); $custom['field21'][0]['vypusk'][$z] = addslashes($proizv['ZipInfo']); $custom['field21'][0]['reg'][$z] = addslashes($proizv['RegistrationNumber']); $custom['field21'][0]['date'][$z] = addslashes($proizv['DateOfCloseRegistration']); } $z++; } // ********************* // Get data from request // ********************* if (FLEXI_J16GE) { // Retrieve form data these are subject to basic filtering // $data = JRequest::getVar('jform', array(), 'post', 'array'); // Core Fields and and item Parameters // $custom = JRequest::getVar('custom', array(), 'post', 'array'); // Custom Fields $jfdata = JRequest::getVar('jfdata', array(), 'post', 'array'); // Joomfish Data if ( ! @ $data['rules'] ) $data['rules'] = array(); } else { // Retrieve form data these are subject to basic filtering $data = JRequest::get( 'post' ); // Core & Custom Fields and item Parameters } // Set data id into model in case not already set ? $model->setId((int) $data['id']); // ************************************* // ENFORCE can change category ACL perms // ************************************* $perms = FlexicontentHelperPerm::getPerm(); // Per content type change category permissions if (FLEXI_J16GE) { $current_type_id = ($isnew || !$model->get('type_id')) ? $data['type_id'] : $model->get('type_id'); // GET current (existing/old) item TYPE ID $CanChangeFeatCat = $user->authorise('flexicontent.change.cat.feat', 'com_flexicontent.type.' . $current_type_id); $CanChangeSecCat = $user->authorise('flexicontent.change.cat.sec', 'com_flexicontent.type.' . $current_type_id); $CanChangeCat = $user->authorise('flexicontent.change.cat', 'com_flexicontent.type.' . $current_type_id); } else { $CanChangeFeatCat = 1; $CanChangeSecCat = 1; $CanChangeCat = 1; } $featured_cats_parent = $params->get('featured_cats_parent', 0); $featured_cats = array(); $enable_featured_cid_selector = $perms->MultiCat && $CanChangeFeatCat; $enable_cid_selector = $perms->MultiCat && $CanChangeSecCat; $enable_catid_selector = ($isnew && !$tparams->get('catid_default')) || (!$isnew && !$model->get('catid')) || $CanChangeCat; // Enforce maintaining featured categories $featured_cats_parent = $params->get('featured_cats_parent', 0); $featured_cats = array(); if ( $featured_cats_parent && !$enable_featured_cid_selector ) { $featured_tree = flexicontent_cats::getCategoriesTree($published_only=1, $parent_id=$featured_cats_parent, $depth_limit=0); $featured_cid = array(); if (!$isnew) { foreach($model->get('categories') as $item_cat) if (isset($featured_tree[$item_cat])) $featured_cid[] = $item_cat; } $data['featured_cid'] = $featured_cid; } // Enforce maintaining secondary categories if (!$enable_cid_selector) { if ($isnew) { $data['cid'] = $tparams->get('cid_default'); } else if ( isset($featured_cid) ) { $featured_cid_arr = array_flip($featured_cid); $sec_cid = array(); foreach($model->get('cats') as $item_cat) if (!isset($featured_cid_arr[$item_cat])) $sec_cid[] = $item_cat; $data['cid'] = $sec_cid; } else { $data['cid'] = $model->get('cats'); } } if (!$enable_catid_selector) { if ($isnew && $tparams->get('catid_default')) $data['catid'] = $tparams->get('catid_default'); else if ($model->get('catid')) $data['catid'] = $model->get('catid'); } // ************************** // Basic Form data validation // ************************** if (FLEXI_J16GE) { // *** MANUALLY CHECK CAPTCHA *** $use_captcha = $params->get('use_captcha', 1); // 1 for guests, 2 for any user $captcha_formop = $params->get('captcha_formop', 0); // 0 for submit, 1 for submit/edit (aka always) $is_submitop = ((int) $data['id']) == 0; $display_captcha = $use_captcha >= 2 || ( $use_captcha == 1 && $user->guest ); $display_captcha = $display_captcha && ( $is_submitop || $captcha_formop); // for submit operation we do not need to check 'captcha_formop' ... if ($display_captcha) { // Try to force the use of recaptcha plugin JFactory::getConfig()->set('captcha', 'recaptcha'); if ( $app->getCfg('captcha') == 'recaptcha' && JPluginHelper::isEnabled('captcha', 'recaptcha') ) { JPluginHelper::importPlugin('captcha'); $dispatcher = JDispatcher::getInstance(); $result = $dispatcher->trigger('onCheckAnswer', JRequest::getString('recaptcha_response_field')); if (!$result[0]) { $errmsg = JText::_('FLEXI_CAPTCHA_FAILED'); $errmsg .= ' '.JText::_('FLEXI_MUST_REFILL_SOME_FIELDS'); echo "<script>alert('".$errmsg."');"; echo "window.history.back();"; echo "</script>"; jexit(); } } } // Validate Form data for core fields and for parameters $form = $model->getForm(); // Do not pass any data we only want the form object in order to validate the data and not create a filled-in form $post = $model->validate($form, $data); // Check for validation error if (!$post) { // Get the validation messages. $errors = $form->getErrors(); // Push up to three validation messages out to the user. for ($i = 0, $n = count($errors); $i < $n && $i < 3; $i++) { if ($errors[$i] instanceof Exception) $app->enqueueMessage($errors[$i]->getMessage(), 'notice'); else $app->enqueueMessage($errors[$i], 'notice'); } // Save the jform data in the session. $app->setUserState($form->option.'.edit.'.$form->context.'.data', $data); // Save the custom fields data in the session. $app->setUserState($form->option.'.edit.'.$form->context.'.custom', $custom); // Redirect back to the registration form. $this->setRedirect( $_SERVER['HTTP_REFERER'] ); return false; //die('error'); } /*if (!$post) { //JError::raiseWarning( 500, "Error while validating data: " . $model->getError() ); echo "Error while validating data: " . $model->getError(); echo '<span class="fc_return_msg">'.JText::sprintf('FLEXI_CLICK_HERE_TO_RETURN', '"JavaScript:window.history.back();"').'</span>'; jexit(); }*/ // Some values need to be assigned after validation $post['attribs'] = @$data['attribs']; // Workaround for item's template parameters being clear by validation since they are not present in item.xml $post['custom'] = & $custom; // Assign array of custom field values, they are in the 'custom' form array instead of jform $post['jfdata'] = & $jfdata; // Assign array of Joomfish field values, they are in the 'jfdata' form array instead of jform // Assign template parameters of the select ilayout as an sub-array (the DB model will handle the merging of parameters) $ilayout = @ $data['attribs']['ilayout']; // normal not be set if frontend template editing is not shown if( $ilayout && !empty($data['layouts'][$ilayout]) ) $post['attribs']['layouts'] = $data['layouts']; //echo "<pre>"; print_r($post['attribs']); exit; } else { $post = $data; // Some values need to be assigned after validation $post['text'] = JRequest::getVar( 'text', '', 'post', 'string', JREQUEST_ALLOWRAW ); // Workaround for allowing raw text field // Assign template parameters of the select ilayout as an sub-array (the DB model will handle the merging of parameters) $ilayout = @ $post['params']['ilayout']; // normal not be set if frontend template editing is not shown if( $ilayout && !empty($post['layouts'][$ilayout]) ) $post['params']['layouts'] = $post['layouts']; //echo "<pre>"; print_r($post['params']); exit; } // USEFULL FOR DEBUGING for J2.5 (do not remove commented code) //$diff_arr = array_diff_assoc ( $data, $post); //echo "<pre>"; print_r($diff_arr); jexit(); // ******************************************************************************** // PERFORM ACCESS CHECKS, NOTE: we need to check access again, despite having // checked them on edit form load, because user may have tampered with the form ... // ******************************************************************************** $type_id = (int) @ $post['type_id']; // Typecast to int, (already done for J2.5 via validating) if ( !$isnew && $model->get('type_id') == $type_id ) { // Existing item with Type not being ALTERED, content type can be maintained regardless of privilege $canCreateType = true; } else { // New item or existing item with Type is being ALTERED, check privilege to create items of this type $canCreateType = $model->canCreateType( array($type_id), true, $types ); } // **************************************************************** // Calculate user's privileges on current content item // ... canPublish IS RECALCULATED after saving, maybe comment out ? // **************************************************************** if (!$isnew) { if (FLEXI_J16GE) { $asset = 'com_content.article.' . $model->get('id'); $canPublish = $user->authorise('core.edit.state', $asset) || ($user->authorise('core.edit.state.own', $asset) && $model->get('created_by') == $user->get('id')); $canEdit = $user->authorise('core.edit', $asset) || ($user->authorise('core.edit.own', $asset) && $model->get('created_by') == $user->get('id')); // ALTERNATIVE 1 //$canEdit = $model->getItemAccess()->get('access-edit'); // includes privileges edit and edit-own // ALTERNATIVE 2 //$rights = FlexicontentHelperPerm::checkAllItemAccess($user->get('id'), 'item', $model->get('id')); //$canEdit = in_array('edit', $rights) || (in_array('edit.own', $rights) && $model->get('created_by') == $user->get('id')) ; } else if ($user->gid >= 25) { $canPublish = true; $canEdit = true; } else if (FLEXI_ACCESS) { $rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, $model->get('id'), $model->get('catid')); $canPublish = in_array('publish', $rights) || (in_array('publishown', $rights) && $model->get('created_by') == $user->get('id')) ; $canEdit = in_array('edit', $rights) || (in_array('editown', $rights) && $model->get('created_by') == $user->get('id')) ; } else { $canPublish = $user->authorize('com_content', 'publish', 'content', 'all'); $canEdit = $user->authorize('com_content', 'edit', 'content', 'all') || ($user->authorize('com_content', 'edit', 'content', 'own') && $model->get('created_by') == $user->get('id')); //$canPublish = ($user->gid >= 21); // At least J1.5 Publisher //$canEdit = ($user->gid >= 20); // At least J1.5 Editor } if ( !$canEdit ) { // No edit privilege, check if item is editable till logoff if ($session->has('rendered_uneditable', 'flexicontent')) { $rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent'); $canEdit = isset($rendered_uneditable[$model->get('id')]) && $rendered_uneditable[$model->get('id')]; } } } else { if (FLEXI_J16GE) { $canAdd = $model->getItemAccess()->get('access-create'); // includes check of creating in at least one category $not_authorised = !$canAdd; $canPublish = $user->authorise('core.edit.state', 'com_flexicontent') || $user->authorise('core.edit.state.own', 'com_flexicontent'); } else if ($user->gid >= 25) { $canAdd = 1; } else if (FLEXI_ACCESS) { $canAdd = FAccess::checkUserElementsAccess($user->gmid, 'submit'); $canAdd = @$canAdd['content'] || @$canAdd['category']; $canPublishAll = FAccess::checkAllContentAccess('com_content','publish','users',$user->gmid,'content','all'); $canPublishOwnAll = FAccess::checkAllContentAccess('com_content','publishown','users',$user->gmid,'content','all'); $canPublish = ($user->gid < 25) ? $canPublishAll || $canPublishOwnAll : 1; } else { $canAdd = $user->authorize('com_content', 'add', 'content', 'all'); //$canAdd = ($user->gid >= 19); // At least J1.5 Author $not_authorised = ! $canAdd; $canPublish = ($user->gid >= 21); } if ( $allowunauthorize ) { $canAdd = true; $canCreateType = true; } } // ... we use some strings from administrator part // load english language file for 'com_flexicontent' component then override with current language file JFactory::getLanguage()->load('com_flexicontent', JPATH_ADMINISTRATOR, 'en-GB', true); JFactory::getLanguage()->load('com_flexicontent', JPATH_ADMINISTRATOR, null, true); // Check for new content if ( ($isnew && !$canAdd) || (!$isnew && !$canEdit)) { $msg = JText::_( 'FLEXI_ALERTNOTAUTH' ); if (FLEXI_J16GE) throw new Exception($msg, 403); else JError::raiseError(403, $msg); } if ( !$canCreateType ) { $msg = isset($types[$type_id]) ? JText::sprintf( 'FLEXI_NO_ACCESS_CREATE_CONTENT_OF_TYPE', JText::_($types[$type_id]->name) ) : ' Content Type '.$type_id.' was not found OR is not published'; if (FLEXI_J16GE) throw new Exception($msg, 403); else JError::raiseError(403, $msg); return; } // Get "BEFORE SAVE" categories for information mail $before_cats = array(); if ( !$isnew ) { $query = 'SELECT DISTINCT c.id, c.title FROM #__categories AS c' . ' JOIN #__flexicontent_cats_item_relations AS rel ON rel.catid = c.id' . ' WHERE rel.itemid = '.(int) $model->get('id'); $db->setQuery( $query ); $before_cats = $db->loadObjectList('id'); $before_maincat = $model->get('catid'); $original_item = $model->getItem($post['id'], $check_view_access=false, $no_cache=true, $force_version=0); } // **************************************** // Try to store the form data into the item // **************************************** if ( ! $model->store($post) ) { // Set error message about saving failed, and also the reason (=model's error message) $msg = JText::_( 'FLEXI_ERROR_STORING_ITEM' ); JError::raiseWarning( 500, $msg .": " . $model->getError() ); // Since an error occured, check if (a) the item is new and (b) was not created if ($isnew && !$model->get('id')) { $msg = ''; $link = 'index.php?option=com_flexicontent&'.$ctrl_task.'add&id=0&typeid='.$type_id.'&'. (FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken()) .'=1'; $this->setRedirect($link, $msg); } else { $msg = ''; $link = 'index.php?option=com_flexicontent&'.$ctrl_task.'edit&id='.$model->get('id').'&'. (FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken()) .'=1'; $this->setRedirect($link, $msg); } // Saving has failed check-in and return, (above redirection will be used) $model->checkin(); return; } // ************************************************** // Check in model and get item id in case of new item // ************************************************** $model->checkin(); $post['id'] = $isnew ? (int) $model->get('id') : $post['id']; // Get items marked as newly submitted $newly_submitted = $session->get('newly_submitted', array(), 'flexicontent'); if ($isnew) { // Mark item as newly submitted, to allow to a proper "THANKS" message after final save & close operation (since user may have clicked add instead of add & close) $newly_submitted[$model->get('id')] = 1; $session->set('newly_submitted', $newly_submitted, 'flexicontent'); } $newly_submitted_item = @ $newly_submitted[$model->get('id')]; // *********************************************************************************************************** // Get newly saved -latest- version (store task gets latest) of the item, and also calculate publish privelege // *********************************************************************************************************** $item = $model->getItem($post['id'], $check_view_access=false, $no_cache=true, $force_version=-1); $canPublish = $model->canEditState( $item, $check_cat_perm=true ); // ******************************************************************************************** // Use session to detect multiple item saves to avoid sending notification EMAIL multiple times // ******************************************************************************************** $is_first_save = true; if ($session->has('saved_fcitems', 'flexicontent')) { $saved_fcitems = $session->get('saved_fcitems', array(), 'flexicontent'); $is_first_save = $isnew ? true : !isset($saved_fcitems[$model->get('id')]); } // Add item to saved items of the corresponding session array $saved_fcitems[$model->get('id')] = $timestamp = time(); // Current time as seconds since Unix epoc; $session->set('saved_fcitems', $saved_fcitems, 'flexicontent'); // ******************************************** // Get categories added / removed from the item // ******************************************** $query = 'SELECT DISTINCT c.id, c.title FROM #__categories AS c' . ' JOIN #__flexicontent_cats_item_relations AS rel ON rel.catid = c.id' . ' WHERE rel.itemid = '.(int) $model->get('id'); $db->setQuery( $query ); $after_cats = $db->loadObjectList('id'); if ( !$isnew ) { $cats_added_ids = array_diff(array_keys($after_cats), array_keys($before_cats)); foreach($cats_added_ids as $cats_added_id) { $cats_added_titles[] = $after_cats[$cats_added_id]->title; } $cats_removed_ids = array_diff(array_keys($before_cats), array_keys($after_cats)); foreach($cats_removed_ids as $cats_removed_id) { $cats_removed_titles[] = $before_cats[$cats_removed_id]->title; } $cats_altered = count($cats_added_ids) + count($cats_removed_ids); $after_maincat = $model->get('catid'); } // ******************************************************************************************************************* // We need to get emails to notify, from Global/item's Content Type parameters -AND- from item's categories parameters // ******************************************************************************************************************* $notify_emails = array(); if ( $is_first_save || $cats_altered || $params->get('nf_enable_debug',0) ) { // Get needed flags regarding the saved items $approve_version = 2; $pending_approval_state = -3; $draft_state = -4; $current_version = FLEXIUtilities::getCurrentVersions($item->id, true); // Get current item version $last_version = FLEXIUtilities::getLastVersions($item->id, true); // Get last version (=latest one saved, highest version id), // $post variables vstate & state may have been (a) tampered in the form, and/or (b) altered by save procedure so better not use them $needs_version_reviewal = !$isnew && ($last_version > $current_version) && !$canPublish; $needs_publication_approval = $isnew && ($item->state == $pending_approval_state) && !$canPublish; $draft_from_non_publisher = $item->state==$draft_state && !$canPublish; if ($draft_from_non_publisher) { // Suppress notifications for draft-state items (new or existing ones), for these each author will publication approval manually via a button $nConf = false; } else { // Get notifications configuration and select appropriate emails for current saving case $nConf = $model->getNotificationsConf($params); //echo "<pre>"; print_r($nConf); "</pre>"; } if ($nConf) { $states_notify_new = $params->get('states_notify_new', array(1,0,(FLEXI_J16GE ? 2:-1),-3,-4,-5)); if ( empty($states_notify_new) ) $states_notify_new = array(); else if ( ! is_array($states_notify_new) ) $states_notify_new = !FLEXI_J16GE ? array($states_notify_new) : explode("|", $states_notify_new); $states_notify_existing = $params->get('states_notify_existing', array(1,0,(FLEXI_J16GE ? 2:-1),-3,-4,-5)); if ( empty($states_notify_existing) ) $states_notify_existing = array(); else if ( ! is_array($states_notify_existing) ) $states_notify_existing = !FLEXI_J16GE ? array($states_notify_existing) : explode("|", $states_notify_existing); $n_state_ok = in_array($item->state, $states_notify_new); $e_state_ok = in_array($item->state, $states_notify_existing); if ($needs_publication_approval) $notify_emails = $nConf->emails->notify_new_pending; else if ($isnew && $n_state_ok) $notify_emails = $nConf->emails->notify_new; else if ($isnew) $notify_emails = array(); else if ($needs_version_reviewal) $notify_emails = $nConf->emails->notify_existing_reviewal; else if (!$isnew && $e_state_ok) $notify_emails = $nConf->emails->notify_existing; else if (!$isnew) $notify_emails = array(); if ($needs_publication_approval) $notify_text = $params->get('text_notify_new_pending'); else if ($isnew) $notify_text = $params->get('text_notify_new'); else if ($needs_version_reviewal) $notify_text = $params->get('text_notify_existing_reviewal'); else if (!$isnew) $notify_text = $params->get('text_notify_existing'); //print_r($notify_emails); jexit(); } } // ********************************************************************************************************************* // If there are emails to notify for current saving case, then send the notifications emails, but // ********************************************************************************************************************* if ( !empty($notify_emails) && count($notify_emails) ) { $notify_vars = new stdClass(); $notify_vars->needs_version_reviewal = $needs_version_reviewal; $notify_vars->needs_publication_approval = $needs_publication_approval; $notify_vars->isnew = $isnew; $notify_vars->notify_emails = $notify_emails; $notify_vars->notify_text = $notify_text; $notify_vars->before_cats = $before_cats; $notify_vars->after_cats = $after_cats; $notify_vars->original_item = @ $original_item; $model->sendNotificationEmails($notify_vars, $params, $manual_approval_request=0); } // *************************************************** // CLEAN THE CACHE so that our changes appear realtime // *************************************************** if (FLEXI_J16GE) { $cache = FLEXIUtilities::getCache($group='', 0); $cache->clean('com_flexicontent_items'); $cache->clean('com_flexicontent_filters'); $cache = FLEXIUtilities::getCache($group='', 1); $cache->clean('com_flexicontent_items'); $cache->clean('com_flexicontent_filters'); } else { $itemcache = JFactory::getCache('com_flexicontent_items'); $itemcache->clean(); $filtercache = JFactory::getCache('com_flexicontent_filters'); $filtercache->clean(); } // **************************************************************************************************************************** // Recalculate EDIT PRIVILEGE of new item. Reason for needing to do this is because we can have create permission in a category // and thus being able to set this category as item's main category, but then have no edit/editown permission for this category // **************************************************************************************************************************** if (FLEXI_J16GE) { $asset = 'com_content.article.' . $model->get('id'); $canEdit = $user->authorise('core.edit', $asset) || ($user->authorise('core.edit.own', $asset) && $model->get('created_by') == $user->get('id')); // ALTERNATIVE 1 //$canEdit = $model->getItemAccess()->get('access-edit'); // includes privileges edit and edit-own // ALTERNATIVE 2 //$rights = FlexicontentHelperPerm::checkAllItemAccess($user->get('id'), 'item', $model->get('id')); //$canEdit = in_array('edit', $rights) || (in_array('edit.own', $rights) && $model->get('created_by') == $user->get('id')) ; } else if (FLEXI_ACCESS && $user->gid < 25) { $rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, $model->get('id'), $model->get('catid')); $canEdit = in_array('edit', $rights) || (in_array('editown', $rights) && $model->get('created_by') == $user->get('id')) ; } else { // This is meaningful when executed in frontend, since all backend users (managers and above) can edit items $canEdit = $user->authorize('com_content', 'edit', 'content', 'all') || ($user->authorize('com_content', 'edit', 'content', 'own') && $model->get('created_by') == $user->get('id')); } // ******************************************************************************************************* // Check if user can not edit item further (due to changed main category, without edit/editown permission) // ******************************************************************************************************* if (!$canEdit) { if ($task=='apply') { // APPLY TASK: Temporarily set item to be editable till closing it $rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent'); $rendered_uneditable[$model->get('id')] = 1; $session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent'); $canEdit = 1; } else if ( $newly_submitted_item ) { // NEW ITEM: Do not use editable till logoff behaviour // ALSO: Clear editable FLAG set in the case that 'apply' button was used during new item creation if ( !$params->get('items_session_editable', 0) ) { $rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent'); if ( isset($rendered_uneditable[$model->get('id')]) ) { unset( $rendered_uneditable[$model->get('id')] ); $session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent'); } } } else { // EXISTING ITEM: (if enabled) Use the editable till logoff behaviour if ( $params->get('items_session_editable', 0) ) { // Set notice for existing item being editable till logoff JError::raiseNotice( 403, JText::_( 'FLEXI_CANNOT_EDIT_AFTER_LOGOFF' ) ); // Allow item to be editable till logoff $rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent'); $rendered_uneditable[$model->get('id')] = 1; $session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent'); $canEdit = 1; } } // Set notice about saving an item that cannot be changed further if ( !$canEdit ) { $app->enqueueMessage(JText::_( 'FLEXI_CANNOT_MAKE_FURTHER_CHANGES_TO_CONTENT' ), 'message' ); } } // **************************************************************** // Check for new Content Item is being closed, and clear some flags // **************************************************************** if ($task!='apply' && $newly_submitted_item ) { // Clear item from being marked as newly submitted unset($newly_submitted[$model->get('id')]); $session->set('newly_submitted', $newly_submitted, 'flexicontent'); // The 'apply' task may set 'editable till logoff' FLAG ... // CLEAR IT, since NEW content this is meant to be used temporarily if ( !$params->get('items_session_editable', 0) ) { $rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent'); if ( isset($rendered_uneditable[$model->get('id')]) ) { unset( $rendered_uneditable[$model->get('id')] ); $session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent'); } } } } //$this->setRedirect($link, $msg); }