function handleTemplateManagement() { global $sourceFolder; if (isset($_POST['btn_install'])) { $uploadId = processUploaded("Template"); if ($uploadId != -1) { return installModule($uploadId, "Template"); } } else { if (isset($_POST['btn_uninstall'])) { $query = "SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE attribute= 'default_template'"; $res = mysql_query($query); $row1 = array(); $row1 = mysql_fetch_row($res); if (!isset($_POST['Template']) || $_POST['Template'] == "") { return ""; } $toDelete = escape($_POST['Template']); $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "templates` WHERE `template_name` = '" . $toDelete . "'"; $query2 = "SELECT `page_id` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_template` = '{$toDelete}' LIMIT 10"; $result2 = mysql_query($query2) or displayerror(mysql_error()); if ($row1[0] == $toDelete) { displayerror("The default template cannot be deleted! If you want to delete this template, first change the default template from 'Global Settings'."); return ""; } if (mysql_num_rows($result2) == 0 || isset($_POST['confirm'])) { if ($row = mysql_fetch_array(mysql_query($query))) { $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "templates` WHERE `template_name` = '" . $toDelete . "'"; mysql_query($query); $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "pages` SET `page_template` = '" . $row1[0] . "' WHERE `page_template` = '" . $toDelete . "'"; mysql_query($query) or displayerror(mysql_error()); $templateDir = $sourceFolder . "/templates/" . $toDelete . "/"; if (file_exists($templateDir)) { delDir($templateDir); } displayinfo("Template " . safe_html($_POST['Template']) . " uninstalled!"); return ""; } else { displayerror("Template uninstallation failed!"); return ""; } } $pageList = ""; while ($row = mysql_fetch_assoc($result2)) { $pageList .= "/home" . getPagePath($row['page_id']) . "<br>"; } $templatename = safe_html($_POST['Template']); $ret = <<<RET <fieldset> <legend>{$ICONS['Templates Management']['small']}Template Management</legend> Some of the page with {$templatename} template are:<br> {$pageList} <div class='cms-error'>The templates of these pages will be reset to default template if you proceed deleting the template.</div> <form method=POST action='./+admin&subaction=template&subsubaction=uninstall'> <input type=hidden value='{$templatename}' name='Template' /> <input type=submit value='Delete template' name='btn_uninstall' /> <input type=hidden value='confirm' name='confirm' /> </form> </fieldset> RET; return $ret; } } /* this finalize and cancel subsubactions are vulnerabilities, any one can vary $_POST['path'] and make cms to delete itself. so template installation is also merged with module and widget installation, but some extra features specific to template installation(ie ignoring missing template variables and changing template name) are missing in that installation, these will remain commented for reference till those features are implemented the other way else if(isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'finalize') { $issues = ""; $ret = reportIssues(escape($_POST['path']),$issues); if($ret[0] == 1) { displayerror("Your template is still not compatible with Pragyan CMS. Please fix the reported issues during installation."); delDir(escape($_POST['del'])); unlink(escape($_POST['file'])); return ""; } $templates=getAvailableTemplates(); $flag=false; foreach ($templates as $template) if($template==$_POST['template']) { $flag=true; break; } if($_POST['template']=="common" || $flag || file_exists($sourceFolder . "/templates/" . escape($_POST['template']) . "/")) { displayerror("Template Installation failed : A folder by the template name already exists."); $templatePath=safe_html($_POST['del']); $str=safe_html($_POST['file']); $ret=<<<RET <form method=POST action='./+admin&subaction=canceltemplate'> Please click the following button to start a fresh installation : <input type=hidden name='path' value='{$templatePath}'> <input type=hidden name='file' value='{$str}'> <input type=submit value="Fresh Installation"> </form> RET; return $ret; } rename(escape($_POST['path']), $sourceFolder . "/templates/" . escape($_POST['template']) . "/"); delDir(escape($_POST['del'])); unlink(escape($_POST['file'])); mysql_query("INSERT INTO `" . MYSQL_DATABASE_PREFIX . "templates` VALUES('" . escape($_POST['template']) . "')"); displayinfo("Template installation complete"); return ""; } else if(isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'cancel') { delDir(escape($_POST['path'])); unlink(escape($_POST['file'])); return ""; }*/ }
function handleModuleManagement() { global $sourceFolder; if (isset($_POST['btn_install'])) { $uploadId = processUploaded("Module"); if ($uploadId != -1) { return installModule($uploadId, "Module"); } } else { if (isset($_POST['btn_uninstall'])) { if (!isset($_POST['Module']) || $_POST['Module'] == "") { return ""; } if ($_POST['Module'] == 'article') { displayerror("Article module can't be deleted for the home page itself is a article"); return ""; } $toDelete = escape($_POST['Module']); $query = "SELECT `page_id` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_module` = '{$toDelete}' LIMIT 10"; $result = mysql_query($query) or displayerror(mysql_error()); if (mysql_num_rows($result) == 0 || isset($_POST['confirm'])) { if (deleteModule($toDelete)) { displayinfo("Module " . safe_html($_POST['Module']) . " uninstalled!"); return ""; } else { displayerror("Module uninstallation failed!"); return ""; } } if (isset($_POST['confirm'])) { $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_module` = '" . $toDelete . "'"; mysql_query($query) or displayerror(mysql_error()); } $pageList = ""; while ($row = mysql_fetch_assoc($result)) { $pageList .= "/home" . getPagePath($row['page_id']) . "<br>"; } $modulename = safe_html($_POST['Module']); $ret = <<<RET <fieldset> <legend>{$ICONS['Modules Management']['small']}Module Management</legend> Some of the page of type {$modulename} are:<br> {$pageList} <div class='cms-error'>These pages will be removed and cant be recovered, If you proceed deleting the module.</div> <form method=POST action='./+admin&subaction=module&subsubaction=uninstall'> <input type=hidden value='{$modulename}' name='Module' /> <input type=submit value='Delete module' name='btn_uninstall' /> <input type=hidden value='confirm' name='confirm' /> </form> </fieldset> RET; return $ret; } else { if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'finalize') { return finalizeInstallation(escape($_POST['id']), "Module"); } else { if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'cancel') { $uploadId = escape($_POST['id']); $result = mysql_fetch_assoc(mysql_query("SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "tempuploads` WHERE `id` = '{$uploadId}'")); if ($result != NULL) { $zipFile = $result['filePath']; $temp = explode(";", $result['info']); $extractedPath = $temp[0]; $moduleActualPath = $temp[1]; $moduleName = $temp[2]; } delDir($extractedPath); unlink($zipFile); mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "tempuploads` WHERE `id` = '{$uploadId}'") or displayerror(mysql_error()); return ""; } } } } }
/** * Handles the global widget administration interface. * @param $pageId Id of the current page * @return HTML code of the widget admin page */ function handleWidgetAdmin($pageId) { global $ICONS, $urlRequestRoot, $cmsFolder, $moduleFolder, $sourceFolder, $widgetFolder; $html = ""; if (isset($_GET['subsubaction'])) { if ($_GET['subsubaction'] == "installwidget") { require_once "{$sourceFolder}/module.lib.php"; $uploadId = processUploaded("Widget"); if ($uploadId != -1) { $ret = installModule($uploadId, "Widget"); if ($ret != "") { return $ret; } } } } if (isset($_GET["deletewidget"])) { $widgetId = escape($_GET['deletewidget']); if (is_numeric($widgetId)) { $widget = mysql_fetch_assoc(mysql_query("SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "widgetsinfo` WHERE `widget_id` = '{$widgetId}'")); $error = false; $deletelist = array("widgets", "widgetsinfo", "widgetsconfiginfo", "widgetsconfig", "widgetsdata"); $rowCount = 0; foreach ($deletelist as $deleteitem) { $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . $deleteitem . "` WHERE `widget_id` = '{$widgetId}'"; mysql_query($query) or die($query . "<br><br>" . mysql_error()); $ans = mysql_fetch_row(mysql_query("SELECT COUNT(*) FROM `" . MYSQL_DATABASE_PREFIX . $deleteitem . "` WHERE `widget_id` = '{$widgetId}'")); $rowCount += $ans[0]; } if (is_dir("{$sourceFolder}/{$widgetFolder}/{$widget['widget_foldername']}")) { if (!delDir("{$sourceFolder}/{$widgetFolder}/{$widget['widget_foldername']}")) { $error = true; } } if ($rowCount != 0 || $error) { displayerror("There was some error in deleting widget {$widget['widget_name']}"); } else { displayinfo("{$widget['widget_name']} successfully deleted."); } } } if (isset($_GET['widgetid'])) { $widgetid = escape($_GET['widgetid']); $query = "SELECT `widget_name` AS 'name', `widget_classname` AS 'classname', `widget_foldername` AS 'foldername' FROM `" . MYSQL_DATABASE_PREFIX . "widgetsinfo` WHERE `widget_id`='{$widgetid}'"; $res = mysql_query($query); if (mysql_num_rows($res) == 0) { displayerror("Required widget is not registered with Pragyan CMS properly."); return false; } $row = mysql_fetch_array($res); global $widgetFolder; $classname = $row['classname']; require_once "{$widgetFolder}/{$row['foldername']}/widget.class.php"; ///Initializing as global instance. $widget = new $classname($widgetid, -1, $pageId); if (!$widget instanceof widgetFramework) { displayerror("The widget {$row['name']} doesn't extends widgetFramework class"); return false; } if (!$widget->validInstall()) { if (!$widget->installWidget()) { displayerror("{$row['name']} widget is not installed properly."); return false; } $widget->loadWidget(); } /// POST variables are processed inside this function if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == "globalconf") { updateWidgetConf($widgetid, -1, TRUE); } $widgetinfo = getWidgetInfo($widgetid); $widgetglobalconfigs = getWidgetGlobalConfigInfo($widgetid); $containsFileUploadFields = false; $formElements = getConfigFormAsArray($widgetglobalconfigs, $containsFileUploadFields, -1, TRUE); $jsPath = "{$urlRequestRoot}/{$cmsFolder}/templates/common/scripts/formValidator.js"; //validation.js $calpath = "{$urlRequestRoot}/{$cmsFolder}/{$moduleFolder}/form/calendar"; $jsPathMooTools = "{$urlRequestRoot}/{$cmsFolder}/templates/common/scripts/mootools-1.11-allCompressed.js"; $html = '<link rel="stylesheet" type="text/css" media="all" href="' . $calpath . '/calendar.css" title="Aqua" />' . '<script type="text/javascript" src="' . $calpath . '/calendar.js"></script>'; $html .= '<div class="registrationform"><form class="fValidator-form" name="widgetglobalsettings" action="./+admin&subaction=widgets&subsubaction=globalconf&widgetid=' . $widgetid . '" method="post"'; if ($containsFileUploadFields) { $html .= ' enctype="multipart/form-data"'; } $html .= '>'; $html .= "<table width=100%><tr><th colspan=2>Widget : {$widgetinfo['name']}</th></tr>"; $html .= "<tr><td>Description : </td><td> {$widgetinfo['description']}</td></tr>"; //Uncomment when support for retrieving instances is there /*$html.="<tr><td>Instances : </td><td>"; $instances=getWidgetInstances($widgetid); if(count($instances)>0) $html.="<ol>"; else $html.="None"; foreach($instances as $instance) { $html.="<li><a href='$urlRequestRoot/{$instance['url']}/+settings&subaction=widgets'>". "{$instance['name']} [{instance['url']}]</li>"; } if(count($instances)>0) $html.="</ol>"; $html.="</td></tr>"; */ $html .= "<tr>" . join($formElements, "</tr>\n<tr>") . "</tr>"; $html .= "</table><input name='update_global_settings' type='submit' value='Update'/>" . "<input type='reset' value='Reset'/>"; $html .= "</form><br/>"; } $widgetsarr = getAllWidgetsInfo(); $html .= "<fieldset><legend>{$ICONS['Widgets']['small']}Available Widgets</legend>"; $html .= "<table width=100%><tr><th colspan=4>Available Widgets<br/><i>Mouse over for description and Click for configuration</i></th></tr>\n\t<tr><th>Name</th><th>Version</th><th>Author</th><th>Actions</th></tr>"; foreach ($widgetsarr as $widget) { $html .= "<tr><td><a title='" . $widget['description'] . "' href='./+admin&subaction=widgets&widgetid=" . $widget['id'] . "'>" . $widget['name'] . "</a></td><td>{$widget['version']}</td><td>{$widget['author']}</td><td><a href='./+admin&subaction=widgets&widgetid={$widget['id']}'>{$ICONS['Edit']['small']}</a><a href='./+admin&subaction=widgets&deletewidget={$widget['id']}'>{$ICONS['Delete']['small']}</a></td></tr>"; } $html .= <<<HTML <tr><td>Install new widget:</td><td colspan=3> <form method='POST' action='./+admin&subaction=widgets&subsubaction=installwidget' enctype="multipart/form-data"> <input type='file' name='file' id='file'><input type='submit' name='btn_install' value='Upload'> </form> </td></tr></table></fieldset> HTML; return $html; }