function con_edit_save_content($idsidelang, $container, $number, $idtype, $typenumber, $value) { global $db, $auth, $cms_db, $lang, $cfg_client, $cfg_client; $author = $auth->auth['uid']; // strip trailingslashes if they occur in internal links $value = preg_replace('#cms://(idcatside|idcat)=(\\d+)/#U', 'cms://\\1=\\2', $value); set_magic_quotes_gpc($value); // Eintrag in die 'con_content'-Tabelle $sql = "SELECT value FROM {$cms_db['content']} WHERE idsidelang='{$idsidelang}' AND container='{$container}' AND number='{$number}' AND idtype='{$idtype}' AND typenumber='{$typenumber}'"; $db->query($sql); // Steht schon Content in der Datenbank? if ($db->next_record()) { // hat sich was geändert? if (addslashes($db->f('value')) != $value) { // interne Bildpfade relativ machen $in = array("!href=(\\\\)?[\"\\']" . $cfg_client['htmlpath'] . "([^\"\\'\\\\]*)(\\\\)?[\"\\']!i", "!src=(\\\\)?[\"\\']" . $cfg_client['htmlpath'] . "([^\"\\'\\\\]*)(\\\\)?[\"\\']!i"); $out = array("href=\\1\"\\2\\3\"", "src=\\1\"\\2\\3\""); $value = preg_replace($in, $out, $value); // wurde überhaupt was eingegeben? if ($value != '') { $sql = "UPDATE {$cms_db['content']} SET value='{$value}', author='{$author}', lastmodified='" . time() . "' WHERE idsidelang='{$idsidelang}' AND container='{$container}' AND number='{$number}' AND idtype='{$idtype}' AND typenumber='{$typenumber}'"; $db->query($sql); $change = 'true'; } else { $sql = "DELETE FROM " . $cms_db['content'] . " WHERE idsidelang='{$idsidelang}' AND container='{$container}' AND number='{$number}' AND idtype='{$idtype}' AND typenumber='{$typenumber}'"; $db->query($sql); $change = 'true'; } } } else { if ($value != '') { // neuer Eintrag? $sql = "INSERT INTO {$cms_db['content']} (idsidelang, container, number, idtype, typenumber, value, author, created, lastmodified) VALUES('{$idsidelang}', '{$container}', '{$number}', '{$idtype}', '{$typenumber}', '{$value}', '{$author}', '" . time() . "', '" . time() . "')"; $db->query($sql); $change = 'true'; } } if ($change) { // Änderungsdatum aktualisieren $sql = "UPDATE {$cms_db['side_lang']} SET lastmodified='" . time() . "', author='{$author}' WHERE idsidelang='{$idsidelang}'"; $db->query($sql); // Seitenkopien suchen $sql = "SELECT idcatside FROM {$cms_db['side_lang']} A LEFT JOIN {$cms_db['cat_side']} B USING(idside) WHERE A.idsidelang='{$idsidelang}'"; $db->query($sql); while ($db->next_record()) { $list[] = $db->f('idcatside'); } // Status der Seite auf geändert stellen change_code_status($list, '1', 'idcatside'); unset($change); } }
function con_config_side_save($idcat, $idside, $idtpl, $idtplconf, $idsidelang, $idcatside, $idcatnew, $author, $title, $meta_keywords, $summary, $online, $user_protected, $view, $created, $lastmodified, $startdate, $starttime, $enddate, $endtime, $meta_author, $meta_description, $meta_robots, $meta_redirect_time, $meta_redirect, $meta_redirect_url, $rewrite_use_automatic, $rewrite_url, $idlay, $use_redirect = true) { global $db, $client, $sess, $perm, $lang, $cms_db, $cfg_client, $cms_lang, $val_ct; global $idcatside, $idside; if (!(is_numeric($idtpl) || is_int($idtpl))) { return; } if (!(is_numeric($idtplconf) || is_int($idtplconf))) { return; } if (empty($title)) { $title = $cms_lang['con_defaulttitle']; } $rewrite_use_automatic = $rewrite_use_automatic > 0 ? 1 : 0; rewriteGenerateMapping(); if ($rewrite_use_automatic) { $rewrite_url = rewriteGenerateUrlString($title); $rewrite_url = rewriteMakeUniqueStringForLang('idcatside', $idcatside, $rewrite_url); } else { $rewrite_url = rewriteGenerateUrlString($rewrite_url, true); } // idcatside für rechte $idcatside_for_rights = $idcatside; $idcat_for_rights = $idcat; if (!is_array($idcatnew)) { $idcatnew['0'] = $idcat; } $start = createDate($startdate, $starttime); $end = createDate($enddate, $endtime); $meta_redirect = $meta_redirect == '1' ? '1' : '0'; $meta_redirect_url = $meta_redirect_url == 'http://' || $meta_redirect_url == '' ? '' : $meta_redirect_url; set_magic_quotes_gpc($title); set_magic_quotes_gpc($summary); set_magic_quotes_gpc($meta_author); set_magic_quotes_gpc($meta_description); set_magic_quotes_gpc($meta_keywords); set_magic_quotes_gpc($meta_robots); set_magic_quotes_gpc($meta_redirect_url); if (empty($idside)) { //echo "new page";exit; // Seite erstellen $sql = "INSERT INTO {$cms_db['side']} (idclient) VALUES ('{$client}')"; $db->query($sql); // neue idside suchen $idside = mysql_insert_id(); // Seite in alle Ordner einfügen foreach ($idcatnew as $value) { //sortindex suchen $sql = "SELECT MAX(sortindex) AS sortindex FROM " . $cms_db['cat_side'] . " WHERE idcat='{$value}'"; $db->query($sql); if ($db->next_record()) { $sortindex = $db->f('sortindex') + 1; } else { $sortindex = 1; } $sql = "SELECT * FROM {$cms_db['cat_side']} WHERE idcat='{$value}' AND is_start='1'"; $db->query($sql); $is_start = $db->next_record() ? '0' : '1'; $sql = "INSERT INTO {$cms_db['cat_side']} (idcat, idside, sortindex, is_start) VALUES ('{$value}', '{$idside}', '{$sortindex}', '{$is_start}')"; $db->query($sql); } // idcatside suchen $sql = "SELECT idcatside FROM {$cms_db['cat_side']} WHERE idside='{$idside}'"; $idcatside = array(); getIdList($sql, $idcatside, '', 'idcatside'); // für jede Sprache erstellen $a_languages = get_languages_by_client($client); foreach ($a_languages as $tmp_lang) { if ($tmp_lang == $lang) { $side_online = $online; $side_start = $start; $side_end = $end; } else { $side_online = 0; $side_start = time(); $side_end = time(); } //TODO Problems to update template in multilang pages $catobject =& sf_factoryGetObject('PAGE', 'Cat'); $catobject->loadByIdcatIdlang($idcatnew['0'], $tmp_lang); $cat_is_protected = $catobject->getIsProtected(); if ($cat_is_protected) { $side_online = $side_online | 0x4; } if ($tmp_lang == $lang) { $tmp_meta_description = $meta_description; $tmp_meta_keywords = $meta_keywords; $tmp_meta_robots = $meta_robots; } else { $cfg_lang = $val_ct->get_by_group('cfg_lang', $client, $tmp_lang); $tmp_meta_description = htmlentities($cfg_lang['meta_description'], ENT_COMPAT, 'UTF-8'); $tmp_meta_keywords = htmlentities($cfg_lang['meta_keywords'], ENT_COMPAT, 'UTF-8'); $tmp_meta_robots = htmlentities($cfg_lang['meta_robots'], ENT_COMPAT, 'UTF-8'); } $sql = 'INSERT INTO ' . $cms_db['side_lang']; $sql .= ' (idside, idlang, title, meta_keywords, summary, created, lastmodified, author, meta_redirect, meta_redirect_url,'; $sql .= ' user_protected, online, start, end, meta_author, meta_description, meta_robots, meta_redirect_time, rewrite_use_automatic, rewrite_url) '; $sql .= 'VALUES ('; $sql .= " '{$idside}', '{$tmp_lang}', '{$title}', '{$tmp_meta_keywords}', '{$summary}', '{$created}', '{$lastmodified}', '{$author}', "; $sql .= " '{$meta_redirect}', '{$meta_redirect_url}', '{$user_protected}', '{$side_online}', '{$side_start}', '{$side_end}', "; $sql .= " '{$meta_author}', '{$tmp_meta_description}', '{$tmp_meta_robots}', '{$meta_redirect_time}', '{$rewrite_use_automatic}', '{$rewrite_url}')"; $db->query($sql); } // idsidelang für die Templateerstellung raussuchen $sql = "SELECT idsidelang FROM " . $cms_db['side_lang'] . " WHERE idside='{$idside}'"; $tmp_idsidelang = array(); $affectedrows = getIdList($sql, $tmp_idsidelang, '', 'idsidelang'); //print_r($tmp_idsidelang);exit; // Template erstellen if ($affectedrows) { foreach ($tmp_idsidelang as $value) { con_config_tpl_save($idtpl, $idlay, '', $value, $idtplconf); } //exit; } // Seite für Frontend erzeugen if ($cfg_client['publish'] == '1') { foreach ($a_languages as $tmp_lang) { $sql = 'INSERT INTO ' . $cms_db['code'] . "(idlang, idcatside, changed) VALUES ('{$tmp_lang}', '" . $idcatside['0'] . "', '1')"; $db->query($sql); } } // Event fire_event('con_side_new', array('idside' => $idside, 'name' => $title)); // Content aus Cache löschen sf_factoryCallMethod('UTILS', 'DbCache', null, null, 'flushByGroup', array('frontend', 'content')); // Danach ins Frontend? // ermittle redirect-url if ($view) { $url_location = $sess->url($cfg_client['htmlpath'] . $cfg_client['contentfile'] . '?lang=' . $lang . '&idcatside=' . $idcatside['0'] . '&view=' . $view); } else { $url_location = $sess->url("main.php?area=con_editframe&idcatside=" . $idcatside['0']); } $idcatside = $idcatside['0']; } else { // handle $online-Angabe // 0 -> offline setzen // 1 -> online setzen // 2 -> zeitsteuerung setzen switch ((int) $online) { case 0: $change_online = 'online & 0xFC'; break; case 1: $change_online = '((online & 0xFC) | 0x01)'; break; case 2: $change_online = '((online & 0xFC) | 0x02)'; break; default: $change_online = '0'; break; } // update der 'side_lang' Tabelle $sql = 'UPDATE ' . $cms_db['side_lang'] . ' '; $sql .= 'SET'; $sql .= " title='{$title}', meta_keywords='{$meta_keywords}', summary='{$summary}', meta_redirect='{$meta_redirect}', "; $sql .= " meta_redirect_url='{$meta_redirect_url}', user_protected = '{$user_protected}', online = {$change_online}, start='{$start}', "; $sql .= " end='{$end}', meta_author='{$meta_author}', meta_description='{$meta_description}', meta_robots='{$meta_robots}', "; $sql .= " meta_redirect_time = '{$meta_redirect_time}', rewrite_use_automatic = '{$rewrite_use_automatic}', rewrite_url = '{$rewrite_url}' "; $sql .= 'WHERE idsidelang = ' . $idsidelang; $db->query($sql); // in welchem Ordner existiert die Seite? $sql = 'SELECT idcat FROM ' . $cms_db['cat_side'] . ' WHERE idside = ' . $idside; $tmp_idcat = array(); getIdList($sql, $tmp_idcat, 'idcat'); if (is_array($tmp_idcat)) { // Seite in neue Ordner einfügen foreach ($idcatnew as $value) { if (!in_array($value, $tmp_idcat)) { $sql = 'SELECT * FROM ' . $cms_db['cat_side'] . ' WHERE idcat = ' . $value . ' AND is_start = 1'; $db->query($sql); $is_start = $db->next_record() ? '0' : '1'; //sortindex suchen $sql = "SELECT MAX(sortindex) AS sortindex FROM " . $cms_db['cat_side'] . " WHERE idcat='{$value}'"; $db->query($sql); if ($db->next_record()) { $sortindex = $db->f('sortindex') + 1; } else { $sortindex = 1; } if ($value == $idcatnew['0'] && !in_array($idcat, $idcatnew)) { $sql = 'UPDATE ' . $cms_db['cat_side'] . ' '; $sql .= 'SET'; $sql .= ' idcat = ' . $value . ','; $sql .= ' sortindex = ' . $sortindex . ','; $sql .= ' is_start = ' . $is_start . ' '; $sql .= 'WHERE idcat = ' . $idcat; $sql .= ' AND idside = ' . $idside; $db->query($sql); if (in_array($idcat, $idcatnew)) { unset($tmp_idcat[$idcat]); } //alte kategorie neu sortieren if (!function_exists('con_reindex_page_sort')) { include_once 'inc/fnc.con.php'; } con_reindex_page_sort($idcat); } else { //sortindex suchen $sql = "SELECT MAX(sortindex) AS sortindex FROM " . $cms_db['cat_side'] . " WHERE idcat='{$value}'"; $db->query($sql); if ($db->next_record()) { $sortindex = $db->f('sortindex') + 1; } else { $sortindex = 1; } $sql = 'INSERT INTO ' . $cms_db['cat_side'] . ' '; $sql .= ' (idcat , idside , is_start, sortindex) '; $sql .= 'VALUES'; $sql .= " ({$value}, {$idside}, {$is_start}, {$sortindex}) "; $db->query($sql); } } } // Seite aus nicht benutzen Ordnern löschen // jb_todo: rechte löschen?? foreach ($tmp_idcat as $value) { if (!in_array($value, $idcatnew)) { // suche alle idcatsides, die nicht mehr existieren $sql = 'SELECT idcatside FROM ' . $cms_db['cat_side'] . " WHERE idcat='{$value}' AND idside='{$idside}'"; $db->query($sql); $db->next_record(); // lösche alte 'code' Einträge $sql = 'DELETE FROM ' . $cms_db['code'] . " WHERE idcatside='" . $db->f('idcatside') . "'"; $db->query($sql); // lösche alte 'cat_side' Einträge $sql = 'DELETE FROM ' . $cms_db['cat_side'] . " WHERE idside='{$idside}' AND idcat='{$value}'"; $db->query($sql); // falls kein Startartikel mehr vorhanden neuen setzen $sql = 'SELECT * FROM ' . $cms_db['cat_side'] . " WHERE idcat='{$value}' AND is_start='1'"; $db->query($sql); if (!$db->affected_rows()) { $sql = 'UPDATE ' . $cms_db['cat_side'] . " SET is_start = '1' WHERE idcat='{$value}' ORDER BY sortindex LIMIT 1"; $db->query($sql); } //sortindex neu sortieren if (!function_exists('con_reindex_page_sort')) { include_once 'inc/fnc.con.php'; } con_reindex_page_sort($value); // jb_todo: // lösche alte 'tpl_conf' Einträge // muß noch eingetragen werden //Event fire_event('get_unused_idcatside_by_save_side', array('idside' => $idside, 'idcat' => $value, 'idcatside' => $db->f('idcatside'))); } } } // Template konfigurieren $have_perm_save_configdata = $perm->have_perm(27, 'side', $idcatside_for_rights, $idcat_for_rights); // if ($idtplconf == '0' && $idtpl != '0') { // $sql = 'SELECT idsidelang FROM ' . $cms_db['side_lang'] . " WHERE idside = $idside"; // $tmp_idsidelang = array(); // $affected_rows = getIdList($sql, $tmp_idsidelang, '', 'idsidelang'); // //print_r($tmp_idsidelang);exit; // // // Template erstellen // if ($affected_rows) { // foreach ($tmp_idsidelang as $value) { // con_config_tpl_save($idtpl, $idlay, '', $value, $idtplconf, $have_perm_save_configdata); // } // } // } // else { con_config_tpl_save($idtpl, $idlay, '', $idsidelang, $idtplconf, $have_perm_save_configdata); // } // Rechte setzen if ($perm->have_perm(22, 'side', $idcatside_for_rights, $idcat_for_rights)) { global $backend_cms_gruppenids, $backend_cms_gruppenrechte, $backend_cms_gruppenrechtegeerbt, $backend_cms_gruppenrechteueberschreiben; $perm->set_group_rights('side', $idcatside_for_rights, $backend_cms_gruppenids, $backend_cms_gruppenrechte, $backend_cms_gruppenrechtegeerbt, $backend_cms_gruppenrechteueberschreiben, '', 0x7ffd0000, $idcat_for_rights, 0x7ffd0000); } if ($perm->have_perm(14, 'cat', $idcat_for_rights)) { global $frontend_cms_gruppenids, $frontend_cms_gruppenrechte, $frontend_cms_gruppenrechtegeerbt, $frontend_cms_gruppenrechteueberschreiben; $perm->set_group_rights('frontendpage', $idcatside_for_rights, $frontend_cms_gruppenids, $frontend_cms_gruppenrechte, $frontend_cms_gruppenrechtegeerbt, $frontend_cms_gruppenrechteueberschreiben, '', 68719476735.0, $idcat_for_rights, 4294967295.0); } // Codestatus ändern change_code_status($idcatside_for_rights, 1, 'idcatside'); // Event fire_event('con_side_edit', array('idside' => $idside, 'name' => $title)); // Content aus Cache löschen sf_factoryCallMethod('UTILS', 'DbCache', null, null, 'flushByGroup', array('frontend', 'content')); // ermittle redirect-url if ($view) { $url_location = $sess->url($cfg_client['htmlpath'] . $cfg_client['contentfile'] . '?lang=' . $lang . '&idcatside=' . $idcatside . '&view=' . $view); } else { $url_location = $sess->url('main.php?area=con'); } } // Cache-Group Frontend löschen sf_factoryCallMethod('UTILS', 'DbCache', null, null, 'flushByGroup', array('frontend')); if ($use_redirect) { redirect_page($url_location); } }
function auth_validatelogin() { global $challengefail, $challenge, $doublelogin, $username, $password, $cms_db, $sess; $sf_user =& sf_factoryGetObject('ADMINISTRATION', 'User'); $sf_user->setUpdateLastmodifiedMeta(false); $sf_user->loadByUsernamePassword($username, $password, true); unset($sf_user); if (isset($username)) { $this->auth['uname'] = trim($username); } elseif ($this->nobody) { $uid = $this->auth['uname'] = $this->auth['uid'] = 'nobody'; return $uid; } if (isset($challenge)) { if (!$sess->challenge_me($challenge)) { $challengefail = true; // Event fire_event('login_challenge_fail', array('username' => $username, 'password' => $password, 'challenge' => $challenge)); return false; } } // User aus der Datenbank suchen set_magic_quotes_gpc($username); $this->db->query("\n SELECT DISTINCT salutation,\n\t\t\t\t\tstreet,\n\t\t\t\t\tstreet_alt,\n\t\t\t\t\tzip,\n\t\t\t\t\tlocation,\n\t\t\t\t\tstate,\n\t\t\t\t\tcountry,\n\t\t\t\t\tphone,\n\t\t\t\t\tfax,\n\t\t\t\t\tmobile,\n\t\t\t\t\tpager,\n\t\t\t\t\thomepage,\n\t\t\t\t\tbirthday,\n\t\t\t\t\tfirm,\n\t\t\t\t\tposition,\n\t\t\t\t\tfirm_street,\n\t\t\t\t\tfirm_street_alt,\n\t\t\t\t\tfirm_zip,\n\t\t\t\t\tfirm_location,\n\t\t\t\t\tfirm_state,\n\t\t\t\t\tfirm_country,\n\t\t\t\t\tfirm_email,\n\t\t\t\t\tfirm_phone,\n\t\t\t\t\tfirm_fax,\n\t\t\t\t\tfirm_mobile,\n\t\t\t\t\tfirm_pager,\n\t\t\t\t\tfirm_homepage,\n\t\t\t\t\tcomment, A.user_id, password, A.name, surname, email, C.name AS groupname, C.description \n\t\t\t\t\tFROM \n\t\t\t\t\t\t" . $cms_db['users'] . " A \n\t\t\t\t\t\tLEFT JOIN " . $cms_db['users_groups'] . " B USING(user_id) \n\t\t\t\t\t\tLEFT JOIN " . $cms_db['groups'] . " C USING(idgroup) \n\t\t\t\t\t\tLEFT JOIN " . $cms_db['perms'] . " D USING(idgroup) \n\t\t\t\t\tWHERE \n\t\t\t\t\t\tA.username='******' \n\t\t\t\t\t\tAND A.password='******' \n\t\t\t\t\t\tAND A.is_active='1' \n\t\t\t\t\t\tAND C.is_active='1' \n\t\t\t\t\t\tAND ((D.type='cms_access' AND D.id = 'area_backend' AND D.perm = 1) OR C.is_sys_admin='1') LIMIT 0, 1\n\t\t\t\t"); if ($this->db->next_record()) { // Use Single Login if ($this->force_single_login) { if (!$sess->single_id($this->db->f('user_id'))) { $doublelogin = true; // Event fire_event('login_single_fail', array('username' => $username, 'password' => $password)); return false; } } // Event fire_event('login_success', array('uid' => $this->db->f('user_id'))); $this->auth['name'] = $this->db->f('name'); $this->auth['surname'] = $this->db->f('surname'); $this->auth['group_name'] = $this->db->f('groupname'); $this->auth['group_desc'] = $this->db->f('description'); $this->auth['email'] = $this->db->f('email'); $this->auth['salutation'] = $this->db->f('salutation'); $this->auth['street'] = $this->db->f('street'); $this->auth['street_alt'] = $this->db->f('street_alt'); $this->auth['zip'] = $this->db->f('zip'); $this->auth['location'] = $this->db->f('location'); $this->auth['state'] = $this->db->f('state'); $this->auth['country'] = $this->db->f('country'); $this->auth['phone'] = $this->db->f('phone'); $this->auth['fax'] = $this->db->f('fax'); $this->auth['mobile'] = $this->db->f('mobile'); $this->auth['pager'] = $this->db->f('pager'); $this->auth['homepage'] = $this->db->f('homepage'); $this->auth['birthday'] = $this->db->f('birthday'); $this->auth['firm'] = $this->db->f('firm'); $this->auth['position'] = $this->db->f('position'); $this->auth['firm_street'] = $this->db->f('firm_street'); $this->auth['firm_street_alt'] = $this->db->f('firm_street_alt'); $this->auth['firm_zip'] = $this->db->f('firm_zip'); $this->auth['firm_location'] = $this->db->f('firm_location'); $this->auth['firm_state'] = $this->db->f('firm_state'); $this->auth['firm_country'] = $this->db->f('firm_country'); $this->auth['firm_email'] = $this->db->f('firm_email'); $this->auth['firm_phone'] = $this->db->f('firm_phone'); $this->auth['firm_fax'] = $this->db->f('firm_fax'); $this->auth['firm_mobile'] = $this->db->f('firm_mobile'); $this->auth['firm_pager'] = $this->db->f('firm_pager'); $this->auth['firm_homepage'] = $this->db->f('firm_homepage'); $this->auth['comment'] = $this->db->f('comment'); // Use Single Login if ($this->force_single_login) { $sess->single_me($this->db->f('user_id')); } return $this->db->f('user_id'); } // Event fire_event('login_fail', array('username' => $username, 'password' => $password)); return false; }
/** * Einen Datensatz über die ID updaten. * Um eine gültige Eingabe zu haben, muss der Wert * id angegeben werden. * * @access private * @args $mixed['id'] * ['value'] */ function _update_by_id($mixed) { global $cms_db, $db; //build query set_magic_quotes_gpc($mixed['value']); //$mixed['value'] = make_string_dump ($mixed['value']); $sql_value = " value ='" . $mixed['value'] . "' "; $sql = "UPDATE \t\t" . $cms_db['values'] . "\n\t\t\t\tSET\t\t\t{$sql_value}\n\t\t\t\tWHERE\t\tidvalues = " . $mixed['id']; //die($sql); $db->query($sql); }
function make_array_to_urlstring($in) { if (!is_array($in)) { return; } ksort($in); $tmp[] = ''; // $tmp[] = 0; $in = array_diff($in, $tmp); foreach ($in as $key => $value) { if (is_array($value)) { // leere Arrayelemente löschen und in String wandeln $value = array_diff($value, $tmp); if (is_array($value)) { $value = implode(',', $value); } } set_magic_quotes_gpc($value); $value = urlencode($value); $out .= $key . '=' . $value . '&'; } $out = preg_replace('/&$/', '', $out); return $out; }
function mod_save($idmod_in, $name, $verbose, $description, $modversion, $modcat, $input, $output, $idclient, $repid = '', $sql_install = '', $sql_uninstall = '', $sql_update = '', $mod_rebuild_sql = false, $source_id = '0', $mod_no_wedding = false, $stripe = false, $mod_config_takeover = false) { global $db, $auth, $cms_db, $cfg_cms, $cms_lang, $cfg_client, $rep, $perm; global $idmod; //make global for header redirect $idmod = $idmod_in; // Eintrag in 'mod' Tabelle if (empty($name) || $name == '') { $name = $cms_lang['mod_defaultname']; } if (empty($modversion) || $modversion == '') { $modversion = '1.0'; } if ($stripe == 1) { $name = make_string_dump($name); $verbose = make_string_dump($verbose); $description = make_string_dump($description); $modversion = make_string_dump($modversion); $modcat = make_string_dump($modcat); $input = make_string_dump($input); $output = make_string_dump($output); } elseif ($stripe != 2) { set_magic_quotes_gpc($name); set_magic_quotes_gpc($verbose); set_magic_quotes_gpc($description); set_magic_quotes_gpc($modversion); set_magic_quotes_gpc($modcat); set_magic_quotes_gpc($input); set_magic_quotes_gpc($output); } $checked = ($err_i = $rep->mod_test(cms_stripslashes($input), $idmod)) || ($err_0 = $rep->mod_test(cms_stripslashes($output), $idmod)) ? '0' : '1'; $modverbose = $verbose == '-1' ? $name : $verbose; $mod_sql_uninstall = $sql_uninstall; $mod_sql_install = $sql_install; $sql_install = mysql_escape_string($rep->decode_sql($sql_install)); $sql_uninstall = mysql_escape_string($rep->decode_sql($sql_uninstall)); $sql_update = mysql_escape_string($rep->decode_sql($sql_update)); if ($mod_no_wedding == true) { $source_id = 0; $repositoryid = $rep->gen_new_mod($name); $update_source = ", source_id='0'"; } elseif ($source_id) { $repositoryid = $rep->gen_new_mod($name, true); } elseif ($repid == '') { $repositoryid = $rep->gen_new_mod($name); if ($errno = $rep->error(true)) { return $errno; } } else { $repositoryid = $rep->gen_new_mod($name, true); } if ($errno = $rep->error(true)) { return $errno; } elseif (empty($input) && empty($output)) { return '0424'; } if (!$idmod) { // Modul existiert noch nicht $sql = "INSERT INTO\r\n\t\t\t\t" . $cms_db['mod'] . "\r\n\t\t\t\t(name, description, version, cat, input, output, idclient, author, created, lastmodified,\r\n\t\t\t\trepository_id, install_sql, uninstall_sql, update_sql, source_id, verbose, checked)\r\n\t\t\t\tVALUES\r\n\t\t\t\t('{$name}', '{$description}', '{$modversion}', '{$modcat}', '{$input}', '{$output}', '{$idclient}',\r\n\t\t\t\t'" . $auth->auth['uid'] . "', '" . time() . "', '" . time() . "', '{$repositoryid}', '{$sql_install}', '{$sql_uninstall}', '{$sql_update}', '{$source_id}', '{$modverbose}', '{$checked}')"; $affect = $db->query($sql); if (!$affect || $affect < 1) { return '0400'; } $idmod = $last_id = $db->insert_id(); if ($mod_config_takeover == true) { $modul = $rep->mod_data($source_id, $idclient); mod_save_config($idmod, make_string_dump($modul['config'])); } // Event fire_event('mod_new', array('idmod' => $idmod, 'name' => $name)); } else { // hat sich das Modul geändert? $sql = "SELECT output FROM " . $cms_db['mod'] . " WHERE idmod='{$idmod}'"; $db->query($sql); $db->next_record(); $output_old = $db->f('output'); set_magic_quotes_gpc($output_old); //don't change verbose name by sql update if ($verbose == '-2') { $sql_verbose_name = ''; } else { $sql_verbose_name = "verbose = '{$modverbose}',"; } if ($output != $output_old) { $sql = "UPDATE " . $cms_db['mod'] . "\r\n\t\t\t\t\tSET\r\n\t\t\t\t\tname='{$name}', description='{$description}', version = '{$modversion}', cat = '{$modcat}',\r\n\t\t\t\t\tinput='{$input}', output='{$output}', author='" . $auth->auth['uid'] . "', lastmodified='" . time() . "',\r\n\t\t\t\t\tinstall_sql ='{$sql_install}', uninstall_sql ='{$sql_uninstall}', update_sql ='{$sql_update}' {$update_source}, repository_id = '{$repositoryid}', {$sql_verbose_name} checked = '{$checked}'\r\n\t\t\t\t\tWHERE\r\n\t\t\t\t\tidmod='{$idmod}'"; $db->query($sql); $change = 'true'; } else { $sql = "UPDATE " . $cms_db['mod'] . "\r\n\t\t\t\t\tSET\r\n\t\t\t\t\tname='{$name}', description='{$description}', version = '{$modversion}', cat = '{$modcat}', input='{$input}',\r\n\t\t\t\t\tauthor='" . $auth->auth['uid'] . "', lastmodified='" . time() . "', install_sql='{$sql_install}',\r\n\t\t\t\t\tuninstall_sql='{$sql_uninstall}', update_sql='{$sql_update}' {$update_source}, repository_id = '{$repositoryid}', {$sql_verbose_name} checked = '{$checked}'\r\n\t\t\t\t\tWHERE\r\n\t\t\t\t\tidmod='{$idmod}'"; $db->query($sql); } // Event fire_event('mod_edit', array('idmod' => $idmod, 'name' => $name)); } if ($idclient > 0 && $mod_sql_install != '' && $mod_rebuild_sql == true) { if ($mod_sql_uninstall != '') { $error = $rep->bulk_sql($mod_sql_uninstall); } if (!$error) { $error = $rep->bulk_sql($mod_sql_install); } if (!$error) { $sql = "UPDATE " . $cms_db['mod'] . " SET is_install='1', lastmodified='" . time() . "' WHERE idmod='{$idmod}'"; $db->query($sql); } // Event fire_event('mod_install_sql', array('idmod' => $idmod, 'name' => $name)); } if ($change) { // Status der 'code' Tabelle ändern $list = get_idtplconf_by_using_type($idmod, 'mod'); $list = get_idcode_by_idtplconf($list); change_code_status($list, '1'); unset($list); } // Rechte setzen if ($perm->have_perm('6', 'mod', $idmod)) { global $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben; $perm->set_group_rights('mod', $idmod, $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben, '', 0xafd); } return !$error ? '0412' : $error; }
function plug_save($idplug, $name, $description, $plugversion, $plugcat, $idclient, $repid = '', $sql_install = '', $sql_uninstall = '', $sql_update = '', $root_name = 'hold_old_data', $index_file = 'hold_old_data') { global $db, $auth, $cms_db, $cfg_cms, $cms_lang, $cfg_client, $rep, $perm; //ATTENTION!!! make idplug global / necessary for apply header global $idplug; // Eintrag in 'plug' Tabelle if ($name == '') { $name = $cms_lang['plug_defaultname']; } set_magic_quotes_gpc($name); set_magic_quotes_gpc($description); set_magic_quotes_gpc($plugversion); set_magic_quotes_gpc($plugcat); set_magic_quotes_gpc($root_name); set_magic_quotes_gpc($index_file); remove_magic_quotes_gpc($sql_install); remove_magic_quotes_gpc($sql_uninstall); remove_magic_quotes_gpc($sql_update); $root_name = str_replace('plugins/', '', $root_name); if ($root_name == 'name_des_verzeichnisses') { $root_name = strtolower($name); } $repositoryid = $repid == '' ? $rep->gen_new_plug($name) : $repid; if (!$idplug) { // plugin existiert noch nicht // todo:formcheck name, version usw. $root_name = $root_name == 'hold_old_data' ? '' : $root_name; $index_file = $index_file == 'hold_old_data' ? '' : $index_file; $sql = "INSERT INTO\n\t\t\t " . $cms_db['plug'] . "\n\t\t\t (name, description, version, cat, author, created, lastmodified, repository_id, root_name, index_file,\n\t\t\t idclient)\n\t\t\t VALUES\n\t\t\t ('{$name}', '{$description}', '{$plugversion}', '{$plugcat}', '" . $auth->auth['uid'] . "', '" . time() . "', '\n\t\t\t " . time() . "', '{$repositoryid}', '{$root_name}', '{$index_file}', '{$idclient}')"; $db->query($sql); $idplug = $last_id = $db->insert_id(); if ($rep->_plug_init($idplug)) { $return = '1612'; } else { $return = true !== (plug_new($root_name, $index_file) && $rep->_plug_init($idplug)) ? '1613' : '1612'; } // Event fire_event('plug_new', array('idplug' => $idplug, 'name' => $name)); } else { $rep->plug_execute($idplug, 'this', 'update', 'install', $rep->decode_sql($sql_install)); $rep->plug_execute($idplug, 'this', 'update', 'uninstall', $rep->decode_sql($sql_uninstall)); $rep->plug_execute($idplug, 'this', 'update', 'update', $rep->decode_sql($sql_update)); $root_name = $root_name == 'hold_old_data' ? 'root_name' : "'{$root_name}'"; $index_file = $index_file == 'hold_old_data' ? 'index_file' : "'{$index_file}'"; $sql = "UPDATE\n\t\t\t " . $cms_db['plug'] . "\n\t\t\t SET\n\t\t\t name='{$name}', description='{$description}', version = '{$plugversion}', cat = '{$plugcat}', author='\n\t\t\t " . $auth->auth['uid'] . "', lastmodified='" . time() . "', root_name={$root_name}, repository_id = '{$repositoryid}',\n\t\t\t index_file={$index_file} WHERE idplug={$idplug} OR source_id={$idplug}"; $db->query($sql); //todo:checken in wie weit die rechte der installierten Plugins betroffen sind! // Rechte setzen if ($perm->have_perm('6', 'plug', $idplug)) { global $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben; $perm->set_group_rights('plug', $idplug, $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben, '', 0x38afd); } // Event fire_event('plug_edit', array('idplug' => $idplug, 'name' => $name)); $return = '1612'; } return $return; }
function clients_rename_client($idclient, $name, $desc) { global $db, $auth, $cms_db, $perm; set_magic_quotes_gpc($name); set_magic_quotes_gpc($desc); $sql = "UPDATE \n\t\t\t\t" . $cms_db['clients'] . "\n\t\t\tSET \n\t\t\t\tname='{$name}', \n\t\t\t\tdescription='{$desc}', \n\t\t\t\tauthor='" . $auth->auth['uid'] . "', \n\t\t\t\tlastmodified='" . time() . "' \n\t\t\tWHERE \n\t\t\t\tidclient='{$idclient}'"; $db->query($sql); //Rechte setzen if ($perm->have_perm(6, 'clients', $idclient)) { global $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben; $perm->set_group_rights('clients', $idclient, $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben); } }
function lay_edit_layout($idlay, $name, $description, $code, $doctype, $doctype_autoinsert, $idclient) { global $db, $client, $auth, $cms_db, $cfg_cms, $css, $js, $cms_lang, $cfg_client, $perm; // Eintrag in 'lay' Tabelle if ($name == '') { $name = $cms_lang['lay_defaultname']; } set_magic_quotes_gpc($name); set_magic_quotes_gpc($description); set_magic_quotes_gpc($code); // Layout existiert noch nicht - neu erzeugen if (!$idlay) { $sql = "INSERT INTO\n\t\t\t\t\t" . $cms_db['lay'] . "\n\t\t\t\t\t(name, description, deletable, code, doctype, doctype_autoinsert, idclient, author, created, lastmodified)\n\t\t\t\tVALUES\n\t\t\t\t\t('{$name}', '{$description}', '1', '{$code}', '{$doctype}', '{$doctype_autoinsert}', \n\t\t\t\t\t\t'{$idclient}', '" . $auth->auth['uid'] . "', '" . time() . "', '" . time() . "')"; $db->query($sql); // neue Layout-ID suchen $sql = "SELECT MAX(idlay) AS idlay FROM " . $cms_db['lay']; $db->query($sql); $db->next_record(); $idlay = $db->f('idlay'); // Event neues Layout fire_event('lay_new', array('idlay' => $idlay, 'name' => $name)); // Layout existiert - updaten } else { // hat sich das Layout geändert? $sql = "SELECT code FROM " . $cms_db['lay'] . " WHERE idlay='{$idlay}'"; $db->query($sql); $db->next_record(); $code_old = $db->f('code'); set_magic_quotes_gpc($code_old); $sql = "UPDATE " . $cms_db['lay'] . "\n\t\t\t\tSET\n\t\t\t\t\tname='{$name}', \n\t\t\t\t\tdescription='{$description}', \n\t\t\t\t\tcode='{$code}',\n\t\t\t\t\tdoctype='{$doctype}',\n\t\t\t\t\tdoctype_autoinsert='{$doctype_autoinsert}',\n\t\t\t\t\tauthor='" . $auth->auth['uid'] . "', lastmodified='" . time() . "'\n\t\t\t\tWHERE\n\t\t\t\t\tidlay='{$idlay}'"; $db->query($sql); $change = 'true'; //rechte setzen if ($perm->have_perm('6', 'lay', $idlay)) { global $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben; $perm->set_group_rights('lay', $idlay, $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben, '', 0xf5); } // Event fire_event('lay_edit', array('idlay' => $idlay, 'name' => $name)); } // welche CSS-Dateien werden benutzt? $sql = "SELECT B.idupl FROM {$cms_db['lay_upl']} A LEFT JOIN {$cms_db['upl']} B USING(idupl) LEFT JOIN {$cms_db['filetype']} C ON B.idfiletype=C.idfiletype WHERE idlay='{$idlay}' AND C.filetype='css'"; $db->query($sql); while ($db->next_record()) { $tmp_files['css'][] = $db->f('idupl'); } if (!is_array($tmp_files['css'])) { $tmp_files['css']['0'] = '0'; } if (!is_array($css)) { $css['0'] = '0'; } // benutzte CSS-Dateien in lay_upl schreiben foreach ($css as $value) { if (!in_array($value, $tmp_files['css'])) { if ($value != '0') { $sql = "INSERT INTO {$cms_db['lay_upl']} (idlay, idupl) VALUES ('{$idlay}', '{$value}')"; $db->query($sql); $change = 'true'; } } } // unbenutze CSS-Dateien aus lay_upl löschen foreach ($tmp_files['css'] as $value) { if (!in_array($value, $css)) { $sql = "DELETE FROM {$cms_db['lay_upl']} WHERE idupl='{$value}' AND idlay='{$idlay}'"; $db->query($sql); $change = 'true'; } } // welche JS-Dateien werden benutzt? $sql = "SELECT B.idupl FROM {$cms_db['lay_upl']} A LEFT JOIN {$cms_db['upl']} B USING(idupl) LEFT JOIN {$cms_db['filetype']} C ON B.idfiletype=C.idfiletype WHERE idlay='{$idlay}' AND C.filetype='js'"; $db->query($sql); while ($db->next_record()) { $tmp_files['js'][] = $db->f('idupl'); } if (!is_array($tmp_files['js'])) { $tmp_files['js']['0'] = '0'; } if (!is_array($js)) { $js['0'] = '0'; } // benutzte JS-Dateien in lay_upl schreiben foreach ($js as $value) { if (!in_array($value, $tmp_files['js'])) { if ($value != '0') { $sql = "INSERT INTO {$cms_db['lay_upl']} (idlay, idupl) VALUES ('{$idlay}', '{$value}')"; $db->query($sql); $change = 'true'; } } } // unbenutze JS-Dateien aus lay_upl löschen foreach ($tmp_files['js'] as $value) { if (!in_array($value, $js)) { $sql = "DELETE FROM {$cms_db['lay_upl']} WHERE idupl='{$value}' AND idlay='{$idlay}'"; $db->query($sql); $change = 'true'; } } if ($change) { // Status der 'code' Tabelle ändern $list = get_idtplconf_by_using_type($idlay, 'lay'); $list = get_idcode_by_idtplconf($list); change_code_status($list, '1'); unset($list); } return $idlay; }
function lang_rename_language($idlang, $name, $desc, $charset, $rewrite_key, $rewrite_mapping) { global $db, $auth, $cms_db, $perm; set_magic_quotes_gpc($name); set_magic_quotes_gpc($desc); set_magic_quotes_gpc($rewrite_key); set_magic_quotes_gpc($rewrite_mapping); $iso_3166_code = strlen($_REQUEST['iso_3166']) > 8 ? '' : $_REQUEST['iso_3166']; $sql = "UPDATE\n\t\t\t\t" . $cms_db['lang'] . "\n\t\t\tSET\n\t\t\t\tname='{$name}',\n\t\t\t\tdescription='{$desc}',\n\t\t\t\tcharset='{$charset}',\n\t\t\t\tiso_3166_code='{$iso_3166_code}',\n\t\t\t\trewrite_key='{$rewrite_key}',\n\t\t\t\trewrite_mapping='{$rewrite_mapping}',\n\t\t\t\tauthor='" . $auth->auth['uid'] . "',\n\t\t\t\tlastmodified='" . time() . "'\n\t\t\tWHERE\n\t\t\t\tidlang='{$idlang}'"; $db->query($sql); //Rechte setzen if ($perm->have_perm(22, 'clientlangs', $idlang)) { global $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben; $perm->set_group_rights('clientlangs', $idlang, $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben); } }
function user_save() { global $auth, $db, $cms_db, $username, $password, $password_validate, $name, $surname, $email, $group, $iduser, $idgroup, $order, $ascdesc, $oldusername, $comment; global $salutation, $street, $street_alt, $zip, $location, $state, $country, $phone, $fax, $mobile, $pager, $homepage, $birthday, $firm, $position, $firm_street, $firm_street_alt, $firm_zip, $firm_location, $firm_state, $firm_country, $firm_email, $firm_phone, $firm_fax, $firm_mobile, $firm_pager, $firm_homepage, $title; global $iduser; //User Objekt anlegen $sf_user = sf_factoryGetObject('ADMINISTRATION', 'User'); // Passwort vergleich $password = trim($password); $password_validate = trim($password_validate); $username = trim($username); if ((!empty($password) || empty($password) && empty($iduser)) && ($password != $password_validate || strlen($password) < 3)) { return 'incorrect'; } // keine Passwort if (empty($iduser) && empty($password)) { return 'incorrect'; } // Kein Loginname if (empty($username)) { return 'nologinname'; } // Username auf Existenz pr�fen if (is_int($sf_user->usernameExists($username))) { return 'existusername'; } if (!is_array($group)) { $group['0'] = $idgroup; } // Wenn Sysadmin gew�hlt wurde, alle anderen kicken if (in_array('2', $group)) { unset($group); $group['0'] = '2'; } set_magic_quotes_gpc($username); set_magic_quotes_gpc($name); set_magic_quotes_gpc($surname); set_magic_quotes_gpc($email); set_magic_quotes_gpc($password); set_magic_quotes_gpc($salutation); set_magic_quotes_gpc($title); set_magic_quotes_gpc($street); set_magic_quotes_gpc($street_alt); set_magic_quotes_gpc($zip); set_magic_quotes_gpc($location); set_magic_quotes_gpc($state); set_magic_quotes_gpc($country); set_magic_quotes_gpc($phone); set_magic_quotes_gpc($fax); set_magic_quotes_gpc($mobile); set_magic_quotes_gpc($pager); set_magic_quotes_gpc($homepage); set_magic_quotes_gpc($birthday); set_magic_quotes_gpc($firm); set_magic_quotes_gpc($position); set_magic_quotes_gpc($firm_street); set_magic_quotes_gpc($firm_street_alt); set_magic_quotes_gpc($firm_zip); set_magic_quotes_gpc($firm_location); set_magic_quotes_gpc($firm_state); set_magic_quotes_gpc($firm_country); set_magic_quotes_gpc($firm_email); set_magic_quotes_gpc($firm_phone); set_magic_quotes_gpc($firm_fax); set_magic_quotes_gpc($firm_mobile); set_magic_quotes_gpc($firm_pager); set_magic_quotes_gpc($firm_homepage); set_magic_quotes_gpc($comment); // Besteht User bereits? if (!empty($iduser)) { $sf_user->loadByIduser($iduser); // sonst neuen Benutzer vorbereiten } else { $sf_user->setIsOnline(1); $sf_user->setIsDeletable(1); } // Variablen setzen $sf_user->setUsername($username); if (!empty($password)) { $sf_user->setPassword($password); } $sf_user->setTitle($title); $sf_user->setName($name); $sf_user->setSurname($surname); $sf_user->setEmail($email); $sf_user->setPosition($position); $sf_user->setSalutation($salutation); $sf_user->setStreet($street); $sf_user->setZip($zip); $sf_user->setLocation($location); $sf_user->setPhone($phone); $sf_user->setFax($fax); $sf_user->setComment($comment); $sf_user->setStreetAlt($street_alt); $sf_user->setState($state); $sf_user->setCountry($country); $sf_user->setMobile($mobile); $sf_user->setPager($pager); $sf_user->setHomepage($homepage); $sf_user->setBirthday($birthday); $sf_user->setFirm($firm); $sf_user->setFirmStreet($firm_street); $sf_user->setFirmStreetAlt($firm_street_alt); $sf_user->setFirmZip($firm_zip); $sf_user->setFirmLocation($firm_location); $sf_user->setFirmState($firm_state); $sf_user->setFirmCountry($firm_country); $sf_user->setFirmEmail($firm_email); $sf_user->setFirmPhone($firm_phone); $sf_user->setFirmFax($firm_fax); $sf_user->setFirmMobile($firm_mobile); $sf_user->setFirmPager($firm_pager); $sf_user->setFirmHomepage($firm_homepage); $sf_user->setIdgroups($group); //Anlegen oder Speichern $sf_user->save(); }
function con_create_site_meta_from_idcatside($idclient, $idlang_current, $idcatside_from, $name = '', $lang_postfix = true, $target_idcat = -1, $options = array()) { global $db, $cms_db, $cfg_cms; //cast $idclient = (int) $idclient; $idlang_current = (int) $idlang_current; $idcatside_from = (int) $idcatside_from; if ($idclient < 1 || $idlang_current < 1 || $idcatside_from < 1) { return false; } set_magic_quotes_gpc($name); //init $db2 = new DB_cms(); //get necessary values from source idcatside $sql = "SELECT * FROM " . $cms_db['cat_side'] . " WHERE idcatside='{$idcatside_from}'"; $db->query($sql); if ($db->next_record()) { $idcat_from = $db->f('idcat'); $idside_from = $db->f('idside'); $sortindex_from = $db->f('sortindex'); $is_start_from = $db->f('is_start'); } else { return false; } //copy to same idcat or to an other category $idcat_to = $target_idcat < 1 ? $idcat_from : $target_idcat; //create idside $sql = "INSERT INTO " . $cms_db['side'] . " (idclient) VALUES ('{$idclient}')"; $db->query($sql); $idside_to = mysql_insert_id(); //create idcatside $sql = "INSERT INTO \n\t\t\t\t" . $cms_db['cat_side'] . " (idcat, idside, is_start) \n\t\t\tVALUES\n\t\t\t\t('{$idcat_to}', '{$idside_to}', '0')"; $db->query($sql); $idcatside_to = mysql_insert_id(); //sortindex $db->query("SELECT MAX(sortindex) AS max FROM " . $cms_db['cat_side'] . " WHERE idcat='{$idcat_to}'"); $db->next_record(); $lastindex = (int) $db->f('max'); if ($lastindex < 1) { $lastindex = 1; } else { ++$lastindex; } $sql = "UPDATE " . $cms_db['cat_side'] . " SET sortindex='{$lastindex}' WHERE idcatside='{$idcatside_to}'"; $db->query($sql); //check and set startpage if ($options['set_startflag'] == 'from_source') { $sql = "UPDATE " . $cms_db['cat_side'] . " SET is_start='{$is_start_from}' WHERE idcatside='{$idcatside_to}'"; $db->query($sql); } else { $sql = "SELECT * FROM " . $cms_db['cat_side'] . " WHERE idcat='{$idcat_to}' AND is_start='1'"; $db->query($sql); if (!$db->affected_rows()) { $sql = "UPDATE " . $cms_db['cat_side'] . " SET is_start='1' WHERE idcat='{$idcat_to}' AND sortindex='1'"; $db->query($sql); } } //get lang infos include_once $cfg_cms['cms_path'] . "inc/fnc.clients.php"; $arr_langs = clients_get_langs($idclient, true); //insert metadata foreach lang $db3 = new DB_cms(); $sql = "SELECT * FROM " . $cms_db['side_lang'] . " WHERE idside='{$idside_from}'"; $db3->query($sql); while ($db3->next_record()) { $idlang = $db3->f('idlang'); if ($name == '') { $name = make_string_dump($db3->f('title')); } if ($lang_postfix && $idlang_current != $idlang) { $title = $name . ' (' . $arr_langs[$idlang]['name'] . ')'; } else { $title = $name; } $summary = make_string_dump($db3->f('summary')); $meta_author = make_string_dump($db3->f('meta_author')); $meta_description = make_string_dump($db3->f('meta_description')); $meta_keywords = make_string_dump($db3->f('meta_keywords')); $meta_robots = make_string_dump($db3->f('meta_robots')); $meta_redirect_url = make_string_dump($db3->f('meta_redirect_url')); $rewrite_url = make_string_dump($db3->f('rewrite_url')); //get the stat $online = (int) $db3->f('online') & 0xff; //handle online/ offline, protection options //online if ($options['set_online'] == 'yes') { $online = $online | 0x1; } else { if ($options['set_online'] == 'no') { $online = $online & 0xfe; } } //protected if ($options['set_protected'] == 'yes') { $online = $online | 0x4; } else { if ($options['set_protected'] == 'no') { $online = $online & 0xfb; } } //make rewrite url if (!function_exists('rewriteGenerateUrlString')) { include_once $cfg_cms['cms_path'] . 'inc/fnc.mod_rewrite.php'; } $rewrite_url = rewriteGenerateUrlString($title); $rewrite_url = rewriteMakeUniqueStringForLang('idcatside', $idcatside_to, $rewrite_url); //echo $online;exit; $sql2 = "INSERT INTO " . $cms_db['side_lang'] . " \n\t\t\t\t\t(idside, idlang, idtplconf, title, meta_keywords, summary, online, \n\t\t\t\t\t\tmeta_redirect, meta_redirect_url, author, \n\t\t\t\t\t\tcreated, lastmodified, user_protected, visited, edit_ttl, \n\t\t\t\t\t\tmeta_author, meta_description, meta_robots, meta_redirect_time,\n\t\t\t\t\t\trewrite_use_automatic, rewrite_url, start, end) \n\t\t\t\tVALUES ('" . $idside_to . "', '{$idlang}', '0', '{$title}', '{$meta_keywords}', '{$summary}', '{$online}',\n\t\t\t\t\t '" . $db3->f('meta_redirect') . "', '{$meta_redirect_url}', '" . $db3->f('author') . "', \r\n\t\t\t\t\t'" . time() . "', '" . time() . "', '" . $db3->f('user_protected') . "', '" . $db3->f('visited') . "', '" . $db3->f('edit_ttl') . "', \r\n\t\t\t\t\t'{$meta_author}', '{$meta_description}', '{$meta_robots}', '" . $db3->f('meta_redirect_time') . "',\r\n\t\t\t\t\t'1', '{$rewrite_url}', " . time() . ", " . time() . ")"; $db2->query($sql2); } return $idcatside_to; }
protected function _saveContent($idsidelang, $idcontainer, $idrepeat, $formtypenumber, $idmodtag, $content) { $author = $this->cfg->auth('uid'); $change = FALSE; $cms_db = $GLOBALS['cms_db']; //strip trailingslashes if they occur in internal links $content = preg_replace('#cms://(idcatside|idcat)=(\\d+)/#U', 'cms://\\1=\\2', $content); //make internal image pathes relative $in = array("!href=(\\\\)?[\"\\']" . $this->cfg->client('path_http') . $this->cfg->client('path_rel') . "([^\"\\'\\\\]*)(\\\\)?[\"\\']!i", "!src=(\\\\)?[\"\\']" . $this->cfg->client('path_http') . $this->cfg->client('path_rel') . "([^\"\\'\\\\]*)(\\\\)?[\"\\']!i", "!href=(\\\\)?[\"\\']" . $this->cfg->client('path_http_edit') . $this->cfg->client('path_rel') . "([^\"\\'\\\\]*)(\\\\)?[\"\\']!i", "!src=(\\\\)?[\"\\']" . $this->cfg->client('path_http_edit') . $this->cfg->client('path_rel') . "([^\"\\'\\\\]*)(\\\\)?[\"\\']!i"); $out = array("href=\\1\"\\2\\3\"", "src=\\1\"\\2\\3\"", "href=\\1\"\\2\\3\"", "src=\\1\"\\2\\3\""); $content = preg_replace($in, $out, $content); set_magic_quotes_gpc($content); $sql = "SELECT \r\n\t\t\t\t\tvalue \r\n\t\t\t\tFROM \r\n\t\t\t\t\t" . $this->dbnames['content'] . " \r\n\t\t\t\tWHERE \r\n\t\t\t\t\tidsidelang='{$idsidelang}' \r\n\t\t\t\t\tAND container='{$idcontainer}' \r\n\t\t\t\t\tAND number='{$idrepeat}' \r\n\t\t\t\t\tAND idtype='{$formtypenumber}' \r\n\t\t\t\t\tAND typenumber='{$idmodtag}'"; $this->db->query($sql); //Update if ($this->db->next_record()) { // hat sich was ge�ndert? if (addslashes($this->db->f('value')) != $content) { // wurde �berhaupt was eingegeben? if ($content != '') { $sql = "UPDATE\r\n\t\t\t\t\t\t\t\t" . $this->dbnames['content'] . " \r\n\t\t\t\t\t\t\tSET \r\n\t\t\t\t\t\t\t\tvalue='{$content}', \r\n\t\t\t\t\t\t\t\tauthor='{$author}', \r\n\t\t\t\t\t\t\t\tlastmodified='" . time() . "' \r\n\t\t\t\t\t\t\tWHERE \r\n\t\t\t\t\t\t\t\tidsidelang='{$idsidelang}' \r\n\t\t\t\t\t\t\t\tAND container='{$idcontainer}' \r\n\t\t\t\t\t\t\t\tAND number='{$idrepeat}' \r\n\t\t\t\t\t\t\t\tAND idtype='{$formtypenumber}' \r\n\t\t\t\t\t\t\t\tAND typenumber='{$idmodtag}'"; $this->db->query($sql); $change = TRUE; } else { $sql = "DELETE FROM \r\n\t\t\t\t\t\t\t\t" . $cms_db['content'] . " \r\n\t\t\t\t\t\t\tWHERE \r\n\t\t\t\t\t\t\t\tidsidelang='{$idsidelang}' \r\n\t\t\t\t\t\t\t\tAND container='{$idcontainer}' \r\n\t\t\t\t\t\t\t\tAND number='{$idrepeat}' \r\n\t\t\t\t\t\t\t\tAND idtype='{$formtypenumber}' \r\n\t\t\t\t\t\t\t\tAND typenumber='{$idmodtag}'"; $this->db->query($sql); $change = TRUE; } } } else { if ($content != '') { $sql = "INSERT INTO\r\n\t\t\t\t\t\t\t{$cms_db['content']} \r\n\t\t\t\t\t\t\t(idsidelang, container, number, idtype, typenumber, value, author, created, lastmodified) \r\n\t\t\t\t\t\tVALUES\r\n\t\t\t\t\t\t\t('{$idsidelang}', '{$idcontainer}', '{$idrepeat}', '{$formtypenumber}', '{$idmodtag}', '{$content}', '{$author}', '" . time() . "', '" . time() . "')"; $this->db->query($sql); $change = TRUE; } } if ($change) { $this->_updateSideLangAndCodestatus($idsidelang); } }
function user_save() { global $auth, $db, $cms_db, $username, $password, $password_validate, $name, $surname, $email, $group, $iduser, $idgroup, $order, $ascdesc, $oldusername, $comment; global $salutation, $street, $street_alt, $zip, $location, $state, $country, $phone, $fax, $mobile, $pager, $homepage, $birthday, $firm, $position, $firm_street, $firm_street_alt, $firm_zip, $firm_location, $firm_state, $firm_country, $firm_email, $firm_phone, $firm_fax, $firm_mobile, $firm_pager, $firm_homepage, $title; global $iduser; // Passwort vergleich $password = trim($password); $password_validate = trim($password_validate); $username = trim($username); if ((!empty($password) || empty($password) && empty($iduser)) && ($password != $password_validate || strlen($password) < 3)) { return 'incorrect'; } // keine Passwort if (empty($iduser) && empty($password)) { return 'incorrect'; } // Kein Loginname if (empty($username)) { return 'nologinname'; } // Username auf Existenz prüfen if ($username != $oldusername && !isset($_REQUEST['sf_apply'])) { $sql = "SELECT username FROM " . $cms_db['users'] . " WHERE username='******' LIMIT 0, 1"; $db->query($sql); if ($db->affected_rows() && $db->f('username') == $username) { return 'existusername'; } } if (!is_array($group)) { $group['0'] = $idgroup; } // Wenn Sysadmin gewählt wurde, alle anderen kicken if (in_array('2', $group)) { unset($group); $group['0'] = '2'; } $current_time = time(); set_magic_quotes_gpc($username); set_magic_quotes_gpc($name); set_magic_quotes_gpc($surname); set_magic_quotes_gpc($email); set_magic_quotes_gpc($password); set_magic_quotes_gpc($salutation); set_magic_quotes_gpc($title); set_magic_quotes_gpc($street); set_magic_quotes_gpc($street_alt); set_magic_quotes_gpc($zip); set_magic_quotes_gpc($location); set_magic_quotes_gpc($state); set_magic_quotes_gpc($country); set_magic_quotes_gpc($phone); set_magic_quotes_gpc($fax); set_magic_quotes_gpc($mobile); set_magic_quotes_gpc($pager); set_magic_quotes_gpc($homepage); set_magic_quotes_gpc($birthday); set_magic_quotes_gpc($firm); set_magic_quotes_gpc($position); set_magic_quotes_gpc($firm_street); set_magic_quotes_gpc($firm_street_alt); set_magic_quotes_gpc($firm_zip); set_magic_quotes_gpc($firm_location); set_magic_quotes_gpc($firm_state); set_magic_quotes_gpc($firm_country); set_magic_quotes_gpc($firm_email); set_magic_quotes_gpc($firm_phone); set_magic_quotes_gpc($firm_fax); set_magic_quotes_gpc($firm_mobile); set_magic_quotes_gpc($firm_pager); set_magic_quotes_gpc($firm_homepage); set_magic_quotes_gpc($comment); // Besteht User bereits? if (!empty($iduser)) { if ($iduser > 1) { $sql = "DELETE FROM " . $cms_db['users_groups'] . " WHERE user_id='{$iduser}'"; } $db->query($sql); $password_sql = !empty($password) ? ", password='******'\'' : ''; $sql = "UPDATE " . $cms_db['users'] . " SET\n\t\t\t\tusername='******',\n\t\t\t\tlastmodified='{$current_time}',\n\t\t\t\tlastmodified_author = '" . $auth->auth['uid'] . "',\n\t\t\t\tname='{$name}',\n\t\t\t\tsurname='{$surname}',\n\t\t\t\temail='{$email}',\n\t\t\t\tsalutation='{$salutation}',\n\t\t\t\ttitle='{$title}',\n\t\t\t\tstreet='{$street}',\n\t\t\t\tstreet_alt='{$street_alt}',\n\t\t\t\tzip='{$zip}',\n\t\t\t\tlocation='{$location}',\n\t\t\t\tstate='{$state}',\n\t\t\t\tcountry='{$country}',\n\t\t\t\tphone='{$phone}',\n\t\t\t\tfax='{$fax}',\n\t\t\t\tmobile='{$mobile}',\n\t\t\t\tpager='{$pager}',\n\t\t\t\thomepage='{$homepage}',\n\t\t\t\tbirthday='{$birthday}',\n\t\t\t\tfirm='{$firm}',\n\t\t\t\tposition='{$position}',\n\t\t\t\tfirm_street='{$firm_street}',\n\t\t\t\tfirm_street_alt='{$firm_street_alt}',\n\t\t\t\tfirm_zip='{$firm_zip}',\n\t\t\t\tfirm_location='{$firm_location}',\n\t\t\t\tfirm_state='{$firm_state}',\n\t\t\t\tfirm_country='{$firm_country}',\n\t\t\t\tfirm_email='{$firm_email}',\n\t\t\t\tfirm_phone='{$firm_phone}',\n\t\t\t\tfirm_fax='{$firm_fax}',\n\t\t\t\tfirm_mobile='{$firm_mobile}',\n\t\t\t\tfirm_pager='{$firm_pager}',\n\t\t\t\tfirm_homepage='{$firm_homepage}',\n\t\t\t\tcomment='{$comment}'{$password_sql}\n\t\t\tWHERE user_id ='{$iduser}'"; $db->query($sql); $sf_user =& sf_factoryGetObject('ADMINISTRATION', 'User'); $sf_user->loadByIduser($iduser); fire_event('user_update', $sf_user->data); unset($sf_user); } else { $sql = "INSERT INTO " . $cms_db['users'] . "\n\t\t\t\t(username, password, name, created, author, lastmodified, lastmodified_author, surname, email, is_active, is_deletable, salutation, title, street,\n\t\t\t\tstreet_alt, zip, location, state, country, phone, fax, mobile, pager, homepage, birthday,\n\t\t\t\tfirm, position, firm_street, firm_street_alt, firm_zip, firm_location, firm_state, firm_country,\n\t\t\t\tfirm_email, firm_phone, firm_fax, firm_mobile, firm_pager, firm_homepage, comment)\n \t\tVALUES\n \t ('{$username}', '" . md5($password) . "', '{$name}', '{$current_time}', '" . $auth->auth['uid'] . "', '{$current_time}', '" . $auth->auth['uid'] . "', '{$surname}', '{$email}','1', '1', '{$salutation}','{$title}',\n\t\t\t\t'{$street}', '{$street_alt}', '{$zip}', '{$location}', '{$state}', '{$country}', '{$phone}', '{$fax}',\n\t\t\t\t'{$mobile}', '{$pager}', '{$homepage}', '{$birthday}', '{$firm}', '{$position}', '{$firm_street}',\n\t\t\t\t'{$firm_street_alt}', '{$firm_zip}', '{$firm_location}', '{$firm_state}', '{$firm_country}',\n\t\t\t\t'{$firm_email}', '{$firm_phone}', '{$firm_fax}', '{$firm_mobile}', '{$firm_pager}', '{$firm_homepage}',\n\t\t\t\t'{$comment}')"; $db->query($sql); $sql = "SELECT user_id FROM " . $cms_db['users'] . " WHERE username='******'"; $db->query($sql); $db->next_record(); $iduser = $db->f('user_id'); $sf_user =& sf_factoryGetObject('ADMINISTRATION', 'User'); $sf_user->loadByIduser($iduser); fire_event('user_create', $sf_user->data); unset($sf_user); } if ($iduser > 1) { foreach ($group as $value) { $value = (int) $value; //hide group --kein-- if ($value < 2) { continue; } $sql = "INSERT INTO " . $cms_db['users_groups'] . " VALUES ('', '{$iduser}', '{$value}')"; $db->query($sql); } } }