function smarty_cms_prefilter_precompilefunc($tpl_output, &$smarty) { $result = explode(':', $smarty->_current_file); if (count($result) > 1) { if (startswith($result[0], 'tmp_')) { $result[0] = 'template'; } switch ($result[0]) { case 'stylesheet': Events::SendEvent('Core', 'StylesheetPreCompile', array('stylesheet' => &$tpl_output)); break; case "content": Events::SendEvent('Core', 'ContentPreCompile', array('content' => &$tpl_output)); break; case "template": Events::SendEvent('Core', 'TemplatePreCompile', array('template' => &$tpl_output)); break; case "globalcontent": Events::SendEvent('Core', 'GlobalContentPreCompile', array('global_content' => &$tpl_output)); break; default: break; } } Events::SendEvent('Core', 'SmartyPreCompile', array('content' => &$tpl_output)); return $tpl_output; }
function smarty_postfilter_postcompilefunc($tpl_output, &$template) { $smarty = $template->smarty; $result = explode(':', $smarty->_current_file); if (count($result) > 1) { switch ($result[0]) { case 'stylesheet': Events::SendEvent('Core', 'StylesheetPostCompile', array('stylesheet' => &$tpl_output)); break; case "content": Events::SendEvent('Core', 'ContentPostCompile', array('content' => &$tpl_output)); break; case "template": case 'tpl_top': case 'tpl_body': case 'tpl_head': Events::SendEvent('Core', 'TemplatePostCompile', array('template' => &$tpl_output, 'type' => $result[0])); break; case "globalcontent": Events::SendEvent('Core', 'GlobalContentPostCompile', array('global_content' => &$tpl_output)); break; default: break; } } Events::SendEvent('Core', 'SmartyPostCompile', array('content' => &$tpl_output)); return $tpl_output; }
function smarty_cms_prefilter_precompilefunc($tpl_output, &$smarty) { global $gCms; $result = explode(':', $smarty->_current_file); if (count($result) > 1) { if (startswith($result[0], 'tmp_')) { $result[0] = 'template'; } switch ($result[0]) { case "content": // foreach($gCms->modules as $key=>$value) // { // if ($gCms->modules[$key]['installed'] == true && // $gCms->modules[$key]['active'] == true) // { // $gCms->modules[$key]['object']->ContentPreCompile($tpl_output); // } // } Events::SendEvent('Core', 'ContentPreCompile', array('content' => &$tpl_output)); break; case "template": // foreach($gCms->modules as $key=>$value) // { // if ($gCms->modules[$key]['installed'] == true && // $gCms->modules[$key]['active'] == true) // { // $gCms->modules[$key]['object']->TemplatePreCompile($tpl_output); // } // } Events::SendEvent('Core', 'TemplatePreCompile', array('template' => &$tpl_output)); break; case "globalcontent": // foreach($gCms->modules as $key=>$value) // { // if ($gCms->modules[$key]['installed'] == true && // $gCms->modules[$key]['active'] == true) // { // $gCms->modules[$key]['object']->GlobalContentPreCompile($tpl_output); // } // } Events::SendEvent('Core', 'GlobalContentPreCompile', array('global_content' => &$tpl_output)); break; default: break; } } foreach ($gCms->modules as $key => $value) { if ($gCms->modules[$key]['installed'] == true && $gCms->modules[$key]['active'] == true) { $gCms->modules[$key]['object']->SmartyPreCompile($tpl_output); } } Events::SendEvent('Core', 'SmartyPreCompile', array('content' => &$tpl_output)); return $tpl_output; }
$validinfo = false; } } if ($validinfo) { $onetemplate = $templateops->LoadTemplateByID($template_id); $onetemplate->name = $template; $onetemplate->content = $content; $onetemplate->stylesheet = $stylesheet; $onetemplate->encoding = $encoding; $onetemplate->active = $active; Events::SendEvent('Core', 'EditTemplatePre', array('template' => &$onetemplate)); $result = $onetemplate->Save(); if ($result) { #Make sure the new name is used if this is an apply $orig_template = $template; Events::SendEvent('Core', 'EditTemplatePost', array('template' => &$onetemplate)); // put mention into the admin log audit($template_id, 'HTML-template: ' . $onetemplate->name, 'Edited'); if (!$apply) { switch ($from) { case 'content': redirect("listcontent.php" . $urlext); break; case 'cssassoc': redirect('templatecss.php' . $urlext . '&id=' . $cssid . '&type=template'); break; case 'module_TemplateManager': redirect('moduleinterface.php' . $urlext . '&module=TemplateManager'); break; default: redirect("listtemplates.php" . $urlext);
/** * fetch method * NOTE: Overwrites parent * * @param mixed $template * @param int $cache_id * @param mixed $parent * @param boolean $display * @param boolean $merge_tpl_vars * @param boolean $no_output_filter * @return mixed */ public function fetch($template = null, $cache_id = null, $compile_id = null, $parent = null, $display = false, $merge_tpl_vars = true, $no_output_filter = false) { $name = $template; if (startswith($name, 'string:')) { $name = 'string:'; } debug_buffer('', 'Fetch ' . $name . ' start'); if (is_null($cache_id) || $cache_id === '') { $cache_id = $this->_global_cache_id; } else { if ($cache_id[0] == '|') { $cache_id = $this->_global_cache_id . $cache_id; } } // send an event before fetching...this allows us to change template stuff. if (cmsms()->is_frontend_request()) { $parms = array('template' => &$template, 'cache_id' => &$cache_id, 'compile_id' => &$compile_id, 'display' => &$display, 'no_output_filter' => &$no_output_filter); Events::SendEvent('Core', 'TemplatePreFetch', $parms); } $merge_tpl_vars = false; // hack $tmp = parent::fetch($template, $cache_id, $compile_id, $parent, $display, $merge_tpl_vars, $no_output_filter); debug_buffer('', 'Fetch ' . $name . ' end'); return $tmp; }
foreach ($media_type as $onetype) { $types .= "{$onetype}, "; } if ($types != '') { $types = substr($types, 0, -2); #strip last space and comma } else { $types = ''; } $newstylesheet->media_type = $types; Events::SendEvent('Core', 'AddStylesheetPre', array('stylesheet' => &$newstylesheet)); $result = $newstylesheet->Save(); # we now have to check that everything went well if ($result) { #Sent the post event Events::SendEvent('Core', 'AddStylesheetPost', array('stylesheet' => &$newstylesheet)); # it's ok, we record the operation in the admin log audit($newstylesheet->id, 'Stylesheet: ' . $css_name, 'Added'); # and goes back to the css list redirect("listcss.php" . $urlext); return; } else { $error .= "<li>" . lang('errorinsertingcss') . "</li>"; } } } } include_once "header.php"; #****************************************************************************** # the user does not have access : error message #******************************************************************************
// Begin output // // postprocess if ($stripbackground) { #$css = preg_replace('/(\w*?background-color.*?\:\w*?).*?(;.*?)/', '', $css); $css = preg_replace('/(\\w*?background-color.*?\\:\\w*?).*?(;.*?)/', '\\1transparent\\2', $css); $css = preg_replace('/(\\w*?background-image.*?\\:\\w*?).*?(;.*?)/', '', $css); } if (!isset($CMS_INSTALL_PAGE) && !isset($CMS_ADMIN_PAGE)) { if (!class_exists('Events')) { $fn = cms_join_path($config['root_path'], 'lib', 'classes', 'class.events.inc.php'); include $fn; } $parms = array(); $parms['content'] =& $css; Events::SendEvent('Core', 'ContentStylesheet', $parms); } if (isset($config['output_compression']) && $config['output_compression'] && $config['debug'] != true) { @ob_start('ob_gzhandler'); } $max_age = (int) get_site_preference('css_max_age', 0); header("Content-Type: text/css; charset={$encoding}"); $datestr = gmdate('D, d M Y H:i:s', $hashmtime) . ' GMT'; header("Last-Modified: " . $datestr); if ($max_age > 0) { $datestr = gmdate('D, d M Y H:i:s', $hashmtime + $max_age) . ' GMT'; header("Expires: " . $datestr); header("Cache-Control: must-revalidate"); // no caching? //header("Cache-Control: max-age=$max_age, s-max-age=$max_age, must-revalidate"); }
//eval('function testfunction'.rand().'() {'.$code.'}'); $buffer = ob_get_clean(); //add error $error[] = preg_replace('/<br \\/>/', '', $buffer); $validinfo = false; } else { ob_end_clean(); } } if ($validinfo) { $new_usertag_id = $db->GenID(cms_db_prefix() . "userplugins_seq"); Events::SendEvent('Core', 'AddUserDefinedTagPre', array('id' => $new_usertag_id, 'name' => &$plugin_name, 'code' => &$code)); $query = "INSERT INTO " . cms_db_prefix() . "userplugins (userplugin_id, userplugin_name, code, create_date, modified_date) VALUES ({$new_usertag_id}, " . $db->qstr($plugin_name) . ", " . $db->qstr($code) . ", " . $db->DBTimeStamp(time()) . ", " . $db->DBTimeStamp(time()) . ")"; $result = $db->Execute($query); if ($result) { Events::SendEvent('Core', 'AddUserDefinedTagPost', array('id' => $new_usertag_id, 'name' => &$plugin_name, 'code' => &$code)); audit($new_usertag_id, $plugin_name, 'Added User Defined Tag'); redirect("listusertags.php" . $urlext . "&message=usertagadded"); return; } else { $error .= lang('errorinsertingtag'); } } } } include_once "header.php"; if (!$access) { echo '<div class=\\"pageerrorcontainer\\"><p class="pageerror">' . lang('noaccessto', array(lang('addusertag'))) . '</p></div>'; } else { if (FALSE == empty($error)) { echo $themeObject->ShowErrors($error);
/** * Delete the current content object from the database. * * @todo this function should return something, or throw an exception */ function Delete() { $gCms = cmsms(); global $debug_errors; $config = $gCms->GetConfig(); Events::SendEvent('Core', 'ContentDeletePre', array('content' => &$this)); $db = $gCms->GetDb(); $result = false; if (-1 > $this->mId) { if (true == $config["debug"]) { # :TODO: Translate the error message $debug_errors .= "<p>Could not delete content : invalid Id</p>\n"; } } else { $query = "DELETE FROM " . cms_db_prefix() . "content WHERE content_id = ?"; $dbresult = $db->Execute($query, array($this->mId)); if (!$dbresult) { if (true == $config["debug"]) { # :TODO: Translate the error message $debug_errors .= "<p>Error deleting content</p>\n"; } } // Fix the item_order if necessary $query = "UPDATE " . cms_db_prefix() . "content SET item_order = item_order - 1 WHERE parent_id = ? AND item_order > ?"; $result = $db->Execute($query, array($this->ParentId(), $this->ItemOrder())); $cachefilename = TMP_CACHE_LOCATION . '/contentcache.php'; @unlink($cachefilename); // DELETE properties $query = 'DELETE FROM ' . cms_db_prefix() . 'content_props WHERE content_id = ?'; $result = $db->Execute($query, array($this->mId)); $this->_props = null; // Delete additional editors. $query = 'DELETE FROM ' . cms_db_prefix() . 'additional_users WHERE content_id = ?'; $result = $db->Execute($query, array($this->mId)); $this->mAdditionalEditors = null; // Delete route if ($this->mURL != '') { cms_route_manager::del_static($this->mURL); } } Events::SendEvent('Core', 'ContentDeletePost', array('content' => &$this)); }
} catch (CmsEditContentException $e) { $error .= "<li>" . $e->getMessage() . "</li>"; $validinfo = false; } } if ($validinfo) { $newtemplate = new Template(); $newtemplate->name = $template; $newtemplate->content = $content; //$newtemplate->stylesheet = $stylesheet; $newtemplate->active = $active; $newtemplate->default = 0; Events::SendEvent('Core', 'AddTemplatePre', array('template' => &$newtemplate)); $result = $newtemplate->save(); if ($result) { Events::SendEvent('Core', 'AddTemplatePost', array('template' => &$newtemplate)); // put mention into the admin log audit($newtemplate->id, 'HTML-template: ' . $template, 'Added'); redirect($from); return; } else { $error .= "<li>" . lang('errorinsertingtemplate') . "{$query}</li>"; } } } } include_once "header.php"; if (!$access) { //echo "<div class=\"pageerrorcontainer\"><p class=\"pageerror\">".lang('noaccessto', array(lang('addtemplate')))."</p></div>"; $themeObject->ShowErrors(lang('noaccessto', lang('noaccessto', array(lang('addtemplate'))))); return;
/** * Trigger an event. * This function will call all registered event handlers for the event * * @final * @param string The name of the event * @param array The parameters associated with this event. * @return void */ public final function SendEvent($eventname, $params) { Events::SendEvent($this->GetName(), $eventname, $params); }
#Perform the adduser_pre callback foreach ($gCms->modules as $key => $value) { if ($gCms->modules[$key]['installed'] == true && $gCms->modules[$key]['active'] == true) { $gCms->modules[$key]['object']->AddUserPre($newuser); } } Events::SendEvent('Core', 'AddUserPre', array('user' => &$newuser)); $result = $newuser->save(); if ($result) { #Perform the adduser_post callback foreach ($gCms->modules as $key => $value) { if ($gCms->modules[$key]['installed'] == true && $gCms->modules[$key]['active'] == true) { $gCms->modules[$key]['object']->AddUserPost($newuser); } } Events::SendEvent('Core', 'AddUserPost', array('user' => &$newuser)); # set some default preferences, based on the user creating this user $adminid = get_userid(); $userid = $newuser->id; set_preference($userid, 'wysiwyg', get_preference($adminid, 'wysiwyg')); set_preference($userid, 'default_cms_language', get_preference($adminid, 'default_cms_language')); set_preference($userid, 'admintheme', get_site_preference('logintheme', 'default')); set_preference($userid, 'bookmarks', get_preference($adminid, 'bookmarks')); set_preference($userid, 'recent', get_preference($adminid, 'recent')); if ($assign_group_perm && isset($_POST['groups'])) { $iquery = "insert into " . cms_db_prefix() . "user_groups (user_id,group_id) VALUES (?,?)"; foreach ($group_list as $thisGroup) { if (isset($_POST['g' . $thisGroup->id]) && $_POST['g' . $thisGroup->id] == 1) { $result = $db->Execute($iquery, array($userid, $thisGroup->id)); } }
/** * A utility function to load the specified global content blocks and call the GlobalContentPrecompile method. * * @ignore * @access private * @param array Array containing the name of 1 global content block * @return void */ function global_content_regex_callback($matches) { $gCms = cmsms(); if (isset($matches[1])) { $gcbops =& $gCms->GetGlobalContentOperations(); $oneblob = $gcbops->LoadHtmlBlobByName($matches[1]); if ($oneblob) { $text = $oneblob->content; Events::SendEvent('Core', 'GlobalContentPreCompile', array('content' => &$text)); return $text; } else { return "<!-- Html blob '" . $matches[1] . "' does not exist -->"; } } else { return "<!-- Html blob has no name parameter -->"; } }
$result = $db->Execute($query, array($userplugin_id)); if ($result && $result->RecordCount()) { $row = $result->FetchRow(); $userplugin_name = $row['userplugin_name']; } Events::SendEvent('Core', 'DeleteUserDefinedTagPre', array('id' => $userplugin_id, 'name' => &$userplugin_name)); $query = 'SELECT event_id,handler_id,handler_order FROM ' . cms_db_prefix() . 'event_handlers WHERE tag_name = ?'; $handlers = $db->GetArray($query, array($userplugin_name)); if (is_array($handlers) && count($handlers) > 0) { $q1 = 'DELETE FROM ' . cms_db_prefix() . 'event_handlers WHERE handler_id = ?'; $q2 = 'UPDATE ' . cms_db_prefix() . 'event_handlers SET handler_order = (handler_order - 1) WHERE handler_order > ? AND event_id = ?'; foreach ($handlers as $tmp) { $hid = $tmp['handler_id']; $eid = $tmp['event_id']; $db->Execute($q1, array($hid)); $db->Execute($q2, array($tmp['handler_order'], $eid)); } } $query = "DELETE FROM " . cms_db_prefix() . "userplugins where userplugin_id = ?"; $result = $db->Execute($query, array($userplugin_id)); if ($result) { Events::SendEvent('Core', 'DeleteUserDefinedTagPost', array('id' => $userplugin_id, 'name' => &$userplugin_name)); // put mention into the admin log audit($userplugin_id, 'User Defined Tag: ' . $userplugin_name, 'Deleted'); } } } redirect('listusertags.php' . $urlext . '&message=usertagdeleted'); # vim:ts=4 sw=4 noet
$userid = get_userid(); $access = check_permission($userid, 'Remove Groups'); # you can't delete admin group (also admin group it's the first group) if (!$access) { // no access redirect("listgroups.php" . $urlext); } $result = false; $gCms = cmsms(); $groupops = $gCms->GetGroupOperations(); $userops = $gCms->GetUserOperations(); $groupobj = $groupops->LoadGroupByID($group_id); $group_name = $groupobj->name; # check to make sure we're not a member of this group if ($userops->UserInGroup($userid, $group_id)) { # can't delete a group we're a member of. redirect("listgroups.php" . $urlext); } // now do the work. Events::SendEvent('Core', 'DeleteGroupPre', array('group' => &$groupobj)); if ($groupobj) { $result = $groupobj->Delete(); } Events::SendEvent('Core', 'DeleteGroupPost', array('group' => &$groupobj)); if ($result == true) { // put mention into the admin log audit($group_id, 'Admin User Group: ' . $group_name, 'Deleted'); } } redirect("listgroups.php" . $urlext); # vim:ts=4 sw=4 noet
$CMS_ADMIN_PAGE = 1; require_once "../include.php"; require_once "../lib/classes/class.template.inc.php"; $urlext = '?' . CMS_SECURE_PARAM_NAME . '=' . $_SESSION[CMS_USER_KEY]; check_login(); $group_id = -1; if (isset($_GET["htmlblob_id"])) { $htmlblob_id = $_GET["htmlblob_id"]; $htmlblob_name = ""; $userid = get_userid(); $access = check_permission($userid, 'Remove Global Content Blocks'); if ($access) { $result = false; $gCms = cmsms(); $gcbops = $gCms->GetGlobalContentOperations(); $templateops = $gCms->GetTemplateOperations(); $blobobj = $gcbops->LoadHtmlBlobByID($htmlblob_id); $htmlblob_name = $blobobj->name; if ($blobobj) { Events::SendEvent('Core', 'DeleteGlobalContentPre', array('global_content' => &$blobobj)); $result = $blobobj->Delete(); } if ($result == true) { Events::SendEvent('Core', 'DeleteGlobalContentPost', array('global_content' => &$blobobj)); // put mention into the admin log audit($htmlblob_id, 'Global Content Block: ' . $htmlblob_name, 'Deleted'); } } } redirect("listhtmlblobs.php" . $urlext); # vim:ts=4 sw=4 noet
if ($access) { if (isset($_POST["editgroup"])) { $validinfo = true; if ($group == "") { $validinfo = false; $error .= "<li>" . lang('nofieldgiven', array(lang('groupname'))) . "</li>"; } if ($validinfo) { $groupobj = new Group(); $groupobj->id = $group_id; $groupobj->name = $group; $groupobj->active = $active; Events::SendEvent('Core', 'EditGroupPre', array('group' => &$groupobj)); $result = $groupobj->save(); if ($result) { Events::SendEvent('Core', 'EditGroupPost', array('group' => &$groupobj)); // put mention into the admin log audit($groupobj->id, 'Admin User Group: ' . $groupobj->name, 'Edited'); redirect("listgroups.php" . $urlext); return; } else { $error .= "<li>" . lang('errorupdatinggroup') . "</li>"; } } } else { if ($group_id != -1) { $query = "SELECT * from " . cms_db_prefix() . "groups WHERE group_id = ?"; $result = $db->Execute($query, array($group_id)); $row = $result->FetchRow(); $group = $row["group_name"]; $active = $row["active"];
$user_name = $oneuser->username; $ownercount = $userops->CountPageOwnershipByID($user_id); if ($ownercount > 0) { $dodelete = false; } if ($dodelete) { #Perform the deleteuser_pre callback foreach ($gCms->modules as $key => $value) { if ($gCms->modules[$key]['installed'] == true && $gCms->modules[$key]['active'] == true) { $gCms->modules[$key]['object']->DeleteUserPre($oneuser); } } Events::SendEvent('Core', 'DeleteUserPre', array('user' => &$oneuser)); $oneuser->Delete(); #Perform the deleteuser_post callback foreach ($gCms->modules as $key => $value) { if ($gCms->modules[$key]['installed'] == true && $gCms->modules[$key]['active'] == true) { $gCms->modules[$key]['object']->DeleteUserPost($oneuser); } } Events::SendEvent('Core', 'DeleteUserPost', array('user' => &$oneuser)); audit($user_id, $user_name, 'Deleted User'); } } } if ($dodelete == true) { redirect("listusers.php" . $urlext); } else { redirect("listusers.php" . $urlext . "&message=" . lang('erroruserinuse')); } # vim:ts=4 sw=4 noet
$tmp3[] = $k . '=' . $v; } $homepage = $tmp[0] . '?' . implode('&', $tmp3); // and redirect. $homepage = html_entity_decode($homepage); redirect($homepage); } } return; #redirect("index.php"); } else { if (isset($_POST['loginsubmit'])) { //No error if changing languages $error .= lang('usernameincorrect'); debug_buffer("Login failed. Error is: " . $error); Events::SendEvent('Core', 'LoginFailed', array('user' => $_POST['username'])); // put mention into the admin log $ip_login_failed = cms_utils::get_real_ip(); if ($ip_login_failed) { // <- Silently ignore audit if return values is not ture, had admin XSS vulne. audit('', '(IP: ' . $ip_login_failed . ') ' . "Admin Username: "******"loginsubmit"]); } } } // Language shizzle cms_admin_sendheaders();
$homepage .= '?' . CMS_SECURE_PARAM_NAME . '=' . $_SESSION[CMS_USER_KEY]; } $homepage = html_entity_decode($homepage); redirect($homepage); } } return; #redirect("index.php"); } else { if (isset($_POST['loginsubmit'])) { //No error if changing languages $error .= lang('usernameincorrect'); debug_buffer("Login failed. Error is: " . $error); audit($username, $username, 'User Login Failed'); #Now call the event Events::SendEvent('Core', 'LoginPost', $username); } else { debug_buffer($_POST["loginsubmit"]); } } } // Language shizzle //header("Content-Encoding: " . get_encoding()); header("Content-Language: " . $current_language); header("Content-Type: text/html; charset=" . get_encoding()); //CHANGED $theme = get_site_preference('logintheme', 'default'); //echo "theme:$theme"; debug_buffer('debug is:' . $error); if (file_exists(dirname(__FILE__) . "/themes/{$theme}/login.php")) { include dirname(__FILE__) . "/themes/{$theme}/login.php";
$onestylesheet->media_query = $media_query; Events::SendEvent('Core', 'EditStylesheetPre', array('stylesheet' => &$onestylesheet)); $result = $onestylesheet->Save(); // Update the css hash // deprecated: this was used by the stylesheet.php function which we no longer distribute // as of CMSMS 1.10. $config = $gCms->GetConfig(); $hashfile = cms_join_path($config['root_path'], 'tmp', 'cache', 'csshash.dat'); $md5sum = md5($css_text); $csshash = csscache_csvfile_to_hash($hashfile); $csshash[$css_id] = $md5sum; csscache_hash_to_csvfile($hashfile, $csshash); if ($result) { #Start using new name, just in case this is an apply $orig_css_name = $css_name; Events::SendEvent('Core', 'EditStylesheetPost', array('stylesheet' => &$onestylesheet)); // put mention into the admin log audit($css_id, 'Stylesheet: ' . $css_name, 'Changed'); # we now have to check which templates are associated with this CSS and update their modified date. $cssquery = "SELECT assoc_to_id FROM " . cms_db_prefix() . "css_assoc\n\t\t\t\t\tWHERE\tassoc_type\t\t= 'template'\n\t\t\t\t\tAND\t\tassoc_css_id\t= ?"; $cssresult = $db->Execute($cssquery, array($css_id)); # now updating templates while ($cssresult && ($line = $cssresult->FetchRow())) { $query = "UPDATE " . cms_db_prefix() . "templates SET modified_date = " . $db->DBTimeStamp(time()) . " \n\t\t\t\t\t\tWHERE template_id = '" . $line["assoc_to_id"] . "'"; $result = $db->Execute($query); if (FALSE == $result) { $error .= "<li>" . lang('errorupdatingtemplate') . "</li>"; } } if (!isset($_POST["apply"])) { if ($from == 'templatecssassoc') {
} // specified page not found, load the 404 error page. $contentobj = $contentops->LoadContentFromAlias('error404', true); if (is_object($contentobj)) { // we have a 404 error page. header("HTTP/1.0 404 Not Found"); header("Status: 404 Not Found"); } else { // no 404 error page. ErrorHandler404(); return; } } } // while trycount Events::SendEvent('Core', 'ContentPostRender', array('content' => &$html)); $ct = cmsms()->get_variable('content-type'); if (!$ct) { $ct = 'text/html'; } header("Content-Type: {$ct}; charset=" . get_encoding()); echo $html; @ob_flush(); $endtime = microtime(); $db =& cmsms()->GetDb(); if ($config['debug'] == TRUE || isset($config['show_performance_info']) && $showtemplate == true) { $memory = function_exists('memory_get_usage') ? memory_get_usage() : 0; $memory = $memory - $orig_memory; $memory_peak = function_exists('memory_get_peak_usage') ? memory_get_peak_usage() : 0; if (!is_sitedown() && $config["debug"] == true) { echo "<p>Generated in " . microtime_diff($starttime, $endtime) . " seconds by CMS Made Simple using " . (isset($db->query_count) ? $db->query_count : '') . " SQL queries and {$memory} bytes of memory (peak memory usage was {$memory_peak})</p>";
continue; } // Send the ChangeGroupAssignPre event Events::SendEvent('Core', 'ChangeGroupAssignPre', array('group' => $thisGroup, 'users' => $userops->LoadUsersInGroup($thisGroup->id))); $query = "DELETE FROM " . cms_db_prefix() . "user_groups WHERE group_id = ? AND user_id != ?"; $result = $db->Execute($query, array($thisGroup->id, $userid)); $iquery = "INSERT INTO " . cms_db_prefix() . "user_groups (group_id, user_id, create_date, modified_date) VALUES (?,?,?,?)"; foreach ($_POST as $key => $value) { if (strpos($key, "ug") == 0 && strpos($key, "ug") !== false) { $keyparts = explode('_', $key); if ($keyparts[2] == $thisGroup->id && $value == '1') { $result = $db->Execute($iquery, array($thisGroup->id, $keyparts[1], $db->DBTimeStamp(time()), $db->DBTimeStamp(time()))); } } } Events::SendEvent('Core', 'ChangeGroupAssignPost', array('group' => $thisGroup, 'users' => $userops->LoadUsersInGroup($thisGroup->id))); audit($group_id, 'Group ID', lang('assignmentchanged')); } audit($userid, 'Group ID', lang('assignmentchanged')); $message = lang('assignmentchanged'); } $query = "SELECT u.user_id, u.username, ug.group_id FROM " . cms_db_prefix() . "users u LEFT JOIN " . cms_db_prefix() . "user_groups ug ON u.user_id = ug.user_id ORDER BY u.username"; $result = $db->Execute($query); $user_struct = array(); while ($result && ($row = $result->FetchRow())) { if (isset($user_struct[$row['user_id']])) { $str =& $user_struct[$row['user_id']]; $str->group[$row['group_id']] = 1; } else { $thisUser = new stdClass(); $thisUser->group = array();
if (isset($_POST["additional_editors"])) { $the_blob->ClearAuthors(); foreach ($_POST["additional_editors"] as $addt_user_id) { $the_blob->AddAuthor($addt_user_id); } } Events::SendEvent('Core', 'EditGlobalContentPre', array('global_content' => &$the_blob)); $result = $the_blob->save(); if ($result) { // put mention into the admin log audit($the_blob->id, 'Global Content Block: ' . $the_blob->name, 'Edited'); #Clear cache $smarty = cmsms()->GetSmarty(); $smarty->clear_all_cache(); $smarty->clear_compiled_tpl(); Events::SendEvent('Core', 'EditGlobalContentPost', array('global_content' => &$the_blob)); if (!isset($_POST['apply'])) { redirect('listhtmlblobs.php' . $urlext); return; } } else { $error .= "<li>" . lang('errorinsertingblob') . "</li>"; } } if ($ajax) { header('Content-Type: text/xml'); print '<?xml version="1.0" encoding="UTF-8"?>'; print '<EditBlob>'; if ($error) { print '<Response>Error</Response>'; print '<Details><![CDATA[' . $error . ']]></Details>';
} redirect($thisurl); } if ($action == "uninstall") { if (isset($gCms->modules[$module])) { $modinstance = $gCms->modules[$module]['object']; $result = $modinstance->Uninstall(); #now insert a record if (!isset($result) || $result === FALSE) { #now delete the record $query = "DELETE FROM " . cms_db_prefix() . "modules WHERE module_name = ?"; $db->Execute($query, array($module)); #delete any dependencies $query = "DELETE FROM " . cms_db_prefix() . "module_deps WHERE child_module = ?"; $db->Execute($query, array($module)); Events::SendEvent('Core', 'ModuleUninstalled', array('name' => $module)); #and show the uninstallpost if necessary... if ($modinstance->UninstallPostMessage() != FALSE) { //Redirect right away so that the uninstalled module is removed from the menu redirect($thisurl . '&action=showpostuninstall&module=' . $module); } } else { //TODO: Echo error } } redirect($thisurl); } if ($action == 'showpostuninstall') { // this is probably dead code now if (isset($gCms->modules[$module])) { $modinstance = $gCms->modules[$module]['object'];
function Delete() { $gCms = cmsms(); global $sql_queries, $debug_errors; $config = $gCms->GetConfig(); Events::SendEvent('Core', 'ContentDeletePre', array('content' => &$this)); $db = $gCms->GetDb(); $result = false; if (-1 > $this->mId) { if (true == $config["debug"]) { # :TODO: Translate the error message $debug_errors .= "<p>Could not delete content : invalid Id</p>\n"; } } else { $query = "DELETE FROM " . cms_db_prefix() . "content WHERE content_id = ?"; $dbresult = $db->Execute($query, array($this->mId)); if (!$dbresult) { if (true == $config["debug"]) { # :TODO: Translate the error message $debug_errors .= "<p>Error deleting content</p>\n"; } } // Fix the item_order if necessary $query = "UPDATE " . cms_db_prefix() . "content SET item_order = item_order - 1 WHERE parent_id = ? AND item_order > ?"; $result = $db->Execute($query, array($this->ParentId(), $this->ItemOrder())); // Remove the cross references remove_cross_references($this->mId, 'content'); $cachefilename = TMP_CACHE_LOCATION . '/contentcache.php'; @unlink($cachefilename); if (NULL != $this->mProperties) { # :TODO: There might be some error checking there $this->mProperties->Delete($this->mId); } else { if (true == $config["debug"]) { # :TODO: Translate the error message $debug_errors .= "<p>Error deleting : the content has no properties</p>\n"; } } } Events::SendEvent('Core', 'ContentDeletePost', array('content' => &$this)); }
//catch the error //eval('function testfunction'.rand().'() {'.$code.'}'); $buffer = ob_get_clean(); //add error $error[] = preg_replace('/<br \\/>/', '', $buffer); $validinfo = false; } else { ob_get_clean(); } } if ($validinfo) { Events::SendEvent('Core', 'EditUserDefinedTagPre', array('id' => $userplugin_id, 'name' => &$plugin_name, 'code' => &$code)); $query = "UPDATE " . cms_db_prefix() . "userplugins SET userplugin_name = " . $db->qstr($plugin_name) . ", code = " . $db->qstr($code) . ", modified_date = " . $db->DBTimeStamp(time()) . " WHERE userplugin_id = " . $db->qstr($userplugin_id); $result = $db->Execute($query); if ($result) { Events::SendEvent('Core', 'EditUserDefinedTagPost', array('id' => $userplugin_id, 'name' => &$plugin_name, 'code' => &$code)); audit($userplugin_id, $plugin_name, 'Edited User Defined Tag'); if (!isset($_POST['apply'])) { redirect("listusertags.php" . $urlext . "&message=usertagupdated"); return; } } else { $error[] = lang('errorupdatingusertag'); } } if ($ajax) { header('Content-Type: text/xml'); print '<?xml version="1.0" encoding="UTF-8"?>'; print '<EditUserPlugin>'; if (sizeof($error)) { print '<Response>Error</Response>';
} // If success do action if ($validinfo) { $userobj->username = $username; $userobj->firstname = $firstname; $userobj->lastname = $lastname; $userobj->email = $email; if ($password != '') { $userobj->SetPassword($password); } Events::SendEvent('Core', 'EditUserPre', array('user' => &$userobj)); $result = $userobj->Save(); if ($result) { // put mention into the admin log audit($userid, 'Admin Username: '******'Edited'); Events::SendEvent('Core', 'EditUserPost', array('user' => &$userobj)); $message = lang('accountupdated'); } else { // throw exception? update just failed. } } } // end of account submit /** * Submit prefs */ if (isset($_POST['submit_prefs'])) { # Get values from request and drive em to variables $gcb_wysiwyg = isset($_POST['gcb_wysiwyg']) ? 1 : 0; $wysiwyg = $_POST['wysiwyg']; $syntaxhighlighter = $_POST['syntaxhighlighter'];
$userops = $gCms->GetUserOperations(); $thisuser =& $userops->LoadUserByID($_GET["toggleactive"]); if ($thisuser) { //modify users, is this enough? $userid = get_userid(); $permission = check_permission($userid, 'Modify Users'); $result = false; if ($permission) { $thisuser->active == 1 ? $thisuser->active = 0 : ($thisuser->active = 1); Events::SendEvent('Core', 'EditUserPre', array('user' => $thisuser)); $result = $thisuser->save(); } if ($result) { // put mention into the admin log audit($userid, 'Admin Username: '******'Edited'); Events::SendEvent('Core', 'EditUserPost', array('user' => $thisuser)); } else { $error .= "<li>" . lang('errorupdatinguser') . "</li>"; } } } } if (FALSE == empty($error)) { echo $themeObject->ShowErrors('<ul class="error">' . $error . '</ul>'); } ?> <div class="pagecontainer"> <div class="pageoverflow"> <?php
/** * Loads modules from the filesystem. If loadall is true, then it will load all * modules whether they're installed, or active. If it is false, then it will * only load modules which are installed and active. * * @param boolean $loadall Should be load all modules? * @param boolean $noadmin Should we skip all modules marked as admin only? * @return void */ function LoadModules($loadall = false, $noadmin = false) { global $gCms; $db =& $gCms->GetDb(); $cmsmodules =& $gCms->modules; $dir = dirname(dirname(dirname(__FILE__))) . DIRECTORY_SEPARATOR . "modules"; if ($loadall == true) { if ($handle = @opendir($dir)) { while (($file = readdir($handle)) !== false) { if (@is_file("{$dir}/{$file}/{$file}.module.php")) { include_once "{$dir}/{$file}/{$file}.module.php"; } else { unset($cmsmodules[$file]); } } closedir($handle); } //Find modules and instantiate them $allmodules = $this->FindModules(); foreach ($allmodules as $onemodule) { if (class_exists($onemodule)) { $newmodule = new $onemodule(); $name = $newmodule->GetName(); $cmsmodules[$name]['object'] = $newmodule; $cmsmodules[$name]['installed'] = false; $cmsmodules[$name]['active'] = false; } else { unset($cmsmodules[$name]); } } } #Figger out what modules are active and/or installed #Load them if loadall is false if (isset($db)) { $query = ''; $where = array(); if ($noadmin) { $where[] = 'admin_only = 0'; } if ($loadall != true) { $where[] = 'active = 1'; } $query = 'SELECT * FROM ' . cms_db_prefix() . 'modules '; if (count($where)) { $query .= 'WHERE ' . implode(' AND ', $where); } $query .= ' ORDER by module_name'; $result =& $db->Execute($query); while ($result && !$result->EOF) { if (isset($result->fields['module_name'])) { $modulename = $result->fields['module_name']; if (isset($modulename)) { if ($loadall == true) { if (isset($cmsmodules[$modulename])) { $cmsmodules[$modulename]['installed'] = true; $cmsmodules[$modulename]['active'] = $result->fields['active'] == 1 ? true : false; } } else { if ($result->fields['active'] == 1) { if (@is_file("{$dir}/{$modulename}/{$modulename}.module.php")) { #var_dump('loading module:' . $modulename); include_once "{$dir}/{$modulename}/{$modulename}.module.php"; if (class_exists($modulename)) { $newmodule = new $modulename(); $name = $newmodule->GetName(); global $CMS_VERSION; $dbversion = $result->fields['version']; #Check to see if there is an update and wether or not we should perform it if (version_compare($dbversion, $newmodule->GetVersion()) == -1 && $newmodule->AllowAutoUpgrade() == TRUE) { $newmodule->Upgrade($dbversion, $newmodule->GetVersion()); $query = "UPDATE " . cms_db_prefix() . "modules SET version = ? WHERE module_name = ?"; $db->Execute($query, array($newmodule->GetVersion(), $name)); Events::SendEvent('Core', 'ModuleUpgraded', array('name' => $name, 'oldversion' => $dbversion, 'newversion' => $newmodule->GetVersion())); $dbversion = $newmodule->GetVersion(); } #Check to see if version in db matches file version if ($dbversion == $newmodule->GetVersion() && version_compare($newmodule->MinimumCMSVersion(), $CMS_VERSION) != 1) { $cmsmodules[$name]['object'] = $newmodule; $cmsmodules[$name]['installed'] = true; $cmsmodules[$name]['active'] = $result->fields['active'] == 1 ? true : false; } else { unset($cmsmodules[$name]); } } else { unset($cmsmodules[$modulename]); } } else { unset($cmsmodules[$modulename]); } } } } $result->MoveNext(); } } if ($result) { $result->Close(); } } }