public static function read_url()
{
// Get the document root
$root = dirname($_SERVER['SCRIPT_FILENAME']);
// Make sure the root has a trailing slash
if (substr($root, -1) !== '/') {
$root .= '/';
}
// Get any subfolders out of the path
$sublevels = dirname($_SERVER['SCRIPT_NAME']);
// Load the URI
$address_bar_uri = $_SERVER['REQUEST_URI'];
// Remove any subfolders from consideration as variables
if ($sublevels !== '/') {
$to_parse = str_replace($sublevels, NULL, $address_bar_uri);
} else {
$to_parse = $address_bar_uri;
}
// Separate URI variables from the query string
$script_vars = explode('?', $to_parse);
// Only store the URI variables
$request = $script_vars[0];
// Check for double slashes
$absolute_file_path = str_replace('//', '/', $root . $request);
// Check if the URI is requesting a valid file and load it if so
if (file_exists($absolute_file_path) && $_SERVER['SCRIPT_NAME'] !== $absolute_file_path && $request !== "/") {
// To make sure
if (substr($absolute_file_path, -1) === '/') {
$request .= 'index.php';
}
FB::log($absolute_file_path, "Requested File");
require_once $absolute_file_path;
exit;
} else {
$url = SIV::clean_output($request, FALSE, FALSE);
$url_array = explode("/", $url);
array_shift($url_array);
}
if (!isset($url_array[0]) || strlen($url_array[0]) < 1) {
$url_array[0] = DB_Actions::get_default_page();
}
return $url_array;
}
private function _store_post_data()
{
// Clean up the POST data and store it temporarily
foreach ($_POST as $key => $val) {
// Skip password fields for security
if ($key === 'password' || $key === 'verify-password') {
continue;
}
// Otherwise, store clean data in the session
$this->_sdata->temp->{$key} = SIV::clean_output($val, FALSE, FALSE);
}
}
/**
* Writes data to the database; either updates or creates an entry
*
* @return bool Returns true on success or false on error
*/
public function save_entry()
{
// Initialize all variables to prevent any notices
$entry_id = '';
$page_id = '';
$title = NULL;
$entry = NULL;
$excerpt = NULL;
$slug = "";
$tags = NULL;
$extra = array();
$var_names = array('entry_id', 'page_id', 'title', 'entry', 'excerpt', 'slug', 'tags', 'author', 'created');
// Loop through the POST array and define all variables
foreach ($_POST as $key => $val) {
if (!in_array($key, array('page', 'action', 'token', 'form-submit')) && !in_array($key, $var_names)) {
$extra[$key] = $val;
} else {
if ($key === "entry" || $key === "excerpt") {
${$key} = $val;
} else {
// If it's not the body of the entry, escape all entities
${$key} = htmlentities($val, ENT_QUOTES, 'UTF-8', FALSE);
}
}
}
foreach ($_FILES as $key => $val) {
// If a file was uploaded, handle it here
if (is_array($_FILES[$key]) && $_FILES[$key]['error'] === 0) {
// First, see if the file is an image
${$key} = ImageControl::check_image($_FILES[$key]);
// If not, just save the file
if (!${$key}) {
${$key} = Utilities::store_uploaded_file($_FILES[$key]);
}
$extra[$key] = ${$key};
} else {
if (!empty($_POST[$key . '-value'])) {
$extra[$key] = SIV::clean_output($_POST[$key . '-value'], FALSE, FALSE);
}
}
}
// If a slug wasn't set, save a URL version of the title
$slug = empty($slug) ? Utilities::make_url($title) : $slug;
// Make sure an order value exists
$order = !empty($order) ? $order : 0;
// If an excerpt wasn't set, create a text preview
$excerpt = empty($excerpt) ? strip_tags(Utilities::text_preview($entry)) : $excerpt;
// Store the author's name and a timestamp
$author = $_SESSION['user']['name'];
$created = time();
// Set up the query to insert or update the entry
$sql = "INSERT INTO `" . DB_NAME . "`.`" . DB_PREFIX . "entries`\n (" . self::ENTRY_FIELDS . "\n )\n VALUES\n (\n :entry_id,\n (\n SELECT `page_id`\n FROM `" . DB_NAME . "`.`" . DB_PREFIX . "pages`\n WHERE `page_slug`=:page_slug\n LIMIT 1\n ), :title, :entry, :excerpt, :slug, :tags,\n :order, :extra, :author, :created\n )\n ON DUPLICATE KEY UPDATE\n `title`=:title,\n `entry`=:entry,\n `excerpt`=:excerpt,\n `slug`=:slug,\n `tags`=:tags,\n `order`=:order,\n `extra`=:extra;";
try {
$stmt = $this->db->prepare($sql);
$stmt->bindParam(":entry_id", $entry_id, PDO::PARAM_INT);
$stmt->bindParam(":page_slug", $page, PDO::PARAM_INT);
$stmt->bindParam(":title", $title, PDO::PARAM_STR);
$stmt->bindParam(":entry", $entry, PDO::PARAM_STR);
$stmt->bindParam(":excerpt", $excerpt, PDO::PARAM_STR);
$stmt->bindParam(":slug", $slug, PDO::PARAM_STR);
$stmt->bindParam(":order", $order, PDO::PARAM_INT);
$stmt->bindParam(":tags", $tags, PDO::PARAM_STR);
$stmt->bindParam(":extra", serialize($extra), PDO::PARAM_STR);
$stmt->bindParam(":author", $author, PDO::PARAM_STR);
$stmt->bindParam(":created", $created, PDO::PARAM_STR);
$stmt->execute();
if ($stmt->errorCode() !== '00000') {
$err = $stmt->errorInfo();
ECMS_Error::log_exception(new Exception($err[2]));
}
$stmt->closeCursor();
return TRUE;
} catch (Exception $e) {
$this->_log_exception($e);
}
}
public function update_menu()
{
// Clean up the posted data
foreach ($_POST as $key => $val) {
// if( $key==='page_slug' && SIV::validate($val, SIV::SLUG) )
// {
// $$key = $val;
// }
// else
// {
//TODO Add error handling and send back to form
// }
${$key} = SIV::clean_output($val, FALSE, FALSE);
}
$sql = 'INSERT INTO `' . DB_NAME . '`.`' . DB_PREFIX . 'pages`
(
`page_id`, `page_name`, `page_slug`, `type`, `menu_order`,
`show_full`, `hide_in_menu`, `parent_id`, `extra`
)
VALUES
(
:page_id, :page_name, :page_slug, :type, :menu_order,
:show_full, :hide_in_menu, :parent_id, :extra
)
ON DUPLICATE KEY UPDATE
`page_name`=:page_name, `page_slug`=:page_slug,
`type`=:type, `menu_order`=:menu_order,
`show_full`=:show_full, `hide_in_menu`=:hide_in_menu,
`parent_id`=:parent_id, `extra`=:extra';
try {
$stmt = $this->db->prepare($sql);
$stmt->bindParam(":page_id", $page_id, PDO::PARAM_INT);
$stmt->bindParam(":page_name", $page_name, PDO::PARAM_STR);
$stmt->bindParam(":page_slug", $page_slug, PDO::PARAM_STR);
$stmt->bindParam(":type", $type, PDO::PARAM_STR);
$stmt->bindParam(":menu_order", $menu_order, PDO::PARAM_INT);
$stmt->bindParam(":show_full", $show_full, PDO::PARAM_INT);
$stmt->bindParam(":hide_in_menu", $hide_in_menu, PDO::PARAM_INT);
$stmt->bindParam(":parent_id", $parent_id, PDO::PARAM_INT);
$stmt->bindParam(":extra", $extra, PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->errorCode() === '00000';
$stmt->closeCursor();
return $result;
} catch (Exception $e) {
ECMS_Error::log_exception($e);
}
}
private function _store_comment_data()
{
// Create an object containing sanitized comment data
$comment = new stdClass();
$comment->comment_id = (int) $_POST['comment_id'];
$comment->entry_id = (int) $_POST['entry_id'];
$comment->name = SIV::clean_output($_POST['name'], FALSE, FALSE);
$comment->email = SIV::clean_output($_POST['email'], FALSE, FALSE);
$comment->url = SIV::clean_output($_POST['url'], FALSE, FALSE);
$comment->comment = SIV::clean_output($_POST['comment'], FALSE);
$comment->subscribed = (int) $_POST['subscribe'];
$comment->thread_id = (int) $_POST['thread_id'];
$comment->remote_address = $_SERVER['REMOTE_ADDR'];
$comment->created = time();
// Put the comment data in the session temporarily
$this->_sdata->temp = $comment;
// Store user info in cookies to make posting easier in the future
$expires = time() + 2592000;
// Cookies to expire in 30 days
setcookie('ecms-comment:name', $comment->name, $expires, '/');
setcookie('ecms-comment:email', $comment->email, $expires, '/');
setcookie('ecms-comment:url', $comment->url, $expires, '/');
return $comment;
}
public function handle_search()
{
$search_string = urlencode(SIV::clean_output($_POST['search_string'], FALSE, FALSE));
header('Location: /search/' . $search_string);
exit;
}
