$template->set_var('FTAN', $admin->getFTAN());
// Group list 1
$query = "SELECT * FROM " . TABLE_PREFIX . "groups";
$get_groups = $database->query($query);
$template->set_block('main_block', 'group_list_block', 'group_list');
// Insert admin group and current group first
$admin_group_name = $get_groups->fetchRow(MYSQLI_ASSOC);
$template->set_var(array('ID' => 1, 'TOGGLE' => '1', 'DISABLED' => ' disabled="disabled"', 'LINK_COLOR' => '000000', 'CURSOR' => 'default', 'NAME' => $admin_group_name['name'], 'CHECKED' => ' checked="checked"'));
$template->parse('group_list', 'group_list_block', true);
while ($group = $get_groups->fetchRow(MYSQLI_ASSOC)) {
// check if the user is a member of this group
$flag_disabled = '';
$flag_checked = '';
$flag_cursor = 'pointer';
$flag_color = '';
if (in_array($group["group_id"], $admin->get_groups_id())) {
$flag_disabled = '';
//' disabled';
$flag_checked = ' checked="checked"';
$flag_cursor = 'default';
$flag_color = '000000';
}
// Check if the group is allowed to edit pages
$system_permissions = explode(',', $group['system_permissions']);
if (is_numeric(array_search('pages_modify', $system_permissions))) {
$template->set_var(array('ID' => $group['group_id'], 'TOGGLE' => $group['group_id'], 'CHECKED' => $flag_checked, 'DISABLED' => $flag_disabled, 'LINK_COLOR' => $flag_color, 'CURSOR' => $flag_checked, 'NAME' => $group['name']));
$template->parse('group_list', 'group_list_block', true);
}
}
// Group list 2
$query = "SELECT * FROM " . TABLE_PREFIX . "groups";
$module_dir = basename(dirname($_SERVER["SCRIPT_NAME"]));
// Create js back link
$js_back = ADMIN_URL . '/pages/sections.php?page_id=' . $page_id;
// Get perms
// unset($admin_header);
if (!is_numeric($page_id)) {
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
} elseif ($page_id > 0) {
$page = $admin->get_page_details($page_id, ADMIN_URL . '/pages/index.php');
} else {
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS'], ADMIN_URL);
}
$old_admin_groups = explode(',', str_replace('_', '', $page['admin_groups']));
$old_admin_users = explode(',', str_replace('_', '', $page['admin_users']));
$in_group = false;
foreach ($admin->get_groups_id() as $cur_gid) {
if (in_array($cur_gid, $old_admin_groups)) {
$in_group = true;
}
}
if (!$in_group && !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) {
print $admin->get_group_id() . $admin->get_user_id();
// print_r ($old_admin_groups);
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
// some additional security checks:
// Check whether the section_id belongs to the page_id at all
if (!is_numeric($section_id)) {
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
} elseif ($section_id > 0) {
$section = $admin->get_section_details($section_id, ADMIN_URL . '/pages/index.php');
$tpl->set_block('show_settings', '');
} else {
$tpl->parse('show_settings', 'show_settings_block', true);
}
$tpl->set_block('main_block', 'show_admintools_block', 'show_admintools');
if ($admin->get_permission('admintools') != true) {
$tpl->set_var('DISPLAY_ADMINTOOLS', 'display:none;');
$tpl->set_block('show_admintools', '');
} else {
$tpl->parse('show_admintools', 'show_admintools_block', true);
}
/**
* Try to delete install directory - it's still not needed anymore.
* Additional check for the user to be logged in with administrator-rights.
*/
if (file_exists(LEPTON_PATH . '/install/') && in_array(1, $admin->get_groups_id())) {
$result = rm_full_dir(LEPTON_PATH . '/install/');
if (false === $result) {
/**
* Removing the install directory failed! So we are
* in the need to throw an error-message to the user.
*/
$tpl->set_var("WARNING", "<br />" . $MESSAGE['START_INSTALL_DIR_EXISTS'] . "<br />");
}
}
// Insert "Add-ons" section overview (pretty complex compared to normal)
$addons_overview = $TEXT['MANAGE'] . ' ';
$addons_count = 0;
if ($admin->get_permission('modules') == true) {
$addons_overview .= '<a href="' . ADMIN_URL . '/modules/index.php">' . $MENU['MODULES'] . '</a>';
$addons_count = 1;
$template->set_var('NAME', $TEXT['PLEASE_SELECT'] . '...');
$template->set_var('SELECTED', '');
$template->parse('group_list', 'group_list_block', true);
while ($group = $results->fetchRow()) {
$template->set_var('ID', $group['group_id']);
$template->set_var('NAME', $group['name']);
if (in_array($group['group_id'], explode(",", $user['groups_id']))) {
$template->set_var('SELECTED', ' selected="selected"');
} else {
$template->set_var('SELECTED', '');
}
$template->parse('group_list', 'group_list_block', true);
}
}
// Only allow the user to add a user to the Administrators group if they belong to it
if (in_array(1, $admin->get_groups_id())) {
$template->set_var('ID', '1');
$users_groups = $admin->get_groups_name();
$template->set_var('NAME', $users_groups[1]);
$in_group = false;
foreach ($admin->get_groups_id() as $cur_gid) {
if (in_array($cur_gid, explode(",", $user['groups_id']))) {
$in_group = true;
}
}
if ($in_group) {
$template->set_var('SELECTED', ' selected="selected"');
} else {
$template->set_var('SELECTED', '');
}
$template->parse('group_list', 'group_list_block', true);
$template->set_block('main_block', 'group_list_block', 'group_list');
$results = $database->query("SELECT `group_id`,`name` FROM `" . TABLE_PREFIX . "groups` WHERE `group_id` != '1' ORDER BY `name`");
if ($results->numRows() > 0) {
$template->set_var('ID', '');
$template->set_var('NAME', $TEXT['PLEASE_SELECT'] . '...');
$template->set_var('SELECTED', '');
$template->parse('group_list', 'group_list_block', true);
while (false != ($group = $results->fetchRow(MYSQL_ASSOC))) {
$template->set_var('ID', $group['group_id']);
$template->set_var('NAME', $group['name']);
$template->set_var('SELECTED', in_array($group['group_id'], explode(",", $user['groups_id'])) ? ' selected="selected"' : '');
$template->parse('group_list', 'group_list_block', true);
}
}
// Only allow the user to add a user to the Administrators group if they belong to it
if (in_array(1, $admin->get_groups_id())) {
// Add Administrators group
$qr2 = $database->query("SELECT `group_id`,`name` FROM `" . TABLE_PREFIX . "groups` WHERE `group_id` = '1'");
if ($qr2->numRows() > 0) {
$group = $qr2->fetchRow(MYSQL_ASSOC);
$template->set_var('ID', $group['group_id']);
$template->set_var('NAME', $group['name']);
$template->set_var('SELECTED', in_array($group['group_id'], explode(",", $user['groups_id'])) ? ' selected="selected"' : '');
$template->parse('group_list', 'group_list_block', true);
}
} else {
// just in case there is no (visible) membership at all
if ($results->numRows() == 0) {
$template->set_var('ID', '');
$template->set_var('NAME', $TEXT['NONE_FOUND']);
$template->set_var('SELECTED', ' selected="selected"');
public function createPage($title, $parent, $module, $visibility, $admin_groups, $viewing_groups)
{
global $database;
// admin object initialisieren
require_once WB_PATH . '/framework/class.admin.php';
require_once WB_PATH . '/framework/functions.php';
require_once WB_PATH . '/framework/class.order.php';
$admin = new admin('Pages', 'pages_add', false, false);
$title = htmlspecialchars($title);
// sicherstellen, dass Admin in der Admin-Gruppe und in der Betrachter-Gruppe existiert
if (!in_array(1, $admin_groups)) {
$admin_groups[] = 1;
}
if (!in_array(1, $viewing_groups)) {
$viewing_groups[] = 1;
}
// Leerer Titel?
if ($title == '' || substr($title, 0, 1) == '.') {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, kit_error_blank_title));
return false;
}
// pruefen, ob die Seite ueber die erforderlichen Rechte verfuegt
if (!in_array(1, $admin->get_groups_id())) {
$admin_perm_ok = false;
foreach ($admin_groups as $adm_group) {
if (in_array($adm_group, $admin->get_groups_id())) {
$admin_perm_ok = true;
}
}
if ($admin_perm_ok == false) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, kit_error_insufficient_permissions));
return false;
}
$admin_perm_ok = false;
foreach ($viewing_groups as $view_group) {
if (in_array($view_group, $admin->get_groups_id())) {
$admin_perm_ok = true;
}
}
if ($admin_perm_ok == false) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, kit_error_insufficient_permissions));
return false;
}
}
$admin_groups = implode(',', $admin_groups);
$viewing_groups = implode(',', $viewing_groups);
// Dateinamen erstellen
if ($parent == '0') {
$link = '/' . page_filename($title);
// Dateinamen 'index' und 'intro' umbenennen um Kollisionen zu vermeiden
if ($link == '/index' || $link == '/intro') {
$link .= '_0';
$filename = WB_PATH . PAGES_DIRECTORY . '/' . page_filename($title) . '_0' . PAGE_EXTENSION;
} else {
$filename = WB_PATH . PAGES_DIRECTORY . '/' . page_filename($title) . PAGE_EXTENSION;
}
} else {
$parent_section = '';
$parent_titles = array_reverse(get_parent_titles($parent));
foreach ($parent_titles as $parent_title) {
$parent_section .= page_filename($parent_title) . '/';
}
if ($parent_section == '/') {
$parent_section = '';
}
$page_filename = page_filename($title);
$page_filename = str_replace('_', '-', $page_filename);
$link = '/' . $parent_section . $page_filename;
$filename = WB_PATH . PAGES_DIRECTORY . '/' . $parent_section . $page_filename . PAGE_EXTENSION;
make_dir(WB_PATH . PAGES_DIRECTORY . '/' . $parent_section);
}
// prufen, ob bereits eine Datei mit dem gleichen Dateinamen existiert
$dbPages = new db_wb_pages();
$where = array();
$where[db_wb_pages::field_link] = $link;
$pages = array();
if (!$dbPages->sqlSelectRecord($where, $pages)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbPages->getError()));
return false;
}
if (sizeof($pages) > 0 || file_exists(WB_PATH . PAGES_DIRECTORY . $link . PAGE_EXTENSION) || file_exists(WB_PATH . PAGES_DIRECTORY . $link . '/')) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, sprintf(kit_error_page_exists, $link)));
return false;
}
// include the ordering class
$order = new order(TABLE_PREFIX . 'pages', 'position', 'page_id', 'parent');
// clean order
$order->clean($parent);
// get the new order
$position = $order->get_new($parent);
// Template und Sprache der uebergeordneten Seite ermitteln
$where = array();
$where[db_wb_pages::field_page_id] = $parent;
$pages = array();
if (!$dbPages->sqlSelectRecord($where, $pages)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbPages->getError()));
return false;
}
if (sizeof($pages) > 0) {
$template = $pages[0][db_wb_pages::field_template];
$language = $pages[0][db_wb_pages::field_language];
} else {
$template = '';
$language = DEFAULT_LANGUAGE;
}
// Neue Seite in Tabelle einfuegen
$data = array();
$data[db_wb_pages::field_page_title] = $title;
$data[db_wb_pages::field_menu_title] = $title;
$data[db_wb_pages::field_parent] = $parent;
$data[db_wb_pages::field_template] = $template;
$data[db_wb_pages::field_target] = '_top';
$data[db_wb_pages::field_position] = $position;
$data[db_wb_pages::field_visibility] = $visibility;
$data[db_wb_pages::field_searching] = 1;
$data[db_wb_pages::field_menu] = 1;
$data[db_wb_pages::field_language] = $language;
$data[db_wb_pages::field_admin_groups] = $admin_groups;
$data[db_wb_pages::field_viewing_groups] = $viewing_groups;
$data[db_wb_pages::field_modified_when] = time();
$data[db_wb_pages::field_modified_by] = $admin->get_user_id();
$page_id = -1;
if (!$dbPages->sqlInsertRecord($data, $page_id)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbPages->getError()));
return false;
}
// work out the level
$level = level_count($page_id);
// work out root parent
$root_parent = root_parent($page_id);
// work out page trail
$page_trail = get_page_trail($page_id);
$where = array();
$where[db_wb_pages::field_page_id] = $page_id;
$data = array();
$data[db_wb_pages::field_link] = $link;
$data[db_wb_pages::field_level] = $level;
$data[db_wb_pages::field_root_parent] = $root_parent;
$data[db_wb_pages::field_page_trail] = $page_trail;
if (!$dbPages->sqlUpdateRecord($data, $where)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbPages->getError()));
return false;
}
// create a new file in the /pages directory
create_access_file($filename, $page_id, $level);
// add position 1 to new page
$position = 1;
// add a new record to section table
$dbSections = new db_wb_sections();
$data = array();
$data[db_wb_sections::field_page_id] = $page_id;
$data[db_wb_sections::field_position] = $position;
$data[db_wb_sections::field_module] = $module;
$data[db_wb_sections::field_block] = 1;
$section_id = -1;
if (!$dbSections->sqlInsertRecord($data, $section_id)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbSections->getError()));
return false;
}
if (file_exists(WB_PATH . '/modules/' . $module . '/add.php')) {
require WB_PATH . '/modules/' . $module . '/add.php';
}
if ($database->is_error()) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $database->get_error()));
return false;
}
return $page_id;
}
} else {
$section_id = intval($_POST['section_id']);
}
// $js_back = "javascript: history.go(-1);";
$js_back = ADMIN_URL . '/pages/modify.php?page_id=' . $page_id;
if (!$admin->checkFTAN()) {
$admin->print_header();
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back);
}
// After check print the header
$admin->print_header();
// Get perms
$sql = 'SELECT `admin_groups`,`admin_users` ' . 'FROM `' . TABLE_PREFIX . 'pages` ' . 'WHERE `page_id` = ' . $page_id;
$results = $database->query($sql);
$results_array = $results->fetchRow();
if (!$admin->ami_group_member($results_array['admin_users']) && !$admin->is_group_match($admin->get_groups_id(), $results_array['admin_groups'])) {
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
// Get page module
$sql = 'SELECT `module` FROM `' . TABLE_PREFIX . 'sections` ' . 'WHERE `page_id`=' . $page_id . ' AND `section_id`=' . $section_id;
$module = $database->get_one($sql);
if (!$module) {
$admin->print_error($database->is_error() ? $database->get_error() : $MESSAGE['PAGES_NOT_FOUND']);
}
// Update the pages table
$now = time();
$sql = 'UPDATE `' . TABLE_PREFIX . 'pages` ' . 'SET `modified_when`=' . $now . ', ' . '`modified_by`=' . $admin->get_user_id() . ' ' . 'WHERE `page_id`=' . $page_id;
$database->query($sql);
// Include the modules saving script if it exists
if (file_exists(WB_PATH . '/modules/' . $module . '/save.php')) {
include_once WB_PATH . '/modules/' . $module . '/save.php';
exit(0);
} else {
$page_id = $_GET['page_id'];
}
require_once LEPTON_PATH . '/framework/class.admin.php';
$admin = new admin('Pages', 'pages_settings');
// Include the functions file
require_once LEPTON_PATH . '/framework/summary.utf8.php';
// Get perms
$sql = 'SELECT * FROM `' . TABLE_PREFIX . 'pages` WHERE `page_id` = ' . $page_id;
$results = $database->query($sql);
$results_array = $results->fetchRow(MYSQL_ASSOC);
$old_admin_groups = explode(',', $results_array['admin_groups']);
$old_admin_users = explode(',', $results_array['admin_users']);
$in_old_group = FALSE;
foreach ($admin->get_groups_id() as $cur_gid) {
if (in_array($cur_gid, $old_admin_groups)) {
$in_old_group = TRUE;
}
}
if (!$in_old_group and !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) {
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
// Get page details
$sql = 'SELECT * FROM `' . TABLE_PREFIX . 'pages` WHERE `page_id`=' . $page_id;
$results = $database->query($sql);
if ($database->is_error()) {
$admin->print_header();
$admin->print_error($database->get_error());
}
if ($results->numRows() == 0) {
$secqfetch = $secq->fetchRow();
if ($secqfetch['page_id'] != $page_id or $secqfetch['section_id'] != $section_id) {
die("Parameter mismatch");
}
} else {
$secq = $database->query("SELECT section_id FROM " . TABLE_PREFIX . "sections WHERE module = '{$mod_dir}' AND section_id = '{$section_id}' AND page_id = '{$page_id}'");
if ($secq->numRows() != 1) {
die("Something strange has happened!");
}
}
}
//Aus module_settings.php:
//$authorsgroup: Die Gruppe, der Autoren angehören.
//$noadmin_nooptions: Default: 1: Nur der Admin (Gruppe 1) kann Settings ändern
$user_id = $admin->get_user_id();
$user_in_groups = $admin->get_groups_id();
$authoronly = false;
//$authoronly: Zeigt im weiteren Verlauf an, ob der User nur als Autor berechtigt ist.
$showoptions = true;
$author_invited = false;
//Flag, zeigt an: Ist als Autor eingeladen = darf bearbeiten, aber ist NICHT Ersteller (posted_by)
if ($authorsgroup > 0) {
//Care about users
if (in_array($authorsgroup, $user_in_groups)) {
$authoronly = true;
$showoptions = false;
echo "AUTOR";
} else {
$author_trust_rating = 0;
//Best Trust; Flag aus module_settings.php wird zurückgesetzt
}
if (!$admin->get_page_permission($parent, 'admin')) {
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
} elseif (!$admin->get_permission('pages_add_l0', 'system')) {
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
// check module permissions:
if (!$admin->get_permission($module, 'module')) {
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
// Validate data
if ($title == '' || substr($title, 0, 1) == '.') {
$admin->print_error($MESSAGE['PAGES_BLANK_PAGE_TITLE']);
}
// Check to see if page created has needed permissions
if (!in_array(1, $admin->get_groups_id())) {
$admin_perm_ok = false;
foreach ($admin_groups as $adm_group) {
if (in_array($adm_group, $admin->get_groups_id())) {
$admin_perm_ok = true;
}
}
if ($admin_perm_ok == false) {
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
$admin_perm_ok = false;
foreach ($viewing_groups as $view_group) {
if (in_array($view_group, $admin->get_groups_id())) {
$admin_perm_ok = true;
}
}
$template = new Template(THEME_PATH . '/templates');
// Insert urls
$template->set_var(array('THEME_URL' => THEME_URL, 'LEPTON_URL' => LEPTON_URL, 'LEPTON_PATH' => LEPTON_PATH, 'ADMIN_URL' => ADMIN_URL));
print_search_form();
print_list_page();
$template->set_file('page', 'pages.htt');
$template->set_block('page', 'main_block', 'main');
// Group list 1
$query = "SELECT * FROM " . TABLE_PREFIX . "groups";
$get_groups = $database->query($query);
$template->set_block('main_block', 'group_list_block', 'group_list');
// Insert admin group and current group first
$admin_group_name = $get_groups->fetchRow(MYSQL_ASSOC);
$template->set_var(array('ID' => 1, 'TOGGLE' => '1', 'DISABLED' => ' disabled="disabled"', 'LINK_COLOR' => '000000', 'CURSOR' => 'default', 'NAME' => $admin_group_name['name'], 'CHECKED' => ' checked="checked"'));
$template->parse('group_list', 'group_list_block', true);
$admin_groups_id = $admin->get_groups_id();
while ($group = $get_groups->fetchRow(MYSQL_ASSOC)) {
// check if the user is a member of this group
$flag_disabled = '';
$flag_checked = '';
$flag_cursor = 'pointer';
$flag_color = '';
if (in_array($group["group_id"], $admin_groups_id)) {
$flag_disabled = '';
//' disabled';
$flag_checked = ' checked="checked"';
$flag_cursor = 'default';
$flag_color = '000000';
}
// Check if the group is allowed to edit pages
$system_permissions = explode(',', $group['system_permissions']);
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
// end include class.secure.php
global $TEXT;
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
header("Content-Type: text/html; charset:utf-8;");
// not needed, config is loaded with class.secure
// include realpath(dirname(__FILE__)).'/../../config.php';
include realpath(dirname(__FILE__)) . '/../../framework/class.admin.php';
$admin = new admin('Settings', 'settings_basic');
$curr_user_is_admin = in_array(1, $admin->get_groups_id());
if (!$curr_user_is_admin) {
echo "<div style='border: 2px solid #CC0000; padding: 5px; text-align: center; background-color: #ffbaba;'>You're not allowed to use this function!</div>";
exit;
}
$settings = array();
$sql = 'SELECT `name`, `value` FROM `' . TABLE_PREFIX . 'settings`';
if ($res_settings = $database->query($sql)) {
while ($row = $res_settings->fetchRow()) {
$settings[strtoupper($row['name'])] = $row['name'] != 'wbmailer_smtp_password' ? htmlspecialchars($row['value']) : $row['value'];
}
}
ob_clean();
// send mail
if ($admin->mail($settings['SERVER_EMAIL'], $settings['SERVER_EMAIL'], 'LEPTON PHP MAILER', $TEXT['WBMAILER_TESTMAIL_TEXT'])) {
echo "<div style='border: 2px solid #006600; padding: 5px; text-align: center; background-color: #dff2bf;'>", $TEXT['WBMAILER_TESTMAIL_SUCCESS'], "</div>";