/**
* WebsiteBaker Community Edition (WBCE)
* Way Better Content Editing.
* Visit http://wbce.org to learn more and to join the community.
*
* @copyright Ryan Djurovich (2004-2009)
* @copyright WebsiteBaker Org. e.V. (2009-2015)
* @copyright WBCE Project (2015-)
* @license GNU GPL2 (or any later version)
*/
require_once '../../config.php';
$admin = new admin('admintools', 'admintools', true, false);
if ($admin->get_permission('admintools') == true) {
$admintool_link = ADMIN_URL . '/admintools/index.php';
$module_edit_link = ADMIN_URL . '/admintools/tool.php?tool=droplets';
$modified_when = time();
$modified_by = intval($admin->get_user_id());
$query = 'INSERT INTO `%smod_droplets` SET `name`="", `code`="", `description`="", `comments`="", `active`=1, `modified_when`="%s", `modified_by`="%s"';
$database->query(sprintf($query, TABLE_PREFIX, $modified_when, $modified_by));
if ($database->is_error()) {
$admin->print_error($database->get_error(), $module_edit_link);
} else {
$droplet_id = intval($database->get_one("SELECT LAST_INSERT_ID()"));
$admin->print_success($TEXT['SUCCESS'], ADMIN_URL . '/admintools/tool.php?tool=droplets&do=modify&droplet_id=' . $droplet_id);
}
} else {
die(header('Location: ' . WB_URL));
}
// Print admin footer
$admin->print_footer();
// After check print the header
$admin->print_header();
// Get perms
$sql = 'SELECT `admin_groups`,`admin_users` ' . 'FROM `' . TABLE_PREFIX . 'pages` ' . 'WHERE `page_id` = ' . $page_id;
$results = $database->query($sql);
$results_array = $results->fetchRow();
if (!$admin->ami_group_member($results_array['admin_users']) && !$admin->is_group_match($admin->get_groups_id(), $results_array['admin_groups'])) {
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
// Get page module
$sql = 'SELECT `module` FROM `' . TABLE_PREFIX . 'sections` ' . 'WHERE `page_id`=' . $page_id . ' AND `section_id`=' . $section_id;
$module = $database->get_one($sql);
if (!$module) {
$admin->print_error($database->is_error() ? $database->get_error() : $MESSAGE['PAGES_NOT_FOUND']);
}
// Update the pages table
$now = time();
$sql = 'UPDATE `' . TABLE_PREFIX . 'pages` ' . 'SET `modified_when`=' . $now . ', ' . '`modified_by`=' . $admin->get_user_id() . ' ' . 'WHERE `page_id`=' . $page_id;
$database->query($sql);
// Include the modules saving script if it exists
if (file_exists(WB_PATH . '/modules/' . $module . '/save.php')) {
include_once WB_PATH . '/modules/' . $module . '/save.php';
}
// Check if there is a db error, otherwise say successful
if ($database->is_error()) {
$admin->print_error($database->get_error(), ADMIN_URL . '/pages/modify.php?page_id=' . $page_id);
} else {
$admin->print_success($MESSAGE['PAGES_SAVED'], ADMIN_URL . '/pages/modify.php?page_id=' . $page_id);
}
// Print admin footer
$admin->print_footer();
$sql = 'SELECT `admin_groups`,`admin_users` FROM `' . TABLE_PREFIX . 'pages` ';
$sql .= 'WHERE `page_id` = ' . $page_id;
$results = $database->query($sql);
if ($database->is_error()) {
trigger_error($database->get_error(), E_USER_ERROR);
}
$results_array = $results->fetchRow(MYSQL_ASSOC);
$old_admin_groups = explode(',', str_replace('_', '', $results_array['admin_groups']));
$old_admin_users = explode(',', str_replace('_', '', $results_array['admin_users']));
$in_old_group = FALSE;
foreach ($admin->get_groups_id() as $cur_gid) {
if (in_array($cur_gid, $old_admin_groups)) {
$in_old_group = TRUE;
}
}
if (!$in_old_group and !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) {
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
// Get page module
$sql = 'SELECT `module` FROM `' . TABLE_PREFIX . 'sections` ';
$sql .= 'WHERE `page_id`=' . $page_id . ' AND `section_id`=' . $section_id;
$module = $database->get_one($sql);
if ($database->is_error()) {
trigger_error($database->get_error(), E_USER_ERROR);
}
if (!$module) {
$admin->print_error($database->is_error() ? $database->get_error() : $MESSAGE['PAGES_NOT_FOUND']);
}
// Update the pages table
$now = time();
$sql = 'UPDATE `' . TABLE_PREFIX . 'pages` SET ';
exit();
}
*/
// Get perms
// $database = new database();
$results = $database->query("SELECT admin_groups,admin_users FROM " . TABLE_PREFIX . "pages WHERE page_id = '{$page_id}'");
$results_array = $results->fetchRow();
$old_admin_groups = explode(',', $results_array['admin_groups']);
$old_admin_users = explode(',', $results_array['admin_users']);
$in_old_group = FALSE;
foreach ($admin->get_groups_id() as $cur_gid) {
if (in_array($cur_gid, $old_admin_groups)) {
$in_old_group = TRUE;
}
}
if (!$in_old_group && !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) {
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
// Get page details
// $database = new database();
$query = "SELECT * FROM " . TABLE_PREFIX . "pages WHERE page_id = '{$page_id}'";
$results = $database->query($query);
if ($database->is_error()) {
$admin->print_header();
$admin->print_error($database->get_error());
}
if ($results->numRows() == 0) {
$admin->print_header();
$admin->print_error($MESSAGE['PAGES_NOT_FOUND']);
}
$results_array = $results->fetchRow();
}
//Das muss hier so gemacht werden:
require_once '../info.php';
$mod_dir = $module_directory;
$tablename = $module_directory;
$mpath = WB_PATH . '/modules/' . $mod_dir . '/';
require_once $mpath . '/functions.php';
// Include WB functions file
require WB_PATH . '/framework/functions.php';
$theauto_header = false;
require_once WB_PATH . '/framework/class.admin.php';
$admin = new admin('Pages', 'pages_modify', $theauto_header, TRUE);
if (!$admin->is_authenticated()) {
die;
}
if ($admin->get_user_id() > 1) {
echo '<h1>Access for admin 1 only</h1>';
}
// Get id
$copysection = '';
if (isset($_GET['copysection']) and is_numeric($_POST['copysection'])) {
$copysection = ' AND section_id = ' . $_GET['copysection'] . ' ';
//Nur diese Section copieren
}
// Einen Datensatz abfragen unf ggf Feld 'is_topic_id' einfügen.
$sql = 'SELECT * FROM `' . TABLE_PREFIX . 'mod_news_posts` WHERE active=1 ' . $copysection . ' AND is_topic_id = 0 LIMIT 1';
$query_post = $database->query($sql);
if ($database->is_error()) {
$sql = 'ALTER TABLE `' . TABLE_PREFIX . 'mod_news_posts` ADD `is_topic_id` INT NOT NULL DEFAULT \'0\'';
$database->query($sql);
if (!$database->is_error()) {
$admin->print_header();
$admin->print_error($droplet_id . ' ) ' . $MESSAGE['GENERIC_SECURITY_ACCESS'], $ToolUrl);
}
$admin->print_header();
// Validate all fields
if ($admin->get_post('title') == '') {
$admin->print_error($MESSAGE['GENERIC_FILL_IN_ALL'] . ' ( Droplet Name )', $ToolUrl);
} else {
$title = $admin->add_slashes($admin->get_post('title'));
$active = (int) $admin->get_post('active');
$admin_view = (int) $admin->get_post('admin_view');
$admin_edit = (int) $admin->get_post('admin_edit');
$show_wysiwyg = (int) $admin->get_post('show_wysiwyg');
$description = $admin->add_slashes($admin->get_post('description'));
$tags = array('<?php', '?>', '<?');
$content = $admin->add_slashes(str_replace($tags, '', $_POST['savecontent']));
$comments = trim($admin->add_slashes($admin->get_post('comments')));
$modified_when = time();
$modified_by = (int) $admin->get_user_id();
}
// Update row
$sql = 'UPDATE `' . TABLE_PREFIX . 'mod_droplets` SET ' . '`name` = \'' . $title . '\', ' . '`active` = ' . $active . ', ' . '`admin_view` = ' . $admin_view . ', ' . '`admin_edit` = ' . $admin_edit . ', ' . '`show_wysiwyg` = ' . $show_wysiwyg . ', ' . '`description` = \'' . $description . '\', ' . '`code` = \'' . $content . '\', ' . '`comments` = \'' . $comments . '\', ' . '`modified_when` = ' . $modified_when . ', ' . '`modified_by` = ' . $modified_by . ' ' . 'WHERE `id` = ' . $droplet_id;
$database->query($sql);
// Check if there is a db error, otherwise say successful
if ($database->is_error()) {
$admin->print_error($database->get_error(), $ToolUrl);
} else {
$admin->print_success($TEXT['SUCCESS'], $ToolUrl);
}
// Print admin footer
$admin->print_footer();
public function createPage($title, $parent, $module, $visibility, $admin_groups, $viewing_groups)
{
global $database;
// admin object initialisieren
require_once WB_PATH . '/framework/class.admin.php';
require_once WB_PATH . '/framework/functions.php';
require_once WB_PATH . '/framework/class.order.php';
$admin = new admin('Pages', 'pages_add', false, false);
$title = htmlspecialchars($title);
// sicherstellen, dass Admin in der Admin-Gruppe und in der Betrachter-Gruppe existiert
if (!in_array(1, $admin_groups)) {
$admin_groups[] = 1;
}
if (!in_array(1, $viewing_groups)) {
$viewing_groups[] = 1;
}
// Leerer Titel?
if ($title == '' || substr($title, 0, 1) == '.') {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, kit_error_blank_title));
return false;
}
// pruefen, ob die Seite ueber die erforderlichen Rechte verfuegt
if (!in_array(1, $admin->get_groups_id())) {
$admin_perm_ok = false;
foreach ($admin_groups as $adm_group) {
if (in_array($adm_group, $admin->get_groups_id())) {
$admin_perm_ok = true;
}
}
if ($admin_perm_ok == false) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, kit_error_insufficient_permissions));
return false;
}
$admin_perm_ok = false;
foreach ($viewing_groups as $view_group) {
if (in_array($view_group, $admin->get_groups_id())) {
$admin_perm_ok = true;
}
}
if ($admin_perm_ok == false) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, kit_error_insufficient_permissions));
return false;
}
}
$admin_groups = implode(',', $admin_groups);
$viewing_groups = implode(',', $viewing_groups);
// Dateinamen erstellen
if ($parent == '0') {
$link = '/' . page_filename($title);
// Dateinamen 'index' und 'intro' umbenennen um Kollisionen zu vermeiden
if ($link == '/index' || $link == '/intro') {
$link .= '_0';
$filename = WB_PATH . PAGES_DIRECTORY . '/' . page_filename($title) . '_0' . PAGE_EXTENSION;
} else {
$filename = WB_PATH . PAGES_DIRECTORY . '/' . page_filename($title) . PAGE_EXTENSION;
}
} else {
$parent_section = '';
$parent_titles = array_reverse(get_parent_titles($parent));
foreach ($parent_titles as $parent_title) {
$parent_section .= page_filename($parent_title) . '/';
}
if ($parent_section == '/') {
$parent_section = '';
}
$page_filename = page_filename($title);
$page_filename = str_replace('_', '-', $page_filename);
$link = '/' . $parent_section . $page_filename;
$filename = WB_PATH . PAGES_DIRECTORY . '/' . $parent_section . $page_filename . PAGE_EXTENSION;
make_dir(WB_PATH . PAGES_DIRECTORY . '/' . $parent_section);
}
// prufen, ob bereits eine Datei mit dem gleichen Dateinamen existiert
$dbPages = new db_wb_pages();
$where = array();
$where[db_wb_pages::field_link] = $link;
$pages = array();
if (!$dbPages->sqlSelectRecord($where, $pages)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbPages->getError()));
return false;
}
if (sizeof($pages) > 0 || file_exists(WB_PATH . PAGES_DIRECTORY . $link . PAGE_EXTENSION) || file_exists(WB_PATH . PAGES_DIRECTORY . $link . '/')) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, sprintf(kit_error_page_exists, $link)));
return false;
}
// include the ordering class
$order = new order(TABLE_PREFIX . 'pages', 'position', 'page_id', 'parent');
// clean order
$order->clean($parent);
// get the new order
$position = $order->get_new($parent);
// Template und Sprache der uebergeordneten Seite ermitteln
$where = array();
$where[db_wb_pages::field_page_id] = $parent;
$pages = array();
if (!$dbPages->sqlSelectRecord($where, $pages)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbPages->getError()));
return false;
}
if (sizeof($pages) > 0) {
$template = $pages[0][db_wb_pages::field_template];
$language = $pages[0][db_wb_pages::field_language];
} else {
$template = '';
$language = DEFAULT_LANGUAGE;
}
// Neue Seite in Tabelle einfuegen
$data = array();
$data[db_wb_pages::field_page_title] = $title;
$data[db_wb_pages::field_menu_title] = $title;
$data[db_wb_pages::field_parent] = $parent;
$data[db_wb_pages::field_template] = $template;
$data[db_wb_pages::field_target] = '_top';
$data[db_wb_pages::field_position] = $position;
$data[db_wb_pages::field_visibility] = $visibility;
$data[db_wb_pages::field_searching] = 1;
$data[db_wb_pages::field_menu] = 1;
$data[db_wb_pages::field_language] = $language;
$data[db_wb_pages::field_admin_groups] = $admin_groups;
$data[db_wb_pages::field_viewing_groups] = $viewing_groups;
$data[db_wb_pages::field_modified_when] = time();
$data[db_wb_pages::field_modified_by] = $admin->get_user_id();
$page_id = -1;
if (!$dbPages->sqlInsertRecord($data, $page_id)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbPages->getError()));
return false;
}
// work out the level
$level = level_count($page_id);
// work out root parent
$root_parent = root_parent($page_id);
// work out page trail
$page_trail = get_page_trail($page_id);
$where = array();
$where[db_wb_pages::field_page_id] = $page_id;
$data = array();
$data[db_wb_pages::field_link] = $link;
$data[db_wb_pages::field_level] = $level;
$data[db_wb_pages::field_root_parent] = $root_parent;
$data[db_wb_pages::field_page_trail] = $page_trail;
if (!$dbPages->sqlUpdateRecord($data, $where)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbPages->getError()));
return false;
}
// create a new file in the /pages directory
create_access_file($filename, $page_id, $level);
// add position 1 to new page
$position = 1;
// add a new record to section table
$dbSections = new db_wb_sections();
$data = array();
$data[db_wb_sections::field_page_id] = $page_id;
$data[db_wb_sections::field_position] = $position;
$data[db_wb_sections::field_module] = $module;
$data[db_wb_sections::field_block] = 1;
$section_id = -1;
if (!$dbSections->sqlInsertRecord($data, $section_id)) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbSections->getError()));
return false;
}
if (file_exists(WB_PATH . '/modules/' . $module . '/add.php')) {
require WB_PATH . '/modules/' . $module . '/add.php';
}
if ($database->is_error()) {
$this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $database->get_error()));
return false;
}
return $page_id;
}
$language = DEFAULT_LANGUAGE;
}
// Insert page into pages table
$sql = 'INSERT INTO `' . TABLE_PREFIX . 'pages` SET ';
$sql .= '`parent` = ' . $parent . ', ';
$sql .= '`target` = "_top", ';
$sql .= '`page_title` = "' . $title . '", ';
$sql .= '`menu_title` = "' . $title . '", ';
$sql .= '`template` = "' . $template . '", ';
$sql .= '`visibility` = "' . $visibility . '", ';
$sql .= '`position` = ' . $position . ', ';
$sql .= '`menu` = 1, ';
$sql .= '`language` = "' . $language . '", ';
$sql .= '`searching` = 1, ';
$sql .= '`modified_when` = ' . time() . ', ';
$sql .= '`modified_by` = ' . $admin->get_user_id() . ', ';
$sql .= '`admin_groups` = "' . $admin_groups . '", ';
$sql .= '`viewing_groups` = "' . $viewing_groups . '", ';
$sql .= '`link` = \'\', ';
$sql .= '`description` = \'\', ';
$sql .= '`keywords` = \'\', ';
$sql .= '`page_trail` = \'\', ';
$sql .= '`admin_users` = \'\', ';
$sql .= '`viewing_users` = \'\'';
$database->query($sql);
if ($database->is_error()) {
$admin->print_error($database->get_error());
}
// Get the page id
$page_id = $database->get_one("SELECT LAST_INSERT_ID()");
// Work out level
$order->clean($parent);
// Get new order
$position = $order->get_new($parent);
// Work-out if the page parent (if selected) has a seperate template or language to the default
$sql = 'SELECT `template`, `language` FROM `' . TABLE_PREFIX . 'pages` ' . 'WHERE `page_id` = ' . (int) $parent;
$query_parent = $database->query($sql);
if ($query_parent->numRows() > 0) {
$fetch_parent = $query_parent->fetchRow(MYSQLI_ASSOC);
$template = $fetch_parent['template'];
$language = $fetch_parent['language'];
} else {
$template = '';
$language = DEFAULT_LANGUAGE;
}
// Insert page into pages table
$sql = 'INSERT INTO `' . TABLE_PREFIX . 'pages` ' . 'SET `parent`=' . (int) $parent . ', ' . '`link` = \'\', ' . '`description`=\'\', ' . '`keywords`=\'\', ' . '`page_trail`=\'\', ' . '`admin_users`=\'\', ' . '`viewing_users`=\'\', ' . '`target`=\'_top\', ' . '`page_title`=\'' . $database->escapeString($title) . '\', ' . '`menu_title`=\'' . $database->escapeString($title) . '\', ' . '`template`=\'' . $database->escapeString($template) . '\', ' . '`visibility`=\'' . $database->escapeString($visibility) . '\', ' . '`position`=' . (int) $position . ', ' . '`menu`=1, ' . '`language`=\'' . $database->escapeString($language) . '\', ' . '`searching`=1, ' . '`modified_when`=' . time() . ', ' . '`modified_by`=' . (int) $admin->get_user_id() . ', ' . '`admin_groups`=\'' . $database->escapeString($admin_groups) . '\', ' . '`viewing_groups`=\'' . $database->escapeString($viewing_groups) . '\'';
if (!$database->query($sql)) {
$admin->print_error($database->get_error());
}
// Get the new page id
$page_id = $database->getLastInsertId();
// Work out level
$level = level_count($page_id);
// Work out root parent
$root_parent = root_parent($page_id);
// Work out page trail
$page_trail = get_page_trail($page_id);
// Update page with new level and link
$sql = 'UPDATE `' . TABLE_PREFIX . 'pages` SET ' . '`root_parent` = ' . (int) $root_parent . ', ' . '`level` = ' . (int) $level . ', ' . '`link` = \'' . $database->escapeString($link) . '\', ' . (defined('PAGE_LANGUAGES') && PAGE_LANGUAGES && $field_set && $language == DEFAULT_LANGUAGE && file_exists(WB_PATH . '/modules/mod_multilingual/update_keys.php') ? '`page_code` = ' . (int) $page_id . ', ' : '') . '`page_trail`=\'' . $database->escapeString($page_trail) . '\' ' . 'WHERE `page_id` = ' . $page_id;
if (!$database->query($sql)) {
$admin->print_error($database->get_error());
$secq = $database->query("SELECT section_id, page_id FROM " . TABLE_PREFIX . "mod_" . $mod_dir . " WHERE topic_id = '{$topic_id}'");
$secqfetch = $secq->fetchRow();
if ($secqfetch['page_id'] != $page_id or $secqfetch['section_id'] != $section_id) {
die("Parameter mismatch");
}
} else {
$secq = $database->query("SELECT section_id FROM " . TABLE_PREFIX . "sections WHERE module = '{$mod_dir}' AND section_id = '{$section_id}' AND page_id = '{$page_id}'");
if ($secq->numRows() != 1) {
die("Something strange has happened!");
}
}
}
//Aus module_settings.php:
//$authorsgroup: Die Gruppe, der Autoren angehören.
//$noadmin_nooptions: Default: 1: Nur der Admin (Gruppe 1) kann Settings ändern
$user_id = $admin->get_user_id();
$user_in_groups = $admin->get_groups_id();
$authoronly = false;
//$authoronly: Zeigt im weiteren Verlauf an, ob der User nur als Autor berechtigt ist.
$showoptions = true;
$author_invited = false;
//Flag, zeigt an: Ist als Autor eingeladen = darf bearbeiten, aber ist NICHT Ersteller (posted_by)
if ($authorsgroup > 0) {
//Care about users
if (in_array($authorsgroup, $user_in_groups)) {
$authoronly = true;
$showoptions = false;
echo "AUTOR";
} else {
$author_trust_rating = 0;
//Best Trust; Flag aus module_settings.php wird zurückgesetzt
// this catches XSS in these params, too
if (!$page_id && !$section_id) {
$admin->print_error('Invalid arguments passed - script stopped.');
}
// Get perms
// unset($admin_header);
$page = $admin->get_page_details($page_id, ADMIN_URL . '/pages/index.php');
$old_admin_groups = explode(',', str_replace('_', '', $page['admin_groups']));
$old_admin_users = explode(',', str_replace('_', '', $page['admin_users']));
$in_group = false;
foreach ($admin->get_groups_id() as $cur_gid) {
if (in_array($cur_gid, $old_admin_groups)) {
$in_group = true;
}
}
if (!$in_group && !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) {
print $admin->get_group_id() . $admin->get_user_id();
// print_r ($old_admin_groups);
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
// some additional security checks:
// Check whether the section_id belongs to the page_id at all
if ($section_id != 0) {
$section = $admin->get_section_details($section_id, ADMIN_URL . '/pages/index.php');
if (!$admin->get_permission($section['module'], 'module')) {
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
}
// Workout if the developer wants to show the info banner
if (isset($print_info_banner) && $print_info_banner == true) {
// Get page details already defined
// header will be set here, see database->is_error
$admin = new admin('Pages', 'pages_modify');
// Get perms
$sql = 'SELECT `admin_groups`,`admin_users` FROM `' . TABLE_PREFIX . 'pages` ';
$sql .= 'WHERE `page_id` = ' . intval($page_id);
$res_pages = $database->query($sql);
$rec_pages = $res_pages->fetchRow(MYSQL_ASSOC);
$old_admin_groups = explode(',', str_replace('_', '', $rec_pages['admin_groups']));
$old_admin_users = explode(',', str_replace('_', '', $rec_pages['admin_users']));
$in_group = FALSE;
foreach ($admin->get_groups_id() as $cur_gid) {
if (in_array($cur_gid, $old_admin_groups)) {
$in_group = TRUE;
}
}
if (!$in_group && !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) {
$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);
}
// some additional security checks:
// Check whether the section_id belongs to the page_id at all
if ($section_id != 0) {
$sql = "SELECT `module` FROM `" . TABLE_PREFIX . "sections` WHERE `page_id` = '{$page_id}' AND `section_id` = '{$section_id}'";
$res_sec = $database->query($sql);
if ($database->is_error()) {
$admin->print_error($database->get_error());
}
if ($res_sec->numRows() == 0) {
$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);
}
// check module permissions:
$sec = $res_sec->fetchRow(MYSQL_ASSOC);
$backend->print_error('You do not have permissions to modify this page');
}
// some additional security checks:
// Check whether the section_id belongs to the page_id at all
if ($section_id != 0) {
$sql = "SELECT `module` FROM `%ssections` WHERE `page_id` = %d AND `section_id` = %d";
$res_sec = $backend->db()->query(sprintf($sql, CAT_TABLE_PREFIX, $page_id, $section_id));
if ($backend->db()->isError()) {
$backend->print_error($backend->db()->getError());
}
if ($res_sec->numRows() == 0) {
$backend->print_error('Not Found');
}
// check module permissions:
$sec = $res_sec->fetchRow(MYSQL_ASSOC);
if (!$_bc_user->get_permission($sec['module'], 'module')) {
$backend->print_error('You do not have permissions to modify this page');
}
}
// Workout if the developer wants to show the info banner
if (isset($print_info_banner) && $print_info_banner == true) {
$backend->print_banner();
}
// Work-out if the developer wants us to update the timestamp for when the page was last modified
if (isset($update_when_modified) && $update_when_modified == true) {
$sql = 'UPDATE `%spages` ';
$sql .= 'SET `modified_when` = ' . time() . ', ';
$sql .= '`modified_by` = ' . intval($admin->get_user_id()) . ' ';
$sql .= 'WHERE page_id = ' . intval($page_id);
$backend->db()->query(sprintf($sql, CAT_TABLE_PREFIX));
}
if (!is_numeric($page_id)) {
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
} elseif ($page_id > 0) {
$page = $admin->get_page_details($page_id, ADMIN_URL . '/pages/index.php');
} else {
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS'], ADMIN_URL);
}
$old_admin_groups = explode(',', str_replace('_', '', $page['admin_groups']));
$old_admin_users = explode(',', str_replace('_', '', $page['admin_users']));
$in_group = false;
foreach ($admin->get_groups_id() as $cur_gid) {
if (in_array($cur_gid, $old_admin_groups)) {
$in_group = true;
}
}
if (!$in_group && !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) {
print $admin->get_group_id() . $admin->get_user_id();
// print_r ($old_admin_groups);
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
}
// some additional security checks:
// Check whether the section_id belongs to the page_id at all
if (!is_numeric($section_id)) {
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);
} elseif ($section_id > 0) {
$section = $admin->get_section_details($section_id, ADMIN_URL . '/pages/index.php');
if (!$admin->get_permission($section['module'], 'module')) {
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS'], ADMIN_URL);
}
}
// Workout if the developer wants to show the info banner
/*
* @version 0.1.0
* @author Ruud Eisinga (Ruud)
* @date 2009-04-10
*/
require '../../config.php';
require_once WB_PATH . '/framework/class.admin.php';
require_once WB_PATH . '/framework/functions.php';
$admin = new admin('admintools', 'admintools', false, false);
if ($admin->get_permission('admintools') == true) {
$admintool_link = ADMIN_URL . '/admintools/index.php';
$module_edit_link = ADMIN_URL . '/admintools/tool.php?tool=capslider';
$admin = new admin('admintools', 'admintools');
$modified_when = time();
$modified_by = $admin->get_user_id();
$btable = TABLE_PREFIX . 'mod_capslider_slide';
$database->query("INSERT INTO " . $btable . " (active,modified_when,modified_by) VALUES ('1','{$modified_when}','{$modified_by}' )");
// Get the id
$slide_id = $database->get_one("SELECT LAST_INSERT_ID()");
// Say that a new record has been added, then redirect to modify page
if ($database->is_error()) {
$admin->print_error($database->get_error(), $module_edit_link);
} else {
$admin->print_success($TEXT['SUCCESS'], WB_URL . '/modules/capslider/modify_slide.php?slide_id=' . $slide_id);
}
// Print admin footer
$admin->print_footer();
} else {
die(header('Location: ../../index.php'));
}
}
// After check print the header
// Work-out file mode
if (!$bAdvanced) {
// Check if should be set to 777 or left alone
if (isset($_POST['world_writeable']) && $_POST['world_writeable'] == 'true') {
$file_mode = '0777';
$dir_mode = '0777';
} else {
$file_mode = STRING_FILE_MODE;
$dir_mode = STRING_DIR_MODE;
}
} else {
$file_mode = STRING_FILE_MODE;
$dir_mode = STRING_DIR_MODE;
if ($admin->get_user_id() == '1') {
// Work-out the octal value for file mode
$u = 0;
if (isset($_POST['file_u_r']) && $_POST['file_u_r'] == 'true') {
$u = $u + 4;
}
if (isset($_POST['file_u_w']) && $_POST['file_u_w'] == 'true') {
$u = $u + 2;
}
if (isset($_POST['file_u_e']) && $_POST['file_u_e'] == 'true') {
$u = $u + 1;
}
$g = 0;
if (isset($_POST['file_g_r']) && $_POST['file_g_r'] == 'true') {
$g = $g + 4;
}
$template->set_var(array('TEXT_WEBSITE_TITLE' => $TEXT['WEBSITE_TITLE'], 'TEXT_WEBSITE_DESCRIPTION' => $TEXT['WEBSITE_DESCRIPTION'], 'TEXT_WEBSITE_KEYWORDS' => $TEXT['WEBSITE_KEYWORDS'], 'TEXT_WEBSITE_HEADER' => $TEXT['WEBSITE_HEADER'], 'TEXT_WEBSITE_FOOTER' => $TEXT['WEBSITE_FOOTER'], 'TEXT_HEADER' => $TEXT['HEADER'], 'TEXT_FOOTER' => $TEXT['FOOTER'], 'TEXT_VISIBILITY' => $TEXT['VISIBILITY'], 'TEXT_RESULTS_HEADER' => $TEXT['RESULTS_HEADER'], 'TEXT_RESULTS_LOOP' => $TEXT['RESULTS_LOOP'], 'TEXT_RESULTS_FOOTER' => $TEXT['RESULTS_FOOTER'], 'TEXT_NO_RESULTS' => $TEXT['NO_RESULTS'], 'TEXT_TEXT' => $TEXT['TEXT'], 'TEXT_DEFAULT' => $TEXT['DEFAULT'], 'TEXT_LANGUAGE' => $TEXT['LANGUAGE'], 'TEXT_TIMEZONE' => $TEXT['TIMEZONE'], 'TEXT_CHARSET' => $TEXT['CHARSET'], 'TEXT_DATE_FORMAT' => $TEXT['DATE_FORMAT'], 'TEXT_TIME_FORMAT' => $TEXT['TIME_FORMAT'], 'TEXT_TEMPLATE' => $TEXT['TEMPLATE'], 'TEXT_THEME' => $TEXT['THEME'], 'TEXT_WYSIWYG_EDITOR' => $TEXT['WYSIWYG_EDITOR'], 'TEXT_PAGE_LEVEL_LIMIT' => $TEXT['PAGE_LEVEL_LIMIT'], 'TEXT_INTRO_PAGE' => $TEXT['INTRO_PAGE'], 'TEXT_FRONTEND' => $TEXT['FRONTEND'], 'TEXT_LOGIN' => $TEXT['LOGIN'], 'TEXT_REDIRECT_AFTER' => $TEXT['REDIRECT_AFTER'], 'TEXT_SIGNUP' => $TEXT['SIGNUP'], 'TEXT_PHP_ERROR_LEVEL' => $TEXT['PHP_ERROR_LEVEL'], 'TEXT_PAGES_DIRECTORY' => $TEXT['PAGES_DIRECTORY'], 'TEXT_MEDIA_DIRECTORY' => $TEXT['MEDIA_DIRECTORY'], 'TEXT_PAGE_EXTENSION' => $TEXT['PAGE_EXTENSION'], 'TEXT_PAGE_SPACER' => $TEXT['PAGE_SPACER'], 'TEXT_RENAME_FILES_ON_UPLOAD' => $TEXT['RENAME_FILES_ON_UPLOAD'], 'TEXT_APP_NAME' => $TEXT['APP_NAME'], 'TEXT_SESSION_IDENTIFIER' => $TEXT['SESSION_IDENTIFIER'], 'TEXT_SEC_ANCHOR' => $TEXT['SEC_ANCHOR'], 'TEXT_SERVER_OPERATING_SYSTEM' => $TEXT['SERVER_OPERATING_SYSTEM'], 'TEXT_LINUX_UNIX_BASED' => $TEXT['LINUX_UNIX_BASED'], 'TEXT_WINDOWS' => $TEXT['WINDOWS'], 'TEXT_ADMIN' => $TEXT['ADMIN'], 'TEXT_TYPE' => $TEXT['TYPE'], 'TEXT_DATABASE' => $TEXT['DATABASE'], 'TEXT_HOST' => $TEXT['HOST'], 'TEXT_USERNAME' => $TEXT['USERNAME'], 'TEXT_PASSWORD' => $TEXT['PASSWORD'], 'TEXT_NAME' => $TEXT['NAME'], 'TEXT_TABLE_PREFIX' => $TEXT['TABLE_PREFIX'], 'TEXT_SAVE' => $TEXT['SAVE'], 'TEXT_RESET' => $TEXT['RESET'], 'TEXT_CHANGES' => $TEXT['CHANGES'], 'TEXT_ENABLED' => $TEXT['ENABLED'], 'TEXT_DISABLED' => $TEXT['DISABLED'], 'TEXT_MANAGE_SECTIONS' => $HEADING['MANAGE_SECTIONS'], 'TEXT_MANAGE' => $TEXT['MANAGE'], 'TEXT_SEARCH' => $TEXT['SEARCH'], 'TEXT_PUBLIC' => $TEXT['PUBLIC'], 'TEXT_PRIVATE' => $TEXT['PRIVATE'], 'TEXT_REGISTERED' => $TEXT['REGISTERED'], 'TEXT_NONE' => $TEXT['NONE'], 'TEXT_FILES' => strtoupper(substr($TEXT['FILES'], 0, 1)) . substr($TEXT['FILES'], 1), 'TEXT_DIRECTORIES' => $TEXT['DIRECTORIES'], 'TEXT_FILESYSTEM_PERMISSIONS' => $TEXT['FILESYSTEM_PERMISSIONS'], 'TEXT_USER' => $TEXT['USER'], 'TEXT_GROUP' => $TEXT['GROUP'], 'TEXT_OTHERS' => $TEXT['OTHERS'], 'TEXT_READ' => $TEXT['READ'], 'TEXT_WRITE' => $TEXT['WRITE'], 'TEXT_EXECUTE' => $TEXT['EXECUTE'], 'TEXT_WARN_PAGE_LEAVE' => '', 'TEXT_SMART_LOGIN' => $TEXT['SMART_LOGIN'], 'TEXT_MULTIPLE_MENUS' => $TEXT['MULTIPLE_MENUS'], 'TEXT_HOMEPAGE_REDIRECTION' => $TEXT['HOMEPAGE_REDIRECTION'], 'TEXT_SECTION_BLOCKS' => $TEXT['SECTION_BLOCKS'], 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], 'TEXT_PAGE_TRASH' => $TEXT['PAGE_TRASH'], 'TEXT_PAGE_LANGUAGES' => $TEXT['PAGE_LANGUAGES'], 'TEXT_INLINE' => $TEXT['INLINE'], 'TEXT_SEPARATE' => $TEXT['SEPARATE'], 'TEXT_HOME_FOLDERS' => $TEXT['HOME_FOLDERS'], 'TEXT_WYSIWYG_STYLE' => $TEXT['WYSIWYG_STYLE'], 'TEXT_WORLD_WRITEABLE_FILE_PERMISSIONS' => $TEXT['WORLD_WRITEABLE_FILE_PERMISSIONS'], 'MODE_SWITCH_WARNING' => $MESSAGE['SETTINGS']['MODE_SWITCH_WARNING'], 'WORLD_WRITEABLE_WARNING' => $MESSAGE['SETTINGS']['WORLD_WRITEABLE_WARNING'], 'TEXT_MODULE_ORDER' => $TEXT['MODULE_ORDER'], 'TEXT_MAX_EXCERPT' => $TEXT['MAX_EXCERPT'], 'TEXT_TIME_LIMIT' => $TEXT['TIME_LIMIT']));
if ($is_advanced) {
$template->parse('show_page_level_limit', 'show_page_level_limit_block', true);
$template->parse('show_checkbox_1', 'show_checkbox_1_block', true);
$template->parse('show_checkbox_2', 'show_checkbox_2_block', true);
$template->parse('show_checkbox_3', 'show_checkbox_3_block', true);
$template->parse('show_php_error_level', 'show_php_error_level_block', true);
$template->parse('show_charset', 'show_charset_block', true);
$template->parse('show_wysiwyg', 'show_wysiwyg_block', true);
$template->parse('show_search', 'show_search_block', false);
$template->parse('show_redirect_timer', 'show_redirect_timer_block', true);
} else {
$template->set_block('show_page_level_limit', '');
$template->set_block('show_checkbox_1', '');
$template->set_block('show_checkbox_2', '');
$template->set_block('show_checkbox_3', '');
$template->set_block('show_php_error_level', '');
$template->set_block('show_charset', '');
$template->set_block('show_wysiwyg', '');
$template->set_block('show_search', '');
$template->set_block('show_redirect_timer', '');
}
if ($is_advanced && $admin->get_user_id() == '1') {
$template->parse('show_access', 'show_access_block', true);
} else {
$template->set_block('show_access', '');
}
// Parse template objects output
$template->parse('main', 'main_block', false);
$template->pparse('output', 'page');
$admin->print_footer();