function process() { global $DB; global $website; global $events; global $theme; set_time_limit(0); setlocale(LC_ALL, $_SESSION['navigate_install_locale']); $lang = navigate_install_load_language(); switch ($_REQUEST['process']) { case 'verify_zip': sleep(1); if (!file_exists('package.zip')) { die(json_encode($lang['missing_package'])); } else { $zip = new ZipArchive(); if ($zip->open('package.zip') !== TRUE) { die(json_encode($lang['invalid_package'])); } else { $zip->close(); die(json_encode(true)); } } break; case 'extract_zip': $npath = getcwd() . NAVIGATE_FOLDER; $npath = str_replace('\\', '/', $npath); if (!file_exists($npath)) { mkdir($npath); } if (file_exists($npath)) { $zip = new ZipArchive(); if ($zip->open('package.zip') === TRUE) { $zip->extractTo($npath); $zip->close(); copy($npath . '/crossdomain.xml', dirname($npath) . '/crossdomain.xml'); die(json_encode(true)); } else { die(json_encode($lang['extraction_failed'])); } } die(json_encode($lang['folder_not_exists'])); break; case 'chmod': sleep(1); // chmod the directories recursively $npath = getcwd() . NAVIGATE_FOLDER; if (!navigate_install_chmodr($npath, 0755)) { die(json_encode($lang['chmod_failed'])); } else { die(json_encode(true)); } break; case 'verify_database': if ($_REQUEST['PDO_DRIVER'] == 'mysql' || $_REQUEST['PDO_DRIVER'] == 'mysql-socket') { try { $dsn = "mysql:host=" . $_REQUEST['PDO_HOSTNAME'] . ";port=" . $_REQUEST['PDO_PORT'] . ';charset=utf8'; if ($_REQUEST['PDO_DRIVER'] == "mysql-socket") { $dsn = "mysql:unix_socket=" . $_REQUEST['PDO_SOCKET'] . ";charset=utf8"; } $db_test = @new PDO($dsn, $_REQUEST['PDO_USERNAME'], $_REQUEST['PDO_PASSWORD']); if (!$db_test) { echo json_encode(array('error' => $lang['database_connect_error'])); } else { $create_database_privilege = false; $drop_database_privilege = false; $stm = $db_test->query('SHOW DATABASES;'); $rs = $stm->fetchAll(PDO::FETCH_COLUMN, 'Database'); $rs = array_diff($rs, array('mysql', 'information_schema')); $stm = $db_test->query('SHOW PRIVILEGES;'); $privileges = $stm->fetchAll(PDO::FETCH_ASSOC); for ($p = 0; $p < count($privileges); $p++) { if ($privileges[$p]['Privilege'] == 'Create') { if (strpos($privileges[$p]['Context'], 'Databases') !== false) { $create_database_privilege = true; } } if ($privileges[$p]['Privilege'] == 'Drop') { if (strpos($privileges[$p]['Context'], 'Databases') !== false) { $drop_database_privilege = true; } } } if ($create_database_privilege && $drop_database_privilege) { // check if we are really allowed to create databases $dbname = 'navigate_test_' . time(); $create_result = $db_test->exec('CREATE DATABASE ' . $dbname); if ($create_result) { $db_test->exec('DROP DATABASE ' . $dbname); } if (!$create_result) { $create_database_privilege = false; } } $db_test = NULL; echo json_encode(array('databases' => array_values($rs), 'create_database_privilege' => $create_database_privilege)); } } catch (Exception $e) { echo json_encode(array('error' => $e->getMessage())); } } else { echo json_encode(array('error' => $lang['database_driver_error'])); } exit; break; case 'database_create': $DB = new database(); if (!$DB->connect()) { // try to create the database automatically if (PDO_DRIVER == 'mysql') { if (PDO_DATABASE != '') { if (PDO_HOSTNAME != "") { $dsn = "mysql:host=" . PDO_HOSTNAME . ";port=" . PDO_PORT . ";charset=utf8"; } else { $dsn = "mysql:unix_socket=" . PDO_SOCKET . ";charset=utf8"; } $db_test = new PDO($dsn, PDO_USERNAME, PDO_PASSWORD); $db_test->exec('CREATE DATABASE IF NOT EXISTS `' . PDO_DATABASE . '` DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;'); $db_test = NULL; } if (!$DB->connect()) { echo json_encode(array('error' => $DB->get_last_error())); } else { echo json_encode(array('ok' => $lang['database_created'])); } } } else { echo json_encode(array('ok' => $lang['database_exists'])); } exit; break; case 'database_import': $DB = new database(); if (!$DB->connect()) { die(json_encode(array('error' => $DB->get_last_error()))); } try { $sql = file_get_contents('navigate.sql'); $sql = str_replace("{#!NAVIGATE_FOLDER!#}", NAVIGATE_PARENT . NAVIGATE_FOLDER, $sql); $sql = explode("\n\n", $sql); // can't do it in one step => SQLSTATE[HY000]: General error: 2014 foreach ($sql as $sqlline) { $sqlline = trim($sqlline); if (empty($sqlline)) { continue; } if (!@$DB->execute($sqlline)) { $error = $DB->get_last_error(); } if (!empty($error)) { break; } } } catch (Exception $e) { $error = $e->getMessage(); } if (!empty($error) && false) { echo json_encode(array('error' => $error)); } else { echo json_encode(array('ok' => $lang['done'])); } exit; break; case 'create_account': // create admin try { $DB = new database(); if (!$DB->connect()) { die(json_encode(array('error' => $DB->get_last_error()))); } $user = new user(); $user->id = 0; $user->username = $_SESSION['NAVIGATE-SETUP']['ADMIN_USERNAME']; $user->set_password($_SESSION['NAVIGATE-SETUP']['ADMIN_PASSWORD']); $user->email = $_SESSION['NAVIGATE-SETUP']['ADMIN_EMAIL']; $user->profile = 1; $user->skin = 'cupertino'; $user->language = $_SESSION['navigate_install_lang']; $user->blocked = 0; $user->timezone = 'UTC'; $user->date_format = 'Y-m-d H:i'; $user->decimal_separator = ','; $user->thousands_separator = ''; $user->attempts = 0; $user->cookie_hash = ''; $user->activation_key = ''; $ok = $user->insert(); if (!$ok) { throw new Exception($lang['error']); } // create default website details $website = new website(); $website->create_default(); $_SESSION['NAVIGATE-SETUP']['WEBSITE_DEFAULT'] = $website->id; echo json_encode(array('ok' => $lang['done'])); } catch (Exception $e) { echo json_encode(array('error' => $e->getMessage())); } exit; break; case 'install_default_theme': try { $DB = new database(); if (!$DB->connect()) { die(json_encode(array('error' => $DB->get_last_error()))); } if (@$_SESSION['NAVIGATE-SETUP']['DEFAULT_THEME'] == 'theme_kit') { $website = new website(); $website->load($_SESSION['NAVIGATE-SETUP']['WEBSITE_DEFAULT']); $website->theme = 'theme_kit'; $website->languages = array('en' => array('language' => 'en', 'variant' => '', 'code' => 'en', 'system_locale' => 'en_US.utf8'), 'es' => array('language' => 'es', 'variant' => '', 'code' => 'es', 'system_locale' => 'es_ES.utf8')); $website->languages_published = array('en', 'es'); $website->save(); // default objects (first user, no events bound...) $user = new user(); $user->load(1); $events = new events(); $zip = new ZipArchive(); $zip_open_status = $zip->open(NAVIGATE_PATH . '/themes/theme_kit.zip'); if ($zip_open_status === TRUE) { $zip->extractTo(NAVIGATE_PATH . '/themes/theme_kit'); $zip->close(); $theme = new theme(); $theme->load('theme_kit'); $theme->import_sample($website); } echo json_encode(array('ok' => $lang['done'])); } else { // user does not want to install the default theme echo json_encode(array('ok' => $lang['not_selected'])); } } catch (Exception $e) { echo json_encode(array('error' => $e->getMessage())); } exit; break; case 'apache_htaccess': try { $nvweb = dirname($_SERVER['REQUEST_URI']) . NAVIGATE_FOLDER . '/web/nvweb.php'; $nvweb = str_replace('//', '/', $nvweb); $data = array(); $data[] = 'Options +FollowSymLinks'; $data[] = 'Options -Indexes'; $data[] = 'RewriteEngine On'; $data[] = 'RewriteBase /'; $data[] = 'RewriteCond %{REQUEST_FILENAME} !-f'; $data[] = 'RewriteCond %{REQUEST_FILENAME} !-d'; $data[] = 'RewriteRule ^(.+) ' . $nvweb . '?route=$1 [QSA]'; $data[] = 'RewriteRule ^$ ' . $nvweb . '?route=nv.empty [L,QSA]'; $ok = @file_put_contents(dirname(NAVIGATE_PATH) . '/.htaccess', implode("\n", $data)); if (!$ok) { throw new Exception($lang['unexpected_error']); } echo json_encode('true'); } catch (Exception $e) { echo json_encode(array('error' => $e->getMessage())); } exit; break; } }
function run() { global $user; global $layout; global $DB; global $website; $out = ''; $item = new website(); switch ($_REQUEST['act']) { case 'json': case 1: // json data retrieval & operations switch ($_REQUEST['oper']) { case 'search_links': // active website only! $text = $_REQUEST['text']; $lang = $_REQUEST['lang']; if (empty($lang)) { $lang = array_keys($website->languages)[0]; } $DB->query(' SELECT p.path, d.text FROM nv_paths p, nv_webdictionary d WHERE p.website = ' . protect($website->id) . ' AND p.lang = ' . protect($lang) . ' AND d.website = p.website AND d.node_type = p.type AND d.node_id = p.object_id AND d.lang = p.lang AND d.subtype = "title" AND ( p.path LIKE ' . protect('%' . $text . '%') . ' OR d.text LIKE ' . protect('%' . $text . '%') . ' ) ORDER BY d.id DESC LIMIT 10 '); $result = $DB->result(); echo json_encode($result); core_terminate(); break; case 'del': // remove rows if ($user->permission('websites.delete') == 'true') { $ids = $_REQUEST['ids']; foreach ($ids as $id) { $item->load($id); $item->delete(); } echo json_encode(true); } core_terminate(); break; default: // list or search $page = intval($_REQUEST['page']); $max = intval($_REQUEST['rows']); $offset = ($page - 1) * $max; $orderby = $_REQUEST['sidx'] . ' ' . $_REQUEST['sord']; $where = " 1=1 "; if ($_REQUEST['_search'] == 'true' || isset($_REQUEST['quicksearch'])) { if (isset($_REQUEST['quicksearch'])) { $where .= $item->quicksearch($_REQUEST['quicksearch']); } else { if (isset($_REQUEST['filters'])) { $where .= navitable::jqgridsearch($_REQUEST['filters']); } else { // single search $where .= ' AND ' . navitable::jqgridcompare($_REQUEST['searchField'], $_REQUEST['searchOper'], $_REQUEST['searchString']); } } } $DB->queryLimit('id,name,subdomain,domain,folder,homepage,permission,favicon', 'nv_websites', $where, $orderby, $offset, $max); $dataset = $DB->result(); $total = $DB->foundRows(); //echo $DB->get_last_error(); $out = array(); $permissions = array(0 => '<img src="img/icons/silk/world.png" align="absmiddle" /> ' . t(69, 'Published'), 1 => '<img src="img/icons/silk/world_dawn.png" align="absmiddle" /> ' . t(70, 'Private'), 2 => '<img src="img/icons/silk/world_night.png" align="absmiddle" /> ' . t(81, 'Hidden')); for ($i = 0; $i < count($dataset); $i++) { $homepage = 'http://'; $homepage_relative_url = $dataset[$i]['homepage']; if (is_numeric($homepage_relative_url)) { $homepage_relative_url = path::loadElementPaths('structure', $homepage_relative_url); $homepage_relative_url = array_shift($homepage_relative_url); } if (!empty($dataset[$i]['subdomain'])) { $homepage .= $dataset[$i]['subdomain'] . '.'; } $homepage .= $dataset[$i]['domain'] . $dataset[$i]['folder'] . $homepage_relative_url; $favicon = ''; if (!empty($dataset[$i]['favicon'])) { $favicon = '<img src="' . NVWEB_OBJECT . '?type=img&id=' . $dataset[$i]['favicon'] . '&width=16&height=16" align="absmiddle" height="16" />'; } $out[$i] = array(0 => $dataset[$i]['id'], 1 => $favicon, 2 => $dataset[$i]['name'], 3 => '<a href="' . $homepage . '" target="_blank"><img align="absmiddle" src="' . NAVIGATE_URL . '/img/icons/silk/house_link.png"></a> ' . $homepage, 4 => $permissions[$dataset[$i]['permission']]); } navitable::jqgridJson($out, $page, $offset, $max, $total); break; } session_write_close(); exit; break; case 'edit': case 2: // edit/new form if (!empty($_REQUEST['id'])) { $item->load(intval($_REQUEST['id'])); } if (isset($_REQUEST['form-sent']) && $user->permission('websites.edit') == 'true') { $item->load_from_post(); try { $item->save(); $id = $item->id; unset($item); $item = new website(); $item->load($id); $layout->navigate_notification(t(53, "Data saved successfully."), false, false, 'fa fa-check'); } catch (Exception $e) { $layout->navigate_notification($e->getMessage(), true, true); } if (!empty($item->id)) { users_log::action($_REQUEST['fid'], $item->id, 'save', $item->name, json_encode($_REQUEST)); } } else { if (!empty($item->id)) { users_log::action($_REQUEST['fid'], $item->id, 'load', $item->name); } } $out = websites_form($item); break; case 'remove': case 4: if (!empty($_REQUEST['id']) && $user->permission('websites.delete') == 'true') { $item->load(intval($_REQUEST['id'])); if ($item->delete() > 0) { $layout->navigate_notification(t(55, 'Item removed successfully.'), false); if (!empty($item->id)) { users_log::action($_REQUEST['fid'], $item->id, 'remove', $item->name, json_encode($_REQUEST)); } // if we don't have any websites, tell user a new one will be created $test = $DB->query_single('id', 'nv_websites'); if (empty($test) || !$test) { $layout->navigate_notification(t(520, 'No website found; a default one has been created.'), false, true); $nwebsite = new website(); $nwebsite->create_default(); } $out = websites_list(); } else { $layout->navigate_notification(t(56, 'Unexpected error.'), false); $out = websites_form($item); } } break; case 5: // search an existing path $DB->query('SELECT path as id, path as label, path as value FROM nv_paths WHERE path LIKE ' . protect('%' . $_REQUEST['term'] . '%') . ' AND website = ' . protect($_REQUEST['wid']) . ' ORDER BY path ASC LIMIT 30', 'array'); echo json_encode($DB->result()); core_terminate(); break; case 'email_test': $website->mail_mailer = $_REQUEST['mail_mailer']; $website->mail_server = $_REQUEST['mail_server']; $website->mail_port = $_REQUEST['mail_port']; $website->mail_address = $_REQUEST['mail_address']; $website->mail_user = $_REQUEST['mail_user']; $website->mail_security = $_REQUEST['mail_security'] == "true" || $_REQUEST['mail_security'] == "1" ? "1" : "0"; if (!empty($_REQUEST['mail_password'])) { $website->mail_password = $_REQUEST['mail_password']; } $ok = navigate_send_email(APP_NAME, APP_NAME . '<br /><br />' . NAVIGATE_URL, $_REQUEST['send_to']); echo json_encode($ok); core_terminate(); break; case 'reset_statistics': if ($user->permission('websites.edit') == 'true') { $website_id = trim($_REQUEST['website']); $website_id = intval($website_id); $DB->execute('UPDATE nv_items SET views = 0 WHERE website = ' . $website_id); $DB->execute('UPDATE nv_paths SET views = 0 WHERE website = ' . $website_id); $DB->execute('UPDATE nv_structure SET views = 0 WHERE website = ' . $website_id); echo 'true'; users_log::action($_REQUEST['fid'], $website_id, 'reset_statistics', "", json_encode($_REQUEST)); } core_terminate(); break; case 'replace_urls': $old = trim($_REQUEST['old']); $new = trim($_REQUEST['new']); $website_id = trim($_REQUEST['website']); if (!empty($old) && !empty($new)) { // replace occurrences in nv_webdictionary $ok = $DB->execute(' UPDATE nv_webdictionary SET text = replace(text, :old, :new) WHERE website = :wid', array(':old' => $old, ':new' => $new, ':wid' => $website_id)); // replace occurrences in nv_blocks (triggers & actions) $ok = $DB->execute(' UPDATE nv_blocks SET `trigger` = replace(`trigger`, :old, :new), `action` = replace(`action`, :old, :new) WHERE website = :wid', array(':old' => $old, ':new' => $new, ':wid' => $website_id)); echo $ok ? 'true' : 'false'; if ($ok) { users_log::action($_REQUEST['fid'], $website_id, 'replace_urls', "", json_encode($_REQUEST)); } } else { echo 'false'; } core_terminate(); break; case 'remove_content': $website_id = trim($_REQUEST['website']); $website_id = intval($website_id); $password = trim($_REQUEST['password']); $authenticated = $user->authenticate($user->username, $password); if ($authenticated) { // remove all content except Webusers and Files @set_time_limit(0); $ok = $DB->execute(' DELETE FROM nv_blocks WHERE website = ' . $website_id . '; DELETE FROM nv_block_groups WHERE website = ' . $website_id . '; DELETE FROM nv_comments WHERE website = ' . $website_id . '; DELETE FROM nv_structure WHERE website = ' . $website_id . '; DELETE FROM nv_feeds WHERE website = ' . $website_id . '; DELETE FROM nv_items WHERE website = ' . $website_id . '; DELETE FROM nv_notes WHERE website = ' . $website_id . '; DELETE FROM nv_paths WHERE website = ' . $website_id . '; DELETE FROM nv_properties WHERE website = ' . $website_id . '; DELETE FROM nv_properties_items WHERE website = ' . $website_id . '; DELETE FROM nv_search_log WHERE website = ' . $website_id . '; DELETE FROM nv_webdictionary WHERE website = ' . $website_id . '; DELETE FROM nv_webdictionary_history WHERE website = ' . $website_id . '; '); if ($ok) { users_log::action($_REQUEST['fid'], $website_id, 'remove_content', "", json_encode($_REQUEST)); } echo $ok ? 'true' : $DB->error(); } else { echo ''; } core_terminate(); break; case 0: // list / search result // list / search result default: $out = websites_list(); break; } return $out; }