public static function delete_article($articleid)
{
$db = cmsms()->GetDb();
//Now remove the article
$query = "DELETE FROM " . cms_db_prefix() . "module_news WHERE news_id = ?";
$db->Execute($query, array($articleid));
// Delete it from the custom fields
$query = 'DELETE FROM ' . cms_db_prefix() . 'module_news_fieldvals WHERE news_id = ?';
$db->Execute($query, array($articleid));
// delete any files...
$config = cmsms()->GetConfig;
$p = cms_join_path($config['uploads_path'], 'news', 'id', $articleid);
if (is_dir($p)) {
recursive_delete($p);
}
news_admin_ops::delete_static_route($articleid);
//Update search index
$mod = cms_utils::get_module('News');
$module = cms_utils::get_module('Search');
if ($module != FALSE) {
$module->DeleteWords($mod->GetName(), $articleid, 'article');
}
@$mod->SendEvent('NewsArticleDeleted', array('news_id' => $articleid));
// put mention into the admin log
audit($articleid, 'News: ' . $articleid, 'Article deleted');
}
protected function fetch($name, &$source, &$mtime)
{
debug_buffer('start global_content_get_template');
$gCms = cmsms();
$config = $gCms->GetConfig();
$gcbops = $gCms->GetGlobalContentOperations();
$oneblob = $gcbops->LoadHtmlBlobByName($name);
if ($oneblob) {
$text = $oneblob->content;
$source = $text;
$mtime = $oneblob->modified_date;
// So no one can do anything nasty, take out the php smarty tags. Use a user
// defined plugin instead.
if (!(isset($config["use_smarty_php_tags"]) && $config["use_smarty_php_tags"] == true)) {
$source = preg_replace("/\\{\\/?php\\}/", "", $source);
}
} else {
$source = "<!-- Html blob '" . $name . "' does not exist -->";
// put mention into the admin log
audit('', 'Global Content Block: ' . $name, 'Can not open or does not exist!');
$mtime = time();
}
debug_buffer('end global_content_get_template');
return true;
}
/**
* @param array $data
* @param int $level
* @param bool $deprovisioning
*
* @return bool
*/
protected function audit($data = [], $level = 6, $deprovisioning = false)
{
if (function_exists('audit')) {
// Put instance ID into the correct place
isset($data['instance']) && ($data['dfe'] = ['instance_id' => $data['instance']->instance_id_text]);
return audit($data, $level, ($deprovisioning ? 'de' : null) . 'provision');
}
return false;
}
function cms_shutdown_function()
{
$error = error_get_last();
if ($error['type'] == E_ERROR || $error['type'] == E_USER_ERROR) {
$str = 'ERROR DETECTED: ' . $error['message'] . ' at ' . $error['file'] . ':' . $error['line'];
debug_to_log($str);
$db = cmsms()->GetDb();
if (is_object($db)) {
// put mention into the admin log
audit('', 'ERROR', $str);
}
}
}
/**
* A function to send lost password recovery email to a specified admin user (by name)
*
* @internal
* @access private
* @param string the username
* @return results from the attempt to send a message.
*/
function send_recovery_email($username)
{
$gCms = cmsms();
$config = $gCms->GetConfig();
$userops = $gCms->GetUserOperations();
$user = $userops->LoadUserByUsername($username);
$obj = cms_utils::get_module('CMSMailer');
if ($obj == null) {
return false;
}
$obj->AddAddress($user->email, html_entity_decode($user->firstname . ' ' . $user->lastname));
$obj->SetSubject(lang('lostpwemailsubject', html_entity_decode(get_site_preference('sitename', 'CMSMS Site'))));
$url = $config['admin_url'] . '/login.php?recoverme=' . md5(md5($config['root_path'] . '--' . $user->username . md5($user->password)));
$body = lang('lostpwemail', html_entity_decode(get_site_preference('sitename', 'CMSMS Site')), $user->username, $url);
$obj->SetBody($body);
audit('', 'Core', 'Sent Lost Password Email for ' . $username);
return $obj->Send();
}
function deldir($dir)
{
$handle = opendir($dir);
while (false !== ($FolderOrFile = readdir($handle))) {
if ($FolderOrFile != "." && $FolderOrFile != "..") {
if (@is_dir("{$dir}/{$FolderOrFile}")) {
deldir("{$dir}/{$FolderOrFile}");
} else {
unlink("{$dir}/{$FolderOrFile}");
}
}
}
closedir($handle);
if (rmdir($dir)) {
// put mention into the admin log
audit('', 'Image Manager', 'Removed Directory ' . $dir);
$success = true;
}
return $success;
}
protected function after_uploaded_file($fileobject)
{
// here we may do image handling, and other cruft.
if (is_object($fileobject) && $fileobject->name != '') {
$mod = cms_utils::get_module('FileManager');
$parms = array();
$parms['file'] = filemanager_utils::join_path(filemanager_utils::get_full_cwd(), $fileobject->name);
if ($mod->GetPreference('create_thumbnails')) {
$thumb = cms_utils::generate_thumbnail($parms['file']);
if ($thumb) {
$params['thumb'] = $thumb;
}
}
$str = $fileobject->name . ' uploaded to ' . filemanager_utils::get_full_cwd();
if (isset($params['thumb'])) {
$str .= ' and a thumbnail was generated';
}
audit('', $mod->GetName(), $str);
$mod->SendEvent('OnFileUploaded', $parms);
}
}
}
if ($validinfo) {
$onetemplate = $templateops->LoadTemplateByID($template_id);
$onetemplate->name = $template;
$onetemplate->content = $content;
$onetemplate->stylesheet = $stylesheet;
$onetemplate->encoding = $encoding;
$onetemplate->active = $active;
Events::SendEvent('Core', 'EditTemplatePre', array('template' => &$onetemplate));
$result = $onetemplate->Save();
if ($result) {
#Make sure the new name is used if this is an apply
$orig_template = $template;
Events::SendEvent('Core', 'EditTemplatePost', array('template' => &$onetemplate));
// put mention into the admin log
audit($template_id, 'HTML-template: ' . $onetemplate->name, 'Edited');
if (!$apply) {
switch ($from) {
case 'content':
redirect("listcontent.php" . $urlext);
break;
case 'cssassoc':
redirect('templatecss.php' . $urlext . '&id=' . $cssid . '&type=template');
break;
case 'module_TemplateManager':
redirect('moduleinterface.php' . $urlext . '&module=TemplateManager');
break;
default:
redirect("listtemplates.php" . $urlext);
break;
}
//eval('function testfunction'.rand().'() {'.$code.'}');
$buffer = ob_get_clean();
//add error
$error[] = preg_replace('/<br \\/>/', '', $buffer);
$validinfo = false;
} else {
ob_get_clean();
}
}
if ($validinfo) {
Events::SendEvent('Core', 'EditUserDefinedTagPre', array('id' => $userplugin_id, 'name' => &$plugin_name, 'code' => &$code));
$query = "UPDATE " . cms_db_prefix() . "userplugins SET userplugin_name = " . $db->qstr($plugin_name) . ", code = " . $db->qstr($code) . ", modified_date = " . $db->DBTimeStamp(time()) . " WHERE userplugin_id = " . $db->qstr($userplugin_id);
$result = $db->Execute($query);
if ($result) {
Events::SendEvent('Core', 'EditUserDefinedTagPost', array('id' => $userplugin_id, 'name' => &$plugin_name, 'code' => &$code));
audit($userplugin_id, $plugin_name, 'Edited User Defined Tag');
if (!isset($_POST['apply'])) {
redirect("listusertags.php" . $urlext . "&message=usertagupdated");
return;
}
} else {
$error[] = lang('errorupdatingusertag');
}
}
if ($ajax) {
header('Content-Type: text/xml');
print '<?xml version="1.0" encoding="UTF-8"?>';
print '<EditUserPlugin>';
if (sizeof($error)) {
print '<Response>Error</Response>';
print '<Details><![CDATA[';
/**
* _SetModuleAdminInterfaces
*
* This function sets up data structures to place modules in the proper Admin sections
* for display on section pages and menus.
*
* @since 1.10
* @access private
* @ignore
*/
private function _SetModuleAdminInterfaces()
{
if (is_array($this->_sectionCount)) {
return;
}
$this->_sectionCount = array();
$this->_modulesBySection = array();
// get the info from the cache
$usermoduleinfo = $this->_get_user_module_info();
if (!is_array($usermoduleinfo)) {
// put mention into the admin log
audit(get_userid(FALSE), 'Admin Theme', 'No module information found for user');
}
// Are there any modules with an admin interface?
foreach ($usermoduleinfo as $key => $rec) {
$section = $rec['adminsection'];
if ($section == '') {
$section == 'extensions';
}
if (!isset($this->_sectionCount[$section])) {
$this->_sectionCount[$section] = 0;
}
$data = array();
$data['key'] = $key;
$data['friendlyname'] = isset($rec['friendlyname']) ? $rec['friendlyname'] : $key;
$data['name'] = $data['friendlyname'];
$data['description'] = $rec['admindescription'] != '' ? $rec['admindescription'] : '';
$config = cmsms()->GetConfig();
$tmp = array("modules/{$key}/images/icon.gif", "modules/{$key}/icons/icons.gif", "modules/{$key}/images/icon.png", "modules/{$key}/icons/icons.png");
foreach ($tmp as $one) {
$fn = cms_join_path($config['root_path'], $one);
if (file_exists($fn)) {
$data['icon'] = $config['root_url'] . '/' . $one;
break;
}
}
$this->_modulesBySection[$section][] = $data;
$this->_sectionCount[$section]++;
}
}
set_preference($userid, 'syntaxhighlighter', $syntaxhighlighter);
set_preference($userid, 'default_cms_language', $default_cms_lang);
set_preference($userid, 'admintheme', $admintheme);
set_preference($userid, 'bookmarks', $bookmarks);
set_preference($userid, 'hide_help_links', $hide_help_links);
set_preference($userid, 'indent', $indent);
set_preference($userid, 'enablenotifications', $enablenotifications);
set_preference($userid, 'paging', $paging);
set_preference($userid, 'date_format_string', $date_format_string);
set_preference($userid, 'default_parent', $default_parent);
set_preference($userid, 'homepage', $homepage);
set_preference($userid, 'ignoredmodules', implode(',', $ignoredmodules));
set_preference($userid, 'listtemplates_pagelimit', $listtemplates_pagelimit);
set_preference($userid, 'liststylesheets_pagelimit', $liststylesheets_pagelimit);
set_preference($userid, 'listgcbs_pagelimit', $listgcbs_pagelimit);
audit(-1, '', 'Edited User Preferences');
$page_message = lang('prefsupdated');
#redirect("index.php");
#return;
} else {
if (!isset($_POST["edituserprefs"])) {
$gcb_wysiwyg = get_preference($userid, 'gcb_wysiwyg', 1);
$wysiwyg = get_preference($userid, 'wysiwyg');
$syntaxhighlighter = get_preference($userid, 'syntaxhighlighter');
$default_cms_lang = get_preference($userid, 'default_cms_language');
$old_default_cms_lang = $default_cms_lang;
$admintheme = get_preference($userid, 'admintheme');
$bookmarks = get_preference($userid, 'bookmarks');
$indent = get_preference($userid, 'indent', true);
$enablenotifications = get_preference($userid, 'enablenotifications', 1);
$paging = get_preference($userid, 'paging', 0);
if ($access && strtoupper($_SERVER['REQUEST_METHOD']) == 'POST') {
try {
if ($submit || $apply) {
// Fill contentobj with parameters
$contentobj->SetAddMode();
$contentobj->FillParams($_POST);
$contentobj->SetOwner($userid);
$error = $contentobj->ValidateData();
if ($error === FALSE) {
$contentobj->Save();
$gCms = cmsms();
$contentops = $gCms->GetContentOperations();
$contentops->SetAllHierarchyPositions();
if ($submit) {
// put mention into the admin log
audit($contentobj->Id(), 'Content Item: ' . $contentobj->Name(), 'Added');
redirect('listcontent.php' . $urlext . '&message=contentadded');
}
}
} else {
$contentobj->FillParams($_POST);
}
} catch (CmsEditContentException $e) {
$error = $e->getMessage();
}
}
if (!$access) {
echo "<div class=\"pageerrorcontainer pageoverflow\"><p class=\"pageerror\">" . lang('noaccessto', array(lang('addcontent'))) . "</p></div>";
} else {
$tabnames = $contentobj->TabNames();
// Get a list of content_types and build the dropdown to select one
</div>
</div>
<?php
} else {
redirect('listtemplates.php' . $urlext);
}
} else {
if ($action == 'dodelete') {
$userid = get_userid();
$access = check_permission($userid, 'Remove Templates');
if ($access) {
foreach ($nodelist as $node) {
$id = $node->id;
$title = $node->name;
$node->Delete();
audit($id, $title, 'Deleted Template');
}
}
redirect("listtemplates.php" . $urlext);
} else {
if ($action == 'inactive') {
$userid = get_userid();
$permission = check_permission($userid, 'Modify Templates');
foreach ($nodelist as $node) {
if ($permission) {
if ($node->active) {
$node->active = false;
$node->Save();
}
}
}
error_log($msg);
continue;
}
$new[] = $role;
}
$orig = $user->roles;
if ($new != $orig) {
array_push($audit_changes, sprintf("Roles = <%s>", implode(", ", $new)));
$user->roles = $new;
}
if (count($audit_changes) == 0) {
$renderer->flash_success("No changes were made");
header("Location: user-list.php");
exit(0);
}
$errors = $user->errors();
if (count($errors) == 0) {
if (!$user->save()) {
array_push($errors, "Unknown error trying to save a user! Try again or contact support.");
}
}
if (count($errors) == 0) {
audit($action, sprintf("User %s [%s]", $userid, implode("; ", $audit_changes)));
$renderer->flash_success("Saved user");
header("Location: user-list.php");
} else {
$renderer->variable("errors", $errors);
$renderer->variable("mod_user", $user);
$renderer->variable("title", sprintf("Editing %s", $user->login));
$renderer->render("user-form");
}
if (isset($params['prefix'])) {
$prefix = trim($params['prefix']);
}
if (!isset($params['templatecontent']) || empty($params['templatecontent'])) {
$module->SetError($this->Lang('error_missingparam'));
$module->RedirectToTab($id, $this->_current_tab, '', $the_action);
return;
}
if ($template == "" || $prefix == "") {
$module->SetError($this->Lang('error_missingparam'));
$module->RedirectToTab($id, $this->_current_tab, '', $the_action);
return;
}
$newtemplate = $prefix . $template;
// check if this template already exists
$txt = trim($module->GetTemplate($newtemplate));
if ($txt != "") {
$module->SetError($this->Lang('error_templatenameexists'));
$module->RedirectToTab($id, $this->_current_tab, '', $the_action);
return;
}
// we're ready to set it
$text = $params['templatecontent'];
//$text = cms_html_entity_decode($params['templatecontent'],ENT_QUOTES,get_encoding());
$module->SetTemplate($newtemplate, $text);
audit('', $module->GetName(), 'Added Template ' . $newtemplate);
if ($this->_current_tab != '') {
$module->RedirectToTab($id, $this->_current_tab, '', $the_action);
return;
}
$module->Redirect($id, $the_action);
}
if ($types != '') {
$types = substr($types, 0, -2);
#strip last space and comma
} else {
$types = '';
}
$newstylesheet->media_type = $types;
Events::SendEvent('Core', 'AddStylesheetPre', array('stylesheet' => &$newstylesheet));
$result = $newstylesheet->Save();
# we now have to check that everything went well
if ($result) {
#Sent the post event
Events::SendEvent('Core', 'AddStylesheetPost', array('stylesheet' => &$newstylesheet));
# it's ok, we record the operation in the admin log
audit($newstylesheet->id, 'Stylesheet: ' . $css_name, 'Added');
# and goes back to the css list
redirect("listcss.php" . $urlext);
return;
} else {
$error .= "<li>" . lang('errorinsertingcss') . "</li>";
}
}
}
}
include_once "header.php";
#******************************************************************************
# the user does not have access : error message
#******************************************************************************
if (!$access) {
echo "<div class=\"pageerrorcontainer\"><p class=\"pageerror\">" . lang('noaccessto', array(lang('addstylesheet'))) . "</p></div>";
Events::SendEvent('Core', 'ChangeGroupAssignPre', array('group' => $thisGroup, 'users' => $userops->LoadUsersInGroup($thisGroup->id)));
$query = "DELETE FROM " . cms_db_prefix() . "user_groups WHERE group_id = ? AND user_id != ?";
$result = $db->Execute($query, array($thisGroup->id, $userid));
$iquery = "INSERT INTO " . cms_db_prefix() . "user_groups (group_id, user_id, create_date, modified_date) VALUES (?,?,?,?)";
foreach ($_POST as $key => $value) {
if (strpos($key, "ug") == 0 && strpos($key, "ug") !== false) {
$keyparts = explode('_', $key);
if ($keyparts[2] == $thisGroup->id && $value == '1') {
$result = $db->Execute($iquery, array($thisGroup->id, $keyparts[1], $db->DBTimeStamp(time()), $db->DBTimeStamp(time())));
}
}
}
Events::SendEvent('Core', 'ChangeGroupAssignPost', array('group' => $thisGroup, 'users' => $userops->LoadUsersInGroup($thisGroup->id)));
audit($group_id, 'Group ID', lang('assignmentchanged'));
}
audit($userid, 'Group ID', lang('assignmentchanged'));
$message = lang('assignmentchanged');
}
$query = "SELECT u.user_id, u.username, ug.group_id FROM " . cms_db_prefix() . "users u LEFT JOIN " . cms_db_prefix() . "user_groups ug ON u.user_id = ug.user_id ORDER BY u.username";
$result = $db->Execute($query);
$user_struct = array();
while ($result && ($row = $result->FetchRow())) {
if (isset($user_struct[$row['user_id']])) {
$str =& $user_struct[$row['user_id']];
$str->group[$row['group_id']] = 1;
} else {
$thisUser = new stdClass();
$thisUser->group = array();
if (!empty($row['group_id'])) {
$thisUser->group[$row['group_id']] = 1;
}
foreach ($_POST as $key => $value) {
if (strpos($key, "pg") == 0 && strpos($key, "pg") !== false) {
$keyparts = explode('_', $key);
$keyparts[1] = (int) $keyparts[1];
if ($keyparts[1] > 0 && $keyparts[2] != '1' && $value == '1') {
$new_id = $db->GenID(cms_db_prefix() . "group_perms_seq");
$result = $db->Execute($iquery, array($new_id, $keyparts[2], $keyparts[1]));
if (!$result) {
echo "FATAL: " . $db->ErrorMsg() . '<br/>' . $db->sql;
exit;
}
}
}
}
// put mention into the admin log
audit($userid, 'Permission Group ID: ' . $userid, 'Changed');
$message = lang('permissionschanged');
$gCms->clear_cached_files();
}
$query = "SELECT p.permission_id, p.permission_text, up.group_id FROM " . cms_db_prefix() . "permissions p LEFT JOIN " . cms_db_prefix() . "group_perms up ON p.permission_id = up.permission_id ORDER BY p.permission_text";
$result = $db->Execute($query);
$perm_struct = array();
while ($result && ($row = $result->FetchRow())) {
if (isset($perm_struct[$row['permission_id']])) {
$str =& $perm_struct[$row['permission_id']];
$str->group[$row['group_id']] = 1;
} else {
$thisPerm = new stdClass();
$thisPerm->group = array();
if (!empty($row['group_id'])) {
$thisPerm->group[$row['group_id']] = 1;
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# Or read it online: http://www.gnu.org/licenses/licenses.html#GPL
#
#-------------------------------------------------------------------------
#END_LICENSE
if (!isset($gCms)) {
return;
}
$outp = cgsi_utils::process_image($params);
$silent = $this->GetPreference('silent', 0);
if (isset($params['silent'])) {
$silent = (int) $params['silent'];
}
if (isset($outp['error']) && $outp['error'] != '') {
if (!$silent) {
trigger_error($outp['error']);
}
audit('', $this->GetName(), $outp['error']);
return;
}
if (isset($outp['output'])) {
echo $outp['output'];
}
#
# EOF
#
$classname = "";
if (is_object($contentobj)) {
$classname = get_class($contentobj);
}
if ($submit || $apply) {
#Fill contentobj with parameters
// $contentobj->SetProperties(); // calguy should not be necessary
$contentobj->FillParams($_POST);
$error = $contentobj->ValidateData();
if ($error === FALSE) {
$contentobj->SetLastModifiedBy(get_userid());
$contentobj->Save();
global $gCms;
$contentops =& $gCms->GetContentOperations();
$contentops->SetAllHierarchyPositions();
audit($contentobj->Id(), $contentobj->Name(), 'Edited Content');
if ($submit) {
redirect("listcontent.php" . $urlext . "&page=" . $pagelist_id . '&message=contentupdated');
}
}
if ($ajax) {
header('Content-Type: text/xml');
print '<?xml version="1.0" encoding="UTF-8"?>';
print '<EditContent>';
if ($error !== false) {
print '<Response>Error</Response>';
print '<Details><![CDATA[';
if (!is_array($error)) {
$error = array($error);
}
print '<li>' . join('</li><li>', $error) . '</li>';
die('<br/>Destination module not set');
}
$module =& $this->GetModuleInstance($params['destmodule']);
if (!is_object($module)) {
stack_trace();
die('<br/>Could not find destination module');
}
if (isset($params['resettodefault']) && isset($params['prefname']) && isset($params['filename'])) {
$fn = dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . $module->GetName() . DIRECTORY_SEPARATOR . 'templates' . DIRECTORY_SEPARATOR . $params['filename'];
if (file_exists($fn)) {
$template = @file_get_contents($fn);
$module->SetTemplate($params['prefname'], $template);
$module->RemovePreference($params['prefname']);
// clear old cruft.
audit('', $module->GetName(), 'Reset the default template for ' . $params['prefname']);
}
} else {
if (isset($params['submit']) && isset($params['prefname'])) {
$module->SetTemplate($params['prefname'], $params['input_template']);
$module->RemovePreference($params['prefname']);
// clear old cruft.
audit('', $module->GetName(), 'Template ' . $params['prefname'] . ' was edited');
}
}
$module->SetCurrentTab($this->_current_tab);
$the_action = 'defaultadmin';
if (isset($params['destaction'])) {
$the_action = trim($params['destaction']);
}
$module->RedirectToTab($id, '', '', $the_action);
// EOF
</div>
<?php
} else {
redirect('listtemplates.php' . $urlext);
}
} else {
if ($action == 'dodelete') {
$userid = get_userid();
$access = check_permission($userid, 'Remove Templates');
if ($access) {
foreach ($nodelist as $node) {
$id = $node->id;
$title = $node->name;
$node->Delete();
// put mention into the admin log
audit($id, 'HTML-template: ' . $title, 'Deleted');
}
}
redirect("listtemplates.php" . $urlext);
} else {
if ($action == 'inactive') {
$userid = get_userid();
$permission = check_permission($userid, 'Modify Templates');
foreach ($nodelist as $node) {
if ($permission) {
if ($node->active) {
$node->active = false;
$node->Save();
}
}
}
function display_hierarchy(&$root, &$userid, $modifyall, &$users, &$menupos, &$openedArray, &$pagelist, &$image_true, &$image_set_false, &$image_set_true, &$upImg, &$downImg, &$viewImg, &$editImg, &$copyImg, &$deleteImg, &$expandImg, &$contractImg, &$mypages, &$page, $columnstodisplay, $author_allpages)
{
global $thisurl;
global $urlext;
global $currow;
global $config;
global $page;
global $indent;
if (empty($currow)) {
$currow = 'row1';
}
$children = $root->getChildren(false, true);
$one = $root->getContent();
$thelist = '';
if (!(isset($one) && $one != NULL)) {
audit($root->get_tag('id'), 'Core', 'failed to get content for valid content id ' . $root->get_tag('id'));
return;
}
if (!array_key_exists($one->Owner(), $users)) {
$userops = cmsms()->GetUserOperations();
$users[$one->Owner()] = $userops->LoadUserById($one->Owner());
}
$display = 'none';
if (check_modify_all($userid) || check_ownership($userid, $one->Id()) || quick_check_authorship($one->Id(), $mypages)) {
$display = 'edit';
} else {
if (check_children($root, $mypages, $userid)) {
$display = 'view';
} else {
if (check_permission($userid, 'Manage All Content')) {
$display = 'structure';
}
}
}
$columns = array();
if ($display != 'none') {
$thelist .= "<tr id=\"tr_" . $one->Id() . "\" class=\"{$currow}\">\n";
/* expand/collapse column */
$columns['expand'] = ' ';
if ($columnstodisplay['expand']) {
$txt = '';
if ($root->hasChildren()) {
if (!in_array($one->Id(), $openedArray)) {
$txt .= "<a class=\"expand\" href=\"{$thisurl}&content_id=" . $one->Id() . "&col=0&page=" . $page . "\" onclick=\"xajax_content_toggleexpand(" . $one->Id() . ", 'false'); return false;\">";
$txt .= $expandImg;
$txt .= "</a>";
} else {
$txt .= "<a class=\"contract\" href=\"{$thisurl}&content_id=" . $one->Id() . "&col=1&page=" . $page . "\" onclick=\"xajax_content_toggleexpand(" . $one->Id() . ", 'true'); return false;\">";
$txt .= $contractImg;
$txt .= "</a>";
}
}
if (!empty($txt)) {
$columns['expand'] = $txt;
}
}
/* hierarchy column */
if ($columnstodisplay['hier']) {
$columns['hier'] = $one->Hierarchy();
}
/* page column */
if ($columnstodisplay['page']) {
$columns['page'] = ' ';
$txt = '';
if ($one->MenuText() != CMS_CONTENT_HIDDEN_NAME) {
if ($indent) {
for ($i = 0; $i < $root->getLevel(); $i++) {
$txt .= "- ";
}
}
$str = $one->MenuText();
if (get_site_preference('listcontent_showtitle', 0)) {
$str = $one->Name();
}
if ($display == 'edit') {
$txt .= '<a class="tooltip" href="editcontent.php' . $urlext . '&content_id=' . $one->Id() . '&page=' . $page . '" title="' . cms_htmlentities($one->Name() . ' (' . $one->Alias() . ')', '', '', true) . '" onmouseover="document.getElementById(\'' . $one->Id() . '_info\').style.display = \'inline-block\';" onmouseout="document.getElementById(\'' . $one->Id() . '_info\').style.display = \'none\';">
' . cms_htmlentities($str, '', '', true) . '<span id="' . $one->Id() . '_info"><strong>' . lang('content_id') . ':</strong> ' . $one->Id() . '<br /> <strong>' . lang('title') . ':</strong> ' . cms_htmlentities($one->Name()) . '<br /> <strong>' . lang('pagealias') . ':</strong> ' . $one->Alias() . '</span></a>';
} else {
$txt .= cms_htmlentities($str, '', '', true);
}
}
if (!empty($txt)) {
$columns['page'] = $txt;
}
}
/* alias column */
if ($columnstodisplay['alias']) {
$columns['alias'] = ' ';
$txt = '';
if ($one->HasUsableLink() && $one->Alias() != '') {
$txt = $one->Alias();
}
if (!empty($txt)) {
$columns['alias'] = $txt;
}
}
/* url column */
if ($columnstodisplay['url']) {
$columns['url'] = ' ';
$txt = '';
if ($one->HasUsableLink() && $one->URL() != '') {
$url = $one->URL();
if (strlen($url) > 30) {
$url = '...' . substr($url, strlen($url) - 27);
}
$txt = $url;
}
if (!empty($txt)) {
if (!prettyurls_ok()) {
$txt = '<span style="color: red;" title="' . lang('prettyurls_noeffect') . '">' . $txt . '<span>';
}
}
if (!empty($txt)) {
$columns['url'] = $txt;
}
}
/* template column */
if ($columnstodisplay['template']) {
$columns['template'] = ' ';
$txt = '';
if ($one->Type() != 'pagelink' && $one->Type() != 'link' && $one->Type() != 'sectionheader' && $one->Type() != 'separator') {
$template = TemplateOperations::get_instance()->LoadTemplateById($one->TemplateId());
if ($template && check_permission($userid, 'Modify Template')) {
$txt .= "<a title=\"" . lang('edittemplate') . "\" href=\"edittemplate.php" . $urlext . "&template_id=" . $one->TemplateId() . "&from=content\">" . cms_htmlentities($template->name, '', '', true) . "</a>";
} else {
if ($template) {
$txt .= $template->name;
}
}
}
if (!empty($txt)) {
$columns['template'] = $txt;
}
}
/* friendly name column */
if ($columnstodisplay['friendlyname']) {
$columns['friendlyname'] = $one->FriendlyName();
}
/* owner column */
if ($columnstodisplay['owner']) {
$columns['owner'] = ' ';
if ($one->Owner() > -1) {
$columns['owner'] = $users[$one->Owner()]->username;
}
}
/* active column */
if ($columnstodisplay['active']) {
$columns['active'] = ' ';
$txt = '';
if (check_permission($userid, 'Manage All Content') && $one->Type() != 'errorpage') {
if ($one->Active()) {
$txt = $one->DefaultContent() ? $image_true : "<a href=\"{$thisurl}&setinactive=" . $one->Id() . "\" onclick=\"xajax_content_setinactive(" . $one->Id() . ");return false;\">" . $image_set_false . "</a>";
} else {
$txt = "<a href=\"{$thisurl}&setactive=" . $one->Id() . "\" onclick=\"xajax_content_setactive(" . $one->Id() . ");return false;\">" . $image_set_true . "</a>";
}
}
if (!empty($txt)) {
$columns['active'] = $txt;
}
}
/* default content */
if ($columnstodisplay['default']) {
$columns['default'] = ' ';
$txt = '';
if (check_permission($userid, 'Manage All Content')) {
if ($one->IsDefaultPossible()) {
$txt = $one->DefaultContent() ? $image_true : "<a href=\"{$thisurl}&makedefault=" . $one->Id() . "\" onclick=\"if(confirm('" . cms_html_entity_decode_utf8(lang("confirmdefault", $one->Name()), true) . "')) xajax_content_setdefault(" . $one->Id() . ");return false;\">" . $image_set_true . "</a>";
}
}
if (!empty($txt)) {
$columns['default'] = $txt;
}
}
/* move column */
if ($columnstodisplay['move']) {
// code for move up is simple
$columns['move'] = ' ';
$txt = '';
if (check_permission($userid, 'Manage All Content') || $author_allpages) {
$sameLevel = $root->getSiblingCount();
if ($sameLevel > 1) {
if ($one->ItemOrder() - 1 <= 0) {
$txt .= "<a onclick=\"xajax_content_move(" . $one->Id() . ", " . $one->ParentId() . ", 'down'); return false;\" href=\"{$thisurl}&direction=down&content_id=" . $one->Id() . "&parent_id=" . $one->ParentId() . "&page=" . $page . "\">";
$txt .= $downImg;
$txt .= "</a> ";
} else {
if ($one->ItemOrder() - 1 == $sameLevel - 1) {
$txt .= " <a class=\"move_up\" onclick=\"xajax_content_move(" . $one->Id() . ", " . $one->ParentId() . ", 'up'); return false;\" href=\"{$thisurl}&direction=up&content_id=" . $one->Id() . "&parent_id=" . $one->ParentId() . "&page=" . $page . "\">";
$txt .= $upImg;
$txt .= "</a>";
} else {
$txt .= "<a onclick=\"xajax_content_move(" . $one->Id() . ", " . $one->ParentId() . ", 'down'); return false;\" href=\"{$thisurl}&direction=down&content_id=" . $one->Id() . "&parent_id=" . $one->ParentId() . "&page=" . $page . "\">";
$txt .= $downImg;
$txt .= "</a> <a onclick=\"xajax_content_move(" . $one->Id() . ", " . $one->ParentId() . ", 'up'); return false;\" href=\"{$thisurl}&direction=up&content_id=" . $one->Id() . "&parent_id=" . $one->ParentId() . "&page=" . $page . "\">";
$txt .= $upImg;
$txt .= "</a>";
}
}
}
// $txt .= '<input clsss="hidden" type="text" name="order-'. $one->Id().'" value="'.$one->ItemOrder().'" class="order" />';
}
if (!empty($txt)) {
$columns['move'] = $txt;
}
// end of move code
}
/* view column */
if ($columnstodisplay['view']) {
$columns['view'] = ' ';
$txt = '';
$url = $one->GetURL();
if ($url != '' && $url != '#' && $one->IsViewable() && $one->Active()) {
$txt .= "<a href=\"" . $url . "\" rel=\"external\" target=\"_blank\">";
$txt .= $viewImg . "</a>";
}
if (!empty($txt)) {
$columns['view'] = $txt;
}
}
/* copy column */
if ($columnstodisplay['copy']) {
$columns['copy'] = ' ';
$txt = '';
if ($one->IsCopyable() && (check_permission($userid, 'Add Pages') && (check_ownership($userid, $one->Id()) || quick_check_authorship($one->Id(), $mypages)) || check_permission($userid, 'Manage All Content'))) {
$txt .= '<a href="copycontent.php' . $urlext . '&content_id=' . $one->Id() . '">';
$txt .= $copyImg . "</a>";
}
if (!empty($txt)) {
$columns['copy'] = $txt;
}
}
/* edit column */
if ($columnstodisplay['edit']) {
$columns['edit'] = ' ';
$txt = '';
if (check_modify_all($userid) || check_ownership($userid, $one->Id()) || quick_check_authorship($one->Id(), $mypages) || check_permission($userid, 'Manage All Content')) {
// edit link
$txt .= "<a href=\"editcontent.php" . $urlext . "&content_id=" . $one->Id() . "\">";
$txt .= $editImg;
$txt .= "</a>";
}
if (!empty($txt)) {
$columns['edit'] = $txt;
}
}
/* delete column */
if ($columnstodisplay['delete']) {
$columns['delete'] = ' ';
$txt = '';
if ($one->DefaultContent() != true) {
if ($root->getChildrenCount() == 0 && (check_permission($userid, 'Remove Pages') && (check_ownership($userid, $one->Id()) || quick_check_authorship($one->Id(), $mypages)) || check_permission($userid, 'Manage All Content'))) {
//$txt .= "<a href=\"{$thisurl}&deletecontent=".$one->Id()."\" onclick=\"confirm('".cms_html_entity_decode_utf8(lang('deleteconfirm', $one->mName), true)."');\">";
$txt .= "<a href=\"{$thisurl}&deletecontent=" . $one->Id() . "\" onclick=\"if (confirm('" . cms_html_entity_decode_utf8(lang('deleteconfirm', $one->Name()), true) . "')) xajax_content_delete(" . $one->Id() . "); return false;\">";
$txt .= $deleteImg;
$txt .= "</a>";
}
}
if (!empty($txt)) {
$columns['delete'] = $txt;
}
}
if ($columnstodisplay['multiselect']) {
/* multiselect */
$columns['multiselect'] = ' ';
$txt = '';
$remove = check_permission($userid, 'Remove Pages') ? 1 : 0;
$structure = check_permission($userid, 'Manage All Content') ? 1 : 0;
$editperms = check_permission($userid, 'Modify Any Page') || quick_check_authorship($one->Id(), $mypages) || check_ownership($userid, $one->Id()) ? 1 : 0;
if (($structure == 1 || $remove == 1 && $editperms == 1) && $one->Type() != 'errorpage') {
$txt .= '<label class="invisible" for="multicontent-' . $one->Id() . '">' . lang('toggle') . '</label><input type="checkbox" id="multicontent-' . $one->Id() . '" name="multicontent-' . $one->Id() . '" title="' . lang('toggle') . '"/>';
}
if (!empty($txt)) {
$columns['multiselect'] = $txt;
}
}
/* done */
foreach ($columns as $name => $value) {
if (!$columnstodisplay[$name]) {
continue;
}
switch ($name) {
case 'edit':
case 'default':
case 'view':
case 'copy':
case 'delete':
case 'active':
$thelist .= '<td class="pagepos">' . $value . "</td>\n";
break;
case 'move':
$thelist .= '<td class="move">' . $value . "</td>\n";
break;
case 'multiselect':
$thelist .= '<td class="checkbox">' . $value . "</td>\n";
break;
default:
$thelist .= '<td>' . $value . "</td>\n";
break;
}
}
$thelist .= "</tr>\n";
$currow == "row1" ? $currow = "row2" : ($currow = "row1");
}
$pagelist[] = $thelist;
$indent = get_preference($userid, 'indent', true);
if (in_array($one->Id(), $openedArray) && is_array($children) && count($children)) {
// count through all the children and see if we can display the move column.
$author_allpages = check_permission($userid, 'Reorder Content') && check_peer_authorship($userid, $children[0]->getId());
foreach ($children as $child) {
display_hierarchy($child, $userid, $modifyall, $users, $menupos, $openedArray, $pagelist, $image_true, $image_set_false, $image_set_true, $upImg, $downImg, $viewImg, $editImg, $copyImg, $deleteImg, $expandImg, $contractImg, $mypages, $page, $columnstodisplay, $author_allpages);
}
}
}
?>
" class="pagebutton" onmouseover="this.className='pagebuttonhover'" onmouseout="this.className='pagebutton'" />
</p>
</div>
</form>
</div>
</div>
<?php
} else {
redirect('listcss.php' . $urlext);
}
} else {
if ($action == 'dodelete') {
$userid = get_userid();
$access = check_permission($userid, 'Remove Stylesheets');
if ($access) {
foreach ($nodelist as $node) {
$id = $node->id;
$title = $node->name;
$node->Delete();
audit($id, $title, 'Deleted Stylesheet');
}
}
redirect("listcss.php" . $urlext);
} else {
redirect("listcss.php" . $urlext);
}
}
}
include_once "footer.php";
# vim:ts=4 sw=4 noet
// Display a warning sitedownwarning
$sitedown_message = lang('sitedownwarning', TMP_CACHE_LOCATION . '/SITEDOWN');
$sitedown_file = TMP_CACHE_LOCATION . '/SITEDOWN';
if (file_exists($sitedown_file)) {
$themeObject->AddNotification(1, 'Core', $sitedown_message);
}
$timelastchecked = get_site_preference('lastcmsversioncheck', 0);
if (get_site_preference('checkversion', 1) && time() - $timelastchecked > 24 * 60 * 60 || isset($_GET['forceversioncheck'])) {
$req = new cms_http_request();
$req->setTimeout(10);
$req->execute(CMS_DEFAULT_VERSIONCHECK_URL);
if ($req->getStatus() == 200) {
$remote_ver = trim($req->getResult());
if (strpos($remote_ver, ':') !== FALSE) {
list($tmp, $remote_ver) = explode(':', $remote_ver, 2);
$remote_ver = trim($remote_ver);
}
if (version_compare(CMS_VERSION, $remote_ver) < 0) {
set_site_preference('cms_is_uptodate', 0);
$themeObject->AddNotification(1, 'Core', lang('new_version_available'));
audit('', 'Core', 'CMSMS version ' . $remote_ver . ' is available');
} else {
set_site_preference('cms_is_uptodate', 1);
audit('', 'Core', 'Tested for newer CMSMS Version. None Available.');
}
}
set_site_preference('lastcmsversioncheck', mktime(23, 59, 55));
}
}
$themeObject->do_header();
}
}
$query = 'SELECT count(*) as thecount FROM ' . cms_db_prefix() . 'content WHERE parent_id = ' . $db->qstr($parentid);
$result =& $db->Execute($query);
while ($result && !$result->EOF) {
$childcount = $result->fields['thecount'];
$result->MoveNext();
}
$node->Delete();
#See if this is the last child... if so, remove
#the expand for it
if ($childcount == 1 && $parentid > -1) {
toggleexpand($parentid, true);
}
#Do the same with this page as well
toggleexpand($id, true);
audit($id, $title, 'Deleted Content');
}
ContentManager::SetAllHierarchyPositions();
$bulk = true;
}
//include_once("footer.php");
if (!$bulk) {
redirect("listcontent.php" . $urlext . '&message=no_bulk_performed');
}
redirect("listcontent.php" . $urlext . '&message=bulk_success');
} else {
if ($action == 'inactive') {
$userid = get_userid();
$modifyall = check_permission($userid, 'Modify Any Page');
foreach ($nodelist as $node) {
$permission = $modifyall || check_ownership($userid, $node->Id()) || check_authorship($userid, $node->Id()) || check_persmission($userid, 'Manage All Content');
} else {
$userops = $gCms->GetUserOperations();
$thisuser =& $userops->LoadUserByID($_GET["toggleactive"]);
if ($thisuser) {
//modify users, is this enough?
$userid = get_userid();
$permission = check_permission($userid, 'Modify Users');
$result = false;
if ($permission) {
$thisuser->active == 1 ? $thisuser->active = 0 : ($thisuser->active = 1);
Events::SendEvent('Core', 'EditUserPre', array('user' => $thisuser));
$result = $thisuser->save();
}
if ($result) {
// put mention into the admin log
audit($userid, 'Admin Username: '******'Edited');
Events::SendEvent('Core', 'EditUserPost', array('user' => $thisuser));
} else {
$error .= "<li>" . lang('errorupdatinguser') . "</li>";
}
}
}
}
if (FALSE == empty($error)) {
echo $themeObject->ShowErrors('<ul class="error">' . $error . '</ul>');
}
?>
<div class="pagecontainer">
<div class="pageoverflow">
/**
* Error console
*
* @param object Exception $e
* @return html
* @author Stikki
*/
public function errorConsole(Exception $e)
{
$config = cmsms()->GetConfig();
$odir = $this->template_dir;
$this->force_compile = true;
$this->debugging = true;
$this->template_dir = cms_join_path($config['root_path'], 'lib', 'smarty');
$this->assign('e_line', $e->getLine());
$this->assign('e_file', $e->getFile());
$this->assign('e_message', $e->getMessage());
$this->assign('e_trace', htmlentities($e->getTraceAsString()));
// put mention into the admin log
audit('', 'Error: ' . substr($e->getMessage(), 0, 50), 'has occured');
$output = $this->fetch('error-console.tpl');
$this->force_compile = false;
$this->debugging = false;
$this->template_dir = $odir;
return $output;
}
require_once __DIR__ . "/includes/root.php";
must_allow("modify users");
$user = User::find($_GET["id"]);
if ($user == NULL) {
$renderer->flash_alert("Can't find a user by the given id!");
header("Location: user-list.php");
exit;
}
$curruser = get_user();
if ($curruser->id == $user->id) {
$renderer->flash_alert("You cannot delete yourself!");
header("Location: user-list.php");
exit;
}
foreach ($user->roles as $role) {
if (!can_give_role($curruser, $role)) {
$renderer->flash_alert("You cannot delete users with the '{$role}' role");
header("Location: user-list.php");
exit;
}
}
if ($user->id == 1) {
$renderer->flash_alert("You cannot delete user 1");
header("Location: user-list.php");
exit;
}
$user->delete();
audit("delete user", $user->login);
$renderer->flash_success("Deleted {$user->login}");
header("Location: user-list.php");
$result = $onestylesheet->Save();
// Update the css hash
// deprecated: this was used by the stylesheet.php function which we no longer distribute
// as of CMSMS 1.10.
$config = $gCms->GetConfig();
$hashfile = cms_join_path($config['root_path'], 'tmp', 'cache', 'csshash.dat');
$md5sum = md5($css_text);
$csshash = csscache_csvfile_to_hash($hashfile);
$csshash[$css_id] = $md5sum;
csscache_hash_to_csvfile($hashfile, $csshash);
if ($result) {
#Start using new name, just in case this is an apply
$orig_css_name = $css_name;
Events::SendEvent('Core', 'EditStylesheetPost', array('stylesheet' => &$onestylesheet));
// put mention into the admin log
audit($css_id, 'Stylesheet: ' . $css_name, 'Changed');
# we now have to check which templates are associated with this CSS and update their modified date.
$cssquery = "SELECT assoc_to_id FROM " . cms_db_prefix() . "css_assoc\n\t\t\t\t\tWHERE\tassoc_type\t\t= 'template'\n\t\t\t\t\tAND\t\tassoc_css_id\t= ?";
$cssresult = $db->Execute($cssquery, array($css_id));
# now updating templates
while ($cssresult && ($line = $cssresult->FetchRow())) {
$query = "UPDATE " . cms_db_prefix() . "templates SET modified_date = " . $db->DBTimeStamp(time()) . " \n\t\t\t\t\t\tWHERE template_id = '" . $line["assoc_to_id"] . "'";
$result = $db->Execute($query);
if (FALSE == $result) {
$error .= "<li>" . lang('errorupdatingtemplate') . "</li>";
}
}
if (!isset($_POST["apply"])) {
if ($from == 'templatecssassoc') {
redirect("listcssassoc.php" . $urlext . "&type=template&id=" . $templateid);
} else {
