*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
*
* properties template, shows the basic page on the properties window
*
* @author Patrick Lockley
* @version 1.0
* @package
*/
require_once "../../../config.php";
include "../template_status.php";
include "../screen_size_library.php";
include "../url_library.php";
include "../user_library.php";
include "properties_library.php";
if (!empty($_POST['template_id']) && is_numeric($_POST['template_id'])) {
$template_id = (int) $_POST['template_id'];
if (has_rights_to_this_template($template_id, $_SESSION['toolkits_logon_id']) || is_user_admin()) {
properties_display($xerte_toolkits_site, $template_id, false, "");
exit(0);
}
}
properties_display_fail();
_debug("Template id is not numeric. ->" . $_GET['template_id']);
dont_show_template();
exit(0);
}
/*
* Find out if this user has rights to the template
*/
$safe_template_id = (int) $_GET['template_id'];
$query_for_edit_content_strip = str_replace("\" . \$xerte_toolkits_site->database_table_prefix . \"", $xerte_toolkits_site->database_table_prefix, $xerte_toolkits_site->play_edit_preview_query);
$query_for_edit_content = str_replace("TEMPLATE_ID_TO_REPLACE", $safe_template_id, $query_for_edit_content_strip);
$row_edit = db_query_one($query_for_edit_content);
if (empty($row_edit)) {
die("Invalid template_id (could not find in DB) (1)");
}
if (isset($_SESSION['toolkits_logon_id'])) {
if (has_rights_to_this_template($safe_template_id, $_SESSION['toolkits_logon_id'])) {
// Check if user is editor (could be read only)
if (is_user_an_editor($safe_template_id, $_SESSION['toolkits_logon_id'])) {
// Check for multiple editors
if (has_template_multiple_editors($safe_template_id)) {
// Check for lock file. A lock file is created to prevent more than one
if (file_exists($xerte_toolkits_site->users_file_area_full . $row_edit['template_id'] . "-" . $row_edit['username'] . "-" . $row_edit['template_name'] . "/lockfile.txt")) {
// Lock file exists, so open it up and see who created it
$lock_file_data = file_get_contents($xerte_toolkits_site->users_file_area_full . $row_edit['template_id'] . "-" . $row_edit['username'] . "-" . $row_edit['template_name'] . "/lockfile.txt");
$temp = explode("*", $lock_file_data);
if (count($temp) == 1) {
$temp = explode(" ", $lock_file_data);
}
$lock_file_creator = $temp[0];
/*
* Check if lock file creator is current user, if so, continue into the code
require $xerte_toolkits_site->php_library_path . "user_library.php";
/*
* Check the ID is numeric
*/
if (isset($_SESSION['toolkits_logon_id'])) {
if (is_numeric($_GET['template_id'])) {
$safe_template_id = (int) $_GET['template_id'];
// Need to run a proper string replace on any embedded instances of '$xerte_toolkits_site->database_table_prefix' so it's actually expanded.
$query_for_preview_content_strip = str_replace("\" . \$xerte_toolkits_site->database_table_prefix . \"", $xerte_toolkits_site->database_table_prefix, $xerte_toolkits_site->play_edit_preview_query);
/*
* Standard query
*/
$query_for_preview_content = str_replace("TEMPLATE_ID_TO_REPLACE", $safe_template_id, $query_for_preview_content_strip);
$row = db_query_one($query_for_preview_content);
// get their username from the db which matches their login_id from the $_SESSION
$row_username = db_query_one("select username from {$xerte_toolkits_site->database_table_prefix}logindetails where login_id=?", array($row['user_id']));
// is there a matching template?
if (!empty($row)) {
// if they're an admin or have rights to see the template, then show it.
if (is_user_admin() || has_rights_to_this_template($row['template_id'], $_SESSION['toolkits_logon_id'])) {
require $xerte_toolkits_site->root_file_path . "modules/" . $row['template_framework'] . "/preview_site.php";
show_preview_code($row, $row_username);
exit(0);
}
}
} else {
echo PREVIEW_RESOURCE_FAIL;
}
} else {
echo PREVIEW_RESOURCE_FAIL;
}
/**
*
* sharing status template, shows who is sharing a template
*
* @author Patrick Lockley
* @version 1.0
* @copyright Copyright (c) 2008,2009 University of Nottingham
* @package
*/
require_once "../../../config.php";
_load_language_file("/website_code/php/properties/sharing_status_template.inc");
include "../template_status.php";
include "../user_library.php";
if (is_numeric($_POST['template_id'])) {
$database_id = database_connect("Sharing status template database connect success", "Sharing status template database connect failed");
if (has_rights_to_this_template(mysql_real_escape_string($_POST['template_id']), $_SESSION['toolkits_logon_id']) || is_user_admin()) {
$query_for_sharing_details = "select template_id, user_id, firstname, surname, role from " . $xerte_toolkits_site->database_table_prefix . "templaterights, " . $xerte_toolkits_site->database_table_prefix . "logindetails where " . $xerte_toolkits_site->database_table_prefix . "logindetails.login_id = " . $xerte_toolkits_site->database_table_prefix . "templaterights.user_id and template_id=\"" . mysql_real_escape_string($_POST['template_id']) . "\" and user_id !=\"" . $_SESSION['toolkits_logon_id'] . "\"";
$query_sharing_response = mysql_query($query_for_sharing_details);
/*
* show a different view if you are the file creator
*/
if (is_user_creator(mysql_real_escape_string($_POST['template_id']))) {
echo "<div class=\"share_top\"><p class=\"header\"><span>" . SHARING_INSTRUCTION . "</span></p><form id=\"share_form\"><input name=\"searcharea\" onkeyup=\"javascript:name_select_template()\" type=\"text\" size=\"20\" /></form><div id=\"area2\"><p>" . SHARING_NAMES . "</p></div><p id=\"area3\"></div>";
}
/*
* find out how many times it has been shares (analgous to number of rows for this template)
*/
if (mysql_num_rows($query_sharing_response) != 0) {
echo "<p class=\"share_intro_p\"><span>" . SHARING_CURRENT . "</span></p>";
while ($row = mysql_fetch_array($query_sharing_response)) {
echo "<p class=\"share_files_paragraph\"><span>" . $row['firstname'] . " " . $row['surname'] . " (" . $row['role'] . ")</span></p>";
* sharing status template, shows who is sharing a template
*
* @author Patrick Lockley
* @version 1.0
* @package
*/
require_once "../../../config.php";
_load_language_file("/website_code/php/properties/sharing_status_template.inc");
_load_language_file("/properties.inc");
include "../template_status.php";
include "../user_library.php";
if (!is_numeric($_POST['template_id'])) {
echo "<p>" . SHARING_FAIL . "</p>";
exit(0);
}
if (!has_rights_to_this_template($_POST['template_id'], $_SESSION['toolkits_logon_id']) && !is_user_admin()) {
echo "<p>" . SHARING_FAIL . "</p>";
exit(0);
}
$sql = "SELECT template_id, user_id, firstname, surname, username, role FROM " . " {$xerte_toolkits_site->database_table_prefix}templaterights, {$xerte_toolkits_site->database_table_prefix}logindetails WHERE " . " {$xerte_toolkits_site->database_table_prefix}logindetails.login_id = {$xerte_toolkits_site->database_table_prefix}templaterights.user_id and template_id= ? AND user_id != ?";
$query_sharing_rows = db_query($sql, array($_POST['template_id'], $_SESSION['toolkits_logon_id']));
/*
* show a different view if you are the file creator
*/
if (is_user_creator((int) $_POST['template_id'])) {
echo "<div>";
echo "<p class=\"header\"><span>" . PROPERTIES_TAB_SHARED . "</span></p>";
echo "<p><span>" . SHARING_INSTRUCTION . "</span></p>";
echo "<form id=\"share_form\"><input name=\"searcharea\" onkeyup=\"javascript:name_select_template()\" type=\"text\" size=\"20\" /></form>";
echo "<div id=\"area2\"><p>" . SHARING_NAMES . "</p></div>";
echo "<p id=\"area3\">";
function sharing_info($template_id)
{
global $xerte_toolkits_site;
if (!has_rights_to_this_template($template_id, $_SESSION['toolkits_logon_id']) && !is_user_admin()) {
return;
}
$sql = "SELECT template_id, user_id, firstname, surname, username, role FROM " . " {$xerte_toolkits_site->database_table_prefix}templaterights, {$xerte_toolkits_site->database_table_prefix}logindetails WHERE " . " {$xerte_toolkits_site->database_table_prefix}logindetails.login_id = {$xerte_toolkits_site->database_table_prefix}templaterights.user_id and template_id= ?";
$query_sharing_rows = db_query($sql, array($template_id));
$info = PROJECT_INFO_SHARED . ": ";
if (sizeof($query_sharing_rows) == 1) {
$info .= PROJECT_INFO_NOTSHARED . "<br/>";
return $info;
}
$info .= SHARING_CURRENT . "<br>";
foreach ($query_sharing_rows as $row) {
$info .= "<li><span>" . $row['firstname'] . " " . $row['surname'] . " (" . $row['username'] . ") - (";
switch ($row['role']) {
case "creator":
$info .= SHARING_CREATOR;
break;
case "editor":
$info .= SHARING_EDITOR;
break;
case "read-only":
$info .= SHARING_READONLY;
break;
}
$info .= ")</span></li>";
}
$info .= "</ul>";
return $info;
}
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
require_once dirname(__FILE__) . "/config.php";
require $xerte_toolkits_site->php_library_path . "user_library.php";
require $xerte_toolkits_site->php_library_path . "template_library.php";
require $xerte_toolkits_site->php_library_path . "template_status.php";
// be slightly paranoid over the path the user is requesting to download.
$unsafe_file_path = $_GET['file'];
if (!preg_match('/^([0-9]+)-([a-z0-9]+)-/', $unsafe_file_path, $matches)) {
die("path must start with a number, and then a username - e.g. 20-foobar-");
}
$template_id = $matches[1];
$username = $matches[2];
$has_perms = is_user_admin() || has_rights_to_this_template($template_id, $_SESSION['toolkits_logon_id']);
if ($has_perms) {
if (is_user_an_editor($template_id, $_SESSION['toolkits_logon_id'])) {
if ($username == $_SESSION['toolkits_logon_username']) {
// they're logged in, and hopefully have access to the media contents.
$file = dirname(__FILE__) . '/USER-FILES/' . $unsafe_file_path;
if (!is_file($file)) {
die("Fail: file not found on disk");
}
$filename = addslashes(basename($file));
header("Cache-Control: public");
header("Content-Length: " . filesize($file));
header("Content-Description: File Transfer");
header("Content-Type: application/force-download");
header("Content-Disposition: attachment; filename=\"{$filename}\"");
header("Content-Transfer-Encoding: binary");
function publish_display($template_id)
{
global $xerte_toolkits_site;
$database_id = database_connect("Properties template database connect success", "Properties template database connect failed");
// User has to have some rights to do this
if (has_rights_to_this_template(mysql_real_escape_string($_POST['template_id']), $_SESSION['toolkits_logon_id']) || is_user_admin()) {
echo "<p class=\"header\"><span>" . PUBLISH_TITLE . "</span></p>";
$query_for_names = "select td.template_name, td.date_created, td.date_modified, otd.template_framework from " . $xerte_toolkits_site->database_table_prefix . "templatedetails td, " . $xerte_toolkits_site->database_table_prefix . "originaltemplatesdetails otd where td.template_id=\"" . $template_id . "\" and td.template_type_id = otd.template_type_id";
$query_names_response = mysql_query($query_for_names);
$row = mysql_fetch_array($query_names_response);
echo "<p>" . PUBLISH_DESCRIPTION . "</p>";
$template_access = template_access_settings(mysql_real_escape_string($template_id));
echo "<p><b>" . PUBLISH_ACCESS . "</b><br>" . PUBLISH_ACCESS_DESCRIPTION . "</p>";
if ($template_access == "Private") {
echo "<p><img src=\"website_code/images/bullet_error.gif\" align=\"absmiddle\" /><b>" . PUBLISH_ACCESS_STATUS . "</b></p>";
} else {
echo "<p>" . PUBLISH_ACCESS_IS . " " . $template_access . ".</p>";
}
echo "<p><b>" . PUBLISH_RSS . "</b><br>" . PUBLISH_RSS_DESCRIPTION . "</p>";
if (!is_template_rss(mysql_real_escape_string($_POST['template_id']))) {
echo "<p><b>" . PUBLISH_RSS_NOT_INCLUDE . "</b></p>";
} else {
echo "<p>" . PUBLISH_RSS_INCLUDE . "</p>";
}
include "../../../modules/" . $row['template_framework'] . "/module_functions.php";
display_publish_engine();
echo "<p><b>" . PUBLISH_SYNDICATION . "</b><br>" . PUBLISH_SYNDICATION_DESCRIPTION . "</p>";
if (!is_template_syndicated(mysql_real_escape_string($template_id))) {
echo "<p><b>" . PUBLISH_SYNDICATION_STATUS_OFF . "</b></p>";
} else {
echo "<p>" . PUBLISH_SYNDICATION_STATUS_ON . "</p>";
}
if ($template_access != "") {
/**
*
* This section using $_SESSION['webct'] is for people using the integration option for webct. If you integration option has the ability to post back a URL then you would modify this code to allow for your systems working methods.
*
**/
echo "<p><button type=\"button\" class=\"xerte_button\" onclick=\"publish_project(window.name);\">" . PUBLISH_BUTTON_LABEL . "</button></p>";
echo "<p>" . PUBLISH_WEB_ADDRESS . " <a target='_blank' href='" . $xerte_toolkits_site->site_url . url_return("play", mysql_real_escape_string($template_id)) . "'>" . $xerte_toolkits_site->site_url . url_return("play", mysql_real_escape_string($template_id)) . "</a></p>";
}
} else {
echo "<p><img src=\"website_code/images/Bttn_PublishDis.gif\" /></p>";
}
}
