* * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** * * properties template, shows the basic page on the properties window * * @author Patrick Lockley * @version 1.0 * @package */ require_once "../../../config.php"; include "../template_status.php"; include "../screen_size_library.php"; include "../url_library.php"; include "../user_library.php"; include "properties_library.php"; if (!empty($_POST['template_id']) && is_numeric($_POST['template_id'])) { $template_id = (int) $_POST['template_id']; if (has_rights_to_this_template($template_id, $_SESSION['toolkits_logon_id']) || is_user_admin()) { properties_display($xerte_toolkits_site, $template_id, false, ""); exit(0); } } properties_display_fail();
_debug("Template id is not numeric. ->" . $_GET['template_id']); dont_show_template(); exit(0); } /* * Find out if this user has rights to the template */ $safe_template_id = (int) $_GET['template_id']; $query_for_edit_content_strip = str_replace("\" . \$xerte_toolkits_site->database_table_prefix . \"", $xerte_toolkits_site->database_table_prefix, $xerte_toolkits_site->play_edit_preview_query); $query_for_edit_content = str_replace("TEMPLATE_ID_TO_REPLACE", $safe_template_id, $query_for_edit_content_strip); $row_edit = db_query_one($query_for_edit_content); if (empty($row_edit)) { die("Invalid template_id (could not find in DB) (1)"); } if (isset($_SESSION['toolkits_logon_id'])) { if (has_rights_to_this_template($safe_template_id, $_SESSION['toolkits_logon_id'])) { // Check if user is editor (could be read only) if (is_user_an_editor($safe_template_id, $_SESSION['toolkits_logon_id'])) { // Check for multiple editors if (has_template_multiple_editors($safe_template_id)) { // Check for lock file. A lock file is created to prevent more than one if (file_exists($xerte_toolkits_site->users_file_area_full . $row_edit['template_id'] . "-" . $row_edit['username'] . "-" . $row_edit['template_name'] . "/lockfile.txt")) { // Lock file exists, so open it up and see who created it $lock_file_data = file_get_contents($xerte_toolkits_site->users_file_area_full . $row_edit['template_id'] . "-" . $row_edit['username'] . "-" . $row_edit['template_name'] . "/lockfile.txt"); $temp = explode("*", $lock_file_data); if (count($temp) == 1) { $temp = explode(" ", $lock_file_data); } $lock_file_creator = $temp[0]; /* * Check if lock file creator is current user, if so, continue into the code
require $xerte_toolkits_site->php_library_path . "user_library.php"; /* * Check the ID is numeric */ if (isset($_SESSION['toolkits_logon_id'])) { if (is_numeric($_GET['template_id'])) { $safe_template_id = (int) $_GET['template_id']; // Need to run a proper string replace on any embedded instances of '$xerte_toolkits_site->database_table_prefix' so it's actually expanded. $query_for_preview_content_strip = str_replace("\" . \$xerte_toolkits_site->database_table_prefix . \"", $xerte_toolkits_site->database_table_prefix, $xerte_toolkits_site->play_edit_preview_query); /* * Standard query */ $query_for_preview_content = str_replace("TEMPLATE_ID_TO_REPLACE", $safe_template_id, $query_for_preview_content_strip); $row = db_query_one($query_for_preview_content); // get their username from the db which matches their login_id from the $_SESSION $row_username = db_query_one("select username from {$xerte_toolkits_site->database_table_prefix}logindetails where login_id=?", array($row['user_id'])); // is there a matching template? if (!empty($row)) { // if they're an admin or have rights to see the template, then show it. if (is_user_admin() || has_rights_to_this_template($row['template_id'], $_SESSION['toolkits_logon_id'])) { require $xerte_toolkits_site->root_file_path . "modules/" . $row['template_framework'] . "/preview_site.php"; show_preview_code($row, $row_username); exit(0); } } } else { echo PREVIEW_RESOURCE_FAIL; } } else { echo PREVIEW_RESOURCE_FAIL; }
/** * * sharing status template, shows who is sharing a template * * @author Patrick Lockley * @version 1.0 * @copyright Copyright (c) 2008,2009 University of Nottingham * @package */ require_once "../../../config.php"; _load_language_file("/website_code/php/properties/sharing_status_template.inc"); include "../template_status.php"; include "../user_library.php"; if (is_numeric($_POST['template_id'])) { $database_id = database_connect("Sharing status template database connect success", "Sharing status template database connect failed"); if (has_rights_to_this_template(mysql_real_escape_string($_POST['template_id']), $_SESSION['toolkits_logon_id']) || is_user_admin()) { $query_for_sharing_details = "select template_id, user_id, firstname, surname, role from " . $xerte_toolkits_site->database_table_prefix . "templaterights, " . $xerte_toolkits_site->database_table_prefix . "logindetails where " . $xerte_toolkits_site->database_table_prefix . "logindetails.login_id = " . $xerte_toolkits_site->database_table_prefix . "templaterights.user_id and template_id=\"" . mysql_real_escape_string($_POST['template_id']) . "\" and user_id !=\"" . $_SESSION['toolkits_logon_id'] . "\""; $query_sharing_response = mysql_query($query_for_sharing_details); /* * show a different view if you are the file creator */ if (is_user_creator(mysql_real_escape_string($_POST['template_id']))) { echo "<div class=\"share_top\"><p class=\"header\"><span>" . SHARING_INSTRUCTION . "</span></p><form id=\"share_form\"><input name=\"searcharea\" onkeyup=\"javascript:name_select_template()\" type=\"text\" size=\"20\" /></form><div id=\"area2\"><p>" . SHARING_NAMES . "</p></div><p id=\"area3\"></div>"; } /* * find out how many times it has been shares (analgous to number of rows for this template) */ if (mysql_num_rows($query_sharing_response) != 0) { echo "<p class=\"share_intro_p\"><span>" . SHARING_CURRENT . "</span></p>"; while ($row = mysql_fetch_array($query_sharing_response)) { echo "<p class=\"share_files_paragraph\"><span>" . $row['firstname'] . " " . $row['surname'] . " (" . $row['role'] . ")</span></p>";
* sharing status template, shows who is sharing a template * * @author Patrick Lockley * @version 1.0 * @package */ require_once "../../../config.php"; _load_language_file("/website_code/php/properties/sharing_status_template.inc"); _load_language_file("/properties.inc"); include "../template_status.php"; include "../user_library.php"; if (!is_numeric($_POST['template_id'])) { echo "<p>" . SHARING_FAIL . "</p>"; exit(0); } if (!has_rights_to_this_template($_POST['template_id'], $_SESSION['toolkits_logon_id']) && !is_user_admin()) { echo "<p>" . SHARING_FAIL . "</p>"; exit(0); } $sql = "SELECT template_id, user_id, firstname, surname, username, role FROM " . " {$xerte_toolkits_site->database_table_prefix}templaterights, {$xerte_toolkits_site->database_table_prefix}logindetails WHERE " . " {$xerte_toolkits_site->database_table_prefix}logindetails.login_id = {$xerte_toolkits_site->database_table_prefix}templaterights.user_id and template_id= ? AND user_id != ?"; $query_sharing_rows = db_query($sql, array($_POST['template_id'], $_SESSION['toolkits_logon_id'])); /* * show a different view if you are the file creator */ if (is_user_creator((int) $_POST['template_id'])) { echo "<div>"; echo "<p class=\"header\"><span>" . PROPERTIES_TAB_SHARED . "</span></p>"; echo "<p><span>" . SHARING_INSTRUCTION . "</span></p>"; echo "<form id=\"share_form\"><input name=\"searcharea\" onkeyup=\"javascript:name_select_template()\" type=\"text\" size=\"20\" /></form>"; echo "<div id=\"area2\"><p>" . SHARING_NAMES . "</p></div>"; echo "<p id=\"area3\">";
function sharing_info($template_id) { global $xerte_toolkits_site; if (!has_rights_to_this_template($template_id, $_SESSION['toolkits_logon_id']) && !is_user_admin()) { return; } $sql = "SELECT template_id, user_id, firstname, surname, username, role FROM " . " {$xerte_toolkits_site->database_table_prefix}templaterights, {$xerte_toolkits_site->database_table_prefix}logindetails WHERE " . " {$xerte_toolkits_site->database_table_prefix}logindetails.login_id = {$xerte_toolkits_site->database_table_prefix}templaterights.user_id and template_id= ?"; $query_sharing_rows = db_query($sql, array($template_id)); $info = PROJECT_INFO_SHARED . ": "; if (sizeof($query_sharing_rows) == 1) { $info .= PROJECT_INFO_NOTSHARED . "<br/>"; return $info; } $info .= SHARING_CURRENT . "<br>"; foreach ($query_sharing_rows as $row) { $info .= "<li><span>" . $row['firstname'] . " " . $row['surname'] . " (" . $row['username'] . ") - ("; switch ($row['role']) { case "creator": $info .= SHARING_CREATOR; break; case "editor": $info .= SHARING_EDITOR; break; case "read-only": $info .= SHARING_READONLY; break; } $info .= ")</span></li>"; } $info .= "</ul>"; return $info; }
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ require_once dirname(__FILE__) . "/config.php"; require $xerte_toolkits_site->php_library_path . "user_library.php"; require $xerte_toolkits_site->php_library_path . "template_library.php"; require $xerte_toolkits_site->php_library_path . "template_status.php"; // be slightly paranoid over the path the user is requesting to download. $unsafe_file_path = $_GET['file']; if (!preg_match('/^([0-9]+)-([a-z0-9]+)-/', $unsafe_file_path, $matches)) { die("path must start with a number, and then a username - e.g. 20-foobar-"); } $template_id = $matches[1]; $username = $matches[2]; $has_perms = is_user_admin() || has_rights_to_this_template($template_id, $_SESSION['toolkits_logon_id']); if ($has_perms) { if (is_user_an_editor($template_id, $_SESSION['toolkits_logon_id'])) { if ($username == $_SESSION['toolkits_logon_username']) { // they're logged in, and hopefully have access to the media contents. $file = dirname(__FILE__) . '/USER-FILES/' . $unsafe_file_path; if (!is_file($file)) { die("Fail: file not found on disk"); } $filename = addslashes(basename($file)); header("Cache-Control: public"); header("Content-Length: " . filesize($file)); header("Content-Description: File Transfer"); header("Content-Type: application/force-download"); header("Content-Disposition: attachment; filename=\"{$filename}\""); header("Content-Transfer-Encoding: binary");
function publish_display($template_id) { global $xerte_toolkits_site; $database_id = database_connect("Properties template database connect success", "Properties template database connect failed"); // User has to have some rights to do this if (has_rights_to_this_template(mysql_real_escape_string($_POST['template_id']), $_SESSION['toolkits_logon_id']) || is_user_admin()) { echo "<p class=\"header\"><span>" . PUBLISH_TITLE . "</span></p>"; $query_for_names = "select td.template_name, td.date_created, td.date_modified, otd.template_framework from " . $xerte_toolkits_site->database_table_prefix . "templatedetails td, " . $xerte_toolkits_site->database_table_prefix . "originaltemplatesdetails otd where td.template_id=\"" . $template_id . "\" and td.template_type_id = otd.template_type_id"; $query_names_response = mysql_query($query_for_names); $row = mysql_fetch_array($query_names_response); echo "<p>" . PUBLISH_DESCRIPTION . "</p>"; $template_access = template_access_settings(mysql_real_escape_string($template_id)); echo "<p><b>" . PUBLISH_ACCESS . "</b><br>" . PUBLISH_ACCESS_DESCRIPTION . "</p>"; if ($template_access == "Private") { echo "<p><img src=\"website_code/images/bullet_error.gif\" align=\"absmiddle\" /><b>" . PUBLISH_ACCESS_STATUS . "</b></p>"; } else { echo "<p>" . PUBLISH_ACCESS_IS . " " . $template_access . ".</p>"; } echo "<p><b>" . PUBLISH_RSS . "</b><br>" . PUBLISH_RSS_DESCRIPTION . "</p>"; if (!is_template_rss(mysql_real_escape_string($_POST['template_id']))) { echo "<p><b>" . PUBLISH_RSS_NOT_INCLUDE . "</b></p>"; } else { echo "<p>" . PUBLISH_RSS_INCLUDE . "</p>"; } include "../../../modules/" . $row['template_framework'] . "/module_functions.php"; display_publish_engine(); echo "<p><b>" . PUBLISH_SYNDICATION . "</b><br>" . PUBLISH_SYNDICATION_DESCRIPTION . "</p>"; if (!is_template_syndicated(mysql_real_escape_string($template_id))) { echo "<p><b>" . PUBLISH_SYNDICATION_STATUS_OFF . "</b></p>"; } else { echo "<p>" . PUBLISH_SYNDICATION_STATUS_ON . "</p>"; } if ($template_access != "") { /** * * This section using $_SESSION['webct'] is for people using the integration option for webct. If you integration option has the ability to post back a URL then you would modify this code to allow for your systems working methods. * **/ echo "<p><button type=\"button\" class=\"xerte_button\" onclick=\"publish_project(window.name);\">" . PUBLISH_BUTTON_LABEL . "</button></p>"; echo "<p>" . PUBLISH_WEB_ADDRESS . " <a target='_blank' href='" . $xerte_toolkits_site->site_url . url_return("play", mysql_real_escape_string($template_id)) . "'>" . $xerte_toolkits_site->site_url . url_return("play", mysql_real_escape_string($template_id)) . "</a></p>"; } } else { echo "<p><img src=\"website_code/images/Bttn_PublishDis.gif\" /></p>"; } }