// ============================= $query_sections = $backend->db()->query('SELECT `module` FROM `' . CAT_TABLE_PREFIX . 'sections` WHERE `page_id`= ' . $page_id . ' AND `section_id` = ' . $update_section_id); if ($query_sections->numRows() == 1) { if ($section = $query_sections->fetchRow(MYSQL_ASSOC)) { if (!is_numeric(array_search($section['module'], $module_permissions))) { $sql = $block != '' ? '`block` = ' . $backend->add_slashes($block) . ', ' : ''; $sql .= $name != '' ? '`name` = "' . mysql_real_escape_string($name) . '", ' : ''; $date_from = $day_from * $month_from * $year_from > 0 ? mktime($hour_from, $minute_from, 0, $month_from, $day_from, $year_from) : 0; $date_to = $day_to * $month_to * $year_to > 0 ? mktime($hour_to, $minute_to, 0, $month_to, $day_to, $year_to) : 0; if ($date_from > $date_to) { $backend->print_error($backend->lang->translate('Please check your entries for dates'), CAT_ADMIN_URL . '/pages/modify.php?page_id=' . $page_id); } $sql .= '`publ_start` = ' . $date_from . ', '; $sql .= '`publ_end` = ' . $date_to . ', '; $sql .= '`modified_when` = "' . time() . '", '; $sql .= '`modified_by` = ' . CAT_Users::get_user_id(); $backend->db()->query('UPDATE ' . CAT_TABLE_PREFIX . 'sections SET ' . $sql . ' WHERE `page_id`= ' . $page_id . ' AND section_id = ' . $update_section_id . ' LIMIT 1'); } } else { $backend->print_error('You do not have permissions to modify this page', CAT_ADMIN_URL . '/pages/modify.php?page_id=' . $page_id); } } else { $backend->print_error('Section not found', CAT_ADMIN_URL . '/pages/modify.php?page_id=' . $page_id); } } // ============================================ // ! Check for error or print success message // ============================================ if ($backend->db()->isError()) { $backend->print_error($backend->db()->getError(), CAT_ADMIN_URL . '/pages/modify.php?page_id=' . $page_id); } else {
/** * edit a droplet **/ function edit_droplet($id) { global $parser, $val, $backend; $groups = CAT_Users::get_groups_id(); if ($id == 'new' && !CAT_Helper_Droplet::is_allowed('add_droplets', $groups)) { $backend->print_error($backend->lang()->translate("You don't have the permission to do this")); } else { if (!CAT_Helper_Droplet::is_allowed('modify_droplets', $groups)) { $backend->print_error($backend->lang()->translate("You don't have the permission to do this")); } } $problem = NULL; $info = NULL; $details = NULL; $problems = array(); if ($val->get('_REQUEST', 'cancel')) { return list_droplets(); } if ($id != 'new') { $data = CAT_Helper_Droplet::getDroplet($id); } else { $data = array('name' => '', 'active' => 1, 'description' => '', 'code' => '', 'comments' => ''); } if ($val->get('_REQUEST', 'save') || $val->get('_REQUEST', 'save_and_back')) { // check the code before saving if (($result = CAT_Helper_Droplet::check_syntax($val->get('_POST', 'code'))) !== true) { $problem = $backend->lang()->translate('Please check the syntax!'); foreach ($result as $error => $line) { $details .= "<br />{$error} (" . $backend->lang()->translate('Line') . ": {$line})"; } $data = $_POST; $data['code'] = htmlspecialchars($data['code']); } else { // syntax okay, check fields and save if ($val->sanitizePost('name') == '') { $problems[] = $backend->lang()->translate('Please enter a name!'); } if ($val->sanitizePost('code') == '') { $problems[] = $backend->lang()->translate('You have entered no code!'); } if (!count($problems)) { $continue = true; $title = $val->sanitizePost('name', NULL, true); $active = $val->sanitizePost('active'); $show_wysiwyg = $val->sanitizePost('show_wysiwyg'); $description = $val->sanitizePost('description', NULL, true); $tags = array('<?php', '?>', '<?'); $content = str_replace($tags, '', $val->sanitizePost('code')); $comments = $val->sanitizePost('comments', NULL, true); $modified_when = time(); $modified_by = CAT_Users::get_user_id(); if ($id == 'new') { // check for doubles $found = CAT_Helper_Droplet::getDropletByName($title); if ($found) { $problem = $backend->lang()->translate('There is already a droplet with the same name!'); $continue = false; $data = $_POST; $data['code'] = stripslashes($_POST['code']); } else { $new_id = CAT_Helper_Droplet::insertDroplet(array('name' => $title, 'code' => $content, 'description' => $description, 'time' => $modified_when, 'userid' => $modified_by, 'active' => $active, 'comment' => $comments, 'wysiwyg' => $show_wysiwyg)); if (!$new_id) { echo "ERROR: ", $backend->db()->getError(); } } } else { CAT_Helper_Droplet::updateDroplet($id, array('name' => $title, 'code' => $content, 'description' => $description, 'time' => $modified_when, 'userid' => $modified_by, 'active' => $active, 'comment' => $comments, 'wysiwyg' => $show_wysiwyg)); $data = CAT_Helper_Droplet::getDroplet($id); // reload } if ($continue) { // Check if there is a db error if ($backend->db()->isError()) { $problem = $backend->db()->getError(); } else { if ($id == 'new' || $val->get('_REQUEST', 'save_and_back')) { list_droplets($backend->lang()->translate('The Droplet was saved')); return; // should never be reached } else { $info = $backend->lang()->translate('The Droplet was saved'); } } } } else { $problem = implode("<br />", $problems); } } } defined("ENT_HTML401") or define("ENT_HTML401", 0); defined("ENT_COMPAT") or define("ENT_COMPAT", 2); $data['code'] = htmlspecialchars($data['code'], ENT_COMPAT | ENT_HTML401, 'UTF-8', false); $parser->output('edit.tpl', array('problem' => $problem, 'details' => $details, 'info' => $info, 'data' => $data, 'id' => $id, 'name' => $data['name'])); }
/** * Install a Droplet from a ZIP file (the ZIP may contain more than one * Droplet) * * @access public * @param string $temp_file - name of the ZIP file * @return array see droplets_import() method * **/ public static function installDroplet($temp_file) { $self = self::getInstance(); $temp_unzip = CAT_PATH . '/temp/droplets_unzip/'; CAT_Helper_Directory::createDirectory($temp_unzip); $errors = array(); $imports = array(); $count = 0; // extract file $list = CAT_Helper_Zip::getInstance($temp_file)->config('Path', $temp_unzip)->extract(); // get .php files $files = CAT_Helper_Directory::getPHPFiles($temp_unzip, $temp_unzip . '/'); // now, open all *.php files and search for the header; // an exported droplet starts with "//:" foreach ($files as $file) { if (pathinfo($file, PATHINFO_FILENAME) !== 'index' && pathinfo($file, PATHINFO_EXTENSION) == 'php') { $description = NULL; $usage = NULL; $code = NULL; // Name of the Droplet = Filename $name = pathinfo($file, PATHINFO_FILENAME); // Slurp file contents $lines = file($temp_unzip . '/' . $file); // First line: Description if (preg_match('#^//\\:(.*)$#', $lines[0], $match)) { $description = addslashes($match[1]); array_shift($lines); } // Second line: Usage instructions if (preg_match('#^//\\:(.*)$#', $lines[0], $match)) { $usage = addslashes($match[1]); array_shift($lines); } // there may be more comment lines; they will be added to the usage instructions while (preg_match('#^//(.*)$#', $lines[0], $match)) { $usage .= addslashes(trim($match[1])); array_shift($lines); } if (!$description && !$usage) { // invalid file $errors[$file] = CAT_Helper_Directory::getInstance()->lang()->translate('No valid Droplet file (missing description and/or usage instructions)'); continue; } // Remaining: Droplet code $code = implode('', $lines); // replace 'evil' chars in code $tags = array('<?php', '?>', '<?'); //$code = addslashes(str_replace($tags, '', $code)); $code = str_replace($tags, '', $code); // Already in the DB? $stmt = 'INSERT'; $id = NULL; $found = $self->db()->query("SELECT * FROM `:prefix:mod_droplets` WHERE name=:name", array('name' => $name)); if ($found->rowCount()) { $stmt = 'REPLACE'; $id = $found->fetchColumn(); } // execute $q = "{$stmt} INTO `:prefix:mod_droplets` SET " . ($id ? 'id=' . $id . ', ' : '') . '`name`=:name, `code`=:code, `description`=:desc, ' . '`modified_when`=:when, `modified_by`=:userid, ' . '`active`=:active, `comments`=:usage'; $params = array('name' => $name, 'code' => $code, 'desc' => $description, 'when' => time(), 'userid' => CAT_Users::get_user_id(), 'active' => 1, 'usage' => $usage); $result = $self->db()->query($q, $params); if (!$self->db()->isError()) { $count++; $imports[$name] = 1; } else { $errors[$name] = $self->db()->getError(); } } // check for data directory if (file_exists($temp_unzip . '/data')) { // copy all files CAT_Helper_Directory::copyRecursive($temp_unzip . '/data', dirname(__FILE__) . '/data/'); } } // cleanup; ignore errors here CAT_Helper_Directory::removeDirectory($temp_unzip); return array('count' => $count, 'errors' => $errors, 'imported' => $imports); }
/** * Check whether a page is visible or not * This will check page-visibility, user- and group permissions * * @access public * @param integer $page_id * @return boolean **/ public static function isVisible($page_id) { $show_it = false; $page = self::properties($page_id); switch ($page['visibility']) { // never shown in FE case 'none': case 'deleted': $show_it = false; break; // shown if called, but not in menu // shown if called, but not in menu case 'hidden': if (self::selectPage() == $page_id) { $show_it = true; } break; // always visible // always visible case 'public': $show_it = true; break; // shown if user is allowed // shown if user is allowed case 'private': case 'registered': if (CAT_Users::is_authenticated() == true) { // check language if (CAT_Registry::get('PAGE_LANGUAGES') == 'false' || (self::properties($page_id, 'language') == '' || self::properties($page_id, 'language') == LANGUAGE)) { $show_it = CAT_Users::is_group_match(CAT_Users::get_groups_id(), $page['viewing_groups']) || CAT_Users::is_group_match(CAT_Users::get_user_id(), $page['viewing_users']) || CAT_Users::is_root(); } } else { $show_it = false; } break; } return $show_it; }
/** * * @access public * @return **/ public static function updateWhenModified() { global $update_when_modified, $page_id, $section_id; // if changes were made, the var might be set if (isset($update_when_modified) && $update_when_modified == true) { self::getInstance()->db()->query("UPDATE `:prefix:pages` SET modified_when=:mod, modified_by=:by WHERE page_id=:id", array('mod' => time(), 'by' => CAT_Users::get_user_id(), 'id' => $page_id)); if ($section_id) { self::getInstance()->db()->query("UPDATE `:prefix:sections` SET modified_when=:mod, modified_by=:by WHERE section_id=:id", array('mod' => time(), 'by' => CAT_Users::get_user_id(), 'id' => $section_id)); } } }
public function get_user_id() { return CAT_Users::get_user_id(); }