/**
* Method to get data of filters
*
* @access public
* @return object
* @since 1.5
*/
static function &getFilters($filt_param = 'filters', $usage_param = 'use_filters', &$params = null, $check_access = true)
{
// Parameter that controls using these filters
$filters = array();
if ($usage_param != '__ALL_FILTERS__' && $params && !$params->get($usage_param, 0)) {
return $filters;
}
// Get Filter IDs, false means do retrieve any filter
$filter_ids = $params ? $params->get($filt_param, array()) : array();
if ($filter_ids === false) {
return $filters;
}
// Check if array or comma separated list
if (!is_array($filter_ids)) {
$filter_ids = preg_split("/\\s*,\\s*/u", $filter_ids);
if (empty($filter_ids[0])) {
unset($filter_ids[0]);
}
}
// Sanitize the given filter_ids ... just in case
$filter_ids = array_filter($filter_ids, 'is_numeric');
// array_flip to get unique filter ids as KEYS (due to flipping) ... and then array_keys to get filter_ids in 0,1,2, ... array
$filter_ids = array_keys(array_flip($filter_ids));
$user = JFactory::getUser();
$db = JFactory::getDBO();
// None selected filters means ALL
$and_scope = $usage_param != '__ALL_FILTERS__' && count($filter_ids) ? ' AND fi.id IN (' . implode(',', $filter_ids) . ')' : '';
// Use ACCESS Level, usually this is only for shown filters
$and_access = '';
if ($check_access) {
if (FLEXI_J16GE) {
$aid_arr = JAccess::getAuthorisedViewLevels($user->id);
$aid_list = implode(",", $aid_arr);
$and_access = ' AND fi.access IN (0,' . $aid_list . ') ';
} else {
$aid = (int) $user->get('aid');
if (FLEXI_ACCESS) {
$readperms = FAccess::checkUserElementsAccess($user->gmid, 'read');
if (isset($readperms['field']) && count($readperms['field'])) {
$and_access = ' AND ( fi.access <= ' . $aid . ' OR fi.id IN (' . implode(",", $readperms['field']) . ') )';
} else {
$and_access = ' AND fi.access <= ' . $aid;
}
} else {
$and_access = ' AND fi.access <= ' . $aid;
}
}
}
// Create and execute SQL query for retrieving filters
$query = 'SELECT fi.*' . ' FROM #__flexicontent_fields AS fi' . ' WHERE fi.published = 1' . ' AND fi.isfilter = 1' . $and_access . $and_scope . ' ORDER BY fi.ordering, fi.name';
$db->setQuery($query);
$filters = $db->loadObjectList('id');
if (!$filters) {
$filters = array();
// need to do this because we return reference, but false here will also mean an error
return $filters;
}
// Order filters according to given order
$filters_tmp = array();
if ($params->get('filters_order', 0) && !empty($filter_ids) && $usage_param != '__ALL_FILTERS__') {
foreach ($filter_ids as $filter_id) {
if (empty($filters[$filter_id])) {
continue;
}
$filter = $filters[$filter_id];
$filters_tmp[$filter->name] = $filter;
}
} else {
foreach ($filters as $filter) {
$filters_tmp[$filter->name] = $filter;
}
}
$filters = $filters_tmp;
// Create filter parameters, language filter label, etc
foreach ($filters as $filter) {
$filter->parameters = FLEXI_J16GE ? new JRegistry($filter->attribs) : new JParameter($filter->attribs);
$filter->label = JText::_($filter->label);
}
// Return found filters
return $filters;
}
static function getTags(&$params, &$module)
{
$mainframe = JFactory::getApplication();
// Initialize
$db = JFactory::getDBO();
$user = JFactory::getUser();
$nullDate = $db->getNullDate();
$now = FLEXI_J16GE ? JFactory::getDate()->toSql() : JFactory::getDate()->toMySQL();
$fparams = $mainframe->getParams('com_flexicontent');
$show_noauth = $fparams->get('show_noauth', 0);
// Get parameters
$minsize = (int) $params->get('min_size', '1');
$maxsize = (int) $params->get('max_size', '10');
$limit = (int) $params->get('count', '25');
$method = (int) $params->get('method', '1');
$scope = $params->get('categories');
$scope = is_array($scope) ? implode(',', $scope) : $scope;
$tagitemid = (int) $params->get('force_itemid', 0);
$where = !FLEXI_J16GE ? ' WHERE i.sectionid = ' . FLEXI_SECTION : ' WHERE 1 ';
$where .= ' AND i.state IN ( 1, -5 )';
$where .= ' AND ( i.publish_up = ' . $db->Quote($nullDate) . ' OR i.publish_up <= ' . $db->Quote($now) . ' )';
$where .= ' AND ( i.publish_down = ' . $db->Quote($nullDate) . ' OR i.publish_down >= ' . $db->Quote($now) . ' )';
$where .= ' AND c.published = 1';
$where .= ' AND tag.published = 1';
// filter by permissions
if (!$show_noauth) {
if (FLEXI_J16GE) {
$aid_arr = JAccess::getAuthorisedViewLevels($user->id);
$aid_list = implode(",", $aid_arr);
$where .= ' AND i.access IN (' . $aid_list . ')';
} else {
$aid = (int) $user->get('aid');
if (FLEXI_ACCESS) {
$readperms = FAccess::checkUserElementsAccess($user->gmid, 'read');
}
if (!empty($readperms['item'])) {
$where .= ' AND ( i.access <= ' . $aid . ' OR i.id IN (' . implode(",", $readperms['item']) . ') )';
} else {
$where .= ' AND i.access <= ' . $aid;
}
}
}
// category scope
if ($method == 2) {
// include method
$where .= ' AND c.id NOT IN (' . $scope . ')';
} else {
if ($method == 3) {
// exclude method
$where .= ' AND c.id IN (' . $scope . ')';
}
}
// count Tags
$result = array();
$query = 'SELECT COUNT( t.tid ) AS no' . ' FROM #__flexicontent_tags_item_relations AS t' . ' LEFT JOIN #__content AS i ON i.id = t.itemid' . ' LEFT JOIN #__categories AS c ON c.id = i.catid' . ' LEFT JOIN #__flexicontent_tags as tag ON tag.id = t.tid' . $where . ' GROUP BY t.tid' . ' ORDER BY no DESC';
$db->setQuery($query, 0, $limit);
$result = FLEXI_J30GE ? $db->loadColumn() : $db->loadResultArray();
//Do we have any tags?
if (!$result) {
return $result;
}
$max = (int) $result[0];
$min = (int) $result[sizeof($result) - 1];
$query = 'SELECT tag.id, tag.name, count( rel.tid ) AS no,' . ' CASE WHEN CHAR_LENGTH(tag.alias) THEN CONCAT_WS(\':\', tag.id, tag.alias) ELSE tag.id END as slug' . ' FROM #__flexicontent_tags AS tag' . ' LEFT JOIN #__flexicontent_tags_item_relations AS rel ON rel.tid = tag.id' . ' LEFT JOIN #__content AS i ON i.id = rel.itemid' . ' LEFT JOIN #__categories AS c ON c.id = i.catid' . $where . ' GROUP BY tag.id' . ' HAVING no >= ' . $min . ' ORDER BY tag.name';
$db->setQuery($query, 0, $limit);
$rows = $db->loadObjectList();
$i = 0;
$lists = array();
foreach ($rows as $row) {
$lists[$i] = new stdClass();
$lists[$i]->size = modFlexiTagCloudHelper::sizer($min, $max, $row->no, $minsize, $maxsize);
$lists[$i]->name = $row->name;
$lists[$i]->screenreader = JText::sprintf('FLEXI_NR_ITEMS_TAGGED', $row->no);
if ($tagitemid) {
$lists[$i]->link = FlexicontentHelperRoute::getTagRoute($row->slug, $tagitemid);
} else {
$lists[$i]->link = FlexicontentHelperRoute::getTagRoute($row->slug);
}
$lists[$i]->link = JRoute::_($lists[$i]->link . '&module=' . $module->id);
$i++;
}
return $lists;
}
function getItemList(&$field, &$item, &$ids = null, $cid = null, &$cparams = null)
{
// Global parameters
$gparams = JFactory::getApplication()->getParams('com_flexicontent');
$filtercat = $gparams->get('filtercat', 0);
// If language filtering is enabled in category view
$db = JFactory::getDBO();
$user = JFactory::getUser();
$date = JFactory::getDate();
$nowDate = FLEXI_J16GE ? $date->toSql() : $date->toMySQL();
$nullDate = $db->getNullDate();
if ($ids === null) {
$select = 'SELECT a.id';
$join = '' . ' LEFT JOIN #__flexicontent_items_ext AS ie on ie.item_id = a.id' . ' JOIN #__flexicontent_cats_item_relations AS rel ON rel.itemid = a.id ';
// Get the site default language in case no language is set in the url
$cntLang = substr(JFactory::getLanguage()->getTag(), 0, 2);
// Current Content language (Can be natively switched in J2.5)
$urlLang = JRequest::getWord('lang', '');
// Language from URL (Can be switched via Joomfish in J1.5)
$lang = FLEXI_J16GE || empty($urlLang) ? $cntLang : $urlLang;
// parameters shortcuts
$types_to_exclude = $field->parameters->get('type_to_exclude', '');
// filter depending on permissions
if (FLEXI_J16GE) {
$aid_arr = JAccess::getAuthorisedViewLevels($user->id);
$aid_list = implode(",", $aid_arr);
$andaccess = ' AND a.access IN (' . $aid_list . ')';
} else {
$aid = (int) $user->get('aid');
if (FLEXI_ACCESS) {
$readperms = FAccess::checkUserElementsAccess($user->gmid, 'read');
if (isset($readperms['item']) && count($readperms['item'])) {
$andaccess = ' AND ( ( a.access <= ' . $aid . ' OR a.id IN (' . implode(",", $readperms['item']) . ') OR a.created_by = ' . $user->id . ' OR ( a.modified_by = ' . $user->id . ' AND a.modified_by != 0 ) ) )';
} else {
$andaccess = ' AND ( a.access <= ' . $aid . ' OR a.created_by = ' . $user->id . ' OR ( a.modified_by = ' . $user->id . ' AND a.modified_by != 0 ) )';
}
} else {
$andaccess = ' AND ( a.access <= ' . $aid . ' OR a.created_by = ' . $user->id . ' OR ( a.modified_by = ' . $user->id . ' AND a.modified_by != 0 ) )';
}
}
// Determine sort order
$order = $cparams->get('orderby', '');
// TODO: finish using category ORDERING, now we ignore: commented, rated
$orderby = '';
$orderby_join = '';
if ((int) $cparams->get('orderbycustomfieldid', 0) != 0) {
if ($cparams->get('orderbycustomfieldint', 0) != 0) {
$int = ' + 0';
} else {
$int = '';
}
$orderby = 'f.value' . $int . ' ' . $cparams->get('orderbycustomfielddir', 'ASC');
$orderby_join = ' LEFT JOIN #__flexicontent_fields_item_relations AS f ON f.item_id = a.id AND f.field_id = ' . (int) $cparams->get('orderbycustomfieldid', 0);
} else {
switch ($order) {
case 'date':
$orderby = 'a.created';
break;
case 'rdate':
$orderby = 'a.created DESC';
break;
case 'modified':
$orderby = 'a.modified DESC';
break;
case 'alpha':
$orderby = 'a.title';
break;
case 'ralpha':
$orderby = 'a.title DESC';
break;
case 'author':
$orderby = 'u.name';
break;
case 'rauthor':
$orderby = 'u.name DESC';
break;
case 'hits':
$orderby = 'a.hits';
break;
case 'rhits':
$orderby = 'a.hits DESC';
break;
case 'order':
$orderby = 'rel.ordering';
break;
}
// Create JOIN for ordering items by a most rated
if ($order == 'author' || $order == 'rauthor') {
$orderby_join = ' LEFT JOIN #__users AS u ON u.id = a.created_by';
}
}
$orderby = $orderby ? $orderby . ', a.title' : 'a.title';
$orderby = ' ORDER BY ' . $orderby;
$types = is_array($types_to_exclude) ? implode(',', $types_to_exclude) : $types_to_exclude;
$where = ' WHERE rel.catid = ' . $cid;
$where .= ' AND ( a.state = 1 OR a.state = -5 )' . ' AND ( publish_up = ' . $db->Quote($nullDate) . ' OR publish_up <= ' . $db->Quote($nowDate) . ' )' . ' AND ( publish_down = ' . $db->Quote($nullDate) . ' OR publish_down >= ' . $db->Quote($nowDate) . ' )' . ($types_to_exclude ? ' AND ie.type_id NOT IN (' . $types . ')' : '');
if ((FLEXI_FISH || FLEXI_J16GE) && $filtercat) {
$where .= ' AND ( ie.language LIKE ' . $db->Quote($lang . '%') . (FLEXI_J16GE ? ' OR ie.language="*" ' : '') . ' ) ';
}
} else {
$select = 'SELECT a.*, ie.*,' . ' CASE WHEN CHAR_LENGTH(a.alias) THEN CONCAT_WS(":", a.id, a.alias) ELSE a.id END as slug,' . ' CASE WHEN CHAR_LENGTH(cc.alias) THEN CONCAT_WS(":", cc.id, cc.alias) ELSE cc.id END as categoryslug';
$join = ' LEFT JOIN #__flexicontent_items_ext AS ie on ie.item_id = a.id' . ' JOIN #__categories AS cc ON cc.id = ' . $cid;
$orderby = '';
$orderby_join = '';
$where = ' WHERE a.id IN (' . implode(',', $ids) . ')';
$andaccess = '';
}
// array of articles in same category correctly ordered
$query = $select . ' FROM #__content AS a' . $join . $orderby_join . $where . $andaccess . $orderby;
$db->setQuery($query);
$list = $db->loadObjectList('id');
if ($db->getErrorNum()) {
JError::raiseWarning($db->getErrorNum(), $db->getErrorMsg() . "<br />" . $query . "<br />");
}
// this check needed if incorrect Itemid is given resulting in an incorrect result
if (!is_array($list)) {
$list = array();
}
return $list;
}
/**
* Creates the add button
*
* @param array $params
* @since 1.0
*/
static function addbutton(&$params, &$submit_cat = null, $menu_itemid = 0, $submit_text = '', $auto_relations = false, $ignore_unauthorized = false)
{
if ( !$params->get('show_addbutton', 1) || JRequest::getCmd('print') ) return;
// Currently add button will appear to logged users only
// ... unless unauthorized users are allowed
$user = JFactory::getUser();
if ( !$user->id && $ignore_unauthorized < 2 ) return '';
// IF not auto-relation given ... then check if current view / layout can use ADD button
$view = JRequest::getVar('view');
$layout = JRequest::getVar('layout', 'default');
if ( !$auto_relations ) {
if ( $view!='category' || $layout == 'author' ) return '';
}
// *********************************************************************
// Check if user can ADD to (a) given category or to (b) at any category
// *********************************************************************
// (a) Given category
if ( $submit_cat && $submit_cat->id )
{
if (FLEXI_J16GE) {
$canAdd = $user->authorise('core.create', 'com_content.category.' . $submit_cat->id);
} else if (FLEXI_ACCESS) {
$canAdd = ($user->gid < 25) ? FAccess::checkAllContentAccess('com_content','submit','users', $user->gmid, 'category', $submit_cat->id) : 1;
} else {
$canAdd = $user->authorize('com_content', 'add', 'content', 'all');
//$canAdd = ($user->gid >= 19); // At least J1.5 Author
}
}
// (b) Any category (or to the CATEGORY IDS of given CATEGORY VIEW OBJECT)
else
{
// Given CATEGORY VIEW OBJECT may limit to specific category ids
if (FLEXI_J16GE) {
$canAdd = $user->authorise('core.create', 'com_flexicontent');
} else if ($user->gid >= 25) {
$canAdd = 1;
} else if (FLEXI_ACCESS) {
$canAdd = FAccess::checkUserElementsAccess($user->gmid, 'submit');
$canAdd = @$canAdd['content'] || @$canAdd['category'];
} else {
$canAdd = $user->authorize('com_content', 'add', 'content', 'all');
}
if ($canAdd === NULL && $user->id) {
// Perfomance concern (NULL for $canAdd) means SOFT DENY, also check for logged user
// thus to avoid checking some/ALL categories for "create" privelege for unlogged users
$specific_catids = $submit_cat ? @ $submit_cat->ids : false;
if ($specific_catids && count($specific_catids) > 3) $specific_catids = false;
$allowedcats = FlexicontentHelperPerm::getAllowedCats( $user, $actions_allowed=array('core.create'), $require_all=true, $check_published = true, $specific_catids, $find_first = true );
$canAdd = count($allowedcats);
}
}
if ( !$canAdd && !$ignore_unauthorized ) return '';
// ******************************
// Create submit button/icon text
// ******************************
if ($submit_text) {
$submit_lbl = JText::_($submit_text);
} else {
$submit_lbl = JText::_( $submit_cat && $submit_cat->id ? 'FLEXI_ADD_NEW_CONTENT_TO_CURR_CAT' : 'FLEXI_ADD_NEW_CONTENT_TO_LIST' );
}
// ***********
// Create link
// ***********
// Add Itemid (if given) and do SEF URL routing it --before-- appending more variables, so that
// ... menu item URL variables from given menu item ID will be appended if SEF URLs are OFF
$link = 'index.php?option=com_flexicontent';
$link .= $menu_itemid ? '&Itemid='.$menu_itemid : '&view='.FLEXI_ITEMVIEW.'&task=add';
$link = JRoute::_($link);
// Add main category ID (if given)
$link .= ($submit_cat && $submit_cat->id) ? '&maincat='.$submit_cat->id : '';
// Append autorelate information to the URL (if given)
if ($auto_relations) foreach ( $auto_relations as $auto_relation ) {
$link .= '&autorelation_'.$auto_relation->fieldid.'='.$auto_relation->itemid;
}
// ***************************************
// Finally create the submit icon / button
// ***************************************
$overlib = $submit_lbl;
$text = JText::_( 'FLEXI_ADD' );
$show_icons = 2; //$params->get('show_icons');
if ( $show_icons && !$auto_relations ) {
$attribs = '';
$image = FLEXI_J16GE ?
JHTML::image('components/com_flexicontent/assets/images/'.'plus-button.png', $submit_lbl, $attribs) :
JHTML::_('image.site', 'plus-button.png', 'components/com_flexicontent/assets/images/', NULL, NULL, $submit_lbl, $attribs) ;
} else {
$image = '';
}
$tooltip_class = 'fc_addbutton';
if ( $show_icons==1 && !$auto_relations ) {
$caption = '';
$tooltip_class .= ' editlinktip';
} else {
$caption = $text;
$tooltip_class .=
(FLEXI_J30GE ? ' btn btn-small' : ' fc_button fcsimple fcsmall')
.($auto_relations ? ' btn-success' : '');
}
$tooltip_class .= FLEXI_J30GE ? ' hasTooltip' : ' hasTip';
$tooltip_title = flexicontent_html::getToolTip($text, $overlib, 0);
$output = '<a href="'.$link.'" class="'.$tooltip_class.'" title="'.$tooltip_title.'">'.$image.$caption.'</a>';
if (!$auto_relations) {
$output = JText::_( 'FLEXI_ICON_SEP' ) .$output. JText::_( 'FLEXI_ICON_SEP' );
}
return $output;
}
function faccess_items_editable_where(&$where)
{
$canEdit = FAccess::checkUserElementsAccess($user->gmid, 'edit');
$canEditOwn = FAccess::checkUserElementsAccess($user->gmid, 'editown');
if (!@$canEdit['content']) {
// first exclude the users allowed to edit all items
if (@$canEditOwn['content']) {
// custom rules for users allowed to edit all their own items
$allown = array();
$allown[] = ' i.created_by = ' . $user->id;
if (isset($canEdit['category'])) {
if (count($canEdit['category'])) {
$allown[] = ' i.catid IN (' . implode(',', $canEdit['category']) . ')';
}
}
if (isset($canEdit['item'])) {
if (count($canEdit['item'])) {
$allown[] = ' i.id IN (' . implode(',', $canEdit['item']) . ')';
}
}
if (count($allown) > 0) {
$where[] = count($allown) > 1 ? ' (' . implode(' OR', $allown) . ')' : $allown[0];
}
} else {
if (isset($canEditOwn['category']) && count($canEditOwn['category']) || isset($canEditOwn['item']) && count($canEditOwn['item'])) {
// standard rules for the other users
$allown = array();
if (isset($canEditOwn['category'])) {
if (count($canEditOwn['category'])) {
$allown[] = ' (i.catid IN (' . implode(',', $canEditOwn['category']) . ') AND i.created_by = ' . $user->id . ')';
}
}
if (isset($canEdit['category'])) {
if (count($canEdit['category'])) {
$allown[] = ' i.catid IN (' . implode(',', $canEdit['category']) . ')';
}
}
if (isset($canEdit['item'])) {
if (count($canEdit['item'])) {
$allown[] = ' i.id IN (' . implode(',', $canEdit['item']) . ')';
}
}
if (count($allown) > 0) {
$where[] = count($allown) > 1 ? ' (' . implode(' OR', $allown) . ')' : $allown[0];
}
} else {
$jAp = JFactory::getApplication();
$jAp->enqueueMessage(JText::_('FLEXI_CANNOT_VIEW_EDIT_ANY_ITEMS'), 'notice');
$where[] = ' 0 ';
}
}
}
}
/**
* Logic to save an item
*
* @access public
* @return void
* @since 1.0
*/
function save()
{
// Check for request forgeries
JRequest::checkToken() or jexit( 'Invalid Token' );
// Initialize variables
$app = JFactory::getApplication();
$db = JFactory::getDBO();
$user = JFactory::getUser();
$menu = $app->getMenu()->getActive();
$config = JFactory::getConfig();
$session = JFactory::getSession();
$task = JRequest::getVar('task');
$model = $this->getModel(FLEXI_ITEMVIEW);
$isnew = !$model->getId();
$ctrl_task = FLEXI_J16GE ? 'task=items.' : 'controller=items&task=';
$fc_params = JComponentHelper::getParams( 'com_flexicontent' );
$dolog = $fc_params->get('print_logging_info');
// Get the COMPONENT only parameters
$comp_params = JComponentHelper::getComponent('com_flexicontent')->params;
$params = FLEXI_J16GE ? clone ($comp_params) : new JParameter( $comp_params ); // clone( JComponentHelper::getParams('com_flexicontent') );
// Merge the type parameters
$tparams = $model->getTypeparams();
$tparams = FLEXI_J16GE ? new JRegistry($tparams) : new JParameter($tparams);
$params->merge($tparams);
// Merge the menu parameters
if ($menu) {
$menu_params = FLEXI_J16GE ? $menu->params : new JParameter($menu->params);
$params->merge($menu_params);
}
// Get needed parameters
$submit_redirect_url_fe = $params->get('submit_redirect_url_fe', '');
$allowunauthorize = $params->get('allowunauthorize', 0);
// *********************
// Get data from request
// *********************
if (FLEXI_J16GE) {
// Retrieve form data these are subject to basic filtering
$data = JRequest::getVar('jform', array(), 'post', 'array'); // Core Fields and and item Parameters
$custom = JRequest::getVar('custom', array(), 'post', 'array'); // Custom Fields
$jfdata = JRequest::getVar('jfdata', array(), 'post', 'array'); // Joomfish Data
if ( ! @ $data['rules'] ) $data['rules'] = array();
}
else {
// Retrieve form data these are subject to basic filtering
$data = JRequest::get( 'post' ); // Core & Custom Fields and item Parameters
}
// Set data id into model in case not already set ?
$model->setId((int) $data['id']);
// *************************************
// ENFORCE can change category ACL perms
// *************************************
$perms = FlexicontentHelperPerm::getPerm();
// Per content type change category permissions
if (FLEXI_J16GE) {
$current_type_id = ($isnew || !$model->get('type_id')) ? $data['type_id'] : $model->get('type_id'); // GET current (existing/old) item TYPE ID
$CanChangeFeatCat = $user->authorise('flexicontent.change.cat.feat', 'com_flexicontent.type.' . $current_type_id);
$CanChangeSecCat = $user->authorise('flexicontent.change.cat.sec', 'com_flexicontent.type.' . $current_type_id);
$CanChangeCat = $user->authorise('flexicontent.change.cat', 'com_flexicontent.type.' . $current_type_id);
} else {
$CanChangeFeatCat = 1;
$CanChangeSecCat = 1;
$CanChangeCat = 1;
}
$featured_cats_parent = $params->get('featured_cats_parent', 0);
$featured_cats = array();
$enable_featured_cid_selector = $perms->MultiCat && $CanChangeFeatCat;
$enable_cid_selector = $perms->MultiCat && $CanChangeSecCat;
$enable_catid_selector = ($isnew && !$tparams->get('catid_default')) || (!$isnew && !$model->get('catid')) || $CanChangeCat;
// Enforce maintaining featured categories
$featured_cats_parent = $params->get('featured_cats_parent', 0);
$featured_cats = array();
if ( $featured_cats_parent && !$enable_featured_cid_selector )
{
$featured_tree = flexicontent_cats::getCategoriesTree($published_only=1, $parent_id=$featured_cats_parent, $depth_limit=0);
$featured_cid = array();
if (!$isnew) {
foreach($model->get('categories') as $item_cat) if (isset($featured_tree[$item_cat])) $featured_cid[] = $item_cat;
}
$data['featured_cid'] = $featured_cid;
}
// Enforce maintaining secondary categories
if (!$enable_cid_selector) {
if ($isnew) {
$data['cid'] = $tparams->get('cid_default');
} else if ( isset($featured_cid) ) {
$featured_cid_arr = array_flip($featured_cid);
$sec_cid = array();
foreach($model->get('cats') as $item_cat) if (!isset($featured_cid_arr[$item_cat])) $sec_cid[] = $item_cat;
$data['cid'] = $sec_cid;
} else {
$data['cid'] = $model->get('cats');
}
}
if (!$enable_catid_selector) {
if ($isnew && $tparams->get('catid_default'))
$data['catid'] = $tparams->get('catid_default');
else if ($model->get('catid'))
$data['catid'] = $model->get('catid');
}
// **************************
// Basic Form data validation
// **************************
if (FLEXI_J16GE)
{
// *** MANUALLY CHECK CAPTCHA ***
$use_captcha = $params->get('use_captcha', 1); // 1 for guests, 2 for any user
$captcha_formop = $params->get('captcha_formop', 0); // 0 for submit, 1 for submit/edit (aka always)
$is_submitop = ((int) $data['id']) == 0;
$display_captcha = $use_captcha >= 2 || ( $use_captcha == 1 && $user->guest );
$display_captcha = $display_captcha && ( $is_submitop || $captcha_formop); // for submit operation we do not need to check 'captcha_formop' ...
if ($display_captcha)
{
// Try to force the use of recaptcha plugin
JFactory::getConfig()->set('captcha', 'recaptcha');
if ( $app->getCfg('captcha') == 'recaptcha' && JPluginHelper::isEnabled('captcha', 'recaptcha') ) {
JPluginHelper::importPlugin('captcha');
$dispatcher = JDispatcher::getInstance();
$result = $dispatcher->trigger('onCheckAnswer', JRequest::getString('recaptcha_response_field'));
if (!$result[0]) {
$errmsg = JText::_('FLEXI_CAPTCHA_FAILED');
$errmsg .= ' '.JText::_('FLEXI_MUST_REFILL_SOME_FIELDS');
echo "<script>alert('".$errmsg."');";
echo "window.history.back();";
echo "</script>";
jexit();
}
}
}
// Validate Form data for core fields and for parameters
$form = $model->getForm(); // Do not pass any data we only want the form object in order to validate the data and not create a filled-in form
$post = $model->validate($form, $data);
// Check for validation error
if (!$post) {
// Get the validation messages.
$errors = $form->getErrors();
// Push up to three validation messages out to the user.
for ($i = 0, $n = count($errors); $i < $n && $i < 3; $i++) {
if ($errors[$i] instanceof Exception)
$app->enqueueMessage($errors[$i]->getMessage(), 'notice');
else
$app->enqueueMessage($errors[$i], 'notice');
}
// Save the jform data in the session.
$app->setUserState($form->option.'.edit.'.$form->context.'.data', $data);
// Save the custom fields data in the session.
$app->setUserState($form->option.'.edit.'.$form->context.'.custom', $custom);
// Redirect back to the registration form.
$this->setRedirect( $_SERVER['HTTP_REFERER'] );
return false;
//die('error');
}
/*if (!$post) {
//JError::raiseWarning( 500, "Error while validating data: " . $model->getError() );
echo "Error while validating data: " . $model->getError();
echo '<span class="fc_return_msg">'.JText::sprintf('FLEXI_CLICK_HERE_TO_RETURN', '"JavaScript:window.history.back();"').'</span>';
jexit();
}*/
// Some values need to be assigned after validation
$post['attribs'] = @$data['attribs']; // Workaround for item's template parameters being clear by validation since they are not present in item.xml
$post['custom'] = & $custom; // Assign array of custom field values, they are in the 'custom' form array instead of jform
$post['jfdata'] = & $jfdata; // Assign array of Joomfish field values, they are in the 'jfdata' form array instead of jform
// Assign template parameters of the select ilayout as an sub-array (the DB model will handle the merging of parameters)
$ilayout = @ $data['attribs']['ilayout']; // normal not be set if frontend template editing is not shown
if( $ilayout && !empty($data['layouts'][$ilayout]) ) $post['attribs']['layouts'] = $data['layouts'];
//echo "<pre>"; print_r($post['attribs']); exit;
}
else {
$post = $data;
// Some values need to be assigned after validation
$post['text'] = JRequest::getVar( 'text', '', 'post', 'string', JREQUEST_ALLOWRAW ); // Workaround for allowing raw text field
// Assign template parameters of the select ilayout as an sub-array (the DB model will handle the merging of parameters)
$ilayout = @ $post['params']['ilayout']; // normal not be set if frontend template editing is not shown
if( $ilayout && !empty($post['layouts'][$ilayout]) ) $post['params']['layouts'] = $post['layouts'];
//echo "<pre>"; print_r($post['params']); exit;
}
// USEFULL FOR DEBUGING for J2.5 (do not remove commented code)
//$diff_arr = array_diff_assoc ( $data, $post);
//echo "<pre>"; print_r($diff_arr); jexit();
// ********************************************************************************
// PERFORM ACCESS CHECKS, NOTE: we need to check access again, despite having
// checked them on edit form load, because user may have tampered with the form ...
// ********************************************************************************
$type_id = (int) @ $post['type_id']; // Typecast to int, (already done for J2.5 via validating)
if ( !$isnew && $model->get('type_id') == $type_id ) {
// Existing item with Type not being ALTERED, content type can be maintained regardless of privilege
$canCreateType = true;
} else {
// New item or existing item with Type is being ALTERED, check privilege to create items of this type
$canCreateType = $model->canCreateType( array($type_id), true, $types );
}
// ****************************************************************
// Calculate user's privileges on current content item
// ... canPublish IS RECALCULATED after saving, maybe comment out ?
// ****************************************************************
if (!$isnew) {
if (FLEXI_J16GE) {
$asset = 'com_content.article.' . $model->get('id');
$canPublish = $user->authorise('core.edit.state', $asset) || ($user->authorise('core.edit.state.own', $asset) && $model->get('created_by') == $user->get('id'));
$canEdit = $user->authorise('core.edit', $asset) || ($user->authorise('core.edit.own', $asset) && $model->get('created_by') == $user->get('id'));
// ALTERNATIVE 1
//$canEdit = $model->getItemAccess()->get('access-edit'); // includes privileges edit and edit-own
// ALTERNATIVE 2
//$rights = FlexicontentHelperPerm::checkAllItemAccess($user->get('id'), 'item', $model->get('id'));
//$canEdit = in_array('edit', $rights) || (in_array('edit.own', $rights) && $model->get('created_by') == $user->get('id')) ;
} else if ($user->gid >= 25) {
$canPublish = true;
$canEdit = true;
} else if (FLEXI_ACCESS) {
$rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, $model->get('id'), $model->get('catid'));
$canPublish = in_array('publish', $rights) || (in_array('publishown', $rights) && $model->get('created_by') == $user->get('id')) ;
$canEdit = in_array('edit', $rights) || (in_array('editown', $rights) && $model->get('created_by') == $user->get('id')) ;
} else {
$canPublish = $user->authorize('com_content', 'publish', 'content', 'all');
$canEdit = $user->authorize('com_content', 'edit', 'content', 'all') || ($user->authorize('com_content', 'edit', 'content', 'own') && $model->get('created_by') == $user->get('id'));
//$canPublish = ($user->gid >= 21); // At least J1.5 Publisher
//$canEdit = ($user->gid >= 20); // At least J1.5 Editor
}
if ( !$canEdit ) {
// No edit privilege, check if item is editable till logoff
if ($session->has('rendered_uneditable', 'flexicontent')) {
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
$canEdit = isset($rendered_uneditable[$model->get('id')]) && $rendered_uneditable[$model->get('id')];
}
}
} else {
if (FLEXI_J16GE) {
$canAdd = $model->getItemAccess()->get('access-create'); // includes check of creating in at least one category
$not_authorised = !$canAdd;
$canPublish = $user->authorise('core.edit.state', 'com_flexicontent') || $user->authorise('core.edit.state.own', 'com_flexicontent');
} else if ($user->gid >= 25) {
$canAdd = 1;
} else if (FLEXI_ACCESS) {
$canAdd = FAccess::checkUserElementsAccess($user->gmid, 'submit');
$canAdd = @$canAdd['content'] || @$canAdd['category'];
$canPublishAll = FAccess::checkAllContentAccess('com_content','publish','users',$user->gmid,'content','all');
$canPublishOwnAll = FAccess::checkAllContentAccess('com_content','publishown','users',$user->gmid,'content','all');
$canPublish = ($user->gid < 25) ? $canPublishAll || $canPublishOwnAll : 1;
} else {
$canAdd = $user->authorize('com_content', 'add', 'content', 'all');
//$canAdd = ($user->gid >= 19); // At least J1.5 Author
$not_authorised = ! $canAdd;
$canPublish = ($user->gid >= 21);
}
if ( $allowunauthorize ) {
$canAdd = true;
$canCreateType = true;
}
}
// ... we use some strings from administrator part
// load english language file for 'com_flexicontent' component then override with current language file
JFactory::getLanguage()->load('com_flexicontent', JPATH_ADMINISTRATOR, 'en-GB', true);
JFactory::getLanguage()->load('com_flexicontent', JPATH_ADMINISTRATOR, null, true);
// Check for new content
if ( ($isnew && !$canAdd) || (!$isnew && !$canEdit)) {
$msg = JText::_( 'FLEXI_ALERTNOTAUTH' );
if (FLEXI_J16GE) throw new Exception($msg, 403); else JError::raiseError(403, $msg);
}
if ( !$canCreateType ) {
$msg = isset($types[$type_id]) ?
JText::sprintf( 'FLEXI_NO_ACCESS_CREATE_CONTENT_OF_TYPE', JText::_($types[$type_id]->name) ) :
' Content Type '.$type_id.' was not found OR is not published';
if (FLEXI_J16GE) throw new Exception($msg, 403); else JError::raiseError(403, $msg);
return;
}
// Get "BEFORE SAVE" categories for information mail
$before_cats = array();
if ( !$isnew )
{
$query = 'SELECT DISTINCT c.id, c.title FROM #__categories AS c'
. ' JOIN #__flexicontent_cats_item_relations AS rel ON rel.catid = c.id'
. ' WHERE rel.itemid = '.(int) $model->get('id');
$db->setQuery( $query );
$before_cats = $db->loadObjectList('id');
$before_maincat = $model->get('catid');
$original_item = $model->getItem($post['id'], $check_view_access=false, $no_cache=true, $force_version=0);
}
// ****************************************
// Try to store the form data into the item
// ****************************************
if ( ! $model->store($post) )
{
// Set error message about saving failed, and also the reason (=model's error message)
$msg = JText::_( 'FLEXI_ERROR_STORING_ITEM' );
JError::raiseWarning( 500, $msg .": " . $model->getError() );
// Since an error occured, check if (a) the item is new and (b) was not created
if ($isnew && !$model->get('id')) {
$msg = '';
$link = 'index.php?option=com_flexicontent&'.$ctrl_task.'add&id=0&typeid='.$type_id.'&'. (FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken()) .'=1';
$this->setRedirect($link, $msg);
} else {
$msg = '';
$link = 'index.php?option=com_flexicontent&'.$ctrl_task.'edit&id='.$model->get('id').'&'. (FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken()) .'=1';
$this->setRedirect($link, $msg);
}
// Saving has failed check-in and return, (above redirection will be used)
$model->checkin();
return;
}
// **************************************************
// Check in model and get item id in case of new item
// **************************************************
$model->checkin();
$post['id'] = $isnew ? (int) $model->get('id') : $post['id'];
// Get items marked as newly submitted
$newly_submitted = $session->get('newly_submitted', array(), 'flexicontent');
if ($isnew) {
// Mark item as newly submitted, to allow to a proper "THANKS" message after final save & close operation (since user may have clicked add instead of add & close)
$newly_submitted[$model->get('id')] = 1;
$session->set('newly_submitted', $newly_submitted, 'flexicontent');
}
$newly_submitted_item = @ $newly_submitted[$model->get('id')];
// ***********************************************************************************************************
// Get newly saved -latest- version (store task gets latest) of the item, and also calculate publish privelege
// ***********************************************************************************************************
$item = $model->getItem($post['id'], $check_view_access=false, $no_cache=true, $force_version=-1);
$canPublish = $model->canEditState( $item, $check_cat_perm=true );
// ********************************************************************************************
// Use session to detect multiple item saves to avoid sending notification EMAIL multiple times
// ********************************************************************************************
$is_first_save = true;
if ($session->has('saved_fcitems', 'flexicontent')) {
$saved_fcitems = $session->get('saved_fcitems', array(), 'flexicontent');
$is_first_save = $isnew ? true : !isset($saved_fcitems[$model->get('id')]);
}
// Add item to saved items of the corresponding session array
$saved_fcitems[$model->get('id')] = $timestamp = time(); // Current time as seconds since Unix epoc;
$session->set('saved_fcitems', $saved_fcitems, 'flexicontent');
// ********************************************
// Get categories added / removed from the item
// ********************************************
$query = 'SELECT DISTINCT c.id, c.title FROM #__categories AS c'
. ' JOIN #__flexicontent_cats_item_relations AS rel ON rel.catid = c.id'
. ' WHERE rel.itemid = '.(int) $model->get('id');
$db->setQuery( $query );
$after_cats = $db->loadObjectList('id');
if ( !$isnew ) {
$cats_added_ids = array_diff(array_keys($after_cats), array_keys($before_cats));
foreach($cats_added_ids as $cats_added_id) {
$cats_added_titles[] = $after_cats[$cats_added_id]->title;
}
$cats_removed_ids = array_diff(array_keys($before_cats), array_keys($after_cats));
foreach($cats_removed_ids as $cats_removed_id) {
$cats_removed_titles[] = $before_cats[$cats_removed_id]->title;
}
$cats_altered = count($cats_added_ids) + count($cats_removed_ids);
$after_maincat = $model->get('catid');
}
// *******************************************************************************************************************
// We need to get emails to notify, from Global/item's Content Type parameters -AND- from item's categories parameters
// *******************************************************************************************************************
$notify_emails = array();
if ( $is_first_save || $cats_altered || $params->get('nf_enable_debug',0) )
{
// Get needed flags regarding the saved items
$approve_version = 2;
$pending_approval_state = -3;
$draft_state = -4;
$current_version = FLEXIUtilities::getCurrentVersions($item->id, true); // Get current item version
$last_version = FLEXIUtilities::getLastVersions($item->id, true); // Get last version (=latest one saved, highest version id),
// $post variables vstate & state may have been (a) tampered in the form, and/or (b) altered by save procedure so better not use them
$needs_version_reviewal = !$isnew && ($last_version > $current_version) && !$canPublish;
$needs_publication_approval = $isnew && ($item->state == $pending_approval_state) && !$canPublish;
$draft_from_non_publisher = $item->state==$draft_state && !$canPublish;
if ($draft_from_non_publisher) {
// Suppress notifications for draft-state items (new or existing ones), for these each author will publication approval manually via a button
$nConf = false;
} else {
// Get notifications configuration and select appropriate emails for current saving case
$nConf = $model->getNotificationsConf($params); //echo "<pre>"; print_r($nConf); "</pre>";
}
if ($nConf)
{
$states_notify_new = $params->get('states_notify_new', array(1,0,(FLEXI_J16GE ? 2:-1),-3,-4,-5));
if ( empty($states_notify_new) ) $states_notify_new = array();
else if ( ! is_array($states_notify_new) ) $states_notify_new = !FLEXI_J16GE ? array($states_notify_new) : explode("|", $states_notify_new);
$states_notify_existing = $params->get('states_notify_existing', array(1,0,(FLEXI_J16GE ? 2:-1),-3,-4,-5));
if ( empty($states_notify_existing) ) $states_notify_existing = array();
else if ( ! is_array($states_notify_existing) ) $states_notify_existing = !FLEXI_J16GE ? array($states_notify_existing) : explode("|", $states_notify_existing);
$n_state_ok = in_array($item->state, $states_notify_new);
$e_state_ok = in_array($item->state, $states_notify_existing);
if ($needs_publication_approval) $notify_emails = $nConf->emails->notify_new_pending;
else if ($isnew && $n_state_ok) $notify_emails = $nConf->emails->notify_new;
else if ($isnew) $notify_emails = array();
else if ($needs_version_reviewal) $notify_emails = $nConf->emails->notify_existing_reviewal;
else if (!$isnew && $e_state_ok) $notify_emails = $nConf->emails->notify_existing;
else if (!$isnew) $notify_emails = array();
if ($needs_publication_approval) $notify_text = $params->get('text_notify_new_pending');
else if ($isnew) $notify_text = $params->get('text_notify_new');
else if ($needs_version_reviewal) $notify_text = $params->get('text_notify_existing_reviewal');
else if (!$isnew) $notify_text = $params->get('text_notify_existing');
//print_r($notify_emails); jexit();
}
}
// *********************************************************************************************************************
// If there are emails to notify for current saving case, then send the notifications emails, but
// *********************************************************************************************************************
if ( !empty($notify_emails) && count($notify_emails) ) {
$notify_vars = new stdClass();
$notify_vars->needs_version_reviewal = $needs_version_reviewal;
$notify_vars->needs_publication_approval = $needs_publication_approval;
$notify_vars->isnew = $isnew;
$notify_vars->notify_emails = $notify_emails;
$notify_vars->notify_text = $notify_text;
$notify_vars->before_cats = $before_cats;
$notify_vars->after_cats = $after_cats;
$notify_vars->original_item = @ $original_item;
$model->sendNotificationEmails($notify_vars, $params, $manual_approval_request=0);
}
// ***************************************************
// CLEAN THE CACHE so that our changes appear realtime
// ***************************************************
if (FLEXI_J16GE) {
$cache = FLEXIUtilities::getCache($group='', 0);
$cache->clean('com_flexicontent_items');
$cache->clean('com_flexicontent_filters');
$cache = FLEXIUtilities::getCache($group='', 1);
$cache->clean('com_flexicontent_items');
$cache->clean('com_flexicontent_filters');
} else {
$itemcache = JFactory::getCache('com_flexicontent_items');
$itemcache->clean();
$filtercache = JFactory::getCache('com_flexicontent_filters');
$filtercache->clean();
}
// ****************************************************************************************************************************
// Recalculate EDIT PRIVILEGE of new item. Reason for needing to do this is because we can have create permission in a category
// and thus being able to set this category as item's main category, but then have no edit/editown permission for this category
// ****************************************************************************************************************************
if (FLEXI_J16GE) {
$asset = 'com_content.article.' . $model->get('id');
$canEdit = $user->authorise('core.edit', $asset) || ($user->authorise('core.edit.own', $asset) && $model->get('created_by') == $user->get('id'));
// ALTERNATIVE 1
//$canEdit = $model->getItemAccess()->get('access-edit'); // includes privileges edit and edit-own
// ALTERNATIVE 2
//$rights = FlexicontentHelperPerm::checkAllItemAccess($user->get('id'), 'item', $model->get('id'));
//$canEdit = in_array('edit', $rights) || (in_array('edit.own', $rights) && $model->get('created_by') == $user->get('id')) ;
} else if (FLEXI_ACCESS && $user->gid < 25) {
$rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, $model->get('id'), $model->get('catid'));
$canEdit = in_array('edit', $rights) || (in_array('editown', $rights) && $model->get('created_by') == $user->get('id')) ;
} else {
// This is meaningful when executed in frontend, since all backend users (managers and above) can edit items
$canEdit = $user->authorize('com_content', 'edit', 'content', 'all') || ($user->authorize('com_content', 'edit', 'content', 'own') && $model->get('created_by') == $user->get('id'));
}
// *******************************************************************************************************
// Check if user can not edit item further (due to changed main category, without edit/editown permission)
// *******************************************************************************************************
if (!$canEdit)
{
if ($task=='apply') {
// APPLY TASK: Temporarily set item to be editable till closing it
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
$rendered_uneditable[$model->get('id')] = 1;
$session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent');
$canEdit = 1;
}
else if ( $newly_submitted_item ) {
// NEW ITEM: Do not use editable till logoff behaviour
// ALSO: Clear editable FLAG set in the case that 'apply' button was used during new item creation
if ( !$params->get('items_session_editable', 0) ) {
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
if ( isset($rendered_uneditable[$model->get('id')]) ) {
unset( $rendered_uneditable[$model->get('id')] );
$session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent');
}
}
}
else {
// EXISTING ITEM: (if enabled) Use the editable till logoff behaviour
if ( $params->get('items_session_editable', 0) ) {
// Set notice for existing item being editable till logoff
JError::raiseNotice( 403, JText::_( 'FLEXI_CANNOT_EDIT_AFTER_LOGOFF' ) );
// Allow item to be editable till logoff
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
$rendered_uneditable[$model->get('id')] = 1;
$session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent');
$canEdit = 1;
}
}
// Set notice about saving an item that cannot be changed further
if ( !$canEdit ) {
$app->enqueueMessage(JText::_( 'FLEXI_CANNOT_MAKE_FURTHER_CHANGES_TO_CONTENT' ), 'message' );
}
}
// ****************************************************************
// Check for new Content Item is being closed, and clear some flags
// ****************************************************************
if ($task!='apply' && $newly_submitted_item )
{
// Clear item from being marked as newly submitted
unset($newly_submitted[$model->get('id')]);
$session->set('newly_submitted', $newly_submitted, 'flexicontent');
// The 'apply' task may set 'editable till logoff' FLAG ...
// CLEAR IT, since NEW content this is meant to be used temporarily
if ( !$params->get('items_session_editable', 0) ) {
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
if ( isset($rendered_uneditable[$model->get('id')]) ) {
unset( $rendered_uneditable[$model->get('id')] );
$session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent');
}
}
}
// ****************************************
// Saving is done, decide where to redirect
// ****************************************
// REDIRECT CASE FOR APPLYING: Save and reload the item edit form
if ($task=='apply') {
$msg = JText::_( 'FLEXI_ITEM_SAVED' );
// Create the URL
global $globalcats;
$Itemid = JRequest::getInt('Itemid', 0); // maintain current menu item if this was given
$item_url = JRoute::_(FlexicontentHelperRoute::getItemRoute($item->id.':'.$item->alias, $globalcats[$item->catid]->slug, $Itemid));
$link = $item_url
.(strstr($item_url, '?') ? '&' : '?').'task=edit'
;
// Important pass referer back to avoid making the form itself the referer
// but also check that referer URL is 'safe' (allowed) , e.g. not an offsite URL, otherwise set referer to HOME page
$referer = JRequest::getString('referer', JURI::base(), 'post');
if ( ! flexicontent_html::is_safe_url($referer) ) $referer = JURI::base();
$return = '&return='.base64_encode( $referer );
$link .= $return;
}
// REDIRECT CASES FOR SAVING
else {
// REDIRECT CASE: Return to a custom page after creating a new item (e.g. a thanks page)
if ( $newly_submitted_item && $submit_redirect_url_fe ) {
$link = $submit_redirect_url_fe;
$msg = JText::_( 'FLEXI_ITEM_SAVED' );
}
// REDIRECT CASE: Save and preview the latest version
else if ($task=='save_a_preview') {
$msg = JText::_( 'FLEXI_ITEM_SAVED' );
$link = JRoute::_(FlexicontentHelperRoute::getItemRoute($model->_item->id.':'.$model->_item->alias, $model->_item->catid, 0, $model->_item).'&preview=1', false);
}
// REDIRECT CASE: Return to the form 's referer (previous page) after item saving
else {
$msg = $newly_submitted_item ? JText::_( 'FLEXI_THANKS_SUBMISSION' ) : JText::_( 'FLEXI_ITEM_SAVED' );
// Check that referer URL is 'safe' (allowed) , e.g. not an offsite URL, otherwise for returning to HOME page
$link = JRequest::getString('referer', JURI::base(), 'post');
if ( ! flexicontent_html::is_safe_url($link) ) {
if ( $dolog ) JFactory::getApplication()->enqueueMessage( 'refused redirection to possible unsafe URL: '.$link, 'notice' );
$link = JURI::base();
}
}
}
$this->setRedirect($link, $msg);
}
function save_import()
{
// Check for request forgeries
//JRequest::checkToken() or jexit( 'Invalid Token' );
//mara
$arr_countries = array('AL' => 'Albania',
'AM' => 'Armenia' ,
'ARG' =>'Argentina' ,
'AU' => 'Australia' ,
'AUT' => 'Austria' ,
'AZ' =>'Azerbaidjan' ,
'BEL' => 'Belgium' ,
'BGD' => 'Bangladesh' ,
'BLG' => 'Bulgaria' ,
'BLR' => 'Belarus' ,
'BOS' => 'Bosnia-Herzegovina' ,
'BRA' => 'Brazil' ,
'CAN' => 'Canada' ,
'CB' => 'Cuba' ,
'CHE' => 'Switzerland' ,
'CHI' => 'China' ,
'CHL' => 'Chile' ,
'CS' => 'Czech Republic' ,
'DEU' => 'Germany' ,
'DNK' => 'Denmark' ,
'EGP' => 'Egypt' ,
'EST' => 'Estonia' ,
'FIN' => 'Finland' ,
'FRA' => 'France' ,
'GBR' => 'Great Britain' ,
'GBRUSA' => 'Great Britain' ,
'GEO' => 'Georgia' ,
'GR' => 'Greece' ,
'HK' => 'Hong Kong' ,
'HOR' => 'Croatia' ,
'HUN' => 'Hungary' ,
'IDZ' => 'Indonesia' ,
'IND' => 'India' ,
'IOR' => 'Jordan' ,
'IRA' => 'Iran' ,
'IRL' => 'Ireland' ,
'ISL' => 'Iceland' ,
'ISR' => 'Israel' ,
'ITA' => 'Italy' ,
'JPN' => 'Japan' ,
'KAZ' => 'Kazakhstan' ,
'KGZ' => 'Kyrgyzstan' ,
'KIP' => 'Cyprus' ,
'LAT' => 'Latvia' ,
'LIT' => 'Lithuania' ,
'LUX' => 'Luxembourg' ,
'MAK' => 'Macedonia' ,
'ME' => 'Montenegro' ,
'MEK' => 'Mexico' ,
'MLT' => 'Malta' ,
'MOL' => 'Moldavia' ,
'MON' => 'Monaco' ,
'NID' => 'Netherlands' ,
'NOR' => 'Norway' ,
'PAK' => 'Pakistan' ,
'POL' => 'Poland' ,
'PORT' => 'Portugal' ,
'PR' => 'Puerto Rico' ,
'PS' => 'Palestinian Territory' ,
'RS' => 'Serbia' ,
'RUM' => 'Romania' ,
'RUS' => 'Russian Federation' ,
'SA' => 'Saudi Arabia' ,
'SCH' => 'Serbia' ,
'SGP' => 'Singapore' ,
'SHE' => 'Switzerland' ,
'SKO' => 'South Korea' ,
'SLO' => 'Slovenia' ,
'SLR' => 'Slovak Republic' ,
'SM' => 'San Marino' ,
'SPN' => 'Spain' ,
'SWE' => 'Sweden' ,
'SYR' => 'Syria' ,
'TA' => 'Thailand' ,
'TUR' => 'Turkey' ,
'UAR' => 'South Africa' ,
'UGS' => 'Serbia' ,
'UKR' => 'Ukraine' ,
'unk' => 'Unknown' ,
'USA' => 'United States' ,
'USAFRA' => 'United States' ,
'Uzb' => 'Uzbekistan' ,
'VTN' => 'Vietnam');
mysql_connect('localhost', 'root', 'staSPE8e');
mysql_select_db('vidal');
mysql_query("SET NAMES utf8");
$query = "SELECT pa.ATCCode,m.LatName,n.NozologyCode,Document.DocumentID,"
."Document.RusName,Document.EngName,Document.CompiledComposition,Document.PhInfluence,Document.PhKinetics,"
."Document.Dosage,Document.OverDosage,Document.Interaction,Document.Lactation,Document.SideEffects,"
."Document.StorageCondition,Document.Indication,Document.ContraIndication,Document.SpecialInstruction "
. "FROM Document"
." LEFT JOIN Document_IndicNozology as n ON Document.DocumentID = n.DocumentID"
." LEFT JOIN Molecule_Document as md ON md.DocumentID = Document.DocumentID"
." LEFT JOIN Molecule as m ON m.MoleculeID = md.MoleculeID"
." LEFT JOIN Product_Document as pd ON pd.DocumentID = Document.DocumentID"
." LEFT JOIN Product_ATC as pa ON pd.ProductID = pa.ProductID"
." GROUP BY Document.DocumentID";
$result = mysql_query($query) or die(mysql_error());
while($all = mysql_fetch_array($result)){
// Initialize variables
$app = JFactory::getApplication();
$db = JFactory::getDBO();
$user = JFactory::getUser();
$menu = $app->getMenu()->getActive();
$config = JFactory::getConfig();
$session = JFactory::getSession();
$task = JRequest::getVar('task');
$model = $this->getModel(FLEXI_ITEMVIEW);
$isnew = !$model->getId();
$ctrl_task = FLEXI_J16GE ? 'task=items.' : 'controller=items&task=';
$fc_params = JComponentHelper::getParams( 'com_flexicontent' );
$dolog = $fc_params->get('print_logging_info');
// Get the COMPONENT only parameters
$comp_params = JComponentHelper::getComponent('com_flexicontent')->params;
$params = FLEXI_J16GE ? clone ($comp_params) : new JParameter( $comp_params ); // clone( JComponentHelper::getParams('com_flexicontent') );
// Merge the type parameters
$tparams = $model->getTypeparams();
$tparams = FLEXI_J16GE ? new JRegistry($tparams) : new JParameter($tparams);
$params->merge($tparams);
// Merge the menu parameters
if ($menu) {
$menu_params = FLEXI_J16GE ? $menu->params : new JParameter($menu->params);
$params->merge($menu_params);
}
// Get needed parameters
$submit_redirect_url_fe = $params->get('submit_redirect_url_fe', '');
$allowunauthorize = $params->get('allowunauthorize', 0);
$data = array();
$data['title'] = $all['RusName'];
//content
$data['text'] = $all['CompiledComposition'].$all['PhInfluence'].$all['PhKinetics'].$all['Dosage'].$all['OverDosage'].$all['Interaction'].$all['Lactation'].$all['SideEffects'].$all['StorageCondition'].$all['Indication'].$all['ContraIndication'].$all['SpecialInstruction'];
$data['state'] = 1;
$data['catid'] = 45;
$data['type_id'] = 2;
$data['id'] = 0;
//insert into content
//flexicontent_fields_item_relations
//15 field RusName EngName
//19 field Zabolev
$zab = '';
if($all['NozologyCode']){
$tmp = $all['NozologyCode'];
$zab_cif = substr($tmp,1,2);
$alpha = substr($tmp,0,1);
switch($alpha){
case 'A' : $zab = 'A00–B99'; break;
case 'B' : $zab = 'A00–B99';break;
case 'C' : $zab = 'C00–D48';break;
case 'D' : $zab = $zab_cif <= 48 ? 'C00–D48' : 'D50–D89';break;
case 'E' : $zab = 'E00–E90';break;
case 'F' : $zab = 'F00–F99';break;
case 'G' : $zab = 'G00–G99';break;
case 'H' : $zab = $zab_cif <= 59 ? 'H00–H59' : 'H60–H95';break;
case 'I' : $zab = 'I00–I99';break;
case 'J' : $zab = 'J00–J99';break;
case 'K' : $zab = 'K00–K93';break;
case 'L' : $zab = 'L00–L99';break;
case 'M' : $zab = 'M00–M99';break;
case 'N' : $zab = 'N00–N99';break;
case 'O' : $zab = 'O00–O99';break;
case 'P' : $zab = 'P00–P96'; break;
case 'R' : $zab = 'R00–R99'; break;
case 'S' : $zab = 'S00–T98'; break;
case 'V' : $zab = 'V01–Y98';break;
case 'Z' : $zab = 'Z00–Z99';break;
case 'U' : $zab = 'U00–U99'; break;
default: $zab = '';
}
}
$custom = array();
$custom['zabolevanie'] = $zab;
$custom['field24'] = $all['ATCCode'];
/*$custom['field24_1'] = '';
$custom['field24_2'] = '';
$custom['field24_3'] = '';
$custom['field24_4'] = '';
$custom['field24_5'] = '';*/
$custom['preparat'][0] = addslashes($all['RusName']);
$custom['preparat'][1] = addslashes($all['EngName']);
$custom['field22'][0] = addslashes($all['LatName']);
$query = "SELECT p.DateOfCloseRegistration, p.RegistrationNumber, p.Composition, p.ZipInfo, "
." c.LocalName, c.CountryCode "
. "FROM Product as p"
." JOIN Product_Company as pc ON pc.ProductID = p.ProductID"
." JOIN Company as c ON c.CompanyID = pc.CompanyID"
." JOIN Product_Document d ON d.ProductID = p.ProductID"
." WHERE d.DocumentID = ".$all['DocumentID'];
$result1 = mysql_query($query) or die(mysql_error());
$field_pr = array();
$z = 0;
while($proizv = mysql_fetch_array($result1)){
if(isset($arr_countries[$proizv['CountryCode']])){
$custom['field21'][0]['country'][$z] = addslashes($arr_countries[$proizv['CountryCode']]);
$custom['field21'][0]['naimen'][$z] = addslashes($proizv['LocalName']);//."<br />".$proizv['Composition']);
$custom['field21'][0]['vypusk'][$z] = addslashes($proizv['ZipInfo']);
$custom['field21'][0]['reg'][$z] = addslashes($proizv['RegistrationNumber']);
$custom['field21'][0]['date'][$z] = addslashes($proizv['DateOfCloseRegistration']);
}
$z++;
}
// *********************
// Get data from request
// *********************
if (FLEXI_J16GE) {
// Retrieve form data these are subject to basic filtering
// $data = JRequest::getVar('jform', array(), 'post', 'array'); // Core Fields and and item Parameters
// $custom = JRequest::getVar('custom', array(), 'post', 'array'); // Custom Fields
$jfdata = JRequest::getVar('jfdata', array(), 'post', 'array'); // Joomfish Data
if ( ! @ $data['rules'] ) $data['rules'] = array();
}
else {
// Retrieve form data these are subject to basic filtering
$data = JRequest::get( 'post' ); // Core & Custom Fields and item Parameters
}
// Set data id into model in case not already set ?
$model->setId((int) $data['id']);
// *************************************
// ENFORCE can change category ACL perms
// *************************************
$perms = FlexicontentHelperPerm::getPerm();
// Per content type change category permissions
if (FLEXI_J16GE) {
$current_type_id = ($isnew || !$model->get('type_id')) ? $data['type_id'] : $model->get('type_id'); // GET current (existing/old) item TYPE ID
$CanChangeFeatCat = $user->authorise('flexicontent.change.cat.feat', 'com_flexicontent.type.' . $current_type_id);
$CanChangeSecCat = $user->authorise('flexicontent.change.cat.sec', 'com_flexicontent.type.' . $current_type_id);
$CanChangeCat = $user->authorise('flexicontent.change.cat', 'com_flexicontent.type.' . $current_type_id);
} else {
$CanChangeFeatCat = 1;
$CanChangeSecCat = 1;
$CanChangeCat = 1;
}
$featured_cats_parent = $params->get('featured_cats_parent', 0);
$featured_cats = array();
$enable_featured_cid_selector = $perms->MultiCat && $CanChangeFeatCat;
$enable_cid_selector = $perms->MultiCat && $CanChangeSecCat;
$enable_catid_selector = ($isnew && !$tparams->get('catid_default')) || (!$isnew && !$model->get('catid')) || $CanChangeCat;
// Enforce maintaining featured categories
$featured_cats_parent = $params->get('featured_cats_parent', 0);
$featured_cats = array();
if ( $featured_cats_parent && !$enable_featured_cid_selector )
{
$featured_tree = flexicontent_cats::getCategoriesTree($published_only=1, $parent_id=$featured_cats_parent, $depth_limit=0);
$featured_cid = array();
if (!$isnew) {
foreach($model->get('categories') as $item_cat) if (isset($featured_tree[$item_cat])) $featured_cid[] = $item_cat;
}
$data['featured_cid'] = $featured_cid;
}
// Enforce maintaining secondary categories
if (!$enable_cid_selector) {
if ($isnew) {
$data['cid'] = $tparams->get('cid_default');
} else if ( isset($featured_cid) ) {
$featured_cid_arr = array_flip($featured_cid);
$sec_cid = array();
foreach($model->get('cats') as $item_cat) if (!isset($featured_cid_arr[$item_cat])) $sec_cid[] = $item_cat;
$data['cid'] = $sec_cid;
} else {
$data['cid'] = $model->get('cats');
}
}
if (!$enable_catid_selector) {
if ($isnew && $tparams->get('catid_default'))
$data['catid'] = $tparams->get('catid_default');
else if ($model->get('catid'))
$data['catid'] = $model->get('catid');
}
// **************************
// Basic Form data validation
// **************************
if (FLEXI_J16GE)
{
// *** MANUALLY CHECK CAPTCHA ***
$use_captcha = $params->get('use_captcha', 1); // 1 for guests, 2 for any user
$captcha_formop = $params->get('captcha_formop', 0); // 0 for submit, 1 for submit/edit (aka always)
$is_submitop = ((int) $data['id']) == 0;
$display_captcha = $use_captcha >= 2 || ( $use_captcha == 1 && $user->guest );
$display_captcha = $display_captcha && ( $is_submitop || $captcha_formop); // for submit operation we do not need to check 'captcha_formop' ...
if ($display_captcha)
{
// Try to force the use of recaptcha plugin
JFactory::getConfig()->set('captcha', 'recaptcha');
if ( $app->getCfg('captcha') == 'recaptcha' && JPluginHelper::isEnabled('captcha', 'recaptcha') ) {
JPluginHelper::importPlugin('captcha');
$dispatcher = JDispatcher::getInstance();
$result = $dispatcher->trigger('onCheckAnswer', JRequest::getString('recaptcha_response_field'));
if (!$result[0]) {
$errmsg = JText::_('FLEXI_CAPTCHA_FAILED');
$errmsg .= ' '.JText::_('FLEXI_MUST_REFILL_SOME_FIELDS');
echo "<script>alert('".$errmsg."');";
echo "window.history.back();";
echo "</script>";
jexit();
}
}
}
// Validate Form data for core fields and for parameters
$form = $model->getForm(); // Do not pass any data we only want the form object in order to validate the data and not create a filled-in form
$post = $model->validate($form, $data);
// Check for validation error
if (!$post) {
// Get the validation messages.
$errors = $form->getErrors();
// Push up to three validation messages out to the user.
for ($i = 0, $n = count($errors); $i < $n && $i < 3; $i++) {
if ($errors[$i] instanceof Exception)
$app->enqueueMessage($errors[$i]->getMessage(), 'notice');
else
$app->enqueueMessage($errors[$i], 'notice');
}
// Save the jform data in the session.
$app->setUserState($form->option.'.edit.'.$form->context.'.data', $data);
// Save the custom fields data in the session.
$app->setUserState($form->option.'.edit.'.$form->context.'.custom', $custom);
// Redirect back to the registration form.
$this->setRedirect( $_SERVER['HTTP_REFERER'] );
return false;
//die('error');
}
/*if (!$post) {
//JError::raiseWarning( 500, "Error while validating data: " . $model->getError() );
echo "Error while validating data: " . $model->getError();
echo '<span class="fc_return_msg">'.JText::sprintf('FLEXI_CLICK_HERE_TO_RETURN', '"JavaScript:window.history.back();"').'</span>';
jexit();
}*/
// Some values need to be assigned after validation
$post['attribs'] = @$data['attribs']; // Workaround for item's template parameters being clear by validation since they are not present in item.xml
$post['custom'] = & $custom; // Assign array of custom field values, they are in the 'custom' form array instead of jform
$post['jfdata'] = & $jfdata; // Assign array of Joomfish field values, they are in the 'jfdata' form array instead of jform
// Assign template parameters of the select ilayout as an sub-array (the DB model will handle the merging of parameters)
$ilayout = @ $data['attribs']['ilayout']; // normal not be set if frontend template editing is not shown
if( $ilayout && !empty($data['layouts'][$ilayout]) ) $post['attribs']['layouts'] = $data['layouts'];
//echo "<pre>"; print_r($post['attribs']); exit;
}
else {
$post = $data;
// Some values need to be assigned after validation
$post['text'] = JRequest::getVar( 'text', '', 'post', 'string', JREQUEST_ALLOWRAW ); // Workaround for allowing raw text field
// Assign template parameters of the select ilayout as an sub-array (the DB model will handle the merging of parameters)
$ilayout = @ $post['params']['ilayout']; // normal not be set if frontend template editing is not shown
if( $ilayout && !empty($post['layouts'][$ilayout]) ) $post['params']['layouts'] = $post['layouts'];
//echo "<pre>"; print_r($post['params']); exit;
}
// USEFULL FOR DEBUGING for J2.5 (do not remove commented code)
//$diff_arr = array_diff_assoc ( $data, $post);
//echo "<pre>"; print_r($diff_arr); jexit();
// ********************************************************************************
// PERFORM ACCESS CHECKS, NOTE: we need to check access again, despite having
// checked them on edit form load, because user may have tampered with the form ...
// ********************************************************************************
$type_id = (int) @ $post['type_id']; // Typecast to int, (already done for J2.5 via validating)
if ( !$isnew && $model->get('type_id') == $type_id ) {
// Existing item with Type not being ALTERED, content type can be maintained regardless of privilege
$canCreateType = true;
} else {
// New item or existing item with Type is being ALTERED, check privilege to create items of this type
$canCreateType = $model->canCreateType( array($type_id), true, $types );
}
// ****************************************************************
// Calculate user's privileges on current content item
// ... canPublish IS RECALCULATED after saving, maybe comment out ?
// ****************************************************************
if (!$isnew) {
if (FLEXI_J16GE) {
$asset = 'com_content.article.' . $model->get('id');
$canPublish = $user->authorise('core.edit.state', $asset) || ($user->authorise('core.edit.state.own', $asset) && $model->get('created_by') == $user->get('id'));
$canEdit = $user->authorise('core.edit', $asset) || ($user->authorise('core.edit.own', $asset) && $model->get('created_by') == $user->get('id'));
// ALTERNATIVE 1
//$canEdit = $model->getItemAccess()->get('access-edit'); // includes privileges edit and edit-own
// ALTERNATIVE 2
//$rights = FlexicontentHelperPerm::checkAllItemAccess($user->get('id'), 'item', $model->get('id'));
//$canEdit = in_array('edit', $rights) || (in_array('edit.own', $rights) && $model->get('created_by') == $user->get('id')) ;
} else if ($user->gid >= 25) {
$canPublish = true;
$canEdit = true;
} else if (FLEXI_ACCESS) {
$rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, $model->get('id'), $model->get('catid'));
$canPublish = in_array('publish', $rights) || (in_array('publishown', $rights) && $model->get('created_by') == $user->get('id')) ;
$canEdit = in_array('edit', $rights) || (in_array('editown', $rights) && $model->get('created_by') == $user->get('id')) ;
} else {
$canPublish = $user->authorize('com_content', 'publish', 'content', 'all');
$canEdit = $user->authorize('com_content', 'edit', 'content', 'all') || ($user->authorize('com_content', 'edit', 'content', 'own') && $model->get('created_by') == $user->get('id'));
//$canPublish = ($user->gid >= 21); // At least J1.5 Publisher
//$canEdit = ($user->gid >= 20); // At least J1.5 Editor
}
if ( !$canEdit ) {
// No edit privilege, check if item is editable till logoff
if ($session->has('rendered_uneditable', 'flexicontent')) {
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
$canEdit = isset($rendered_uneditable[$model->get('id')]) && $rendered_uneditable[$model->get('id')];
}
}
} else {
if (FLEXI_J16GE) {
$canAdd = $model->getItemAccess()->get('access-create'); // includes check of creating in at least one category
$not_authorised = !$canAdd;
$canPublish = $user->authorise('core.edit.state', 'com_flexicontent') || $user->authorise('core.edit.state.own', 'com_flexicontent');
} else if ($user->gid >= 25) {
$canAdd = 1;
} else if (FLEXI_ACCESS) {
$canAdd = FAccess::checkUserElementsAccess($user->gmid, 'submit');
$canAdd = @$canAdd['content'] || @$canAdd['category'];
$canPublishAll = FAccess::checkAllContentAccess('com_content','publish','users',$user->gmid,'content','all');
$canPublishOwnAll = FAccess::checkAllContentAccess('com_content','publishown','users',$user->gmid,'content','all');
$canPublish = ($user->gid < 25) ? $canPublishAll || $canPublishOwnAll : 1;
} else {
$canAdd = $user->authorize('com_content', 'add', 'content', 'all');
//$canAdd = ($user->gid >= 19); // At least J1.5 Author
$not_authorised = ! $canAdd;
$canPublish = ($user->gid >= 21);
}
if ( $allowunauthorize ) {
$canAdd = true;
$canCreateType = true;
}
}
// ... we use some strings from administrator part
// load english language file for 'com_flexicontent' component then override with current language file
JFactory::getLanguage()->load('com_flexicontent', JPATH_ADMINISTRATOR, 'en-GB', true);
JFactory::getLanguage()->load('com_flexicontent', JPATH_ADMINISTRATOR, null, true);
// Check for new content
if ( ($isnew && !$canAdd) || (!$isnew && !$canEdit)) {
$msg = JText::_( 'FLEXI_ALERTNOTAUTH' );
if (FLEXI_J16GE) throw new Exception($msg, 403); else JError::raiseError(403, $msg);
}
if ( !$canCreateType ) {
$msg = isset($types[$type_id]) ?
JText::sprintf( 'FLEXI_NO_ACCESS_CREATE_CONTENT_OF_TYPE', JText::_($types[$type_id]->name) ) :
' Content Type '.$type_id.' was not found OR is not published';
if (FLEXI_J16GE) throw new Exception($msg, 403); else JError::raiseError(403, $msg);
return;
}
// Get "BEFORE SAVE" categories for information mail
$before_cats = array();
if ( !$isnew )
{
$query = 'SELECT DISTINCT c.id, c.title FROM #__categories AS c'
. ' JOIN #__flexicontent_cats_item_relations AS rel ON rel.catid = c.id'
. ' WHERE rel.itemid = '.(int) $model->get('id');
$db->setQuery( $query );
$before_cats = $db->loadObjectList('id');
$before_maincat = $model->get('catid');
$original_item = $model->getItem($post['id'], $check_view_access=false, $no_cache=true, $force_version=0);
}
// ****************************************
// Try to store the form data into the item
// ****************************************
if ( ! $model->store($post) )
{
// Set error message about saving failed, and also the reason (=model's error message)
$msg = JText::_( 'FLEXI_ERROR_STORING_ITEM' );
JError::raiseWarning( 500, $msg .": " . $model->getError() );
// Since an error occured, check if (a) the item is new and (b) was not created
if ($isnew && !$model->get('id')) {
$msg = '';
$link = 'index.php?option=com_flexicontent&'.$ctrl_task.'add&id=0&typeid='.$type_id.'&'. (FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken()) .'=1';
$this->setRedirect($link, $msg);
} else {
$msg = '';
$link = 'index.php?option=com_flexicontent&'.$ctrl_task.'edit&id='.$model->get('id').'&'. (FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken()) .'=1';
$this->setRedirect($link, $msg);
}
// Saving has failed check-in and return, (above redirection will be used)
$model->checkin();
return;
}
// **************************************************
// Check in model and get item id in case of new item
// **************************************************
$model->checkin();
$post['id'] = $isnew ? (int) $model->get('id') : $post['id'];
// Get items marked as newly submitted
$newly_submitted = $session->get('newly_submitted', array(), 'flexicontent');
if ($isnew) {
// Mark item as newly submitted, to allow to a proper "THANKS" message after final save & close operation (since user may have clicked add instead of add & close)
$newly_submitted[$model->get('id')] = 1;
$session->set('newly_submitted', $newly_submitted, 'flexicontent');
}
$newly_submitted_item = @ $newly_submitted[$model->get('id')];
// ***********************************************************************************************************
// Get newly saved -latest- version (store task gets latest) of the item, and also calculate publish privelege
// ***********************************************************************************************************
$item = $model->getItem($post['id'], $check_view_access=false, $no_cache=true, $force_version=-1);
$canPublish = $model->canEditState( $item, $check_cat_perm=true );
// ********************************************************************************************
// Use session to detect multiple item saves to avoid sending notification EMAIL multiple times
// ********************************************************************************************
$is_first_save = true;
if ($session->has('saved_fcitems', 'flexicontent')) {
$saved_fcitems = $session->get('saved_fcitems', array(), 'flexicontent');
$is_first_save = $isnew ? true : !isset($saved_fcitems[$model->get('id')]);
}
// Add item to saved items of the corresponding session array
$saved_fcitems[$model->get('id')] = $timestamp = time(); // Current time as seconds since Unix epoc;
$session->set('saved_fcitems', $saved_fcitems, 'flexicontent');
// ********************************************
// Get categories added / removed from the item
// ********************************************
$query = 'SELECT DISTINCT c.id, c.title FROM #__categories AS c'
. ' JOIN #__flexicontent_cats_item_relations AS rel ON rel.catid = c.id'
. ' WHERE rel.itemid = '.(int) $model->get('id');
$db->setQuery( $query );
$after_cats = $db->loadObjectList('id');
if ( !$isnew ) {
$cats_added_ids = array_diff(array_keys($after_cats), array_keys($before_cats));
foreach($cats_added_ids as $cats_added_id) {
$cats_added_titles[] = $after_cats[$cats_added_id]->title;
}
$cats_removed_ids = array_diff(array_keys($before_cats), array_keys($after_cats));
foreach($cats_removed_ids as $cats_removed_id) {
$cats_removed_titles[] = $before_cats[$cats_removed_id]->title;
}
$cats_altered = count($cats_added_ids) + count($cats_removed_ids);
$after_maincat = $model->get('catid');
}
// *******************************************************************************************************************
// We need to get emails to notify, from Global/item's Content Type parameters -AND- from item's categories parameters
// *******************************************************************************************************************
$notify_emails = array();
if ( $is_first_save || $cats_altered || $params->get('nf_enable_debug',0) )
{
// Get needed flags regarding the saved items
$approve_version = 2;
$pending_approval_state = -3;
$draft_state = -4;
$current_version = FLEXIUtilities::getCurrentVersions($item->id, true); // Get current item version
$last_version = FLEXIUtilities::getLastVersions($item->id, true); // Get last version (=latest one saved, highest version id),
// $post variables vstate & state may have been (a) tampered in the form, and/or (b) altered by save procedure so better not use them
$needs_version_reviewal = !$isnew && ($last_version > $current_version) && !$canPublish;
$needs_publication_approval = $isnew && ($item->state == $pending_approval_state) && !$canPublish;
$draft_from_non_publisher = $item->state==$draft_state && !$canPublish;
if ($draft_from_non_publisher) {
// Suppress notifications for draft-state items (new or existing ones), for these each author will publication approval manually via a button
$nConf = false;
} else {
// Get notifications configuration and select appropriate emails for current saving case
$nConf = $model->getNotificationsConf($params); //echo "<pre>"; print_r($nConf); "</pre>";
}
if ($nConf)
{
$states_notify_new = $params->get('states_notify_new', array(1,0,(FLEXI_J16GE ? 2:-1),-3,-4,-5));
if ( empty($states_notify_new) ) $states_notify_new = array();
else if ( ! is_array($states_notify_new) ) $states_notify_new = !FLEXI_J16GE ? array($states_notify_new) : explode("|", $states_notify_new);
$states_notify_existing = $params->get('states_notify_existing', array(1,0,(FLEXI_J16GE ? 2:-1),-3,-4,-5));
if ( empty($states_notify_existing) ) $states_notify_existing = array();
else if ( ! is_array($states_notify_existing) ) $states_notify_existing = !FLEXI_J16GE ? array($states_notify_existing) : explode("|", $states_notify_existing);
$n_state_ok = in_array($item->state, $states_notify_new);
$e_state_ok = in_array($item->state, $states_notify_existing);
if ($needs_publication_approval) $notify_emails = $nConf->emails->notify_new_pending;
else if ($isnew && $n_state_ok) $notify_emails = $nConf->emails->notify_new;
else if ($isnew) $notify_emails = array();
else if ($needs_version_reviewal) $notify_emails = $nConf->emails->notify_existing_reviewal;
else if (!$isnew && $e_state_ok) $notify_emails = $nConf->emails->notify_existing;
else if (!$isnew) $notify_emails = array();
if ($needs_publication_approval) $notify_text = $params->get('text_notify_new_pending');
else if ($isnew) $notify_text = $params->get('text_notify_new');
else if ($needs_version_reviewal) $notify_text = $params->get('text_notify_existing_reviewal');
else if (!$isnew) $notify_text = $params->get('text_notify_existing');
//print_r($notify_emails); jexit();
}
}
// *********************************************************************************************************************
// If there are emails to notify for current saving case, then send the notifications emails, but
// *********************************************************************************************************************
if ( !empty($notify_emails) && count($notify_emails) ) {
$notify_vars = new stdClass();
$notify_vars->needs_version_reviewal = $needs_version_reviewal;
$notify_vars->needs_publication_approval = $needs_publication_approval;
$notify_vars->isnew = $isnew;
$notify_vars->notify_emails = $notify_emails;
$notify_vars->notify_text = $notify_text;
$notify_vars->before_cats = $before_cats;
$notify_vars->after_cats = $after_cats;
$notify_vars->original_item = @ $original_item;
$model->sendNotificationEmails($notify_vars, $params, $manual_approval_request=0);
}
// ***************************************************
// CLEAN THE CACHE so that our changes appear realtime
// ***************************************************
if (FLEXI_J16GE) {
$cache = FLEXIUtilities::getCache($group='', 0);
$cache->clean('com_flexicontent_items');
$cache->clean('com_flexicontent_filters');
$cache = FLEXIUtilities::getCache($group='', 1);
$cache->clean('com_flexicontent_items');
$cache->clean('com_flexicontent_filters');
} else {
$itemcache = JFactory::getCache('com_flexicontent_items');
$itemcache->clean();
$filtercache = JFactory::getCache('com_flexicontent_filters');
$filtercache->clean();
}
// ****************************************************************************************************************************
// Recalculate EDIT PRIVILEGE of new item. Reason for needing to do this is because we can have create permission in a category
// and thus being able to set this category as item's main category, but then have no edit/editown permission for this category
// ****************************************************************************************************************************
if (FLEXI_J16GE) {
$asset = 'com_content.article.' . $model->get('id');
$canEdit = $user->authorise('core.edit', $asset) || ($user->authorise('core.edit.own', $asset) && $model->get('created_by') == $user->get('id'));
// ALTERNATIVE 1
//$canEdit = $model->getItemAccess()->get('access-edit'); // includes privileges edit and edit-own
// ALTERNATIVE 2
//$rights = FlexicontentHelperPerm::checkAllItemAccess($user->get('id'), 'item', $model->get('id'));
//$canEdit = in_array('edit', $rights) || (in_array('edit.own', $rights) && $model->get('created_by') == $user->get('id')) ;
} else if (FLEXI_ACCESS && $user->gid < 25) {
$rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, $model->get('id'), $model->get('catid'));
$canEdit = in_array('edit', $rights) || (in_array('editown', $rights) && $model->get('created_by') == $user->get('id')) ;
} else {
// This is meaningful when executed in frontend, since all backend users (managers and above) can edit items
$canEdit = $user->authorize('com_content', 'edit', 'content', 'all') || ($user->authorize('com_content', 'edit', 'content', 'own') && $model->get('created_by') == $user->get('id'));
}
// *******************************************************************************************************
// Check if user can not edit item further (due to changed main category, without edit/editown permission)
// *******************************************************************************************************
if (!$canEdit)
{
if ($task=='apply') {
// APPLY TASK: Temporarily set item to be editable till closing it
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
$rendered_uneditable[$model->get('id')] = 1;
$session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent');
$canEdit = 1;
}
else if ( $newly_submitted_item ) {
// NEW ITEM: Do not use editable till logoff behaviour
// ALSO: Clear editable FLAG set in the case that 'apply' button was used during new item creation
if ( !$params->get('items_session_editable', 0) ) {
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
if ( isset($rendered_uneditable[$model->get('id')]) ) {
unset( $rendered_uneditable[$model->get('id')] );
$session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent');
}
}
}
else {
// EXISTING ITEM: (if enabled) Use the editable till logoff behaviour
if ( $params->get('items_session_editable', 0) ) {
// Set notice for existing item being editable till logoff
JError::raiseNotice( 403, JText::_( 'FLEXI_CANNOT_EDIT_AFTER_LOGOFF' ) );
// Allow item to be editable till logoff
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
$rendered_uneditable[$model->get('id')] = 1;
$session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent');
$canEdit = 1;
}
}
// Set notice about saving an item that cannot be changed further
if ( !$canEdit ) {
$app->enqueueMessage(JText::_( 'FLEXI_CANNOT_MAKE_FURTHER_CHANGES_TO_CONTENT' ), 'message' );
}
}
// ****************************************************************
// Check for new Content Item is being closed, and clear some flags
// ****************************************************************
if ($task!='apply' && $newly_submitted_item )
{
// Clear item from being marked as newly submitted
unset($newly_submitted[$model->get('id')]);
$session->set('newly_submitted', $newly_submitted, 'flexicontent');
// The 'apply' task may set 'editable till logoff' FLAG ...
// CLEAR IT, since NEW content this is meant to be used temporarily
if ( !$params->get('items_session_editable', 0) ) {
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
if ( isset($rendered_uneditable[$model->get('id')]) ) {
unset( $rendered_uneditable[$model->get('id')] );
$session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent');
}
}
}
}
//$this->setRedirect($link, $msg);
}
/**
* Creates the item submit form
*
* @since 1.0
*/
function _displayForm($tpl)
{
jimport('joomla.html.parameter');
// ... we use some strings from administrator part
// load english language file for 'com_content' component then override with current language file
JFactory::getLanguage()->load('com_content', JPATH_ADMINISTRATOR, 'en-GB', true);
JFactory::getLanguage()->load('com_content', JPATH_ADMINISTRATOR, null, true);
// load english language file for 'com_flexicontent' component then override with current language file
JFactory::getLanguage()->load('com_flexicontent', JPATH_ADMINISTRATOR, 'en-GB', true);
JFactory::getLanguage()->load('com_flexicontent', JPATH_ADMINISTRATOR, null, true);
// ********************************
// Initialize variables, flags, etc
// ********************************
$app = JFactory::getApplication();
$dispatcher = JDispatcher::getInstance();
$document = JFactory::getDocument();
$session = JFactory::getSession();
$user = JFactory::getUser();
$db = JFactory::getDBO();
$uri = JFactory::getURI();
$nullDate = $db->getNullDate();
$menu = $app->getMenu()->getActive();
// Get the COMPONENT only parameters, then merge the menu parameters
$comp_params = JComponentHelper::getComponent('com_flexicontent')->params;
$params = FLEXI_J16GE ? clone $comp_params : new JParameter($comp_params);
// clone( JComponentHelper::getParams('com_flexicontent') );
if ($menu) {
$menu_params = FLEXI_J16GE ? $menu->params : new JParameter($menu->params);
$params->merge($menu_params);
}
// Some flags
$enable_translation_groups = $params->get("enable_translation_groups") && (FLEXI_J16GE || FLEXI_FISH);
$print_logging_info = $params->get('print_logging_info');
if ($print_logging_info) {
global $fc_run_times;
}
// *****************
// Load JS/CSS files
// *****************
FLEXI_J30GE ? JHtml::_('behavior.framework', true) : JHTML::_('behavior.mootools');
flexicontent_html::loadFramework('jQuery');
flexicontent_html::loadFramework('select2');
// Load custom behaviours: form validation, popup tooltips
//JHTML::_('behavior.formvalidation');
JHTML::_('behavior.tooltip');
if (FLEXI_J30GE) {
JHtml::_('bootstrap.tooltip');
}
//JHTML::_('script', 'joomla.javascript.js', 'includes/js/');
// Add css files to the document <head> section (also load CSS joomla template override)
$document->addStyleSheet(JURI::base(true) . '/components/com_flexicontent/assets/css/flexicontent.css');
if (file_exists(JPATH_SITE . DS . 'templates' . DS . $app->getTemplate() . DS . 'css' . DS . 'flexicontent.css')) {
$document->addStyleSheet(JPATH_SITE . DS . 'templates' . DS . $app->getTemplate() . DS . 'css' . DS . 'flexicontent.css');
}
if (!FLEXI_J16GE) {
$document->addStyleSheet($this->baseurl . '/administrator/templates/khepri/css/general.css');
}
//$document->addCustomTag('<!--[if IE]><style type="text/css">.floattext{zoom:1;}, * html #flexicontent dd { height: 1%; }</style><![endif]-->');
// Load backend / frontend shared and Joomla version specific CSS (different for frontend / backend)
$document->addStyleSheet(JURI::base(true) . '/components/com_flexicontent/assets/css/flexi_shared.css');
// NOTE: this is imported by main Frontend CSS file
if (FLEXI_J30GE) {
$document->addStyleSheet(JURI::base(true) . '/components/com_flexicontent/assets/css/j3x.css');
} else {
if (FLEXI_J16GE) {
$document->addStyleSheet(JURI::base(true) . '/components/com_flexicontent/assets/css/j25.css');
} else {
$document->addStyleSheet(JURI::base(true) . '/components/com_flexicontent/assets/css/j15.css');
}
}
// Add js function to overload the joomla submitform
$document->addScript(JURI::base(true) . '/components/com_flexicontent/assets/js/admin.js');
$document->addScript(JURI::base(true) . '/components/com_flexicontent/assets/js/validate.js');
// Add js function for custom code used by FLEXIcontent item form
$document->addScript(JURI::base(true) . '/components/com_flexicontent/assets/js/itemscreen.js');
// ***********************************************
// Get item and create form (that loads item data)
// ***********************************************
if ($print_logging_info) {
$start_microtime = microtime(true);
}
$model = $this->getModel();
// ** WE NEED TO get OR decide the Content Type, before we call the getItem
// ** We rely on typeid Request variable to decide type for new items so make sure this is set,
// ZERO means allow user to select type, but if user is only allowed a single type, then autoselect it!
if ($menu && isset($menu->query['typeid'])) {
JRequest::setVar('typeid', (int) $menu->query['typeid']);
// This also forces zero if value not set
}
$new_typeid = JRequest::getVar('typeid', 0, '', 'int');
if (!$new_typeid) {
$types = $model->getTypeslist($type_ids_arr = false, $check_perms = true);
if ($types && count($types) == 1) {
$new_typeid = $types[0]->id;
}
JRequest::setVar('typeid', $new_typeid);
$canCreateType = true;
}
$item = $this->get('Item');
if (FLEXI_J16GE) {
$form = $this->get('Form');
}
if ($print_logging_info) {
$fc_run_times['get_item_data'] = round(1000000 * 10 * (microtime(true) - $start_microtime)) / 10;
}
// *********************************************************************************************************
// Get language stuff, and also load Template-Specific language file to override or add new language strings
// *********************************************************************************************************
if ($enable_translation_groups) {
$langAssocs = $this->get('LangAssocs');
}
if (FLEXI_FISH || FLEXI_J16GE) {
$langs = FLEXIUtilities::getLanguages('code');
}
if (FLEXI_FISH || FLEXI_J16GE) {
FLEXIUtilities::loadTemplateLanguageFile($item->parameters->get('ilayout', 'default'));
}
// ****************************************************************************************
// CHECK EDIT / CREATE PERMISSIONS (this is duplicate since it also done at the controller)
// ****************************************************************************************
// new item and ownership variables
$isnew = !$item->id;
$isOwner = $item->created_by == $user->get('id');
// create and set (into HTTP request) a unique item id for plugins that needed it
JRequest::setVar('unique_tmp_itemid', $item->id ? $item->id : date('_Y_m_d_h_i_s_', time()) . uniqid(true));
// Component / Menu Item parameters
$allowunauthorize = $params->get('allowunauthorize', 0);
// allow unauthorised user to submit new content
$unauthorized_page = $params->get('unauthorized_page', '');
// page URL for unauthorized users (via global configuration)
$notauth_itemid = $params->get('notauthurl', '');
// menu itemid (to redirect) when user is not authorized to create content
// Create captcha field or messages
if (FLEXI_J16GE) {
$use_captcha = $params->get('use_captcha', 1);
// 1 for guests, 2 for any user
$captcha_formop = $params->get('captcha_formop', 0);
// 0 for submit, 1 for submit/edit (aka always)
$display_captcha = $use_captcha >= 2 || $use_captcha == 1 && $user->guest;
$display_captcha = $display_captcha && ($isnew || $captcha_formop);
// Force using recaptcha
if ($display_captcha) {
// Try to force the use of recaptcha plugin
JFactory::getConfig()->set('captcha', 'recaptcha');
if (!$app->getCfg('captcha')) {
$captcha_errmsg = '-- Please select <b>CAPTCHA Type</b> at global Joomla parameters';
} else {
if ($app->getCfg('captcha') != 'recaptcha') {
$captcha_errmsg = '-- Captcha Type: <b>' . $app->getCfg('captcha') . '</b> not supported';
} else {
if (!JPluginHelper::isEnabled('captcha', 'recaptcha')) {
$captcha_errmsg = '-- Please enable & configure the Joomla <b>ReCaptcha Plugin</b>';
} else {
$captcha_errmsg = '';
JPluginHelper::importPlugin('captcha');
$dispatcher->trigger('onInit', 'dynamic_recaptcha_1');
$field_description = JText::_('FLEXI_CAPTCHA_ENTER_CODE_DESC');
$label_tooltip = 'class="hasTip flexi_label" title="' . '::' . htmlspecialchars($field_description, ENT_COMPAT, 'UTF-8') . '"';
$captcha_field = '
<label id="recaptcha_response_field-lbl" for="recaptcha_response_field" ' . $label_tooltip . ' >
' . JText::_('FLEXI_CAPTCHA_ENTER_CODE') . '
</label>
<div class="container_fcfield container_fcfield_name_captcha">
<div id="dynamic_recaptcha_1"></div>
</div>
';
}
}
}
}
}
// User Group / Author parameters
$db->setQuery('SELECT author_basicparams FROM #__flexicontent_authors_ext WHERE user_id = ' . $user->id);
$authorparams = $db->loadResult();
$authorparams = FLEXI_J16GE ? new JRegistry($authorparams) : new JParameter($authorparams);
$max_auth_limit = $authorparams->get('max_auth_limit', 0);
// maximum number of content items the user can create
if (!$isnew) {
// EDIT action
// Finally check if item is currently being checked-out (currently being edited)
if ($model->isCheckedOut($user->get('id'))) {
$msg = JText::sprintf('FLEXI_DESCBEINGEDITTED', $model->get('title'));
$app->redirect(JRoute::_('index.php?view=' . FLEXI_ITEMVIEW . '&cid=' . $model->get('catid') . '&id=' . $model->get('id'), false), $msg);
}
//Checkout the item
$model->checkout();
if (FLEXI_J16GE) {
$canEdit = $model->getItemAccess()->get('access-edit');
// includes privileges edit and edit-own
// ALTERNATIVE 1
//$asset = 'com_content.article.' . $model->get('id');
//$canEdit = $user->authorise('core.edit', $asset) || ($user->authorise('core.edit.own', $asset) && $model->get('created_by') == $user->get('id'));
// ALTERNATIVE 2
//$rights = FlexicontentHelperPerm::checkAllItemAccess($user->get('id'), 'item', $model->get('id'));
//$canEdit = in_array('edit', $rights) || (in_array('edit.own', $rights) && $model->get('created_by') == $user->get('id')) ;
} else {
if ($user->gid >= 25) {
$canEdit = true;
} else {
if (FLEXI_ACCESS) {
$rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, $model->get('id'), $model->get('catid'));
$canEdit = in_array('edit', $rights) || in_array('editown', $rights) && $model->get('created_by') == $user->get('id');
} else {
$canEdit = $user->authorize('com_content', 'edit', 'content', 'all') || $user->authorize('com_content', 'edit', 'content', 'own') && $model->get('created_by') == $user->get('id');
//$canEdit = ($user->gid >= 20); // At least J1.5 Editor
}
}
}
if (!$canEdit) {
// No edit privilege, check if item is editable till logoff
if ($session->has('rendered_uneditable', 'flexicontent')) {
$rendered_uneditable = $session->get('rendered_uneditable', array(), 'flexicontent');
$canEdit = isset($rendered_uneditable[$model->get('id')]) && $rendered_uneditable[$model->get('id')];
}
}
if (!$canEdit) {
if ($user->guest) {
$uri = JFactory::getURI();
$return = $uri->toString();
$fcreturn = serialize(array('id' => @$this->_item->id, 'cid' => $cid));
// a special url parameter, used by some SEF code
$com_users = FLEXI_J16GE ? 'com_users' : 'com_user';
$url = $params->get('login_page', 'index.php?option=' . $com_users . '&view=login');
$return = strtr(base64_encode($return), '+/=', '-_,');
$url .= '&return=' . $return;
//$url .= '&return='.urlencode(base64_encode($return));
$url .= '&fcreturn=' . base64_encode($fcreturn);
JError::raiseWarning(403, JText::sprintf("FLEXI_LOGIN_TO_ACCESS", $url));
$app->redirect($url);
} else {
if ($unauthorized_page) {
// unauthorized page via global configuration
JError::raiseNotice(403, JText::_('FLEXI_ALERTNOTAUTH_TASK'));
$app->redirect($unauthorized_page);
} else {
// user isn't authorize to edit this content
$msg = JText::_('FLEXI_ALERTNOTAUTH_TASK');
if (FLEXI_J16GE) {
throw new Exception($msg, 403);
} else {
JError::raiseError(403, $msg);
}
}
}
}
} else {
// CREATE action
if (FLEXI_J16GE) {
$canAdd = $model->getItemAccess()->get('access-create');
// includes check of creating in at least one category
$not_authorised = !$canAdd;
} else {
if ($user->gid >= 25) {
$not_authorised = 0;
} else {
if (FLEXI_ACCESS) {
$canAdd = FAccess::checkUserElementsAccess($user->gmid, 'submit');
$not_authorised = !(@$canAdd['content'] || @$canAdd['category']);
} else {
$canAdd = $user->authorize('com_content', 'add', 'content', 'all');
//$canAdd = ($user->gid >= 19); // At least J1.5 Author
$not_authorised = !$canAdd;
}
}
}
// Check if Content Type can be created by current user
if (empty($canCreateType)) {
if ($new_typeid) {
$canCreateType = $model->canCreateType(array($new_typeid));
// Can create given Content Type
} else {
$canCreateType = $model->canCreateType();
// Can create at least one Content Type
}
}
$not_authorised = $not_authorised || !$canCreateType;
// Allow item submission by unauthorized users, ... even guests ...
if ($allowunauthorize == 2) {
$allowunauthorize = !$user->guest;
}
if ($not_authorised && !$allowunauthorize) {
if (!$canCreateType) {
$type_name = isset($types[$new_typeid]) ? '"' . JText::_($types[$new_typeid]->name) . '"' : JText::_('FLEXI_ANY');
$msg = JText::sprintf('FLEXI_NO_ACCESS_CREATE_CONTENT_OF_TYPE', $type_name);
} else {
$msg = JText::_('FLEXI_ALERTNOTAUTH_CREATE');
}
} else {
if ($max_auth_limit) {
$db->setQuery('SELECT COUNT(id) FROM #__content WHERE created_by = ' . $user->id);
$authored_count = $db->loadResult();
$content_is_limited = $authored_count >= $max_auth_limit;
$msg = $content_is_limited ? JText::sprintf('FLEXI_ALERTNOTAUTH_CREATE_MORE', $max_auth_limit) : '';
}
}
if ($not_authorised && !$allowunauthorize || @$content_is_limited) {
// User isn't authorize to add ANY content
if ($notauth_menu = $app->getMenu()->getItem($notauth_itemid)) {
// a. custom unauthorized submission page via menu item
$internal_link_vars = @$notauth_menu->component ? '&Itemid=' . $notauth_itemid . '&option=' . $notauth_menu->component : '';
$notauthurl = JRoute::_($notauth_menu->link . $internal_link_vars, false);
JError::raiseNotice(403, $msg);
$app->redirect($notauthurl);
} else {
if ($unauthorized_page) {
// b. General unauthorized page via global configuration
JError::raiseNotice(403, $msg);
$app->redirect($unauthorized_page);
} else {
// c. Finally fallback to raising a 403 Exception/Error that will redirect to site's default 403 unauthorized page
if (FLEXI_J16GE) {
throw new Exception($msg, 403);
} else {
JError::raiseError(403, $msg);
}
}
}
}
}
// *********************************************
// Get more variables to push into the FORM view
// *********************************************
// Get available types and the currently selected/requested type
$types = $model->getTypeslist();
$typesselected = $model->getTypesselected();
// Create the type parameters
$tparams = $this->get('Typeparams');
$tparams = FLEXI_J16GE ? new JRegistry($tparams) : new JParameter($tparams);
// Merge item parameters, or type/menu parameters for new item
if ($isnew) {
if ($new_typeid) {
$params->merge($tparams);
}
// Apply type configuration if it type is set
if ($menu) {
$params->merge($menu_params);
}
// Apply menu configuration if it menu is set, to override type configuration
} else {
$params = $item->parameters;
}
// Check if saving an item that translates an original content in site's default language
$is_content_default_lang = substr(flexicontent_html::getSiteDefaultLang(), 0, 2) == substr($item->language, 0, 2);
$modify_untraslatable_values = $enable_translation_groups && !$is_content_default_lang && $item->lang_parent_id && $item->lang_parent_id != $item->id;
// *****************************************************************************
// Get (CORE & CUSTOM) fields and their VERSIONED values and then
// (a) Apply Content Type Customization to CORE fields (label, description, etc)
// (b) Create the edit html of the CUSTOM fields by triggering 'onDisplayField'
// *****************************************************************************
if ($print_logging_info) {
$start_microtime = microtime(true);
}
$fields = $this->get('Extrafields');
if ($print_logging_info) {
$fc_run_times['get_field_vals'] = round(1000000 * 10 * (microtime(true) - $start_microtime)) / 10;
}
if ($print_logging_info) {
$start_microtime = microtime(true);
}
foreach ($fields as $field) {
// a. Apply CONTENT TYPE customizations to CORE FIELDS, e.g a type specific label & description
// NOTE: the field parameters are already created so there is not need to call this for CUSTOM fields, which do not have CONTENT TYPE customizations
if ($field->iscore) {
FlexicontentFields::loadFieldConfig($field, $item);
}
// b. Create field 's editing HTML (the form field)
// NOTE: this is DONE only for CUSTOM fields, since form field html is created by the form for all CORE fields, EXCEPTION is the 'text' field (see bellow)
if (!$field->iscore) {
if (FLEXI_J16GE) {
$is_editable = !$field->valueseditable || $user->authorise('flexicontent.editfieldvalues', 'com_flexicontent.field.' . $field->id);
} else {
if (FLEXI_ACCESS && $user->gid < 25) {
$is_editable = !$field->valueseditable || FAccess::checkAllContentAccess('com_content', 'submit', 'users', $user->gmid, 'field', $field->id);
} else {
$is_editable = 1;
}
}
if (!$is_editable) {
$field->html = '<div class="fc-mssg fc-warning">' . JText::_('FLEXI_NO_ACCESS_LEVEL_TO_EDIT_FIELD') . '</div>';
} else {
if ($modify_untraslatable_values && $field->untranslatable) {
$field->html = '<div class="fc-mssg fc-note">' . JText::_('FLEXI_FIELD_VALUE_IS_UNTRANSLATABLE') . '</div>';
} else {
FLEXIUtilities::call_FC_Field_Func($field->field_type, 'onDisplayField', array(&$field, &$item));
}
}
}
// c. Create main text field, via calling the display function of the textarea field (will also check for tabs)
if ($field->field_type == 'maintext') {
if (isset($item->item_translations)) {
$shortcode = substr($item->language, 0, 2);
foreach ($item->item_translations as $lang_id => $t) {
if ($shortcode == $t->shortcode) {
continue;
}
$field->name = array('jfdata', $t->shortcode, 'text');
$field->value[0] = html_entity_decode($t->fields->text->value, ENT_QUOTES, 'UTF-8');
FLEXIUtilities::call_FC_Field_Func('textarea', 'onDisplayField', array(&$field, &$item));
$t->fields->text->tab_labels = $field->tab_labels;
$t->fields->text->html = $field->html;
unset($field->tab_labels);
unset($field->html);
}
}
$field->name = 'text';
// NOTE: We use the text created by the model and not the text retrieved by the CORE plugin code, which maybe overwritten with JoomFish/Falang data
$field->value[0] = $item->text;
// do not decode special characters this was handled during saving !
// Render the field's (form) HTML
FLEXIUtilities::call_FC_Field_Func('textarea', 'onDisplayField', array(&$field, &$item));
}
}
if ($print_logging_info) {
$fc_run_times['render_field_html'] = round(1000000 * 10 * (microtime(true) - $start_microtime)) / 10;
}
// Tags used by the item
$usedtagsids = $this->get('UsedtagsIds');
// NOTE: This will normally return the already set versioned value of tags ($item->tags)
//$usedtagsIds = $isnew ? array() : $fields['tags']->value;
$usedtagsdata = $model->getUsedtagsData($usedtagsids);
//echo "<br/>usedtagsIds: "; print_r($usedtagsids);
//echo "<br/>usedtags (data): "; print_r($usedtagsdata);
// Compatibility for old overriden templates ...
if (!FLEXI_J16GE) {
$tags = $this->get('Alltags');
$usedtags = $this->get('UsedtagsIds');
}
// Load permissions (used by form template)
$perms = $this->_getItemPerms($item, $typesselected);
// Get the edit lists
$lists = $this->_buildEditLists($perms, $params, $authorparams, $typesselected, $tparams);
// Get number of subscribers
$subscribers = $this->get('SubscribersCount');
// Get menu overridden categories/main category fields
$menuCats = $this->_getMenuCats($item, $perms, $params);
// Create submit configuration (for new items) into the session
$submitConf = $this->_createSubmitConf($item, $perms, $params);
// Create placement configuration for CORE properties
$placementConf = $this->_createPlacementConf($fields, $params, $item);
// Item language related vars
if (FLEXI_FISH || FLEXI_J16GE) {
$languages = FLEXIUtilities::getLanguages();
$itemlang = new stdClass();
$itemlang->shortcode = substr($item->language, 0, 2);
$itemlang->name = $languages->{$item->language}->name;
$itemlang->image = '<img src="' . @$languages->{$item->language}->imgsrc . '" alt="' . $languages->{$item->language}->name . '" />';
}
//Load the JEditor object
$editor = JFactory::getEditor();
// **********************************************************
// Calculate a (browser window) page title and a page heading
// **********************************************************
// Verify menu item points to current FLEXIcontent object
if ($menu) {
$menu_matches = false;
$view_ok = FLEXI_ITEMVIEW == @$menu->query['view'] || 'article' == @$menu->query['view'];
$menu_matches = $view_ok;
//$menu_params = FLEXI_J16GE ? $menu->params : new JParameter($menu->params); // Get active menu item parameters
} else {
$menu_matches = false;
}
// MENU ITEM matched, use its page heading (but use menu title if the former is not set)
if ($menu_matches) {
$default_heading = FLEXI_J16GE ? $menu->title : $menu->name;
// Cross set (show_) page_heading / page_title for compatibility of J2.5+ with J1.5 template (and for J1.5 with J2.5 template)
$params->def('page_heading', $params->get('page_title', $default_heading));
$params->def('page_title', $params->get('page_heading', $default_heading));
$params->def('show_page_heading', $params->get('show_page_title', 0));
$params->def('show_page_title', $params->get('show_page_heading', 0));
} else {
// Calculate default page heading (=called page title in J1.5), which in turn will be document title below !! ...
$default_heading = !$isnew ? JText::_('FLEXI_EDIT') : JText::_('FLEXI_NEW');
// Decide to show page heading (=J1.5 page title), there is no need for this in item view
$show_default_heading = 0;
// Set both (show_) page_heading / page_title for compatibility of J2.5+ with J1.5 template (and for J1.5 with J2.5 template)
$params->set('page_title', $default_heading);
$params->set('page_heading', $default_heading);
$params->set('show_page_heading', $show_default_heading);
$params->set('show_page_title', $show_default_heading);
}
// ************************************************************
// Create the document title, by from page title and other data
// ************************************************************
// Use the page heading as document title, (already calculated above via 'appropriate' logic ...)
$doc_title = $params->get('page_title');
// Check and prepend or append site name
if (FLEXI_J16GE) {
// Not available in J1.5
// Add Site Name to page title
if ($app->getCfg('sitename_pagetitles', 0) == 1) {
$doc_title = $app->getCfg('sitename') . " - " . $doc_title;
} elseif ($app->getCfg('sitename_pagetitles', 0) == 2) {
$doc_title = $doc_title . " - " . $app->getCfg('sitename');
}
}
// Finally, set document title
$document->setTitle($doc_title);
// Add title to pathway
$pathway = $app->getPathWay();
$pathway->addItem($doc_title, '');
// Get pageclass suffix
$pageclass_sfx = htmlspecialchars($params->get('pageclass_sfx'));
// Ensure the row data is safe html
// @TODO: check if this is really required as it conflicts with the escape function in the tmpl
//JFilterOutput::objectHTMLSafe( $item );
$this->assign('action', $uri->toString());
$this->assignRef('item', $item);
if (FLEXI_J16GE) {
// most core field are created via calling methods of the form (J2.5)
$this->assignRef('form', $form);
}
if ($enable_translation_groups) {
$this->assignRef('lang_assocs', $langAssocs);
}
if (FLEXI_FISH || FLEXI_J16GE) {
$this->assignRef('langs', $langs);
}
$this->assignRef('params', $params);
$this->assignRef('lists', $lists);
$this->assignRef('subscribers', $subscribers);
$this->assignRef('editor', $editor);
$this->assignRef('user', $user);
if (!FLEXI_J16GE) {
// compatibility old templates
$this->assignRef('tags', $tags);
$this->assignRef('usedtags', $usedtags);
}
$this->assignRef('usedtagsdata', $usedtagsdata);
$this->assignRef('fields', $fields);
$this->assignRef('tparams', $tparams);
$this->assignRef('perms', $perms);
$this->assignRef('document', $document);
$this->assignRef('nullDate', $nullDate);
$this->assignRef('menuCats', $menuCats);
$this->assignRef('submitConf', $submitConf);
$this->assignRef('placementConf', $placementConf);
$this->assignRef('itemlang', $itemlang);
$this->assignRef('pageclass_sfx', $pageclass_sfx);
$this->assign('captcha_errmsg', @$captcha_errmsg);
$this->assign('captcha_field', @$captcha_field);
// **************************************************************************************
// Load a different template file for parameters depending on whether we use FLEXI_ACCESS
// **************************************************************************************
if (!FLEXI_J16GE) {
if (FLEXI_ACCESS) {
$formparams = new JParameter('', JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_flexicontent' . DS . 'models' . DS . 'item2.xml');
} else {
$formparams = new JParameter('', JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_flexicontent' . DS . 'models' . DS . 'item.xml');
}
}
// ****************************************************************
// SET INTO THE FORM, parameter values for various parameter groups
// ****************************************************************
if (!FLEXI_J16GE) {
// Permissions (Access) Group
if (!FLEXI_ACCESS) {
$formparams->set('access', $item->access);
}
// Set: (Publication) Details Group
$created_by = intval($item->created_by) ? intval($item->created_by) : $user->get('id');
$formparams->set('created_by', $created_by);
$formparams->set('created_by_alias', $item->created_by_alias);
$formparams->set('created', JHTML::_('date', $item->created, '%Y-%m-%d %H:%M:%S'));
$formparams->set('publish_up', JHTML::_('date', $item->publish_up, '%Y-%m-%d %H:%M:%S'));
if (JHTML::_('date', $item->publish_down, '%Y') <= 1969 || $item->publish_down == $nullDate || empty($item->publish_down)) {
$formparams->set('publish_down', JText::_('FLEXI_NEVER'));
} else {
$formparams->set('publish_down', JHTML::_('date', $item->publish_down, '%Y-%m-%d %H:%M:%S'));
}
// Set: Attributes (parameters) Group, (these are retrieved from the item table column 'attribs')
// (also contains templates parameters, but we will use these individual for every template ... see below)
$formparams->loadINI($item->attribs);
//echo "<pre>"; print_r($formparams->_xml['themes']->_children[0]); echo "<pre>"; print_r($formparams->_xml['themes']->param[0]); exit;
foreach ($formparams->_xml['themes']->_children as $i => $child) {
if (isset($child->_attributes['enableparam']) && !$params->get($child->_attributes['enableparam'])) {
unset($formparams->_xml['themes']->_children[$i]);
unset($formparams->_xml['themes']->param[$i]);
}
}
// Set: Metadata (parameters) Group
// NOTE: (2 params from 2 item table columns, and then multiple params from item table column 'metadata')
$formparams->set('description', $item->metadesc);
$formparams->set('keywords', $item->metakey);
if (!empty($item->metadata)) {
$formparams->loadINI($item->metadata->toString());
}
// Now create the sliders object,
// And also push the Form Parameters object into the template (Template Parameters object is seperate)
jimport('joomla.html.pane');
$pane = JPane::getInstance('Sliders');
//$tabs_pane = JPane::getInstance('Tabs');
$this->assignRef('pane', $pane);
//$this->assignRef('tabs_pane' , $tabs_pane);
$this->assignRef('formparams', $formparams);
} else {
if (JHTML::_('date', $item->publish_down, 'Y') <= 1969 || $item->publish_down == $nullDate) {
$item->publish_down = JText::_('FLEXI_NEVER');
}
}
// ****************************
// Handle Template related work
// ****************************
// (a) Get the templates structures used to create form fields for template parameters
$themes = flexicontent_tmpl::getTemplates();
$tmpls_all = $themes->items;
// (b) Get Content Type allowed templates
$allowed_tmpls = $tparams->get('allowed_ilayouts');
$type_default_layout = $tparams->get('ilayout', 'default');
if (empty($allowed_tmpls)) {
$allowed_tmpls = array();
} else {
if (!is_array($allowed_tmpls)) {
$allowed_tmpls = !FLEXI_J16GE ? array($allowed_tmpls) : explode("|", $allowed_tmpls);
}
}
// (c) Add default layout, unless all templates allowed (=array is empty)
if (count($allowed_tmpls) && !in_array($type_default_layout, $allowed_tmpls)) {
$allowed_tmpls[] = $type_default_layout;
}
// (d) Create array of template data according to the allowed templates for current content type
if (count($allowed_tmpls)) {
foreach ($tmpls_all as $tmpl) {
if (in_array($tmpl->name, $allowed_tmpls)) {
$tmpls[] = $tmpl;
}
}
} else {
$tmpls = $tmpls_all;
}
// (e) Apply Template Parameters values into the form fields structures
foreach ($tmpls as $tmpl) {
if (FLEXI_J16GE) {
$jform = new JForm('com_flexicontent.template.item', array('control' => 'jform', 'load_data' => true));
$jform->load($tmpl->params);
$tmpl->params = $jform;
foreach ($tmpl->params->getGroup('attribs') as $field) {
$fieldname = $field->__get('fieldname');
$value = $item->itemparams->get($fieldname);
if (strlen($value)) {
$tmpl->params->setValue($fieldname, 'attribs', $value);
}
}
} else {
$tmpl->params->loadINI($item->attribs);
}
}
$this->assignRef('tmpls', $tmpls);
if ($print_logging_info) {
$start_microtime = microtime(true);
}
parent::display($tpl);
if ($print_logging_info) {
$fc_run_times['form_rendering'] = round(1000000 * 10 * (microtime(true) - $start_microtime)) / 10;
}
}
