/** * Check access * * Check if the user has the required access id * * @access public * @param integer $accessId * @param string $type * @return boolean */ public static function checkAccess($accessId, $type, $return = false) { if ($accessId === 0 && $type == 'static') { return true; } $objFWUser = FWUser::getFWUserObject(); if ($objFWUser->objUser->login() && ($objFWUser->objUser->getAdminStatus() || $type == 'static' && in_array($accessId, $objFWUser->objUser->getStaticPermissionIds()) || $type == 'dynamic' && in_array($accessId, $objFWUser->objUser->getDynamicPermissionIds()))) { return true; } if ($return) { return false; } Permission::noAccess(); }
/** * Check and modify the cmd based on the permission * * @param array $cmd * @param array $currentCommands */ protected function checkAndModifyCmdByPermission(&$cmd, $currentCommands) { $command = array(); $keys = array_keys($currentCommands); $cmd[1] = !isset($cmd[1]) ? '' : $cmd[1]; foreach ($cmd as $cmdKey => $cmdValue) { $command[$cmdKey] = $cmdValue; while (!$this->hasAccessToCommand($command)) { $pos = array_search($cmdValue, $keys); if (!isset($keys[$pos + 1])) { \Permission::noAccess(); exit; } $cmdValue = $command[$cmdKey] = $keys[$pos + 1]; } $keys = isset($currentCommands[$cmdValue]['children']) ? array_keys($currentCommands[$cmdValue]['children']) : ''; } $cmd = $command; }
/** * PHP5 constructor * @param string $objTemplate * @param array $_ARRAYLANG * @access public */ function __construct() { global $_ARRAYLANG, $_FTPCONFIG, $objTemplate, $objDatabase; // sigma template $this->_objTpl = new \Cx\Core\Html\Sigma(ASCMS_CORE_MODULE_PATH . '/Media/View/Template/Backend'); \Cx\Core\Csrf\Controller\Csrf::add_placeholder($this->_objTpl); $this->_objTpl->setErrorHandling(PEAR_ERROR_DIE); $this->arrPaths = array(ASCMS_MEDIA1_PATH . DIRECTORY_SEPARATOR, ASCMS_MEDIA2_PATH . DIRECTORY_SEPARATOR, ASCMS_MEDIA3_PATH . DIRECTORY_SEPARATOR, ASCMS_MEDIA4_PATH . DIRECTORY_SEPARATOR, ASCMS_FILESHARING_PATH . DIRECTORY_SEPARATOR, ASCMS_CONTENT_IMAGE_PATH . DIRECTORY_SEPARATOR, ASCMS_SHOP_IMAGES_PATH . DIRECTORY_SEPARATOR, ASCMS_THEMES_PATH . DIRECTORY_SEPARATOR, ASCMS_ATTACH_PATH . DIRECTORY_SEPARATOR, ASCMS_ACCESS_PATH . DIRECTORY_SEPARATOR, ASCMS_BLOG_IMAGES_PATH . DIRECTORY_SEPARATOR, ASCMS_CALENDAR_IMAGE_PATH . DIRECTORY_SEPARATOR, ASCMS_DOWNLOADS_IMAGES_PATH . DIRECTORY_SEPARATOR, ASCMS_GALLERY_PATH . DIRECTORY_SEPARATOR, ASCMS_MEDIADIR_IMAGES_PATH . DIRECTORY_SEPARATOR, ASCMS_PODCAST_IMAGES_PATH . DIRECTORY_SEPARATOR); $this->arrWebPaths = array('archive1' => ASCMS_MEDIA1_WEB_PATH . '/', 'archive2' => ASCMS_MEDIA2_WEB_PATH . '/', 'archive3' => ASCMS_MEDIA3_WEB_PATH . '/', 'archive4' => ASCMS_MEDIA4_WEB_PATH . '/', 'FileSharing' => ASCMS_FILESHARING_WEB_PATH . '/', 'content' => ASCMS_CONTENT_IMAGE_WEB_PATH . '/', 'Contact' => ASCMS_ATTACH_WEB_PATH . '/', 'Shop' => ASCMS_SHOP_IMAGES_WEB_PATH . '/', 'themes' => ASCMS_THEMES_WEB_PATH . '/', 'attach' => ASCMS_ATTACH_WEB_PATH . '/', 'Access' => ASCMS_ACCESS_WEB_PATH . '/', 'Blog' => ASCMS_BLOG_IMAGES_WEB_PATH . '/', 'Calendar' => ASCMS_CALENDAR_IMAGE_WEB_PATH . '/', 'Downloads' => ASCMS_DOWNLOADS_IMAGES_WEB_PATH . '/', 'Gallery' => ASCMS_GALLERY_WEB_PATH . '/', 'MediaDir' => ASCMS_MEDIADIR_IMAGES_WEB_PATH . '/', 'Podcast' => ASCMS_PODCAST_IMAGES_WEB_PATH . '/'); $moduleMatchTable = array('archive1' => 'Media1', 'archive2' => 'Media2', 'archive3' => 'Media3', 'archive4' => 'Media4', 'content' => 'core', 'themes' => 'core', 'attach' => 'core'); $license = \Cx\Core_Modules\License\License::getCached($_CONFIG, $objDatabase); $license->check(); foreach ($this->arrWebPaths as $module => $path) { $moduleName = $module; if (isset($moduleMatchTable[$module])) { $moduleName = $moduleMatchTable[$module]; } if (!$license->isInLegalComponents($moduleName)) { \DBG::msg('Module "' . $module . '" is deactivated'); unset($this->arrWebPaths[$module]); } } if (empty($this->arrWebPaths)) { \Permission::noAccess(); } if (isset($_REQUEST['archive']) && array_key_exists($_REQUEST['archive'], $this->arrWebPaths)) { $this->archive = $_REQUEST['archive']; } else { $this->archive = 'content'; } // get variables $this->getAct = isset($_POST['deleteMedia']) && $_POST['deleteMedia'] ? 'delete' : (!empty($_GET['act']) ? trim($_GET['act']) : ''); $this->getPath = isset($_GET['path']) ? \Cx\Lib\FileSystem\FileSystem::sanitizePath($_GET['path']) : false; if ($this->getPath === false) { $this->getPath = $this->arrWebPaths[$this->archive]; } $this->getFile = isset($_REQUEST['file']) ? \Cx\Lib\FileSystem\FileSystem::sanitizeFile($_REQUEST['file']) : false; if ($this->getFile === false) { $this->getFile = ''; } $this->getData = !empty($_GET['data']) ? $_GET['data'] : ''; $this->sortBy = !empty($_GET['sort']) ? trim($_GET['sort']) : 'name'; $this->sortDesc = !empty($_GET['sort_desc']); $this->shopEnabled = $this->checkModule('Shop'); if ($this->archive == 'themes') { $_SESSION["skins"] = true; } else { $_SESSION["skins"] = false; } switch ($this->archive) { case 'themes': \Permission::checkAccess(21, 'static'); $objTemplate->setVariable("CONTENT_NAVIGATION", "<a href='index.php?cmd=Media&archive=content'>" . $_ARRAYLANG['TXT_IMAGE_CONTENT'] . "</a>\n <a href='index.php?cmd=Media&archive=attach'>" . $_ARRAYLANG['TXT_MODULE'] . "</a>\n <a href='index.php?cmd=Media&archive=themes' class='active'>" . $_ARRAYLANG['TXT_MEDIA_LAYOUT'] . "</a>"); break; case 'content': \Permission::checkAccess(32, 'static'); $objTemplate->setVariable('CONTENT_NAVIGATION', ' <a href="index.php?cmd=Media&archive=content" class="active">' . $_ARRAYLANG['TXT_IMAGE_CONTENT'] . '</a> <a href="index.php?cmd=Media&archive=attach">' . $_ARRAYLANG['TXT_MODULE'] . '</a> <a href="index.php?cmd=Media&archive=themes">' . $_ARRAYLANG['TXT_MEDIA_LAYOUT'] . '</a>'); break; case 'Contact': \Permission::checkAccess(84, 'static'); $objTemplate->setVariable('CONTENT_NAVIGATION', ' <a href="index.php?cmd=Contact" title="' . $_ARRAYLANG['TXT_CONTACT_CONTACT_FORMS'] . '">' . $_ARRAYLANG['TXT_FORMS'] . '</a> <a hreF="index.php?cmd=Media&archive=Contact" title="' . $_ARRAYLANG['TXT_FILE_UPLOADS'] . '" class="active">' . $_ARRAYLANG['TXT_FILE_UPLOADS'] . '</a> <a href="index.php?cmd=Contact&act=settings" title="' . $_ARRAYLANG['TXT_CONTACT_SETTINGS'] . '">' . $_ARRAYLANG['TXT_CONTACT_SETTINGS'] . '</a> '); break; case 'FileSharing': \Permission::checkAccess(8, 'static'); $objTemplate->setVariable('CONTENT_NAVIGATION', ' <a href="index.php?cmd=Media&archive=FileSharing"' . (!isset($_GET['act']) || $_GET['act'] == 'filesharing' ? ' class="active"' : '') . '>' . $_ARRAYLANG['TXT_FILESHARING_MODULE'] . '</a> <a href="index.php?cmd=Media&archive=FileSharing&act=settings"' . (isset($_GET['act']) && $_GET['act'] == 'settings' ? ' class="active"' : '') . '>' . $_ARRAYLANG['TXT_MEDIA_SETTINGS'] . '</a> '); break; case 'attach': \Permission::checkAccess(84, 'static'); $objTemplate->setVariable('CONTENT_NAVIGATION', ' <a href="index.php?cmd=Media&archive=content">' . $_ARRAYLANG['TXT_IMAGE_CONTENT'] . '</a> <a href="index.php?cmd=Media&archive=attach" class="active">' . $_ARRAYLANG['TXT_MODULE'] . '</a> <a href="index.php?cmd=Media&archive=themes">' . $_ARRAYLANG['TXT_MEDIA_LAYOUT'] . '</a> '); break; case 'Access': \Permission::checkAccess(18, 'static'); $objTemplate->setVariable('CONTENT_NAVIGATION', ' <a href="index.php?cmd=Media&archive=content">' . $_ARRAYLANG['TXT_IMAGE_CONTENT'] . '</a> <a href="index.php?cmd=Media&archive=attach" class="active">' . $_ARRAYLANG['TXT_MODULE'] . '</a> <a href="index.php?cmd=Media&archive=themes">' . $_ARRAYLANG['TXT_MEDIA_LAYOUT'] . '</a> '); break; case 'Blog': \Permission::checkAccess(119, 'static'); $objTemplate->setVariable('CONTENT_NAVIGATION', ' <a href="index.php?cmd=Media&archive=content">' . $_ARRAYLANG['TXT_IMAGE_CONTENT'] . '</a> <a href="index.php?cmd=Media&archive=attach" class="active">' . $_ARRAYLANG['TXT_MODULE'] . '</a> <a href="index.php?cmd=Media&archive=themes">' . $_ARRAYLANG['TXT_MEDIA_LAYOUT'] . '</a> '); break; case 'Calendar': \Permission::checkAccess(16, 'static'); $objTemplate->setVariable('CONTENT_NAVIGATION', ' <a href="index.php?cmd=Media&archive=content">' . $_ARRAYLANG['TXT_IMAGE_CONTENT'] . '</a> <a href="index.php?cmd=Media&archive=attach" class="active">' . $_ARRAYLANG['TXT_MODULE'] . '</a> <a href="index.php?cmd=Media&archive=themes">' . $_ARRAYLANG['TXT_MEDIA_LAYOUT'] . '</a> '); break; case 'Downloads': \Permission::checkAccess(141, 'static'); $objTemplate->setVariable('CONTENT_NAVIGATION', ' <a href="index.php?cmd=Media&archive=content">' . $_ARRAYLANG['TXT_IMAGE_CONTENT'] . '</a> <a href="index.php?cmd=Media&archive=attach" class="active">' . $_ARRAYLANG['TXT_MODULE'] . '</a> <a href="index.php?cmd=Media&archive=themes">' . $_ARRAYLANG['TXT_MEDIA_LAYOUT'] . '</a> '); break; case 'Gallery': \Permission::checkAccess(12, 'static'); $objTemplate->setVariable('CONTENT_NAVIGATION', ' <a href="index.php?cmd=Media&archive=content">' . $_ARRAYLANG['TXT_IMAGE_CONTENT'] . '</a> <a href="index.php?cmd=Media&archive=attach" class="active">' . $_ARRAYLANG['TXT_MODULE'] . '</a> <a href="index.php?cmd=Media&archive=themes">' . $_ARRAYLANG['TXT_MEDIA_LAYOUT'] . '</a> '); break; case 'MediaDir': \Permission::checkAccess(153, 'static'); $objTemplate->setVariable('CONTENT_NAVIGATION', ' <a href="index.php?cmd=Media&archive=content">' . $_ARRAYLANG['TXT_IMAGE_CONTENT'] . '</a> <a href="index.php?cmd=Media&archive=attach" class="active">' . $_ARRAYLANG['TXT_MODULE'] . '</a> <a href="index.php?cmd=Media&archive=themes">' . $_ARRAYLANG['TXT_MEDIA_LAYOUT'] . '</a> '); break; case 'Podcast': \Permission::checkAccess(87, 'static'); $objTemplate->setVariable('CONTENT_NAVIGATION', ' <a href="index.php?cmd=Media&archive=content">' . $_ARRAYLANG['TXT_IMAGE_CONTENT'] . '</a> <a href="index.php?cmd=Media&archive=attach" class="active">' . $_ARRAYLANG['TXT_MODULE'] . '</a> <a href="index.php?cmd=Media&archive=themes">' . $_ARRAYLANG['TXT_MEDIA_LAYOUT'] . '</a> '); break; case 'Shop': \Permission::checkAccess(13, 'static'); $objTemplate->setVariable('CONTENT_NAVIGATION', ' <a href="index.php?cmd=Media&archive=content">' . $_ARRAYLANG['TXT_IMAGE_CONTENT'] . '</a> <a href="index.php?cmd=Media&archive=attach" class="active">' . $_ARRAYLANG['TXT_MODULE'] . '</a> <a href="index.php?cmd=Media&archive=themes">' . $_ARRAYLANG['TXT_MEDIA_LAYOUT'] . '</a> '); break; default: \Permission::checkAccess(7, 'static'); $objTemplate->setVariable('CONTENT_NAVIGATION', ' <a href="index.php?cmd=Media&archive=archive1" ' . ($this->archive == 'archive1' && !isset($_GET['act']) ? ' class="active"' : '') . '>' . $_ARRAYLANG['TXT_MEDIA_ARCHIVE'] . ' #1</a> <a href="index.php?cmd=Media&archive=archive2" ' . ($this->archive == 'archive2' ? ' class="active"' : '') . '>' . $_ARRAYLANG['TXT_MEDIA_ARCHIVE'] . ' #2</a> <a href="index.php?cmd=Media&archive=archive3" ' . ($this->archive == 'archive3' ? ' class="active"' : '') . '>' . $_ARRAYLANG['TXT_MEDIA_ARCHIVE'] . ' #3</a> <a href="index.php?cmd=Media&archive=archive4" ' . ($this->archive == 'archive4' ? ' class="active"' : '') . '>' . $_ARRAYLANG['TXT_MEDIA_ARCHIVE'] . ' #4</a> <a href="index.php?cmd=Media&archive=archive1&act=settings" ' . ($this->archive == 'archive1' && $_GET['act'] == 'settings' ? ' class="active"' : '') . '>' . $_ARRAYLANG['TXT_MEDIA_SETTINGS'] . '</a> '); break; } $this->docRoot = \Env::get('cx')->getWebsiteDocumentRootPath(); // with path offset $this->docRoot = \Env::get('cx')->getWebsitePath(); // without path offset //paths $this->webPath = $this->_pathCheck($this->getPath); $this->path = $this->docRoot . $this->webPath; $this->_objImage = new \ImageManager(); }
/** * Gets the news details * * @global array * @global ADONewConnection * @global array * @return string parsed content */ private function getDetails() { global $_CONFIG, $objDatabase, $_ARRAYLANG; $newsid = intval($_GET['newsid']); if (!$newsid) { header('Location: ' . \Cx\Core\Routing\Url::fromModuleAndCmd('News')); exit; } $whereStatus = ''; $newsAccess = \Permission::checkAccess(10, 'static', true); $newsPreview = !empty($_GET['newsPreview']) ? intval($_GET['newsPreview']) : 0; $base64Redirect = base64_encode(\Env::get('cx')->getRequest()->getUrl()); if ($newsPreview && !$newsAccess) { \Permission::noAccess($base64Redirect); } else { if (!$newsAccess) { $whereStatus = 'news.status = 1 AND'; } } // TODO: add error handler to load the fallback-language version of the news message // in case the message doesn't exist in the requested language. But only try load the // the message in the fallback-language in case the associated news-detail content page // is setup to use the content of the fallback-language $objResult = $objDatabase->SelectLimit('SELECT news.id AS id, news.userid AS userid, news.redirect AS redirect, news.source AS source, news.changelog AS changelog, news.url1 AS url1, news.url2 AS url2, news.date AS date, news.publisher AS publisher, news.publisher_id AS publisherid, news.author AS author, news.author_id AS authorid, news.changelog AS changelog, news.teaser_image_path AS newsimage, news.enable_related_news AS enableRelatedNews, news.enable_tags AS enableTags, news.teaser_image_thumbnail_path AS newsThumbImg, news.typeid AS typeid, news.allow_comments AS commentactive, locale.text, locale.title AS title, locale.teaser_text FROM ' . DBPREFIX . 'module_news AS news INNER JOIN ' . DBPREFIX . 'module_news_locale AS locale ON news.id = locale.news_id WHERE ' . $whereStatus . ' news.id = ' . $newsid . ' AND locale.is_active=1 AND locale.lang_id =' . FRONTEND_LANG_ID . (!$newsPreview ? ' AND (news.startdate <= \'' . date('Y-m-d H:i:s') . '\' OR news.startdate="0000-00-00 00:00:00") AND (news.enddate >= \'' . date('Y-m-d H:i:s') . '\' OR news.enddate="0000-00-00 00:00:00")' : '') . ($this->arrSettings['news_message_protection'] == '1' && !\Permission::hasAllAccess() ? ($objFWUser = \FWUser::getFWUserObject()) && $objFWUser->objUser->login() ? " AND (frontend_access_id IN (" . implode(',', array_merge(array(0), $objFWUser->objUser->getDynamicPermissionIds())) . ") OR userid = " . $objFWUser->objUser->getId() . ") " : " AND frontend_access_id=0 " : ''), 1); if (!$objResult || $objResult->EOF) { header('Location: ' . \Cx\Core\Routing\Url::fromModuleAndCmd('News')); exit; } $newsCommentActive = $objResult->fields['commentactive']; $lastUpdate = $objResult->fields['changelog']; $text = $objResult->fields['text']; $redirect = contrexx_raw2xhtml($objResult->fields['redirect']); $sourceHref = contrexx_raw2xhtml($objResult->fields['source']); $url1Href = contrexx_raw2xhtml($objResult->fields['url1']); $url2Href = contrexx_raw2xhtml($objResult->fields['url2']); $source = contrexx_raw2xhtml($objResult->fields['source']); $url1 = contrexx_raw2xhtml($objResult->fields['url1']); $url2 = contrexx_raw2xhtml($objResult->fields['url2']); $newsUrl = ''; $newsSource = ''; $newsLastUpdate = ''; if (!empty($url1)) { $strUrl1 = contrexx_raw2xhtml($objResult->fields['url1']); if (strlen($strUrl1) > 40) { $strUrl1 = substr($strUrl1, 0, 26) . '...' . substr($strUrl1, strrpos($strUrl1, '.')); } $newsUrl = $_ARRAYLANG['TXT_IMPORTANT_HYPERLINKS'] . '<br /><a target="_blank" href="' . $url1Href . '" title="' . $url1 . '">' . $strUrl1 . '</a><br />'; } if (!empty($url2)) { $strUrl2 = contrexx_raw2xhtml($objResult->fields['url2']); if (strlen($strUrl2) > 40) { $strUrl2 = substr($strUrl2, 0, 26) . '...' . substr($strUrl2, strrpos($strUrl2, '.')); } $newsUrl .= '<a target="_blank" href="' . $url2Href . '" title="' . $url2 . '">' . $strUrl2 . '</a><br />'; } if (!empty($source)) { $strSource = contrexx_raw2xhtml($objResult->fields['source']); if (strlen($strSource) > 40) { $strSource = substr($strSource, 0, 26) . '...' . substr($strSource, strrpos($strSource, '.')); } $newsSource = $_ARRAYLANG['TXT_NEWS_SOURCE'] . '<br /><a target="_blank" href="' . $sourceHref . '" title="' . $source . '">' . $strSource . '</a><br />'; } if (!empty($lastUpdate)) { $newsLastUpdate = $_ARRAYLANG['TXT_LAST_UPDATE'] . '<br />' . date(ASCMS_DATE_FORMAT, $objResult->fields['changelog']); } $this->newsTitle = $objResult->fields['title']; $newstitle = $this->newsTitle; $newsTeaser = nl2br($objResult->fields['teaser_text']); \LinkGenerator::parseTemplate($newsTeaser); $objSubResult = $objDatabase->Execute('SELECT count(`id`) AS `countComments` FROM `' . DBPREFIX . 'module_news_comments` WHERE `newsid` = ' . $newsid); //Get the Category list $newsCategories = $this->getCategoriesByNewsId($newsid); if (!empty($newsCategories) && $this->_objTpl->blockExists('news_category_list')) { foreach ($newsCategories as $catId => $catTitle) { $this->_objTpl->setVariable(array('NEWS_CATEGORY_TITLE' => contrexx_raw2xhtml($catTitle), 'NEWS_CATEGORY_ID' => contrexx_input2int($catId))); $this->_objTpl->parse('news_category'); } } $this->_objTpl->setVariable(array('NEWS_LONG_DATE' => date(ASCMS_DATE_FORMAT, $objResult->fields['date']), 'NEWS_DATE' => date(ASCMS_DATE_FORMAT_DATE, $objResult->fields['date']), 'NEWS_TIME' => date(ASCMS_DATE_FORMAT_TIME, $objResult->fields['date']), 'NEWS_TITLE' => $newstitle, 'NEWS_TEASER_TEXT' => $newsTeaser, 'NEWS_LASTUPDATE' => $newsLastUpdate, 'NEWS_SOURCE' => $newsSource, 'NEWS_URL' => $newsUrl, 'NEWS_CATEGORY_NAME' => implode(', ', contrexx_raw2xhtml($newsCategories)), 'NEWS_COUNT_COMMENTS' => $newsCommentActive && $this->arrSettings['news_comments_activated'] ? contrexx_raw2xhtml($objSubResult->fields['countComments'] . ' ' . $_ARRAYLANG['TXT_NEWS_COMMENTS']) : '')); if (!$newsCommentActive || !$this->arrSettings['news_comments_activated']) { if ($this->_objTpl->blockExists('news_comments_count')) { $this->_objTpl->hideBlock('news_comments_count'); } } if ($this->arrSettings['news_use_teaser_text'] != '1' && $this->_objTpl->blockExists('news_use_teaser_text')) { $this->_objTpl->hideBlock('news_use_teaser_text'); } // parse author self::parseUserAccountData($this->_objTpl, $objResult->fields['authorid'], $objResult->fields['author'], 'news_author'); // parse publisher self::parseUserAccountData($this->_objTpl, $objResult->fields['publisherid'], $objResult->fields['publisher'], 'news_publisher'); // show comments $this->parseMessageCommentForm($newsid, $newstitle, $newsCommentActive); $this->parseCommentsOfMessage($newsid, $newsCommentActive); // Show related_messages $this->parseRelatedMessagesOfMessage($newsid, 'category', array_keys($newsCategories)); $this->parseRelatedMessagesOfMessage($newsid, 'type', $objResult->fields['typeid']); $this->parseRelatedMessagesOfMessage($newsid, 'publisher', $objResult->fields['publisherid']); $this->parseRelatedMessagesOfMessage($newsid, 'author', $objResult->fields['authorid']); /* * save the teaser text. * purpose of this: @link news::getTeaser() */ $this->_teaser = contrexx_raw2xhtml($newsTeaser); if (!empty($this->arrSettings['news_use_tags']) && !empty($objResult->fields['enableTags'])) { $this->parseNewsTags($this->_objTpl, $newsid); } if (!empty($this->arrSettings['use_related_news']) && !empty($objResult->fields['enableRelatedNews'])) { $this->parseRelatedNews($this->_objTpl, $newsid, FRONTEND_LANG_ID, 'related_news', 3); } if (!empty($objResult->fields['newsimage'])) { $this->_objTpl->setVariable(array('NEWS_IMAGE' => '<img src="' . $objResult->fields['newsimage'] . '" alt="' . $newstitle . '" />', 'NEWS_IMAGE_SRC' => $objResult->fields['newsimage'], 'NEWS_IMAGE_ALT' => $newstitle)); if ($this->_objTpl->blockExists('news_image')) { $this->_objTpl->parse('news_image'); } } else { if ($this->_objTpl->blockExists('news_image')) { $this->_objTpl->hideBlock('news_image'); } } self::parseImageBlock($this->_objTpl, $objResult->fields['newsThumbImg'], $newstitle, $newsUrl, 'image_thumbnail'); self::parseImageBlock($this->_objTpl, $objResult->fields['newsimage'], $newstitle, $newsUrl, 'image_detail'); //previous next newslink if ($this->_objTpl->blockExists('previousNextLink')) { $this->parseNextAndPreviousLinks($this->_objTpl); } if (empty($redirect)) { $text = preg_replace('/\\[\\[([A-Z0-9_-]+)\\]\\]/', '{\\1}', $text); $newsTeaser = preg_replace('/\\[\\[([A-Z0-9_-]+)\\]\\]/', '{\\1}', $newsTeaser); \LinkGenerator::parseTemplate($text); $this->_objTpl->setVariable('NEWS_TEXT', $text); if ($this->_objTpl->blockExists('news_text')) { $this->_objTpl->parse('news_text'); } if ($this->_objTpl->blockExists('news_redirect')) { $this->_objTpl->hideBlock('news_redirect'); } } else { if (\FWValidator::isUri($redirect)) { $redirectName = preg_replace('#^https?://#', '', $redirect); //} elseif (\FWValidator::isEmail($redirect)) { //$redirectName } else { $redirectName = basename($redirect); } $this->_objTpl->setVariable(array('TXT_NEWS_REDIRECT_INSTRUCTION' => $_ARRAYLANG['TXT_NEWS_REDIRECT_INSTRUCTION'], 'NEWS_REDIRECT_URL' => $redirect, 'NEWS_REDIRECT_NAME' => $redirectName)); if ($this->_objTpl->blockExists('news_redirect')) { $this->_objTpl->parse('news_redirect'); } if ($this->_objTpl->blockExists('news_text')) { $this->_objTpl->hideBlock('news_text'); } } $this->countNewsMessageView($newsid); $objResult->MoveNext(); return $this->_objTpl->get(); }
private function download() { global $objInit; $objDownload = new Download(); $objDownload->load(!empty($_GET['download']) ? intval($_GET['download']) : 0); if (!$objDownload->EOF) { // check if the download is expired if ($objDownload->getExpirationDate() && $objDownload->getExpirationDate() < time() || !$objDownload->getActiveStatus()) { \Cx\Core\Csrf\Controller\Csrf::header("Location: " . CONTREXX_DIRECTORY_INDEX . "?section=Error&id=404"); exit; } // check access to download-file if (!$this->hasUserAccessToCategoriesOfDownload($objDownload)) { \Permission::noAccess(base64_encode($objInit->getPageUri())); } // check access to download-file if ($objDownload->getAccessId() && !\Permission::checkAccess(143, 'static', true) && !\Permission::checkAccess($objDownload->getAccessId(), 'dynamic', true) && $objDownload->getOwnerId() != $this->userId) { \Permission::noAccess(base64_encode($objInit->getPageUri())); } $objDownload->incrementDownloadCount(); if ($objDownload->getType() == 'file') { $objDownload->send(); } else { // add socket -> prevent to hide the source from the customer \Cx\Core\Csrf\Controller\Csrf::header('Location: ' . $objDownload->getSource()); } } }
/** * Perform the requested function depending on $_GET['act'] * * @global array Core language * @global \Cx\Core\Html\Sigma * @return void */ function getPage() { global $_ARRAYLANG, $objTemplate; if (!isset($_GET['act'])) { $_GET['act'] = ''; } $boolShowStatus = true; switch ($_GET['act']) { case 'Ftp': $this->showFtp(); break; case 'cache': if (in_array('CacheManager', \Env::get('cx')->getLicense()->getLegalComponentsList())) { $boolShowStatus = false; $objCache = new \Cx\Core_Modules\Cache\Controller\CacheManager(); $objCache->showSettings(); } else { \Permission::noAccess(); } break; case 'Wysiwyg': if (in_array('Wysiwyg', \Env::get('cx')->getLicense()->getLegalComponentsList())) { $boolShowStatus = false; $this->showWysiwyg(); } else { \Permission::noAccess(); } break; case 'cache_update': $boolShowStatus = false; $objCache = new \Cx\Core_Modules\Cache\Controller\CacheManager(); $objCache->updateSettings(); $objCache->showSettings(); break; case 'cache_empty': $boolShowStatus = false; $objCache = new \Cx\Core_Modules\Cache\Controller\CacheManager(); $objCache->forceClearCache(isset($_GET['cache']) ? contrexx_input2raw($_GET['cache']) : null); $objCache->showSettings(); break; case 'smtp': $this->smtp(); break; case 'image': try { $this->image($_POST); } catch (Exception $e) { \DBG::msg('Image settings: ' . $e->getMessage); } break; case 'thumbnail': $this->editThumbnails($_POST); break; case 'generateThumbnail': $this->generateThumbnail($_POST); break; case 'getThumbProgress': $this->getThumbProgress(); break; default: $this->showSettings(); } if ($boolShowStatus) { $objTemplate->setVariable(array('CONTENT_TITLE' => $this->strPageTitle, 'CONTENT_OK_MESSAGE' => $this->strOkMessage, 'CONTENT_STATUS_MESSAGE' => implode("<br />\n", $this->strErrMessage))); } $this->act = isset($_REQUEST['act']) ? $_REQUEST['act'] : ''; $this->setNavigation(); }
/** * Shows the "Edit Entry" page. * * @global array * @global array * @global array * @global FWLanguage * @param integer $intEntryId: The values of this entry will be loaded into the form. */ function editEntry($intEntryId) { global $_CORELANG, $_ARRAYLANG, $objDatabase; $count = $objDatabase->Execute('SELECT message_id FROM ' . DBPREFIX . 'module_blog_messages WHERE message_id = "' . $intEntryId . '"'); if ($count->RecordCount() != 1) { \Permission::noAccess(); } $this->_strPageTitle = $_ARRAYLANG['TXT_BLOG_ENTRY_EDIT_TITLE']; $this->_objTpl->loadTemplateFile('module_blog_entries_edit.html', true, true); $options = array('type' => 'button', 'data-cx-mb-views' => 'filebrowser', 'data-cx-mb-startmediatype' => 'blog', 'id' => 'mediabrowser_button', 'style' => 'display:none'); $mediaBrowser = self::getMediaBrowserButton($_ARRAYLANG['TXT_BLOG_ENTRY_ADD_IMAGE_BROWSE'], $options, 'blogSetUrl'); $this->_objTpl->setVariable(array('TXT_EDIT_LANGUAGES' => $_ARRAYLANG['TXT_BLOG_CATEGORY_ADD_LANGUAGES'], 'TXT_EDIT_SUBMIT' => $_ARRAYLANG['TXT_BLOG_SAVE'], 'BLOG_MEDIABROWSER_BUTTON' => $mediaBrowser)); $arrCategories = $this->createCategoryArray(); $arrEntries = $this->createEntryArray(); $intEntryId = intval($intEntryId); $forcedLanguage = null; if (isset($_GET['langId']) && in_array(contrexx_input2raw($_GET['langId']), \FWLanguage::getIdArray())) { $forcedLanguage = contrexx_input2raw($_GET['langId']); } if ($intEntryId > 0 && key_exists($intEntryId, $arrEntries)) { if (count($this->_arrLanguages) > 0) { $intLanguageCounter = 0; $boolFirstLanguage = true; $arrLanguages = array(0 => '', 1 => '', 2 => ''); $strJsTabToDiv = ''; foreach ($this->_arrLanguages as $intLanguageId => $arrTranslations) { $boolLanguageIsActive = $arrEntries[$intEntryId]['translation'][$intLanguageId]['is_active']; if (!$boolLanguageIsActive && $forcedLanguage == $intLanguageId) { $boolLanguageIsActive = true; } $arrLanguages[$intLanguageCounter % 3] .= '<input ' . ($boolLanguageIsActive ? 'checked="checked"' : '') . ' type="checkbox" name="frmEditEntry_Languages[]" value="' . $intLanguageId . '" onclick="switchBoxAndTab(this, \'addEntry_' . $arrTranslations['long'] . '\');" />' . $arrTranslations['long'] . ' [' . $arrTranslations['short'] . ']<br />'; $strJsTabToDiv .= 'arrTabToDiv["addEntry_' . $arrTranslations['long'] . '"] = "' . $arrTranslations['long'] . '";' . "\n"; $activeTab = $boolFirstLanguage; if ($forcedLanguage) { $activeTab = $forcedLanguage == $intLanguageId; } //Parse the TABS at the top of the language-selection $this->_objTpl->setVariable(array('TABS_LINK_ID' => 'addEntry_' . $arrTranslations['long'], 'TABS_DIV_ID' => $arrTranslations['long'], 'TABS_CLASS' => $activeTab && $boolLanguageIsActive ? 'active' : 'inactive', 'TABS_DISPLAY_STYLE' => $boolLanguageIsActive ? 'display: inline;' : 'display: none;', 'TABS_NAME' => $arrTranslations['long'])); $this->_objTpl->parse('showLanguageTabs'); //Parse the DIVS for every language $this->_objTpl->setVariable(array('TXT_DIV_SUBJECT' => $_ARRAYLANG['TXT_BLOG_ENTRY_ADD_SUBJECT'], 'TXT_DIV_KEYWORDS' => $_ARRAYLANG['TXT_BLOG_ENTRY_ADD_KEYWORDS'], 'TXT_DIV_IMAGE' => $_ARRAYLANG['TXT_BLOG_ENTRY_ADD_IMAGE'], 'TXT_DIV_IMAGE_BROWSE' => $_ARRAYLANG['TXT_BLOG_ENTRY_ADD_IMAGE_BROWSE'], 'TXT_DIV_CATEGORIES' => $_ARRAYLANG['TXT_BLOG_ENTRY_ADD_CATEGORIES'])); //Filter out active categories for this language $intCategoriesCounter = 0; $arrCategoriesContent = array(0 => '', 1 => '', 2 => ''); foreach ($arrCategories as $intCategoryId => $arrCategoryValues) { if ($arrCategoryValues[$intLanguageId]['is_active']) { $arrCategoriesContent[$intCategoriesCounter % 3] .= '<input type="checkbox" name="frmEditEntry_Categories_' . $intLanguageId . '[]" value="' . $intCategoryId . '" ' . (key_exists($intCategoryId, $arrEntries[$intEntryId]['categories'][$intLanguageId]) ? 'checked="checked"' : '') . ' />' . $arrCategoryValues[$intLanguageId]['name'] . '<br />'; ++$intCategoriesCounter; } } $this->_objTpl->setVariable(array('DIV_ID' => $arrTranslations['long'], 'DIV_LANGUAGE_ID' => $intLanguageId, 'DIV_DISPLAY_STYLE' => $boolFirstLanguage && $boolLanguageIsActive ? 'display: block;' : 'display: none;', 'DIV_TITLE' => $arrTranslations['long'], 'DIV_SUBJECT' => $arrEntries[$intEntryId]['translation'][$intLanguageId]['subject'], 'DIV_KEYWORDS' => $arrEntries[$intEntryId]['translation'][$intLanguageId]['tags'], 'DIV_IMAGE' => $arrEntries[$intEntryId]['translation'][$intLanguageId]['image'], 'DIV_CATEGORIES_1' => $arrCategoriesContent[0], 'DIV_CATEGORIES_2' => $arrCategoriesContent[1], 'DIV_CATEGORIES_3' => $arrCategoriesContent[2], 'DIV_CONTENT' => new \Cx\Core\Wysiwyg\Wysiwyg('frmEditEntry_Content_' . $intLanguageId, $arrEntries[$intEntryId]['translation'][$intLanguageId]['content'], 'full', $intLanguageId))); $this->_objTpl->parse('showLanguageDivs'); if ($boolLanguageIsActive) { $boolFirstLanguage = false; } ++$intLanguageCounter; } $this->_objTpl->setVariable(array('EDIT_POST_ACTION' => '?cmd=Blog&act=updateEntry', 'EDIT_MESSAGE_ID' => $intEntryId, 'EDIT_LANGUAGES_1' => $arrLanguages[0], 'EDIT_LANGUAGES_2' => $arrLanguages[1], 'EDIT_LANGUAGES_3' => $arrLanguages[2], 'EDIT_JS_TAB_TO_DIV' => $strJsTabToDiv)); } } else { $this->_strErrMessage = $_ARRAYLANG['TXT_BLOG_ENTRY_EDIT_ERROR_ID']; } }
function _configDeleteMail() { global $_ARRAYLANG; // only administrators are allowed to modify the config if (!\Permission::hasAllAccess()) { \Permission::noAccess(); } if (empty($_REQUEST['type'])) { return; } $objFWUser = \FWUser::getFWUserObject(); $objUserMail = $objFWUser->getMail(); if (!$objUserMail->load(contrexx_addslashes($_REQUEST['type']), !empty($_REQUEST['access_mail_lang']) ? intval($_REQUEST['access_mail_lang']) : null)) { return; } // TODO: Do you really need to reinitialize that? $objFWUser = \FWUser::getFWUserObject(); if ($objUserMail->delete()) { self::$arrStatusMsg['ok'][] = $_ARRAYLANG['TXT_ACCESS_EMAIL_DEL_SUCCESS']; } else { self::$arrStatusMsg['error'] = array_merge(self::$arrStatusMsg['error'], $objUserMail->getErrorMsg()); } }
/** * Dispatches to the desired function. * @global \Cx\Core\Html\Sigma $objTemplate */ function getPage() { global $objTemplate; if (!isset($_GET['act'])) { $_GET['act'] = ''; } // Check permission to access this module \Permission::checkAccess(20, 'static'); switch ($_GET['act']) { case 'showTable': if (\Permission::hasAllAccess()) { $this->showTable($_GET['table']); } else { \Permission::noAccess(); } break; case 'optimize': \Permission::checkAccess(41, 'static'); $this->optimizeDatabase(); $this->showMaintenance(); break; case 'repair': \Permission::checkAccess(41, 'static'); $this->repairDatabase(); $this->showMaintenance(); break; case 'status': if (\Permission::hasAllAccess()) { $this->showStatus(); } else { \Permission::noAccess(); } break; default: \Permission::checkAccess(41, 'static'); $this->showMaintenance(); break; } $objTemplate->setVariable(array('CONTENT_TITLE' => $this->_strPageTitle, 'CONTENT_OK_MESSAGE' => self::$strOkMessage)); $this->act = $_REQUEST['act']; $this->setNavigation(); }
/** * categories list * @global array * @global integer * @global array * @global object * @global object */ private function categories() { global $_ARRAYLANG, $_LANGID, $_CONFIG, $objInit; $objCategory = Category::getCategory($this->parentCategoryId); $objFWUser = \FWUser::getFWUserObject(); $this->_pageTitle = $_ARRAYLANG['TXT_DOWNLOADS_CATEGORIES']; $this->objTemplate->addBlockFile('DOWNLOADS_CATEGORY_TEMPLATE', 'module_downloads_categories', 'module_downloads_categories.html'); // check access permission if (!\Permission::checkAccess(143, 'static', true) && $objCategory->getReadAccessId() && !\Permission::checkAccess($objCategory->getReadAccessId(), 'dynamic', true) && $objCategory->getOwnerId() != $objFWUser->objUser->getId()) { return \Permission::noAccess(); } // get passed parameters $pos = isset($_GET['pos']) ? intval($_GET['pos']) : 0; $categoryLimitOffset = isset($_GET['category_pos']) ? intval($_GET['category_pos']) : $pos; $categoryOrderDirection = !empty($_GET['category_sort']) ? $_GET['category_sort'] : 'asc'; $categoryOrderBy = !empty($_GET['category_by']) ? $_GET['category_by'] : ''; $downloadLimitOffset = isset($_GET['download_pos']) ? intval($_GET['download_pos']) : $pos; $downloadOrderDirection = !empty($_GET['download_sort']) ? $_GET['download_sort'] : 'asc'; $downloadOrderBy = !empty($_GET['download_by']) ? $_GET['download_by'] : ''; $searchTerm = !empty($_GET['search_term']) ? $_GET['search_term'] : ''; $searchTerm = $searchTerm == $_ARRAYLANG['TXT_DOWNLOADS_SEARCH_DOWNLOAD'] ? '' : $searchTerm; // parse categories multi action if (isset($_POST['downloads_category_select_action'])) { switch ($_POST['downloads_category_select_action']) { case 'order': $this->updateCategoryOrder(isset($_POST['downloads_category_order']) && is_array($_POST['downloads_category_order']) ? $_POST['downloads_category_order'] : array()); break; case 'delete': $this->deleteCategories(isset($_POST['downloads_category_id']) && is_array($_POST['downloads_category_id']) ? $_POST['downloads_category_id'] : array(), isset($_POST['downloads_category_delete_recursive']) && $_POST['downloads_category_delete_recursive']); break; } } // process downloads multi action if (isset($_POST['downloads_download_select_action'])) { if (!\Permission::checkAccess(143, 'static', true) && $objCategory->getManageFilesAccessId() && !\Permission::checkAccess($objCategory->getManageFilesAccessId(), 'dynamic', true) && $objCategory->getOwnerId() != $objFWUser->objUser->getId()) { return \Permission::noAccess(); } switch ($_POST['downloads_download_select_action']) { case 'order': if ($objCategory->updateDownloadOrder(isset($_POST['downloads_download_order']) && is_array($_POST['downloads_download_order']) ? $_POST['downloads_download_order'] : array())) { $this->arrStatusMsg['ok'][] = $_ARRAYLANG['TXT_DOWNLOADS_DOWNLOAD_ORDER_SET_SUCCESS']; } else { $this->arrStatusMsg['error'] = array_merge($this->arrStatusMsg['error'], $objCategory->getErrorMsg()); } break; case 'unlink': $this->unlinkDownloadsFromCategory($objCategory, isset($_POST['downloads_download_id']) && is_array($_POST['downloads_download_id']) ? $_POST['downloads_download_id'] : array()); break; } } $this->objTemplate->setGlobalVariable(array('TXT_DOWNLOADS_EDIT' => $_ARRAYLANG['TXT_DOWNLOADS_EDIT'], 'TXT_DOWNLOADS_DELETE' => $_ARRAYLANG['TXT_DOWNLOADS_DELETE'])); // // check if user is allowed to add a subcategory // if (// managers are allowed to add subcategories // \Permission::checkAccess(143, 'static', true) // // the selected category must be valid to proceed future permission checks. // // this is required to protect the overview section from non-admins // || $objCategory->getId() && ( // // the category isn't protected => everyone is allowed to add subcategories // !$objCategory->getAddSubcategoriesAccessId() // // the category is protected => only those who have the sufficent permissions are allowed to add subcategories // || \Permission::checkAccess($objCategory->getAddSubcategoriesAccessId(), 'dynamic', true) // // the owner is allowed to add subcategories // || ($objFWUser = \FWUser::getFWUserObject()) && $objFWUser->objUser->login() && $objCategory->getOwnerId() == $objFWUser->objUser->getId() // ) // ) { // $this->objTemplate->setVariable(array( // 'DOWNLOADS_CATEGORY_ID' => $objCategory->getId(), // // TODO: rename // //'TXT_ADD_CATEGORY' => $_ARRAYLANG['TXT_ADD_CATEGORY'] // )); // $this->objTemplate->parse('downloads_category_add_buttom'); // } else { // $this->objTemplate->hideBlock('downloads_category_add_buttom'); // } // parse categories $this->parseCategories($objCategory, $downloadOrderBy, $downloadOrderDirection, $downloadLimitOffset, $categoryOrderBy, $categoryOrderDirection, $categoryLimitOffset); if (!$objCategory->getId()) { $this->objTemplate->setVariable('TXT_DOWNLOADS_ALL_CATEGORIES', $_ARRAYLANG['TXT_DOWNLOADS_ALL_CATEGORIES']); } // parse frontend preview link if ($objCategory->getId()) { $categoryFrontendURI = ASCMS_PATH_OFFSET . '/' . \FWLanguage::getLanguageCodeById(FRONTEND_LANG_ID) . '/' . CONTREXX_DIRECTORY_INDEX . '?section=Downloads&category=' . $objCategory->getId(); $this->objTemplate->setVariable(array('TXT_DOWNLOADS_OPEN_CATEGORY_FRONTEND' => $_ARRAYLANG['TXT_DOWNLOADS_OPEN_CATEGORY_FRONTEND'], 'DOWNLOADS_CATEGORY_FRONTEND_URI' => $categoryFrontendURI)); $this->objTemplate->parse('downloads_category_frontend_link'); } else { $this->objTemplate->hideBlock('downloads_category_frontend_link'); } // parse downloads $this->parseCategoryDownloads($objCategory, $downloadOrderBy, $downloadOrderDirection, $downloadLimitOffset, $categoryOrderBy, $categoryOrderDirection, $categoryLimitOffset, $searchTerm); $this->objTemplate->setVariable(array('DOWNLOADS_CONFIRM_UNLINK_DOWNLOAD_TXT' => preg_replace('#\\n#', '\\n', addslashes($_ARRAYLANG['TXT_DOWNLOADS_CONFIRM_UNLINK_DOWNLOAD'])))); // parse add downloads buttons if ($objCategory->getId() && (\Permission::checkAccess(143, 'static', true) || !$objCategory->getAddFilesAccessId() || \Permission::checkAccess($objCategory->getAddFilesAccessId(), 'dynamic', true))) { $this->objTemplate->setVariable(array('DOWNLOADS_CATEGORY_ID' => $objCategory->getId(), 'TXT_DOWNLOADS_ADD_NEW_DOWNLOAD_TO_CATEGORY' => sprintf($_ARRAYLANG['TXT_DOWNLOADS_ADD_NEW_DOWNLOAD_TO_CATEGORY'], htmlentities($objCategory->getName(LANG_ID), ENT_QUOTES, CONTREXX_CHARSET)), 'TXT_DOWNLOADS_ADD_DOWNLOADS_TO_CATEGORY' => sprintf($_ARRAYLANG['TXT_DOWNLOADS_ADD_DOWNLOADS_TO_CATEGORY'], htmlentities($objCategory->getName(LANG_ID), ENT_QUOTES, CONTREXX_CHARSET)), 'DOWNLOADS_DOWNLOAD_CATEGORY_SORT' => $categoryOrderDirection, 'DOWNLOADS_DOWNLOAD_CATEGORY_SORT_BY' => $categoryOrderBy, 'DOWNLOADS_DOWNLOAD_DOWNLOAD_SORT' => $downloadOrderDirection, 'DOWNLOADS_DOWNLOAD_DOWNLOAD_BY' => $downloadOrderBy, 'DOWNLOADS_DOWNLOAD_CATEGORY_OFFSET' => $categoryLimitOffset, 'DOWNLOADS_DOWNLOAD_DOWNLOAD_OFFSET' => $downloadLimitOffset)); $this->objTemplate->parse('downloads_add_downloads_button'); } else { $this->objTemplate->hideBlock('downloads_add_downloads_button'); } // parse category menu // parse category id (will be used as the parent_id when creating a new directory $this->objTemplate->setVariable(array('TXT_DOWNLOADS_CATEGORY' => $_ARRAYLANG['TXT_DOWNLOADS_CATEGORY'], 'DOWNLOADS_CATEGORY_ID' => $objCategory->getId(), 'DOWNLOADS_CATEGORY_MENU' => $this->getCategoryMenu('read', $objCategory->getId(), $_ARRAYLANG['TXT_DOWNLOADS_ALL_CATEGORIES']), 'DOWNLOADS_SEARCH_TERM' => !empty($_GET['search_term']) ? $_GET['search_term'] : $_ARRAYLANG['TXT_DOWNLOADS_SEARCH_DOWNLOAD'], 'TXT_DOWNLOADS_SEARCH_DOWNLOAD' => $_ARRAYLANG['TXT_DOWNLOADS_SEARCH_DOWNLOAD'], 'TXT_DOWNLOADS_FILTER' => $_ARRAYLANG['TXT_DOWNLOADS_FILTER'], 'TXT_DOWNLOADS_SEARCH' => $_ARRAYLANG['TXT_DOWNLOADS_SEARCH'])); return true; }
/** * delete the task * * @global array $_ARRAYLANG * @global object $objDatabase * @return true */ function deleteTask() { global $objDatabase; $id = isset($_GET['id']) ? (int) $_GET['id'] : 0; $redirect = isset($_REQUEST['redirect']) ? $_REQUEST['redirect'] : base64_encode('&act=task'); if (!empty($id)) { $objResult = $objDatabase->Execute("SELECT `added_by`,\n `assigned_to`\n FROM `" . DBPREFIX . "module_{$this->moduleNameLC}_task`\n WHERE `id` = '{$id}'\n "); if ($objResult) { list($task_edit_permission, $task_delete_permission) = $this->getTaskPermission((int) $objResult->fields['added_by'], (int) $objResult->fields['assigned_to']); if (!$task_delete_permission) { \Permission::noAccess(); } } } if (!empty($id)) { $objResult = $objDatabase->Execute("DELETE FROM " . DBPREFIX . "module_{$this->moduleNameLC}_task WHERE id = '{$id}'"); \Cx\Core\Csrf\Controller\Csrf::header("Location:index.php?cmd=" . $this->moduleName . base64_decode($redirect) . "&mes=" . base64_encode('taskDeleted')); } }
/** * Set the backend page * * @access public * @global object $objTemplate * @global array $_ARRAYLANG * * @return null */ function getPage() { global $objTemplate, $_ARRAYLANG; if (!isset($_GET['act'])) { $_GET['act'] = ''; } switch ($_GET['act']) { case 'customersearch': $this->getCustomerSearch(); break; case 'checkuseravailablity': $this->checkUserAvailablity(); break; case 'uploadProfilePhoto': $this->uploadProfilePhoto(); break; case 'updateProfileImage': $this->updateProfilePhoto(); break; case 'fileupload': $this->uploadFiles(); break; case 'getcontactdocuments': $this->getContactDocuments(); break; case 'addcontact': $this->addContact(); break; case 'getcustomers': $this->getCustomers(); break; case 'autosuggest': $this->autoSuggest(); break; case 'getdomains': $this->getCustomerDomains(); break; case 'deals': $this->dealsOverview(); break; case 'getcontacttasks': $this->getContactTasks(); break; case 'getcontactprojects': $this->getcontactprojects(); break; case 'getcontactdeals': $this->getContactDeals(); break; case 'deleteContacts': $this->deleteContacts(); break; case 'getlinkcontacts': $this->getLinkContacts(); break; case 'customertooltipdetail': $this->customerTooltipDetail(); break; case 'notesdetail': $this->notesDetail(); break; case 'changecontactstatus': $this->changeCustomerContactStatus(); break; case 'exportvcf': $this->exportVcf(); break; case 'changecustomerstatus': $this->changeCustomerStatus(); break; case 'deleteCustomers': $this->deleteCustomers(); break; case 'customersChangeStatus': $this->customersChangeStatus(); break; case 'mailtemplate_overview': case 'mailtemplate_edit': $_GET['tpl'] = 'mail'; case 'settings': \Permission::checkAccess($this->adminAccessId, 'static'); $this->settingsSubmenu(); break; case 'managecontact': $this->_modifyContact(); break; case 'deleteCurrency': $this->deleteCurrency(); break; case 'editcurrency': $this->editCurrency(); break; case 'noteschangestatus': $this->notesChangeStatus(); break; case 'deleteCustomerTypes': $this->deleteCustomerTypes(); break; case 'moveDocument': $this->moveDocumentToTarget(); break; case 'getImportFilename': $this->getImportFilename(); break; case 'export': $this->csvExport(); break; case 'InsertCSV': $this->InsertCSV(); break; case 'task': $this->showTasks(); break; case 'checkAccountId': $this->checkAccountId(); break; case 'customers': default: if (\Permission::checkAccess($this->customerAccessId, 'static', true)) { $this->showCustomers(); } else { $this->checkCustomerIdentity(); \Permission::noAccess(); } break; } $objTemplate->setVariable(array('CONTENT_TITLE' => isset($_SESSION['pageTitle']) ? $_SESSION['pageTitle'] : $this->_pageTitle, 'CONTENT_OK_MESSAGE' => isset($_SESSION['strOkMessage']) ? $_SESSION['strOkMessage'] : $this->_strOkMessage, 'CONTENT_STATUS_MESSAGE' => isset($_SESSION['strErrMessage']) ? $_SESSION['strErrMessage'] : $this->_strErrMessage, 'CONTENT_WARNING_MESSAGE' => isset($_SESSION['strWarMessage']) ? $_SESSION['strWarMessage'] : $this->_strWarMessage, 'ADMIN_CONTENT' => $this->_objTpl->get())); unset($_SESSION['pageTitle']); unset($_SESSION['strOkMessage']); unset($_SESSION['strErrMessage']); unset($_SESSION['strWarMessage']); }