/**
* Check a security token.
*
* Checks the POST and GET data for a security token, if one exists, validates
* that it's for this user and URL. If the token is not valid, it asks the user
* to re-authenticate and resends the request if authentication was successful.
*
* @return boolean true if the token is valid; does not return if not!
*
*/
function SEC_checkToken()
{
global $_CONF, $LANG20, $LANG_ADMIN;
if (_sec_checkToken()) {
SEC_createToken(-1);
return true;
}
// determine the destination of this request
$destination = COM_getCurrentURL();
// validate the destination is not blank and is part of our site...
if ($destination == '') {
$destination = $_CONF['site_url'] . '/index.php';
}
if (substr($destination, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) {
$destination = $_CONF['site_url'] . '/index.php';
}
$method = strtoupper($_SERVER['REQUEST_METHOD']) == 'GET' ? 'GET' : 'POST';
$postdata = serialize($_POST);
$getdata = serialize($_GET);
$filedata = '';
if (!empty($_FILES)) {
foreach ($_FILES as $key => $file) {
if (is_array($file['name'])) {
foreach ($file['name'] as $offset => $filename) {
if (!empty($file['name'][$offset])) {
$filename = basename($file['tmp_name'][$offset]);
move_uploaded_file($file['tmp_name'][$offset], $_CONF['path_data'] . 'temp/' . $filename);
$_FILES[$key]['tmp_name'][$offset] = $filename;
}
}
} else {
if (!empty($file['name']) && !empty($file['tmp_name'])) {
$filename = basename($file['tmp_name']);
move_uploaded_file($file['tmp_name'], $_CONF['path_data'] . 'temp/' . $filename);
$_FILES[$key]['tmp_name'] = $filename;
}
}
}
$filedata = serialize($_FILES);
}
SESS_setVar('glfusion.auth.method', $method);
SESS_setVar('glfusion.auth.dest', $destination);
SESS_setVar('glfusion.auth.post', $postdata);
SESS_setVar('glfusion.auth.get', $getdata);
if (!empty($filedata)) {
SESS_setVar('glfusion.auth.file', $filedata);
}
$display = COM_siteHeader();
$display .= SEC_tokenreauthForm('', $destination);
$display .= COM_siteFooter();
echo $display;
exit;
}
function SP_toggleStatus($enabledstaticpages, $sp_idarray)
{
global $_TABLES, $_DB_table_prefix;
if (!_sec_checkToken(1)) {
$retval['statusMessage'] = 'Invalid security token. Please refresh the page.';
$retval['errorCode'] = 1;
} else {
if (isset($sp_idarray) && is_array($sp_idarray)) {
foreach ($sp_idarray as $sp_id => $junk) {
$sp_id = COM_applyFilter($sp_id);
if (isset($enabledstaticpages[$sp_id])) {
DB_query("UPDATE {$_TABLES['staticpage']} SET sp_status = '1' WHERE sp_id = '" . DB_escapeString($sp_id) . "'");
} else {
DB_query("UPDATE {$_TABLES['staticpage']} SET sp_status = '0' WHERE sp_id = '" . DB_escapeString($sp_id) . "'");
}
}
}
PLG_itemSaved($sp_id, 'staticpages');
CTL_clearCache();
$retval['statusMessage'] = 'StaticPage state has been toggled.';
$retval['errorCode'] = 0;
$return["json"] = json_encode($retval);
echo json_encode($return);
}
}