function show($view, $loc = null, $title = '')
{
if (exponent_permissions_check('administrate', $loc) || exponent_permissions_check('create', $loc) || exponent_permissions_check('edit', $loc) || exponent_permissions_check('delete', $loc)) {
$template = new template('HTMLTemplateModule', $view, $loc);
$template->assign('noupload', 0);
$template->assign('uploadError', '');
if (!defined('SYS_FILES')) {
include_once BASE . 'subsystems/files.php';
}
$directory = 'files/HTMLTemplateModule/' . $loc->src;
if (!file_exists(BASE . $directory)) {
$err = exponent_files_makeDirectory($directory);
if ($err != SYS_FILES_SUCCESS) {
$template->assign('noupload', 1);
$template->assign('uploadError', $err);
}
}
global $db;
$templates = $db->selectObjects('htmltemplate');
for ($i = 0; $i < count($templates); $i++) {
$assocs = $db->selectObjects('htmltemplateassociation', 'template_id=' . $templates[$i]->id);
if (count($assocs) == 1 && $assocs[0]->global == 1) {
$templates[$i]->global_assoc = 1;
} else {
$templates[$i]->global_assoc = 0;
$templates[$i]->associations = $assocs;
}
}
$template->assign('moduletitle', $title);
$template->assign('templates', $templates);
$template->register_permissions(array('administrate', 'create', 'edit', 'delete'), exponent_core_makeLocation('HTMLTemplateModule'));
$template->output();
}
}
function register_permissions($perms, $locs)
{
$permissions_register = array();
if (!is_array($perms)) {
$perms = array($perms);
}
if (!is_array($locs)) {
$locs = array($locs);
}
foreach ($perms as $perm) {
foreach ($locs as $loc) {
$permissions_register[$perm] = exponent_permissions_check($perm, $loc) ? 1 : 0;
}
}
$this->tpl->assign('permissions', $permissions_register);
}
##################################################
#
# Copyright (c) 2004-2006 OIC Group, Inc.
# Written and Designed by James Hunt
#
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
if (!defined('EXPONENT')) {
exit('');
}
$info = $db->selectObject($_POST['datatype'] . "_wf_info", "real_id=" . intval($_POST['id']));
$object = $db->selectObject($_POST['datatype'] . "_wf_revision", "wf_original=" . intval($_POST['id']) . " AND wf_major=" . $info->current_major . " AND wf_minor=" . $info->current_minor);
$state = unserialize($object->wf_state_data);
$rloc = unserialize($object->location_data);
if (exponent_permissions_check("approve", $rloc) || $user && $user->id == $state[0][0]) {
if (!defined('SYS_WORKFLOW')) {
include_once BASE . 'subsystems/workflow.php';
}
exponent_workflow_processApproval(intval($_POST['id']), $_POST['datatype'], SYS_WORKFLOW_APPROVE_DENY, $_POST['wf_comment']);
} else {
echo SITE_403_HTML;
}
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
// Part of the User Management category
if (!defined('EXPONENT')) {
exit('');
}
if (exponent_permissions_check('user_management', exponent_core_makeLocation('AdministrationModule'))) {
exponent_flow_set(SYS_FLOW_PROTECTED, SYS_FLOW_ACTION);
$db->delete('sessionticket', 'last_active < ' . (time() - SESSION_TIMEOUT));
if (!defined('SYS_USERS')) {
require_once BASE . 'subsystems/users.php';
}
if (!defined('SYS_DATETIME')) {
require_once BASE . 'subsystems/datetime.php';
}
$sessions = $db->selectObjects('sessionticket');
for ($i = 0; $i < count($sessions); $i++) {
$sessions[$i]->user = exponent_users_getUserById($sessions[$i]->uid);
$sessions[$i]->duration = exponent_datetime_duration($sessions[$i]->last_active, $sessions[$i]->start_time);
}
$template = new template('AdministrationModule', '_sessionmanager', $loc);
$template->assign('sessions', $sessions);
<?php
##################################################
#
# Copyright (c) 2004-2006 OIC Group, Inc.
# Written and Designed by James Hunt
#
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
// Part of the Configuration category
if (!defined('EXPONENT')) {
exit('');
}
if (exponent_permissions_check('configuration', exponent_core_makeLocation('AdministrationModule'))) {
if (!defined('SYS_CONFIG')) {
require_once BASE . 'subsystems/config.php';
}
exponent_config_deleteProfile($_GET['configname']);
exponent_flow_redirect();
} else {
echo SITE_403_HTML;
}
<?php
##################################################
#
# Copyright (c) 2004-2006 OIC Group, Inc.
# Written and Designed by James Hunt
#
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
if (!defined('EXPONENT')) {
exit('');
}
if (exponent_permissions_check('workflow', exponent_core_makeLocation('administrationmodule'))) {
$db->switchValues('workflowaction', 'rank', intval($_GET['a']), intval($_GET['b']), "policy_id='" . intval($_GET['policy_id']) . "' AND type=" . $_GET['type']);
exponent_flow_redirect();
} else {
echo SITE_403_HTML;
}
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
if (!defined('EXPONENT')) {
exit('');
}
$loc = exponent_core_makeLocation('sharedcoremodule');
if (exponent_permissions_check('manage_core', $loc) || exponent_permissions_check('manage_site', $loc)) {
$site = null;
if (isset($_GET['id'])) {
$site = $db->selectObject('sharedcore_site', 'id=' . intval($_GET['id']));
}
if ($site) {
if ($site->inactive == 0) {
$core = $db->selectObject('sharedcore_core', 'id=' . $site->core_id);
if ($core) {
if (!defined('SYS_SHAREDCORE')) {
include_once BASE . 'subsystems/sharedcore.php';
}
exponent_sharedcore_clear($site->path);
// Not full
exponent_sharedcore_setup($core, $site);
$extensions = array(CORE_EXT_MODULE => array(), CORE_EXT_SUBSYSTEM => array(), CORE_EXT_THEME => array());
#
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
if (!defined("EXPONENT")) {
exit("");
}
exponent_flow_set(SYS_FLOW_PROTECTED, SYS_FLOW_ACTION);
$news = $db->selectObject("newsitem", "id=" . intval($_GET['id']));
if ($news != null) {
$loc = unserialize($news->location_data);
$iloc = $loc;
$iloc->int = $news->id;
$news->permissions = array("edit_item" => exponent_permissions_check("edit_item", $loc) || exponent_permissions_check("edit_item", $iloc) ? 1 : 0, "delete_item" => exponent_permissions_check("delete_item", $loc) || exponent_permissions_check("delete_item", $iloc) ? 1 : 0, "administrate" => exponent_permissions_check("administrate", $loc) || exponent_permissions_check("administrate", $iloc) ? 1 : 0);
$news->real_posted = $news->publish != 0 ? $news->publish : $news->posted;
$view = isset($_GET['view']) ? $_GET['view'] : "_viewSingle";
$template = new template("newsmodule", $view, $loc);
$template->assign("newsitem", $news);
$template->assign("loc", $loc);
$template->output();
} else {
echo SITE_404_HTML;
}
#
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
if (!defined('EXPONENT')) {
exit('');
}
$t = null;
$loc = exponent_core_makeLocation('htmltemplatemodule');
if (isset($_POST['id'])) {
$t = $db->selectObject('htmltemplate', 'id=' . intval($_POST['id']));
}
if (!$t && exponent_permissions_check('create', $loc) || $t && exponent_permissions_check('edit', $loc)) {
$t = htmltemplate::update($_POST, $t);
if (isset($t->id)) {
$db->updateObject($t, 'htmltemplate');
} else {
$db->insertObject($t, 'htmltemplate');
}
exponent_flow_redirect();
} else {
echo SITE_403_HTML;
}
function show($view, $loc = null, $title = '')
{
global $db, $user;
$config = $db->selectObject('newsmodule_config', "location_data='" . serialize($loc) . "'");
if ($config == null) {
$config->sortorder = 'ASC';
$config->sortfield = 'posted';
$config->item_limit = 10;
}
// Check permissions for AP link
$canviewapproval = false;
if ($user) {
$canviewapproval = exponent_permissions_check('approve', $loc) || exponent_permissions_check('manage_approval', $loc);
}
if (!$canviewapproval) {
// still not able to view
foreach ($db->selectObjects('newsitem', "location_data='" . serialize($loc) . "' AND (publish = 0 or publish <= " . time() . ") AND (unpublish = 0 or unpublish > " . time() . ') AND approved != 0') as $post) {
if ($user && $user->id == $post->poster) {
$canviewapproval = true;
break;
}
}
}
$template = new template('newsmodule', $view, $loc);
$template->assign('moduletitle', $title);
$template->register_permissions(array('administrate', 'configure', 'add_item', 'delete_item', 'edit_item', 'manage_approval', 'view_unpublished'), $loc);
$news = $db->selectObjects('newsitem', "location_data='" . serialize($loc) . "' AND (publish = 0 or publish <= " . time() . ') AND (unpublish = 0 or unpublish > ' . time() . ') AND approved != 0 ORDER BY ' . $config->sortfield . ' ' . $config->sortorder . $db->limit($config->item_limit, 0));
for ($i = 0; $i < count($news); $i++) {
$news[$i]->real_posted = $news[$i]->publish != 0 ? $news[$i]->publish : $news[$i]->posted;
$nloc = exponent_core_makeLocation($loc->mod, $loc->src, $news[$i]->id);
$news[$i]->permissions = array('edit_item' => exponent_permissions_check('edit_item', $loc) || exponent_permissions_check('edit_item', $nloc) ? 1 : 0, 'delete_item' => exponent_permissions_check('delete_item', $loc) || exponent_permissions_check('delete_item', $nloc) ? 1 : 0, 'administrate' => exponent_permissions_check('administrate', $loc) || exponent_permissions_check('administrate', $nloc) ? 1 : 0);
}
// EVIL WORKFLOW
$in_approval = $db->countObjects('newsitem_wf_info', "location_data='" . serialize($loc) . "'");
$template->assign('canview_approval_link', $canviewapproval);
$template->assign('in_approval', $in_approval);
$template->assign('news', $news);
$template->assign('morenews', count($news) < $db->countObjects('newsitem', "location_data='" . serialize($loc) . "' AND (publish = 0 or publish <= " . time() . ') AND (unpublish = 0 or unpublish > ' . time() . ') AND approved != 0'));
$template->output();
}
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
// Part of the HTMLArea category
if (!defined('EXPONENT')) {
exit('');
}
if (exponent_permissions_check('htmlarea', exponent_core_makeLocation('AdministrationModule'))) {
$config = null;
if (isset($_POST['id'])) {
$config = $db->selectObject('toolbar_' . SITE_WYSIWYG_EDITOR, 'id=' . intval($_POST['id']));
}
$config->name = $_POST['config_name'];
$config->data = $_POST['config'];
if (isset($_POST['config_activate'])) {
$active = $db->selectObject('toolbar_' . SITE_WYSIWYG_EDITOR, 'active=1');
$active->active = 0;
$db->updateObject($active, 'toolbar_' . SITE_WYSIWYG_EDITOR);
$config->active = 1;
}
if (isset($config->id)) {
$db->updateObject($config, 'toolbar_' . SITE_WYSIWYG_EDITOR);
} else {
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
if (!defined('EXPONENT')) {
exit('');
}
$i18n = exponent_lang_loadFile('modules/formbuilder/actions/save_form.php');
if (!defined('SYS_FORMS')) {
include_once BASE . 'subsystems/forms.php';
}
exponent_forms_initialize();
$f = null;
if (isset($_POST['id'])) {
$f = $db->selectObject('formbuilder_form', 'id=' . intval($_POST['id']));
}
if (exponent_permissions_check('editform', unserialize($f->location_data))) {
$f = formbuilder_form::update($_POST, $f);
$f->table_name = formbuilder_form::updateTable($f);
if (isset($f->id)) {
$db->updateObject($f, 'formbuilder_form');
} else {
$f->location_data = serialize(exponent_core_makeLocation($_POST['m'], $_POST['s'], $_POST['i']));
$f->id = $db->insertObject($f, 'formbuilder_form');
//Create Default Report;
$rpt->name = $i18n['default_report'];
$rpt->description = $i18n['auto_generated'];
$rpt->location_data = $f->location_data;
$rpt->text = '';
$rpt->column_names = '';
$rpt->form_id = $f->id;
$db->insertObject($rpt, 'formbuilder_report');
# Written and Designed by James Hunt
#
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
if (!defined('EXPONENT')) {
exit('');
}
// Sanitize required _GET parameters
$_GET['id'] = intval($_GET['id']);
$_GET['datatype'] = preg_replace('/[^A-Za-z0-9_]/', '', $_GET['datatype']);
$info = $db->selectObject($_GET['datatype'] . "_wf_info", "real_id=" . $_GET['id']);
$object = $db->selectObject($_GET['datatype'] . "_wf_revision", "wf_original=" . $_GET['id'] . " AND wf_major=" . $info->current_major . " AND wf_minor=" . $info->current_minor);
$state = unserialize($object->wf_state_data);
$rloc = unserialize($object->location_data);
if (exponent_permissions_check("manage_approval", $rloc)) {
if (!defined('SYS_WORKFLOW')) {
include_once BASE . 'subsystems/workflow.php';
}
exponent_workflow_deleteRevisionPath($_GET['datatype'], $_GET['id']);
} else {
echo SITE_403_HTML;
}
function show($view, $loc, $title = '')
{
if (!defined('SYS_FILES')) {
require_once BASE . 'subsystems/files.php';
}
$template = new template('ResourceModule', $view, $loc);
$directory = 'files/ResourceModule/' . $loc->src;
if (!file_exists(BASE . $directory)) {
$err = exponent_files_makeDirectory($directory);
if ($err != SYS_FILES_SUCCESS) {
$template->assign('noupload', 1);
$template->assign('uploadError', $err);
}
}
global $db;
$location = serialize($loc);
if (!isset($_SESSION['resource_cache'][$location])) {
$resources = $db->selectObjects('resourceitem', "location_data='" . serialize($loc) . "'");
$_SESSION['resource_cache'][$location] = $resources;
} else {
$resources = $_SESSION['resource_cache'][$location];
}
$iloc = exponent_core_makeLocation($loc->mod, $loc->src);
for ($i = 0; $i < count($resources); $i++) {
$iloc->int = $resources[$i]->id;
$resources[$i]->permissions = array('administrate' => exponent_permissions_check('administrate', $iloc), 'edit' => exponent_permissions_check('edit', $iloc), 'delete' => exponent_permissions_check('delete', $iloc));
}
if (!defined('SYS_SORTING')) {
require_once BASE . 'subsystems/sorting.php';
}
usort($resources, 'exponent_sorting_byRankAscending');
$rfiles = array();
foreach ($db->selectObjects('file', "directory='{$directory}'") as $file) {
$file->mimetype = $db->selectObject('mimetype', "mimetype='" . $file->mimetype . "'");
$rfiles[$file->id] = $file;
}
$template->assign('moduletitle', $title);
$template->assign('resources', $resources);
$template->assign('files', $rfiles);
$template->register_permissions(array('administrate', 'configure', 'post', 'edit', 'delete'), $loc);
$template->output($view);
}
#
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
if (!defined('EXPONENT')) {
exit('');
}
if (isset($_POST['id'])) {
$textitem = $db->selectObject('textitem', 'id=' . intval($_POST['id']));
if ($textitem) {
$loc = unserialize($textitem->location_data);
}
}
if (exponent_permissions_check('edit', $loc)) {
$textitem = textitem::update($_POST, $textitem);
$textitem->location_data = serialize($loc);
if (!defined('SYS_WORKFLOW')) {
include_once BASE . 'subsystems/workflow.php';
}
exponent_workflow_post($textitem, 'textitem', $loc);
} else {
echo SITE_403_HTML;
}
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
if (!defined("EXPONENT")) {
exit("");
}
$item = null;
$iloc = null;
if (isset($_POST['id'])) {
$item = $db->selectObject("calendar", "id=" . intval($_POST['id']));
$loc = unserialize($item->location_data);
$iloc = exponent_core_makeLocation($loc->mod, $loc->src, $item->id);
}
if ($item == null && exponent_permissions_check("post", $loc) || $item != null && exponent_permissions_check("edit", $loc) || $iloc != null && exponent_permissions_check("edit", $iloc)) {
$item = calendar::update($_POST, $item);
$item->location_data = serialize($loc);
if (isset($_POST['category'])) {
$item->category_id = $_POST['category'];
} else {
$item->category_id = 0;
}
//Check to see if the feedback form is enabled and/or being used for this event.
if (isset($_POST['feedback_form'])) {
$item->feedback_form = $_POST['feedback_form'];
$item->feedback_email = $_POST['feedback_email'];
} else {
$item->feedback_form = "";
$item->feedback_email = "";
}
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
if (!defined('EXPONENT')) {
exit('');
}
$contact = null;
$iloc = null;
if (isset($_GET['id'])) {
$contact = $db->selectObject('addressbook_contact', 'id=' . intval($_GET['id']));
if ($contact) {
$loc = unserialize($contact->location_data);
$iloc = exponent_core_makeLocation($loc->mod, $loc->src, $contact->id);
}
}
// FIXME: Replace with better use of getLocationHierarchy
if ($contact == null && exponent_permissions_check('post', $loc) || $contact != null && exponent_permissions_check('edit', $loc) || $iloc != null && exponent_permissions_check('edit', $iloc)) {
$form = addressbook_contact::form($contact);
$form->location($loc);
$form->meta('action', 'save');
$template = new template('addressbookmodule', '_form_edit', $loc);
$template->assign('form_html', $form->toHTML());
$template->assign('is_edit', $contact == null ? 0 : 1);
$template->output();
} else {
echo SITE_403_HTML;
}
if (!defined('SYS_FORMS')) {
include_once BASE . 'subsystems/forms.php';
}
if (!defined('SYS_USERS')) {
include_once BASE . 'subsystems/users.php';
}
exponent_forms_initialize();
// Sanitize required _GET variables.
$_GET['id'] = intval($_GET['id']);
$_GET['form_id'] = intval($_GET['form_id']);
$f = $db->selectObject('formbuilder_form', 'id=' . $_GET['form_id']);
$controls = $db->selectObjects('formbuilder_control', 'form_id=' . $f->id . ' and is_readonly=0 and is_static = 0');
$data = $db->selectObject('formbuilder_' . $f->table_name, 'id=' . $_GET['id']);
$rpt = $db->selectObject('formbuilder_report', 'form_id=' . $_GET['form_id']);
if ($f && $controls && $data && $rpt) {
if (exponent_permissions_check('viewdata', unserialize($f->location_data))) {
if (!defined('SYS_SORTING')) {
include_once BASE . 'subsystems/sorting.php';
}
usort($controls, 'exponent_sorting_byRankAscending');
$fields = array();
$captions = array();
foreach ($controls as $c) {
$ctl = unserialize($c->data);
$control_type = get_class($ctl);
$name = $c->name;
$fields[$name] = call_user_func(array($control_type, 'templateFormat'), $data->{$name}, $ctl);
$captions[$name] = $c->caption;
}
$captions['ip'] = $i18n['ip'];
$captions['timestamp'] = $i18n['timestamp'];
function exponent_permissions_check($permission, $location)
{
global $exponent_permissions_r, $user;
if ($user) {
if ($user->is_acting_admin == 1) {
return true;
}
if (exponent_permissions_getSourceUID($location->src) == $user->id) {
return true;
}
}
if (!is_array($permission)) {
$permission = array($permission);
}
$has_perm = false;
if (is_callable(array($location->mod, "getLocationHierarchy"))) {
foreach (call_user_func(array($location->mod, "getLocationHierarchy"), $location) as $loc) {
foreach ($permission as $perm) {
if (isset($exponent_permissions_r[$loc->mod][$loc->src][$loc->int][$perm])) {
$has_perm = true;
break;
}
}
}
} else {
foreach ($permission as $perm) {
if (isset($exponent_permissions_r[$location->mod][$location->src][$location->int][$perm])) {
$has_perm = true;
break;
}
}
}
if (!$has_perm && $location->mod != 'NavigationModule') {
global $db;
foreach ($db->selectObjects('sectionref', "is_original=1 AND module='" . $location->mod . "' AND source='" . $location->src . "'") as $secref) {
if (exponent_permissions_check('manage', exponent_core_makeLocation('NavigationModule', '', $secref->section))) {
$has_perm = true;
break;
}
}
}
return $has_perm;
}
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
if (!defined('EXPONENT')) {
exit('');
}
$contact = null;
if (isset($_GET['id'])) {
// Sanitize required _GET variable, to protect against injection attacks
$contact = $db->selectObject('addressbook_contact', 'id=' . intval($_GET['id']));
}
if ($contact) {
$loc = unserialize($contact->location_data);
$iloc = exponent_core_makeLocation($loc->mod, $loc->src, $contact->id);
if (exponent_permissions_check('delete', $loc) || exponent_permissions_check('delete', $iloc)) {
$db->delete('addressbook_contact', 'id=' . $contact->id);
exponent_flow_redirect(SYS_FLOW_SECTIONAL);
} else {
echo SITE_403_HTML;
}
} else {
echo SITE_404_HTML;
}
function canView($section)
{
global $db;
if ($section->public == 0) {
// Not a public section. Check permissions.
return exponent_permissions_check('view', exponent_core_makeLocation('NavigationModule', '', $section->id));
} else {
// Is public. check parents.
if ($section->parent <= 0) {
// Out of parents, and since we are still checking, we haven't hit a private section.
return true;
} else {
$s = $db->selectObject('section', 'id=' . $section->parent);
return NavigationModule::canView($s);
}
}
}
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
// Part of the User Management category
if (!defined('EXPONENT')) {
exit('');
}
if (isset($_GET['id']) && exponent_permissions_check('user_management', exponent_core_makeLocation('administrationmodule'))) {
if (!defined('SYS_USERS')) {
require_once BASE . 'subsystems/users.php';
}
$u = exponent_users_getUserById(intval($_GET['id']));
if ($u) {
$groups = exponent_users_getAllGroups();
$admin = array();
$membership = array();
foreach ($db->selectObjects('groupmembership', 'member_id=' . $u->id) as $m) {
$membership[] = $m->group_id;
if ($m->is_admin == 1) {
$admin[] = $m->group_id;
}
}
for ($i = 0; $i < count($groups); $i++) {
# Copyright (c) 2004-2006 OIC Group, Inc.
# Written and Designed by James Hunt
#
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
if (!defined('EXPONENT')) {
exit('');
}
if (exponent_permissions_check('database', exponent_core_makeLocation('AdministrationModule'))) {
$exporters = array();
$idh = opendir(BASE . 'modules/exporter/exporters');
while (($imp = readdir($idh)) !== false) {
if (substr($imp, 0, 1) != '.' && is_readable(BASE . 'modules/exporter/exporters/' . $imp . '/start.php') && is_readable(BASE . 'modules/exporter/exporters/' . $imp . '/info.php')) {
$exporters[$imp] = (include BASE . 'modules/exporter/exporters/' . $imp . '/info.php');
}
}
$template = new template('exporter', '_exporters');
$template->assign('exporters', $exporters);
$template->output();
} else {
echo SITE_403_HTML;
}
function show($view, $loc = null, $title = '')
{
$template = new template('WeblogModule', $view, $loc);
global $db;
global $user;
$user_id = $user ? $user->id : -1;
$config = $db->selectObject('WeblogModule_config', "location_data='" . serialize($loc) . "'");
if ($config == null) {
$config->allow_comments = 1;
$config->items_per_page = 10;
}
$viewconfig = array('type' => 'default');
if (is_readable($template->viewdir . "/{$view}.config")) {
$viewconfig = (include $template->viewdir . "/{$view}.config");
}
$where = '(is_draft = 0 OR poster = ' . $user_id . ") AND location_data='" . serialize($loc) . "'";
if (!exponent_permissions_check('view_private', $loc)) {
$where .= ' AND is_private = 0';
}
if ($viewconfig['type'] == 'monthlist') {
$months = array();
$min_date = $db->min('weblog_post', 'posted', 'location_data', $where);
$max_date = $db->max('weblog_post', 'posted', 'location_data', $where);
$months = array();
if (!defined('SYS_DATETIME')) {
require_once BASE . 'subsystems/datetime.php';
}
$start_month = exponent_datetime_startOfMonthTimestamp($min_date);
$end_month = exponent_datetime_endOfMonthTimestamp($min_date) + 86399;
do {
$count = $db->countObjects('weblog_post', $where . ' AND posted >= ' . $start_month . ' AND posted <= ' . $end_month);
if ($count) {
$months[$start_month] = $count;
}
$start_month = $end_month + 1;
$end_month = exponent_datetime_endOfMonthTimestamp($start_month) + 86399;
} while ($start_month < $max_date);
$template->assign('months', array_reverse($months, true));
} else {
if ($viewconfig['type'] == 'calendar') {
if (!defined('SYS_DATETIME')) {
require_once BASE . 'subsystems/datetime.php';
}
$month_days = exponent_datetime_monthlyDaysTimestamp(time());
for ($i = 0; $i < count($month_days); $i++) {
foreach ($month_days[$i] as $mday => $timestamp) {
if ($mday > 0) {
// Got a valid one. Go with it.
$month_days[$i][$mday] = array('number' => $db->countObjects('weblog_post', $where . ' AND posted >= ' . $timestamp . ' AND posted < ' . strtotime('+1 day', $timestamp)), 'ts' => $timestamp);
}
}
}
$template->assign('days', $month_days);
$template->assign('now', time());
} else {
$total = $db->countObjects('weblog_post', $where);
$posts = $db->selectObjects('weblog_post', $where . ' ORDER BY posted DESC ' . $db->limit($config->items_per_page, 0));
if (!defined('SYS_SORTING')) {
require_once BASE . 'subsystems/sorting.php';
}
for ($i = 0; $i < count($posts); $i++) {
$ploc = exponent_core_makeLocation($loc->mod, $loc->src, $posts[$i]->id);
$posts[$i]->permissions = array('administrate' => exponent_permissions_check('administrate', $ploc), 'edit' => exponent_permissions_check('edit', $ploc), 'delete' => exponent_permissions_check('delete', $ploc), 'comment' => exponent_permissions_check('comment', $ploc), 'edit_comments' => exponent_permissions_check('edit_comments', $ploc), 'delete_comments' => exponent_permissions_check('delete_comments', $ploc), 'view_private' => exponent_permissions_check('view_private', $ploc));
$comments = $db->selectObjects('weblog_comment', 'parent_id=' . $posts[$i]->id);
usort($comments, 'exponent_sorting_byPostedDescending');
$posts[$i]->comments = $comments;
}
usort($posts, 'exponent_sorting_byPostedDescending');
$template->assign('posts', $posts);
$template->assign('total_posts', $total);
}
}
$template->register_permissions(array('administrate', 'configure', 'post', 'edit', 'delete', 'comment', 'edit_comments', 'delete_comments', 'view_private'), $loc);
$template->assign('config', $config);
$template->assign('moduletitle', $title);
$template->output();
}
<?php
##################################################
#
# Copyright (c) 2004-2006 OIC Group, Inc.
# Written and Designed by James Hunt
#
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
// Part of the Administration Control Panel : Files Subsystem category
if (!defined('EXPONENT')) {
exit('');
}
if (exponent_permissions_check('files_subsystem', exponent_core_makeLocation('AdministrationModule'))) {
exponent_flow_set(SYS_FLOW_PROTECTED, SYS_FLOW_ACTION);
$template = new template('filemanager', '_mimetypes', $loc);
$template->assign('types', $db->selectObjects('mimetype'));
$template->output();
} else {
echo SITE_403_HTML;
}
if ($config == null) {
$config->allow_comments = 1;
$config->items_per_page = 10;
}
if (isset($_GET['single'])) {
$config->items_per_page = 1;
}
$where = "location_data='" . serialize($loc) . "' AND (is_draft = 0 OR poster = " . ($user ? $user->id : -1) . ")";
if (!exponent_permissions_check('view_private', $loc)) {
$where .= ' AND is_private = 0';
}
$total = $db->countObjects('weblog_post', $where);
$posts = $db->selectObjects('weblog_post', $where . ' ORDER BY posted DESC ' . $db->limit($config->items_per_page, $_GET['page'] * $config->items_per_page));
if (!defined('SYS_SORTING')) {
require_once BASE . 'subsystems/sorting.php';
}
for ($i = 0; $i < count($posts); $i++) {
$ploc = exponent_core_makeLocation($loc->mod, $loc->src, $posts[$i]->id);
$posts[$i]->permissions = array('administrate' => exponent_permissions_check('administrate', $ploc), 'edit' => exponent_permissions_check('edit', $ploc), 'delete' => exponent_permissions_check('delete', $ploc), 'comment' => exponent_permissions_check('comment', $ploc), 'edit_comments' => exponent_permissions_check('edit_comments', $ploc), 'delete_comments' => exponent_permissions_check('delete_comments', $ploc), 'view_private' => exponent_permissions_check('view_private', $ploc));
$comments = $db->selectObjects('weblog_comment', 'parent_id=' . $posts[$i]->id);
usort($comments, 'exponent_sorting_byPostedDescending');
$posts[$i]->comments = $comments;
}
usort($posts, 'exponent_sorting_byPostedDescending');
$template->assign('posts', $posts);
$template->assign('total_posts', $total);
$template->assign('shownext', ($_GET['page'] + 1) * $config->items_per_page < $total);
$template->assign('page', $_GET['page']);
$template->register_permissions(array('administrate', 'configure', 'post', 'edit', 'delete', 'comment', 'edit_comments', 'delete_comments', 'view_private'), $loc);
$template->assign('config', $config);
$template->output();
exit('');
}
$check_id = -1;
$section = null;
$old_parent = null;
if (isset($_POST['id'])) {
// Saving an existing content page. Read it from the database.
$section = $db->selectObject('section', 'id=' . intval($_POST['id']));
if ($section) {
$old_parent = $section->parent;
$check_id = $section->id;
}
} else {
$check_id = $_POST['parent'];
}
if ($check_id != -1 && exponent_permissions_check('manage', exponent_core_makeLocation('NavigationModule', '', $check_id))) {
$i18n = exponent_lang_loadFile('modules/NavigationModule/actions/save_internalalias.php');
// Update the section from the _POST data.
$section = section::updateInternalAlias($_POST, $section);
if ($section->active == 0) {
// User tried to link to an inactive section. This makes little or no sense in
// this context, so throw them back to the edit form, with an error message.
$_POST['_formError'] = $i18n['internal_link_err'];
exponent_sessions_set('last_POST', $_POST);
header('Location: ' . $_SERVER['HTTP_REFERER']);
exit('');
}
if (isset($section->id)) {
if ($section->parent != $old_parent) {
// Old_parent id was different than the new parent id. Need to decrement the ranks
// of the old children (after ours), and then add
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
// Part of the Administration Control Panel : Extensions category
if (!defined('EXPONENT')) {
exit('');
}
if (exponent_permissions_check('extensions', exponent_core_makeLocation('administrationmodule'))) {
if (!defined('SYS_INFO')) {
require_once BASE . 'subsystems/info.php';
}
$files = exponent_info_files($_GET['type'], $_GET['name']);
if (is_array($files)) {
ksort($files);
}
$template = new template('info', '_checksums', $loc);
if (is_array($files)) {
$actual = exponent_info_fileChecksums($files);
foreach (array_keys($files) as $f) {
if (is_int($files[$f])) {
$files[$f] = "";
}
}
#
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
if (!defined('EXPONENT')) {
exit('');
}
if (exponent_permissions_check('manage_core', exponent_core_makeLocation('sharedcoremodule'))) {
$core = null;
if (isset($_GET['id'])) {
$core = $db->selectObject('sharedcore_core', 'id=' . intval($_GET['id']));
}
if ($core) {
$db->delete('sharedcore_core', 'id=' . $core->id);
if (!defined('SYS_SHAREDCORE')) {
include_once BASE . 'subsystems/sharedcore.php';
}
foreach ($db->selectObjects('sharedcore_site', 'core_id=' . $core->id) as $site) {
$db->delete('sharedcore_extension', 'site_id=' . $site->id);
exponent_sharedcore_clear($site->path, true);
}
$db->delete('sharedcore_site', 'core_id=' . $core->id);
exponent_flow_redirect();
$db_data = null;
$fields = array();
$captions = array();
foreach ($controls as $c) {
$ctl = unserialize($c->data);
$control_type = get_class($ctl);
$def = call_user_func(array($control_type, "getFieldDefinition"));
if ($def != null) {
$value = call_user_func(array($control_type, 'parseData'), $c->name, $_POST, true);
$varname = $c->name;
$db_data->{$varname} = $value;
$fields[$c->name] = call_user_func(array($control_type, 'templateFormat'), $value, $ctl);
$captions[$c->name] = $c->caption;
}
}
if (!isset($_POST['data_id']) || isset($_POST['data_id']) && exponent_permissions_check("editdata", unserialize($f->location_data))) {
if ($f->is_saved == 1) {
if (isset($_POST['data_id'])) {
//if this is an edit we remove the record and insert a new one.
$olddata = $db->selectObject('formbuilder_' . $f->table_name, 'id=' . intval($_POST['data_id']));
$db_data->ip = $olddata->ip;
$db_data->user_id = $olddata->user_id;
$db_data->timestamp = $olddata->timestamp;
$db->delete('formbuilder_' . $f->table_name, 'id=' . intval($_POST['data_id']));
} else {
$db_data->ip = $_SERVER['REMOTE_ADDR'];
if (exponent_sessions_loggedIn()) {
$db_data->user_id = $user->id;
} else {
$db_data->user_id = 0;
}
