function show($view, $loc = null, $title = '') { if (exponent_permissions_check('administrate', $loc) || exponent_permissions_check('create', $loc) || exponent_permissions_check('edit', $loc) || exponent_permissions_check('delete', $loc)) { $template = new template('HTMLTemplateModule', $view, $loc); $template->assign('noupload', 0); $template->assign('uploadError', ''); if (!defined('SYS_FILES')) { include_once BASE . 'subsystems/files.php'; } $directory = 'files/HTMLTemplateModule/' . $loc->src; if (!file_exists(BASE . $directory)) { $err = exponent_files_makeDirectory($directory); if ($err != SYS_FILES_SUCCESS) { $template->assign('noupload', 1); $template->assign('uploadError', $err); } } global $db; $templates = $db->selectObjects('htmltemplate'); for ($i = 0; $i < count($templates); $i++) { $assocs = $db->selectObjects('htmltemplateassociation', 'template_id=' . $templates[$i]->id); if (count($assocs) == 1 && $assocs[0]->global == 1) { $templates[$i]->global_assoc = 1; } else { $templates[$i]->global_assoc = 0; $templates[$i]->associations = $assocs; } } $template->assign('moduletitle', $title); $template->assign('templates', $templates); $template->register_permissions(array('administrate', 'create', 'edit', 'delete'), exponent_core_makeLocation('HTMLTemplateModule')); $template->output(); } }
function register_permissions($perms, $locs) { $permissions_register = array(); if (!is_array($perms)) { $perms = array($perms); } if (!is_array($locs)) { $locs = array($locs); } foreach ($perms as $perm) { foreach ($locs as $loc) { $permissions_register[$perm] = exponent_permissions_check($perm, $loc) ? 1 : 0; } } $this->tpl->assign('permissions', $permissions_register); }
################################################## # # Copyright (c) 2004-2006 OIC Group, Inc. # Written and Designed by James Hunt # # This file is part of Exponent # # Exponent is free software; you can redistribute # it and/or modify it under the terms of the GNU # General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## if (!defined('EXPONENT')) { exit(''); } $info = $db->selectObject($_POST['datatype'] . "_wf_info", "real_id=" . intval($_POST['id'])); $object = $db->selectObject($_POST['datatype'] . "_wf_revision", "wf_original=" . intval($_POST['id']) . " AND wf_major=" . $info->current_major . " AND wf_minor=" . $info->current_minor); $state = unserialize($object->wf_state_data); $rloc = unserialize($object->location_data); if (exponent_permissions_check("approve", $rloc) || $user && $user->id == $state[0][0]) { if (!defined('SYS_WORKFLOW')) { include_once BASE . 'subsystems/workflow.php'; } exponent_workflow_processApproval(intval($_POST['id']), $_POST['datatype'], SYS_WORKFLOW_APPROVE_DENY, $_POST['wf_comment']); } else { echo SITE_403_HTML; }
# This file is part of Exponent # # Exponent is free software; you can redistribute # it and/or modify it under the terms of the GNU # General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## // Part of the User Management category if (!defined('EXPONENT')) { exit(''); } if (exponent_permissions_check('user_management', exponent_core_makeLocation('AdministrationModule'))) { exponent_flow_set(SYS_FLOW_PROTECTED, SYS_FLOW_ACTION); $db->delete('sessionticket', 'last_active < ' . (time() - SESSION_TIMEOUT)); if (!defined('SYS_USERS')) { require_once BASE . 'subsystems/users.php'; } if (!defined('SYS_DATETIME')) { require_once BASE . 'subsystems/datetime.php'; } $sessions = $db->selectObjects('sessionticket'); for ($i = 0; $i < count($sessions); $i++) { $sessions[$i]->user = exponent_users_getUserById($sessions[$i]->uid); $sessions[$i]->duration = exponent_datetime_duration($sessions[$i]->last_active, $sessions[$i]->start_time); } $template = new template('AdministrationModule', '_sessionmanager', $loc); $template->assign('sessions', $sessions);
<?php ################################################## # # Copyright (c) 2004-2006 OIC Group, Inc. # Written and Designed by James Hunt # # This file is part of Exponent # # Exponent is free software; you can redistribute # it and/or modify it under the terms of the GNU # General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## // Part of the Configuration category if (!defined('EXPONENT')) { exit(''); } if (exponent_permissions_check('configuration', exponent_core_makeLocation('AdministrationModule'))) { if (!defined('SYS_CONFIG')) { require_once BASE . 'subsystems/config.php'; } exponent_config_deleteProfile($_GET['configname']); exponent_flow_redirect(); } else { echo SITE_403_HTML; }
<?php ################################################## # # Copyright (c) 2004-2006 OIC Group, Inc. # Written and Designed by James Hunt # # This file is part of Exponent # # Exponent is free software; you can redistribute # it and/or modify it under the terms of the GNU # General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## if (!defined('EXPONENT')) { exit(''); } if (exponent_permissions_check('workflow', exponent_core_makeLocation('administrationmodule'))) { $db->switchValues('workflowaction', 'rank', intval($_GET['a']), intval($_GET['b']), "policy_id='" . intval($_GET['policy_id']) . "' AND type=" . $_GET['type']); exponent_flow_redirect(); } else { echo SITE_403_HTML; }
# This file is part of Exponent # # Exponent is free software; you can redistribute # it and/or modify it under the terms of the GNU # General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## if (!defined('EXPONENT')) { exit(''); } $loc = exponent_core_makeLocation('sharedcoremodule'); if (exponent_permissions_check('manage_core', $loc) || exponent_permissions_check('manage_site', $loc)) { $site = null; if (isset($_GET['id'])) { $site = $db->selectObject('sharedcore_site', 'id=' . intval($_GET['id'])); } if ($site) { if ($site->inactive == 0) { $core = $db->selectObject('sharedcore_core', 'id=' . $site->core_id); if ($core) { if (!defined('SYS_SHAREDCORE')) { include_once BASE . 'subsystems/sharedcore.php'; } exponent_sharedcore_clear($site->path); // Not full exponent_sharedcore_setup($core, $site); $extensions = array(CORE_EXT_MODULE => array(), CORE_EXT_SUBSYSTEM => array(), CORE_EXT_THEME => array());
# # This file is part of Exponent # # Exponent is free software; you can redistribute # it and/or modify it under the terms of the GNU # General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## if (!defined("EXPONENT")) { exit(""); } exponent_flow_set(SYS_FLOW_PROTECTED, SYS_FLOW_ACTION); $news = $db->selectObject("newsitem", "id=" . intval($_GET['id'])); if ($news != null) { $loc = unserialize($news->location_data); $iloc = $loc; $iloc->int = $news->id; $news->permissions = array("edit_item" => exponent_permissions_check("edit_item", $loc) || exponent_permissions_check("edit_item", $iloc) ? 1 : 0, "delete_item" => exponent_permissions_check("delete_item", $loc) || exponent_permissions_check("delete_item", $iloc) ? 1 : 0, "administrate" => exponent_permissions_check("administrate", $loc) || exponent_permissions_check("administrate", $iloc) ? 1 : 0); $news->real_posted = $news->publish != 0 ? $news->publish : $news->posted; $view = isset($_GET['view']) ? $_GET['view'] : "_viewSingle"; $template = new template("newsmodule", $view, $loc); $template->assign("newsitem", $news); $template->assign("loc", $loc); $template->output(); } else { echo SITE_404_HTML; }
# # This file is part of Exponent # # Exponent is free software; you can redistribute # it and/or modify it under the terms of the GNU # General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## if (!defined('EXPONENT')) { exit(''); } $t = null; $loc = exponent_core_makeLocation('htmltemplatemodule'); if (isset($_POST['id'])) { $t = $db->selectObject('htmltemplate', 'id=' . intval($_POST['id'])); } if (!$t && exponent_permissions_check('create', $loc) || $t && exponent_permissions_check('edit', $loc)) { $t = htmltemplate::update($_POST, $t); if (isset($t->id)) { $db->updateObject($t, 'htmltemplate'); } else { $db->insertObject($t, 'htmltemplate'); } exponent_flow_redirect(); } else { echo SITE_403_HTML; }
function show($view, $loc = null, $title = '') { global $db, $user; $config = $db->selectObject('newsmodule_config', "location_data='" . serialize($loc) . "'"); if ($config == null) { $config->sortorder = 'ASC'; $config->sortfield = 'posted'; $config->item_limit = 10; } // Check permissions for AP link $canviewapproval = false; if ($user) { $canviewapproval = exponent_permissions_check('approve', $loc) || exponent_permissions_check('manage_approval', $loc); } if (!$canviewapproval) { // still not able to view foreach ($db->selectObjects('newsitem', "location_data='" . serialize($loc) . "' AND (publish = 0 or publish <= " . time() . ") AND (unpublish = 0 or unpublish > " . time() . ') AND approved != 0') as $post) { if ($user && $user->id == $post->poster) { $canviewapproval = true; break; } } } $template = new template('newsmodule', $view, $loc); $template->assign('moduletitle', $title); $template->register_permissions(array('administrate', 'configure', 'add_item', 'delete_item', 'edit_item', 'manage_approval', 'view_unpublished'), $loc); $news = $db->selectObjects('newsitem', "location_data='" . serialize($loc) . "' AND (publish = 0 or publish <= " . time() . ') AND (unpublish = 0 or unpublish > ' . time() . ') AND approved != 0 ORDER BY ' . $config->sortfield . ' ' . $config->sortorder . $db->limit($config->item_limit, 0)); for ($i = 0; $i < count($news); $i++) { $news[$i]->real_posted = $news[$i]->publish != 0 ? $news[$i]->publish : $news[$i]->posted; $nloc = exponent_core_makeLocation($loc->mod, $loc->src, $news[$i]->id); $news[$i]->permissions = array('edit_item' => exponent_permissions_check('edit_item', $loc) || exponent_permissions_check('edit_item', $nloc) ? 1 : 0, 'delete_item' => exponent_permissions_check('delete_item', $loc) || exponent_permissions_check('delete_item', $nloc) ? 1 : 0, 'administrate' => exponent_permissions_check('administrate', $loc) || exponent_permissions_check('administrate', $nloc) ? 1 : 0); } // EVIL WORKFLOW $in_approval = $db->countObjects('newsitem_wf_info', "location_data='" . serialize($loc) . "'"); $template->assign('canview_approval_link', $canviewapproval); $template->assign('in_approval', $in_approval); $template->assign('news', $news); $template->assign('morenews', count($news) < $db->countObjects('newsitem', "location_data='" . serialize($loc) . "' AND (publish = 0 or publish <= " . time() . ') AND (unpublish = 0 or unpublish > ' . time() . ') AND approved != 0')); $template->output(); }
# This file is part of Exponent # # Exponent is free software; you can redistribute # it and/or modify it under the terms of the GNU # General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## // Part of the HTMLArea category if (!defined('EXPONENT')) { exit(''); } if (exponent_permissions_check('htmlarea', exponent_core_makeLocation('AdministrationModule'))) { $config = null; if (isset($_POST['id'])) { $config = $db->selectObject('toolbar_' . SITE_WYSIWYG_EDITOR, 'id=' . intval($_POST['id'])); } $config->name = $_POST['config_name']; $config->data = $_POST['config']; if (isset($_POST['config_activate'])) { $active = $db->selectObject('toolbar_' . SITE_WYSIWYG_EDITOR, 'active=1'); $active->active = 0; $db->updateObject($active, 'toolbar_' . SITE_WYSIWYG_EDITOR); $config->active = 1; } if (isset($config->id)) { $db->updateObject($config, 'toolbar_' . SITE_WYSIWYG_EDITOR); } else {
# GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## if (!defined('EXPONENT')) { exit(''); } $i18n = exponent_lang_loadFile('modules/formbuilder/actions/save_form.php'); if (!defined('SYS_FORMS')) { include_once BASE . 'subsystems/forms.php'; } exponent_forms_initialize(); $f = null; if (isset($_POST['id'])) { $f = $db->selectObject('formbuilder_form', 'id=' . intval($_POST['id'])); } if (exponent_permissions_check('editform', unserialize($f->location_data))) { $f = formbuilder_form::update($_POST, $f); $f->table_name = formbuilder_form::updateTable($f); if (isset($f->id)) { $db->updateObject($f, 'formbuilder_form'); } else { $f->location_data = serialize(exponent_core_makeLocation($_POST['m'], $_POST['s'], $_POST['i'])); $f->id = $db->insertObject($f, 'formbuilder_form'); //Create Default Report; $rpt->name = $i18n['default_report']; $rpt->description = $i18n['auto_generated']; $rpt->location_data = $f->location_data; $rpt->text = ''; $rpt->column_names = ''; $rpt->form_id = $f->id; $db->insertObject($rpt, 'formbuilder_report');
# Written and Designed by James Hunt # # This file is part of Exponent # # Exponent is free software; you can redistribute # it and/or modify it under the terms of the GNU # General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## if (!defined('EXPONENT')) { exit(''); } // Sanitize required _GET parameters $_GET['id'] = intval($_GET['id']); $_GET['datatype'] = preg_replace('/[^A-Za-z0-9_]/', '', $_GET['datatype']); $info = $db->selectObject($_GET['datatype'] . "_wf_info", "real_id=" . $_GET['id']); $object = $db->selectObject($_GET['datatype'] . "_wf_revision", "wf_original=" . $_GET['id'] . " AND wf_major=" . $info->current_major . " AND wf_minor=" . $info->current_minor); $state = unserialize($object->wf_state_data); $rloc = unserialize($object->location_data); if (exponent_permissions_check("manage_approval", $rloc)) { if (!defined('SYS_WORKFLOW')) { include_once BASE . 'subsystems/workflow.php'; } exponent_workflow_deleteRevisionPath($_GET['datatype'], $_GET['id']); } else { echo SITE_403_HTML; }
function show($view, $loc, $title = '') { if (!defined('SYS_FILES')) { require_once BASE . 'subsystems/files.php'; } $template = new template('ResourceModule', $view, $loc); $directory = 'files/ResourceModule/' . $loc->src; if (!file_exists(BASE . $directory)) { $err = exponent_files_makeDirectory($directory); if ($err != SYS_FILES_SUCCESS) { $template->assign('noupload', 1); $template->assign('uploadError', $err); } } global $db; $location = serialize($loc); if (!isset($_SESSION['resource_cache'][$location])) { $resources = $db->selectObjects('resourceitem', "location_data='" . serialize($loc) . "'"); $_SESSION['resource_cache'][$location] = $resources; } else { $resources = $_SESSION['resource_cache'][$location]; } $iloc = exponent_core_makeLocation($loc->mod, $loc->src); for ($i = 0; $i < count($resources); $i++) { $iloc->int = $resources[$i]->id; $resources[$i]->permissions = array('administrate' => exponent_permissions_check('administrate', $iloc), 'edit' => exponent_permissions_check('edit', $iloc), 'delete' => exponent_permissions_check('delete', $iloc)); } if (!defined('SYS_SORTING')) { require_once BASE . 'subsystems/sorting.php'; } usort($resources, 'exponent_sorting_byRankAscending'); $rfiles = array(); foreach ($db->selectObjects('file', "directory='{$directory}'") as $file) { $file->mimetype = $db->selectObject('mimetype', "mimetype='" . $file->mimetype . "'"); $rfiles[$file->id] = $file; } $template->assign('moduletitle', $title); $template->assign('resources', $resources); $template->assign('files', $rfiles); $template->register_permissions(array('administrate', 'configure', 'post', 'edit', 'delete'), $loc); $template->output($view); }
# # This file is part of Exponent # # Exponent is free software; you can redistribute # it and/or modify it under the terms of the GNU # General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## if (!defined('EXPONENT')) { exit(''); } if (isset($_POST['id'])) { $textitem = $db->selectObject('textitem', 'id=' . intval($_POST['id'])); if ($textitem) { $loc = unserialize($textitem->location_data); } } if (exponent_permissions_check('edit', $loc)) { $textitem = textitem::update($_POST, $textitem); $textitem->location_data = serialize($loc); if (!defined('SYS_WORKFLOW')) { include_once BASE . 'subsystems/workflow.php'; } exponent_workflow_post($textitem, 'textitem', $loc); } else { echo SITE_403_HTML; }
# License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## if (!defined("EXPONENT")) { exit(""); } $item = null; $iloc = null; if (isset($_POST['id'])) { $item = $db->selectObject("calendar", "id=" . intval($_POST['id'])); $loc = unserialize($item->location_data); $iloc = exponent_core_makeLocation($loc->mod, $loc->src, $item->id); } if ($item == null && exponent_permissions_check("post", $loc) || $item != null && exponent_permissions_check("edit", $loc) || $iloc != null && exponent_permissions_check("edit", $iloc)) { $item = calendar::update($_POST, $item); $item->location_data = serialize($loc); if (isset($_POST['category'])) { $item->category_id = $_POST['category']; } else { $item->category_id = 0; } //Check to see if the feedback form is enabled and/or being used for this event. if (isset($_POST['feedback_form'])) { $item->feedback_form = $_POST['feedback_form']; $item->feedback_email = $_POST['feedback_email']; } else { $item->feedback_form = ""; $item->feedback_email = ""; }
# General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## if (!defined('EXPONENT')) { exit(''); } $contact = null; $iloc = null; if (isset($_GET['id'])) { $contact = $db->selectObject('addressbook_contact', 'id=' . intval($_GET['id'])); if ($contact) { $loc = unserialize($contact->location_data); $iloc = exponent_core_makeLocation($loc->mod, $loc->src, $contact->id); } } // FIXME: Replace with better use of getLocationHierarchy if ($contact == null && exponent_permissions_check('post', $loc) || $contact != null && exponent_permissions_check('edit', $loc) || $iloc != null && exponent_permissions_check('edit', $iloc)) { $form = addressbook_contact::form($contact); $form->location($loc); $form->meta('action', 'save'); $template = new template('addressbookmodule', '_form_edit', $loc); $template->assign('form_html', $form->toHTML()); $template->assign('is_edit', $contact == null ? 0 : 1); $template->output(); } else { echo SITE_403_HTML; }
if (!defined('SYS_FORMS')) { include_once BASE . 'subsystems/forms.php'; } if (!defined('SYS_USERS')) { include_once BASE . 'subsystems/users.php'; } exponent_forms_initialize(); // Sanitize required _GET variables. $_GET['id'] = intval($_GET['id']); $_GET['form_id'] = intval($_GET['form_id']); $f = $db->selectObject('formbuilder_form', 'id=' . $_GET['form_id']); $controls = $db->selectObjects('formbuilder_control', 'form_id=' . $f->id . ' and is_readonly=0 and is_static = 0'); $data = $db->selectObject('formbuilder_' . $f->table_name, 'id=' . $_GET['id']); $rpt = $db->selectObject('formbuilder_report', 'form_id=' . $_GET['form_id']); if ($f && $controls && $data && $rpt) { if (exponent_permissions_check('viewdata', unserialize($f->location_data))) { if (!defined('SYS_SORTING')) { include_once BASE . 'subsystems/sorting.php'; } usort($controls, 'exponent_sorting_byRankAscending'); $fields = array(); $captions = array(); foreach ($controls as $c) { $ctl = unserialize($c->data); $control_type = get_class($ctl); $name = $c->name; $fields[$name] = call_user_func(array($control_type, 'templateFormat'), $data->{$name}, $ctl); $captions[$name] = $c->caption; } $captions['ip'] = $i18n['ip']; $captions['timestamp'] = $i18n['timestamp'];
function exponent_permissions_check($permission, $location) { global $exponent_permissions_r, $user; if ($user) { if ($user->is_acting_admin == 1) { return true; } if (exponent_permissions_getSourceUID($location->src) == $user->id) { return true; } } if (!is_array($permission)) { $permission = array($permission); } $has_perm = false; if (is_callable(array($location->mod, "getLocationHierarchy"))) { foreach (call_user_func(array($location->mod, "getLocationHierarchy"), $location) as $loc) { foreach ($permission as $perm) { if (isset($exponent_permissions_r[$loc->mod][$loc->src][$loc->int][$perm])) { $has_perm = true; break; } } } } else { foreach ($permission as $perm) { if (isset($exponent_permissions_r[$location->mod][$location->src][$location->int][$perm])) { $has_perm = true; break; } } } if (!$has_perm && $location->mod != 'NavigationModule') { global $db; foreach ($db->selectObjects('sectionref', "is_original=1 AND module='" . $location->mod . "' AND source='" . $location->src . "'") as $secref) { if (exponent_permissions_check('manage', exponent_core_makeLocation('NavigationModule', '', $secref->section))) { $has_perm = true; break; } } } return $has_perm; }
# This file is part of Exponent # # Exponent is free software; you can redistribute # it and/or modify it under the terms of the GNU # General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## if (!defined('EXPONENT')) { exit(''); } $contact = null; if (isset($_GET['id'])) { // Sanitize required _GET variable, to protect against injection attacks $contact = $db->selectObject('addressbook_contact', 'id=' . intval($_GET['id'])); } if ($contact) { $loc = unserialize($contact->location_data); $iloc = exponent_core_makeLocation($loc->mod, $loc->src, $contact->id); if (exponent_permissions_check('delete', $loc) || exponent_permissions_check('delete', $iloc)) { $db->delete('addressbook_contact', 'id=' . $contact->id); exponent_flow_redirect(SYS_FLOW_SECTIONAL); } else { echo SITE_403_HTML; } } else { echo SITE_404_HTML; }
function canView($section) { global $db; if ($section->public == 0) { // Not a public section. Check permissions. return exponent_permissions_check('view', exponent_core_makeLocation('NavigationModule', '', $section->id)); } else { // Is public. check parents. if ($section->parent <= 0) { // Out of parents, and since we are still checking, we haven't hit a private section. return true; } else { $s = $db->selectObject('section', 'id=' . $section->parent); return NavigationModule::canView($s); } } }
# This file is part of Exponent # # Exponent is free software; you can redistribute # it and/or modify it under the terms of the GNU # General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## // Part of the User Management category if (!defined('EXPONENT')) { exit(''); } if (isset($_GET['id']) && exponent_permissions_check('user_management', exponent_core_makeLocation('administrationmodule'))) { if (!defined('SYS_USERS')) { require_once BASE . 'subsystems/users.php'; } $u = exponent_users_getUserById(intval($_GET['id'])); if ($u) { $groups = exponent_users_getAllGroups(); $admin = array(); $membership = array(); foreach ($db->selectObjects('groupmembership', 'member_id=' . $u->id) as $m) { $membership[] = $m->group_id; if ($m->is_admin == 1) { $admin[] = $m->group_id; } } for ($i = 0; $i < count($groups); $i++) {
# Copyright (c) 2004-2006 OIC Group, Inc. # Written and Designed by James Hunt # # This file is part of Exponent # # Exponent is free software; you can redistribute # it and/or modify it under the terms of the GNU # General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## if (!defined('EXPONENT')) { exit(''); } if (exponent_permissions_check('database', exponent_core_makeLocation('AdministrationModule'))) { $exporters = array(); $idh = opendir(BASE . 'modules/exporter/exporters'); while (($imp = readdir($idh)) !== false) { if (substr($imp, 0, 1) != '.' && is_readable(BASE . 'modules/exporter/exporters/' . $imp . '/start.php') && is_readable(BASE . 'modules/exporter/exporters/' . $imp . '/info.php')) { $exporters[$imp] = (include BASE . 'modules/exporter/exporters/' . $imp . '/info.php'); } } $template = new template('exporter', '_exporters'); $template->assign('exporters', $exporters); $template->output(); } else { echo SITE_403_HTML; }
function show($view, $loc = null, $title = '') { $template = new template('WeblogModule', $view, $loc); global $db; global $user; $user_id = $user ? $user->id : -1; $config = $db->selectObject('WeblogModule_config', "location_data='" . serialize($loc) . "'"); if ($config == null) { $config->allow_comments = 1; $config->items_per_page = 10; } $viewconfig = array('type' => 'default'); if (is_readable($template->viewdir . "/{$view}.config")) { $viewconfig = (include $template->viewdir . "/{$view}.config"); } $where = '(is_draft = 0 OR poster = ' . $user_id . ") AND location_data='" . serialize($loc) . "'"; if (!exponent_permissions_check('view_private', $loc)) { $where .= ' AND is_private = 0'; } if ($viewconfig['type'] == 'monthlist') { $months = array(); $min_date = $db->min('weblog_post', 'posted', 'location_data', $where); $max_date = $db->max('weblog_post', 'posted', 'location_data', $where); $months = array(); if (!defined('SYS_DATETIME')) { require_once BASE . 'subsystems/datetime.php'; } $start_month = exponent_datetime_startOfMonthTimestamp($min_date); $end_month = exponent_datetime_endOfMonthTimestamp($min_date) + 86399; do { $count = $db->countObjects('weblog_post', $where . ' AND posted >= ' . $start_month . ' AND posted <= ' . $end_month); if ($count) { $months[$start_month] = $count; } $start_month = $end_month + 1; $end_month = exponent_datetime_endOfMonthTimestamp($start_month) + 86399; } while ($start_month < $max_date); $template->assign('months', array_reverse($months, true)); } else { if ($viewconfig['type'] == 'calendar') { if (!defined('SYS_DATETIME')) { require_once BASE . 'subsystems/datetime.php'; } $month_days = exponent_datetime_monthlyDaysTimestamp(time()); for ($i = 0; $i < count($month_days); $i++) { foreach ($month_days[$i] as $mday => $timestamp) { if ($mday > 0) { // Got a valid one. Go with it. $month_days[$i][$mday] = array('number' => $db->countObjects('weblog_post', $where . ' AND posted >= ' . $timestamp . ' AND posted < ' . strtotime('+1 day', $timestamp)), 'ts' => $timestamp); } } } $template->assign('days', $month_days); $template->assign('now', time()); } else { $total = $db->countObjects('weblog_post', $where); $posts = $db->selectObjects('weblog_post', $where . ' ORDER BY posted DESC ' . $db->limit($config->items_per_page, 0)); if (!defined('SYS_SORTING')) { require_once BASE . 'subsystems/sorting.php'; } for ($i = 0; $i < count($posts); $i++) { $ploc = exponent_core_makeLocation($loc->mod, $loc->src, $posts[$i]->id); $posts[$i]->permissions = array('administrate' => exponent_permissions_check('administrate', $ploc), 'edit' => exponent_permissions_check('edit', $ploc), 'delete' => exponent_permissions_check('delete', $ploc), 'comment' => exponent_permissions_check('comment', $ploc), 'edit_comments' => exponent_permissions_check('edit_comments', $ploc), 'delete_comments' => exponent_permissions_check('delete_comments', $ploc), 'view_private' => exponent_permissions_check('view_private', $ploc)); $comments = $db->selectObjects('weblog_comment', 'parent_id=' . $posts[$i]->id); usort($comments, 'exponent_sorting_byPostedDescending'); $posts[$i]->comments = $comments; } usort($posts, 'exponent_sorting_byPostedDescending'); $template->assign('posts', $posts); $template->assign('total_posts', $total); } } $template->register_permissions(array('administrate', 'configure', 'post', 'edit', 'delete', 'comment', 'edit_comments', 'delete_comments', 'view_private'), $loc); $template->assign('config', $config); $template->assign('moduletitle', $title); $template->output(); }
<?php ################################################## # # Copyright (c) 2004-2006 OIC Group, Inc. # Written and Designed by James Hunt # # This file is part of Exponent # # Exponent is free software; you can redistribute # it and/or modify it under the terms of the GNU # General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## // Part of the Administration Control Panel : Files Subsystem category if (!defined('EXPONENT')) { exit(''); } if (exponent_permissions_check('files_subsystem', exponent_core_makeLocation('AdministrationModule'))) { exponent_flow_set(SYS_FLOW_PROTECTED, SYS_FLOW_ACTION); $template = new template('filemanager', '_mimetypes', $loc); $template->assign('types', $db->selectObjects('mimetype')); $template->output(); } else { echo SITE_403_HTML; }
if ($config == null) { $config->allow_comments = 1; $config->items_per_page = 10; } if (isset($_GET['single'])) { $config->items_per_page = 1; } $where = "location_data='" . serialize($loc) . "' AND (is_draft = 0 OR poster = " . ($user ? $user->id : -1) . ")"; if (!exponent_permissions_check('view_private', $loc)) { $where .= ' AND is_private = 0'; } $total = $db->countObjects('weblog_post', $where); $posts = $db->selectObjects('weblog_post', $where . ' ORDER BY posted DESC ' . $db->limit($config->items_per_page, $_GET['page'] * $config->items_per_page)); if (!defined('SYS_SORTING')) { require_once BASE . 'subsystems/sorting.php'; } for ($i = 0; $i < count($posts); $i++) { $ploc = exponent_core_makeLocation($loc->mod, $loc->src, $posts[$i]->id); $posts[$i]->permissions = array('administrate' => exponent_permissions_check('administrate', $ploc), 'edit' => exponent_permissions_check('edit', $ploc), 'delete' => exponent_permissions_check('delete', $ploc), 'comment' => exponent_permissions_check('comment', $ploc), 'edit_comments' => exponent_permissions_check('edit_comments', $ploc), 'delete_comments' => exponent_permissions_check('delete_comments', $ploc), 'view_private' => exponent_permissions_check('view_private', $ploc)); $comments = $db->selectObjects('weblog_comment', 'parent_id=' . $posts[$i]->id); usort($comments, 'exponent_sorting_byPostedDescending'); $posts[$i]->comments = $comments; } usort($posts, 'exponent_sorting_byPostedDescending'); $template->assign('posts', $posts); $template->assign('total_posts', $total); $template->assign('shownext', ($_GET['page'] + 1) * $config->items_per_page < $total); $template->assign('page', $_GET['page']); $template->register_permissions(array('administrate', 'configure', 'post', 'edit', 'delete', 'comment', 'edit_comments', 'delete_comments', 'view_private'), $loc); $template->assign('config', $config); $template->output();
exit(''); } $check_id = -1; $section = null; $old_parent = null; if (isset($_POST['id'])) { // Saving an existing content page. Read it from the database. $section = $db->selectObject('section', 'id=' . intval($_POST['id'])); if ($section) { $old_parent = $section->parent; $check_id = $section->id; } } else { $check_id = $_POST['parent']; } if ($check_id != -1 && exponent_permissions_check('manage', exponent_core_makeLocation('NavigationModule', '', $check_id))) { $i18n = exponent_lang_loadFile('modules/NavigationModule/actions/save_internalalias.php'); // Update the section from the _POST data. $section = section::updateInternalAlias($_POST, $section); if ($section->active == 0) { // User tried to link to an inactive section. This makes little or no sense in // this context, so throw them back to the edit form, with an error message. $_POST['_formError'] = $i18n['internal_link_err']; exponent_sessions_set('last_POST', $_POST); header('Location: ' . $_SERVER['HTTP_REFERER']); exit(''); } if (isset($section->id)) { if ($section->parent != $old_parent) { // Old_parent id was different than the new parent id. Need to decrement the ranks // of the old children (after ours), and then add
# This file is part of Exponent # # Exponent is free software; you can redistribute # it and/or modify it under the terms of the GNU # General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## // Part of the Administration Control Panel : Extensions category if (!defined('EXPONENT')) { exit(''); } if (exponent_permissions_check('extensions', exponent_core_makeLocation('administrationmodule'))) { if (!defined('SYS_INFO')) { require_once BASE . 'subsystems/info.php'; } $files = exponent_info_files($_GET['type'], $_GET['name']); if (is_array($files)) { ksort($files); } $template = new template('info', '_checksums', $loc); if (is_array($files)) { $actual = exponent_info_fileChecksums($files); foreach (array_keys($files) as $f) { if (is_int($files[$f])) { $files[$f] = ""; } }
# # This file is part of Exponent # # Exponent is free software; you can redistribute # it and/or modify it under the terms of the GNU # General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## if (!defined('EXPONENT')) { exit(''); } if (exponent_permissions_check('manage_core', exponent_core_makeLocation('sharedcoremodule'))) { $core = null; if (isset($_GET['id'])) { $core = $db->selectObject('sharedcore_core', 'id=' . intval($_GET['id'])); } if ($core) { $db->delete('sharedcore_core', 'id=' . $core->id); if (!defined('SYS_SHAREDCORE')) { include_once BASE . 'subsystems/sharedcore.php'; } foreach ($db->selectObjects('sharedcore_site', 'core_id=' . $core->id) as $site) { $db->delete('sharedcore_extension', 'site_id=' . $site->id); exponent_sharedcore_clear($site->path, true); } $db->delete('sharedcore_site', 'core_id=' . $core->id); exponent_flow_redirect();
$db_data = null; $fields = array(); $captions = array(); foreach ($controls as $c) { $ctl = unserialize($c->data); $control_type = get_class($ctl); $def = call_user_func(array($control_type, "getFieldDefinition")); if ($def != null) { $value = call_user_func(array($control_type, 'parseData'), $c->name, $_POST, true); $varname = $c->name; $db_data->{$varname} = $value; $fields[$c->name] = call_user_func(array($control_type, 'templateFormat'), $value, $ctl); $captions[$c->name] = $c->caption; } } if (!isset($_POST['data_id']) || isset($_POST['data_id']) && exponent_permissions_check("editdata", unserialize($f->location_data))) { if ($f->is_saved == 1) { if (isset($_POST['data_id'])) { //if this is an edit we remove the record and insert a new one. $olddata = $db->selectObject('formbuilder_' . $f->table_name, 'id=' . intval($_POST['data_id'])); $db_data->ip = $olddata->ip; $db_data->user_id = $olddata->user_id; $db_data->timestamp = $olddata->timestamp; $db->delete('formbuilder_' . $f->table_name, 'id=' . intval($_POST['data_id'])); } else { $db_data->ip = $_SERVER['REMOTE_ADDR']; if (exponent_sessions_loggedIn()) { $db_data->user_id = $user->id; } else { $db_data->user_id = 0; }