コード例 #1
0
/**
* save object info to database
*
* Uses sub-scripts to save different data for different object types.
* No parameters used, only globals, it is included script.
*
* @package CMS
*
* Call:
*		include_once("edit_object.php");
*		save_object();
*/
function save_object()
{
    global $site;
    global $objekt;
    global $class_path;
    global $keel;
    global $tyyp;
    verify_form_token();
    ###################
    # 1. special case: if object is NEW picture
    if ($tyyp['klass'] == "pilt" && !$objekt->objekt_id) {
        include_once "edit_" . $tyyp['klass'] . ".php";
        if (function_exists("save_objekts")) {
            save_objekts(array(tyyp_id => $tyyp[tyyp_id], keel => $keel));
        }
    } else {
        # pealkiri peab olema!
        if ($site->fdat[pealkiri] == '' && $tyyp['klass'] != "kommentaar") {
            $errors .= $site->sys_sona(array(sona => "maaratud pealkiri", tyyp => "editor")) . "<br>";
        }
        ###################
        # Salvestame tyybi parameetrid
        if (file_exists("edit_" . $tyyp['klass'] . ".php")) {
            include_once "edit_" . $tyyp['klass'] . ".php";
            if (function_exists("save_tyyp_params")) {
                $templ_params = save_tyyp_params(array(objekt => $objekt));
            }
        }
        ###################
        # Salvestame malli parameetrid - old ver3 style
        # arvestame, et malli parameetrid k�ivad ainult sisumalli kohta
        $sql = $site->db->prepare("SELECT ttyyp_id, templ_fail FROM templ_tyyp WHERE ttyyp_id = ?", $site->fdat['ttyyp_id']);
        $sth = new SQL($sql);
        $site->debug->msg("EDIT: " . $sth->debug->get_msgs());
        $temp_ttyyp = $sth->fetch();
        if ($temp_ttyyp['templ_fail'] && strpos($temp_ttyyp['templ_fail'], '../') !== 0 && file_exists("../" . $temp_ttyyp['templ_fail'])) {
            include_once "../" . $temp_ttyyp['templ_fail'];
        }
        if (function_exists("save_params")) {
            $templ_params = save_params(array(objekt => $objekt));
        }
        ### ttyyp_params - ver3 style vs ver4. Bug #2506
        if (!empty($templ_params)) {
            $oldstyle_tyyp_params = true;
            # if old-ver-style fixed params are used
        } else {
            # use new ver4 style custom conf save/load by default
            $oldstyle_tyyp_params = false;
        }
        ###################
        # if no errors occured , begin saving to database
        if (!$errors) {
            $site->debug->msg("EDIT: Objekti salvestamine");
            ###################
            # strip HTML tags from headline, lyhi, sisu for strip-fields
            // folder title is folder filesystem name
            if ($site->fdat['tyyp_id'] == 22) {
                $site->fdat['pealkiri'] = safe_filename2($site->fdat['pealkiri']);
            }
            $pealkiri_strip = $site->fdat['pealkiri'];
            $sisu_strip = $site->fdat['scms_article_editor'] ? $site->fdat['scms_article_editor'] : ($site->fdat['sisu'] ? $site->fdat['sisu'] : $site->fdat['text']);
            # replace some tags with space before stripping tags (bug #1568 )
            $replace_tags_arr = array("<br>", "<BR>", "<br />", "<BR />", "&nbsp;");
            $pealkiri_strip = str_replace($replace_tags_arr, " ", $pealkiri_strip);
            $sisu_strip = str_replace($replace_tags_arr, " ", $sisu_strip);
            $replace_tags_arr = array("&amp;");
            $pealkiri_strip = str_replace($replace_tags_arr, "&", $pealkiri_strip);
            $sisu_strip = str_replace($replace_tags_arr, "&", $sisu_strip);
            $pealkiri_strip = strip_tags($pealkiri_strip);
            $sisu_strip = strip_tags($sisu_strip);
            // remove excess spaces
            $sisu_strip = preg_replace('/\\s+/', ' ', $sisu_strip);
            // overwrite catch for files, this is here so when a new file is being uploaded but
            // a file with a same name already exists
            // there wouldn't be double objects
            // instead use the existing object and move on as that objects update
            if ($site->fdat['tyyp_id'] == 21 && $_FILES['fileupload']['name']) {
                $parent_folder = new Objekt(array('objekt_id' => $objekt->parent_id, 'on_sisu' => 1));
                $parent_folder_path = preg_replace('#/$#', '', $site->absolute_path) . $parent_folder->all['relative_path'];
                // delete file
                if (file_exists($parent_folder_path . '/' . safe_filename2($_FILES['fileupload']['name']))) {
                    unlink($parent_folder_path . '/' . safe_filename2($_FILES['fileupload']['name']));
                }
                $file_path = preg_replace('#/$#', '', $site->absolute_path) . $objekt->all['relative_path'];
                // delete the file itself (bug #2586)
                if ($objekt->objekt_id && file_exists($file_path)) {
                    unlink($file_path);
                }
                $sql = $site->db->prepare('select objekt_id from obj_file where relative_path = ?', $parent_folder->all['relative_path'] . '/' . safe_filename2($_FILES['fileupload']['name']));
                $result = new SQL($sql);
                if ($result->rows && ($existing_id = $result->fetchsingle())) {
                    // delete the object used to overwrite
                    // don't delete if it's the same object (bug # 2576)
                    if ($objekt->objekt_id && $objekt->objekt_id != $existing_id) {
                        $objekt->del();
                    }
                    $objekt = new Objekt(array('objekt_id' => $existing_id, 'on_sisu' => 1, 'no_cache' => 1));
                }
            }
            // / overwrite catch
            ###################
            # UPDATE
            if ($objekt->objekt_id) {
                /* Check if avaldamise_algus & avaldamise_lopp has the right format
                			   if not fix it.
                			*/
                if (preg_match("/(\\d?\\d[\\:\\\\.\\/\\-]\\d?\\d[\\:\\\\.\\/\\-]\\d?\\d?\\d\\d)\\s?(\\d?\\d?)[\\:\\\\.\\/\\-]?(\\d?\\d?)/", $site->fdat[avaldamise_algus], $aa_reg)) {
                    if (!$aa_reg[2] && !$aa_reg[3]) {
                        $site->fdat['avaldamise_algus'] = $aa_reg[1] . " 00:00:00";
                    } else {
                        $site->fdat['avaldamise_algus'] = $aa_reg[1] . " " . $aa_reg[2] . ":" . $aa_reg[3] . ":00";
                    }
                }
                if (preg_match("/(\\d?\\d[\\:\\\\.\\/\\-]\\d?\\d[\\:\\\\.\\/\\-]\\d?\\d?\\d\\d)\\s?(\\d?\\d?)[\\:\\\\.\\/\\-]?(\\d?\\d?)/", $site->fdat['avaldamise_lopp'], $al_reg)) {
                    if (!$al_reg[2] && !$al_reg[3]) {
                        $site->fdat['avaldamise_lopp'] = $al_reg[1] . " 23:59:59";
                    } else {
                        $site->fdat['avaldamise_lopp'] = $al_reg[1] . " " . $al_reg[2] . ":" . $al_reg[3] . ":59";
                    }
                }
                /* End of check */
                $sql = $site->db->prepare("UPDATE objekt SET pealkiri=?, on_pealkiri=?, on_foorum=?, on_saadetud=?, ttyyp_id=?, page_ttyyp_id=?, pealkiri_strip=?, sisu_strip=?, aeg=?, avaldamisaeg_algus=?, avaldamisaeg_lopp=?, last_modified=" . time() . ", author=?, friendly_url=?, is_hided_in_menu=?, kesk=?, check_in=?, changed_user_id=?, changed_user_name=?, changed_time=?, on_avaldatud = ? WHERE objekt_id=?", $site->fdat['pealkiri'], $site->fdat['on_pealkiri'], $site->fdat['on_foorum'] ? 1 : 0, $site->fdat['on_saadetud'] ? 0 : 1, $site->fdat['ttyyp_id'], $site->fdat['page_ttyyp_id'], $pealkiri_strip, $sisu_strip, $site->db->ee_MySQL($site->fdat['aeg']), $site->db->ee_MySQL_long($site->fdat['avaldamise_algus']), $site->db->ee_MySQL_long($site->fdat['avaldamise_lopp']), $site->fdat['author'], $site->fdat['friendly_url'], $site->fdat['is_hided_in_menu'] ? 1 : 0, $site->fdat['kesk'], 0, $site->user->id, $site->user->name, date("Y-m-d H:i:s"), isset($site->fdat['publish']) && is_numeric($site->fdat['publish']) ? (int) $site->fdat['publish'] : $objekt->all['on_avaldatud'], $objekt->objekt_id);
                $sth = new SQL($sql);
                $site->debug->msg("EDIT: " . $sth->debug->get_msgs());
                # save old-ver3-style tyyp_params. Bug #2506
                # this SQL should happen only as exception and not by default
                if ($oldstyle_tyyp_params === true) {
                    $sql = $site->db->prepare("UPDATE objekt SET ttyyp_params = ? WHERE objekt_id=?", $templ_params ? $templ_params : 'ttyyp_params', $objekt->objekt_id);
                    $sth = new SQL($sql);
                    $site->debug->msg("EDIT: " . $sth->debug->get_msgs());
                }
                # ------------------------
                # Kustutame chache-ist ka
                # ------------------------
                clear_cache("ALL");
                new Log(array('action' => 'update', 'objekt_id' => $objekt->objekt_id, 'message' => sprintf("%s '%s' (ID = %s) %s", ucfirst(translate_en($objekt->all['klass'])), $objekt->pealkiri(), $objekt->objekt_id, "changed")));
            } else {
                /* Check if avaldamise_algus & avaldamise_lopp has the right format
                			   if not fix it.
                			*/
                if (preg_match("/(\\d?\\d[\\:\\\\.\\/\\-]\\d?\\d[\\:\\\\.\\/\\-]\\d?\\d?\\d\\d)\\s?(\\d?\\d?)[\\:\\\\.\\/\\-]?(\\d?\\d?)/", $site->fdat['avaldamise_algus'], $aa_reg)) {
                    if (!$aa_reg[2] && !$aa_reg[3]) {
                        $site->fdat['avaldamise_algus'] = $aa_reg[1] . " 00:00:00";
                    } else {
                        $site->fdat['avaldamise_algus'] = $aa_reg[1] . " " . $aa_reg[2] . ":" . $aa_reg[3] . ":00";
                    }
                }
                if (preg_match("/(\\d?\\d[\\:\\\\.\\/\\-]\\d?\\d[\\:\\\\.\\/\\-]\\d?\\d?\\d\\d)\\s?(\\d?\\d?)[\\:\\\\.\\/\\-]?(\\d?\\d?)/", $site->fdat['avaldamise_lopp'], $al_reg)) {
                    if (!$al_reg[2] && !$al_reg[3]) {
                        $site->fdat['avaldamise_lopp'] = $al_reg[1] . " 23:59:59";
                    } else {
                        $site->fdat['avaldamise_lopp'] = $al_reg[1] . " " . $al_reg[2] . ":" . $al_reg[3] . ":59";
                    }
                }
                /* End of check */
                $sql = $site->db->prepare("INSERT INTO objekt (pealkiri, on_pealkiri, on_foorum, on_saadetud, tyyp_id, author, on_avaldatud, keel, kesk, ttyyp_id, page_ttyyp_id, pealkiri_strip, sisu_strip, aeg, sys_alias, ttyyp_params, avaldamisaeg_algus, avaldamisaeg_lopp, last_modified, friendly_url, is_hided_in_menu, check_in, check_in_admin_id, created_user_id, created_user_name, created_time) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", $site->fdat['pealkiri'], $site->fdat['on_pealkiri'], $site->fdat['on_foorum'], $site->fdat['on_saadetud'] ? 0 : 1, $tyyp['tyyp_id'], $site->fdat['author'], $site->fdat['sys_alias'] || $site->fdat['publish'] ? 1 : 0, $tyyp['tyyp_id'] == 21 || $tyyp['tyyp_id'] == 22 ? 1 : $keel, $site->fdat['kesk'], $site->fdat['ttyyp_id'], $site->fdat['page_ttyyp_id'], $pealkiri_strip, $sisu_strip, $site->db->ee_MySQL($site->fdat['aeg']), $site->fdat['sys_alias'], $templ_params, $site->db->ee_MySQL_long($site->fdat['avaldamise_algus']), $site->db->ee_MySQL_long($site->fdat['avaldamise_lopp']), time(), $site->fdat['friendly_url'], $site->fdat['is_hided_in_menu'] ? 1 : 0, 0, $site->user->id, $site->user->id, $site->user->name, date("Y-m-d H:i:s"));
                $sth = new SQL($sql);
                $site->debug->msg("EDIT: " . $sth->debug->get_msgs());
                $obj_insert_id = $sth->insert_id;
                # ------------------------
                # Kustutame chache-ist ka
                # ------------------------
                clear_cache("ALL");
                $objekt = new Objekt(array(objekt_id => $obj_insert_id, no_cache => 1, creating => 1));
                if (!is_numeric($objekt->objekt_id)) {
                    $objekt->objekt_id = $obj_insert_id;
                }
                $site->fdat['id'] = $objekt->objekt_id;
                new Log(array('action' => 'create', 'objekt_id' => $objekt->objekt_id, 'message' => sprintf("%s '%s' (ID = %s) %s", ucfirst(translate_en($objekt->all['klass'])), $objekt->pealkiri(), $objekt->objekt_id, "inserted")));
                $is_new = 1;
            }
            # / INSERT
            ###################
            ###################
            # WHAT IS THIS?
            $objekt->all["on_peida_vmenyy"] = $site->fdat["on_peida_vmenyy"] ? 1 : 0;
            ###################
            # SALVESTA t��bist s�ltuv osa
            #$fdat{objekt}->{klass} = "artikkel" if ($fdat{objekt}->{klass} eq "oigusakt");
            # INCLUDE t��bist s�ltuv fail
            include_once "edit_" . $tyyp['klass'] . ".php";
            # salvesta objekti t��bist s�ltuv osa
            salvesta_objekt();
            # save all profile fields:
            if ($site->fdat['profile_id']) {
                # if profile set
                save_obj_profile();
            }
            # / SALVESTA t��bist s�ltuv osa
            ###################
            ###################
            # PARENTS (tbl 'objekt_objekt')
            ###################
            $site->debug->msg("------------ PARENTS -------------");
            ###################
            #######################
            # 1. FIND NEW PARENTS
            $new_parents = array();
            # parentit on lubatud select-boxis muuta j�rgmistel objektidel:
            # artikkel, dokument, rubriik, album, asset, gallup, kommentaar
            # 1) kui tegu on lubatud objektiga JA vormis oli parent rubriik valitud,
            # siis
            if (($tyyp['klass'] == "artikkel" || $tyyp['klass'] == "dokument" || $tyyp['klass'] == "rubriik" || $tyyp['klass'] == "album" || $tyyp['klass'] == "asset" || $tyyp['klass'] == "gallup" || $tyyp['klass'] == "kommentaar" || $tyyp['klass'] == "link") && is_array($site->fdat['rubriik'])) {
                # salvesta k�ik vormis valitud rubriigid massiivi
                foreach ($site->fdat['rubriik'] as $value) {
                    $new_parents[$value] = 1;
                }
                # kui parenti ID oli 0, siis what the hell siin tehakse?
                /*
                if ($site->fdat['parent_id']==0) {
                	$new_parents[$site->fdat['parent_id']] = 1;
                }
                */
            } elseif ($site->fdat['parent_id']) {
                $new_parents[$site->fdat['parent_id']] = 1;
            }
            ######### get parent object
            if ($site->fdat['parent_id']) {
                $parent = new Objekt(array(objekt_id => $site->fdat['parent_id']));
            }
            # kui objektil leidub korrektne parent ja pole tegu rubriigiga,
            # siis pane parentiks 'parent_id' parameeter (eee, j�lle?)
            # Lauri: parent ise ei tohiks saada new_parentiks. seega kommentaari juures konkreetselt keelan ara
            if ($parent && $parent->all['klass'] != "rubriik" && $tyyp['klass'] != "kommentaar") {
                $new_parents[$site->fdat['parent_id']] = 1;
            }
            ######## gallupi erijuht
            if ($tyyp['klass'] == "gallup") {
                if ($site->fdat['on_avatud']) {
                    $objekt->load_sisu();
                    $site->debug->msg("EDIT: vana parent rullib!");
                    # removed by Bug #1896: gallupit ei saa teise rubriigi alla t�sta
                    # $new_parents = array($objekt->all["orig_parent_id"] => 1);
                } else {
                    # kui suletud gallup, siis liiguta gallupi arhiivi
                    $new_parents = array($site->alias("gallup_arhiiv") => 1);
                }
            }
            $site->debug->msg("EDIT: Selected new parents: " . join(",", array_keys($new_parents)));
            # 1. / FIND NEW PARENTS
            #######################
            #######################
            # 2. FIND CURRENT PARENTS
            $current_parents = array();
            ########### RUBRIIK V�I LINGIKAST
            if ($tyyp['klass'] == "rubriik") {
                ######## Otsime, kas rubriik kuulub ka m�ne uudistekogu alla - need on vaja uutele parentitele vaikselt lisada
                $sql = $site->db->prepare("SELECT objekt_objekt.parent_id FROM objekt_objekt LEFT JOIN objekt ON objekt.objekt_id=objekt_objekt.parent_id WHERE objekt_objekt.objekt_id=? and objekt.tyyp_id=9", $objekt->objekt_id);
                $sth = new SQL($sql);
                while ($tmp_data = $sth->fetchsingle()) {
                    $newslist_parents[$tmp_data] = 1;
                    # lisa salaja uudistekogu ID samuti uute parentite massiivile
                    $new_parents[$tmp_data] = 1;
                }
                unset($tmp_data);
                if ($sth->rows) {
                    $site->debug->msg("EDIT: Parent news lists: " . join(",", array_keys($newslist_parents)));
                }
                ########## leia rubriigi praegused parentid
                $sql = $site->db->prepare("SELECT parent_id FROM objekt_objekt WHERE objekt_id=?", $objekt->objekt_id);
                $sth = new SQL($sql);
                while ($tmp_data = $sth->fetch()) {
                    $parent_id = $tmp_data['parent_id'];
                    $current_parents[$parent_id] = 1;
                }
                ######### K�IK �LEJ��NUD objektid v.a rubriik ja lingikast
            } else {
                # -----------------------------------
                # siin on need objektid mille jaoks
                # on lubatud rohkem kui 1 �lema omama
                # -----------------------------------
                $sql = $site->db->prepare("SELECT parent_id FROM objekt_objekt WHERE objekt_id=?", $objekt->objekt_id);
                $sth = new SQL($sql);
                while ($tmp_data = $sth->fetch()) {
                    $parent_id = $tmp_data['parent_id'];
                    $current_parents[$parent_id] = 1;
                }
                # mis siin tehakse?
                # Lauri: oeldakse jargmise IF-i jaoks, et ara sinna sisse mine. vaata 10 rida allapoole
                if ($current_parents[0]) {
                    $new_parents[0] = 1;
                }
            }
            $site->debug->msg("EDIT: Current parents: " . join(",", array_keys($current_parents)));
            # / 2. FIND CURRENT PARENTS
            #######################
            # kui uute parentite massiiv on t�hi, siis kasuta vormis alati kaasas olnud
            # peidetud v��rtust 'permanent_parent_id'
            if ($site->fdat['permanent_parent_id'] != "" && !count(array_keys($new_parents))) {
                $new_parents[$site->fdat['permanent_parent_id']] = 1;
            }
            $site->debug->msg("EDIT: Final parents: " . join(",", array_keys($new_parents)));
            #######################
            # 3. CHECK NEW PARENTS PERMISSIONS
            foreach (array_keys($new_parents) as $parent_id) {
                if ($parent_id) {
                    # kui uus �lem (varem polnud), siis kontrolli �iguseid
                    if (!$current_parents[$parent_id]) {
                        ####### check permissions
                        $perm = get_obj_permission(array("objekt_id" => $parent_id));
                        # kui uuel parentil on CREATE �igus, siis luba lisada objekt selle parenti alla,
                        # muidu mitte
                        if ($perm['C']) {
                            $site->debug->msg("EDIT: New parent " . $parent_id . " permissions " . $perm['mask'] . " allow to create object under it => OK");
                        } else {
                            $site->debug->msg("EDIT: New parent " . $parent_id . " permissions " . $perm['mask'] . " don't allow to create object under it => FORBIDDEN");
                            # v�ta see parent maha uute parentite massiivist
                            unset($new_parents[$parent_id]);
                        }
                        # new parent permissions
                    }
                }
                # if parent_id
            }
            $site->debug->msg("EDIT: Final parents after permission check: " . join(",", array_keys($new_parents)));
            # / 3. CHECK NEW PARENTS PERMISSIONS
            #######################
            # kui uute parentite arv on 0 st objekti ei tohi uue parenti alla lisada,
            # siis �ra tee �ldse midagi
            if (!count(array_keys($new_parents))) {
                $site->debug->msg("EDIT: Can't move under new parent => don't do anything at all");
                $fatal_parent_error = 1;
            }
            # kui uued parentid on ainult uudistekogud (samad mis enne), siis �ra tee �ldse midagi
            if (sizeof($newslist_parents) > 0) {
                $result = array_diff(array_keys($new_parents), array_keys($newslist_parents));
                if (sizeof($result) <= 0) {
                    # kui massiivid pole erinevad
                    $site->debug->msg("EDIT: New parents are equal to existing newslist parents => don't do anything at all");
                    $fatal_parent_error = 1;
                }
            } else {
                if (!$fatal_parent_error) {
                    # if not fatal parent error
                    #######################
                    # 4. INSERT NEW PARENTS (siin on juba ainult need parentid, mille alla v�ib objekti lisada)
                    foreach (array_keys($new_parents) as $parent_id) {
                        if ($parent_id) {
                            # �lem on olemas, siis pole vaja midagi teha
                            if ($current_parents[$parent_id]) {
                                $current_parents[$parent_id] = 0;
                                $site->debug->msg("EDIT: Parent {$parent_id} j��b nagu oli");
                            } else {
                                if ($site->fdat["sorting"]) {
                                    $sorteering = $site->fdat["sorting"];
                                } else {
                                    $sql = "SELECT max(sorteering) FROM objekt_objekt";
                                    $sth = new SQL($sql);
                                    $sorteering = $sth->fetchsingle();
                                }
                                #move objects forward so new object can be inserted in the middle
                                $sql = $site->db->prepare("UPDATE objekt_objekt SET sorteering=sorteering+1 WHERE sorteering>?", $sorteering);
                                $sth = new SQL($sql);
                                $site->debug->msg("EDIT: " . $sql);
                                ################ INSERT
                                $sql = $site->db->prepare("INSERT INTO objekt_objekt (objekt_id, parent_id, sorteering) VALUES (?,?,?)", $objekt->objekt_id, $parent_id, $sorteering + 1);
                                $sth = new SQL($sql);
                                $site->debug->msg("EDIT: " . $sql);
                                if ($tyyp['klass'] == 'kommentaar') {
                                    $sql = $site->db->prepare("UPDATE objekt SET comment_count = comment_count+1 WHERE objekt_id=?", $parent_id);
                                    $sth = new SQL($sql);
                                    $site->debug->msg("EDIT: " . $sql);
                                }
                            }
                            # uus �lem, lisa
                        }
                        # if parent_id
                    }
                    # / 4. INSERT NEW PARENTS
                    #######################
                    #######################
                    # 5. DELETE OLD PARENTS
                    function notnull($a)
                    {
                        return $a > 0;
                    }
                    $to_delete = join(",", array_keys(array_filter($current_parents, "notnull")));
                    $site->debug->msg("EDIT: Current Parents, allowed to delete: " . $to_delete);
                    # kui vormis oli valitud m�ni parent rubriik JA objekt on lubatud t��pi (tal v�ib parentit muuta),
                    # siis... mis tehakse?
                    if (sizeof($site->fdat['rubriik']) > 0 && ($tyyp['klass'] == "artikkel" || $tyyp['klass'] == "dokument" || $tyyp['klass'] == "gallup" || $tyyp['klass'] == "rubriik" || $tyyp['klass'] == "album" || $tyyp['klass'] == "asset" || $tyyp['klass'] == "dokument" || $tyyp['klass'] == "gallup" || $tyyp['klass'] == "kommentaar" || $tyyp['klass'] == "link")) {
                        $parent_ids = array();
                        foreach (array_unique(array_merge($site->fdat['rubriik'], array_keys($new_parents))) as $tmp_id) {
                            if ((int) $tmp_id) {
                                $parent_ids[] = (int) $tmp_id;
                            }
                        }
                        ########### Lauri 04092009: store parents that will be deleted so we can reduce their comment_count
                        $sql = $site->db->prepare("SELECT parent_id FROM objekt_objekt WHERE objekt_id=? AND parent_id NOT IN(" . implode(',', $parent_ids) . ")", $objekt->objekt_id);
                        $sth = new SQL($sql);
                        $site->debug->msg("EDIT: " . $sql);
                        $parents_to_delete = array();
                        while ($return_row = $sth->fetch()) {
                            $parents_to_delete[] = $return_row['parent_id'];
                        }
                        ############ DELETE
                        $sql = $site->db->prepare("DELETE FROM objekt_objekt WHERE objekt_id=? AND parent_id NOT IN(" . implode(',', $parent_ids) . ")", $objekt->objekt_id);
                        $sth = new SQL($sql);
                        $site->debug->msg("EDIT: " . $sql);
                        ########## Lauri 04092009: reduce comment count for parents from which kommentaar was deleted
                        if ($tyyp['klass'] == 'kommentaar') {
                            $sql = $site->db->prepare("UPDATE objekt SET comment_count = comment_count-1 WHERE objekt_id IN(" . implode(',', $parents_to_delete) . ")");
                            $sth = new SQL($sql);
                            $site->debug->msg("EDIT: " . $sql);
                        }
                    }
                    ############ DELETE
                    # kui on parenteid, mida kustutada:
                    if ($to_delete) {
                        $sql = $site->db->prepare("DELETE FROM objekt_objekt WHERE objekt_id=? AND parent_id IN(?)", $objekt->objekt_id, $to_delete);
                        $sth = new SQL($sql);
                        $site->debug->msg("EDIT: " . $sql);
                        ############ Lauri 04092009: if some more parents got removed, reduce comment_count on them too. have to make sure not to do it twice tho
                        $comments_to_substract = array_diff((array) $to_delete, $parents_to_delete);
                        if ($tyyp['klass'] == 'kommentaar' && count($comments_to_substract)) {
                            $sql = $site->db->prepare("UPDATE objekt SET comment_count = comment_count-1 WHERE objekt_id IN (" . implode(',', $comments_to_substract) . ")");
                            $sth = new SQL($sql);
                            $site->debug->msg("EDIT: " . $sql);
                        }
                    }
                    # / 5. DELETE OLD PARENTS
                    #######################
                }
            }
            # if not fatal parent error (new parent permissions)
            ################################## / DATABASE SQL-s ##################################
            $site->debug->msg("------------ PARENTS END -------------");
            # / PARENTS
            ###################
            ########################
            # INSERT PERMISSIONS
            # lisame uuele objektile t�pselt samad �igused nagu on tema parent objektile.
            # OBJ class check: save permissions only for objects having class "rubriik" (1) or "folder" (22).
            # NB! if you change class conditions here, be sure to change them in Repair database script also!
            # (see also bug #1545)
            if ($tyyp[tyyp_id] == 1 || $tyyp[tyyp_id] == 22) {
                # if object is section or folder
                if ($is_new) {
                    # leia k�ik parenti �igused userite/gruppide kohta:
                    $sql = $site->db->prepare("SELECT * FROM permissions WHERE type=? AND source_id=?", 'OBJ', $parent->objekt_id);
                    $sth = new SQL($sql);
                    # ts�kkel �le parenti �iguste
                    while ($perm = $sth->fetch()) {
                        # lisa �igus uuele objektile
                        $sql2 = $site->db->prepare("INSERT INTO permissions (type,source_id,role_id,group_id,user_id,C,R,U,P,D) VALUES (?,?,?,?,?,?,?,?,?,?)", 'OBJ', $objekt->objekt_id, $perm['role_id'], $perm['group_id'], $perm['user_id'], $perm['C'], $perm['R'], $perm['U'], $perm['P'], $perm['D']);
                        $sth2 = new SQL($sql2);
                    }
                    # ts�kkel �le parenti �iguste
                    // reload permissions for user
                    if (!$site->user->is_superuser) {
                        if ($site->user) {
                            $site->user->permissions = $site->user->load_objpermissions();
                        } elseif ($site->guest) {
                            $site->guest->permissions = $site->guest->load_objpermissions();
                        }
                    }
                }
                # if new, just created object
            }
            # if object is section or folder
            # / INSERT PERMISSIONS
            ########################
            return 1;
        } else {
            ?>
	<center><font class=txt>
		<br>
		<font color=red>&nbsp;<?php 
            echo $errors;
            ?>
</font>
		<br>
		<a href="javascript:history.back();"><?php 
            echo $site->sys_sona(array(sona => "Tagasi", tyyp => "editor"));
            ?>
</a>
	</font></center>
<?php 
        }
        # / print errors
        ###################
    }
    # / 2. usual case
    ###################
}
コード例 #2
0
 # / Gallup_id=1 cookie-sse:
 #################################################
 #### kontrolli kas install.php on kustutatud:
 if ($site->in_editor || $site->in_admin) {
     $site->security_check();
 }
 $site->debug->print_hash($site->fdat, 0, "FDAT");
 $REMOTE_ADDR = $_SERVER["REMOTE_ADDR"];
 # featuur! Kui kasutaja klikib otsele m�nele keelatud lingile,
 # mis n�uab sisselogimist, siis n�idata
 # sisselogimise akent. Kui kasutaja on sisselogitud ja
 # kui objekt on peidetud ja piiratud kasutajale
 # siis n�idata 404 error page
 ##############################################################
 ####### check permissions
 $perm = get_obj_permission(array("objekt_id" => $leht->id));
 # kas useril on �igus objekti n�ha? 1/0
 if (!$perm['R'] && !$leht->site->in_editor) {
     if ($leht->site->user) {
         # POOLELI in ver 4
         #		header("Location: ".$site->CONF['protocol'].$site->CONF['hostname'].$site->CONF['wwwroot']."?id=".$site->alias("404error"));
     } else {
         $leht->site->fdat[op] = "";
         include_once $class_path . "login_html.inc.php";
         admin_login_form(array("site" => $site, "auth_error" => 0));
     }
 }
 #$leht->parents->debug->print_msg();
 #$leht->topmeny->debug->print_msg();
 #$site->debug->print_hash($site->fdat,1,"FDAT");
 #$leht->debug->print_msg();
コード例 #3
0
 /**
 * get_permission 
 * 
 * simplifies usage of general public get_obj_permission() function:
 * inside object class you can get permissions without sending required parameters,
 * this function sends them forward itself (values are taken from object values)
 *
 * @package CMS
 *
 * Call: $obj->permission = $obj->get_permission();
 */
 function get_permission()
 {
     # if object ID provided
     if ($this->objekt_id) {
         $perm = get_obj_permission(array("objekt_id" => $this->objekt_id, "on_avaldatud" => $this->all['on_avaldatud'], "tyyp_id" => $this->all['tyyp_id'], "parent_id" => $this->parent_id));
         #if($this->objekt_id == $this->site->fdat[id]) {
         #print "<br>get_obj_permission: objekt_id => ".$this->objekt_id.", on_avaldatud => ".$this->all['on_avaldatud'].", tyyp_id => ".$this->all['tyyp_id'].", parent_id => ".$this->parent_id;
         #}
     }
     # if object ID provided
     # set permission array also as object property
     $this->permission = $perm;
     return $perm;
 }
コード例 #4
0
    $lang_names[$lang['keel_id']] = $lang['nimi'] . " (" . $lang['extension'] . ")";
}
######### loop over LANGUAGES
foreach ($lang_arr as $keel) {
    print_header_row(array("permissions" => 'C,R,U,P,D', "perm_type" => 'OBJ', "title" => $lang_names[$keel]));
    ##########################
    # Koostame objektide massiivi
    $sql = $site->db->prepare("\r\n\t\t\tSELECT objekt.objekt_id, objekt.pealkiri, objekt.on_avaldatud, objekt.tyyp_id, objekt_objekt.parent_id, objekt.kesk, objekt_objekt.sorteering as sort\r\n\t\t\tFROM objekt \r\n\t\t\tLEFT JOIN objekt_objekt on objekt.objekt_id=objekt_objekt.objekt_id\r\n\t\t\tWHERE objekt.keel=? AND tyyp_id IN(?) AND (objekt_objekt.parent_id<>0 OR objekt.sys_alias=? OR objekt.sys_alias=?)", $keel, "1", 'home', 'system');
    $sql .= " ORDER BY objekt.kesk ASC, objekt_objekt.sorteering DESC ";
    $sth = new SQL($sql);
    #print $sql;
    $obj_count = $sth->rows;
    $temp_tree = array();
    while ($obj = $sth->fetch()) {
        ####### check permissions
        $permtmp = get_obj_permission(array("objekt_id" => $obj['objekt_id'], "on_avaldatud" => $obj['on_avaldatud'], "tyyp_id" => $obj['tyyp_id'], "parent_id" => $obj['parent_id']));
        # kas useril on õigus objekti näha? 1/0
        if ($permtmp['is_visible']) {
            $is_access = 1;
        } else {
            $is_access = 0;
        }
        ######### if access granted
        if ($is_access) {
            $data = array();
            $data['id'] = $obj['objekt_id'];
            $data['parent'] = $obj['parent_id'];
            $data['name'] = $obj['pealkiri'];
            $temp_tree[] = $data;
        }
        # is access
コード例 #5
0
 function on_access($id)
 {
     global $site;
     # kas on �igus kustutada?
     $perm = get_obj_permission(array("objekt_id" => $id));
     return $perm['D'];
 }
コード例 #6
0
 function RubLoetelu()
 {
     $this->BaasObjekt();
     if (func_num_args() > 0) {
         $args = func_get_arg(0);
     }
     $this->ary = array();
     $keel = isset($args['keel']) ? $args['keel'] : $this->site->keel;
     $object_type_ids = $args['object_type_ids'] ? $args['object_type_ids'] : "1,19";
     $tmp_arr = explode(",", $object_type_ids);
     $object_type_ids_arr = array();
     foreach ($tmp_arr as $tyyp_id) {
         $object_type_ids_arr[] = trim($tyyp_id);
     }
     $types_str = "'" . join("','", $object_type_ids_arr) . "'";
     $max_headline_length = $args['max_headline_length'] ? $args['max_headline_length'] : 25;
     $separator = $args['separator'] ? $args['separator'] : "->";
     #########################
     # show objects having required permissions for current user
     $required_perm = array();
     if ($args['required_perm']) {
         $required_perm = split(",", $args['required_perm']);
     }
     # default is is_visible
     if (sizeof($required_perm) <= 0) {
         $required_perm[] = 'is_visible';
     }
     # ignore_perm_for_obj - use it only with "required_perm" if you desperately need to add some objects
     # regarding it's permissions (Bug #1988)
     $ignore_perm_for_obj = array();
     if ($args['ignore_perm_for_obj']) {
         $ignore_perm_for_obj = split(",", $args['ignore_perm_for_obj']);
     }
     #########################
     # get all sections with their parent info
     ## optimization: removed "SELECT A.*" as very greedy select
     $sql = $this->site->db->prepare("\r\n\t\t\tSELECT A.objekt_id, A.on_avaldatud, A.tyyp_id, A.pealkiri, A.sys_alias, A.friendly_url, objekt_objekt.parent_id, B.tyyp_id as parenttyyp, B.pealkiri as parentname \r\n\t\t\tFROM objekt as A \r\n\t\t\tLEFT JOIN objekt_objekt on A.objekt_id=objekt_objekt.objekt_id\r\n\t\t\tLEFT JOIN objekt as B ON B.objekt_id=objekt_objekt.parent_id \r\n\t\t\tWHERE A.tyyp_id IN(" . $types_str . ")");
     if (!$args['ignore_lang']) {
         # created for Bug #1996
         $sql .= $this->site->db->prepare("AND A.keel=? ", $keel);
     }
     $sth = new SQL($sql);
     $this->debug->msg($sth->debug->get_msgs());
     #########################
     # loop over sections / Product Category / Folder
     while ($rubriigid = $sth->fetch()) {
         $is_access = 0;
         if ($rubriigid['parenttyyp'] == '' || in_array($rubriigid['parenttyyp'], $object_type_ids_arr)) {
             $key = $rubriigid['objekt_id'];
             ####### check permissions
             $perm = get_obj_permission(array("objekt_id" => $rubriigid['objekt_id'], "on_avaldatud" => $rubriigid['on_avaldatud'], "tyyp_id" => $rubriigid['tyyp_id'], "parent_id" => $rubriigid['parent_id']));
             # kas useril on vajalik õigus selle objekti kohta olemas
             foreach ($required_perm as $req_perm) {
                 if ($perm[$req_perm]) {
                     # hm, kas ei peaks mitte olema lisaks: && $perm['is_visible'] ?
                     $is_access = 1;
                 }
                 if (is_array($ignore_perm_for_obj) && in_array($rubriigid['objekt_id'], $ignore_perm_for_obj)) {
                     $is_access = 1;
                 }
                 #print("<hr>	".$key." = ".$rubriigid[pealkiri]." ! ".$req_perm." ! :: access = ".$is_access);
             }
             #print("<br>	".$key." = ".$rubriigid[pealkiri]." :: access = ".$is_access);
             #################
             # debug
             $this->debug->msg($key . " = " . $rubriigid[pealkiri] . " :: access = " . $is_access);
             #################
             # make section names array
             $names[$key] = $rubriigid['pealkiri'];
             # strip name longer than 25 char
             if (strlen($names[$key]) > $max_headline_length) {
                 $names[$key] = substr($names[$key], 0, $max_headline_length) . "...";
             }
             #################
             # if privileges are OK, go on
             if ($is_access) {
                 #################
                 # make parents array
                 $parents[$key] = $rubriigid['parent_id'];
                 ## for extra, save sys_alias array: id => sys_alias
                 if (trim($rubriigid['sys_alias'])) {
                     $this->sys_alias_arr[$key] = $rubriigid['sys_alias'];
                 }
                 ## for extra, save alias array: id => alias
                 if (trim($rubriigid['friendly_url'])) {
                     $this->alias_arr[$key] = $rubriigid['friendly_url'];
                 }
             }
             # if privileges are OK
             ### save all parents to separate array (Bug #1650)
             $all_parents[$key] = $rubriigid['parent_id'];
         }
         # if parenttyyp
     }
     # / loop over sections
     #########################
     $this->debug->msg("Start looping over allowed sections");
     #################
     # loop over parents array
     if (is_array($parents)) {
         foreach (array_keys($parents) as $key) {
             $this->debug->msg("key: {$key}");
             $path = "";
             $parent = $key;
             $debug_parent = "";
             $loop = 0;
             do {
                 $debug_parent .= "{$parent}...";
                 # exclude IDs from path when needed
                 if (!in_array($parent, split(",", $args['exclude_id']))) {
                     $path = $names[$parent] . ($parent != $key ? $separator : "") . $path;
                 }
                 $parent = $all_parents[$parent];
                 $loop++;
                 if ($loop > 100) {
                     new Log(array('type' => 'ERROR', 'message' => 'Neverending loop! ID: ' . $parent, 'user_id' => 0));
                     exit;
                 }
             } while ($parent);
             ## save main array: id => name path
             $topparents[$key] = $path;
             $this->debug->msg("{$debug_parent} :: {$path}");
         }
     }
     # / loop over parents array
     #################
     $this->ary = $topparents;
 }
コード例 #7
0
 function Alampuu()
 {
     $args = func_get_arg(0);
     $this->BaasObjekt();
     $this->parent_id = $args['parent_id'];
     $this->tyyp_idlist = $args['tyyp_idlist'];
     $this->skip_permissions_check = $args['skip_permissions_check'];
     #$on_admin = $args['on_admin']; # parameter on_admin was in ver3-s passed as "$site->admin"
     # in ver4 it is deprecated and replaced with "skip_permissions_check":
     $on_admin = $this->skip_permissions_check;
     $this->objects = array();
     # main result
     if ($this->tyyp_idlist) {
         $this->tyyp_idlist_arr = split(",", $this->tyyp_idlist);
         $wheretyyp = $this->site->db->prepare(" AND tyyp_id IN('" . join("','", $this->tyyp_idlist_arr) . "') ");
     }
     /******* DEPRECATED: old ver 3
     		$kasutaja_grupp = count($this->site->kasutaja->grupp)>0 ? join(",",$this->site->kasutaja->grupp) : "";
     		# Kui kasutajal grupp ei ole defineeritud või pole ta sisselogitud, 
     		# siis ta kuulub gruppile "All website visitors"
     		if (!$kasutaja_grupp){$kasutaja_grupp=100;}
     *********/
     $parents = explode(',', $this->parent_id);
     $tase = 0;
     ##### recursive loop over parents
     while (sizeof($parents) > 0 && $tase++ < 50) {
         $this->debug->msg("Next Round, parents = " . join(",", $parents));
         /******** new quick hack SQL - POOLELI  */
         $sql = $this->site->db->prepare("\r\n\t\t\t\tSELECT objekt.objekt_id, objekt.on_avaldatud, objekt.tyyp_id,objekt_objekt.parent_id\r\n\t\t\t\tFROM objekt \r\n\t\t\t\tLEFT JOIN objekt_objekt on objekt.objekt_id=objekt_objekt.objekt_id \r\n\t\t\t\tWHERE parent_id IN ('" . join("','", $parents) . "') {$wheretyyp}\r\n\t\t\t\t" . ($this->site->in_editor || $this->site->in_admin ? "" : " AND objekt.on_avaldatud=1 ") . "\r\n\t\t\t\tGROUP BY objekt.objekt_id, objekt.on_avaldatud, objekt.tyyp_id,objekt_objekt.parent_id");
         $sth = new SQL($sql);
         # print "<br>".$sql;
         $this->debug->msg($sth->debug->get_msgs());
         $this->objects = array_merge($this->objects, $parents);
         $parents = array();
         while ($obj = $sth->fetch()) {
             $is_access = 0;
             if ($this->skip_permissions_check) {
                 # if skip
                 $is_access = 1;
             } else {
                 ####### check permissions
                 $perm = get_obj_permission(array("objekt_id" => $obj['objekt_id'], "on_avaldatud" => $obj['on_avaldatud'], "tyyp_id" => $obj['tyyp_id'], "parent_id" => $obj['parent_id']));
                 # kas useril on õigus objekti näha? 1/0
                 if ($perm['is_visible']) {
                     $is_access = 1;
                 } else {
                     $is_access = 0;
                 }
             }
             # skip/check permissions
             ######### if access granted and not duplicate object
             if ($is_access && !in_array($obj['objekt_id'], $this->objects)) {
                 array_push($parents, $obj['objekt_id']);
             }
         }
     }
     ###### / recursive loop over parents
     $this->objektid =& $this->objects;
     # alias for ver3
     $this->size = sizeof($this->objects);
 }
コード例 #8
0
 function get_edit_buttons()
 {
     $args = func_get_arg(0);
     # EDITOR-AREA CHECK: print buttons only for editor-area, else return nothing
     if (!$this->site->in_editor && !$this->site->in_admin && !$args['button_always_visble']) {
         return "";
     }
     $self = $this->site->safeURI;
     $parent_id = $this->parent_id;
     $kesk = $this->asukoht;
     $keel = is_numeric($args["keel"]) ? $args["keel"] : $this->site->keel;
     # get parent permissions
     $perm = get_obj_permission(array("objekt_id" => $this->parent_id));
     ######### if user has C or U or P or D  permission (see also Bug #1985)
     # then show buttons, otherwise show nothing
     if (!($perm['C'] || $perm['U'] || $perm['P'] || $perm['D'])) {
         return "";
     }
     ######### nuppude v�rvid
     if (preg_match("/^\\d+\$/", $args[tyyp_idlist])) {
         $type = $args[tyyp_idlist];
     } else {
         $type = $this->klass;
     }
     $result = '';
     $admpath = $this->site->CONF["wwwroot"] . $this->site->CONF["adm_path"];
     $imgpath = $this->site->CONF["wwwroot"] . $this->site->CONF["adm_img_path"];
     # juhul kui t��p on asset, siis PEAB alati kaasas olema ka profiili ID (muidu ei oma custom asset m�tet)
     # igal juhul lisada nupu urlile ka 'profile_id' (by merle 19.11.2004)
     if (stristr($args[tyyp_idlist], "20")) {
         $profile = "&profile_id=" . $args[profile_id];
     }
     # NEW nupp:
     if (!$args["only_edit"]) {
         if (!$args["peida_text"]) {
             # klassi nime pole => kirjuta 'uus'
             $sona = $this->site->sys_sona(array("sona" => "new", "tyyp" => "editor")) . '...';
             # kui ette ei antud komadega t��pide list vaid anti 1 klass, kirjuta ka klassi nimi
             if (!stristr($this->klass, ',')) {
                 $sona = $this->site->sys_sona(array('sona' => 'new', 'tyyp' => 'editor', 'lang_id' => $_SESSION['keel_admin']['glossary_id'])) . ' ' . strtolower($this->site->sys_sona(array('sona' => 'tyyp_' . $this->klass, 'tyyp' => 'System', 'lang_id' => $_SESSION['keel_admin']['glossary_id'])));
             }
         }
         if ($perm['C']) {
             // set different sizes for article editor and section editor
             // articles
             if ($args['tyyp_idlist'] == "2") {
                 $new_object_popupsize = "880,660";
             } else {
                 if ($args['tyyp_idlist'] == "1" && id) {
                     $new_object_popupsize = "512,201";
                 } else {
                     if ($args['tyyp_idlist'] == "1" && !id) {
                         $new_object_popupsize = "512,182";
                     } else {
                         $new_object_popupsize = "450,430";
                     }
                 }
             }
             $result = '<a class="scms_new_object" href="javascript:void(0);" onclick="javascript:avaaken(\'' . (empty($_SERVER['HTTPS']) ? 'http://' : 'https://') . $this->site->CONF['hostname'] . $this->site->CONF['wwwroot'] . '/admin/edit.php?op=new&keel=' . $keel . '&parent_id=' . $parent_id . '&kesk=' . $kesk . '&ttyyp_id=' . $ttyyp_id . '&tyyp_idlist=' . $args['tyyp_idlist'] . '&profile_id=' . $args[profile_id] . '&publish=' . $args['publish'] . ($args['tyyp_idlist'] == 2 ? '&allow_comments=' . $args['allow_comments'] : '') . ($args['sys_alias'] ? '&sys_alias=' . $args['sys_alias'] : '') . '\',' . $new_object_popupsize . ')">' . $sona . '</a>';
         }
     }
     return $result;
 }