// =============================
$query_sections = $backend->db()->query('SELECT `module` FROM `' . CAT_TABLE_PREFIX . 'sections` WHERE `page_id`= ' . $page_id . ' AND `section_id` = ' . $update_section_id);
if ($query_sections->numRows() == 1) {
if ($section = $query_sections->fetchRow(MYSQL_ASSOC)) {
if (!is_numeric(array_search($section['module'], $module_permissions))) {
$sql = $block != '' ? '`block` = ' . $backend->add_slashes($block) . ', ' : '';
$sql .= $name != '' ? '`name` = "' . mysql_real_escape_string($name) . '", ' : '';
$date_from = $day_from * $month_from * $year_from > 0 ? mktime($hour_from, $minute_from, 0, $month_from, $day_from, $year_from) : 0;
$date_to = $day_to * $month_to * $year_to > 0 ? mktime($hour_to, $minute_to, 0, $month_to, $day_to, $year_to) : 0;
if ($date_from > $date_to) {
$backend->print_error($backend->lang->translate('Please check your entries for dates'), CAT_ADMIN_URL . '/pages/modify.php?page_id=' . $page_id);
}
$sql .= '`publ_start` = ' . $date_from . ', ';
$sql .= '`publ_end` = ' . $date_to . ', ';
$sql .= '`modified_when` = "' . time() . '", ';
$sql .= '`modified_by` = ' . CAT_Users::get_user_id();
$backend->db()->query('UPDATE ' . CAT_TABLE_PREFIX . 'sections SET ' . $sql . ' WHERE `page_id`= ' . $page_id . ' AND section_id = ' . $update_section_id . ' LIMIT 1');
}
} else {
$backend->print_error('You do not have permissions to modify this page', CAT_ADMIN_URL . '/pages/modify.php?page_id=' . $page_id);
}
} else {
$backend->print_error('Section not found', CAT_ADMIN_URL . '/pages/modify.php?page_id=' . $page_id);
}
}
// ============================================
// ! Check for error or print success message
// ============================================
if ($backend->db()->isError()) {
$backend->print_error($backend->db()->getError(), CAT_ADMIN_URL . '/pages/modify.php?page_id=' . $page_id);
} else {
/**
* edit a droplet
**/
function edit_droplet($id)
{
global $parser, $val, $backend;
$groups = CAT_Users::get_groups_id();
if ($id == 'new' && !CAT_Helper_Droplet::is_allowed('add_droplets', $groups)) {
$backend->print_error($backend->lang()->translate("You don't have the permission to do this"));
} else {
if (!CAT_Helper_Droplet::is_allowed('modify_droplets', $groups)) {
$backend->print_error($backend->lang()->translate("You don't have the permission to do this"));
}
}
$problem = NULL;
$info = NULL;
$details = NULL;
$problems = array();
if ($val->get('_REQUEST', 'cancel')) {
return list_droplets();
}
if ($id != 'new') {
$data = CAT_Helper_Droplet::getDroplet($id);
} else {
$data = array('name' => '', 'active' => 1, 'description' => '', 'code' => '', 'comments' => '');
}
if ($val->get('_REQUEST', 'save') || $val->get('_REQUEST', 'save_and_back')) {
// check the code before saving
if (($result = CAT_Helper_Droplet::check_syntax($val->get('_POST', 'code'))) !== true) {
$problem = $backend->lang()->translate('Please check the syntax!');
foreach ($result as $error => $line) {
$details .= "<br />{$error} (" . $backend->lang()->translate('Line') . ": {$line})";
}
$data = $_POST;
$data['code'] = htmlspecialchars($data['code']);
} else {
// syntax okay, check fields and save
if ($val->sanitizePost('name') == '') {
$problems[] = $backend->lang()->translate('Please enter a name!');
}
if ($val->sanitizePost('code') == '') {
$problems[] = $backend->lang()->translate('You have entered no code!');
}
if (!count($problems)) {
$continue = true;
$title = $val->sanitizePost('name', NULL, true);
$active = $val->sanitizePost('active');
$show_wysiwyg = $val->sanitizePost('show_wysiwyg');
$description = $val->sanitizePost('description', NULL, true);
$tags = array('<?php', '?>', '<?');
$content = str_replace($tags, '', $val->sanitizePost('code'));
$comments = $val->sanitizePost('comments', NULL, true);
$modified_when = time();
$modified_by = CAT_Users::get_user_id();
if ($id == 'new') {
// check for doubles
$found = CAT_Helper_Droplet::getDropletByName($title);
if ($found) {
$problem = $backend->lang()->translate('There is already a droplet with the same name!');
$continue = false;
$data = $_POST;
$data['code'] = stripslashes($_POST['code']);
} else {
$new_id = CAT_Helper_Droplet::insertDroplet(array('name' => $title, 'code' => $content, 'description' => $description, 'time' => $modified_when, 'userid' => $modified_by, 'active' => $active, 'comment' => $comments, 'wysiwyg' => $show_wysiwyg));
if (!$new_id) {
echo "ERROR: ", $backend->db()->getError();
}
}
} else {
CAT_Helper_Droplet::updateDroplet($id, array('name' => $title, 'code' => $content, 'description' => $description, 'time' => $modified_when, 'userid' => $modified_by, 'active' => $active, 'comment' => $comments, 'wysiwyg' => $show_wysiwyg));
$data = CAT_Helper_Droplet::getDroplet($id);
// reload
}
if ($continue) {
// Check if there is a db error
if ($backend->db()->isError()) {
$problem = $backend->db()->getError();
} else {
if ($id == 'new' || $val->get('_REQUEST', 'save_and_back')) {
list_droplets($backend->lang()->translate('The Droplet was saved'));
return;
// should never be reached
} else {
$info = $backend->lang()->translate('The Droplet was saved');
}
}
}
} else {
$problem = implode("<br />", $problems);
}
}
}
defined("ENT_HTML401") or define("ENT_HTML401", 0);
defined("ENT_COMPAT") or define("ENT_COMPAT", 2);
$data['code'] = htmlspecialchars($data['code'], ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
$parser->output('edit.tpl', array('problem' => $problem, 'details' => $details, 'info' => $info, 'data' => $data, 'id' => $id, 'name' => $data['name']));
}
/**
* Install a Droplet from a ZIP file (the ZIP may contain more than one
* Droplet)
*
* @access public
* @param string $temp_file - name of the ZIP file
* @return array see droplets_import() method
*
**/
public static function installDroplet($temp_file)
{
$self = self::getInstance();
$temp_unzip = CAT_PATH . '/temp/droplets_unzip/';
CAT_Helper_Directory::createDirectory($temp_unzip);
$errors = array();
$imports = array();
$count = 0;
// extract file
$list = CAT_Helper_Zip::getInstance($temp_file)->config('Path', $temp_unzip)->extract();
// get .php files
$files = CAT_Helper_Directory::getPHPFiles($temp_unzip, $temp_unzip . '/');
// now, open all *.php files and search for the header;
// an exported droplet starts with "//:"
foreach ($files as $file) {
if (pathinfo($file, PATHINFO_FILENAME) !== 'index' && pathinfo($file, PATHINFO_EXTENSION) == 'php') {
$description = NULL;
$usage = NULL;
$code = NULL;
// Name of the Droplet = Filename
$name = pathinfo($file, PATHINFO_FILENAME);
// Slurp file contents
$lines = file($temp_unzip . '/' . $file);
// First line: Description
if (preg_match('#^//\\:(.*)$#', $lines[0], $match)) {
$description = addslashes($match[1]);
array_shift($lines);
}
// Second line: Usage instructions
if (preg_match('#^//\\:(.*)$#', $lines[0], $match)) {
$usage = addslashes($match[1]);
array_shift($lines);
}
// there may be more comment lines; they will be added to the usage instructions
while (preg_match('#^//(.*)$#', $lines[0], $match)) {
$usage .= addslashes(trim($match[1]));
array_shift($lines);
}
if (!$description && !$usage) {
// invalid file
$errors[$file] = CAT_Helper_Directory::getInstance()->lang()->translate('No valid Droplet file (missing description and/or usage instructions)');
continue;
}
// Remaining: Droplet code
$code = implode('', $lines);
// replace 'evil' chars in code
$tags = array('<?php', '?>', '<?');
//$code = addslashes(str_replace($tags, '', $code));
$code = str_replace($tags, '', $code);
// Already in the DB?
$stmt = 'INSERT';
$id = NULL;
$found = $self->db()->query("SELECT * FROM `:prefix:mod_droplets` WHERE name=:name", array('name' => $name));
if ($found->rowCount()) {
$stmt = 'REPLACE';
$id = $found->fetchColumn();
}
// execute
$q = "{$stmt} INTO `:prefix:mod_droplets` SET " . ($id ? 'id=' . $id . ', ' : '') . '`name`=:name, `code`=:code, `description`=:desc, ' . '`modified_when`=:when, `modified_by`=:userid, ' . '`active`=:active, `comments`=:usage';
$params = array('name' => $name, 'code' => $code, 'desc' => $description, 'when' => time(), 'userid' => CAT_Users::get_user_id(), 'active' => 1, 'usage' => $usage);
$result = $self->db()->query($q, $params);
if (!$self->db()->isError()) {
$count++;
$imports[$name] = 1;
} else {
$errors[$name] = $self->db()->getError();
}
}
// check for data directory
if (file_exists($temp_unzip . '/data')) {
// copy all files
CAT_Helper_Directory::copyRecursive($temp_unzip . '/data', dirname(__FILE__) . '/data/');
}
}
// cleanup; ignore errors here
CAT_Helper_Directory::removeDirectory($temp_unzip);
return array('count' => $count, 'errors' => $errors, 'imported' => $imports);
}
/**
* Check whether a page is visible or not
* This will check page-visibility, user- and group permissions
*
* @access public
* @param integer $page_id
* @return boolean
**/
public static function isVisible($page_id)
{
$show_it = false;
$page = self::properties($page_id);
switch ($page['visibility']) {
// never shown in FE
case 'none':
case 'deleted':
$show_it = false;
break;
// shown if called, but not in menu
// shown if called, but not in menu
case 'hidden':
if (self::selectPage() == $page_id) {
$show_it = true;
}
break;
// always visible
// always visible
case 'public':
$show_it = true;
break;
// shown if user is allowed
// shown if user is allowed
case 'private':
case 'registered':
if (CAT_Users::is_authenticated() == true) {
// check language
if (CAT_Registry::get('PAGE_LANGUAGES') == 'false' || (self::properties($page_id, 'language') == '' || self::properties($page_id, 'language') == LANGUAGE)) {
$show_it = CAT_Users::is_group_match(CAT_Users::get_groups_id(), $page['viewing_groups']) || CAT_Users::is_group_match(CAT_Users::get_user_id(), $page['viewing_users']) || CAT_Users::is_root();
}
} else {
$show_it = false;
}
break;
}
return $show_it;
}
/**
*
* @access public
* @return
**/
public static function updateWhenModified()
{
global $update_when_modified, $page_id, $section_id;
// if changes were made, the var might be set
if (isset($update_when_modified) && $update_when_modified == true) {
self::getInstance()->db()->query("UPDATE `:prefix:pages` SET modified_when=:mod, modified_by=:by WHERE page_id=:id", array('mod' => time(), 'by' => CAT_Users::get_user_id(), 'id' => $page_id));
if ($section_id) {
self::getInstance()->db()->query("UPDATE `:prefix:sections` SET modified_when=:mod, modified_by=:by WHERE section_id=:id", array('mod' => time(), 'by' => CAT_Users::get_user_id(), 'id' => $section_id));
}
}
}
public function get_user_id()
{
return CAT_Users::get_user_id();
}
