require $xerte_toolkits_site->php_library_path . "user_library.php";
/*
* Check the ID is numeric
*/
if (isset($_SESSION['toolkits_logon_id'])) {
if (is_numeric($_GET['template_id'])) {
$safe_template_id = (int) $_GET['template_id'];
// Need to run a proper string replace on any embedded instances of '$xerte_toolkits_site->database_table_prefix' so it's actually expanded.
$query_for_preview_content_strip = str_replace("\" . \$xerte_toolkits_site->database_table_prefix . \"", $xerte_toolkits_site->database_table_prefix, $xerte_toolkits_site->play_edit_preview_query);
/*
* Standard query
*/
$query_for_preview_content = str_replace("TEMPLATE_ID_TO_REPLACE", $safe_template_id, $query_for_preview_content_strip);
$row = db_query_one($query_for_preview_content);
// get their username from the db which matches their login_id from the $_SESSION
$row_username = db_query_one("select username from {$xerte_toolkits_site->database_table_prefix}logindetails where login_id=?", array($row['user_id']));
// is there a matching template?
if (!empty($row)) {
// if they're an admin or have rights to see the template, then show it.
if (is_user_admin() || has_rights_to_this_template($row['template_id'], $_SESSION['toolkits_logon_id'])) {
require $xerte_toolkits_site->root_file_path . "modules/" . $row['template_framework'] . "/preview_site.php";
show_preview_code($row, $row_username);
exit(0);
}
}
} else {
echo PREVIEW_RESOURCE_FAIL;
}
} else {
echo PREVIEW_RESOURCE_FAIL;
}
/*
* Check the ID is numeric
*/
if (isset($_SESSION['toolkits_logon_id'])) {
if (is_numeric($_GET['template_id'])) {
$safe_template_id = (int) $_GET['template_id'];
/*
* Standard query
*/
$query_for_preview_content = "select otd.template_name, ld.username, otd.template_framework, tr.user_id, tr.folder, tr.template_id, td.access_to_whom, td.extra_flags";
$query_for_preview_content .= " from " . $xerte_toolkits_site->database_table_prefix . "originaltemplatesdetails otd, " . $xerte_toolkits_site->database_table_prefix . "templaterights tr, " . $xerte_toolkits_site->database_table_prefix . "templatedetails td, " . $xerte_toolkits_site->database_table_prefix . "logindetails ld";
$query_for_preview_content .= " where td.template_type_id = otd.template_type_id and td.creator_id = ld.login_id and tr.template_id = td.template_id and tr.template_id=" . $safe_template_id . " and role='creator'";
$row = db_query_one($query_for_preview_content);
if (!empty($row)) {
// get their username from the db which matches their login_id from the $_SESSION
// ???? This is just the same user as in the previous query, NOT from the session. WHY?
//$row_username = db_query_one("select username from {$xerte_toolkits_site->database_table_prefix}logindetails where login_id=?", array($row['user_id']));
require $xerte_toolkits_site->root_file_path . "modules/" . $row['template_framework'] . "/preview.php";
// is there a matching template?
// if they're an admin or have rights to see the template, then show it.
if (is_user_admin() || has_rights_to_this_template($row['template_id'], $_SESSION['toolkits_logon_id'])) {
show_preview_code($row);
exit(0);
}
}
} else {
echo PREVIEW_RESOURCE_FAIL;
}
} else {
echo PREVIEW_RESOURCE_FAIL;
}
