/**
* this method may be called by modules to handle a droplet upload
**/
function droplets_upload($input)
{
// Set temp vars
$temp_dir = CAT_Helper_Directory::sanitizePath(CAT_PATH . '/temp/');
$temp_file = CAT_Helper_Directory::sanitizePath($temp_dir . $_FILES[$input]['name']);
$temp_unzip = CAT_Helper_Directory::sanitizePath(CAT_PATH . '/temp/unzip/');
$errors = array();
// Try to upload the file to the temp dir
if (!move_uploaded_file($_FILES[$input]['tmp_name'], $temp_file)) {
return array('error', CAT_Helper_Directory::getInstance()->lang()->translate('Upload failed'));
}
$result = droplets_import($temp_file, $temp_unzip);
// Delete the temp zip file
if (file_exists($temp_file)) {
unlink($temp_file);
}
CAT_Helper_Directory::removeDirectory($temp_unzip);
// show errors
if (isset($result['errors']) && is_array($result['errors']) && count($result['errors']) > 0) {
return array('error', $result['errors'], NULL);
}
// return success
return array('success', $result['count']);
}
$val = CAT_Helper_Validate::getInstance();
header('Content-type: application/json');
$ajax['file'] = $val->sanitizePost('file');
$ajax['file_path'] = $val->sanitizePost('file_path');
if ($ajax['file'] == '' || $ajax['file_path'] == '' || $users->checkPermission('media', 'media_delete') !== true) {
$ajax = array('message' => 'You don\'t have the permission to delete this file. Check your system settings.', 'success' => false);
print json_encode($ajax);
exit;
} else {
// ============================
// ! Try to delete file/folder
// ============================
$link = CAT_PATH . $ajax['file_path'] . '/' . $ajax['file'];
if (file_exists($link)) {
$kind = is_dir($link) ? 'dir' : 'file';
if (is_dir($link) && CAT_Helper_Directory::removeDirectory($link)) {
$ajax['message'] = $backend->lang()->translate('Folder deleted successfully');
$ajax['success'] = true;
} elseif (is_file($link) && unlink($link)) {
$ajax['message'] = $backend->lang()->translate('File deleted successfully');
$ajax['success'] = true;
} else {
$ajax['message'] = $kind == 'dir' ? $backend->lang()->translate('Cannot delete the selected directory') : $backend->lang()->translate('Cannot delete the selected file');
$ajax['success'] = false;
}
} else {
$ajax['message'] = $backend->lang()->translate('Couldn\'t find the folder or file');
$ajax['success'] = false;
}
print json_encode($ajax);
}
print json_encode($ajax);
exit;
}
$visibility = $page['visibility'];
$use_trash = false;
// Check if we should delete it or just set the visibility to 'deleted'
if (PAGE_TRASH !== false && $visibility != 'deleted') {
$ajax_status = 1;
// Page trash is enabled and page has not yet been deleted
$result = CAT_Helper_Page::deletePage($page_id, true);
$use_trash = true;
} else {
$ajax_status = 0;
$result = CAT_Helper_Page::deletePage($page_id);
}
if (!$result) {
$ajax = array('message' => $backend->lang()->translate('An error occured (using trash: {{trash}})', array('trash' => $use_trash ? $backend->lang()->translate('Yes') : $backend->lang()->translate('No'))) . ($backend->db()->isError() ? ' (DB error: ' . $backend->db()->getError() . ')' : ''), 'success' => false);
print json_encode($ajax);
exit;
} else {
// delete empty parent dir
$directory = CAT_PATH . PAGES_DIRECTORY . CAT_Helper_Page::properties($page_id, 'link');
$directory = pathinfo($directory, PATHINFO_DIRNAME);
if (is_dir($directory) && rtrim($directory, '/') != CAT_PATH . PAGES_DIRECTORY && CAT_Helper_Directory::is_empty($directory, true)) {
CAT_Helper_Directory::removeDirectory($directory);
}
$ajax = array('message' => $backend->lang()->translate('Page(s) deleted successfully'), 'status' => $ajax_status, 'success' => true);
print json_encode($ajax);
exit;
}
exit;
/**
*
* @access public
* @return
**/
public static function uninstallModule($type, $addon_name)
{
// keep old modules happy
global $wb, $admin, $database;
switch ($type) {
case 'languages':
// is default or used by current user
if ($addon_name == DEFAULT_LANGUAGE || $addon_name == LANGUAGE) {
$temp = array('name' => $addon_name, 'type' => $addon_name == DEFAULT_LANGUAGE ? self::getInstance()->lang()->translate('standard language') : self::getInstance()->lang()->translate('current language'));
return self::getInstance()->lang()->translate('Cannot uninstall this language <span class="highlight_text">{{name}}</span> because it is the {{type}}!', $temp);
}
// used by other users
$query_users = self::getInstance()->db()->query("SELECT `user_id` FROM `:prefix:users` WHERE language=:lang LIMIT 1", array('lang' => $addon_name));
if ($query_users->rowCount() > 0) {
return self::getInstance()->lang()->translate('Cannot uninstall this language <span class="highlight_text">{{name}}</span> because it is in use!', array('name' => $addon_name));
}
break;
case 'modules':
// check if the module is still in use
$info = self::getInstance()->db()->query("SELECT `section_id`, `page_id` FROM `:prefix:sections` WHERE module=:mod", array('mod' => $addon_name));
if ($info->rowCount() > 0) {
$temp = explode(";", self::getInstance()->lang()->translate('this page;these pages'));
$add = $info->rowCount() == 1 ? $temp[0] : $temp[1];
$values = array('type' => self::getInstance()->lang()->translate('Module'), 'type_name' => $type, 'pages_string' => $add, 'count' => $info->rowCount(), 'name' => $addon_name);
$pages = array();
while (false != ($data = $info->fetchRow(MYSQL_ASSOC))) {
// skip negative page id's
if (substr($data['page_id'], 0, 1) == '-') {
continue;
}
$pages[] = sprintf('<a href="%s">%s</a>', CAT_Helper_Page::getLink($data['page_id']), CAT_Helper_Page::properties($data['page_id'], 'menu_title'));
}
$values['pages'] = implode('<br />', $pages);
return self::getInstance()->lang()->translate('Cannot uninstall module <span class="highlight_text">{{name}}</span> because it is in use on {{pages_string}}:<br /><br />{{pages}}', $values);
}
// some modules cannot be removed (used by system)
if (!self::isRemovable($addon_name)) {
return self::getInstance()->lang()->translate('Cannot uninstall module <span class="highlight_text">{{name}}</span> because it is marked as mandatory!', array('name' => $addon_name));
}
if (defined('WYSIWYG_EDITOR') && $addon_name == WYSIWYG_EDITOR) {
return self::getInstance()->lang()->translate('Cannot uninstall module <span class="highlight_text">{{name}}</span> because it is the standard WYSWIWYG editor!', array('name' => $addon_name));
}
break;
case 'templates':
if ($addon_name == DEFAULT_THEME || $addon_name == DEFAULT_TEMPLATE) {
$temp = array('name' => $addon_name, 'type' => $addon_name == DEFAULT_TEMPLATE ? self::getInstance()->lang()->translate('default template') : self::getInstance()->lang()->translate('default backend theme'));
return self::getInstance()->lang()->translate('Cannot uninstall template <span class="highlight_text">{{name}}</span> because it is the {{type}}!', $temp);
}
$info = self::getInstance()->db()->query("SELECT `page_id`, `page_title` FROM `:prefix:pages` WHERE template=:name order by page_title", array('name' => $addon_name));
if ($info->rowCount() > 0) {
$msg_template_str = 'Cannot uninstall template <span class="highlight_text">{{name}}</span> because it is still in use on {{pages}}:';
$temp = explode(';', self::getInstance()->lang()->translate('this page;these pages'));
$add = $info->rowCount() == 1 ? $temp[0] : $temp[1];
$page_template_str = "<li><a href='../pages/settings.php?page_id={{id}}'>{{title}}</a></li>";
$values = array('pages' => $add, 'name' => $addon_name);
$msg = self::getInstance()->lang()->translate($msg_template_str, $values);
$page_names = '<ul>';
while ($data = $info->fetchRow()) {
$page_info = array('id' => $data['page_id'], 'title' => $data['page_title']);
$page_names .= self::getInstance()->lang()->translate($page_template_str, $page_info);
}
$page_names .= '</ul>';
return $msg . $page_names;
}
break;
default:
break;
}
// end switch
// all checks succeeded, try to uninstall
if (file_exists(CAT_PATH . '/' . $type . '/' . $addon_name . '/uninstall.php')) {
require CAT_PATH . '/' . $type . '/' . $addon_name . '/uninstall.php';
}
// Remove entry from DB
if ($type != 'languages') {
self::getInstance()->db()->query("DELETE FROM `:prefix:addons` WHERE directory=:dir AND type=:type", array('dir' => $addon_name, 'type' => substr($type, 0, -1)));
if (self::getInstance()->db()->isError()) {
return self::getInstance()->db()->getError();
}
$stmt = self::getInstance()->db()->query('SELECT * FROM `:prefix:groups` WHERE group_id <> 1');
if ($stmt->rowCount() > 0) {
while ($row = $stmt->fetchRow(MYSQL_ASSOC)) {
$gid = $row['group_id'];
$file = $addon_name;
// get current value
$permissions = explode(',', $row[substr($type, 0, -1) . '_permissions']);
// remove uninstalled module
if (in_array($file, $permissions)) {
$i = array_search($file, $permissions);
array_splice($permissions, $i, 1);
$permissions = array_unique($permissions);
asort($permissions);
// Update the database
$addon_permissions = implode(',', $permissions);
self::getInstance()->db()->query(sprintf("UPDATE `:prefix:groups` SET %s_permissions=:perm WHERE group_id=:id", substr($type, 0, -1)), array('perm' => $addon_permissions, 'id' => $gid));
}
}
}
// Try to delete the module dir
if (!CAT_Helper_Directory::removeDirectory(CAT_PATH . '/' . $type . '/' . $addon_name)) {
return self::getInstance()->lang()->translate('Cannot uninstall - unable to delete the directory!');
}
} else {
self::getInstance()->db()->query("DELETE FROM `:prefix:addons` WHERE directory=:dir AND type=:type", array('dir' => $addon_name, 'type' => substr($type, 0, -1)));
if (self::getInstance()->db()->isError()) {
return self::getInstance()->db()->getError();
}
unlink(CAT_PATH . '/languages/' . $addon_name . '.php');
}
return true;
}
/**
*
**/
function export_droplets()
{
global $parser, $val, $backend;
$groups = CAT_Users::get_groups_id();
if (!CAT_Helper_Droplet::is_allowed('export_droplets', $groups)) {
$backend->print_error($backend->lang()->translate("You don't have the permission to do this"));
}
$info = array();
// get all marked droplets
$marked = isset($_POST['markeddroplet']) ? $_POST['markeddroplet'] : array();
if (isset($marked) && !is_array($marked)) {
$marked = array($marked);
}
if (!count($marked)) {
return $backend->lang()->translate('Please mark some Droplets to export');
}
$temp_dir = CAT_PATH . '/temp/droplets/';
// make the temporary working directory
@mkdir($temp_dir);
foreach ($marked as $id) {
$droplet = CAT_Helper_Droplet::getDroplet($id);
$name = $droplet["name"];
$usage = preg_replace('/[\\x00-\\x1F\\x7F]/', "\n//", $droplet['comments']);
if (substr($usage, -2, 2) == '//') {
$usage = substr($usage, 0, -3);
}
$info[] = 'Droplet: ' . $name . '.php<br />';
$sFile = $temp_dir . $name . '.php';
$fh = fopen($sFile, 'w');
fwrite($fh, '//:' . $droplet['description'] . "\n");
fwrite($fh, '//:' . $usage . "\n");
fwrite($fh, $droplet['code']);
fclose($fh);
$file = NULL;
// look for a data file
if (file_exists(dirname(__FILE__) . '/data/' . $droplet['name'] . '.txt')) {
$file = CAT_Helper_Directory::sanitizePath(dirname(__FILE__) . '/data/' . $droplet['name'] . '.txt');
} elseif (file_exists(dirname(__FILE__) . '/data/' . strtolower($droplet['name']) . '.txt')) {
$file = CAT_Helper_Directory::sanitizePath(dirname(__FILE__) . '/data/' . strtolower($droplet['name']) . '.txt');
} elseif (file_exists(dirname(__FILE__) . '/data/' . strtoupper($droplet['name']) . '.txt')) {
$file = CAT_Helper_Directory::sanitizePath(dirname(__FILE__) . '/data/' . strtoupper($droplet['name']) . '.txt');
}
if ($file) {
if (!file_exists($temp_dir . '/data')) {
@mkdir($temp_dir . '/data');
}
copy($file, $temp_dir . '/data/' . basename($file));
}
}
$filename = 'droplets';
// if there's only a single droplet to export, name the zip-file after this droplet
if (count($marked) === 1) {
$filename = 'droplet_' . $name;
}
// add current date to filename
$filename .= '_' . date('Y-m-d');
// while there's an existing file, add a number to the filename
if (file_exists(CAT_PATH . '/modules/droplets/export/' . $filename . '.zip')) {
$n = 1;
while (file_exists(CAT_PATH . '/modules/droplets/export/' . $filename . '_' . $n . '.zip')) {
$n++;
}
$filename .= '_' . $n;
}
$temp_file = CAT_Helper_Directory::sanitizePath(CAT_PATH . '/temp/' . $filename . '.zip');
// create zip
$archive = CAT_Helper_Zip::getInstance($temp_file)->config('removePath', $temp_dir);
$file_list = $archive->create($temp_dir);
if ($file_list == 0 && !CAT_Helper_Validate::sanitizeGet('ajax')) {
list_droplets($backend->lang()->translate("Packaging error") . ' - ' . $archive->errorInfo(true));
} else {
$export_dir = CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/droplets/export');
// create the export folder if it doesn't exist
if (!file_exists($export_dir)) {
mkdir($export_dir, 0777);
}
if (!copy($temp_file, $export_dir . '/' . $filename . '.zip') && !CAT_Helper_Validate::sanitizeGet('ajax')) {
echo '<div class="drfail">', $backend->lang()->translate('Unable to move the exported ZIP-File!'), '</div>';
$download = CAT_URL . '/temp/' . $filename . '.zip';
} else {
unlink($temp_file);
$download = CAT_Helper_Validate::sanitize_url(CAT_URL . '/modules/droplets/export/' . $filename . '.zip');
}
}
CAT_Helper_Directory::removeDirectory($temp_dir);
if (CAT_Helper_Validate::sanitizeGet('ajax')) {
return true;
}
return $backend->lang()->translate('Backup created') . '<br /><br />' . implode("\n", $info) . '<br /><br /><a href="' . $download . '">Download</a>';
}
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
global $parser;
$backend = CAT_Backend::getInstance('start');
$user = CAT_Users::getInstance();
$lang = CAT_Helper_I18n::getInstance();
$widget = CAT_Helper_Widget::getInstance();
// this will redirect to the login page if the permission is not set
$user->checkPermission('start', 'start', false);
// ================================================
// ! Check if installation directory still exists
// ================================================
if (file_exists(CAT_PATH . '/install/')) {
CAT_Helper_Directory::removeDirectory(CAT_PATH . '/install/');
}
// exec initial_page
if ($val->sanitizeGet('initial') || !$user->checkPermission('start', 'start') === true) {
$page = $user->get_initial_page();
if ($page) {
header('Location: ' . $page);
}
}
$tpl_data = array();
// =====================================================
// ! Insert permission values into the template object
// =====================================================
foreach (array('media', 'addons', 'access', 'settings', 'admintools') as $item) {
$tpl_data['sections'][$item]['permission'] = $user->checkPermission($item, $item, false);
$tpl_data['sections'][$item]['name'] = $item;
// update trail
$database->query(sprintf("UPDATE `%spages` SET page_trail='%s' WHERE page_id='%s' LIMIT 1", CAT_TABLE_PREFIX, CAT_Helper_Page::getPageTrail($sub['page_id']), $sub['page_id']));
// Re-write the access file for this page
$old_subpage_file = CAT_PATH . PAGES_DIRECTORY . $new_sub_link . PAGE_EXTENSION;
// remove old file
if (file_exists($old_subpage_file)) {
unlink($old_subpage_file);
}
// create new
CAT_Helper_Page::createAccessFile($new_sub_link, $sub['page_id']);
}
}
}
// check if source directory is empty now
$source_dir = pathinfo(CAT_PATH . PAGES_DIRECTORY . $old_link, PATHINFO_DIRNAME);
if (CAT_Helper_Directory::is_empty($source_dir, true)) {
CAT_Helper_Directory::removeDirectory($source_dir);
}
}
// ==============================
// ! Check if there is a db error
// ==============================
if (CAT_Helper_Page::getInstance()->db()->isError()) {
$ajax = array('message' => CAT_Helper_Page::getInstance()->db()->getError(), 'success' => false);
print json_encode($ajax);
exit;
} else {
$ajax = array('message' => $backend->lang()->translate('Page settings saved successfully'), 'menu_title' => htmlspecialchars_decode($options['menu_title'], ENT_QUOTES), 'page_title' => htmlspecialchars_decode($options['page_title'], ENT_QUOTES), 'visibility' => $options['visibility'], 'parent' => $options['parent'], 'position' => $options['position'], 'success' => true);
print json_encode($ajax);
exit;
}
/**
* Install a Droplet from a ZIP file (the ZIP may contain more than one
* Droplet)
*
* @access public
* @param string $temp_file - name of the ZIP file
* @return array see droplets_import() method
*
**/
public static function installDroplet($temp_file)
{
$self = self::getInstance();
$temp_unzip = CAT_PATH . '/temp/droplets_unzip/';
CAT_Helper_Directory::createDirectory($temp_unzip);
$errors = array();
$imports = array();
$count = 0;
// extract file
$list = CAT_Helper_Zip::getInstance($temp_file)->config('Path', $temp_unzip)->extract();
// get .php files
$files = CAT_Helper_Directory::getPHPFiles($temp_unzip, $temp_unzip . '/');
// now, open all *.php files and search for the header;
// an exported droplet starts with "//:"
foreach ($files as $file) {
if (pathinfo($file, PATHINFO_FILENAME) !== 'index' && pathinfo($file, PATHINFO_EXTENSION) == 'php') {
$description = NULL;
$usage = NULL;
$code = NULL;
// Name of the Droplet = Filename
$name = pathinfo($file, PATHINFO_FILENAME);
// Slurp file contents
$lines = file($temp_unzip . '/' . $file);
// First line: Description
if (preg_match('#^//\\:(.*)$#', $lines[0], $match)) {
$description = addslashes($match[1]);
array_shift($lines);
}
// Second line: Usage instructions
if (preg_match('#^//\\:(.*)$#', $lines[0], $match)) {
$usage = addslashes($match[1]);
array_shift($lines);
}
// there may be more comment lines; they will be added to the usage instructions
while (preg_match('#^//(.*)$#', $lines[0], $match)) {
$usage .= addslashes(trim($match[1]));
array_shift($lines);
}
if (!$description && !$usage) {
// invalid file
$errors[$file] = CAT_Helper_Directory::getInstance()->lang()->translate('No valid Droplet file (missing description and/or usage instructions)');
continue;
}
// Remaining: Droplet code
$code = implode('', $lines);
// replace 'evil' chars in code
$tags = array('<?php', '?>', '<?');
//$code = addslashes(str_replace($tags, '', $code));
$code = str_replace($tags, '', $code);
// Already in the DB?
$stmt = 'INSERT';
$id = NULL;
$found = $self->db()->query("SELECT * FROM `:prefix:mod_droplets` WHERE name=:name", array('name' => $name));
if ($found->rowCount()) {
$stmt = 'REPLACE';
$id = $found->fetchColumn();
}
// execute
$q = "{$stmt} INTO `:prefix:mod_droplets` SET " . ($id ? 'id=' . $id . ', ' : '') . '`name`=:name, `code`=:code, `description`=:desc, ' . '`modified_when`=:when, `modified_by`=:userid, ' . '`active`=:active, `comments`=:usage';
$params = array('name' => $name, 'code' => $code, 'desc' => $description, 'when' => time(), 'userid' => CAT_Users::get_user_id(), 'active' => 1, 'usage' => $usage);
$result = $self->db()->query($q, $params);
if (!$self->db()->isError()) {
$count++;
$imports[$name] = 1;
} else {
$errors[$name] = $self->db()->getError();
}
}
// check for data directory
if (file_exists($temp_unzip . '/data')) {
// copy all files
CAT_Helper_Directory::copyRecursive($temp_unzip . '/data', dirname(__FILE__) . '/data/');
}
}
// cleanup; ignore errors here
CAT_Helper_Directory::removeDirectory($temp_unzip);
return array('count' => $count, 'errors' => $errors, 'imported' => $imports);
}
/**
*
* @access public
* @return
**/
public static function deleteAccessFile($page_id)
{
// Unlink the access file and directory
$directory = CAT_PATH . PAGES_DIRECTORY . self::properties($page_id, 'link');
$filename = $directory . PAGE_EXTENSION;
$directory .= '/';
if (file_exists($filename)) {
if (!is_writable(CAT_PATH . PAGES_DIRECTORY . '/')) {
$self = self::getInstance(true);
$errors[] = $self->lang()->translate('Cannot delete access file!');
} else {
unlink($filename);
if (is_dir($directory) && rtrim($directory, '/') != CAT_PATH . PAGES_DIRECTORY) {
CAT_Helper_Directory::removeDirectory($directory);
}
}
}
}
