public function content_reorder($APP) { $APP->set('MODUL_ID', 53); $USER_RIGHTS = parent::checkUserModulRights($APP->get('MODUL_ID'), $APP->get('LOGIN_USER_RIGHTS')); if ($USER_RIGHTS == false) { $APP->get('CONSTRUCTR_LOG')->write('User ' . $APP->get('SESSION.username') . ' missing USER-RIGHTS for modul ' . $APP->get('MODUL_ID')); $APP->reroute($APP->get('CONSTRUCTR_BASE_URL') . '/constructr/no-rights'); } $PAGE_ID = filter_var($APP->get('PARAMS.page_id'), FILTER_SANITIZE_NUMBER_INT); $APP->set('PAGE_ID', $PAGE_ID); $CONTENT_ID = filter_var($APP->get('PARAMS.content_id'), FILTER_SANITIZE_NUMBER_INT); $APP->set('CONTENT_ID', $CONTENT_ID); $METHOD = filter_var($APP->get('PARAMS.method'), FILTER_SANITIZE_FULL_SPECIAL_CHARS); $APP->set('METHOD', $METHOD); $APP->set('SELECT_CONTENT', $APP->get('DBCON')->exec(['SELECT * FROM constructr_content WHERE constructr_content_page_id=:PAGE_ID AND constructr_content_id=:CONTENT_ID LIMIT 1;'], [[':PAGE_ID' => $PAGE_ID, ':CONTENT_ID' => $CONTENT_ID]])); $APP->set('CONTENT_COUNTR', 0); $APP->set('CONTENT_COUNTR', count($APP->get('SELECT_CONTENT'))); if ($APP->get('CONTENT_COUNTR') == 1) { if ($METHOD == 'up') { $ACT_POSITION = $APP->get('SELECT_CONTENT.0.constructr_content_order'); $NEW_POSITION = $APP->get('SELECT_CONTENT.0.constructr_content_order') - 1; $APP->set('UPDATE_OLD_CONTENT', $APP->get('DBCON')->exec(['UPDATE constructr_content SET constructr_content_order=:TMP_ORDER WHERE constructr_content_page_id=:PAGE_ID AND constructr_content_order=:NEW_POSITION LIMIT 1;'], [[':PAGE_ID' => $PAGE_ID, ':NEW_POSITION' => $NEW_POSITION, ':TMP_ORDER' => 9999]])); $APP->set('UPDATE_NEW_CONTENT', $APP->get('DBCON')->exec(['UPDATE constructr_content SET constructr_content_order=(constructr_content_order-1) WHERE constructr_content_page_id=:PAGE_ID AND constructr_content_id=:CONTENT_ID LIMIT 1;'], [[':PAGE_ID' => $PAGE_ID, ':CONTENT_ID' => $CONTENT_ID]])); $APP->set('UPDATE_OLD_CONTENT2', $APP->get('DBCON')->exec(['UPDATE constructr_content SET constructr_content_order=:ACT_POSITION WHERE constructr_content_page_id=:PAGE_ID AND constructr_content_order=:TMP_ORDER LIMIT 1;'], [[':ACT_POSITION' => $ACT_POSITION, ':PAGE_ID' => $PAGE_ID, ':TMP_ORDER' => 9999]])); $APP->set('MOVE', 'success'); $APP->reroute($APP->get('CONSTRUCTR_BASE_URL') . '/constructr/content/' . $PAGE_ID . '/?move=success'); } elseif ($METHOD == 'down') { $ACT_POSITION = $APP->get('SELECT_CONTENT.0.constructr_content_order'); $NEW_POSITION = $APP->get('SELECT_CONTENT.0.constructr_content_order') + 1; $APP->set('UPDATE_OLD_CONTENT', $APP->get('DBCON')->exec(['UPDATE constructr_content SET constructr_content_order=:TMP_ORDER WHERE constructr_content_page_id=:PAGE_ID AND constructr_content_order=:NEW_POSITION LIMIT 1;'], [[':PAGE_ID' => $PAGE_ID, ':NEW_POSITION' => $NEW_POSITION, ':TMP_ORDER' => 9999]])); $APP->set('UPDATE_NEW_CONTENT', $APP->get('DBCON')->exec(['UPDATE constructr_content SET constructr_content_order=(constructr_content_order+1) WHERE constructr_content_page_id=:PAGE_ID AND constructr_content_id=:CONTENT_ID LIMIT 1;'], [[':PAGE_ID' => $PAGE_ID, ':CONTENT_ID' => $CONTENT_ID]])); $APP->set('UPDATE_OLD_CONTENT2', $APP->get('DBCON')->exec(['UPDATE constructr_content SET constructr_content_order=:ACT_POSITION WHERE constructr_content_page_id=:PAGE_ID AND constructr_content_order=:TMP_ORDER LIMIT 1;'], [[':ACT_POSITION' => $ACT_POSITION, ':PAGE_ID' => $PAGE_ID, ':TMP_ORDER' => 9999]])); parent::clean_up_cache($APP); $APP->set('MOVE', 'success'); $APP->reroute($APP->get('CONSTRUCTR_BASE_URL') . '/constructr/content/' . $PAGE_ID . '/?move=success'); } else { $APP->set('MOVE', 'no-success'); $APP->reroute($APP->get('CONSTRUCTR_BASE_URL') . '/constructr/content/' . $PAGE_ID . '/?move=no-success'); } } else { $APP->set('MOVE', 'no-success'); $APP->reroute($APP->get('CONSTRUCTR_BASE_URL') . '/constructr/content/' . $PAGE_ID . '/?move=no-success'); } }
public function page_management_move_down($APP) { $APP->set('MODUL_ID', 34); $USER_RIGHTS = parent::checkUserModulRights($APP->get('MODUL_ID'), $APP->get('LOGIN_USER_RIGHTS')); if ($USER_RIGHTS == false) { $APP->get('CONSTRUCTR_LOG')->write('User ' . $APP->get('SESSION.username') . ' missing USER-RIGHTS for modul ' . $APP->get('MODUL_ID')); $APP->reroute($APP->get('CONSTRUCTR_BASE_URL') . '/constructr/no-rights'); } $MOVE_PAGE_ID = filter_var($APP->get('PARAMS.page_id'), FILTER_SANITIZE_NUMBER_INT); $APP->set('MOVE_PAGE', $APP->get('DBCON')->exec(['SELECT * FROM constructr_pages WHERE constructr_pages_id=:DELETE_PAGE_ID LIMIT 1;'], [[':DELETE_PAGE_ID' => $MOVE_PAGE_ID]])); if (count($APP->get('MOVE_PAGE')) == 1) { $MOVE_PAGE_ORDER = $APP->get('MOVE_PAGE.0.constructr_pages_order'); $MOVE_PAGE_LEVEL = $APP->get('MOVE_PAGE.0.constructr_pages_level'); $MOVE_PAGE_MOTHER = $APP->get('MOVE_PAGE.0.constructr_pages_mother'); } else { $APP->reroute($APP->get('CONSTRUCTR_BASE_URL') . '/constructr/pagemanagement?move=no-success'); } if ($MOVE_PAGE_ORDER == 1) { $APP->reroute($APP->get('CONSTRUCTR_BASE_URL') . '/constructr/pagemanagement?move=no-success-homepage'); } $TARGET_PAGE_ORDER = $MOVE_PAGE_ORDER + 1; $APP->set('TARGET_PAGE', $APP->get('DBCON')->exec(['SELECT * FROM constructr_pages WHERE constructr_pages_order=:TARGET_PAGE_ORDER LIMIT 1;'], [[':TARGET_PAGE_ORDER' => $TARGET_PAGE_ORDER]])); if (count($APP->get('TARGET_PAGE')) == 1) { $TARGET_PAGE_ID = $APP->get('TARGET_PAGE.0.constructr_pages_id'); $TARGET_PAGE_LEVEL = $APP->get('TARGET_PAGE.0.constructr_pages_level'); $TARGET_PAGE_MOTHER = $APP->get('TARGET_PAGE.0.constructr_pages_mother'); $TARGET_PAGE_ORDER = $APP->get('TARGET_PAGE.0.constructr_pages_order'); } else { $APP->reroute($APP->get('CONSTRUCTR_BASE_URL') . '/constructr/pagemanagement?move=no-success'); } if ($TARGET_PAGE_ORDER == 1) { $APP->reroute($APP->get('CONSTRUCTR_BASE_URL') . '/constructr/pagemanagement?move=no-success-homepage'); } $APP->set('UPDATR_TARGET_STEP_ONE', $APP->get('DBCON')->exec(['UPDATE constructr_pages SET constructr_pages_id=:TMP_PAGE_ID,constructr_pages_order=:TMP_PAGE_ORDER,constructr_pages_level=:TMP_PAGE_LEVEL,constructr_pages_mother=:TMP_PAGE_MOTHER,constructr_pages_temp_marker=:TMP_PAGE_MARKER WHERE constructr_pages_id=:TARGET_PAGE_ID LIMIT 1;'], [[':TMP_PAGE_ID' => 0, ':TMP_PAGE_ORDER' => 666, ':TMP_PAGE_LEVEL' => 666, ':TMP_PAGE_MOTHER' => 666, ':TMP_PAGE_MARKER' => 666, ':TARGET_PAGE_ID' => $TARGET_PAGE_ID]])); $APP->set('UPDATR_MOVE', $APP->get('DBCON')->exec(['UPDATE constructr_pages SET constructr_pages_id=:TARGET_PAGE_ID,constructr_pages_order=:TARGET_PAGE_ORDER,constructr_pages_level=:TARGET_PAGE_LEVEL,constructr_pages_mother=:TARGET_PAGE_MOTHER WHERE constructr_pages_id=:MOVE_PAGE_ID LIMIT 1;'], [[':MOVE_PAGE_ID' => $MOVE_PAGE_ID, ':TARGET_PAGE_ID' => $TARGET_PAGE_ID, ':TARGET_PAGE_ORDER' => $TARGET_PAGE_ORDER, ':TARGET_PAGE_LEVEL' => $TARGET_PAGE_LEVEL, ':TARGET_PAGE_MOTHER' => $TARGET_PAGE_MOTHER]])); $APP->set('UPDATR_TARGET', $APP->get('DBCON')->exec(['UPDATE constructr_pages SET constructr_pages_id=:MOVE_PAGE_ID,constructr_pages_order=:MOVE_PAGE_ORDER,constructr_pages_level=:MOVE_PAGE_LEVEL,constructr_pages_mother=:MOVE_PAGE_MOTHER,constructr_pages_temp_marker=:TMP_MARKER WHERE constructr_pages_id=:TARGET_PAGE_ID LIMIT 1;'], [[':TMP_MARKER' => 0, ':TARGET_PAGE_ID' => 0, ':MOVE_PAGE_ID' => $MOVE_PAGE_ID, ':MOVE_PAGE_ORDER' => $MOVE_PAGE_ORDER, ':MOVE_PAGE_LEVEL' => $MOVE_PAGE_LEVEL, ':MOVE_PAGE_MOTHER' => $MOVE_PAGE_MOTHER]])); $APP->set('CONTENT_UPDATR1', $APP->get('DBCON')->exec(['UPDATE constructr_content SET constructr_content_page_id=:TMP_MARKER WHERE constructr_content_page_id=:TARGET_PAGE_ID;'], [[':TMP_MARKER' => 9999, ':TARGET_PAGE_ID' => $TARGET_PAGE_ID]])); $APP->set('CONTENT_UPDATR2', $APP->get('DBCON')->exec(['UPDATE constructr_content SET constructr_content_page_id=:TARGET_PAGE_ID WHERE constructr_content_page_id=:MOVE_PAGE_ID;'], [[':TARGET_PAGE_ID' => $TARGET_PAGE_ID, ':MOVE_PAGE_ID' => $MOVE_PAGE_ID]])); $APP->set('CONTENT_UPDATR3', $APP->get('DBCON')->exec(['UPDATE constructr_content SET constructr_content_page_id=:MOVE_PAGE_ID WHERE constructr_content_page_id=:TMP_MARKER;'], [[':TMP_MARKER' => 9999, ':MOVE_PAGE_ID' => $MOVE_PAGE_ID]])); parent::clean_up_cache($APP); $APP->reroute($APP->get('CONSTRUCTR_BASE_URL') . '/constructr/pagemanagement?move=success'); }
public function uploads_new_verify($APP) { $APP->set('MODUL_ID', 61); $USER_RIGHTS = parent::checkUserModulRights($APP->get('MODUL_ID'), $APP->get('LOGIN_USER_RIGHTS')); if ($USER_RIGHTS == false) { $APP->get('CONSTRUCTR_LOG')->write('User ' . $APP->get('SESSION.username') . ' missing USER-RIGHTS for modul ' . $APP->get('MODUL_ID')); $APP->reroute($APP->get('CONSTRUCTR_BASE_URL') . '/constructr/no-rights'); } $POST_CSRF = $APP->get('POST.csrf'); $POST_ADDITIVE = $APP->get('POST.csrf_additive'); $POST_TRIPPLE_ADDITIVE = $APP->get('POST.csrf_tripple_additive'); if ($POST_CSRF != '') { if ($POST_CSRF != $APP->get('SESSION.csrf')) { $APP->get('CONSTRUCTR_LOG')->write('FORM CSRF DON\'T MATCH: ' . $POST_USERNAME); $APP->reroute($APP->get('CONSTRUCTR_BASE_URL') . '/constructr/logout'); } } if ($POST_ADDITIVE != '') { if ($POST_ADDITIVE != $APP->get('SESSION.additive')) { $APP->get('CONSTRUCTR_LOG')->write('FORM ADDITIVE DON\'T MATCH: ' . $POST_USERNAME); $APP->reroute($APP->get('CONSTRUCTR_BASE_URL') . '/constructr/logout'); } } if ($POST_TRIPPLE_ADDITIVE != '') { if ($POST_TRIPPLE_ADDITIVE != $APP->get('SESSION.tripple_additive')) { $APP->get('CONSTRUCTR_LOG')->write('FORM TRIPPLE ADDITIVE DON\'T MATCH: ' . $POST_USERNAME); $APP->reroute($APP->get('CONSTRUCTR_BASE_URL') . '/constructr/logout'); } } if ($POST_TRIPPLE_ADDITIVE != $POST_ADDITIVE . $POST_CSRF) { $APP->get('CONSTRUCTR_LOG')->write('FORM TRIPPLE ADDITIVE COMPARISON DON\'T MATCH: ' . $POST_USERNAME); $APP->reroute($APP->get('CONSTRUCTR_BASE_URL') . '/constructr/logout'); } $COUNTR = count($_FILES['new_file']['name']); if ($COUNTR != 0) { for ($i = 0; $i < $COUNTR; $i++) { $NEW_UPLOAD = ''; $NEW_UPLOAD = $APP->get('UPLOADS') . $_FILES['new_file']['name'][$i]; if (copy($_FILES['new_file']['tmp_name'][$i], $NEW_UPLOAD)) { @chmod($NEW_UPLOAD, 0777); } else { $APP->set('NEW', 'no-success'); $APP->reroute($APP->get('CONSTRUCTR_BASE_URL') . '/constructr/uploads/?new=no-success'); } } } $APP->set('NEW', 'success'); $APP->reroute($APP->get('CONSTRUCTR_BASE_URL') . '/constructr/uploads/?new=success'); }
public function user_management_edit_verify($APP) { $APP->set('MODUL_ID', 42); $USER_RIGHTS = parent::checkUserModulRights($APP->get('MODUL_ID'), $APP->get('LOGIN_USER_RIGHTS')); if ($USER_RIGHTS == false) { $APP->get('CONSTRUCTR_LOG')->write('User ' . $APP->get('SESSION.username') . ' missing USER-RIGHTS for modul ' . $APP->get('MODUL_ID')); $APP->reroute($APP->get('CONSTRUCTR_BASE_URL') . '/constructr/no-rights'); } $POST_CSRF = $APP->get('POST.csrf'); $POST_ADDITIVE = $APP->get('POST.csrf_additive'); $POST_TRIPPLE_ADDITIVE = $APP->get('POST.csrf_tripple_additive'); if ($POST_CSRF != '') { if ($POST_CSRF != $APP->get('SESSION.csrf')) { $APP->get('CONSTRUCTR_LOG')->write('LOGIN FORM CSRF DON\'T MATCH: ' . $POST_USERNAME); $APP->reroute($APP->get('CONSTRUCTR_BASE_URL') . '/constructr/logout'); } } if ($POST_ADDITIVE != '') { if ($POST_ADDITIVE != $APP->get('SESSION.additive')) { $APP->get('CONSTRUCTR_LOG')->write('FORM ADDITIVE DON\'T MATCH: ' . $POST_USERNAME); $APP->reroute($APP->get('CONSTRUCTR_BASE_URL') . '/constructr/logout'); } } if ($POST_TRIPPLE_ADDITIVE != '') { if ($POST_TRIPPLE_ADDITIVE != $APP->get('SESSION.tripple_additive')) { $APP->get('CONSTRUCTR_LOG')->write('FORM TRIPPLE ADDITIVE DON\'T MATCH: ' . $POST_USERNAME); $APP->reroute($APP->get('CONSTRUCTR_BASE_URL') . '/constructr/logout'); } } if ($POST_TRIPPLE_ADDITIVE != $POST_ADDITIVE . $POST_CSRF) { $APP->get('CONSTRUCTR_LOG')->write('FORM TRIPPLE ADDITIVE COMPARISON DON\'T MATCH: ' . $POST_USERNAME); $APP->reroute($APP->get('CONSTRUCTR_BASE_URL') . '/constructr/logout'); } $USER_ID = filter_var($APP->get('POST.user_id'), FILTER_SANITIZE_NUMBER_INT); $USER_NAME = filter_var($APP->get('POST.user_name'), FILTER_SANITIZE_FULL_SPECIAL_CHARS); $USER_EMAIL = filter_var($APP->get('POST.user_email'), FILTER_SANITIZE_FULL_SPECIAL_CHARS); $NEW_SALT = '$2a$10$' . strtr(base64_encode(mcrypt_create_iv(50, MCRYPT_DEV_URANDOM)), '+', '.') . '$'; $USER_PASSWORD = crypt($APP->get('POST.user_password'), $NEW_SALT); $APP->set('USER_EXISTS', $APP->get('DBCON')->exec(['SELECT * FROM constructr_backenduser WHERE constructr_user_username=:USER_NAME LIMIT 1;'], [[':USER_NAME' => $USER_NAME]])); $USER_EXISTS_COUNTR = count($APP->get('USER_EXISTS')); if ($USER_EXISTS_COUNTR > 1) { $APP->set('NEW', 'no-success'); $APP->reroute($APP->get('CONSTRUCTR_BASE_URL') . '/constructr/usermanagement?new=no-success'); } $APP->set('UPDATE_USER', $APP->get('DBCON')->exec(['UPDATE constructr_backenduser SET constructr_user_username=:USER_NAME,constructr_user_email=:USER_EMAIL,constructr_user_password=:USER_PASSWORD,constructr_user_salt=:USER_SALT WHERE constructr_user_id=:USER_ID LIMIT 1;'], [[':USER_ID' => $USER_ID, ':USER_NAME' => $USER_NAME, ':USER_EMAIL' => $USER_EMAIL, ':USER_PASSWORD' => $USER_PASSWORD, ':USER_SALT' => $NEW_SALT]])); $APP->reroute($APP->get('CONSTRUCTR_BASE_URL') . '/constructr/usermanagement?new=success'); }