/** * * @category modules * @package news * @author WebsiteBaker Project * @copyright WebsiteBaker Org. e.V. * @link http://websitebaker.org/ * @license http://www.gnu.org/licenses/gpl.html * @platform WebsiteBaker 2.8.3 * @requirements PHP 5.3.6 and higher * @version $Id: save_post.php 1538 2011-12-10 15:06:15Z Luisehahne $ * @filesource $HeadURL: svn://isteam.dynxs.de/wb_svn/wb280/tags/2.8.3/wb/modules/news/save_post.php $ * @lastmodified $Date: 2011-12-10 16:06:15 +0100 (Sa, 10. Dez 2011) $ * */ function createNewsAccessFile($newLink, $oldLink, $page_id, $section_id, $post_id) { global $admin, $MESSAGE; $sPagesPath = WB_PATH . PAGES_DIRECTORY; $sPostsPath = $sPagesPath . '/posts'; // create /posts/ - directory if not exists if (!file_exists($sPostsPath)) { if (is_writable($sPagesPath)) { make_dir(WB_PATH . PAGES_DIRECTORY . '/posts/'); } else { $admin->print_error($MESSAGE['PAGES_CANNOT_CREATE_ACCESS_FILE']); } } // check if /posts/ - dir is writable if (!is_writable($sPostsPath . '/')) { $admin->print_error($MESSAGE['PAGES_CANNOT_CREATE_ACCESS_FILE']); } /* // delete old accessfile if link has changed if (($newLink != $oldLink) && (is_writable($sPostsPath.$oldLink.PAGE_EXTENSION))) { if (!unlink($sPostsPath.$oldLink.PAGE_EXTENSION)) { $admin->print_error($MESSAGE['PAGES_CANNOT_DELETE_ACCESS_FILE'].' - '.$oldLink); } } */ // delete old accessfile if link has changed if ($newLink != $oldLink && is_writable($sPagesPath . $oldLink . PAGE_EXTENSION)) { if (!unlink($sPagesPath . $oldLink . PAGE_EXTENSION)) { $admin->print_error($MESSAGE['PAGES_CANNOT_DELETE_ACCESS_FILE'] . ' - ' . $oldLink); } } // all ok, now create new accessfile $newFile = $sPagesPath . $newLink . PAGE_EXTENSION; // $backSteps = preg_replace('/^'.preg_quote(WB_PATH).'/', '', $sPostsPath); $backSteps = preg_replace('@^' . preg_quote(WB_PATH) . '@', '', $sPostsPath); $backSteps = str_repeat('../', substr_count($backSteps, '/')); $content = '<?php' . "\n" . '// *** This file is generated by WebsiteBaker Ver.' . WB_VERSION . "\n" . '// *** Creation date: ' . date('c') . "\n" . '// *** Do not modify this file manually' . "\n" . '// *** WB will rebuild this file from time to time!!' . "\n" . '// *************************************************' . "\n" . "\t" . '$page_id = ' . $page_id . ';' . "\n" . "\t" . '$section_id = ' . $section_id . ';' . "\n" . "\t" . '$post_id = ' . $post_id . ';' . "\n" . "\t" . '$post_section = ' . $section_id . ';' . "\n" . "\t" . 'require(\'' . $backSteps . 'index.php\');' . "\n" . '// *************************************************' . "\n"; if (file_put_contents($newFile, $content) !== false) { // Chmod the file change_mode($newFile); } else { $admin->print_error($MESSAGE['PAGES_CANNOT_CREATE_ACCESS_FILE'], ADMIN_URL . '/pages/modify.php?page_id=' . $page_id); // $admin->print_error($MESSAGE['PAGES_CANNOT_CREATE_ACCESS_FILE'].': '.$newFile); } }
function rename_recursive_dirs($dirsource, $dirdest, $deep = 0) { if (true === is_dir($dirsource)) { $dir = dir($dirsource); while ($file = $dir->read()) { if ($file[0] != ".") { if (!is_dir($dirsource . "/" . $file)) { copy($dirsource . "/" . $file, $dirdest . "/" . $file); change_mode($dirdest . "/" . $file); } else { make_dir($dirdest . "/" . $file); rename_recursive_dirs($dirsource . "/" . $file, $dirdest . '/' . $file, $deep + 1); } } } $dir->close(); } if ($deep == 0) { rm_full_dir($dirsource); } return true; }
function create_file($filename, $filetime = NULL) { global $page_id, $section_id, $post_id; // We need to create a new file // First, delete old file if it exists if (file_exists(LEPTON_PATH . PAGES_DIRECTORY . $filename . PAGE_EXTENSION)) { $filetime = isset($filetime) ? $filetime : filemtime($filename); unlink(LEPTON_PATH . PAGES_DIRECTORY . $filename . PAGE_EXTENSION); } else { $filetime = isset($filetime) ? $filetime : time(); } // The depth of the page directory in the directory hierarchy // '/pages' is at depth 1 $pages_dir_depth = count(explode('/', PAGES_DIRECTORY)) - 1; // Work-out how many ../'s we need to get to the index page $index_location = '../'; for ($i = 0; $i < $pages_dir_depth; $i++) { $index_location .= '../'; } // Write to the filename $content = '' . '<?php $page_id = ' . $page_id . '; $section_id = ' . $section_id . '; $post_id = ' . $post_id . '; define("POST_SECTION", $section_id); define("POST_ID", $post_id); require("' . $index_location . '/index.php"); ?>'; if ($handle = fopen($filename, 'w+')) { fwrite($handle, $content); fclose($handle); if ($filetime) { touch($filename, $filetime); } change_mode($filename); } }
function _create_post($post_id) { global $database, $admin, $MESSAGE; $query_posts = $database->query("SELECT * FROM " . TABLE_PREFIX . "mod_news_posts WHERE `post_id` = '{$post_id}'"); if (!$query_posts || $query_posts->numRows() == 0) { return false; } $res = $query_posts->fetchRow(); $link = $res['link']; $page_id = $res['page_id']; $section_id = $res['section_id']; $sPagesPath = WB_PATH . PAGES_DIRECTORY; $sPostsPath = $sPagesPath . '/posts'; if (!file_exists($sPostsPath)) { if (is_writable($sPagesPath)) { make_dir(WB_PATH . PAGES_DIRECTORY . '/posts/'); } else { $admin->print_error($MESSAGE['PAGES_CANNOT_CREATE_ACCESS_FILE']); } } if (!is_writable($sPostsPath . '/')) { $admin->print_error($MESSAGE['PAGES_CANNOT_CREATE_ACCESS_FILE']); } $newFile = $sPagesPath . $link . PAGE_EXTENSION; // $backSteps = preg_replace('/^'.preg_quote(WB_PATH).'/', '', $sPostsPath); $backSteps = preg_replace('@^' . preg_quote(WB_PATH) . '@', '', $sPostsPath); $backSteps = str_repeat('../', substr_count($backSteps, '/')); $content = '<?php' . "\n" . '// *** This file is generated by WebsiteBaker Ver.' . WB_VERSION . "\n" . '// *** Creation date: ' . date('c') . "\n" . '// *** Do not modify this file manually' . "\n" . '// *** WB will rebuild this file from time to time!!' . "\n" . '// *************************************************' . "\n" . "\t" . '$page_id = ' . $page_id . ';' . "\n" . "\t" . '$section_id = ' . $section_id . ';' . "\n" . "\t" . '$post_id = ' . $post_id . ';' . "\n" . "\t" . '$post_section = ' . $section_id . ';' . "\n" . "\t" . 'require(\'' . $backSteps . 'index.php\');' . "\n" . '// *************************************************' . "\n"; if (file_put_contents($newFile, $content) !== false) { // Chmod the file change_mode($newFile); } else { $admin->print_error($MESSAGE['PAGES_CANNOT_CREATE_ACCESS_FILE'], ADMIN_URL . '/pages/modify.php?page_id=' . $page_id); // $admin->print_error($MESSAGE['PAGES_CANNOT_CREATE_ACCESS_FILE'].': '.$newFile); } }
function make_dl_dir() { global $dlgmodname; make_dir(WB_PATH . MEDIA_DIRECTORY . '/' . $dlgmodname . '/'); // add .htaccess file to /media/download_gallery folder if not already exist if (!file_exists(WB_PATH . MEDIA_DIRECTORY . '/' . $dlgmodname . '/.htaccess') || filesize(WB_PATH . MEDIA_DIRECTORY . '/' . $dlgmodname . '/.htaccess') < 90) { // create a .htaccess file to prevent execution of PHP, HMTL files $content = <<<EOT <Files .htaccess> \torder allow,deny \tdeny from all </Files> <Files ~ "\\.(php|pl)\$"> ForceType text/plain </Files> Options -Indexes -ExecCGI EOT; $handle = fopen(WB_PATH . MEDIA_DIRECTORY . '/' . $dlgmodname . '/.htaccess', 'w'); fwrite($handle, $content); fclose($handle); change_mode(WB_PATH . MEDIA_DIRECTORY . '/' . $dlgmodname . '/.htaccess', 'file'); } }
$comments = $admin->add_slashes($admin->get_post('comments')); $modified_when = time(); $modified_by = $admin->get_user_id(); // Check if the user uploaded an image or wants to delete one if (isset($_FILES['newimage']['tmp_name']) && $_FILES['newimage']['tmp_name'] != '') { // Get real filename and set new filename $filename = $_FILES['newimage']['name']; $path_parts = pathinfo($filename); $fileext = strtolower($path_parts['extension']); // Make sure the image is a jpg or png file if (!($fileext == "jpg" || $fileext == "jpeg" || $fileext == "png" || $fileext == "gif")) { $admin->print_error($MESSAGE['GENERIC']['FILE_TYPES'] . ' JPG / JPEG / PNG / GIF', ADMIN_URL . '/admintools/tool.php?tool=capslider'); } // Upload image move_uploaded_file($_FILES['newimage']['tmp_name'], $slide_dir . $filename); change_mode($slide_dir . $filename); if (file_exists($slide_dir . $filename)) { if ($width > 0 || $height > 0) { $rimg = new RESIZEIMAGE($slide_dir . $filename); $rimg->resize_limitwh($width, $height, $slide_dir . $filename); $rimg->close(); } } $image = addslashes(MEDIA_DIRECTORY . '/slider/' . $filename); } if (isset($_POST['delete_image']) and $_POST['delete_image'] != '') { if (file_exists(WB_PATH . $image)) { unlink(WB_PATH . $image); } $image = ""; }
$list = $archive->extract(PCLZIP_OPT_PATH, $module_dir, PCLZIP_CB_PRE_EXTRACT, 'pclzip_extraction_filter'); } if (!$list) { $admin->print_error($MESSAGE['GENERIC_CANNOT_UNZIP']); } // Delete the temp zip file if (file_exists($temp_file)) { unlink($temp_file); } // Chmod all the uploaded files $dir = dir($module_dir); while (false !== ($entry = $dir->read())) { // Skip pointers if (substr($entry, 0, 1) != '.' and $entry != '.svn' and !is_dir($module_dir . '/' . $entry)) { // Chmod file change_mode($module_dir . '/' . $entry, 'file'); } } // Run the modules install // upgrade script if there is one if (file_exists($module_dir . '/' . $action . '.php')) { require $module_dir . '/' . $action . '.php'; } // Print success message if ($action == "install") { // Load module info into DB load_module(WB_PATH . '/modules/' . $module_directory, false); $admin->print_success($MESSAGE['GENERIC_INSTALLED']); } elseif ($action == "upgrade") { upgrade_module($module_directory, false); $admin->print_success($MESSAGE['GENERIC_UPGRADED']); }
/* ********************************* */ // If the user chose to unzip the first file, unzip into the current folder if (isset($_POST['unzip']) && isset($filename1) && file_exists($filename1)) { // Required to unzip file. $archive = new PclZip($filename1); $list = $archive->extract(PCLZIP_OPT_PATH, $relative, PCLZIP_CB_PRE_EXTRACT, 'pclzipCheckValidFile'); if ($list == 0) { // error while trying to extract the archive (most likely wrong format) $admin->print_error('UNABLE TO UNZIP FILE' . $archive->errorInfo(true)); } $sum_files = 0; // rename executable files! foreach ($list as $key => $val) { if ($val['folder'] && change_mode($val['filename'])) { $sum_dirs++; } elseif (is_writable($val['filename']) && $val['status'] == 'ok' && change_mode($val['filename'])) { $sum_files++; } } if (isset($_POST['delzip'])) { unlink($filename1); } $dir = dirname($filename1); if (file_exists($dir)) { $array = createFolderProtectFile($dir); } } unset($list); if ($sum_files == 1) { $admin->print_success($sum_files . ' ' . $MESSAGE['MEDIA_SINGLE_UPLOADED']); } elseif ($sum_files > 1) {
function build_page(&$admin, &$database) { global $HEADING, $TEXT, $MENU, $MESSAGE; // Include the functions file include_once get_include(LEPTON_PATH . '/framework/summary.functions.php'); include_once get_include(ADMIN_PATH . '/media/function.inc.php'); $memory_limit = ini_get('memory_limit'); $post_max_size = ini_get('post_max_size'); $upload_max_filesize = ini_get('upload_max_filesize'); $maxUploadFiles = 12; $request = $_SERVER['REQUEST_METHOD']; $allowed_img_types = 'jpg|png|gif|tif'; $actions = isset($_POST['action']) ? trim(stripslashes($admin->get_post('action'))) : 'show'; $actions = isset($_POST['media_reload']) && $_POST['media_reload'] == true ? 'media_reload' : $actions; $actions = isset($_POST['cancel']) ? 'show' : $actions; // Get home folder not to show $home_folders = get_home_folders(); $currentHome = $admin->get_home_folder(); $pathsettings = get_media_settings(); // Get the user specified dir parent_path if ($request == 'GET' && isset($_REQUEST)) { $directory = rawurldecode(trim(stripslashes($admin->get_get('dir')))); } elseif (isset($_POST['current_select'])) { $directory = str_replace(MEDIA_DIRECTORY, '', rawurldecode(trim(stripslashes($admin->get_post('current_select'))))); } elseif (isset($_POST['current_dir'])) { $directory = rawurldecode(trim(stripslashes($admin->get_post('current_dir')))); } //$directory = is_null($directory) ? $currentHome : $directory; // $directory is not always null ... 8-/ $directory = is_null($directory) || empty($directory) ? $currentHome : $directory; $directory = $directory == '/' || $directory == '\\' ? '' : $directory; $target = $current_dir = $directory; $backlink = 'index.php?dir=' . $directory; $FILE = array(); $dirs = array(); $skip = LEPTON_PATH; directory_list(LEPTON_PATH . MEDIA_DIRECTORY, false, 0, $dirs, $skip); // dirs with readWrite access $dirs_rw = media_dirs_rw($admin); array_walk($dirs_rw, 'remove_path', LEPTON_PATH); if ($admin->get_user_id() == 1) { $id = array_unshift($dirs_rw, MEDIA_DIRECTORY); } // Define absolute path to WB media directory (using Unix path seperator) $mediaPath = str_replace('\\', '/', LEPTON_PATH . MEDIA_DIRECTORY); /* comment out to show only Home Folder till yet not build in overall $acess_denied = (($currentHome != '') && (strpos($mediaPath.$directory, $currentHome))) ? false : true; */ // sytem_admin if not superadmin, no homefolder, groupmember 1 $system_admin = $admin->ami_group_member('1') == true || $admin->get_user_id() == 1; $group_admin = empty($currentHome) == true && $admin->ami_group_member('1') == true; //$full_home_folder_access = $directory == '' || in_array(MEDIA_DIRECTORY.$directory, $dirs_rw) || $group_admin ; /* * If HOME_FOLDERS are not active the user have access to all media files, * otherwise check if the shown folders in list are within the personal folder * and grant desired rights only for this folders (upload, create directory a.s.o.) */ $full_home_folder_access = !HOME_FOLDERS ? true : empty($_SESSION['HOME_FOLDER']) || in_array(MEDIA_DIRECTORY . $directory, $dirs_rw) || $group_admin; if (strstr($current_dir, '..')) { // target_path contains ../ $admin->print_error($MESSAGE['MEDIA_TARGET_DOT_DOT_SLASH'], $backlink); } // Build canonicalized absolute path from user input and check if path exists (False if not) $userPath = str_replace('\\', '/', realpath($mediaPath . $directory)); // Ensure that the user specified path is located inside WB media folder if ($userPath == false || strpos($userPath, $mediaPath) !== 0) { // User defined path is invalid or is located outside the WB media directory $admin->print_error($MESSAGE['MEDIA_DIR_ACCESS_DENIED'], $backlink); } if (!is_writeable($mediaPath . $directory)) { $admin->print_error($MESSAGE['GENERIC_BAD_PERMISSIONS'], $backlink); } $tpl = new Template(THEME_PATH . '/templates', 'keep'); // false | true $tpl->debug = false; $file_array = array('page' => 'media.htt', 'browse' => 'media_browse.htt', 'rename' => 'media_rename.htt', 'settings' => 'setparameter.htt'); $tpl->set_file($file_array); $tpl->set_block('page', 'main_block', 'main'); // BEGIN left side always with main_block and the dropdown list may later as dirtree // First insert language text and messages $tpl->set_var(array('TEXT_RELOAD' => $TEXT['RELOAD'], 'TEXT_TARGET_FOLDER' => $TEXT['TARGET_FOLDER'], 'TEXT_CREATE_FOLDER' => $TEXT['CREATE_FOLDER'], 'TEXT_NAME' => $TEXT['TITLE'], 'TEXT_UPLOAD_FILES' => $TEXT['UPLOAD_FILES'], 'TEXT_UNZIP_FILE' => $TEXT['UNZIP_FILE'], 'TEXT_DELETE_ZIP' => $TEXT['DELETE_ZIP'], 'TEXT_OVERWRITE_EXISTING' => $TEXT['OVERWRITE_EXISTING'], 'TEXT_FILES' => $TEXT['FILES'])); $tpl->set_var(array('USER_ID' => $admin->is_authenticated() ? $admin->get_user_id() : '', 'ADMIN_URL' => ADMIN_URL, 'LEPTON_URL' => LEPTON_URL, 'LEPTON_PATH' => LEPTON_PATH, 'THEME_URL' => THEME_URL)); // && (($admin->ami_group_member('1') != true) || ($admin->get_user_id() != 1)) // set optionen media_settings_block $tpl->set_block('main_block', 'media_settings_block', 'media_settings'); // Only show admin the settings link if ($pathsettings['global']['admin_only'] == true) { if ($system_admin != true) { $tpl->set_var('DISPLAY_SETTINGS', 'hide'); $tpl->set_block('media_settings', ''); } else { $tpl->parse('media_settings', 'media_settings_block', true); } } else { $tpl->parse('media_settings', 'media_settings_block', true); } // set optionen media_upload_block $tpl->set_var(array('CHANGE_SETTINGS' => $TEXT['MODIFY_SETTINGS'], 'HEADING_BROWSE_MEDIA' => $HEADING['BROWSE_MEDIA'], 'HEADING_MEDIA' => $MENU['MEDIA'] . ' ' . $TEXT['FOLDERS'], 'HEADING_CREATE_FOLDER' => $HEADING['CREATE_FOLDER'], 'HEADING_UPLOAD_FILES' => $HEADING['UPLOAD_FILES'], 'OPTIONS' => $TEXT['OPTION'], 'SETTINGS_URL' => $_SERVER['SCRIPT_NAME'])); $tpl->set_var(array('HOME_DIRECTORY' => $currentHome, 'MEDIA_DIRECTORY' => MEDIA_DIRECTORY, 'CURRENT_DIR' => $directory)); // create dropdownlist dir_list_block $tpl->set_block('main_block', 'dir_list_block', 'dir_list'); // select the correct directory list $use_dirs = !HOME_FOLDERS ? $dirs : empty($_SESSION['HOME_FOLDER']) ? $dirs : $dirs_rw; if (count($use_dirs) > 0) { foreach ($use_dirs as $name) { // prevent duplicate entries - default directory is also set by template! if ($name == MEDIA_DIRECTORY . $currentHome) { continue; } $tpl->set_var(array('MEDIA_NAME' => $name, 'SELECTED' => MEDIA_DIRECTORY . $directory == $name ? ' selected="selected"' : '')); $tpl->parse('dir_list', 'dir_list_block', true); } } else { $tpl->set_var('dir_list', ''); } // Insert permissions values, hide for some actions // workout action should show default blocks switch ($actions) { // all others remove from left side case 'none': case 'show': case 'media_reload': case 'media_create': case 'media_upload': case 'media_delete': case 'save_media_rename': $tpl->set_block('main_block', 'media_create_block', 'media_create'); if ($admin->get_permission('media_create') != true || $full_home_folder_access == false) { $tpl->set_var('DISPLAY_CREATE', 'hide'); $tpl->set_block('media_create', ''); } else { $tpl->set_var(array('DISPLAY_CREATE' => '', 'MAX_UPLOADS' => $maxUploadFiles, 'ALLOW_EXTS' => RENAME_FILES_ON_UPLOAD)); $tpl->parse('media_create', 'media_create_block', true); } $tpl->set_block('main_block', 'input_upload_block', 'input_upload'); for ($x = 0; $x <= $maxUploadFiles; $x++) { $tpl->parse('input_upload', 'input_upload_block', true); } $tpl->set_block('main_block', 'media_upload_block', 'media_upload'); if ($admin->get_permission('media_upload') != true || $full_home_folder_access == false) { $tpl->set_var('DISPLAY_UPLOAD', 'hide'); $tpl->set_block('media_upload', ''); } else { $tpl->set_var(array('DISPLAY_UPLOAD' => '')); $tpl->parse('media_upload', 'media_upload_block', true); } break; default: // all the other action has to hide the blocks $tpl->set_block('main_block', 'media_create_block', 'media_create'); $tpl->set_var('DISPLAY_CREATE', 'hide'); $tpl->parse('media_create', ''); $tpl->set_block('main_block', 'media_upload_block', 'media_upload'); $tpl->set_var('DISPLAY_UPLOAD', 'hide'); $tpl->parse('media_upload', ''); break; } // END workout main_wrapper // Now prepare and parse values for the wrapper template show modus switch ($actions) { case 'none': case 'show': case 'media_reload': case 'media_create': case 'media_upload': case 'media_delete': case 'save_media_rename': $tpl->loadfile('browse'); $tpl->set_block('main_block', 'main_wrapper_block', 'browse'); // Workout the parent dir link PARENT_PATH //$parent_path = !empty($directory) ? dirname($directory) : $directory; if (!empty($directory)) { if (HOME_FOLDERS && !empty($_SESSION['HOME_FOLDER'])) { $parent_path = $_SESSION['HOME_FOLDER']; } else { $parent_path = dirname($directory); } } else { $parent_path = $directory; } // $parent_dir_link = ADMIN_URL.'/media/index.php?dir='.$directory.'&up=1'; $parent_dir_link = 1; // Workout if the up arrow should be shown $display_up_arrow = ''; // $display_up_arrow = (($directory == '') || ($directory == $currentHome)) ? 'hide' : ''; // Insert header info values main_wrapper_block $tpl->set_var(array('THEME_URL' => THEME_URL, 'ROOT_DIRECTORY' => MEDIA_DIRECTORY, 'MEDIA_DIRECTORY' => MEDIA_DIRECTORY, 'CURRENT_PATH' => $directory, 'PARENT_DIR_LINK' => $parent_dir_link, 'PARENT_PATH' => $parent_path)); $tpl->set_block('browse', 'up_link_block', 'up_link'); if (!empty($directory) && $directory != $parent_path) { // show only if parent <> directory $tpl->set_var(array('PARENT_DIR_LINK' => $parent_dir_link, 'TEXT_UP' => $TEXT['UP'], 'DISPLAY_UP_ARROW' => '')); $tpl->parse('up_link', 'up_link_block', true); } else { $tpl->set_block('up_link', ''); $tpl->set_var(array('UP_LINK_COL' => ' display_up_arrow', 'TEXT_UP' => $TEXT['UP'], 'DISPLAY_UP_ARROW' => ' display_up_arrow')); } // now set the dirs and files file_list_block and permissions $tpl->set_block('browse', 'file_list_block', 'file_list'); $tpl->set_block('file_list', 'media_rename_block', 'media_rename'); $tpl->set_block('file_list', 'media_delete_block', 'media_delete'); // get dirs and files in currentDir $FILE = scan_current_dir(LEPTON_PATH . MEDIA_DIRECTORY . '/' . $directory); $temp_id = 0; $line = $row_id = 1; if (count($FILE['path']) > 0) { foreach ($FILE['path'] as $name) { $temp_id++; $link_name = str_replace(' ', '%20', $name); $tpl->set_var(array('NAME' => $name, 'NAME_SLASHED' => addslashes($name), 'TEMP_ID' => $temp_id, 'LINK' => 'index.php?dir=' . $directory . '/' . $link_name, 'LINK_RELATION' => '', 'ROW_ID' => $line++ & 1, 'FT_ICON' => THEME_URL . '/images/folder_16.png', 'FILETYPE_ICON' => THEME_URL . '/images/folder_16.png', 'FILETYPE' => 'dir', 'FILENAME' => '/' . addslashes($name), 'LINK_TARGET' => '_self', 'ENABLE_OVERLIB' => '', 'EXTENSION' => '', 'MOUSEOVER' => '', 'CLASS_PREVIEW' => '', 'IMAGEDETAIL' => '', 'DISPLAY_ICON' => '', 'SIZE' => '', 'DATE' => '', 'PREVIEW' => '', 'LINK_PATH' => $directory . '/' . $link_name, 'MEDIA_PATH' => MEDIA_DIRECTORY)); $tpl->parse('file_list', 'file_list_block', true); } } // now set the files file_list_block and permissions if (count($FILE['filename']) > 0) { // convert to correct searchpattern $allowed_file_types = str_replace(',', '|', RENAME_FILES_ON_UPLOAD); foreach ($FILE['filename'] as $name) { $preview = 'preview'; if (!preg_match("/\\." . $allowed_file_types . "\$/i", $name)) { $preview = ''; continue; } $temp_id++; $overlib = preg_match("/\\." . $allowed_img_types . "\$/i", $name) ? ' overlib' : ''; if ($preview) { $filetype = get_filetype(LEPTON_URL . MEDIA_DIRECTORY . $directory . '/' . $name); $size = filesize(LEPTON_PATH . MEDIA_DIRECTORY . $directory . '/' . $name); $bytes = byte_convert($size); $fdate = filemtime(LEPTON_PATH . MEDIA_DIRECTORY . $directory . '/' . $name); $date = date(DATE_FORMAT . ' ' . TIME_FORMAT, $fdate); $filetypeicon = get_filetype_icon(LEPTON_URL . MEDIA_DIRECTORY . $directory . '/' . $name); $tooltip = ''; $imgdetail = $bytes; $icon = THEME_URL . '/images/files/unknown.png'; if (!$pathsettings['global']['show_thumbs']) { $info = @getimagesize(LEPTON_PATH . MEDIA_DIRECTORY . $directory . '/' . $name); if ($info[0]) { $imgdetail = fsize(filesize(LEPTON_PATH . MEDIA_DIRECTORY . $directory . '/' . $name)) . '<br /> ' . $info[0] . ' x ' . $info[1] . ' px'; $icon = 'thumb.php?t=1&img=' . $directory . '/' . $name; $tooltip = ShowTip('thumb.php?t=2&img=' . $directory . '/' . $name, $allowed_img_types); } else { $icon = THEME_URL . '/images/files/' . $filetypeicon . '.png'; } } else { $filetypeicon = get_filetype_icon(LEPTON_PATH . MEDIA_DIRECTORY . $directory . '/' . $name); $icon = THEME_URL . '/images/files/' . $filetypeicon . '.png'; } $tpl->set_var(array('NAME' => $name, 'NAME_SLASHED' => addslashes($name), 'TEMP_ID' => $temp_id, 'LINK' => LEPTON_URL . MEDIA_DIRECTORY . $directory . '/' . $name, 'LINK_RELATION' => '', 'ROW_ID' => $line++ & 1, 'FT_ICON' => $icon, 'FILETYPE_ICON' => THEME_URL . '/images/files/' . $filetypeicon . '.png', 'FILENAME' => addslashes($name), 'LINK_TARGET' => '_top', 'ENABLE_OVERLIB' => $overlib, 'FILETYPE' => 'file', 'EXTENSION' => $filetype, 'MOUSEOVER' => $tooltip, 'CLASS_PREVIEW' => '', 'IMAGEDETAIL' => $imgdetail, 'DISPLAY_ICON' => '', 'SIZE' => $bytes, 'DATE' => $date, 'PREVIEW' => $preview)); $tpl->parse('file_list', 'file_list_block', true); } } } $tpl->set_var(array('TEXT_CURRENT_FOLDER' => $TEXT['CURRENT_FOLDER'], 'TEXT_RELOAD' => $TEXT['RELOAD'], 'TEXT_RENAME' => $TEXT['RENAME'], 'TEXT_DELETE' => $TEXT['DELETE'], 'TEXT_SIZE' => $TEXT['SIZE'], 'TEXT_DATE' => $TEXT['DATE'], 'TEXT_NAME' => $TEXT['NAME'], 'TEXT_TYPE' => $TEXT['TYPE'], 'MEDIA_BROWSE' => '', 'NONE_FOUND' => $MESSAGE['MEDIA_NONE_FOUND'], 'CHANGE_SETTINGS' => $TEXT['MODIFY_SETTINGS'], 'CONFIRM_DELETE' => js_alert_encode($MESSAGE['MEDIA_CONFIRM_DELETE']), 'CONFIRM_DELETE_FILE' => js_alert_encode($MESSAGE['MEDIA_CONFIRM_DELETE_FILE']), 'CONFIRM_DELETE_DIR' => js_alert_encode($MESSAGE['MEDIA_CONFIRM_DELETE_DIR']))); // If no files are in the media folder say so if ($temp_id == 0) { $tpl->set_var('DISPLAY_LIST_TABLE', ' hide'); $tpl->set_var('DISPLAY_NONE_FOUND', ' center'); $tpl->set_var("file_list_block", "<tr><td></td></tr>"); $tpl->parse('file_list', 'file_list_block', true); } else { $tpl->set_var('DISPLAY_LIST_TABLE', ''); $tpl->set_var('DISPLAY_NONE_FOUND', ' hide'); } $tpl->set_block('file_list', 'media_rename_block', 'media_rename'); $tpl->set_block('file_list', 'media_delete_block', 'media_delete'); // Insert permissions values if ($admin->get_permission('media_rename') != true || $full_home_folder_access == false) { $tpl->set_var('DISPLAY_RENAME', 'hide'); $tpl->set_var('RENHAME_CONTENT', ''); $tpl->parse('media_rename', ''); } else { $tpl->set_var('RENHAME_CONTENT', ''); $tpl->parse('media_rename', 'media_rename_block', true); } if ($admin->get_permission('media_delete') != true || $full_home_folder_access == false) { $tpl->set_var('DISPLAY_DELETE', 'hide'); $tpl->set_var('DELETE_CONTENT', ''); $tpl->parse('media_delete', ''); } else { $tpl->set_var('DELETE_CONTENT', ''); $tpl->parse('media_delete', 'media_delete_block', true); } break; } // begin with save modus actions switch ($actions) { // save actions case 'save_media_settings': if (($x = save_media_settings($pathsettings)) == 0) { $admin->print_error($MESSAGE['SETTINGS_UNABLE_WRITE_CONFIG'], $backlink); } else { $admin->print_success($MESSAGE['SETTINGS_SAVED'], $backlink); } break; case 'save_media_rename': $ext = trim(stripslashes($admin->get_post('extension'))); $ext = empty($ext) ? '' : '.' . $ext; $old_file = media_filename(trim(stripslashes($admin->get_post('old_name')))) . $ext; $rename_file = media_filename(trim(stripslashes($admin->get_post('name')))) . $ext; $type = trim(stripslashes($admin->get_post('filetype'))); // perhaps change dots in underscore by tpye = directory $rename_file = trim($rename_file, '.'); $old_file = LEPTON_PATH . MEDIA_DIRECTORY . $directory . '/' . $old_file; $rename_file = LEPTON_PATH . MEDIA_DIRECTORY . $directory . '/' . $rename_file; if ($type == 'dir') { $rename_file = str_replace('.', '_', $rename_file); } elseif (!preg_match("/\\." . $allowed_file_types . "\$/i", $rename_file)) { $admin->print_error($TEXT['EXTENSION'] . ': ' . $MESSAGE['GENERIC_INVALID'], $backlink); } if (rename($old_file, $rename_file)) { $admin->print_success($MESSAGE['MEDIA_RENAMED'], $backlink); } else { $admin->print_error($MESSAGE['MEDIA_CANNOT_RENAME'], $backlink); } break; } // mask input modus switch ($actions) { case 'media_rename': clearstatcache(); $rename_file = media_filename(trim(stripslashes($admin->get_post('filename')))); $ext = trim(stripslashes($admin->get_post('fileext'))); $type = trim(stripslashes($admin->get_post('filetype'))); $rename_file = basename($rename_file); $tpl->loadfile('rename'); $tpl->set_block('main_block', 'main_wrapper_block', 'rename'); // false | true $tpl->debug = false; $tpl->set_var(array('THEME_URL' => THEME_URL, 'TEXT_CURRENT_FOLDER' => $TEXT['CURRENT_FOLDER'], 'FILENAME' => $rename_file, 'BASENAME' => trim(str_replace($ext, '', basename($rename_file)), '.'), 'ROOT_DIRECTORY' => MEDIA_DIRECTORY, 'DISPLAY_UP_ARROW' => ' display_up_arrow', 'CURRENT_PATH' => $directory, 'DIR' => $directory, 'FILE_TYPE' => $type, 'EXTENSION' => '.' . ltrim($ext, '.'), 'FILE_EXT' => ltrim($ext, '.'), 'TEXT_OVERWRITE_EXIST' => $TEXT['OVERWRITE_EXISTING'], 'TEXT_TO' => '', 'MEDIA_BROWSE' => '', 'TEXT_RENAME' => $TEXT['RENAME'], 'TEXT_CANCEL' => $TEXT['CANCEL'])); $tpl->parse('rename', 'main_wrapper_block', true); break; case 'media_settings': // load template language file $lang = THEME_PATH . '/languages/' . LANGUAGE . '.php'; include_once !file_exists($lang) ? THEME_PATH . '/languages/EN.php' : $lang; $tpl->loadfile('settings'); $tpl->set_block('main_block', 'main_wrapper_block', 'settings'); // false | true $tpl->debug = false; $admin_only = isset($pathsettings['global']['admin_only']) && $pathsettings['global']['admin_only'] == true ? ' checked="checked"' : ''; $show_thumbs = isset($pathsettings['global']['show_thumbs']) && $pathsettings['global']['show_thumbs'] == true ? ' checked="checked"' : ''; $tpl->set_var(array('TEXT_HEADER' => $TEXT['TEXT_HEADER'], 'SAVE_TEXT' => $TEXT['SAVE'], 'CANCEL' => $TEXT['CANCEL'], 'RESET' => $TEXT['RESET'], 'NO_SHOW_THUMBS' => $TEXT['NO_SHOW_THUMBS'], 'MEDIA_BROWSE' => '', 'ADMIN_ONLY' => $TEXT['ADMIN_ONLY'], 'SETTINGS' => $TEXT['SETTINGS'], 'CURRENT_PATH' => $directory, 'ADMIN_URL' => ADMIN_URL, 'WIDTH' => $TEXT['WIDTH'], 'HEIGHT' => $TEXT['HEIGHT'], 'ADMIN_ONLY_SELECTED' => $admin_only, 'NO_SHOW_THUMBS_SELECTED' => $show_thumbs, 'NONE_FOUND' => '', 'DISPLAY_NONE' => '')); // Get dirs in currentDir $dirs = array(); $skip = LEPTON_PATH; directory_list(LEPTON_PATH . MEDIA_DIRECTORY, false, 0, $dirs, $skip); $line = $row_id = 1; $tpl->set_block('settings', 'dir_settings_block', 'dir_settings'); if (isset($dirs)) { $good_dirs = 0; $dir_filter = MEDIA_DIRECTORY . $directory; $parent = substr_count($dir_filter, '/') + 1; $dir_filter = str_replace(array('/', ' '), '_', $dir_filter); foreach ($dirs as $name) { $relative = $name; // str_replace(LEPTON_PATH, '', $name); $subparent = substr_count($relative, '/') + 1; $safepath = str_replace(array('/', ' '), '_', $relative); $continue = strlen(str_replace($safepath, '', $dir_filter)); // if( (substr_count($safepath,$dir_filter) == 0) || ( $dir_filter == $safepath ) ) if ($parent != $subparent - 1 || substr_count($safepath, $dir_filter) == 0 || $dir_filter == $safepath) { continue; } $good_dirs++; $cur_width = $cur_height = ''; if (isset($pathsettings[$safepath]['width'])) { $cur_width = $pathsettings[$safepath]['width']; } if (isset($pathsettings[$safepath]['height'])) { $cur_height = $pathsettings[$safepath]['height']; } $cur_width = $cur_width != 0 ? (int) $cur_width : '-'; $cur_height = $cur_height != 0 ? (int) $cur_height : '-'; $tpl->set_var(array('PATH_NAME' => basename($relative), 'FIELD_NAME' => $safepath, 'CUR_WIDTH' => $cur_width, 'CUR_HEIGHT' => $cur_height, 'ROW_ID' => $line++ & 1)); $tpl->parse('dir_settings', 'dir_settings_block', true); } if ($good_dirs == 0) { $tpl->set_var(array('PATH_NAME' => '', 'FIELD_NAME' => '', 'CUR_WIDTH' => '', 'CUR_HEIGHT' => '', 'ROW_ID' => '', 'DISPLAY_NONE' => ' hide')); $tpl->parse('dir_settings', 'dir_settings_block', true); $tpl->set_var('NONE_FOUND', $MESSAGE['MEDIA_NONE_FOUND']); $tpl->parse('settings', 'dir_settings_block', true); } } else { $tpl->set_var('NONE_FOUND', $MESSAGE['MEDIA_NONE_FOUND']); $tpl->parse('settings', 'dir_settings_block', true); } break; } // normal actions switch ($actions) { case 'media_upload': $target_path = str_replace('\\', '/', LEPTON_PATH . MEDIA_DIRECTORY . $directory); // Create relative path of the new dir name $resizepath = MEDIA_DIRECTORY . $directory; $resizepath = str_replace(array('/', ' '), '_', $resizepath); // Find out whether we should replace files or give an error $overwrite = $admin->get_post('overwrite') != '' ? true : false; // convert to correct searchpattern $allowed_file_types = str_replace(',', '|', RENAME_FILES_ON_UPLOAD); $good_uploads = 0; // If the user chose to unzip the first file, unzip into the current folder if (isset($_POST['unzip']) && $_POST['unzip'] == true) { // include_once(get_include('thumb.php')); if (isset($_FILES['upload']['error'][0]) && $_FILES['upload']['error'][0] == UPLOAD_ERR_OK) { $src_file = isset($_FILES['upload']['name'][0]) ? $_FILES['upload']['name'][0] : null; if ($src_file && preg_match('/\\.zip$/i', $src_file)) { /* * Callback function to skip files not in white-list */ function pclzipCheckValidFile($p_event, &$p_header) { // return 1; $allowed_file_types = str_replace(',', '|', RENAME_FILES_ON_UPLOAD); $info = pathinfo($p_header['filename']); $ext = isset($info['extension']) ? $info['extension'] : ''; $dots = substr($info['basename'], 0, 1) == '.' || substr($info['basename'], -1, 1) == '.'; if (preg_match('/' . $allowed_file_types . '$/i', $ext) && $dots != '.') { // ----- allowed file types are extracted return 1; } else { // ----- all other files are skiped return 0; } } /* ********************************* */ require_once get_include(LEPTON_PATH . '/modules/lib_lepton/pclzip/pclzip.lib.php'); $archive = new PclZip($_FILES['upload']['tmp_name'][0]); $list = $archive->extract(PCLZIP_OPT_PATH, $target_path, PCLZIP_CB_PRE_EXTRACT, 'pclzipCheckValidFile'); $good_uploads = sizeof($list); if ($archive->error_code != 0) { $admin->print_error('UNABLE TO UNZIP FILE' . ' :: ' . $archive->errorInfo(true), $backlink); } } } } else { // proceed normal multi-upload $file_count = sizeof($_FILES['upload']['error']); for ($x = 0; $x < $file_count; $x++) { // If file was upload to tmp if (isset($_FILES['upload']['name'][$x])) { // Remove bad characters $filename = media_filename($_FILES['upload']['name'][$x]); // Check if there is still a filename left and allowed filetyp if ($filename != '' && preg_match("/\\." . $allowed_file_types . "\$/i", $filename)) { // Move to relative path (in media folder) if (file_exists($target_path . '/' . $filename) && $overwrite === true) { if (move_uploaded_file($_FILES['upload']['tmp_name'][$x], $target_path . '/' . $filename)) { $good_uploads++; // Chmod the uploaded file change_mode($target_path . '/' . $filename, 'file'); } } elseif (!file_exists($target_path . '/' . $filename)) { if (move_uploaded_file($_FILES['upload']['tmp_name'][$x], $target_path . '/' . $filename)) { $good_uploads++; // Chmod the uploaded file change_mode($target_path . '/' . $filename); } } if (file_exists($target_path . '/' . $filename) && preg_match("/\\." . $allowed_img_types . "\$/i", $filename)) { if (isset($pathsettings[$resizepath])) { include_once get_include(ADMIN_PATH . '/media/resize_img.php'); if ($pathsettings[$resizepath]['width'] || $pathsettings[$resizepath]['height']) { $rimg = new RESIZEIMAGE($target_path . '/' . $filename); $rimg->resize_limitwh($pathsettings[$resizepath]['width'], $pathsettings[$resizepath]['height'], $target_path . '/' . $filename); $rimg->close(); } } } // store file name of first file for possible unzip action if ($x == 1) { $filename1 = $target_path . '/' . $filename; } } } } } if (isset($_POST['delzip'])) { if (file_exists($filename1)) { unlink($filename1); } } if ($good_uploads == 1) { $admin->print_success($good_uploads . ' ' . $MESSAGE['MEDIA_SINGLE_UPLOADED'], $backlink); } else { $admin->print_success($good_uploads . ' ' . $MESSAGE['MEDIA_UPLOADED'], $backlink); } break; case 'media_create': // $directory = rawurldecode(trim(stripslashes($admin->get_post('current_dir')))); // Remove bad characters from user folder name $target = $admin->get_post('target') != null ? media_filename(trim(stripslashes($admin->get_post('target')))) : $current_dir; $userPath = LEPTON_PATH . MEDIA_DIRECTORY; $err_msg = array(); if ($target == null || $target == $current_dir) { $err_msg[] = $MESSAGE['MEDIA_BLANK_NAME']; } else { // Try and make the dir $target = trim($target, '.'); $dirname = $userPath . $current_dir . '/' . $target; if (file_exists($dirname)) { $err_msg[] = $MESSAGE['MEDIA_DIR_EXISTS']; } else { if (make_dir($dirname)) { change_mode($dirname); if (is_writable($dirname)) { // Create default "index.php" file $rel_pages_dir = str_replace(LEPTON_PATH . MEDIA_DIRECTORY, '', dirname($dirname)); $step_back = str_repeat('../', substr_count($rel_pages_dir, '/') + 1); $content = '<?php' . "\n"; $content .= '// This file is generated by LEPTON Ver.' . VERSION . ';' . "\n"; $content .= "\t" . 'header(\'Location: ' . $step_back . 'index.php\');' . "\n"; $content .= '?>'; $filename = $dirname . '/index.php'; // write content into file $handle = fopen($filename, 'w'); fwrite($handle, $content); fclose($handle); change_mode($filename, 'file'); } else { $err_msg[] = $MESSAGE['GENERIC_BAD_PERMISSIONS']; } } else { $err_msg[] = $MESSAGE['GENERIC_BAD_PERMISSIONS']; } } } if (sizeof($err_msg) > 0) { $admin->print_error(implode('<br />', $err_msg)); } else { $admin->print_success($MESSAGE['MEDIA_DIR_MADE'], $backlink); } break; case 'media_delete': $filetype = isset($_POST['filetype']) ? trim(stripslashes($admin->get_post('filetype'))) : ''; $filename = isset($_POST['filename']) ? trim(stripslashes($admin->get_post('filename'))) : ''; $relative_path = LEPTON_PATH . MEDIA_DIRECTORY . $directory; // Find out whether its a file or folder if ($filetype == 'dir') { // Try and delete the directory if (rm_full_dir($relative_path . '/' . $filename)) { $admin->print_success($MESSAGE['MEDIA_DELETED_DIR'], $backlink); } else { $admin->print_error($MESSAGE['MEDIA_CANNOT_DELETE_DIR'], $backlink); } } elseif ($filetype == 'file') { // Try and delete the file if (unlink($relative_path . '/' . $filename)) { $admin->print_success($MESSAGE['MEDIA_DELETED_FILE'], $backlink); } else { $admin->print_error($MESSAGE['MEDIA_CANNOT_DELETE_FILE'], $backlink); } } else { $admin->print_error($MESSAGE['MEDIA_CANNOT_DELETE_FILE'], $backlink); } break; } // Parse template for preferences form $tpl->parse('main', 'main_wrapper_block', false); $tpl->parse('main', 'main_block', false); $output = $tpl->finish($tpl->parse('output', 'page')); return $output; }
function create_access_file($filename, $page_id, $level) { global $admin, $MESSAGE; // First make sure parent folder exists $parent_folders = explode('/', str_replace(WB_PATH . PAGES_DIRECTORY, '', dirname($filename))); $parents = ''; foreach ($parent_folders as $parent_folder) { if ($parent_folder != '/' and $parent_folder != '') { $parents .= '/' . $parent_folder; $acces_file = WB_PATH . PAGES_DIRECTORY . $parents; // can only be dirs if (!file_exists($acces_file)) { if (!make_dir($acces_file)) { $admin->print_error($MESSAGE['MEDIA_DIR_NOT_MADE']); } } } } // The depth of the page directory in the directory hierarchy // '/pages' is at depth 1 $pages_dir_depth = count(explode('/', PAGES_DIRECTORY)) - 1; // Work-out how many ../'s we need to get to the index page $index_location = ''; for ($i = 0; $i < $level + $pages_dir_depth; $i++) { $index_location .= '../'; } $content = '<?php' . "\n" . '// *** This file is generated by WebsiteBaker Ver.' . VERSION . "\n" . '// *** Creation date: ' . date('c') . "\n" . '// *** Do not modify this file manually' . "\n" . '// *** WB will rebuild this file from time to time!!' . "\n" . '// *************************************************' . "\n" . "\t" . '$page_id = ' . $page_id . ';' . "\n" . "\t" . 'require(\'' . $index_location . 'index.php\');' . "\n" . '// *************************************************' . "\n"; if ($handle = fopen($filename, 'w')) { fwrite($handle, $content); fclose($handle); // Chmod the file change_mode($filename); } else { $admin->print_error($MESSAGE['PAGES_CANNOT_CREATE_ACCESS_FILE']); } return; }
if (!$database->query($SQL)) { $admin->print_error($database->get_error()); } // create the RSS statistics table $SQL = "CREATE TABLE IF NOT EXISTS `" . TABLE_PREFIX . "mod_topics_rss_statistic` ( " . "`id` INT(11) NOT NULL AUTO_INCREMENT, " . "`section_id` INT(11) NOT NULL DEFAULT '-1', " . "`date` DATE NOT NULL DEFAULT '0000-00-00', " . "`callers` INT(11) NOT NULL DEFAULT '0', " . "`views` INT(11) NOT NULL DEFAULT '0', " . "`timestamp` TIMESTAMP, " . "PRIMARY KEY (`id`), " . "KEY (`date`) " . ") ENGINE=MyIsam AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci"; if (!$database->query($SQL)) { $admin->print_error($database->get_error()); } // Make topics post access files dir if (make_dir(WB_PATH . PAGES_DIRECTORY . '/' . $tablename)) { // Add a index.php file to prevent directory spoofing $content = "<?php\n\n/*\n\n Website Baker Project <http://www.websitebaker.org/>\n Copyright (C) 2004-2008, Ryan Djurovich\n\n Website Baker is free software; you can redistribute it and/or modify\n it under the terms of the GNU General Public License as published by\n the Free Software Foundation; either version 2 of the License, or\n (at your option) any later version.\n\n Website Baker is distributed in the hope that it will be useful,\n but WITHOUT ANY WARRANTY; without even the implied warranty of\n MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n GNU General Public License for more details.\n\n You should have received a copy of the GNU General Public License\n along with Website Baker; if not, write to the Free Software\n Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA\n\n*/\n\nheader('Location: ../');\n?>"; $handle = fopen(WB_PATH . PAGES_DIRECTORY . '/' . $tablename . '/index.php', 'w'); fwrite($handle, $content); fclose($handle); change_mode(WB_PATH . PAGES_DIRECTORY . '/' . $tablename . '/index.php', 'file'); } //Create folders and copy example pics $picpath = WB_PATH . MEDIA_DIRECTORY . '/' . $tablename . '-pictures'; make_dir($picpath); $frompath = WB_PATH . '/modules/' . $mod_dir . '/img/'; if (!file_exists($picpath . '/1.jpg')) { copy($frompath . '1.jpg', $picpath . '/1.jpg'); } if (!file_exists($picpath . '/2.jpg')) { copy($frompath . '2.jpg', $picpath . '/2.jpg'); } if (!file_exists($picpath . '/3.jpg')) { copy($frompath . '3.jpg', $picpath . '/3.jpg'); } $picpath = WB_PATH . MEDIA_DIRECTORY . '/' . $tablename . '-pictures/thumbs';
$admin->print_error($MESSAGE['GENERIC_INVALID_LANGUAGE_FILE']); } // Set destination for language file $language_file = WB_PATH . '/languages/' . $language_code . '.php'; $action = "install"; // Move to new location if (file_exists($language_file)) { require $language_file; if (versionCompare($language_version, $new_language_version, '>=')) { // Restore to correct language require WB_PATH . '/languages/' . LANGUAGE . '.php'; $admin->print_error($MESSAGE['GENERIC_ALREADY_INSTALLED']); } $action = "upgrade"; unlink($language_file); } rename($temp_file, $language_file); // Chmod the file change_mode($language_file, 'file'); // Load language info into DB load_language($language_file); // Restore to correct language require WB_PATH . '/languages/' . LANGUAGE . '.php'; // Print success message if ($action == "install") { $admin->print_success($MESSAGE['GENERIC_INSTALLED']); } else { $admin->print_success($MESSAGE['GENERIC_UPGRADED']); } // Print admin footer $admin->print_footer();
function topics_createaccess_file($old_link, $topic_link, $movetopic, $topics_directory, $topics_directory_depth) { global $topic_id; global $page_id; global $section_id; global $admin; global $MESSAGE; make_dir(WB_PATH . $topics_directory . '/'); if (!is_writable(WB_PATH . $topics_directory . '/')) { $admin->print_error($MESSAGE['PAGES']['CANNOT_CREATE_ACCESS_FILE']); } elseif ($old_link != $topic_link or !file_exists(WB_PATH . $topics_directory . $topic_link . PAGE_EXTENSION) or $movetopic > 0) { // We need to create a new file // First, delete old file if it exists if (file_exists(WB_PATH . $topics_directory . $old_link . PAGE_EXTENSION)) { unlink(WB_PATH . $topics_directory . $old_link . PAGE_EXTENSION); } // Specify the filename $filename = WB_PATH . $topics_directory . $topic_link . PAGE_EXTENSION; // Write to the filename $content = '<?php $page_id = ' . $page_id . '; $section_id = ' . $section_id . '; $topic_id = ' . $topic_id . '; define("TOPIC_ID", ' . $topic_id . '); require("' . $topics_directory_depth . 'config.php"); require(WB_PATH."/index.php"); ?>'; $handle = fopen($filename, 'w'); fwrite($handle, $content); fclose($handle); change_mode($filename); echo "<p>Access-file written</p>"; } }
// Check if the user uploaded a file or wants to delete one if (isset($_FILES['file']['tmp_name']) && $_FILES['file']['tmp_name'] != '' && $existingfile == '') { // check for upload error if ($_FILES['file']['error'] != 0) { $admin->print_error(dlg_get_upload_error($_FILES['file']['error']), WB_URL . '/modules/' . $dlgmodname . '/modify_file.php?page_id=' . $page_id . '§ion_id=' . $section_id . '&file_id=' . $file_id); } // Get real filename and set new filename $filename = trim($_FILES['file']['name']); $path_parts = pathinfo($filename); $fileext = $path_parts['extension']; $new_filename = WB_PATH . MEDIA_DIRECTORY . '/' . $dlgmodname . '/' . $filename; // create link $file_link = WB_URL . MEDIA_DIRECTORY . '/' . $dlgmodname . '/' . $filename; if ($overwrite == "yes" || !file_exists($new_filename)) { move_uploaded_file($_FILES['file']['tmp_name'], $new_filename); change_mode($new_filename); } else { $admin->print_error($MESSAGE['MEDIA_FILE_EXISTS'], WB_URL . '/modules/' . $dlgmodname . '/modify_file.php?page_id=' . $page_id . '§ion_id=' . $section_id . '&file_id=' . $file_id); } $size = filesize($new_filename); // update file information in the database $database->query("UPDATE `" . TABLE_PREFIX . $tablename . "_files` SET `extension` = '{$fileext}', `filename` = '{$filename}', `link` = '{$file_link}', `size` = '{$size}' WHERE `file_id` = '{$file_id}' AND `page_id` = '{$page_id}'"); if ($database->is_error()) { $admin->print_error($TEXT['DATABASE'] . ' ' . $TEXT['ERROR'] . ': ' . $database->get_error(), WB_URL . '/modules/' . $dlgmodname . '/modify_file.php?page_id=' . $page_id . '§ion_id=' . $section_id); } } // Check if the user provided a remote link if (isset($_POST['remote_link']) && $_POST['remote_link'] != '' && $filename == '') { // Get real filename and set new filename $remotelink = trim($remotelink); $filename = pathinfo($remotelink, PATHINFO_BASENAME);
function create_access_file($filename, $page_id) { global $admin, $MESSAGE; $pages_path = LEPTON_PATH . PAGES_DIRECTORY; $rel_pages_dir = str_replace($pages_path, '', dirname($filename)); $rel_filename = str_replace($pages_path, '', $filename); // root_check prevent system directories and important files from being overwritten if PAGES_DIR = '/' $denied = false; if (PAGES_DIRECTORY == '') { $forbidden = array('account', 'admins', 'framework', 'include', 'install', 'languages', 'media', 'modules', 'page', 'search', 'temp', 'templates', 'index.php', 'config.php'); $search = explode('/', $rel_filename); // we need only the first level $denied = in_array($search[1], $forbidden); } //PAGES_DIRECTORY == '' if (true === is_writable($pages_path) && false == $denied) { // First make sure parent folder exists $parent_folders = explode('/', $rel_pages_dir); $parents = ''; foreach ($parent_folders as $parent_folder) { if ($parent_folder != '/' && $parent_folder != '') { $parents .= '/' . $parent_folder; if (!file_exists($pages_path . $parents)) { make_dir($pages_path . $parents); change_mode($pages_path . $parents); } //!file_exists( $pages_path . $parents ) } //$parent_folder != '/' && $parent_folder != '' } //$parent_folders as $parent_folder $step_back = str_repeat('../', substr_count($rel_pages_dir, '/') + (PAGES_DIRECTORY == "" ? 0 : 1)); $content = '<?php' . "\n"; $content .= "/**\n *\tThis file is autogenerated by LEPTON - Version: " . VERSION . "\n"; $content .= " *\tDo not modify this file!\n */\n"; $content .= "\t" . '$page_id = ' . $page_id . ';' . "\n"; $content .= "\t" . 'require_once(\'' . $step_back . 'index.php\');' . "\n"; $content .= '?>'; /** * write the file * */ $fp = fopen($filename, 'w'); if ($fp) { fwrite($fp, $content, strlen($content)); fclose($fp); /** * Chmod the file * */ change_mode($filename); /** * Looking for the index.php inside the current directory. * If not found - we just copy the master_index.php from the admin/pages * */ $temp_index_path = dirname($filename) . "/index.php"; if (!file_exists($temp_index_path)) { $origin = ADMIN_PATH . "/pages/master_index.php"; if (file_exists($origin)) { copy($origin, $temp_index_path); } } //!file_exists( $temp_index_path ) } else { $admin->print_error($MESSAGE['PAGES_CANNOT_CREATE_ACCESS_FILE'] . "<br />Problems while trying to open the file!"); return false; } return true; } else { $admin->print_error($MESSAGE['PAGES_CANNOT_CREATE_ACCESS_FILE']); return false; } }
if (!class_exists('admin', false)) { require WB_PATH . '/framework/class.admin.php'; } $admin = new admin('Pages', 'pages_intro', false); if (!$admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL); } // Get posted content if (!isset($_POST['content'])) { $admin->print_error($MESSAGE['PAGES_NOT_SAVED']); exit(0); } else { $content = $admin->strip_slashes($_POST['content']); } // Include the WB functions file require_once WB_PATH . '/framework/functions.php'; $admin->print_header(); // Write new content $filename = WB_PATH . PAGES_DIRECTORY . '/intro' . PAGE_EXTENSION; if (!file_put_contents($filename, $content)) { $admin->print_error($MESSAGE['PAGES_NOT_SAVED']); } else { change_mode($filename); $admin->print_success($MESSAGE['PAGES']['INTRO_SAVED']); } if (!is_writable($filename)) { $admin->print_error($MESSAGE['PAGES']['INTRO_NOT_WRITABLE']); } // Print admin footer $admin->print_footer();
* @platform WebsiteBaker 2.8.x * @requirements PHP 5.2.2 and higher * @version $Id: install.php 1587 2012-01-24 23:19:06Z darkviper $ * @filesource $HeadURL: svn://isteam.dynxs.de/wb_svn/wb280/tags/2.8.3/wb/modules/news/install.php $ * @lastmodified $Date: 2012-01-25 00:19:06 +0100 (Mi, 25. Jan 2012) $ * */ /* -------------------------------------------------------- */ // Must include code to stop this file being accessed directly require_once dirname(dirname(dirname(__FILE__))) . '/framework/globalExceptionHandler.php'; if (!defined('WB_PATH')) { throw new IllegalFileException(); } /* -------------------------------------------------------- */ $sDefaultSql = dirname(__FILE__) . '/install.sql'; if (is_readable($sDefaultSql)) { // create needet database tables and set default records if ($database->SqlImport($sDefaultSql, TABLE_PREFIX)) { // Make news post access files dir require_once WB_PATH . '/framework/functions.php'; if (make_dir(WB_PATH . PAGES_DIRECTORY . '/posts')) { // Add a index.php file to prevent directory spoofing $sResponse = $_SERVER['SERVER_PROTOCOL'] . ' 301 Moved Permanently'; $sContent = '<?php' . "\n" . '// *** This file is generated by WebsiteBaker Ver.' . VERSION . "\n" . '// *** Creation date: ' . date('c') . "\n" . '// *** Do not modify this file manually' . "\n" . '// *** WB will rebuild this file from time to time!!' . "\n" . '// *************************************************' . "\n" . "\t" . 'header(\'' . $sResponse . '\');' . "\n" . "\t" . 'header(\'Location: ../index.php\');' . "\n" . '// *************************************************' . "\n"; $sFilename = WB_PATH . PAGES_DIRECTORY . '/posts/index.php'; file_put_contents($sFilename, $sContent); change_mode($sFilename, 'file'); } } } /* **** END INSTALL ********************************************************* */
// Query body $query_body_code = "\n \t[TP]pages.page_id = [TP]mod_news_posts.page_id AND [TP]mod_news_posts.title LIKE \\'%[STRING]%\\'\n \tOR [TP]pages.page_id = [TP]mod_news_posts.page_id AND [TP]mod_news_posts.content_short LIKE \\'%[STRING]%\\'\n \tOR [TP]pages.page_id = [TP]mod_news_posts.page_id AND [TP]mod_news_posts.content_long LIKE \\'%[STRING]%\\'\n \tOR [TP]pages.page_id = [TP]mod_news_comments.page_id AND [TP]mod_news_comments.title LIKE \\'%[STRING]%\\'\n \tOR [TP]pages.page_id = [TP]mod_news_comments.page_id AND [TP]mod_news_comments.comment LIKE \\'%[STRING]%\\'\n \tOR [TP]pages.page_id = [TP]mod_news_settings.page_id AND [TP]mod_news_settings.header LIKE \\'%[STRING]%\\'\n \tOR [TP]pages.page_id = [TP]mod_news_settings.page_id AND [TP]mod_news_settings.footer LIKE \\'%[STRING]%\\'\n \tOR [TP]pages.page_id = [TP]mod_news_settings.page_id AND [TP]mod_news_settings.post_header LIKE \\'%[STRING]%\\'\n \tOR [TP]pages.page_id = [TP]mod_news_settings.page_id AND [TP]mod_news_settings.post_footer LIKE \\'%[STRING]%\\'\n \tOR [TP]pages.page_id = [TP]mod_news_settings.page_id AND [TP]mod_news_settings.comments_header LIKE \\'%[STRING]%\\'\n \tOR [TP]pages.page_id = [TP]mod_news_settings.page_id AND [TP]mod_news_settings.comments_footer LIKE \\'%[STRING]%\\'"; $database->query("INSERT INTO " . TABLE_PREFIX . "search (name,value,extra) VALUES ('query_body', '{$query_body_code}', 'news')"); // Query end $query_end_code = ""; $database->query("INSERT INTO " . TABLE_PREFIX . "search (name,value,extra) VALUES ('query_end', '{$query_end_code}', 'news')"); // Insert blank row (there needs to be at least on row for the search to work) $database->query("INSERT INTO " . TABLE_PREFIX . "mod_news_posts (section_id,page_id, `link`, `content_short`, `content_long`) VALUES ('0', '0', '', '', '')"); $database->query("INSERT INTO " . TABLE_PREFIX . "mod_news_groups (section_id,page_id) VALUES ('0', '0')"); $database->query("INSERT INTO " . TABLE_PREFIX . "mod_news_comments (section_id,page_id, `comment`) VALUES ('0', '0', '')"); // $database->query("INSERT INTO ".TABLE_PREFIX."mod_news_settings (section_id,page_id, `header`, `post_loop`, `footer`, `post_header`, `post_footer`, `comments_header`, `comments_loop`, `comments_footer`, `comments_page`) VALUES ('0', '0', '', '', '', '', '', '', '', '', '')"); } // Make news post access files dir require_once LEPTON_PATH . '/framework/summary.functions.php'; make_dir(LEPTON_PATH . MEDIA_DIRECTORY . '/newspics'); // create directory for images if (make_dir(LEPTON_PATH . PAGES_DIRECTORY . '/posts')) { // Add a index.php file to prevent directory spoofing $content = '' . "<?php\n\n/**\n * @module news\n * @version see info.php of this module\n * @author Ryan Djurovich, Rob Smith, Dietrich Roland Pehlke, Christian M. Stefan (Stefek), Jurgen Nijhuis (Argos), LEPTON Project\n * @copyright 2004-2010 Ryan Djurovich, Rob Smith, Dietrich Roland Pehlke, Christian M. Stefan (Stefek), Jurgen Nijhuis (Argos) \n * \t@copyright 2010-2015 LEPTON Project \n * @license GNU General Public License\n * @license terms see info.php of this module\n * @platform see info.php of this module\n * \n */\n\nheader('Location: ../');\n?>"; $handle = fopen(LEPTON_PATH . PAGES_DIRECTORY . '/posts/index.php', 'w'); fwrite($handle, $content); fclose($handle); change_mode(LEPTON_PATH . PAGES_DIRECTORY . '/posts/index.php', 'file'); /** * Try to copy the index.php also in the newspics folder inside * the media-directory. * */ copy(LEPTON_PATH . PAGES_DIRECTORY . '/posts/index.php', LEPTON_PATH . MEDIA_DIRECTORY . '/newspics/index.php'); } }
// Check if png image has a jpg thumb (version < 1.7.6 used jpg thumbs only) if (!file_exists($thumb_source_dir . '/' . $image_file)) { $image_file = str_replace('.png', '.jpg', $image_file); } // Path to the thumb source and destination $thumb_source = $thumb_source_dir . '/' . $image_file; $thumb_destination = WB_PATH . MEDIA_DIRECTORY . '/' . $img_dir . '/thumbs/item' . $item_id . '/' . $image_file; // Try duplicating image and thumb if (file_exists($img_source)) { if (copy($img_source, $img_destination)) { change_mode($img_destination); } } if (file_exists($thumb_source)) { copy($thumb_source, $thumb_destination); change_mode($thumb_destination); } } } } // MANAGE ERROR OR SUCCESS MESSAGES // ******************************** // Generate error message $error = false; if ($file_type_error || !empty($errors)) { $error = true; $error_msg = ''; if ($file_type_error) { $error_msg = $MESSAGE['GENERIC_FILE_TYPES'] . ' .jpg / .jpeg / .png<br />'; } if (!empty($errors)) {
function mod_news_Upgrade() { global $database, $msg, $admin, $MESSAGE; $callingScript = $_SERVER["SCRIPT_NAME"]; $tmp = 'upgrade-script.php'; $globalStarted = substr_compare($callingScript, $tmp, 0 - strlen($tmp), strlen($tmp)) === 0; $sPagesPath = WB_PATH . PAGES_DIRECTORY; $sPostsPath = $sPagesPath . '/posts'; // create /posts/ - directory if not exists if (!file_exists($sPostsPath)) { if (is_writable($sPagesPath)) { make_dir(WB_PATH . PAGES_DIRECTORY . '/posts/'); } else { if (!$globalStarted) { $msg[] = $MESSAGE['PAGES_CANNOT_CREATE_ACCESS_FILE']; } else { $msg[] = $MESSAGE['PAGES_CANNOT_CREATE_ACCESS_FILE'] . '<br />'; return; } } if ($globalStarted) { echo 'directory "' . PAGES_DIRECTORY . '/posts/" created.<br />'; } } // check if new fields must be added $doImportDate = true; if (!$database->field_exists(TABLE_PREFIX . 'mod_news_posts', 'created_when')) { if (!$database->field_add(TABLE_PREFIX . 'mod_news_posts', 'created_when', 'INT NOT NULL DEFAULT \'0\' AFTER `commenting`')) { if ($globalStarted) { echo $MESSAGE['RECORD_MODIFIED_FAILED'] . '<br />'; return; } else { $admin->print_error($MESSAGE['RECORD_MODIFIED_FAILED']); } } if ($globalStarted) { echo 'datafield `' . TABLE_PREFIX . 'mod_news_posts`.`created_when` added.<br />'; } } else { $doImportDate = false; } if (!$database->field_exists(TABLE_PREFIX . 'mod_news_posts', 'created_by')) { if (!$database->field_add(TABLE_PREFIX . 'mod_news_posts', 'created_by', 'INT NOT NULL DEFAULT \'0\' AFTER `created_when`')) { if ($globalStarted) { echo $MESSAGE['RECORD_MODIFIED_FAILED'] . '<br />'; return; } else { $admin->print_error($MESSAGE['RECORD_MODIFIED_FAILED']); } } if ($globalStarted) { echo 'datafield `' . TABLE_PREFIX . 'mod_news_posts`.`created_by` added.<br />'; } } // preset new fields `created_by` and `created_when` from existing values if ($doImportDate) { $sql = 'UPDATE `' . TABLE_PREFIX . 'mod_news_posts` ' . 'SET `created_by`=`posted_by`, `created_when`=`posted_when`'; $database->query($sql); } // now iterate through all existing accessfiles, // write its creation date into database $oDir = new DirectoryIterator($sPostsPath); $count = 0; foreach ($oDir as $fileinfo) { $fileName = $fileinfo->getFilename(); if (!$fileinfo->isDot() && $fileName != 'index.php' && substr_compare($fileName, PAGE_EXTENSION, 0 - strlen(PAGE_EXTENSION), strlen(PAGE_EXTENSION)) === 0) { // save creation date from old accessfile if ($doImportDate) { $link = '/posts/' . preg_replace('/' . preg_quote(PAGE_EXTENSION) . '$/i', '', $fileinfo->getFilename()); $sql = 'UPDATE `' . TABLE_PREFIX . 'mod_news_posts` SET ' . '`created_when`=' . $fileinfo->getMTime() . ' ' . 'WHERE `link`=\'' . $database->escapeString($link) . '\' ' . 'AND `created_when`= 0'; $database->query($sql); } // delete old access file unlink($fileinfo->getPathname()); $count++; } } unset($oDir); if ($globalStarted && $count > 0) { $msg[] = 'save date of creation from ' . $count . ' old accessfiles and delete these files.<br />'; } // ************************************************ // Check the validity of 'create-file-timestamp' and balance against 'posted-timestamp' $sql = 'UPDATE `' . TABLE_PREFIX . 'mod_news_posts` '; $sql .= 'SET `created_when`=`published_when` '; $sql .= 'WHERE `published_when`<`created_when`'; $database->query($sql); $sql = 'UPDATE `' . TABLE_PREFIX . 'mod_news_posts` '; $sql .= 'SET `created_when`=`posted_when` '; $sql .= 'WHERE `published_when`=0 OR `published_when`>`posted_when`'; $database->query($sql); // ************************************************ // rebuild all access-files $count = 0; $backSteps = preg_replace('@^' . preg_quote(WB_PATH) . '@', '', $sPostsPath); $backSteps = str_repeat('../', substr_count($backSteps, '/')); $sql = 'SELECT `page_id`,`post_id`,`section_id`,`link` '; $sql .= 'FROM `' . TABLE_PREFIX . 'mod_news_posts`'; $sql .= 'WHERE `link` != \'\''; if ($resPosts = $database->query($sql)) { while ($recPost = $resPosts->fetchRow()) { $file = $sPagesPath . $recPost['link'] . PAGE_EXTENSION; $content = '<?php' . "\n" . '// *** This file is generated by WebsiteBaker Ver.' . VERSION . "\n" . '// *** Creation date: ' . date('c') . "\n" . '// *** Do not modify this file manually' . "\n" . '// *** WB will rebuild this file from time to time!!' . "\n" . '// *************************************************' . "\n" . "\t" . '$page_id = ' . $recPost['page_id'] . ';' . "\n" . "\t" . '$section_id = ' . $recPost['section_id'] . ';' . "\n" . "\t" . '$post_id = ' . $recPost['post_id'] . ';' . "\n" . "\t" . '$post_section = ' . $recPost['section_id'] . ';' . "\n" . "\t" . 'require(\'' . $backSteps . 'index.php\');' . "\n" . '// *************************************************' . "\n"; if (file_put_contents($file, $content) !== false) { // Chmod the file change_mode($file); } else { if ($globalStarted) { $msg[] = $MESSAGE['PAGES_CANNOT_CREATE_ACCESS_FILE'] . '<br />'; return; } else { $msg[] = $MESSAGE['PAGES_CANNOT_CREATE_ACCESS_FILE']; } } $count++; } } if ($globalStarted) { $msg[] = 'created ' . $count . ' new accessfiles.'; } }
// Make sure the template dir exists, and chmod if needed if (!file_exists($template_dir)) { make_dir($template_dir); } else { change_mode($template_dir); } if (!function_exists("rename_recursive_dirs")) { require_once LEPTON_PATH . "/framework/functions/function.rename_recursive_dirs.php"; } rename_recursive_dirs($temp_unzip, $template_dir); // Delete the temp zip file if (file_exists($temp_file)) { unlink($temp_file); } // Chmod all the uploaded files $dir = dir($template_dir); while (false !== ($entry = $dir->read())) { // Skip pointers if (substr($entry, 0, 1) != '.' and $entry != '.svn' and !is_dir($template_dir . '/' . $entry)) { // Chmod file change_mode($template_dir . '/' . $entry); } } // is done by function rename_recursive_dirs //rm_full_dir(LEPTON_PATH.'/temp/unzip/'); // Load template info into DB load_template($template_dir); // Print success message $admin->print_success($success_message); // Print admin footer $admin->print_footer();