Exemplo n.º 1
0
 public function getData($element = null, &$data = array())
 {
     $internalRequest = true;
     if (!$element) {
         $element = $this;
         $internalRequest = false;
     }
     foreach ($element->getChildren() as $subElement) {
         if ($subElement instanceof \Cx\Core\Html\Model\Entity\DataElement) {
             $data[$subElement->getIdentifier()] = $subElement->getData();
             if (isset($_POST[$subElement->getIdentifier()])) {
                 if ($subElement->getValidator()->isValid(contrexx_input2raw($_POST[$subElement->getIdentifier()]))) {
                     $data[$subElement->getIdentifier()] = contrexx_input2raw($_POST[$subElement->getIdentifier()]);
                     $subElement->setData(contrexx_input2raw($_POST[$subElement->getIdentifier()]));
                 }
             }
         } else {
             $this->getData($subElement, $data);
         }
     }
     if ($internalRequest) {
         return $data;
     }
     return new \Cx\Core_Modules\Listing\Model\Entity\DataSet(array($data));
 }
Exemplo n.º 2
0
 /**
  * Verify user authentication
  * @return  boolean           True if authentication is okay,
  *                            false otherwise
  */
 function checkAuth()
 {
     global $sessionObj, $_CORELANG;
     $username = isset($_POST['USERNAME']) && $_POST['USERNAME'] != '' ? contrexx_stripslashes($_POST['USERNAME']) : null;
     $password = isset($_POST['PASSWORD']) && $_POST['PASSWORD'] != '' ? md5(contrexx_stripslashes($_POST['PASSWORD'])) : null;
     $authToken = !empty($_GET['auth-token']) ? contrexx_input2raw($_GET['auth-token']) : null;
     $userId = !empty($_GET['user-id']) ? contrexx_input2raw($_GET['user-id']) : null;
     if ((!isset($username) || !isset($password)) && (!isset($authToken) || !isset($userId))) {
         return false;
     }
     if (empty($sessionObj)) {
         $sessionObj = cmsSession::getInstance();
     }
     if (!isset($_SESSION['auth'])) {
         $_SESSION['auth'] = array();
     }
     if (isset($username) && isset($password) && $this->objUser->auth($username, $password, $this->isBackendMode(), \Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->check()) || isset($authToken) && isset($userId) && $this->objUser->authByToken($userId, $authToken, $this->isBackendMode())) {
         if ($this->isBackendMode()) {
             $this->log();
         }
         $this->loginUser($this->objUser);
         return true;
     }
     $_SESSION['auth']['loginLastAuthFailed'] = 1;
     User::registerFailedLogin($username);
     $this->arrStatusMsg['error'][] = $_CORELANG['TXT_PASSWORD_OR_USERNAME_IS_INCORRECT'];
     $_SESSION->cmsSessionUserUpdate();
     $_SESSION->cmsSessionStatusUpdate($this->isBackendMode() ? 'backend' : 'frontend');
     return false;
 }
Exemplo n.º 3
0
    /**
     * get all news list
     *
     * @return json result
     */
    public function getAllNews($data = array())
    {
        global $objDatabase;
        $searchTerm = isset($data['get']['term']) ? contrexx_input2raw($data['get']['term']) : '';
        $id = isset($data['get']['id']) ? contrexx_input2int($data['get']['id']) : 0;
        $langId = isset($data['get']['langId']) ? contrexx_input2int($data['get']['langId']) : 0;
        if (empty($searchTerm)) {
            $this->messages[] = '';
            //TODO Show error message
        }
        $query = '
            SELECT
                    n.`id`,
                    nl.`title`

            FROM `' . DBPREFIX . 'module_news`          AS `n`
            LEFT JOIN ' . DBPREFIX . 'module_news_locale    AS `nl`
            ON      nl.`news_id` = n.`id`
            WHERE   nl.`is_active`="1"
            AND     n.`status`="1"' . (!empty($id) ? ' AND n.`id`!="' . $id . '"' : '') . (!empty($langId) ? ' AND nl.`lang_id`="' . $langId . '"' : '') . ' AND (
                        nl.title        LIKE "%' . contrexx_raw2db($searchTerm) . '%"
                    OR  nl.teaser_text  LIKE "%' . contrexx_raw2db($searchTerm) . '%"
                )
            ORDER BY nl.`title`';
        $result = array();
        $objResult = $objDatabase->Execute($query);
        if ($objResult && $objResult->RecordCount() > 0) {
            while (!$objResult->EOF) {
                $result[$objResult->fields['id']] = $objResult->fields['title'];
                $objResult->MoveNext();
            }
        }
        return $result;
    }
Exemplo n.º 4
0
 public function getPage($pos, $page_content)
 {
     global $_CONFIG, $_ARRAYLANG;
     $objTpl = new \Cx\Core\Html\Sigma('.');
     \Cx\Core\Csrf\Controller\Csrf::add_placeholder($objTpl);
     $objTpl->setErrorHandling(PEAR_ERROR_DIE);
     $objTpl->setTemplate($page_content);
     $objTpl->setGlobalVariable($_ARRAYLANG);
     $term = isset($_REQUEST['term']) ? trim(contrexx_input2raw($_REQUEST['term'])) : '';
     if (strlen($term) >= 3) {
         $term = trim(contrexx_input2raw($_REQUEST['term']));
         $this->setTerm($term);
         $eventHandlerInstance = \Env::get('cx')->getEvents();
         $eventHandlerInstance->triggerEvent('SearchFindContent', array($this));
         if ($this->result->size() == 1) {
             $arraySearchResults[] = $this->result->toArray();
         } else {
             $arraySearchResults = $this->result->toArray();
         }
         usort($arraySearchResults, function ($a, $b) {
             if ($a['Score'] == $b['Score']) {
                 if (isset($a['Date'])) {
                     if ($a['Date'] == $b['Date']) {
                         return 0;
                     }
                     if ($a['Date'] > $b['Date']) {
                         return -1;
                     }
                     return 1;
                 }
                 return 0;
             }
             if ($a['Score'] > $b['Score']) {
                 return -1;
             }
             return 1;
         });
         $countResults = sizeof($arraySearchResults);
         if (!is_numeric($pos)) {
             $pos = 0;
         }
         $paging = getPaging($countResults, $pos, '&amp;section=Search&amp;term=' . contrexx_raw2encodedUrl($term), '<b>' . $_ARRAYLANG['TXT_SEARCH_RESULTS'] . '</b>', true);
         $objTpl->setVariable('SEARCH_PAGING', $paging);
         $objTpl->setVariable('SEARCH_TERM', contrexx_raw2xhtml($term));
         if ($countResults > 0) {
             $searchComment = sprintf($_ARRAYLANG['TXT_SEARCH_RESULTS_ORDER_BY_RELEVANCE'], contrexx_raw2xhtml($term), $countResults);
             $objTpl->setVariable('SEARCH_TITLE', $searchComment);
             $arraySearchOut = array_slice($arraySearchResults, $pos, $_CONFIG['corePagingLimit']);
             foreach ($arraySearchOut as $details) {
                 $objTpl->setVariable(array('COUNT_MATCH' => $_ARRAYLANG['TXT_RELEVANCE'] . ' ' . $details['Score'] . '%', 'LINK' => '<b><a href="' . $details['Link'] . '" title="' . contrexx_raw2xhtml($details['Title']) . '">' . contrexx_raw2xhtml($details['Title']) . '</a></b>', 'SHORT_CONTENT' => contrexx_raw2xhtml($details['Content'])));
                 $objTpl->parse('search_result');
             }
             return $objTpl->get();
         }
     }
     $noresult = $term != '' ? sprintf($_ARRAYLANG['TXT_NO_SEARCH_RESULTS'], $term) : $_ARRAYLANG['TXT_PLEASE_ENTER_SEARCHTERM'];
     $objTpl->setVariable('SEARCH_TITLE', $noresult);
     return $objTpl->get();
 }
Exemplo n.º 5
0
 /**
  * Constructor
  *
  * @param string $act
  * @param \Cx\Core\Html\Sigma $tpl
  * @param \Cx\Core_Modules\License\License $license
  */
 public function __construct(&$act, \Cx\Core\Html\Sigma $tpl, \Cx\Core_Modules\License\License $license)
 {
     global $_ARRAYLANG;
     $this->defaultAct = 'getSearchResults';
     $this->em = \Env::get('em');
     $this->act = $act;
     $this->template = $tpl;
     $this->license = $license;
     $this->term = !empty($_GET['term']) ? contrexx_input2raw($_GET['term']) : '';
     $this->pos = !empty($_GET['pos']) ? contrexx_input2raw($_GET['pos']) : 0;
     $this->template->setVariable(array('CONTENT_TITLE' => $_ARRAYLANG['TXT_OVERVIEW'], 'CONTENT_NAVIGATION' => '<a href="index.php?cmd=Search" class="active">' . $_ARRAYLANG['TXT_OVERVIEW'] . '</a>'));
 }
Exemplo n.º 6
0
 public function modifyQuestions()
 {
     $objQuestion = new SurveyQuestion();
     $objQuestion->id = isset($_REQUEST['id']) ? (int) $_REQUEST['id'] : 0;
     $objQuestion->surveyId = isset($_GET['surveyId']) ? (int) $_GET['surveyId'] : 0;
     $objQuestion->questionType = isset($_POST['questionType']) ? (int) $_POST['questionType'] : 0;
     $objQuestion->question = isset($_POST['Question']) ? contrexx_input2raw($_POST['Question']) : '';
     $objQuestion->questionRow = isset($_POST['QuestionRow']) ? contrexx_input2raw($_POST['QuestionRow']) : '';
     $objQuestion->questionChoice = isset($_POST['ColumnChoices']) ? contrexx_input2raw($_POST['ColumnChoices']) : '';
     $objQuestion->questionAnswers = isset($_POST['QuestionAnswers']) ? contrexx_input2raw($_POST['QuestionAnswers']) : '';
     $objQuestion->isCommentable = isset($_POST['Iscomment']) ? (int) $_POST['Iscomment'] : 0;
     $objQuestion->save();
 }
 /**
  * This is called by the default ComponentController and does all the repeating work
  * 
  * This loads a template named after current $act and calls parsePage($actTemplate)
  * @todo $this->cx->getTemplate()->setVariable() should not be called here but in Cx class
  * @global array $_ARRAYLANG Language data
  * @param \Cx\Core\ContentManager\Model\Entity\Page $page Resolved page
  */
 public function getPage(\Cx\Core\ContentManager\Model\Entity\Page $page)
 {
     global $_ARRAYLANG, $subMenuTitle;
     $subMenuTitle = $_ARRAYLANG['TXT_' . strtoupper($this->getType()) . '_' . strtoupper($this->getName())];
     $cmd = array('');
     if (isset($_GET['act'])) {
         $cmd = explode('/', contrexx_input2raw($_GET['act']));
     }
     $actTemplate = new \Cx\Core\Html\Sigma($this->getDirectory(true) . '/View/Template/Backend');
     $filename = $cmd[0] . '.html';
     $testFilename = $cmd[0];
     if (!\Env::get('ClassLoader')->getFilePath($actTemplate->getRoot() . '/' . $filename)) {
         $filename = 'Default.html';
         $testFilename = 'Default';
     }
     foreach ($cmd as $index => $name) {
         if ($index == 0) {
             continue;
         }
         $testFilename .= $name;
         if (\Env::get('ClassLoader')->getFilePath($actTemplate->getRoot() . '/' . $testFilename . '.html')) {
             $filename = $testFilename . '.html';
         } else {
             break;
         }
     }
     $actTemplate->loadTemplateFile($filename);
     // todo: Messages
     $navigation = $this->parseNavigation($cmd);
     $this->parsePage($actTemplate, $cmd);
     $txt = $cmd[0];
     if (empty($txt)) {
         $txt = 'DEFAULT';
     }
     // default css and js
     if (file_exists($this->cx->getClassLoader()->getFilePath($this->getDirectory(false) . '/View/Style/Backend.css'))) {
         \JS::registerCSS(substr($this->getDirectory(false, true) . '/View/Style/Backend.css', 1));
     }
     if (file_exists($this->cx->getClassLoader()->getFilePath($this->getDirectory(false) . '/View/Script/Backend.js'))) {
         \JS::registerJS(substr($this->getDirectory(false, true) . '/View/Script/Backend.js', 1));
     }
     // finish
     $actTemplate->setGlobalVariable($_ARRAYLANG);
     \Cx\Core\Csrf\Controller\Csrf::add_placeholder($actTemplate);
     $page->setContent($actTemplate->get());
     $cachedRoot = $this->cx->getTemplate()->getRoot();
     $this->cx->getTemplate()->setRoot(\Env::get('cx')->getCodeBaseCorePath() . '/Core/View/Template/Backend');
     $this->cx->getTemplate()->addBlockfile('CONTENT_OUTPUT', 'content_master', 'ContentMaster.html');
     $this->cx->getTemplate()->setRoot($cachedRoot);
     $this->cx->getTemplate()->setVariable(array('CONTENT_NAVIGATION' => $navigation->get(), 'ADMIN_CONTENT' => $page->getContent(), 'CONTENT_TITLE' => $_ARRAYLANG['TXT_' . strtoupper($this->getType()) . '_' . strtoupper($this->getName() . '_ACT_' . $txt)]));
 }
Exemplo n.º 8
0
 /**
  * get the page
  *
  * @return string html code of the page
  * @throws FileSharingException
  */
 public function getPage()
 {
     $hash = isset($this->uriParams["hash"]) ? contrexx_input2raw($this->uriParams["hash"]) : '';
     $check = isset($this->uriParams["check"]) ? contrexx_input2raw($this->uriParams["check"]) : '';
     $uploadId = isset($this->uriParams["uploadId"]) ? contrexx_input2raw($this->uriParams["uploadId"]) : 0;
     if (!empty($uploadId)) {
         $this->files = $this->getSharedFiles($uploadId);
     }
     $act = isset($this->uriParams["act"]) ? $this->uriParams["act"] : '';
     switch ($act) {
         case "image":
             $this->loadImage($hash);
             break;
         default:
             try {
                 if (!empty($hash) && !empty($check)) {
                     $fileDeleted = $this->deleteFile($hash, $check);
                 } elseif (!empty($hash)) {
                     $this->downloadFile($hash);
                 } else {
                     if (empty($this->files) && is_array($this->files)) {
                         throw new FileSharingException('no_files_uploaded');
                     }
                 }
                 $this->objTemplate->hideBlock('error_file_not_found');
                 $this->objTemplate->hideBlock('error_no_files_uploaded');
             } catch (FileSharingException $e) {
                 switch ($e->getMessage()) {
                     case 'file_not_found':
                         $this->objTemplate->touchBlock('error_file_not_found');
                         $this->objTemplate->hideBlock('error_no_files_uploaded');
                         break;
                     case 'no_files_uploaded':
                         $this->objTemplate->touchBlock('error_no_files_uploaded');
                         $this->objTemplate->hideBlock('error_file_not_found');
                         break;
                 }
             }
             // don't show for delete page
             if (empty($hash) || isset($fileDeleted) && $fileDeleted) {
                 $this->uploadPage();
             }
             break;
     }
     FileSharingLib::cleanUp();
     return $this->objTemplate->get();
 }
 public function showOrders()
 {
     global $_ARRAYLANG;
     $term = isset($_GET['filter-term']) ? contrexx_input2raw($_GET['filter-term']) : '';
     $filterUserId = isset($_GET['filter-user-id']) ? contrexx_input2raw($_GET['filter-user-id']) : 0;
     $objFilterUser = null;
     if (!empty($term) || !empty($filterUserId)) {
         if ($filterUserId) {
             $objFilterUser = \FWUser::getFWUserObject()->objUser->getUser($filterUserId);
         }
         $orders = $this->orderRepository->findOrdersBySearchTerm($term, $objFilterUser);
     } else {
         $orders = $this->orderRepository->getAllByDesc();
     }
     $view = new \Cx\Core\Html\Controller\ViewGenerator($orders, array('header' => $_ARRAYLANG['TXT_MODULE_ORDER_ACT_DEFAULT'], 'functions' => array('add' => true, 'edit' => true, 'delete' => true, 'sorting' => true, 'paging' => true, 'filtering' => false), 'fields' => array('contactId' => array('header' => 'contactId', 'table' => array('parse' => function ($value) {
         global $_ARRAYLANG;
         $userId = \Cx\Modules\Crm\Controller\CrmLibrary::getUserIdByCrmUserId($value);
         $userName = \FWUser::getParsedUserTitle($userId);
         $crmDetailLink = "<a href='index.php?cmd=Crm&amp;act=customers&amp;tpl=showcustdetail&amp;id={$value}' \n                                                    title='{$_ARRAYLANG['TXT_MODULE_ORDER_CRM_CONTACT']}'>\n                                                    <img \n                                                        src='" . \Env::get('cx')->getCodeBaseCoreWebPath() . "/Core/View/Media/navigation_level_1_189.png' \n                                                        width='16' height='16' \n                                                        alt='{$_ARRAYLANG['TXT_MODULE_ORDER_CRM_CONTACT']}'\n                                                    />\n                                                </a>";
         $url = "<a href='index.php?cmd=Access&amp;act=user&amp;tpl=modify&amp;id={$userId}'\n                                       title='{$_ARRAYLANG['TXT_MODULE_ORDER_MODIY_USER_ACCOUNT']}'>" . $userName . "</a>" . $crmDetailLink;
         return $url;
     })), 'subscriptions' => array('header' => 'subscriptions', 'table' => array('parse' => function ($subscriptions) {
         $result = array();
         foreach ($subscriptions as $subscription) {
             $productEntity = $subscription->getProductEntity();
             $productEntityName = $subscription->getProduct()->getName();
             if (!$productEntity) {
                 continue;
             }
             $productEditLink = $productEntity;
             if (method_exists($productEntity, 'getEditLink')) {
                 $productEditLink = $productEntity->getEditLink();
             }
             $subscriptionEditUrl = '<a href=​index.php?cmd=Order&act=subscription&editid=' . $subscription->getId() . '>' . $productEntityName . '</a>';
             $result[] = $subscriptionEditUrl . ' (' . $productEditLink . ')';
         }
         return implode(', ', $result);
     })))));
     if (isset($_GET['editid']) && !empty($_GET['editid']) || isset($_GET['add']) && !empty($_GET['add'])) {
         $this->template->hideBlock("order_filter");
     } else {
         \FWUser::getUserLiveSearch(array('minLength' => 1, 'canCancel' => true, 'canClear' => true));
         $this->template->setVariable(array('TXT_MODULE_ORDER_SEARCH' => $_ARRAYLANG['TXT_MODULE_ORDER_SEARCH'], 'TXT_MODULE_ORDER_FILTER' => $_ARRAYLANG['TXT_MODULE_ORDER_FILTER'], 'TXT_MODULE_ORDER_SEARCH_TERM' => $_ARRAYLANG['TXT_MODULE_ORDER_SEARCH_TERM'], 'ORDER_SEARCH_VALUE' => isset($_GET['filter-term']) ? contrexx_input2xhtml($_GET['filter-term']) : '', 'ORDER_USER_ID' => contrexx_raw2xhtml($filterUserId), 'ORDER_USER_NAME' => $objFilterUser ? contrexx_raw2xhtml(\FWUser::getParsedUserTitle($objFilterUser)) : ''));
     }
     $this->template->setVariable('ORDERS_CONTENT', $view->render());
 }
 public function getDetailPage()
 {
     global $_ARRAYLANG, $objDatabase;
     $cx = \Cx\Core\Core\Controller\Cx::instanciate();
     $file = str_replace($cx->getWebsiteOffsetPath(), '', $_GET["path"]) . $_GET["file"];
     $objResult = $objDatabase->Execute("SELECT `id`, `file`, `source`, `hash`, `check`, `expiration_date` FROM " . DBPREFIX . "module_filesharing WHERE `source` = '" . contrexx_raw2db($file) . "'");
     $existing = $objResult !== false && $objResult->RecordCount() > 0;
     if ($_GET["switch"]) {
         if ($existing) {
             $objDatabase->Execute("DELETE FROM " . DBPREFIX . "module_filesharing WHERE `source` = '" . contrexx_raw2db($file) . "'");
         } else {
             $hash = FileSharingLib::createHash();
             $check = FileSharingLib::createCheck($hash);
             $source = str_replace($cx->getWebsiteOffsetPath(), '', $_GET["path"]) . $_GET["file"];
             $objDatabase->Execute("INSERT INTO " . DBPREFIX . "module_filesharing (`file`, `source`, `hash`, `check`) VALUES ('" . contrexx_raw2db($source) . "', '" . contrexx_raw2db($source) . "', '" . contrexx_raw2db($hash) . "', '" . contrexx_raw2db($check) . "')");
         }
         $existing = !$existing;
     }
     if ($existing) {
         $this->_objTpl->setVariable(array('FILE_STATUS' => $_ARRAYLANG["TXT_FILESHARING_SHARED"], 'FILE_STATUS_SWITCH' => $_ARRAYLANG["TXT_FILESHARING_STOP_SHARING"], 'FILE_STATUS_SWITCH_HREF' => 'index.php?cmd=Media&amp;archive=FileSharing&amp;act=filesharing&amp;path=' . $_GET["path"] . '&amp;file=' . $_GET["file"] . '&amp;switch=1'));
         $this->_objTpl->touchBlock('shared');
     } else {
         $this->_objTpl->setVariable(array('FILE_STATUS' => $_ARRAYLANG["TXT_FILESHARING_NOT_SHARED"], 'FILE_STATUS_SWITCH' => $_ARRAYLANG["TXT_FILESHARING_START_SHARING"], 'FILE_STATUS_SWITCH_HREF' => 'index.php?cmd=Media&amp;archive=FileSharing&amp;act=filesharing&amp;path=' . $_GET["path"] . '&amp;file=' . $_GET["file"] . '&amp;switch=1'));
         $this->_objTpl->hideBlock('shared');
     }
     if ($_POST["shareFiles"]) {
         $emails = array();
         foreach (preg_split('/[;,\\s]+/', $_POST["email"]) as $email) {
             if (\FWValidator::isEmail($email)) {
                 $emails[] = contrexx_input2raw($email);
             }
         }
         if (count($emails) > 0) {
             FileSharingLib::sendMail($objResult->fields["id"], $_POST["subject"], $emails, $_POST["message"]);
         }
     } elseif ($_POST["saveExpiration"]) {
         if ($_POST["expiration"]) {
             $objDatabase->Execute("UPDATE " . DBPREFIX . "module_filesharing SET `expiration_date` = NULL WHERE `id` = " . $objResult->fields["id"]);
         } else {
             $objDatabase->Execute("UPDATE " . DBPREFIX . "module_filesharing SET `expiration_date` = '" . date('Y-m-d H:i:s', strtotime($_POST["expirationDate"])) . "' WHERE `id` = " . $objResult->fields["id"]);
         }
     }
     $objResult = $objDatabase->Execute("SELECT `id`, `hash`, `check`, `expiration_date` FROM " . DBPREFIX . "module_filesharing WHERE `source` = '" . contrexx_raw2db($file) . "'");
     $this->_objTpl->setVariable(array('FORM_ACTION' => 'index.php?cmd=Media&amp;archive=FileSharing&amp;act=filesharing&amp;path=' . $_GET["path"] . '&amp;file=' . $_GET["file"], 'FORM_METHOD' => 'POST', 'FILESHARING_INFO' => $_ARRAYLANG['TXT_FILESHARING_INFO'], 'FILESHARING_LINK_BACK_HREF' => 'index.php?cmd=Media&amp;archive=FileSharing&amp;path=' . $_GET["path"], 'FILESHARING_LINK_BACK' => $_ARRAYLANG['TXT_FILESHARING_LINK_BACK'], 'FILESHARING_DOWNLOAD_LINK' => $_ARRAYLANG['TXT_FILESHARING_DOWNLOAD_LINK'], 'FILE_DOWNLOAD_LINK_HREF' => FileSharingLib::getDownloadLink($objResult->fields["id"]), 'FILE_DELETE_LINK_HREF' => FileSharingLib::getDeleteLink($objResult->fields["id"]), 'FILESHARING_DELETE_LINK' => $_ARRAYLANG['TXT_FILESHARING_DELETE_LINK'], 'FILESHARING_STATUS' => $_ARRAYLANG['TXT_FILESHARING_STATUS'], 'FILESHARING_EXPIRATION' => $_ARRAYLANG['TXT_FILESHARING_EXPIRATION'], 'FILESHARING_NEVER' => $_ARRAYLANG['TXT_FILESHARING_NEVER'], 'FILESHARING_EXPIRATION_CHECKED' => htmlentities($objResult->fields["expiration_date"] == NULL ? 'checked="checked"' : '', ENT_QUOTES, CONTREXX_CHARSET), 'FILESHARING_EXPIRATION_DATE' => htmlentities($objResult->fields["expiration_date"] != NULL ? date('d.m.Y H:i', strtotime($objResult->fields["expiration_date"])) : date('d.m.Y H:i', time() + 3600 * 24 * 7), ENT_QUOTES, CONTREXX_CHARSET), 'FILESHARING_SEND_MAIL' => $_ARRAYLANG['TXT_FILESHARING_SEND_MAIL'], 'FILESHARING_EMAIL' => $_ARRAYLANG["TXT_FILESHARING_EMAIL"], 'FILESHARING_EMAIL_INFO' => $_ARRAYLANG["TXT_FILESHARING_EMAIL_INFO"], 'FILESHARING_SUBJECT' => $_ARRAYLANG["TXT_FILESHARING_SUBJECT"], 'FILESHARING_SUBJECT_INFO' => $_ARRAYLANG["TXT_FILESHARING_SUBJECT_INFO"], 'FILESHARING_MESSAGE' => $_ARRAYLANG["TXT_FILESHARING_MESSAGE"], 'FILESHARING_MESSAGE_INFO' => $_ARRAYLANG["TXT_FILESHARING_MESSAGE_INFO"], 'FILESHARING_SEND' => $_ARRAYLANG["TXT_FILESHARING_SEND"], 'FILESHARING_SAVE' => $_ARRAYLANG["TXT_FILESHARING_SAVE"], 'TXT_CORE_MAILTEMPLATE_NOTE_TO' => $_ARRAYLANG['TXT_CORE_MAILTEMPLATE_NOTE_TO']));
 }
 /**
  * Do something before content is loaded from DB
  * 
  * @param \Cx\Core\ContentManager\Model\Entity\Page $page       The resolved page
  */
 public function preContentLoad(\Cx\Core\ContentManager\Model\Entity\Page $page)
 {
     global $section;
     switch ($this->cx->getMode()) {
         case \Cx\Core\Core\Controller\Cx::MODE_FRONTEND:
             if ($section == 'JsonData') {
                 // TODO: move this code to /core/Json/...
                 // TODO: handle expired sessions in any xhr callers.
                 $json = new \Cx\Core\Json\JsonData();
                 // TODO: Verify that the arguments are actually present!
                 $adapter = contrexx_input2raw($_GET['object']);
                 $method = contrexx_input2raw($_GET['act']);
                 // TODO: Replace arguments by something reasonable
                 $arguments = array('get' => $_GET, 'post' => $_POST);
                 echo $json->jsondata($adapter, $method, $arguments);
                 die;
             }
             break;
     }
 }
Exemplo n.º 12
0
 protected function initialize(&$arguments)
 {
     switch ($this->mode) {
         case self::MODE_DQL:
             $this->code = 'SELECT p FROM Cx\\Core\\ContentManager\\Model\\Entity\\Page p WHERE p.id < 10';
             if (!empty($arguments['code'])) {
                 $this->code = contrexx_input2raw($arguments['code']);
             }
             $this->result = '';
             break;
         case self::MODE_PHP:
         default:
             $this->code = 'return $em->getRepository(\'Cx\\Core\\ContentManager\\Model\\Entity\\Node\')->verify();';
             if (!empty($arguments['code'])) {
                 $this->code = contrexx_input2raw($arguments['code']);
             }
             $this->result = '';
             break;
     }
 }
Exemplo n.º 13
0
 /**
  * get customer search result
  *
  * @global array $_ARRAYLANG
  * @global object $objDatabase
  * @return json result
  */
 public function searchContacts()
 {
     global $objDatabase;
     $searchFields = array('companyname_filter' => isset($_REQUEST['companyname_filter']) ? contrexx_input2raw($_REQUEST['companyname_filter']) : '', 'contactSearch' => isset($_REQUEST['contactSearch']) ? (array) $_REQUEST['contactSearch'] : array(1, 2), 'advanced-search' => $_REQUEST['advanced-search'], 's_name' => $_REQUEST['s_name'], 's_email' => $_REQUEST['s_email'], 's_address' => $_REQUEST['s_address'], 's_city' => $_REQUEST['s_city'], 's_postal_code' => $_REQUEST['s_postal_code'], 's_notes' => $_REQUEST['s_notes'], 'customer_type' => $_REQUEST['customer_type'], 'filter_membership' => $_REQUEST['filter_membership'], 'term' => isset($_REQUEST['term']) ? contrexx_input2raw($_REQUEST['term']) : '', 'sorto' => $_REQUEST['sorto'], 'sortf' => $_REQUEST['sortf']);
     $objCrmLibrary = new CrmLibrary($this->getName());
     $query = $objCrmLibrary->getContactsQuery($searchFields);
     $objResult = $objDatabase->Execute($query);
     $result = array();
     if ($objResult) {
         while (!$objResult->EOF) {
             if ($objResult->fields['contact_type'] == 1) {
                 $contactName = $objResult->fields['customer_name'];
             } else {
                 $contactName = $objResult->fields['customer_name'] . " " . $objResult->fields['contact_familyname'];
             }
             $result[] = array('id' => (int) $objResult->fields['id'], 'label' => html_entity_decode(stripslashes($contactName), ENT_QUOTES, CONTREXX_CHARSET), 'value' => html_entity_decode(stripslashes($contactName), ENT_QUOTES, CONTREXX_CHARSET));
             $objResult->MoveNext();
         }
     }
     return $result;
 }
Exemplo n.º 14
0
 /**
  * Handle the calendar image upload
  * 
  * @param string $id unique form id
  * 
  * @return string image path
  */
 function _handleUpload($fieldName, $id)
 {
     $tup = self::getTemporaryUploadPath($fieldName, $id);
     $tmpUploadDir = \Env::get('cx')->getWebsitePath() . $tup[1] . '/' . $tup[2] . '/';
     //all the files uploaded are in here
     $depositionTarget = $this->uploadImgPath;
     //target folder
     $pic = '';
     //move all files
     if (!\Cx\Lib\FileSystem\FileSystem::exists($tmpUploadDir)) {
         throw new \Exception("could not find temporary upload directory '{$tmpUploadDir}'");
     }
     $h = opendir($tmpUploadDir);
     if ($h) {
         while (false !== ($f = readdir($h))) {
             // skip folders and thumbnails
             if ($f == '..' || $f == '.' || preg_match("/(?:\\.(?:thumb_thumbnail|thumb_medium|thumb_large)\\.[^.]+\$)|(?:\\.thumb)\$/i", $f)) {
                 continue;
             }
             //do not overwrite existing files.
             $prefix = '';
             while (file_exists($depositionTarget . $prefix . $f)) {
                 if (empty($prefix)) {
                     $prefix = 0;
                 }
                 $prefix++;
             }
             // move file
             try {
                 $objFile = new \Cx\Lib\FileSystem\File($tmpUploadDir . $f);
                 $fileInfo = pathinfo($tmpUploadDir . $f);
                 $objFile->move($depositionTarget . $prefix . $f, false);
                 $imageName = $prefix . $f;
                 if (in_array($fileInfo['extension'], array('gif', 'jpg', 'jpeg', 'png'))) {
                     $objImage = new \ImageManager();
                     $objImage->_createThumb($this->uploadImgPath, $this->uploadImgWebPath, $imageName, 180);
                 }
                 $pic = contrexx_input2raw($this->uploadImgWebPath . $imageName);
                 // abort after one file has been fetched, as all event upload
                 // fields do allow a single file only anyway
                 break;
             } catch (\Cx\Lib\FileSystem\FileSystemException $e) {
                 \DBG::msg($e->getMessage());
             }
         }
     }
     return $pic;
 }
Exemplo n.º 15
0
 /**
  * Updates shippers and shipments that have been changed in the form
  *
  * Backend use only.
  * @return  boolean                     True on success, false an failure,
  *                                      null on noop.
  * @static
  */
 static function update_shipments_from_post()
 {
     if (empty($_POST['bshipment'])) {
         return null;
     }
     $success = true;
     $changed = false;
     // Update all shipment conditions
     if (!empty($_POST['max_weight'])) {
         foreach ($_POST['max_weight'] as $shipment_id => $max_weight) {
             $max_weight = Weight::getWeight(contrexx_input2raw($max_weight));
             $shipper_id = intval($_POST['sid'][$shipment_id]);
             $fee = floatval($_POST['fee'][$shipment_id]);
             $free_from = floatval($_POST['free_from'][$shipment_id]);
             if ($max_weight == Weight::getWeight(self::$arrShipments[$shipper_id][$shipment_id]['max_weight']) && $free_from == self::$arrShipments[$shipper_id][$shipment_id]['free_from'] && $fee == self::$arrShipments[$shipper_id][$shipment_id]['fee']) {
                 continue;
             }
             //DBG::log("Shipment::update_shipments_from_post(): max_weight $max_weight == ".self::$arrShipments[$shipper_id][$shipment_id]['max_weight'].", free_from $free_from == ".self::$arrShipments[$shipper_id][$shipment_id]['free_from'].", fee $fee == ".self::$arrShipments[$shipper_id][$shipment_id]['fee']);
             $changed = true;
             $success &= self::_update_shipment($shipment_id, $shipper_id, $fee, $free_from, $max_weight);
         }
     }
     foreach ($_POST['shipper_name'] as $shipper_id => $shipper_name) {
         $shipper_name = contrexx_input2raw($shipper_name);
         $active = !empty($_POST['active'][$shipper_id]);
         $zone_id = intval($_POST['zone_id'][$shipper_id]);
         $zone_id_old = Zones::getZoneIdByShipperId($shipper_id);
         if ($shipper_name == self::$arrShippers[$shipper_id]['name'] && $active == self::$arrShippers[$shipper_id]['active'] && $zone_id == $zone_id_old) {
             continue;
         }
         $changed = true;
         $success &= self::_update_shipper($shipper_id, $active);
         $success &= self::_rename_shipper($shipper_id, $shipper_name);
         $success &= Zones::update_shipper_relation($zone_id, $shipper_id);
     }
     if ($changed) {
         return $success;
     }
     return null;
 }
 private function performLanguageAction($action, $params)
 {
     global $_CORELANG;
     // Global access check
     if (!\Permission::checkAccess(6, 'static', true) || !\Permission::checkAccess(35, 'static', true)) {
         throw new \Cx\Core\ContentManager\ContentManagerException($_CORELANG['TXT_CORE_CM_USAGE_DENIED']);
     }
     if (!\Permission::checkAccess(53, 'static', true)) {
         throw new \Cx\Core\ContentManager\ContentManagerException($_CORELANG['TXT_CORE_CM_COPY_DENIED']);
     }
     if (!isset($params['get']) || !isset($params['get']['to'])) {
         throw new \Cx\Core\ContentManager\ContentManagerException('Illegal parameter list');
     }
     $em = \Env::get('em');
     $nodeRepo = $em->getRepository('Cx\\Core\\ContentManager\\Model\\Entity\\Node');
     $targetLang = contrexx_input2raw($params['get']['to']);
     $fromLang = \FWLanguage::getFallbackLanguageIdById($targetLang);
     if ($fromLang === false) {
         throw new \Cx\Core\ContentManager\ContentManagerException('Language has no fallback to copy/link from');
     }
     $toLangCode = \FWLanguage::getLanguageCodeById($targetLang);
     if ($toLangCode === false) {
         throw new \Cx\Core\ContentManager\ContentManagerException('Could not get id for language #"' . $targetLang . '"');
     }
     $limit = 0;
     $offset = 0;
     if (isset($params['get']['limit'])) {
         $limit = contrexx_input2raw($params['get']['limit']);
     }
     if (isset($params['get']['offset'])) {
         $offset = contrexx_input2raw($params['get']['offset']);
     }
     $result = $nodeRepo->translateRecursive($nodeRepo->getRoot(), $fromLang, $targetLang, $action == 'copy', $limit, $offset);
     return $result;
 }
Exemplo n.º 17
0
 /**
  * This function is used to delete an entry
  *
  * @param string $entityWithNS class name including namespace
  * @access protected
  * @global array $_ARRAYLANG array containing the language variables
  * @throws \Doctrine\ORM\OptimisticLockException
  * @throws \Doctrine\ORM\TransactionRequiredException
  * @throws \Exception
  */
 protected function removeEntry($entityWithNS)
 {
     global $_ARRAYLANG;
     $cx = \Cx\Core\Core\Controller\Cx::instanciate();
     $em = $cx->getDb()->getEntityManager();
     $deleteId = !empty($_GET['deleteid']) ? contrexx_input2raw($_GET['deleteid']) : '';
     $entityObject = $this->object->getEntry($deleteId);
     if (empty($entityObject)) {
         \Message::add($_ARRAYLANG['TXT_CORE_RECORD_NO_SUCH_ENTRY'], \Message::CLASS_ERROR);
         return;
     }
     $entityObj = $em->getClassMetadata($entityWithNS);
     $id = $entityObject[$entityObj->getSingleIdentifierFieldName()];
     //get primary key value
     // delete all n associated entries, because the are not longer used and we can delete the main entry only if we
     // have no more n associated entries
     $pageRepo = $em->getRepository($entityWithNS);
     $associationMappings = $entityObj->getAssociationMappings();
     foreach ($associationMappings as $mapping => $value) {
         // we only need to delete the n associated values, the single associated will be handled by doctrine itself
         if (!$entityObj->isCollectionValuedAssociation($mapping)) {
             continue;
         }
         $mainEntity = $pageRepo->find($id);
         $associatedEntities = $mainEntity->{'get' . preg_replace('/_([a-z])/', '\\1', ucfirst($mapping))}();
         foreach ($associatedEntities as $associatedEntity) {
             $em->remove($associatedEntity);
         }
     }
     if (!empty($id)) {
         $entityObj = $em->getRepository($entityWithNS)->find($id);
         if (!empty($entityObj)) {
             if ($entityObj instanceof \Cx\Core\Model\Model\Entity\YamlEntity) {
                 $ymlRepo = $em->getRepository($entityWithNS);
                 $ymlRepo->remove($entityObj);
                 $ymlRepo->flush();
             } else {
                 $em->remove($entityObj);
                 $em->flush();
             }
             \Message::add($_ARRAYLANG['TXT_CORE_RECORD_DELETED_SUCCESSFUL']);
         }
     }
     $actionUrl = clone $cx->getRequest()->getUrl();
     $actionUrl->setParam('deleteid', null);
     \Cx\Core\Csrf\Controller\Csrf::redirect($actionUrl);
 }
Exemplo n.º 18
0
 protected function verifyUserAccount()
 {
     $email = !empty($_GET['u']) ? contrexx_input2raw($_GET['u']) : null;
     $key = !empty($_GET['key']) ? contrexx_input2raw($_GET['key']) : null;
     if (empty($email) || empty($key)) {
         // TODO: implement error message
     }
     if (!\FWUser::getFWUserObject()->verifyUserAccount($email, $key)) {
         // TODO: implement error message
     }
     \Cx\Core\Csrf\Controller\Csrf::header('Location: index.php?cmd=Home');
     exit;
 }
Exemplo n.º 19
0
 function showSearch()
 {
     global $_ARRAYLANG, $_CORELANG;
     $this->_objTpl->setTemplate($this->pageContent, true, true);
     //get searchform
     if ($this->_objTpl->blockExists($this->moduleNameLC . 'Searchform')) {
         $objSearch = new MediaDirectorySearch($this->moduleName);
         $objSearch->getSearchform($this->_objTpl);
     }
     $_GET['term'] = trim($_GET['term']);
     $cmd = isset($_GET['cmd']) ? contrexx_input2raw($_GET['cmd']) : '';
     $intLimitEnd = intval($this->arrSettings['settingsPagingNumEntries']);
     if (!empty($cmd)) {
         $objForms = new MediaDirectoryForm(null, $this->moduleName);
         foreach ($objForms->arrForms as $intFormId => $arrForm) {
             if (!empty($arrForm['formCmd']) && $arrForm['formCmd'] === $cmd && !empty($arrForm['formEntriesPerPage'])) {
                 $intLimitEnd = $arrForm['formEntriesPerPage'];
                 break;
             }
         }
     }
     $intLimitStart = isset($_GET['pos']) ? intval($_GET['pos']) : 0;
     if (!empty($_GET['term']) || $_GET['type'] == 'exp') {
         $objSearch = new MediaDirectorySearch($this->moduleName);
         $objSearch->searchEntries($_GET);
         $objEntries = new MediaDirectoryEntry($this->moduleName);
         if (!empty($objSearch->arrFoundIds)) {
             $intNumEntries = count($objSearch->arrFoundIds);
             for ($i = $intLimitStart; $i < $intLimitStart + $intLimitEnd; $i++) {
                 $intEntryId = isset($objSearch->arrFoundIds[$i]) ? $objSearch->arrFoundIds[$i] : 0;
                 if (intval($intEntryId) != 0) {
                     $objEntries->getEntries($intEntryId, null, null, null, null, null, 1, 0, 1, null, null);
                 }
             }
             $objEntries->listEntries($this->_objTpl, 2);
             $urlParams = $_GET;
             unset($urlParams['pos']);
             unset($urlParams['section']);
             if ($intNumEntries > $intLimitEnd) {
                 $strPaging = getPaging($intNumEntries, $intLimitStart, $urlParams, "<b>" . $_ARRAYLANG['TXT_MEDIADIR_ENTRIES'] . "</b>", true, $intLimitEnd);
                 $this->_objTpl->setGlobalVariable(array($this->moduleLangVar . '_PAGING' => $strPaging));
             }
         } else {
             $this->_objTpl->setVariable(array('TXT_' . $this->moduleLangVar . '_SEARCH_MESSAGE' => $_ARRAYLANG['TXT_MEDIADIR_NO_ENTRIES_FOUND']));
         }
     } else {
         $this->_objTpl->setVariable(array('TXT_' . $this->moduleLangVar . '_SEARCH_MESSAGE' => $_ARRAYLANG['TXT_MEDIADIR_NO_SEARCH_TERM']));
     }
 }
Exemplo n.º 20
0
 /**
  * Get data from contact form submit
  *
  * Reads out the data that has been submited by the visitor.
  * @access private
  * @global array
  * @global array
  * @see getContactFormDetails(), getFormFields(), _uploadFiles(),
  * @return mixed An array with the contact details or FALSE if an error occurs
  */
 function _getContactFormData()
 {
     global $_ARRAYLANG, $_CONFIG, $_LANGID;
     if (isset($_POST) && !empty($_POST)) {
         $arrFormData = array();
         $arrFormData['id'] = isset($_GET['cmd']) ? intval($_GET['cmd']) : 0;
         if ($this->getContactFormDetails($arrFormData['id'], $arrFormData['emails'], $arrFormData['subject'], $arrFormData['feedback'], $arrFormData['mailTemplate'], $arrFormData['showForm'], $arrFormData['useCaptcha'], $arrFormData['sendCopy'], $arrFormData['useEmailOfSender'], $arrFormData['htmlMail'], $arrFormData['sendAttachment'], $arrFormData['saveDataInCRM'], $arrFormData['crmCustomerGroups'])) {
             $arrFormData['fields'] = $this->getFormFields($arrFormData['id']);
             foreach ($arrFormData['fields'] as $field) {
                 $this->arrFormFields[] = $field['lang'][$_LANGID]['name'];
             }
         } else {
             $arrFormData['id'] = 0;
             $arrFormData['emails'] = explode(',', $_CONFIG['contactFormEmail']);
             $arrFormData['subject'] = $_ARRAYLANG['TXT_CONTACT_FORM'] . " " . $_CONFIG['domainUrl'];
             $arrFormData['showForm'] = 1;
             //$arrFormData['sendCopy'] = 0;
             $arrFormData['htmlMail'] = 1;
         }
         // TODO: check if _uploadFiles does something dangerous with $arrFormData['fields'] (this is raw data!)
         $arrFormData['uploadedFiles'] = $this->_uploadFiles($arrFormData['fields']);
         foreach ($_POST as $key => $value) {
             if (($value == 0 || !empty($value)) && !in_array($key, array('Submit', 'submitContactForm', 'contactFormCaptcha'))) {
                 $id = intval(substr($key, 17));
                 if (isset($arrFormData['fields'][$id])) {
                     $key = $arrFormData['fields'][$id]['lang'][$_LANGID]['name'];
                 } else {
                     $key = contrexx_input2raw($key);
                 }
                 if (is_array($value)) {
                     $value = implode(', ', $value);
                 }
                 $arrFormData['data'][$id] = contrexx_input2raw($value);
             }
         }
         if (isset($_SERVER["HTTP_X_FORWARDED_FOR"]) && !empty($_SERVER["HTTP_X_FORWARDED_FOR"])) {
             $arrFormData['meta']['ipaddress'] = contrexx_input2raw($_SERVER["HTTP_X_FORWARDED_FOR"]);
         } else {
             $arrFormData['meta']['ipaddress'] = contrexx_input2raw($_SERVER["REMOTE_ADDR"]);
         }
         $arrFormData['meta']['time'] = time();
         $arrFormData['meta']['host'] = contrexx_input2raw(@gethostbyaddr($arrFormData['meta']['ipaddress']));
         $arrFormData['meta']['lang'] = contrexx_input2raw($_SERVER["HTTP_ACCEPT_LANGUAGE"]);
         $arrFormData['meta']['browser'] = contrexx_input2raw($_SERVER["HTTP_USER_AGENT"]);
         return $arrFormData;
     }
     return false;
 }
Exemplo n.º 21
0
/**
 * Unescapes data from any request and encodes it for use with [X]HTML
 *
 * Apply to any string or array taken from a get or post request, or from a
 * cookie before writing it to the HTML response stream.
 * @param   mixed   $input    The input string or array
 * @return  mixed             The unescaped HTML encoded string or array
 */
function contrexx_input2xhtml($input)
{
    return contrexx_raw2xhtml(contrexx_input2raw($input));
}
Exemplo n.º 22
0
 public function __construct($entity, $actionUrl = null, $entityClass = '', $title = '', $options = array(), $entityId = 0, $componentOptions)
 {
     $this->componentOptions = $componentOptions;
     $this->formId = static::$formIncrement;
     static::$formIncrement++;
     $this->options = $options;
     $this->entity = $entity;
     // Remove the virtual element from array
     unset($entity['virtual']);
     if (empty($entityClass) && is_object($entity)) {
         $entityClass = get_class($entity);
     }
     $this->entityClass = $entityClass;
     if (empty($title)) {
         $title = $entityClass;
     }
     \JS::registerCSS(\Env::get('cx')->getCoreFolderName() . '/Html/View/Style/Backend.css');
     $this->form = new \Cx\Core\Html\Model\Entity\FormElement($actionUrl, 'post', \Cx\Core\Html\Model\Entity\FormElement::ENCTYPE_MULTIPART_FORMDATA, !isset($options['functions']) || !isset($options['functions']['formButtons']) || $options['functions']['formButtons'] == true);
     $this->form->setAttribute('id', 'form-' . $this->formId);
     $this->form->setAttribute('class', 'cx-ui');
     $titleElement = new \Cx\Core\Html\Model\Entity\HtmlElement('legend');
     $titleElement->addChild(new \Cx\Core\Html\Model\Entity\TextElement($title));
     $this->form->addChild($titleElement);
     // @todo replace this by auto-find editid
     if (isset($_REQUEST['editid'])) {
         $editIdField = new \Cx\Core\Html\Model\Entity\DataElement('editid', contrexx_input2raw($_REQUEST['editid']), 'input');
         $editIdField->setAttribute('type', 'hidden');
         $this->form->addChild($editIdField);
     }
     // foreach entity field
     foreach ($entity as $field => $value) {
         $type = null;
         if (!empty($options[$field]['type'])) {
             $type = $options[$field]['type'];
         }
         if (is_object($value)) {
             if ($value instanceof \Cx\Model\Base\EntityBase) {
                 $type = 'Cx\\Model\\Base\\EntityBase';
             } elseif ($value instanceof \Doctrine\Common\Collections\Collection) {
                 continue;
             } else {
                 $type = get_class($value);
             }
         }
         $length = 0;
         $value = $entity[$field];
         $fieldOptions = array();
         if (isset($options['fields']) && isset($options['fields'][$field])) {
             $fieldOptions = $options['fields'][$field];
         }
         if (!empty($fieldOptions['type'])) {
             $type = $fieldOptions['type'];
         }
         $dataElement = $this->getDataElement($field, $type, $length, $value, $fieldOptions, $entityId);
         if (empty($dataElement)) {
             continue;
         }
         $dataElement->setAttribute('id', 'form-' . $this->formId . '-' . $field);
         if ($type == 'hidden') {
             $element = $dataElement;
         } else {
             $element = $this->getDataElementGroup($field, $dataElement, $fieldOptions);
         }
         $this->form->addChild($element);
     }
     if (isset($options['cancelUrl'])) {
         $this->form->cancelUrl = $options['cancelUrl'];
     }
 }
Exemplo n.º 23
0
 /**
  * Display and editing Media settings
  *
  * @return    string    parsed content
  */
 function _settings()
 {
     global $_CORELANG, $_ARRAYLANG, $objDatabase;
     \JS::activate('jquery');
     $this->_arrSettings = $this->createSettingsArray();
     $objFWUser = \FWUser::getFWUserObject();
     $this->_objTpl->loadTemplateFile('module_media_settings.html', true, true);
     $archive = '';
     if (isset($_GET['archive'])) {
         $archive = contrexx_input2raw($_GET['archive']);
     }
     if ($archive == 'FileSharing') {
         $this->_objTpl->hideBlock('mediaarchive_section');
         $objFileshare = new \Cx\Modules\FileSharing\Controller\FileSharingManager($this->_objTpl);
         $objFileshare->parseSettingsPage();
     } else {
         $this->_objTpl->touchBlock('mediaarchive_section');
     }
     $this->pageTitle = $_ARRAYLANG['TXT_MEDIA_SETTINGS'];
     $this->_objTpl->setGlobalVariable(array('TXT_MEDIA_ARCHIVE' => $_ARRAYLANG['TXT_MEDIA_ARCHIVE'], 'TXT_FILESHARING' => $_ARRAYLANG['TXT_FILESHARING_MODULE'], 'TXT_MEDIA_SETTINGS' => $_ARRAYLANG['TXT_MEDIA_SETTINGS'], 'TXT_MEDIA_ADD' => $_ARRAYLANG['TXT_MEDIA_ADD'], 'TXT_MEDIA_MANAGE' => $_ARRAYLANG['TXT_MEDIA_MANAGE'], 'TXT_MEDIA_ACCESS_SETTINGS' => $_ARRAYLANG['TXT_MEDIA_ACCESS_SETTINGS'], 'TXT_MEDIA_FRONTEND_FILE_UPLOAD_DESC' => $_ARRAYLANG['TXT_MEDIA_FRONTEND_FILE_UPLOAD_DESC'], 'TXT_MEDIA_FRONTEND_FILE_UPLOAD' => $_ARRAYLANG['TXT_MEDIA_FRONTEND_FILE_UPLOAD'], 'TXT_MEDIA_ADDING_DENIED_FOR_ALL' => $_ARRAYLANG['TXT_MEDIA_ADDING_DENIED_FOR_ALL'], 'TXT_MEDIA_ADDING_ALLOWED_FOR_ALL' => $_ARRAYLANG['TXT_MEDIA_ADDING_ALLOWED_FOR_ALL'], 'TXT_MEDIA_ADDING_ALLOWED_FOR_GROUP' => $_ARRAYLANG['TXT_MEDIA_ADDING_ALLOWED_FOR_GROUP'], 'TXT_MEDIA_AVAILABLE_USER_GROUPS' => $_ARRAYLANG['TXT_MEDIA_AVAILABLE_USER_GROUPS'], 'TXT_MEDIA_ASSIGNED_USER_GROUPS' => $_ARRAYLANG['TXT_MEDIA_ASSIGNED_USER_GROUPS'], 'TXT_MEDIA_CHECK_ALL' => $_ARRAYLANG['TXT_MEDIA_CHECK_ALL'], 'TXT_MEDIA_UNCHECK_ALL' => $_ARRAYLANG['TXT_MEDIA_UNCHECK_ALL'], 'TXT_BUTTON_SAVE' => $_ARRAYLANG['TXT_MEDIA_SAVE']));
     for ($k = 1; $k <= 4; $k++) {
         $arrAssociatedGroupOptions = array();
         $arrNotAssociatedGroupOptions = array();
         $arrAssociatedGroups = array();
         $arrAssociatedGroupManageOptions = array();
         $arrNotAssociatedGroupManageOptions = array();
         $arrAssociatedManageGroups = array();
         $mediaAccessSetting = $this->_arrSettings['media' . $k . '_frontend_changable'];
         $mediaManageSetting = $this->_arrSettings['media' . $k . '_frontend_managable'];
         if (!is_numeric($mediaAccessSetting)) {
             // Get all groups
             $objGroup = $objFWUser->objGroup->getGroups();
         } else {
             // Get access groups
             $objGroup = $objFWUser->objGroup->getGroups(array('dynamic' => $mediaAccessSetting));
             $arrAssociatedGroups = $objGroup->getLoadedGroupIds();
         }
         $objGroup = $objFWUser->objGroup->getGroups();
         while (!$objGroup->EOF) {
             $option = '<option value="' . $objGroup->getId() . '">' . htmlentities($objGroup->getName(), ENT_QUOTES, CONTREXX_CHARSET) . ' [' . $objGroup->getType() . ']</option>';
             if (in_array($objGroup->getId(), $arrAssociatedGroups)) {
                 $arrAssociatedGroupOptions[] = $option;
             } else {
                 $arrNotAssociatedGroupOptions[] = $option;
             }
             $objGroup->next();
         }
         if (!is_numeric($mediaManageSetting)) {
             // Get all groups
             $objGroup = $objFWUser->objGroup->getGroups();
         } else {
             // Get access groups
             $objGroup = $objFWUser->objGroup->getGroups(array('dynamic' => $mediaManageSetting));
             $arrAssociatedManageGroups = $objGroup->getLoadedGroupIds();
         }
         $objGroup = $objFWUser->objGroup->getGroups();
         while (!$objGroup->EOF) {
             $option = '<option value="' . $objGroup->getId() . '">' . htmlentities($objGroup->getName(), ENT_QUOTES, CONTREXX_CHARSET) . ' [' . $objGroup->getType() . ']</option>';
             if (in_array($objGroup->getId(), $arrAssociatedManageGroups)) {
                 $arrAssociatedGroupManageOptions[] = $option;
             } else {
                 $arrNotAssociatedGroupManageOptions[] = $option;
             }
             $objGroup->next();
         }
         $this->_objTpl->setVariable(array('MEDIA_ARCHIVE_NUMBER' => $k, 'MEDIA_TAB_STYLE' => $k == 1 ? 'block' : 'none', 'MEDIA_ALLOW_USER_CHANGE_ON' => $this->_arrSettings['media' . $k . '_frontend_changable'] == 'on' ? 'checked="checked"' : '', 'MEDIA_ALLOW_USER_CHANGE_OFF' => $this->_arrSettings['media' . $k . '_frontend_changable'] == 'off' ? 'checked="checked"' : '', 'MEDIA_ALLOW_USER_CHANGE_GROUP' => is_numeric($this->_arrSettings['media' . $k . '_frontend_changable']) ? 'checked="checked"' : '', 'MEDIA_ACCESS_DISPLAY' => is_numeric($this->_arrSettings['media' . $k . '_frontend_changable']) ? 'block' : 'none', 'MEDIA_ACCESS_ASSOCIATED_GROUPS' => implode("\n", $arrAssociatedGroupOptions), 'MEDIA_ACCESS_NOT_ASSOCIATED_GROUPS' => implode("\n", $arrNotAssociatedGroupOptions), 'MEDIA_ALLOW_USER_MANAGE_ON' => $this->_arrSettings['media' . $k . '_frontend_managable'] == 'on' ? 'checked="checked"' : '', 'MEDIA_ALLOW_USER_MANAGE_OFF' => $this->_arrSettings['media' . $k . '_frontend_managable'] == 'off' ? 'checked="checked"' : '', 'MEDIA_ALLOW_USER_MANAGE_GROUP' => is_numeric($this->_arrSettings['media' . $k . '_frontend_managable']) ? 'checked="checked"' : '', 'MEDIA_MANAGE_DISPLAY' => is_numeric($this->_arrSettings['media' . $k . '_frontend_managable']) ? 'block' : 'none', 'MEDIA_MANAGE_ASSOCIATED_GROUPS' => implode("\n", $arrAssociatedGroupManageOptions), 'MEDIA_MANAGE_NOT_ASSOCIATED_GROUPS' => implode("\n", $arrNotAssociatedGroupManageOptions)));
         if ($this->_objTpl->blockExists("mediaAccessSection")) {
             $this->_objTpl->parse("mediaAccessSection");
         }
     }
 }
Exemplo n.º 24
0
 /**
  * Remove the file from folder widget
  *
  * @param array $params array from json request
  */
 public function removeFileFromFolderWidget($params)
 {
     \cmsSession::getInstance();
     $folderWidgetId = isset($params['get']['widget']) ? contrexx_input2int($params['get']['widget']) : 0;
     if (empty($folderWidgetId) || empty($_SESSION['MediaBrowser']['FolderWidget'][$folderWidgetId]) || $_SESSION['MediaBrowser']['FolderWidget'][$folderWidgetId]['mode'] == \Cx\Core_Modules\MediaBrowser\Model\Entity\FolderWidget::MODE_VIEW_ONLY) {
         return false;
     }
     $path = !empty($params['get']['file']) ? contrexx_input2raw($params['get']['file']) : null;
     if (empty($path)) {
         return false;
     }
     $folder = $_SESSION['MediaBrowser']['FolderWidget'][$folderWidgetId]['folder'];
     $localFileSystem = new \Cx\Core\MediaSource\Model\Entity\LocalFileSystem($folder);
     $file = '/' . $path;
     $objFile = new \Cx\Core\MediaSource\Model\Entity\LocalFile($file);
     $this->setMessage($localFileSystem->removeFile($objFile));
     return array();
 }
Exemplo n.º 25
0
 /**
  * Adding Crm Contact and link it with crm company if possible
  *
  * @param Array $arrFormData form data's
  * @param int $userAccountId
  * @param int $frontendLanguage
  * @global <object> $objDatabase
  * @global int $_LANGID
  *
  */
 function setContactPersonProfile($arrFormData = array(), $userAccountId = 0, $frontendLanguage)
 {
     global $objDatabase, $_LANGID;
     $this->contact = new \Cx\Modules\Crm\Model\Entity\CrmContact();
     if (!empty($userAccountId)) {
         $userExists = $objDatabase->Execute("SELECT id FROM `" . DBPREFIX . "module_{$this->moduleNameLC}_contacts` WHERE user_account = {$userAccountId}");
         if ($userExists && $userExists->RecordCount()) {
             $id = (int) $userExists->fields['id'];
             $this->contact->load($id);
             $this->contact->customerName = !empty($arrFormData['firstname'][0]) ? contrexx_input2raw($arrFormData['firstname'][0]) : '';
             $this->contact->family_name = !empty($arrFormData['lastname'][0]) ? contrexx_input2raw($arrFormData['lastname'][0]) : '';
             $this->contact->contact_language = !empty($frontendLanguage) ? (int) $frontendLanguage : $_LANGID;
             $this->contact->contact_gender = !empty($arrFormData['gender'][0]) ? $arrFormData['gender'][0] == 'gender_female' ? 1 : ($arrFormData['gender'][0] == 'gender_male' ? 2 : '') : '';
             $this->contact->contactType = 2;
             $this->contact->datasource = 2;
             $this->contact->account_id = $userAccountId;
             //set profile picture
             if (!empty($arrFormData['picture'][0])) {
                 $picture = $arrFormData['picture'][0];
                 $cx = \Cx\Core\Core\Controller\Cx::instanciate();
                 if (!file_exists($cx->getWebsiteImagesCrmProfilePath() . '/' . $picture)) {
                     $file = $cx->getWebsiteImagesAccessProfilePath() . '/';
                     $newFile = $cx->getWebsiteImagesCrmProfilePath() . '/';
                     if (copy($file . $picture, $newFile . $picture)) {
                         if ($this->createThumbnailOfPicture($picture)) {
                             $this->contact->profile_picture = $picture;
                         }
                     }
                 }
             } else {
                 $this->contact->profile_picture = 'profile_person_big.png';
             }
             // save current setting values, so we can switch back to them after we got our used settings out of database
             $prevSection = \Cx\Core\Setting\Controller\Setting::getCurrentSection();
             $prevGroup = \Cx\Core\Setting\Controller\Setting::getCurrentGroup();
             $prevEngine = \Cx\Core\Setting\Controller\Setting::getCurrentEngine();
             \Cx\Core\Setting\Controller\Setting::init('Crm', 'config');
             if ($arrFormData["company"][0] != "") {
                 $crmCompany = new \Cx\Modules\Crm\Model\Entity\CrmContact();
                 if ($this->contact->contact_customer != 0) {
                     $crmCompany->load($this->contact->contact_customer);
                 }
                 $crmCompany->customerName = $arrFormData["company"][0];
                 $crmCompany->contactType = 1;
                 $customerType = $arrFormData[\Cx\Core\Setting\Controller\Setting::getValue('user_profile_attribute_customer_type', 'Crm')][0];
                 if ($customerType !== false) {
                     $crmCompany->customerType = $customerType;
                 }
                 $companySize = $arrFormData[\Cx\Core\Setting\Controller\Setting::getValue('user_profile_attribute_company_size', 'Crm')][0];
                 if ($companySize !== false) {
                     $crmCompany->companySize = $companySize;
                 }
                 $industryType = $arrFormData[\Cx\Core\Setting\Controller\Setting::getValue('user_profile_attribute_industry_type', 'Crm')][0];
                 if ($industryType !== false) {
                     $crmCompany->industryType = $industryType;
                 }
                 if (isset($arrFormData["phone_office"])) {
                     $crmCompany->phone = $arrFormData["phone_office"];
                 }
                 // store/update the company profile
                 $crmCompany->save();
                 // setting & storing the primary email address must be done after
                 // the company has been saved for the case where the company is
                 // being added as a new object without having an ID yet
                 if (empty($crmCompany->email)) {
                     $crmCompany->email = $this->contact->email;
                     $crmCompany->storeEMail();
                 }
                 $this->contact->contact_customer = $crmCompany->id;
             }
             if ($this->contact->save()) {
                 // insert website
                 if (!empty($arrFormData['website'][0])) {
                     $webExists = $objDatabase->SelectLimit("SELECT 1 FROM `" . DBPREFIX . "module_{$this->moduleNameLC}_customer_contact_websites` WHERE is_primary = '1' AND contact_id = '{$this->contact->id}'");
                     $fields = array('url' => $arrFormData['website'][0], 'url_profile' => '1', 'is_primary' => '1', 'contact_id' => $this->contact->id);
                     if ($webExists) {
                         $query = \SQL::update("module_{$this->moduleNameLC}_customer_contact_websites", $fields, array('escape' => true)) . " WHERE is_primary = '1' AND `contact_id` = {$this->contact->id}";
                     } else {
                         $query = \SQL::insert("module_{$this->moduleNameLC}_customer_contact_websites", $fields, array('escape' => true));
                     }
                     $db = $objDatabase->Execute($query);
                 }
                 //insert address
                 if (!empty($arrFormData['address'][0]) || !empty($arrFormData['city'][0]) || !empty($arrFormData['zip'][0]) || !empty($arrFormData['country'][0])) {
                     $addressExists = $objDatabase->SelectLimit("SELECT 1 FROM `" . DBPREFIX . "module_{$this->moduleNameLC}_customer_contact_address` WHERE is_primary = '1' AND contact_id = '{$this->contact->id}'");
                     $country = \Cx\Core\Country\Controller\Country::getById($arrFormData['country'][0]);
                     if ($addressExists && $addressExists->RecordCount()) {
                         $query = "UPDATE `" . DBPREFIX . "module_{$this->moduleNameLC}_customer_contact_address` SET\n                                    address      = '" . contrexx_input2db($arrFormData['address'][0]) . "',\n                                    city         = '" . contrexx_input2db($arrFormData['city'][0]) . "',\n                                    zip          = '" . contrexx_input2db($arrFormData['zip'][0]) . "',\n                                    country      = '" . $country['name'] . "',\n                                    Address_Type = '2'\n                                 WHERE is_primary   = '1' AND contact_id   = '{$this->contact->id}'";
                     } else {
                         $query = "INSERT INTO `" . DBPREFIX . "module_{$this->moduleNameLC}_customer_contact_address` SET\n                                    address      = '" . contrexx_input2db($arrFormData['address'][0]) . "',\n                                    city         = '" . contrexx_input2db($arrFormData['city'][0]) . "',\n                                    state        = '" . contrexx_input2db($arrFormData['city'][0]) . "',\n                                    zip          = '" . contrexx_input2db($arrFormData['zip'][0]) . "',\n                                    country      = '" . $country['name'] . "',\n                                    Address_Type = '2',\n                                    is_primary   = '1',\n                                    contact_id   = '{$this->contact->id}'";
                     }
                     $objDatabase->Execute($query);
                 }
                 // insert Phone
                 $contactPhone = array();
                 if (!empty($arrFormData['phone_office'][0])) {
                     $phoneExists = $objDatabase->SelectLimit("SELECT 1 FROM `" . DBPREFIX . "module_{$this->moduleNameLC}_customer_contact_phone` WHERE is_primary = '1' AND contact_id = '{$this->contact->id}'");
                     $fields = array('phone' => $arrFormData['phone_office'][0], 'phone_type' => '1', 'is_primary' => '1', 'contact_id' => $this->contact->id);
                     if ($phoneExists && $phoneExists->RecordCount()) {
                         $query = \SQL::update("module_{$this->moduleNameLC}_customer_contact_phone", $fields, array('escape' => true)) . " WHERE is_primary = '1' AND `contact_id` = {$this->contact->id}";
                     } else {
                         $query = \SQL::insert("module_{$this->moduleNameLC}_customer_contact_phone", $fields, array('escape' => true));
                     }
                     $objDatabase->Execute($query);
                 }
             }
             \Cx\Core\Setting\Controller\Setting::init($prevSection, $prevGroup, $prevEngine);
         }
     }
 }
Exemplo n.º 26
0
 /**
  * Updates existing Payments with its data present in the $_POST array,
  * if any
  *
  * Returns null if no Payment data is present.
  * @return    boolean           True on success, false on failure, or null
  * @static
  */
 static function update()
 {
     global $objDatabase;
     if (empty($_POST['bpayment'])) {
         return null;
     }
     if (is_null(self::$arrPayments)) {
         self::init();
     }
     $result = true;
     $changed = false;
     foreach ($_POST['name'] as $payment_id => $name) {
         $payment_id = intval($payment_id);
         $name = contrexx_input2raw($name);
         $fee = floatval($_POST['fee'][$payment_id]);
         $free_from = floatval($_POST['free_from'][$payment_id]);
         $processor_id = intval($_POST['processor_id'][$payment_id]);
         // NTH: The ordinal is implemented, but unused yet
         //            $ord = intval($_POST['ord'][$payment_id]);
         $active = empty($_POST['active'][$payment_id]) ? 0 : 1;
         $zone_id = intval($_POST['zone_id'][$payment_id]);
         $zone_id_old = Zones::getZoneIdByPaymentId($payment_id);
         if ($name == self::$arrPayments[$payment_id]['name'] && $fee == self::$arrPayments[$payment_id]['fee'] && $free_from == self::$arrPayments[$payment_id]['free_from'] && $processor_id == self::$arrPayments[$payment_id]['processor_id'] && $active == self::$arrPayments[$payment_id]['active'] && $zone_id == $zone_id_old) {
             continue;
         }
         $changed = true;
         if (!\Text::replace($payment_id, FRONTEND_LANG_ID, 'Shop', self::TEXT_NAME, trim(strip_tags(contrexx_input2raw($name))))) {
             $result = false;
         }
         $query = "\n                UPDATE " . DBPREFIX . "module_shop" . MODULE_INDEX . "_payment\n                   SET processor_id={$processor_id},\n                       fee={$fee},\n                       free_from={$free_from},\n                       active={$active}\n                 WHERE id={$payment_id}";
         if (!$objDatabase->Execute($query)) {
             $result = false;
         }
         if (!$objDatabase->Execute("\n                UPDATE " . DBPREFIX . "module_shop" . MODULE_INDEX . "_rel_payment\n                   SET `zone_id`={$zone_id}\n                 WHERE `payment_id`={$payment_id}")) {
             $result = false;
         }
     }
     if ($changed) {
         return $result;
     }
     return null;
 }
 function saveInputfield($intInputfieldId, $strValue, $langId = 0)
 {
     global $objInit;
     static $strNewDefault = null;
     $strValue = contrexx_input2raw($_POST[$this->moduleNameLC . 'Inputfield'][$intInputfieldId]['file'][$langId]);
     $strName = !empty($_POST[$this->moduleNameLC . 'Inputfield'][$intInputfieldId]['name'][$langId]) ? "," . contrexx_input2raw($_POST[$this->moduleNameLC . 'Inputfield'][$intInputfieldId]['name'][$langId]) : '';
     $deleteMedia = !empty($_POST["deleteMedia"]) && !empty($_POST["deleteMedia"][$intInputfieldId]);
     if ($objInit->mode == 'backend') {
         if ($deleteMedia && $_POST["deleteMedia"][$intInputfieldId][$langId] == 1) {
             $strValue = null;
         }
     } else {
         $inputFiles = !empty($_POST['mediadirInputfieldSource'][$intInputfieldId]) ? $_POST['mediadirInputfieldSource'][$intInputfieldId] : array();
         if ($deleteMedia && $_POST["deleteMedia"][$intInputfieldId][$langId] == 1) {
             //delete file
             $this->deleteFile($strValue);
             $strValue = null;
         } elseif (!empty($inputFiles) && !empty($inputFiles[$langId])) {
             $uploaderId = !empty($_POST['uploaderId']) ? $_POST['uploaderId'] : '';
             $filePath = $this->getUploadedFilePath($uploaderId, $inputFiles[$langId]);
             if ($filePath) {
                 //delete file
                 $this->deleteFile($strValue);
                 $strValue = $this->uploadMedia($filePath);
             } else {
                 $strValue = null;
             }
         } else {
             if (!$strNewDefault && !empty($langId)) {
                 $strNewDefault = $this->saveInputfield($intInputfieldId, '');
             }
             $strValue = $strNewDefault;
         }
     }
     return $strValue . $strName;
 }
Exemplo n.º 28
0
 /**
  * Add and/or update VAT entries
  *
  * Takes the class and rate of the VAT to be added from the $_POST array
  * variable and passes them on to {@link addVat()}.
  * Takes the IDs, classes and rates of the records to be updated from the
  * $_POST array variable and passes them on to {@link updateVat()}.
  * @static
  */
 static function update_vat()
 {
     //DBG::log("update_vat: ".self::$success.", changed: ".self::$changed);
     if (!empty($_POST['vatratenew'])) {
         self::$changed = true;
         self::$success &= Vat::addVat(trim(strip_tags(contrexx_input2raw($_POST['vatclassnew']))), floatval($_POST['vatratenew']));
     }
     //DBG::log("Success: ".self::$success.", changed: ".self::$changed);
     if (!empty($_POST['vatclass'])) {
         $result = Vat::updateVat(contrexx_input2raw($_POST['vatclass']), $_POST['vatrate']);
         if (isset($result)) {
             self::$changed = true;
             self::$success &= $result;
         }
     }
     //DBG::log("end of update_vat: ".self::$success.", changed: ".self::$changed);
 }
 function saveInputfield($intInputfieldId, $strValue, $langId = 0)
 {
     $strValue = contrexx_strip_tags(contrexx_input2raw($strValue));
     return $strValue;
 }
Exemplo n.º 30
0
 /**
  * show thread
  *
  * @param integer $intThreadId
  * @return bool
  */
 function showThread($intThreadId)
 {
     global $objDatabase, $_ARRAYLANG;
     $objFWUser = \FWUser::getFWUserObject();
     $this->_communityLogin();
     $intThreadId = intval($intThreadId);
     if (!empty($_REQUEST['notification_update']) && $_REQUEST['notification_update'] == $_ARRAYLANG['TXT_FORUM_UPDATE_NOTIFICATION']) {
         $this->_updateNotification($intThreadId);
     }
     $intCatId = !empty($_REQUEST['category_id']) ? intval($_REQUEST['category_id']) : '0';
     if ($intCatId == 0) {
         $intCatId = $this->_getCategoryIdFromThread($intThreadId);
     }
     if (empty($intCatId)) {
         \Cx\Core\Csrf\Controller\Csrf::header('Location: index.php?section=Forum');
         die;
     }
     if ($objFWUser->objUser->login()) {
         $this->_objTpl->touchBlock('notificationRow');
     } else {
         $this->_objTpl->hideBlock('notificationRow');
     }
     $intPostId = !empty($_REQUEST['postid']) ? intval($_REQUEST['postid']) : 0;
     $intPostId = $intPostId == 0 && !empty($_REQUEST['post_id']) ? intval($_REQUEST['post_id']) : $intPostId;
     $this->_objTpl->setVariable('FORUM_EDIT_POST_ID', $intPostId);
     $_REQUEST['act'] = !empty($_REQUEST['act']) ? $_REQUEST['act'] : '';
     if ($_REQUEST['act'] == 'delete') {
         if ($this->_checkAuth($intCatId, 'delete')) {
             if ($this->_deletePost($intCatId, $intThreadId, $_REQUEST['postid'])) {
                 $this->_objTpl->setVariable('TXT_FORUM_SUCCESS', '<br />' . $_ARRAYLANG['TXT_FORUM_DELETED_SUCCESSFULLY']);
             } else {
                 $this->_objTpl->setVariable('TXT_FORUM_ERROR', '<br />' . $_ARRAYLANG['TXT_FORUM_DELETE_FAILED']);
             }
         } else {
             $this->_objTpl->setVariable('TXT_FORUM_ERROR', '<br />' . $_ARRAYLANG['TXT_FORUM_NO_ACCESS']);
         }
     }
     $pos = !empty($_REQUEST['pos']) ? intval($_REQUEST['pos']) : 0;
     $this->_objTpl->setVariable(array('FORUM_PAGING_POS' => $pos));
     if (!empty($_REQUEST['preview_new'])) {
         $pos = $this->_getLastPos($intPostId, $intThreadId);
     }
     if (!empty($_REQUEST['postid'])) {
         if ($_REQUEST['act'] == 'quote') {
             $pos = $this->_getLastPos($intPostId, $intThreadId);
         }
         if ($_REQUEST['act'] == 'edit') {
             $pos = $this->_getEditPos($intPostId, $intThreadId);
         }
     }
     if (!empty($_REQUEST['l']) && $_REQUEST['l'] == 1) {
         $pos = $this->_getEditPos($intPostId, $intThreadId);
     }
     $arrPosts = $this->createPostArray($intThreadId, $pos);
     if (!empty($_REQUEST['preview_edit']) && $_REQUEST['post_id'] != 0 && $_REQUEST['act'] != 'quote') {
         $intPostId = intval($intPostId);
         $pos = $this->_getEditPos($intPostId, $intThreadId);
         $arrPosts = $this->createPostArray($intThreadId, $pos);
         $arrPosts[$intPostId]['subject'] = !empty($_REQUEST['subject']) ? contrexx_strip_tags($_REQUEST['subject']) : $_ARRAYLANG['TXT_FORUM_NO_SUBJECT'];
         $arrPosts[$intPostId]['content'] = \Cx\Core\Wysiwyg\Wysiwyg::prepareBBCodeForOutput(contrexx_input2raw($_REQUEST['message']));
     }
     $userId = $objFWUser->objUser->login() ? $objFWUser->objUser->getId() : 0;
     $icon = !empty($_REQUEST['icons']) ? intval($_REQUEST['icons']) : 1;
     if ($_REQUEST['act'] == 'edit') {
         //submit is an edit
         $arrEditedPost = $this->_getPostingData($intPostId);
         $subject = addcslashes(htmlentities($arrEditedPost['subject'], ENT_QUOTES, CONTREXX_CHARSET), '\\');
         $content = $arrEditedPost['content'];
         $keywords = addcslashes(htmlentities($arrEditedPost['keywords'], ENT_QUOTES, CONTREXX_CHARSET), '\\');
         $attachment = $arrEditedPost['attachment'];
         $this->_objTpl->setVariable('FORUM_POST_EDIT_USERID', $arrPosts[$intPostId]['user_id']);
         if (!empty($attachment)) {
             $this->_objTpl->setVariable('TXT_FORUM_DELETE_ATTACHMENT', sprintf($_ARRAYLANG['TXT_FORUM_DELETE_ATTACHMENT'], $attachment));
         }
         $this->_objTpl->touchBlock('updatePost');
         $this->_objTpl->hideBlock('createPost');
         $this->_objTpl->hideBlock('previewNewPost');
         $this->_objTpl->touchBlock('previewEditPost');
     } else {
         //new post
         if ($this->_objTpl->blockExists('delAttachment')) {
             $this->_objTpl->hideBlock('delAttachment');
         }
         $subject = !empty($_REQUEST['subject']) ? contrexx_strip_tags($_REQUEST['subject']) : '';
         $content = !empty($_REQUEST['message']) ? contrexx_input2raw(strip_tags($_REQUEST['message'])) : '';
         $keywords = !empty($_REQUEST['keywords']) ? contrexx_strip_tags($_REQUEST['keywords']) : '';
         $attachment = !empty($_REQUEST['attachment']) ? contrexx_strip_tags($_REQUEST['attachment']) : '';
         $this->_objTpl->touchBlock('createPost');
         $this->_objTpl->hideBlock('updatePost');
         $this->_objTpl->touchBlock('previewNewPost');
         $this->_objTpl->hideBlock('previewEditPost');
     }
     if ($_REQUEST['act'] == 'quote') {
         $quoteContent = $this->_getPostingData($intPostId);
         $subject = 'RE: ' . addcslashes(htmlentities($quoteContent['subject'], ENT_QUOTES, CONTREXX_CHARSET), '\\');
         $content = '[quote=' . $arrPosts[$intPostId]['user_name'] . ']' . strip_tags($quoteContent['content']) . '[/quote]';
     }
     $firstPost = current($arrPosts);
     if ($this->_arrSettings['wysiwyg_editor'] == 1) {
         //IF WYSIWIG enabled..
         $strMessageInputHTML = new \Cx\Core\Wysiwyg\Wysiwyg('message', $content, 'bbcode');
     } else {
         //plain textarea
         $strMessageInputHTML = '<textarea style="width: 400px; height: 150px;" rows="5" cols="10" name="message">' . contrexx_raw2xhtml($content) . '</textarea>';
     }
     $this->_objTpl->setGlobalVariable(array('FORUM_JAVASCRIPT_GOTO' => $this->getJavascript('goto'), 'FORUM_JAVASCRIPT_DELETE' => $this->getJavascript('deletePost'), 'FORUM_JAVASCRIPT_SCROLLTO' => $this->getJavascript('scrollto'), 'FORUM_SCROLLPOS' => !empty($_REQUEST['scrollpos']) ? intval($_REQUEST['scrollpos']) : '0', 'FORUM_JAVASCRIPT_INSERT_TEXT' => $this->getJavascript('insertText', array($intCatId, $intThreadId, $firstPost)), 'FORUM_NAME' => $this->_shortenString($firstPost['subject'], $this->_maxStringlength), 'FORUM_TREE' => $this->_createNavTree($intCatId) . '<a title="' . $this->_arrTranslations[$intCatId][$this->_intLangId]['name'] . '" href="index.php?section=Forum&amp;cmd=board&amp;id=' . $intCatId . '">' . $this->_shortenString($this->_arrTranslations[$intCatId][$this->_intLangId]['name'], $this->_maxStringlength) . '</a> > ', 'FORUM_DROPDOWN' => $this->createForumDD('forum_quickaccess', $intCatId, 'onchange="gotoForum(this);"', ''), 'TXT_FORUM_COMMA_SEPARATED_KEYWORDS' => $_ARRAYLANG['TXT_FORUM_COMMA_SEPARATED_KEYWORDS'], 'TXT_FORUM_KEYWORDS' => $_ARRAYLANG['TXT_FORUM_KEYWORDS'], 'TXT_FORUM_FILE_ATTACHMENT' => $_ARRAYLANG['TXT_FORUM_FILE_ATTACHMENT'], 'TXT_FORUM_RATING' => $_ARRAYLANG['TXT_FORUM_RATING'], 'TXT_FORUM_ADD_POST' => $_ARRAYLANG['TXT_FORUM_ADD_POST'], 'TXT_FORUM_SUBJECT' => $_ARRAYLANG['TXT_FORUM_SUBJECT'], 'TXT_FORUM_MESSAGE' => $_ARRAYLANG['TXT_FORUM_MESSAGE'], 'TXT_FORUM_RESET' => $_ARRAYLANG['TXT_FORUM_RESET'], 'TXT_FORUM_CREATE_POST' => $_ARRAYLANG['TXT_FORUM_CREATE_POST'], 'TXT_FORUM_ICON' => $_ARRAYLANG['TXT_FORUM_ICON'], 'TXT_FORUM_QUOTE' => $_ARRAYLANG['TXT_FORUM_QUOTE'], 'TXT_FORUM_EDIT' => $_ARRAYLANG['TXT_FORUM_EDIT'], 'TXT_FORUM_DELETE' => $_ARRAYLANG['TXT_FORUM_DELETE'], 'TXT_FORUM_PREVIEW' => $_ARRAYLANG['TXT_FORUM_PREVIEW'], 'TXT_FORUM_UPDATE_POST' => $_ARRAYLANG['TXT_FORUM_UPDATE_POST'], 'TXT_FORUM_NOTIFY_NEW_POSTS' => $_ARRAYLANG['TXT_FORUM_NOTIFY_NEW_POSTS'], 'TXT_FORUM_QUICKACCESS' => $_ARRAYLANG['TXT_FORUM_QUICKACCESS'], 'TXT_FORUM_UPDATE_NOTIFICATION' => $_ARRAYLANG['TXT_FORUM_UPDATE_NOTIFICATION'], 'TXT_FORUM_THREAD_ACTION_DESC' => $_ARRAYLANG['TXT_FORUM_THREAD_ACTION_DESC'], 'TXT_FORUM_THREAD_ACTION_MOVE' => $_ARRAYLANG['TXT_FORUM_THREAD_ACTION_MOVE'], 'TXT_FORUM_THREAD_ACTION_CLOSE' => $_ARRAYLANG['TXT_FORUM_THREAD_ACTION_CLOSE_' . $firstPost['is_locked']], 'TXT_FORUM_THREAD_ACTION_STICKY' => $_ARRAYLANG['TXT_FORUM_THREAD_ACTION_STICKY_' . $firstPost['is_sticky']], 'TXT_FORUM_THREAD_ACTION_DELETE' => $_ARRAYLANG['TXT_FORUM_THREAD_ACTION_DELETE'], 'TXT_FORUM_CHOOSE_FILE' => $_ARRAYLANG['TXT_FORUM_CHOOSE_FILE'], 'FORUM_NOTIFICATION_CHECKBOX_CHECKED' => $this->_hasNotification($intThreadId) ? 'checked="checked"' : '', 'FORUM_SUBJECT' => stripslashes($subject), 'FORUM_KEYWORDS' => stripslashes($keywords), 'FORUM_ATTACHMENT_OLDNAME' => $attachment, 'FORUM_MESSAGE_INPUT' => $strMessageInputHTML, 'FORUM_CAPTCHA_CODE' => \Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->getCode(), 'FORUM_THREAD_ID' => $intThreadId, 'FORUM_CATEGORY_ID' => $intCatId, 'FORUM_POSTS_PAGING' => getPaging($this->_postCount, $pos, '&section=Forum&cmd=thread&id=' . $intThreadId, $_ARRAYLANG['TXT_FORUM_OVERVIEW_POSTINGS'], true, $this->_arrSettings['posting_paging'])));
     if ($objFWUser->objUser->login()) {
         $this->_objTpl->hideBlock('captcha');
     } else {
         $this->_objTpl->touchBlock('captcha');
     }
     $this->_setIcons($this->_getIcons());
     if (!$this->_checkAuth($intCatId, 'read')) {
         $this->_objTpl->setVariable('TXT_FORUM_ERROR', '<br />' . $_ARRAYLANG['TXT_FORUM_NO_ACCESS']);
         return false;
     }
     $intCounter = 0;
     foreach ($arrPosts as $postId => $arrValues) {
         $strRating = '<span id="forum_current_rating_' . $postId . '" class="rating_%s">%s</span>';
         if ($arrValues['rating'] == 0) {
             $class = 'none';
         } elseif ($arrValues['rating'] > 0) {
             $class = 'pos';
         } else {
             $class = 'neg';
         }
         $strRating = sprintf($strRating, $class, $arrValues['rating']);
         $strUserProfileLink = $arrValues['user_id'] > 0 ? '<a title="' . $arrValues['user_name'] . '" href="index.php?section=Access&amp;cmd=user&amp;id=' . $arrValues['user_id'] . '">' . $arrValues['user_name'] . '</a>' : $this->_anonymousName;
         $arrAttachment = $this->_getAttachment($arrValues['attachment']);
         $this->_objTpl->setGlobalVariable(array('FORUM_POST_ROWCLASS' => $intCounter++ % 2 + 1));
         $quoteLink = "id=" . $intThreadId . "&act=quote&postid=" . $postId;
         $quoteLinkLoggedIn = "location.href='" . \Cx\Core\Csrf\Controller\Csrf::enhanceURI("index.php?section=Forum") . "&amp;cmd=thread&amp;" . htmlentities($quoteLink) . "';";
         $quoteLinkNotLoggedIn = "location.href='" . \Cx\Core\Csrf\Controller\Csrf::enhanceURI("index.php?section=Login") . "&amp;redirect=" . base64_encode("index.php?section=Forum&cmd=thread&" . $quoteLink) . "';";
         $this->_objTpl->setVariable(array('FORUM_POST_DATE' => $arrValues['time_created'], 'FORUM_POST_LAST_EDITED' => $arrValues['time_edited'] != date(ASCMS_DATE_FORMAT, 0) ? $_ARRAYLANG['TXT_FORUM_LAST_EDITED'] . $arrValues['time_edited'] : '', 'FORUM_USER_ID' => $arrValues['user_id'], 'FORUM_USER_NAME' => $strUserProfileLink, 'FORUM_USER_IMAGE' => !empty($arrValues['user_image']) ? '<img border="0" width="60" height="60" src="' . $arrValues['user_image'] . '" title="' . $arrValues['user_name'] . '\'s avatar" alt="' . $arrValues['user_name'] . '\'s avatar" />' : '', 'FORUM_USER_GROUP' => '', 'FORUM_USER_RANK' => '', 'FORUM_USER_REGISTERED_SINCE' => '', 'FORUM_USER_POSTING_COUNT' => '', 'FORUM_USER_CONTACTS' => '', 'FORUM_POST_NUMBER' => '#' . $arrValues['post_number'], 'FORUM_POST_ICON' => $arrValues['post_icon'], 'FORUM_POST_SUBJECT' => $arrValues['subject'], 'FORUM_POST_MESSAGE' => $arrValues['content'], 'FORUM_POST_RATING' => $strRating, 'FORUM_POST_ATTACHMENT_LINK' => $arrAttachment['webpath'], 'FORUM_POST_ATTACHMENT_FILENAME' => $arrAttachment['name'], 'FORUM_POST_ATTACHMENT_ICON' => $arrAttachment['icon'], 'FORUM_POST_ATTACHMENT_FILESIZE' => $arrAttachment['size'], 'FORUM_QUOTE_ONCLICK' => $this->_checkAuth($intCatId, 'write') ? $quoteLinkLoggedIn : $quoteLinkNotLoggedIn));
         if (!$objFWUser->objUser->login() && !$this->_checkAuth($intCatId, 'write')) {
             $button = '<input type="button" value="' . $_ARRAYLANG['TXT_FORUM_CREATE_POST'] . '" onclick="location.href=\'' . \Cx\Core\Csrf\Controller\Csrf::enhanceURI('index.php?section=Login') . '&redirect=' . base64_encode($_SERVER['REQUEST_URI']) . '\';" />';
             $this->_objTpl->setVariable(array('FORUM_POST_REPLY_REDIRECT' => $button));
         }
         $this->_objTpl->setVariable(array('FORUM_POST_ID' => $postId, 'FORUM_RATING_POST_ID' => $postId));
         if ($firstPost['is_locked'] != 1 && ($this->_checkAuth($intCatId, 'edit') || $objFWUser->objUser->login() && $arrValues['user_id'] == $objFWUser->objUser->getId())) {
             $this->_objTpl->touchBlock('postEdit');
         } else {
             $this->_objTpl->hideBlock('postEdit');
         }
         if ($firstPost['is_locked'] != 1 && ($this->_checkAuth($intCatId, 'write') || !$firstPost['is_locked'])) {
             $this->_objTpl->touchBlock('postQuote');
         } else {
             $this->_objTpl->hideBlock('postQuote');
         }
         if ($this->_checkAuth($intCatId, 'delete') && $arrValues['post_number'] != 1) {
             $this->_objTpl->setVariable(array('FORUM_POST_ID' => $postId));
             $this->_objTpl->touchBlock('postDelete');
         } else {
             $this->_objTpl->hideBlock('postDelete');
         }
         if ($this->_objTpl->blockExists('rating')) {
             if ($objFWUser->objUser->login() && !$this->_hasRated($postId)) {
                 $this->_objTpl->parse('rating');
             } else {
                 $this->_objTpl->hideBlock('rating');
             }
         }
         if ($this->_objTpl->blockExists('attachment')) {
             if (!empty($arrValues['attachment'])) {
                 $this->_objTpl->parse('attachment');
             } else {
                 $this->_objTpl->hideBlock('attachment');
             }
         }
         $this->_objTpl->parse('forumPosts');
     }
     if (!$this->_checkAuth($intCatId, 'write') || $firstPost['is_locked'] == 1) {
         $this->_objTpl->hideBlock('addPost');
         $this->_objTpl->hideBlock('addPostAnchor');
     } else {
         $this->_objTpl->touchBlock('addPostAnchor');
     }
     // initialize the uploader
     $this->initForumUploader();
     //addpost code
     if (!empty($_REQUEST['create']) && $_REQUEST['create'] == $_ARRAYLANG['TXT_FORUM_CREATE_POST']) {
         if (!$this->_checkAuth($intCatId, 'write') && $firstPost['is_locked'] != 1) {
             //auth check
             $this->_objTpl->setVariable('TXT_FORUM_ERROR', '<br />' . $_ARRAYLANG['TXT_FORUM_NO_ACCESS']);
             $this->_objTpl->hideBlock('addPost');
             return false;
         }
         if (!$objFWUser->objUser->login() && !\Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->check()) {
             //captcha check
             return false;
         }
         if (strlen(trim($content)) < $this->_minPostlength) {
             //content check
             $this->_objTpl->setVariable('TXT_FORUM_ERROR', sprintf('<br />' . $_ARRAYLANG['TXT_FORUM_POST_EMPTY'], $this->_minPostlength));
             return false;
         }
         if (false !== ($match = $this->_hasBadWords($content))) {
             $this->_objTpl->setVariable('TXT_FORUM_ERROR', sprintf('<br />' . $_ARRAYLANG['TXT_FORUM_BANNED_WORD'], $match[1]));
             return false;
         }
         $fileInfo = $this->_handleUpload('forum_attachment');
         if ($fileInfo === false) {
             //an error occured, the file wasn't properly transferred. exit function to display error set in _handleUpload()
             return false;
         }
         $lastPostIdQuery = '    SELECT max( id ) as last_post_id
                                 FROM ' . DBPREFIX . 'module_forum_postings
                                 WHERE category_id = ' . $intCatId . '
                                 AND      thread_id = ' . $intThreadId;
         if (($objRSmaxId = $objDatabase->SelectLimit($lastPostIdQuery, 1)) !== false) {
             $intPrevPostId = $objRSmaxId->fields['last_post_id'];
         } else {
             die('Database error: ' . $objDatabase->ErrorMsg());
         }
         $insertQuery = 'INSERT INTO ' . DBPREFIX . 'module_forum_postings (
                         id,             category_id,    thread_id,            prev_post_id,
                         user_id,         time_created,    time_edited,         is_locked,
                         is_sticky,         rating,         views,                 icon,
                         keywords,        subject,        content,             attachment
                     ) VALUES (
                         NULL, ' . $intCatId . ', ' . $intThreadId . ', ' . $intPrevPostId . ',
                         ' . $userId . ', ' . time() . ',         0,                     0,
                         0,                   0,        0, ' . $icon . ",\n                            '{$keywords}' ,'" . $subject . "',    '" . contrexx_raw2db($content) . "', '" . $fileInfo['name'] . "'\n                        )";
         if ($objDatabase->Execute($insertQuery) !== false) {
             $lastInsertId = $objDatabase->Insert_ID();
             $this->updateViewsNewItem($intCatId, $lastInsertId, true);
             $this->_updateNotification($intThreadId);
             $this->_sendNotifications($intThreadId, $subject, $content);
             $pageId = \Cx\Core\Core\Controller\Cx::instanciate()->getPage()->getId();
             $cacheManager = new \Cx\Core_Modules\Cache\Controller\CacheManager();
             $cacheManager->deleteSingleFile($pageId);
         }
         \Cx\Core\Csrf\Controller\Csrf::header('Location: index.php?section=Forum&cmd=thread&id=' . $intThreadId . '&pos=' . $this->_getLastPos($postId, $intThreadId));
         die;
     }
     if (!empty($_REQUEST['preview_new'])) {
         $content = \Cx\Core\Wysiwyg\Wysiwyg::prepareBBCodeForOutput($content);
         if (false !== ($match = $this->_hasBadWords($content))) {
             $this->_objTpl->setVariable('TXT_FORUM_ERROR', sprintf('<br />' . $_ARRAYLANG['TXT_FORUM_BANNED_WORD'], $match[1]));
             return false;
         }
         if (strlen(trim($content)) < $this->_minPostlength) {
             //content check
             $this->_objTpl->setVariable('TXT_FORUM_ERROR', sprintf('<br />' . $_ARRAYLANG['TXT_FORUM_POST_EMPTY'], $this->_minPostlength));
             return false;
         }
         $this->_objTpl->setVariable(array('FORUM_POST_ROWCLASS' => $intCounter++ % 2 + 1, 'FORUM_POST_DATE' => date(ASCMS_DATE_FORMAT, time()), 'FORUM_USER_ID' => $userId, 'FORUM_USER_NAME' => $objFWUser->objUser->login() ? '<a href="index.php?section=Access&amp;cmd=user&amp;id=' . $userId . '" title="' . htmlentities($objFWUser->objUser->getUsername(), ENT_QUOTES, CONTREXX_CHARSET) . '">' . htmlentities($objFWUser->objUser->getUsername(), ENT_QUOTES, CONTREXX_CHARSET) . '</a>' : $this->_anonymousName, 'FORUM_USER_IMAGE' => !empty($arrValues['user_image']) ? '<img border="0" width="60" height="60" src="' . $arrValues['user_image'] . '" title="' . $arrValues['user_name'] . '\'s avatar" alt="' . $arrValues['user_name'] . '\'s avatar" />' : '', 'FORUM_USER_GROUP' => '', 'FORUM_USER_RANK' => '', 'FORUM_USER_REGISTERED_SINCE' => '', 'FORUM_USER_POSTING_COUNT' => '', 'FORUM_USER_CONTACTS' => '', 'FORUM_POST_NUMBER' => '#' . ($this->_postCount + 1), 'FORUM_POST_ICON' => $this->getThreadIcon($icon), 'FORUM_POST_SUBJECT' => stripslashes($subject), 'FORUM_POST_MESSAGE' => $content, 'FORUM_POST_RATING' => '0'));
         $this->_objTpl->touchBlock('createPost');
         $this->_objTpl->hideBlock('updatePost');
         if ($this->_objTpl->blockExists('attachment')) {
             $this->_objTpl->hideBlock('attachment');
         }
         $this->_objTpl->hideBlock('postEdit');
         $this->_objTpl->hideBlock('postQuote');
         $this->_objTpl->touchBlock('previewNewPost');
         $this->_objTpl->hideBlock('previewEditPost');
         $this->_objTpl->parse('forumPosts');
     }
     if (!empty($_REQUEST['update']) && $_REQUEST['update'] == $_ARRAYLANG['TXT_FORUM_UPDATE_POST']) {
         if (strlen(trim($content)) < $this->_minPostlength) {
             //content size check
             $this->_objTpl->setVariable('TXT_FORUM_ERROR', sprintf('<br />' . $_ARRAYLANG['TXT_FORUM_POST_EMPTY'], $this->_minPostlength));
             return false;
         }
         if (!$this->_checkAuth($intCatId, 'edit') && (!$objFWUser->objUser->login() || $arrValues['user_id'] != $objFWUser->objUser->getId())) {
             $this->_objTpl->setVariable('TXT_FORUM_ERROR', '<br />' . $_ARRAYLANG['TXT_FORUM_NO_ACCESS']);
             $this->_objTpl->hideBlock('postEdit');
             return false;
         }
         if (!$objFWUser->objUser->login() && !\Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->check()) {
             $this->_objTpl->touchBlock('updatePost');
             $this->_objTpl->hideBlock('createPost');
             return false;
         }
         if (false !== ($match = $this->_hasBadWords($content))) {
             $this->_objTpl->setVariable('TXT_FORUM_ERROR', sprintf('<br />' . $_ARRAYLANG['TXT_FORUM_BANNED_WORD'], $match[1]));
             return false;
         }
         $fileInfo = $this->_handleUpload('forum_attachment');
         if ($fileInfo === false) {
             //an error occured, the file wasn't properly transferred. exit function to display error set in _handleUpload()
             return false;
         }
         if (empty($_POST['forum_delete_attachment']) && empty($fileInfo['name']) && !empty($_REQUEST['forum_attachment_oldname'])) {
             $fileInfo['name'] = contrexx_addslashes($_REQUEST['forum_attachment_oldname']);
         } elseif (!empty($_POST['forum_delete_attachment']) && $_POST['forum_delete_attachment'] == 1 || !empty($_REQUEST['forum_attachment_oldname']) && $fileInfo['name'] != $_REQUEST['forum_attachment_oldname']) {
             unlink(\Cx\Core\Core\Controller\Cx::instanciate()->getWebsiteMediaForumUploadPath() . '/' . str_replace(array('./', '.\\'), '', $_REQUEST['forum_attachment_oldname']));
         }
         $updateQuery = 'UPDATE ' . DBPREFIX . 'module_forum_postings SET
                         time_edited = ' . mktime() . ',
                         icon = ' . $icon . ',
                         subject = \'' . $subject . '\',
                         keywords = \'' . $keywords . '\',
                         content = \'' . contrexx_raw2db($content) . '\',
                         attachment = \'' . $fileInfo['name'] . '\'
                         WHERE id = ' . $intPostId;
         if ($objDatabase->Execute($updateQuery) !== false) {
             $this->updateViews($intThreadId, $intPostId);
             $pageId = \Cx\Core\Core\Controller\Cx::instanciate()->getPage()->getId();
             $cacheManager = new \Cx\Core_Modules\Cache\Controller\CacheManager();
             $cacheManager->deleteSingleFile($pageId);
         }
         \Cx\Core\Csrf\Controller\Csrf::header('Location: index.php?section=Forum&cmd=thread&id=' . $intThreadId . '&pos=' . $this->_getLastPos($postId, $intThreadId));
         die;
     }
     if (!empty($_REQUEST['preview_edit'])) {
         $this->_objTpl->touchBlock('updatePost');
         $this->_objTpl->hideBlock('createPost');
         $this->_objTpl->hideBlock('previewNewPost');
         $this->_objTpl->touchBlock('previewEditPost');
     }
     $hasAccess = false;
     foreach (array('STICKY', 'MOVE', 'CLOSE', 'DELETE') as $action) {
         if (!$this->_checkAuth($intCatId, strtolower($action))) {
             $this->_objTpl->setVariable('FORUM_THREAD_ACTIONS_DISABLED_' . $action, 'disabled="disabled"');
         } else {
             $hasAccess = true;
         }
     }
     if ($this->_objTpl->blockExists('threadActionsSelect')) {
         if ($userId < 1 || !$hasAccess) {
             $this->_objTpl->hideBlock('threadActionsSelect');
         } else {
             $this->_objTpl->touchBlock('threadActionsSelect');
         }
     }
     if (!empty($_REQUEST['action']) && $_REQUEST['action'] == 'move' && !empty($_REQUEST['id'])) {
         $thread = intval($_REQUEST['id']);
         $newCat = intval($_REQUEST['moveToThread']);
         $oldCat = $this->_getCategoryIdFromThread($thread);
         $query = "UPDATE `" . DBPREFIX . "module_forum_postings` SET `category_id` = {$newCat} WHERE `thread_id` = " . $thread;
         if ($objDatabase->Execute($query)) {
             $intMovedPosts = $objDatabase->Affected_Rows();
             $query = "SELECT max( `id` ) as `lastid` FROM `" . DBPREFIX . "module_forum_postings` WHERE `thread_id` = {$thread}";
             $objRS = $objDatabase->SelectLimit($query, 1);
             $intMovedPostLastId = $objRS->fields['lastid'];
             $query = "SELECT max( `id` ) as `lastid` FROM `" . DBPREFIX . "module_forum_postings` WHERE `category_id` = {$oldCat}";
             $objRS = $objDatabase->SelectLimit($query, 1);
             $query = "UPDATE `" . DBPREFIX . "module_forum_statistics` SET `thread_count` = `thread_count` - 1, `post_count` = `post_count` - {$intMovedPosts}, `last_post_id` = " . (intval($objRS->fields['lastid']) > 0 ? intval($objRS->fields['lastid']) : 0) . " WHERE `category_id` = {$oldCat}";
             $objDatabase->Execute($query);
             $query = "SELECT `id` FROM `" . DBPREFIX . "module_forum_postings` WHERE `category_id` = {$newCat} GROUP BY `time_created` DESC";
             $objRS = $objDatabase->Execute($query);
             $query = "UPDATE `" . DBPREFIX . "module_forum_statistics` SET `thread_count` = `thread_count` + 1, `post_count` = `post_count` + {$intMovedPosts}, `last_post_id` = " . $objRS->fields['id'] . " WHERE `category_id` = {$newCat}";
             $objDatabase->Execute($query);
             $this->_objTpl->hideBlock('moveForm');
             $this->_objTpl->setVariable(array('TXT_THREAD_ACTION_' . ($success ? 'SUCCESS' : 'ERROR') => $_ARRAYLANG['TXT_FORUM_THREAD_ACTION_MOVE' . (!$success ? 'UN' : '') . 'SUCCESSFUL'], 'FORUM_CATEGORY_ID' => $intCatId, 'FORUM_THREAD_ID' => $intThreadId));
             \Cx\Core\Csrf\Controller\Csrf::header('Location: index.php?section=Forum&cmd=thread&id=' . $thread);
         }
     }
     if (!empty($_GET['a'])) {
         $this->_objTpl->setVariable(array('TXT_FORUM_' . ($_GET['r'] == 1 ? 'SUCCESS' : 'ERROR') => '<br />' . $_ARRAYLANG['TXT_FORUM_THREAD_ACTION_' . strtoupper($_GET['a']) . '_' . (!$_GET['r'] ? 'UN' : '') . 'SUCCESSFUL' . $_GET['s']]));
     }
     $success = false;
     if (!empty($_REQUEST['thread_actions'])) {
         $action = contrexx_addslashes($_REQUEST['thread_actions']);
         if ($this->_checkAuth($intCatId, $action)) {
             switch ($action) {
                 case 'move':
                     $arrForums = $this->createForumArray($this->_intLangId);
                     foreach ($arrForums as $intCatID => $arrThread) {
                         $strOptions .= '<option value="' . $intCatID . '" ' . ($arrThread['level'] == 0 ? 'disabled="disabled"' : '') . '>' . str_repeat('&nbsp;', $arrThread['level'] * 2) . $arrThread['name'] . '</option>';
                     }
                     $this->_objTpl->setVariable(array('FORUM_THREADS' => $strOptions));
                     $success = true;
                     $suffix = '';
                     \Env::get('cx')->getPage()->setTitle($_ARRAYLANG['TXT_FORUM_THREAD_ACTION_MOVE']);
                     break;
                 case 'close':
                     $query = "UPDATE `" . DBPREFIX . "module_forum_postings` SET `is_locked` = IF(`is_locked` = '0' OR `is_locked` = '', '1', '0') WHERE thread_id = " . intval($_REQUEST['id']);
                     if ($objDatabase->Execute($query) !== false) {
                         $success = true;
                     }
                     $suffix = '_' . $firstPost['is_locked'];
                     break;
                 case 'sticky':
                     $query = "UPDATE `" . DBPREFIX . "module_forum_postings` SET `is_sticky` = IF(`is_sticky` = '0' OR `is_sticky` = '', '1', '0') WHERE thread_id = " . intval($_REQUEST['id']);
                     if ($objDatabase->Execute($query) !== false) {
                         $success = true;
                     }
                     $suffix = '_' . $firstPost['is_sticky'];
                     break;
                 default:
                     break;
             }
             if ($action != 'move') {
                 \Cx\Core\Csrf\Controller\Csrf::header('Location: index.php?section=Forum&cmd=thread&id=' . $intThreadId . '&a=' . $action . '&r=' . $success . '&s=' . $suffix);
             }
         } else {
             $this->_objTpl->setVariable('TXT_THREAD_ACTION_ERROR', $_ARRAYLANG['TXT_FORUM_NO_ACCESS']);
         }
         $this->_objTpl->parse('threadActions');
         $this->_objTpl->touchBlock('threadActions');
         $this->_objTpl->hideBlock('threadDisplay');
     } else {
         $this->updateViews($intThreadId, $intPostId);
         $this->_objTpl->hideBlock('threadActions');
     }
     return true;
 }