Exemplo n.º 1
0
    // =============================
    $query_sections = $backend->db()->query('SELECT `module` FROM `' . CAT_TABLE_PREFIX . 'sections` WHERE `page_id`= ' . $page_id . ' AND `section_id` = ' . $update_section_id);
    if ($query_sections->numRows() == 1) {
        if ($section = $query_sections->fetchRow(MYSQL_ASSOC)) {
            if (!is_numeric(array_search($section['module'], $module_permissions))) {
                $sql = $block != '' ? '`block` = ' . $backend->add_slashes($block) . ', ' : '';
                $sql .= $name != '' ? '`name` = "' . mysql_real_escape_string($name) . '", ' : '';
                $date_from = $day_from * $month_from * $year_from > 0 ? mktime($hour_from, $minute_from, 0, $month_from, $day_from, $year_from) : 0;
                $date_to = $day_to * $month_to * $year_to > 0 ? mktime($hour_to, $minute_to, 0, $month_to, $day_to, $year_to) : 0;
                if ($date_from > $date_to) {
                    $backend->print_error($backend->lang->translate('Please check your entries for dates'), CAT_ADMIN_URL . '/pages/modify.php?page_id=' . $page_id);
                }
                $sql .= '`publ_start` = ' . $date_from . ', ';
                $sql .= '`publ_end` = ' . $date_to . ', ';
                $sql .= '`modified_when` = "' . time() . '", ';
                $sql .= '`modified_by` = ' . CAT_Users::get_user_id();
                $backend->db()->query('UPDATE ' . CAT_TABLE_PREFIX . 'sections SET ' . $sql . ' WHERE `page_id`= ' . $page_id . ' AND section_id = ' . $update_section_id . ' LIMIT 1');
            }
        } else {
            $backend->print_error('You do not have permissions to modify this page', CAT_ADMIN_URL . '/pages/modify.php?page_id=' . $page_id);
        }
    } else {
        $backend->print_error('Section not found', CAT_ADMIN_URL . '/pages/modify.php?page_id=' . $page_id);
    }
}
// ============================================
// ! Check for error or print success message
// ============================================
if ($backend->db()->isError()) {
    $backend->print_error($backend->db()->getError(), CAT_ADMIN_URL . '/pages/modify.php?page_id=' . $page_id);
} else {
Exemplo n.º 2
0
/**
 * edit a droplet
 **/
function edit_droplet($id)
{
    global $parser, $val, $backend;
    $groups = CAT_Users::get_groups_id();
    if ($id == 'new' && !CAT_Helper_Droplet::is_allowed('add_droplets', $groups)) {
        $backend->print_error($backend->lang()->translate("You don't have the permission to do this"));
    } else {
        if (!CAT_Helper_Droplet::is_allowed('modify_droplets', $groups)) {
            $backend->print_error($backend->lang()->translate("You don't have the permission to do this"));
        }
    }
    $problem = NULL;
    $info = NULL;
    $details = NULL;
    $problems = array();
    if ($val->get('_REQUEST', 'cancel')) {
        return list_droplets();
    }
    if ($id != 'new') {
        $data = CAT_Helper_Droplet::getDroplet($id);
    } else {
        $data = array('name' => '', 'active' => 1, 'description' => '', 'code' => '', 'comments' => '');
    }
    if ($val->get('_REQUEST', 'save') || $val->get('_REQUEST', 'save_and_back')) {
        // check the code before saving
        if (($result = CAT_Helper_Droplet::check_syntax($val->get('_POST', 'code'))) !== true) {
            $problem = $backend->lang()->translate('Please check the syntax!');
            foreach ($result as $error => $line) {
                $details .= "<br />{$error} (" . $backend->lang()->translate('Line') . ": {$line})";
            }
            $data = $_POST;
            $data['code'] = htmlspecialchars($data['code']);
        } else {
            // syntax okay, check fields and save
            if ($val->sanitizePost('name') == '') {
                $problems[] = $backend->lang()->translate('Please enter a name!');
            }
            if ($val->sanitizePost('code') == '') {
                $problems[] = $backend->lang()->translate('You have entered no code!');
            }
            if (!count($problems)) {
                $continue = true;
                $title = $val->sanitizePost('name', NULL, true);
                $active = $val->sanitizePost('active');
                $show_wysiwyg = $val->sanitizePost('show_wysiwyg');
                $description = $val->sanitizePost('description', NULL, true);
                $tags = array('<?php', '?>', '<?');
                $content = str_replace($tags, '', $val->sanitizePost('code'));
                $comments = $val->sanitizePost('comments', NULL, true);
                $modified_when = time();
                $modified_by = CAT_Users::get_user_id();
                if ($id == 'new') {
                    // check for doubles
                    $found = CAT_Helper_Droplet::getDropletByName($title);
                    if ($found) {
                        $problem = $backend->lang()->translate('There is already a droplet with the same name!');
                        $continue = false;
                        $data = $_POST;
                        $data['code'] = stripslashes($_POST['code']);
                    } else {
                        $new_id = CAT_Helper_Droplet::insertDroplet(array('name' => $title, 'code' => $content, 'description' => $description, 'time' => $modified_when, 'userid' => $modified_by, 'active' => $active, 'comment' => $comments, 'wysiwyg' => $show_wysiwyg));
                        if (!$new_id) {
                            echo "ERROR: ", $backend->db()->getError();
                        }
                    }
                } else {
                    CAT_Helper_Droplet::updateDroplet($id, array('name' => $title, 'code' => $content, 'description' => $description, 'time' => $modified_when, 'userid' => $modified_by, 'active' => $active, 'comment' => $comments, 'wysiwyg' => $show_wysiwyg));
                    $data = CAT_Helper_Droplet::getDroplet($id);
                    // reload
                }
                if ($continue) {
                    // Check if there is a db error
                    if ($backend->db()->isError()) {
                        $problem = $backend->db()->getError();
                    } else {
                        if ($id == 'new' || $val->get('_REQUEST', 'save_and_back')) {
                            list_droplets($backend->lang()->translate('The Droplet was saved'));
                            return;
                            // should never be reached
                        } else {
                            $info = $backend->lang()->translate('The Droplet was saved');
                        }
                    }
                }
            } else {
                $problem = implode("<br />", $problems);
            }
        }
    }
    defined("ENT_HTML401") or define("ENT_HTML401", 0);
    defined("ENT_COMPAT") or define("ENT_COMPAT", 2);
    $data['code'] = htmlspecialchars($data['code'], ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
    $parser->output('edit.tpl', array('problem' => $problem, 'details' => $details, 'info' => $info, 'data' => $data, 'id' => $id, 'name' => $data['name']));
}
Exemplo n.º 3
0
 /**
  * Install a Droplet from a ZIP file (the ZIP may contain more than one
  * Droplet)
  *
  * @access public
  * @param  string  $temp_file - name of the ZIP file
  * @return array   see droplets_import() method
  *
  **/
 public static function installDroplet($temp_file)
 {
     $self = self::getInstance();
     $temp_unzip = CAT_PATH . '/temp/droplets_unzip/';
     CAT_Helper_Directory::createDirectory($temp_unzip);
     $errors = array();
     $imports = array();
     $count = 0;
     // extract file
     $list = CAT_Helper_Zip::getInstance($temp_file)->config('Path', $temp_unzip)->extract();
     // get .php files
     $files = CAT_Helper_Directory::getPHPFiles($temp_unzip, $temp_unzip . '/');
     // now, open all *.php files and search for the header;
     // an exported droplet starts with "//:"
     foreach ($files as $file) {
         if (pathinfo($file, PATHINFO_FILENAME) !== 'index' && pathinfo($file, PATHINFO_EXTENSION) == 'php') {
             $description = NULL;
             $usage = NULL;
             $code = NULL;
             // Name of the Droplet = Filename
             $name = pathinfo($file, PATHINFO_FILENAME);
             // Slurp file contents
             $lines = file($temp_unzip . '/' . $file);
             // First line: Description
             if (preg_match('#^//\\:(.*)$#', $lines[0], $match)) {
                 $description = addslashes($match[1]);
                 array_shift($lines);
             }
             // Second line: Usage instructions
             if (preg_match('#^//\\:(.*)$#', $lines[0], $match)) {
                 $usage = addslashes($match[1]);
                 array_shift($lines);
             }
             // there may be more comment lines; they will be added to the usage instructions
             while (preg_match('#^//(.*)$#', $lines[0], $match)) {
                 $usage .= addslashes(trim($match[1]));
                 array_shift($lines);
             }
             if (!$description && !$usage) {
                 // invalid file
                 $errors[$file] = CAT_Helper_Directory::getInstance()->lang()->translate('No valid Droplet file (missing description and/or usage instructions)');
                 continue;
             }
             // Remaining: Droplet code
             $code = implode('', $lines);
             // replace 'evil' chars in code
             $tags = array('<?php', '?>', '<?');
             //$code = addslashes(str_replace($tags, '', $code));
             $code = str_replace($tags, '', $code);
             // Already in the DB?
             $stmt = 'INSERT';
             $id = NULL;
             $found = $self->db()->query("SELECT * FROM `:prefix:mod_droplets` WHERE name=:name", array('name' => $name));
             if ($found->rowCount()) {
                 $stmt = 'REPLACE';
                 $id = $found->fetchColumn();
             }
             // execute
             $q = "{$stmt} INTO `:prefix:mod_droplets` SET " . ($id ? 'id=' . $id . ', ' : '') . '`name`=:name, `code`=:code, `description`=:desc, ' . '`modified_when`=:when, `modified_by`=:userid, ' . '`active`=:active, `comments`=:usage';
             $params = array('name' => $name, 'code' => $code, 'desc' => $description, 'when' => time(), 'userid' => CAT_Users::get_user_id(), 'active' => 1, 'usage' => $usage);
             $result = $self->db()->query($q, $params);
             if (!$self->db()->isError()) {
                 $count++;
                 $imports[$name] = 1;
             } else {
                 $errors[$name] = $self->db()->getError();
             }
         }
         // check for data directory
         if (file_exists($temp_unzip . '/data')) {
             // copy all files
             CAT_Helper_Directory::copyRecursive($temp_unzip . '/data', dirname(__FILE__) . '/data/');
         }
     }
     // cleanup; ignore errors here
     CAT_Helper_Directory::removeDirectory($temp_unzip);
     return array('count' => $count, 'errors' => $errors, 'imported' => $imports);
 }
Exemplo n.º 4
0
 /**
  * Check whether a page is visible or not
  * This will check page-visibility, user- and group permissions
  *
  * @access public
  * @param  integer  $page_id
  * @return boolean
  **/
 public static function isVisible($page_id)
 {
     $show_it = false;
     $page = self::properties($page_id);
     switch ($page['visibility']) {
         // never shown in FE
         case 'none':
         case 'deleted':
             $show_it = false;
             break;
             // shown if called, but not in menu
         // shown if called, but not in menu
         case 'hidden':
             if (self::selectPage() == $page_id) {
                 $show_it = true;
             }
             break;
             // always visible
         // always visible
         case 'public':
             $show_it = true;
             break;
             // shown if user is allowed
         // shown if user is allowed
         case 'private':
         case 'registered':
             if (CAT_Users::is_authenticated() == true) {
                 // check language
                 if (CAT_Registry::get('PAGE_LANGUAGES') == 'false' || (self::properties($page_id, 'language') == '' || self::properties($page_id, 'language') == LANGUAGE)) {
                     $show_it = CAT_Users::is_group_match(CAT_Users::get_groups_id(), $page['viewing_groups']) || CAT_Users::is_group_match(CAT_Users::get_user_id(), $page['viewing_users']) || CAT_Users::is_root();
                 }
             } else {
                 $show_it = false;
             }
             break;
     }
     return $show_it;
 }
Exemplo n.º 5
0
 /**
  *
  * @access public
  * @return
  **/
 public static function updateWhenModified()
 {
     global $update_when_modified, $page_id, $section_id;
     // if changes were made, the var might be set
     if (isset($update_when_modified) && $update_when_modified == true) {
         self::getInstance()->db()->query("UPDATE `:prefix:pages` SET modified_when=:mod, modified_by=:by WHERE page_id=:id", array('mod' => time(), 'by' => CAT_Users::get_user_id(), 'id' => $page_id));
         if ($section_id) {
             self::getInstance()->db()->query("UPDATE `:prefix:sections` SET modified_when=:mod, modified_by=:by WHERE section_id=:id", array('mod' => time(), 'by' => CAT_Users::get_user_id(), 'id' => $section_id));
         }
     }
 }
Exemplo n.º 6
0
 public function get_user_id()
 {
     return CAT_Users::get_user_id();
 }