Exemplo n.º 1
0
 function makeActions()
 {
     global $site;
     global $parametersMod;
     require_once BASE_DIR . MODULE_DIR . 'administrator/email_queue/module.php';
     if (isset($_REQUEST['cm_group']) && isset($_REQUEST['cm_name'])) {
         $menuModule = Db::getMenuModModule(null, $_REQUEST['cm_group'], $_REQUEST['cm_name']);
         if ($menuModule) {
             eval(' $new_module = new \\Modules\\standard\\content_management\\Widgets\\' . $menuModule['g_name'] . '\\' . $menuModule['m_name'] . '\\Module(); ');
             $new_module->makeActions();
         }
     }
     if (isset($_POST['id'])) {
         $road = $site->getZone($site->currentZone)->getRoadToElement($_POST['id']);
         $urlVars = array();
         foreach ($road as $key => $value) {
             $urlVars[] = $value->getUrl();
         }
         echo 'window.location.href = \'' . $site->generateUrl(null, $site->currentZone, $urlVars) . '\';';
     }
     if (isset($_POST['action']) && $_POST['action'] == 'sitemap_list') {
         $list = $this->getSitemapInList();
         echo $list;
     }
     \Db::disconnect();
     exit;
 }
 public function setup()
 {
     global $baseParams;
     $db = new Db($baseParams['__YKVAL_DB_DSN__'], 'root', 'lab', $baseParams['__YKVAL_DB_OPTIONS__']);
     $db->connect();
     # $db->truncateTable('queue');
     $db->disconnect();
 }
Exemplo n.º 3
0
 function __construct()
 {
     session_name(SESSION_NAME);
     session_start();
     if (sizeof($_POST) > 0 || sizeof($_GET) > 0) {
         //CSRF atack check
         if ((!isset($_REQUEST['security_token']) || $this->securityToken() != $_REQUEST['security_token']) && (!isset($_REQUEST['action']) || $_REQUEST['action'] != "login" || isset($_REQUEST['module_id']))) {
             global $cms;
             echo '
     <script type="text/javascript">document.location=\'admin.php\'</script>
     ';
             /*        trigger_error("Possible CSRF atack.\n Referer:".(isset($_SERVER['HTTP_REFERER'])?"No":$_SERVER["http_referer"])."\n Destination:".$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]);*/
             \Db::disconnect();
             exit;
         }
     }
 }
Exemplo n.º 4
0
 function makeActions()
 {
     if (isset($_REQUEST['action'])) {
         switch ($_REQUEST['action']) {
             case 'getSystemInfo':
                 $module = new Module();
                 $systemInfo = $module->getSystemInfo();
                 if (isset($_REQUEST['afterLogin'])) {
                     // request after login.
                     if ($systemInfo == '') {
                         $_SESSION['modules']['administrator']['system']['show_system_message'] = false;
                         //don't display system alert at the top.
                         return;
                     } else {
                         $md5 = \DbSystem::getSystemVariable('last_system_message_shown');
                         if ($systemInfo && (!$md5 || $md5 != md5($systemInfo))) {
                             //we have a new message
                             $newMessage = false;
                             foreach (json_decode($systemInfo) as $infoKey => $infoValue) {
                                 if ($infoValue->type != 'status') {
                                     $newMessage = true;
                                 }
                             }
                             $_SESSION['modules']['administrator']['system']['show_system_message'] = $newMessage;
                             //display system alert
                         } else {
                             //this message was already seen.
                             $_SESSION['modules']['administrator']['system']['show_system_message'] = false;
                             //don't display system alert at the top.
                             return;
                         }
                     }
                 } else {
                     //administrator/system tab.
                     \DbSystem::setSystemVariable('last_system_message_shown', md5($systemInfo));
                     $_SESSION['modules']['administrator']['system']['show_system_message'] = false;
                     //don't display system alert at the top.
                 }
                 echo $systemInfo;
                 break;
         }
     }
     \Db::disconnect();
     exit;
 }
Exemplo n.º 5
0
 private function makeRedirect()
 {
     $curEl = $this->getCurrentElement();
     if ($curEl) {
         //if page exist.
         switch ($curEl->getType()) {
             case 'subpage':
             case 'redirect':
                 $currentUrl = $this->getCurrentUrl();
                 if (isset($_SESSION['frontend']['redirects'][$currentUrl])) {
                     unset($_SESSION['frontend']['redirects']);
                     return;
                     //infinite redirect loop. Stop redirecting;
                 } else {
                     if (!isset($_GET['cms_action']) || $_GET['cms_action'] != 'manage_content') {
                         $_SESSION['frontend']['redirects'][$currentUrl] = 1;
                         //to detect infinite loop
                         header('HTTP/1.1 301 Moved Permanently');
                         header('Location: ' . $curEl->getLink());
                         \Db::disconnect();
                         exit;
                     }
                 }
                 break;
         }
     }
     unset($_SESSION['frontend']['redirects']);
 }
Exemplo n.º 6
0
 public static function makeActions($zoneName)
 {
     global $site;
     global $parametersMod;
     global $log;
     $newsletterZone = $site->getZoneByModule('community', 'newsletter');
     if (!$newsletterZone) {
         return;
     }
     if (isset($_REQUEST['action'])) {
         switch ($_REQUEST['action']) {
             case 'subscribe':
                 if (isset($_REQUEST['email']) && Db::subscribed($_REQUEST['email'], $site->currentLanguage['id'])) {
                     $status = 'subscribed';
                     $url = $site->generateUrl(null, $zoneName, array("subscribed"));
                 } elseif (!preg_match('#^[a-z0-9.!\\#$%&\'*+-/=?^_`{|}~]+@([0-9.]+|([^\\s]+\\.+[a-z]{2,6}))$#si', $_REQUEST['email'])) {
                     $status = 'incorrect_email';
                     $url = $site->generateUrl(null, $zoneName, array("incorrect_email"));
                 } else {
                     $site->requireTemplate('community/newsletter/template.php');
                     if ($_REQUEST['email'] && !Db::registeredAndNotActivated($_REQUEST['email'], $site->currentLanguage['id'])) {
                         Db::subscribe($_REQUEST['email'], $site->currentLanguage['id']);
                     }
                     $subscriber = Db::getSubscriberByEmail($_REQUEST['email'], $site->currentLanguage['id']);
                     $emailQueue = new \Modules\administrator\email_queue\Module();
                     $link = $site->generateUrl(null, $newsletterZone->getName(), array(), array("action" => "conf", "id" => $subscriber['id'], "code" => $subscriber['verification_code']));
                     $emailHtml = Template::subscribeConfirmation($link);
                     $emailQueue->addEmail($parametersMod->getValue('standard', 'configuration', 'main_parameters', 'email'), $parametersMod->getValue('standard', 'configuration', 'main_parameters', 'name'), $_REQUEST['email'], '', $parametersMod->getValue('community', 'newsletter', 'subscription_translations', 'subject_confirmation'), $emailHtml, true, true, null);
                     $emailQueue->send();
                     $status = 'email_confirmation';
                     $url = $site->generateUrl(null, $zoneName, array("email_confirmation"));
                 }
                 echo '
         {
         "status":"' . $status . '",
         "url":"' . $url . '"
         }';
                 $log->log('community/newsletter', 'Start subscribtion', $_REQUEST['email']);
                 \Db::disconnect();
                 exit;
                 break;
             case 'unsubscribe':
                 //unsubscribe through website
                 if ($parametersMod->getValue('community', 'newsletter', 'options', 'show_unsubscribe_button')) {
                     //if unsubscribe through webpage is allowed
                     Db::unsubscribe($_REQUEST['email'], $site->currentLanguage['id']);
                     echo '
           {
           "status":"email_confirmation",
           "url":"' . $site->generateUrl(null, $zoneName, array("unsubscribed")) . '"
           }';
                     $log->log('community/newsletter', 'Unsubscribe (website form)', $_REQUEST['email']);
                     \Db::disconnect();
                     exit;
                 }
                 break;
             case 'cancel':
                 //unsubscribe through e-mail link
                 if (isset($_REQUEST['id']) && isset($_REQUEST['code'])) {
                     $record = DB::getSubscriber($_REQUEST['id']);
                     $log->log('community/newsletter', 'Unsubscribe (e-mail link)', $record['email']);
                     Db::unsubscribe($_REQUEST['email'], $site->currentLanguage['id'], $_REQUEST['id'], $_REQUEST['code']);
                     header('location: ' . $site->generateUrl(null, $newsletterZone->getName(), array("unsubscribed"), array()));
                     \Db::disconnect();
                     exit;
                 }
                 break;
             case 'conf':
                 if (isset($_GET['id']) && isset($_GET['code'])) {
                     if (Db::confirm($_GET['id'], $_GET['code'], $site->currentLanguage['id'])) {
                         header('location: ' . $site->generateUrl(null, $newsletterZone->getName(), array("subscribed"), array()));
                         $record = DB::getSubscriber($_GET['id']);
                         $log->log('community/newsletter', 'Confirm subscribtion', $record['email']);
                     } else {
                         header('location: ' . $site->generateUrl(null, $newsletterZone->getName(), array("error_confirmation"), array()));
                         $log->log('community/newsletter', 'Incorrect confirmation link', $_GET['id'] . ' ' . $_GET['code']);
                     }
                 }
                 break;
             case 'get_link':
                 if (isset($_REQUEST['page'])) {
                     switch ($_REQUEST['page']) {
                         case 'error_confirmation':
                             echo $site->generateUrl(null, $zoneName, array("error_confirmation"));
                             break;
                         case 'email_confirmation':
                             echo $site->generateUrl(null, $zoneName, array("email_confirmation"));
                             break;
                         case 'subscribed':
                             echo $site->generateUrl(null, $zoneName, array("subscribed"));
                             break;
                         case 'incorrect_email':
                             echo $site->generateUrl(null, $zoneName, array("incorrect_email"));
                             break;
                         case 'unsubscribed':
                             echo $site->generateUrl(null, $zoneName, array("unsubscribed"));
                             break;
                     }
                 }
                 \Db::disconnect();
                 exit;
                 break;
         }
     }
 }
Exemplo n.º 7
0
    switch ($_REQUEST['action']) {
        case 'delete':
            $db->deleteNote($activeNoteId);
            $newId = $db->getMaxId();
            setcookie("ACTIVE_NOTE_ID", $newId);
            $activeNoteId = $newId;
            break;
        case 'update':
            $db->updateNote($_COOKIE['ACTIVE_NOTE_ID'], $_REQUEST['content']);
            break;
        case 'new':
            $db->createNote("New note.");
            $newId = $db->getMaxId();
            setcookie("ACTIVE_NOTE_ID", $newId);
            $activeNoteId = $newId;
            break;
        case 'navigate':
            setcookie("ACTIVE_NOTE_ID", $_REQUEST['id']);
            $activeNoteId = $_REQUEST['id'];
            break;
    }
}
// create Smarty template
$template = new Smarty();
// pass the variables to the corresponding template and display it
$template->assign("ACTIVE_NOTE_ID", $activeNoteId);
$template->assign("notes", $db->getNotes());
$template->display('index.tpl');
//disconnect
$db->disconnect();
Exemplo n.º 8
0
 public function __destruct()
 {
     Db::disconnect();
 }
Exemplo n.º 9
0
 function ajax_action()
 {
     global $parametersMod;
     global $cms;
     if (isset($_POST['action'])) {
         switch ($_POST['action']) {
             case 'new_row_number':
                 $sql = "update `" . DB_PREF . $this->current_area->db_table . "` set `" . mysql_real_escape_string($this->current_area->sort_field) . "` = '" . mysql_real_escape_string($_POST['new_row_number']) . "'\n\t\t\t\twhere `" . $this->current_area->db_key . "` = '" . mysql_real_escape_string($_POST['key_id']) . "'";
                 $rs = mysql_query($sql);
                 if (!$rs) {
                     trigger_error($sql . " " . mysql_error());
                 }
                 \Db::disconnect();
                 exit;
                 break;
             case 'row_number_increase':
                 $sql_current = "select `" . $this->current_area->db_key . "`, `" . mysql_real_escape_string($this->current_area->sort_field) . "` from `" . DB_PREF . $this->current_area->db_table . "` where `" . $this->current_area->db_key . "` = '" . mysql_real_escape_string($_POST['key_id']) . "'";
                 $rs_current = mysql_query($sql_current);
                 if ($rs_current) {
                     if ($lock_current = mysql_fetch_assoc($rs_current)) {
                         //current record (need to be moved up)
                         /*searching upper record*/
                         if ($this->level > 0) {
                             $sql_add = " and " . $this->current_area->get_db_reference() . " = '" . mysql_real_escape_string($this->up_area->get_parent_id()) . "' ";
                         } else {
                             $sql_add = '';
                         }
                         $sql_upper = "select `" . $this->current_area->db_key . "`, `" . mysql_real_escape_string($this->current_area->sort_field) . "`\n\t\t\t\t\t\tfrom `" . DB_PREF . $this->current_area->db_table . "` \n\t\t\t\t\t\twhere `" . mysql_real_escape_string($this->current_area->sort_field) . "` >= '" . mysql_real_escape_string($lock_current[$this->current_area->sort_field]) . "' \n\t\t\t\t\t\tand `" . $this->current_area->db_key . "` <> '" . mysql_real_escape_string($lock_current[$this->current_area->db_key]) . "' " . $sql_add . "\n\t\t\t\t\t\torder by `" . mysql_real_escape_string($this->current_area->sort_field) . "` asc limit 1";
                         $rs_upper = mysql_query($sql_upper);
                         if ($rs_upper) {
                             if ($lock_upper = mysql_fetch_assoc($rs_upper)) {
                                 //upper record (need to be moved down)
                                 if ($lock_upper[$this->current_area->sort_field] == $lock_current[$this->current_area->sort_field]) {
                                     $sql_update = "update `" . DB_PREF . $this->current_area->db_table . "`\n\t\t\t\t\t\t\t\t\tset `" . mysql_real_escape_string($this->current_area->sort_field) . "` = `" . mysql_real_escape_string($this->current_area->sort_field) . "` - 1 \n\t\t\t\t\t\t\t\t\twhere `" . mysql_real_escape_string($this->current_area->sort_field) . "` <= " . mysql_real_escape_string($lock_upper[$this->current_area->sort_field]) . " and `" . $this->current_area->db_key . "` <> '" . mysql_real_escape_string($lock_current[$this->current_area->db_key]) . "' " . $sql_add . " ";
                                     $rs_update = mysql_query($sql_update);
                                     if (!$rs_update) {
                                         trigger_error($sql . " " . mysql_error());
                                     }
                                 } else {
                                     $sql_update = "update `" . DB_PREF . $this->current_area->db_table . "`\n\t\t\t\t\t\t\t\t\tset `" . mysql_real_escape_string($this->current_area->sort_field) . "` = " . mysql_real_escape_string($lock_current[$this->current_area->sort_field]) . "\n\t\t\t\t\t\t\t\t\twhere `" . $this->current_area->db_key . "` = '" . mysql_real_escape_string($lock_upper[$this->current_area->db_key]) . "' " . $sql_add . " limit 1";
                                     $rs_update = mysql_query($sql_update);
                                     if (!$rs_update) {
                                         trigger_error($sql_update . " " . mysql_error());
                                     }
                                     $sql_update = "update `" . DB_PREF . $this->current_area->db_table . "`\n\t\t\t\t\t\t\t\t\tset `" . mysql_real_escape_string($this->current_area->sort_field) . "` = " . mysql_real_escape_string($lock_upper[$this->current_area->sort_field]) . " \n\t\t\t\t\t\t\t\t\twhere `" . $this->current_area->db_key . "` = '" . mysql_real_escape_string($lock_current[$this->current_area->db_key]) . "' " . $sql_add . " limit 1";
                                     $rs_update = mysql_query($sql_update);
                                     if (!$rs_update) {
                                         trigger_error($sql . " " . mysql_error());
                                     }
                                 }
                             }
                         }
                     } else {
                         trigger_error($sql . " Element does not exist");
                     }
                 }
                 echo "\n              window.location = window.location;\t\t\t\t\t   \n          ";
                 \Db::disconnect();
                 exit;
                 break;
             case 'row_number_decrease':
                 $sql_current = "select `" . $this->current_area->db_key . "`, `" . mysql_real_escape_string($this->current_area->sort_field) . "`\n  \t\t\t\tfrom `" . DB_PREF . $this->current_area->db_table . "` \n  \t\t\t\twhere `" . $this->current_area->db_key . "` = '" . mysql_real_escape_string($_POST['key_id']) . "'";
                 $rs_current = mysql_query($sql_current);
                 if ($rs_current) {
                     if ($lock_current = mysql_fetch_assoc($rs_current)) {
                         //current record (need to be moved down)
                         /*searching under record*/
                         if ($this->level > 0) {
                             $sql_add = " and " . $this->current_area->get_db_reference() . " = '" . mysql_real_escape_string($this->up_area->get_parent_id()) . "' ";
                         } else {
                             $sql_add = '';
                         }
                         $sql_under = "select `" . $this->current_area->db_key . "`, `" . mysql_real_escape_string($this->current_area->sort_field) . "`\n  \t\t\t\t\t\tfrom `" . DB_PREF . $this->current_area->db_table . "` \n  \t\t\t\t\t\twhere `" . mysql_real_escape_string($this->current_area->sort_field) . "` <= '" . mysql_real_escape_string($lock_current[$this->current_area->sort_field]) . "' " . $sql_add . "\n  \t\t\t\t\t\tand `" . $this->current_area->db_key . "` <> '" . mysql_real_escape_string($lock_current[$this->current_area->db_key]) . "'\n  \t\t\t\t\t\torder by `" . mysql_real_escape_string($this->current_area->sort_field) . "` desc limit 1";
                         $rs_under = mysql_query($sql_under);
                         if ($rs_under) {
                             if ($lock_under = mysql_fetch_assoc($rs_under)) {
                                 //under record (need to be moved up)
                                 if ($lock_under[$this->current_area->sort_field] == $lock_current[$this->current_area->sort_field]) {
                                     $sql_update = "update `" . DB_PREF . $this->current_area->db_table . "`\n  \t\t\t\t\t\t\t\t\tset `" . mysql_real_escape_string($this->current_area->sort_field) . "` = `" . mysql_real_escape_string($this->current_area->sort_field) . "` + 1\n  \t\t\t\t\t\t\t\t\twhere `" . mysql_real_escape_string($this->current_area->sort_field) . "` >= " . mysql_real_escape_string($lock_under[$this->current_area->sort_field]) . " and `" . $this->current_area->db_key . "` <> '" . mysql_real_escape_string($lock_current[$this->current_area->db_key]) . "'  " . $sql_add . "";
                                     $rs_update = mysql_query($sql_update);
                                     if (!$rs_update) {
                                         trigger_error($sql_update . " " . mysql_error());
                                     }
                                 } else {
                                     $sql_update = "update `" . DB_PREF . $this->current_area->db_table . "`\n  \t\t\t\t\t\t\t\t\tset `" . mysql_real_escape_string($this->current_area->sort_field) . "` = " . $lock_current[$this->current_area->sort_field] . " \n  \t\t\t\t\t\t\t\t\twhere `" . $this->current_area->db_key . "` = '" . mysql_real_escape_string($lock_under[$this->current_area->db_key]) . "' " . $sql_add . " limit 1";
                                     $rs_update = mysql_query($sql_update);
                                     if (!$rs_update) {
                                         trigger_error($sql_update . " " . mysql_error());
                                     }
                                     $sql_update = "update `" . DB_PREF . $this->current_area->db_table . "`\n  \t\t\t\t\t\t\t\t\tset `" . mysql_real_escape_string($this->current_area->sort_field) . "` = " . $lock_under[$this->current_area->sort_field] . " \n  \t\t\t\t\t\t\t\t\twhere `" . $this->current_area->db_key . "` = '" . mysql_real_escape_string($lock_current[$this->current_area->db_key]) . "'  " . $sql_add . " limit 1";
                                     $rs_update = mysql_query($sql_update);
                                     if (!$rs_update) {
                                         trigger_error($sql_update . " " . mysql_error());
                                     }
                                 }
                             }
                         }
                     } else {
                         trigger_error($sql . " Element does not exist");
                     }
                 }
                 echo "document.location = document.location;";
                 \Db::disconnect();
                 exit;
                 break;
             case 'delete':
                 if ($this->allow_delete($this->current_area, $_REQUEST['key_id'], $this->current_area, $_REQUEST['key_id'])) {
                     $this->delete($this->current_area, $_REQUEST['key_id']);
                     echo "delete_row(" . $_POST['key_id'] . ")";
                 }
                 \Db::disconnect();
                 exit;
                 break;
             case 'insert':
                 $parameters = array();
                 //parameters for main sql for current area table.
                 foreach ($this->current_area->get_elements() as $key => $element) {
                     $new_error = $element->check_field("i_n_" . $key, "insert");
                     if ($new_error != null) {
                         $this->errors[$key] = $new_error;
                     }
                 }
                 if (sizeof($this->errors) == 0) {
                     foreach ($this->current_area->get_elements() as $key => $element) {
                         $new_parameter = $element->get_parameters("insert", "i_n_" . $key);
                         if ($new_parameter) {
                             $parameters[] = $new_parameter;
                         }
                     }
                     $sql = "insert into `" . DB_PREF . "" . $this->current_area->get_db_table() . "` set  `" . $this->current_area->db_key . "`= DEFAULT ";
                     $need_comma = true;
                     if ($this->level > 0) {
                         $sql .= ", `" . $this->current_area->get_db_reference() . "` = '" . mysql_real_escape_string($this->up_area->parent_id) . "' ";
                         $need_comma = true;
                     }
                     foreach ($parameters as $key => $parameter) {
                         if ($need_comma) {
                             $sql .= ", `" . $parameter['name'] . "` = '" . mysql_real_escape_string($parameter['value']) . "' ";
                         } else {
                             $sql .= " `" . $parameter['name'] . "` = '" . mysql_real_escape_string($parameter['value']) . "' ";
                             $need_comma = true;
                         }
                     }
                     $rs = mysql_query($sql);
                     if (!$rs) {
                         trigger_error("Impossible to insert new data " . $sql);
                     } else {
                         $last_insert_id = mysql_insert_id();
                         /* update sort field value */
                         if ($this->current_area->sort_field && $this->current_area->new_record_position == 'top') {
                             /* increase all sort field numbers */
                             $sql = "update `" . DB_PREF . "" . $this->current_area->get_db_table() . "` set `" . mysql_real_escape_string($this->current_area->sort_field) . "` = `" . mysql_real_escape_string($this->current_area->sort_field) . "` + 1";
                             $rs = mysql_query($sql);
                             if (!$rs) {
                                 trigger_error("Can't change sort numbers " . $sql . " " . mysql_error());
                             }
                             /* find lowest walue */
                             if ($this->level > 0) {
                                 $sql = "select min(`" . mysql_real_escape_string($this->current_area->sort_field) . "`) as 'min_value' from `" . DB_PREF . "" . $this->current_area->get_db_table() . "` where " . $this->current_area->get_db_reference() . " = '" . mysql_real_escape_string($this->up_area->get_parent_id()) . "' and `" . $this->current_area->db_key . "` <> " . (int) $last_insert_id . " ";
                             } else {
                                 $sql = "select min(`" . mysql_real_escape_string($this->current_area->sort_field) . "`) as 'min_value' from `" . DB_PREF . "" . $this->current_area->get_db_table() . "` where `" . $this->current_area->db_key . "` <> " . (int) $last_insert_id . " ";
                             }
                             $rs = mysql_query($sql);
                             if ($rs) {
                                 if ($lock = mysql_fetch_assoc($rs)) {
                                     /* update inserted record to have the smallest sort field number*/
                                     $sql2 = "update `" . DB_PREF . "" . $this->current_area->get_db_table() . "` set `" . mysql_real_escape_string($this->current_area->sort_field) . "` = (" . $lock['min_value'] . " - 1) where `" . $this->current_area->db_key . "` = " . $last_insert_id . " ";
                                     $rs = mysql_query($sql2);
                                     if (!$rs) {
                                         trigger_error($sql . " " . mysql_error());
                                     }
                                 }
                             } else {
                                 trigger_error("Can't find lowest value " . $sql . " " . mysql_error());
                             }
                         }
                         if ($this->current_area->sort_field && $this->current_area->new_record_position == 'bottom') {
                             /* find biggest walue */
                             if ($this->level > 0) {
                                 $sql = "select max(`" . mysql_real_escape_string($this->current_area->sort_field) . "`) as 'max_value' from `" . DB_PREF . "" . $this->current_area->get_db_table() . "` where " . $this->current_area->get_db_reference() . " = '" . mysql_real_escape_string($this->up_area->get_parent_id()) . "' and `" . $this->current_area->db_key . "` <> " . (int) $last_insert_id . "";
                             } else {
                                 $sql = "select max(`" . mysql_real_escape_string($this->current_area->sort_field) . "`) as 'max_value' from `" . DB_PREF . "" . $this->current_area->get_db_table() . "` where `" . $this->current_area->db_key . "` <> " . (int) $last_insert_id . "";
                             }
                             $rs = mysql_query($sql);
                             if ($rs) {
                                 if ($lock = mysql_fetch_assoc($rs)) {
                                     /* update inserted record to have the smallest sort field number*/
                                     $sql2 = "update `" . DB_PREF . "" . $this->current_area->get_db_table() . "` set `" . mysql_real_escape_string($this->current_area->sort_field) . "` = (" . $lock['max_value'] . " + 1) where `" . $this->current_area->db_key . "` = " . $last_insert_id . " ";
                                     $rs = mysql_query($sql2);
                                     if (!$rs) {
                                         trigger_error($sql . " " . mysql_error());
                                     }
                                 }
                             } else {
                                 trigger_error("Can't find lowest value " . $sql . " " . mysql_error());
                             }
                         }
                         foreach ($this->current_area->get_elements() as $key => $element) {
                             $new_parameter = $element->process_insert("i_n_" . $key, $this->current_area, $last_insert_id);
                         }
                         if (method_exists($this->current_area, 'after_insert')) {
                             $this->current_area->after_insert($last_insert_id);
                         }
                         $elements =& $this->current_area->get_elements();
                         for ($i = 0; $i < sizeof($elements); $i++) {
                             $elements[$i]->reset("i_n_" . $i);
                         }
                     }
                     $answer = "\n          <html>\n            <head>\n              <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n            </head>\n            <body>\n              <script type=\"text/javascript\">\n                parent.window.location.reload(true);\n                parent.window.location.href = parent.window.location.href;\n              \n              </script>\n            </body></html>\n        ";
                     echo $answer;
                     \Db::disconnect();
                     exit;
                 } else {
                     $answer = "\n          <html>\n            <head>\n              <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n            </head>\n            <body>\n              <script type=\"text/javascript\">\n                var errors = new Array();\n                var new_fields = new Array();\n                ";
                     foreach ($this->errors as $key => $error) {
                         $answer .= "\n                 var error = ['i_n_" . addslashes($key) . "', '" . addslashes($error) . "'];\n                 errors.push(error);\n                 ";
                     }
                     $answer .= "\n            </script>\n            </body></html>\n        ";
                     echo $answer;
                     \Db::disconnect();
                     exit;
                     /*$elements = &$this->current_area->get_elements();
                       for($i=0; $i<sizeof($elements); $i++){
                         $elements[$i]->memorize("i_n_".$i);
                       }*/
                 }
                 break;
             case 'update':
                 $parameters = array();
                 //parameters for main sql for current area table.
                 foreach ($this->up_area->get_elements() as $key => $element) {
                     $new_error = $element->check_field("i_" . $key, "update");
                     if ($new_error != null) {
                         $this->errors[$key] = $new_error;
                     }
                 }
                 if (sizeof($this->errors) == 0) {
                     if (method_exists($this->up_area, 'before_update')) {
                         $this->up_area->before_update(mysql_real_escape_string($this->up_area->parent_id));
                     }
                     foreach ($this->up_area->get_elements() as $key => $element) {
                         $new_parameter = $element->get_parameters("update", "i_" . $key);
                         if ($new_parameter) {
                             $parameters[] = $new_parameter;
                         }
                     }
                     $main_update = false;
                     if (sizeof($parameters) > 0) {
                         $sql = "update `" . DB_PREF . "" . $this->up_area->get_db_table() . "` set ";
                         $need_comma = false;
                         foreach ($parameters as $key => $parameter) {
                             if ($need_comma) {
                                 $sql .= ", `" . $parameter['name'] . "` = '" . mysql_real_escape_string($parameter['value']) . "' ";
                             } else {
                                 $sql .= " `" . $parameter['name'] . "` = '" . mysql_real_escape_string($parameter['value']) . "' ";
                                 $need_comma = true;
                             }
                         }
                         $sql .= " where `" . $this->up_area->get_db_key() . "` = '" . mysql_real_escape_string($this->up_area->parent_id) . "' ";
                         $rs = mysql_query($sql);
                         if (!$rs) {
                             trigger_error("Impossible to update " . $sql);
                         } else {
                             $main_update = true;
                         }
                     } else {
                         $main_update = true;
                     }
                     if ($main_update) {
                         foreach ($this->up_area->get_elements() as $key => $element) {
                             $new_parameter = $element->process_update("i_" . $key, $this->up_area, mysql_real_escape_string($this->up_area->parent_id));
                         }
                     }
                     if (method_exists($this->up_area, 'after_update')) {
                         $this->up_area->after_update(mysql_real_escape_string($this->up_area->parent_id));
                     }
                     $elements =& $this->up_area->get_elements();
                     for ($i = 0; $i < sizeof($elements); $i++) {
                         $elements[$i]->reset();
                     }
                     $answer = "\n              <html>\n              <head>\n                <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n              </head>\n              <body>\n                <script type=\"text/javascript\">\n                parent.window.location.reload(true);\n                parent.window.location.href = parent.window.location.href;\n                \n                </script>\n              </body></html>\n            ";
                     echo $answer;
                     \Db::disconnect();
                     exit;
                 } else {
                     $answer = "\n               <html>\n               <head>\n                 <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n               </head>\n               <body>\n                 <script type=\"text/javascript\">\n                   var errors = new Array();\n                   var new_fields = new Array();\n                   ";
                     foreach ($this->errors as $key => $error) {
                         $answer .= "\n                  var error = ['i_n_" . addslashes($key) . "', '" . addslashes($error) . "'];\n                  errors.push(error);\n                  ";
                     }
                     $answer .= "\n               </script>\n               </body></html>\n              ";
                     echo $answer;
                     \Db::disconnect();
                     exit;
                 }
                 break;
         }
     }
 }
Exemplo n.º 10
0
 /**
  * test_setAttribute_withArgs()
  *
  * setAttribute()のテスト(引数指定時)
  */
 public function test_setAttribute_withArgs()
 {
     $params = ["driver" => $GLOBALS['DB_DRIVER'], "user" => $GLOBALS['DB_USER'], "pass" => $GLOBALS['DB_PASSWORD'], "dbname" => $GLOBALS['DB_DBNAME'], "host" => $GLOBALS['DB_HOST'], "persistent" => false];
     $instance = new Db();
     $instance->connect($params);
     $before_val = $instance->getAttribute('FETCH_MODE');
     $tmp_result = $instance->setAttribute(\PDO::ATTR_DEFAULT_FETCH_MODE, \PDO::FETCH_OBJ);
     $after_val = $instance->getAttribute('FETCH_MODE');
     $this->assertTrue($tmp_result);
     $this->assertNotEquals($before_val, $after_val);
     $this->assertNotEquals(\PDO::FETCH_OBJ, $after_val);
     $instance->disconnect();
     unset($instance);
 }
Exemplo n.º 11
0
 function manage()
 {
     global $cms;
     $answer = '';
     if (isset($_REQUEST['type']) == 'ajax' && $_REQUEST['action'] == 'install') {
         if ($_REQUEST['action'] == 'install') {
             $errors = ModulesInstallation::getErrors($_REQUEST['module_group'], $_REQUEST['module']);
             if ($errors) {
                 $tmp_answer = '';
                 foreach ($errors as $key => $error) {
                     if ($tmp_answer != '') {
                         $tmp_answer .= "\\n\\n";
                     }
                     $tmp_answer .= addslashes(str_replace("\n", "", str_replace("\r", "", $error)));
                 }
                 $answer .= 'alert(\'' . $tmp_answer . '\')';
             } else {
                 ModulesInstallation::install($_REQUEST['module_group'], $_REQUEST['module']);
                 $answer .= '
               window.location = \'' . $cms->generateUrl() . '\';
       ';
             }
         }
         echo $answer;
         \Db::disconnect();
         exit;
     } else {
         //$this->standard_module->before_content = $this->find_new_modules();  widgets installation disabled
         return $this->standard_module->manage();
     }
 }
Exemplo n.º 12
0
 function makeActions()
 {
     global $site;
     global $parametersMod;
     global $session;
     global $log;
     $userZone = $site->getZoneByModule('community', 'user');
     if (!$userZone) {
         return;
     }
     if (isset($_REQUEST['action'])) {
         switch ($_REQUEST['action']) {
             case 'password_reset':
                 $standardForm = new \Library\Php\Form\Standard(\Modules\community\user\Config::getPasswordResetFields());
                 $errors = $standardForm->getErrors();
                 $tmpUser = Db::userByEmail($_POST['email']);
                 if (!$tmpUser) {
                     $errors['email'] = $parametersMod->getValue('community', 'user', 'errors', 'email_doesnt_exist');
                 }
                 if (!isset($_POST['password']) || $_POST['password'] == '' || $parametersMod->getValue('community', 'user', 'options', 'type_password_twice') && $_POST['password'] != $_POST['confirm_password']) {
                     $errors['password'] = $parametersMod->getValue('community', 'user', 'errors', 'passwords_dont_match');
                     $errors['confirm_password'] = $parametersMod->getValue('community', 'user', 'errors', 'passwords_dont_match');
                 }
                 if (sizeof($errors) > 0) {
                     $html = $standardForm->generateErrorAnswer($errors);
                 } else {
                     $tmp_code = md5(uniqid(rand(), true));
                     if ($parametersMod->getValue('community', 'user', 'options', 'encrypt_passwords')) {
                         $additionalFields['new_password'] = md5($_POST['password'] . \Modules\community\user\Config::$hashSalt);
                     } else {
                         $additionalFields['new_password'] = $_POST['password'];
                     }
                     $additionalFields['verification_code'] = $tmp_code;
                     $standardForm->updateDatabase(DB_PREF . 'm_community_user', 'id', $tmpUser['id'], $additionalFields);
                     $this->sendPasswordResetLink($_POST['email'], $tmp_code, $tmpUser['id']);
                     $html = "\n                <html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" /></head><body>\n                <script type=\"text/javascript\">\n                  parent.window.location = '" . $site->generateUrl(null, $userZone->getName(), array(Config::$urlPasswordResetSentText)) . "';\n                </script>\n                </body></html>            \n            ";
                 }
                 echo $html;
                 \Db::disconnect();
                 exit;
                 break;
             case 'password_reset_verification':
                 $current = Db::userById($_REQUEST['id']);
                 if ($current && $current['verified']) {
                     if ($current['verification_code'] == $_REQUEST['code']) {
                         if ($current['new_password'] != '') {
                             if (Db::verifyNewPassword($current['id'])) {
                                 $site->dispatchEvent('community', 'user', 'password_reset', array('user_id' => $current['id']));
                                 header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlPasswordResetVerified)));
                             } else {
                                 header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlPasswordResetVerificationError)));
                             }
                         } else {
                             header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlPasswordResetVerified)));
                         }
                     } else {
                         header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlPasswordResetVerificationError)));
                     }
                 } else {
                     header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlPasswordResetVerificationError)));
                 }
                 \Db::disconnect();
                 exit;
                 break;
             case 'register':
                 $html = '';
                 if (!$parametersMod->getValue('community', 'user', 'options', 'enable_registration')) {
                     \Db::disconnect();
                     exit;
                 }
                 $standardForm = new \Library\Php\Form\Standard(\Modules\community\user\Config::getRegistrationFields());
                 $errors = $standardForm->getErrors();
                 $sameEmailUser = Db::userByEmail($_POST['email']);
                 if ($_POST['email'] && $sameEmailUser) {
                     $errors['email'] = $parametersMod->getValue('community', 'user', 'errors', 'already_registered');
                 }
                 if ($parametersMod->getValue('community', 'user', 'options', 'login_type') == 'login') {
                     $sameLoginUser = Db::userByLogin($_POST['login']);
                     if ($sameLoginUser) {
                         $errors['login'] = $parametersMod->getValue('community', 'user', 'errors', 'already_registered');
                     }
                 }
                 if ($parametersMod->getValue('community', 'user', 'options', 'type_password_twice') && $_POST['password'] != $_POST['confirm_password']) {
                     $errors['password'] = $parametersMod->getValue('community', 'user', 'errors', 'passwords_dont_match');
                     $errors['confirm_password'] = $parametersMod->getValue('community', 'user', 'errors', 'passwords_dont_match');
                 }
                 if (sizeof($errors) > 0) {
                     $html = $standardForm->generateErrorAnswer($errors);
                 } else {
                     $tmp_code = md5(uniqid(rand(), true));
                     if ($parametersMod->getValue('community', 'user', 'options', 'encrypt_passwords')) {
                         $password = md5($_POST['password'] . \Modules\community\user\Config::$hashSalt);
                     } else {
                         $password = $_POST['password'];
                     }
                     if ($parametersMod->getValue('community', 'user', 'options', 'require_email_confirmation')) {
                         $verified = '0';
                     } else {
                         $verified = '1';
                     }
                     $insert_id = $standardForm->writeToDatabase(DB_PREF . 'm_community_user', array('verified' => $verified, 'verification_code' => $tmp_code, 'password' => $password, 'last_login' => date("Y-m-d"), 'language_id' => $site->currentLanguage['id']));
                     if ($insert_id !== false) {
                         $site->dispatchEvent('community', 'user', 'register', array('user_id' => $insert_id));
                         if ($parametersMod->getValue('community', 'user', 'options', 'require_email_confirmation')) {
                             $this->sendVerificationLink($_POST['email'], $tmp_code, $insert_id);
                             $html = "\n                    <html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" /></head><body>\n                    <script type=\"text/javascript\">\n                      parent.window.location = '" . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRegistrationVerificationRequired)) . "';\n                    </script>\n                    </body></html>\n                  ";
                         } else {
                             if ($parametersMod->getValue('community', 'user', 'options', 'autologin_after_registration')) {
                                 $tmpUser = Db::userById($insert_id);
                                 if ($tmpUser) {
                                     $this->login($tmpUser);
                                     $html = $this->redirectAfterLogin();
                                 }
                             } else {
                                 $html = "\n                      <html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" /></head><body>\n                      <script type=\"text/javascript\">\n                        parent.window.location.href = '" . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRegistrationVerified)) . "';\n                      </script>\n                      </body></html>\n                  ";
                             }
                         }
                     } else {
                         trigger_error("Cannot register new user");
                     }
                 }
                 echo $html;
                 \Db::disconnect();
                 exit;
                 break;
             case 'update_profile':
                 if ($session->loggedIn()) {
                     $standardForm = new \Library\Php\Form\Standard(\Modules\community\user\Config::getProfileFields());
                     $errors = $standardForm->getErrors();
                     $tmpUser = Db::userById($session->userId());
                     if (isset($_POST['email']) && $_POST['email'] != $tmpUser['email']) {
                         $user_by_new_email = Db::userByEmail($_POST['email']);
                         if ($user_by_new_email && $user_by_new_email['verified']) {
                             $errors['email'] = $parametersMod->getValue('community', 'user', 'errors', 'already_registered');
                         }
                     }
                     if ($parametersMod->getValue('community', 'user', 'options', 'type_password_twice') && $_POST['password'] != $_POST['confirm_password']) {
                         $errors['password'] = $parametersMod->getValue('community', 'user', 'errors', 'passwords_dont_match');
                         $errors['confirm_password'] = $parametersMod->getValue('community', 'user', 'errors', 'passwords_dont_match');
                     }
                     if (sizeof($errors) > 0) {
                         $html = $standardForm->generateErrorAnswer($errors);
                     } else {
                         if ($tmpUser) {
                             $additionalFields = array();
                             if (isset($_POST['email']) && $_POST['email'] != $tmpUser['email']) {
                                 $tmp_code = md5(uniqid(rand(), true));
                                 $additionalFields['new_email'] = $_POST['email'];
                                 $additionalFields['verification_code'] = $tmp_code;
                             }
                             if (isset($_POST['password']) && $_POST['password'] != '') {
                                 if ($parametersMod->getValue('community', 'user', 'options', 'encrypt_passwords')) {
                                     $additionalFields['password'] = md5($_POST['password'] . \Modules\community\user\Config::$hashSalt);
                                 } else {
                                     $additionalFields['password'] = $_POST['password'];
                                 }
                             }
                             $standardForm->updateDatabase(DB_PREF . 'm_community_user', 'id', $tmpUser['id'], $additionalFields);
                             $site->dispatchEvent('community', 'user', 'update_profile', array('user_id' => $tmpUser['id']));
                             if (isset($_POST['email']) && $_POST['email'] != $tmpUser['email']) {
                                 $this->sendUpdateVerificationLink($_POST['email'], $tmp_code, $tmpUser['id']);
                                 $html = "\n                    <html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" /></head><body>\n                    <script type=\"text/javascript\">\n                      parent.window.location = '" . $site->generateUrl(null, $userZone->getName(), array(Config::$urlEmailVerificationRequired)) . "';\n                    </script>\n                    </body></html>\n                  ";
                             } else {
                                 $html = "\n                    <html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" /></head><body>\n                    <script type=\"text/javascript\">\n                      parent.window.location = '" . $site->generateUrl(null, $userZone->getName(), array(Config::$urlProfile), array("message" => "updated")) . "';\n                    </script>\n                    </body></html>\n                  ";
                             }
                         } else {
                             trigger_error("Something goes wrong. " . $session->userId() . " " . $_POST['email']);
                         }
                     }
                     echo $html;
                     \Db::disconnect();
                     exit;
                 }
                 break;
             case 'login':
                 if ($parametersMod->getValue('community', 'user', 'options', 'login_type') == 'login') {
                     $tmpUser = Db::userByLogin($_POST['login']);
                 } else {
                     $tmpUser = Db::userByEmail($_POST['email']);
                 }
                 if ($parametersMod->getValue('community', 'user', 'options', 'encrypt_passwords')) {
                     $tmp_password = md5($_POST['password'] . \Modules\community\user\Config::$hashSalt);
                 } else {
                     $tmp_password = $_POST['password'];
                 }
                 if ($tmpUser && isset($_POST['password']) && $tmp_password == $tmpUser['password']) {
                     $this->login($tmpUser);
                     if ($parametersMod->getValue('community', 'user', 'options', 'enable_autologin') && isset($_POST['autologin']) && $_POST['autologin']) {
                         setCookie(Config::$autologinCookieName, json_encode(array('id' => $tmpUser['id'], 'pass' => md5($tmpUser['password'] . $tmpUser['created_on']))), time() + $parametersMod->getValue('community', 'user', 'options', 'autologin_time') * 60 * 60 * 24, Config::$autologinCookiePath, Config::getCookieDomain());
                     }
                     $html = $this->redirectAfterLogin();
                 } else {
                     $standardForm = new \Library\Php\Form\Standard(\Modules\community\user\Config::getRegistrationFields());
                     $errors = array();
                     $globalError = null;
                     $site->dispatchEvent('community', 'user', 'incorrect_login', array('post' => $_POST));
                     if ($parametersMod->getValue('community', 'user', 'options', 'login_type') == 'login') {
                         $globalError = $parametersMod->getValue('community', 'user', 'errors', 'incorrect_login_data');
                         $errors['login'] = '';
                     } else {
                         $globalError = $parametersMod->getValue('community', 'user', 'errors', 'incorrect_email_data');
                         $errors['email'] = '';
                     }
                     $errors['password'] = '';
                     $log->log('community/user', 'incorrect frontend login', $_SERVER['REMOTE_ADDR']);
                     $html = $standardForm->generateErrorAnswer($errors, $globalError);
                 }
                 echo $html;
                 \Db::disconnect();
                 exit;
                 break;
             case 'registration_verification':
                 $current = Db::userById($_REQUEST['id']);
                 if ($current) {
                     $sameEmailUser = Db::userByEmail($current['email']);
                     $sameLoginUser = Db::userByLogin($current['login']);
                     if ($current['verification_code'] == $_REQUEST['code']) {
                         if ($sameEmailUser && $sameEmailUser['id'] != $current['id']) {
                             header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlVerificationErrorEmailExist)));
                         } elseif ($parametersMod->getValue('community', 'user', 'options', 'login_type') == 'login' && $sameLoginUser && $sameLoginUser != $current['id']) {
                             header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlVerificationErrorUserExist)));
                         } else {
                             Db::verify($current['id']);
                             $site->dispatchEvent('community', 'user', 'registration_verification', array('user_id' => $current['id']));
                             if ($parametersMod->getValue('community', 'user', 'options', 'autologin_after_registration')) {
                                 $this->login($current);
                                 $this->redirectAfterLoginHeader();
                             } else {
                                 header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRegistrationVerified)));
                             }
                         }
                     } else {
                         header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRegistrationVerificationError)));
                     }
                 } else {
                     header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRegistrationVerificationError)));
                 }
                 \Db::disconnect();
                 exit;
                 break;
             case 'new_email_verification':
                 $sameEmailUser = Db::userById($_REQUEST['id']);
                 if ($sameEmailUser) {
                     if ($sameEmailUser['verification_code'] == $_REQUEST['code']) {
                         $user_with_new_email = Db::userByEmail($sameEmailUser['new_email']);
                         if ($user_with_new_email) {
                             if ($user_with_new_email['id'] == $sameEmailUser['id']) {
                                 header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRegistrationVerified)));
                             } else {
                                 header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlNewEmailVerificationError)));
                             }
                         } else {
                             if ($sameEmailUser['new_email'] == '') {
                                 header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRegistrationVerified)));
                             } else {
                                 Db::verifyNewEmail($sameEmailUser['id']);
                                 $site->dispatchEvent('community', 'user', 'new_email_verification', array('user_id' => $sameEmailUser['id']));
                                 header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlNewEmailVerified)));
                             }
                         }
                     } else {
                         header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlNewEmailVerificationError)));
                     }
                 } else {
                     header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlNewEmailVerificationError)));
                 }
                 \Db::disconnect();
                 exit;
                 break;
             case 'logout':
                 if ($session->loggedIn()) {
                     $site->dispatchEvent('community', 'user', 'logout', array('user_id' => $session->userId()));
                 }
                 $session->logout();
                 if ($parametersMod->getValue('community', 'user', 'options', 'enable_autologin')) {
                     setCookie(Config::$autologinCookieName, '', time() - 60, Config::$autologinCookiePath, Config::getCookieDomain());
                 }
                 header('location: ' . BASE_URL);
                 \Db::disconnect();
                 exit;
                 break;
             case 'renew_registration':
                 if (isset($_GET['id'])) {
                     if (Db::renewRegistration($_GET['id']) == 1) {
                         $site->dispatchEvent('community', 'user', 'renew_registration', array('user_id' => $_GET['id']));
                         header('location: ' . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRenewedRegistration)));
                     } else {
                         header('location: ' . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRenewRegistrationError)));
                     }
                 } else {
                     header('location: ' . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRenewRegistrationError)));
                 }
                 \Db::disconnect();
                 exit;
                 break;
         }
     }
 }
Exemplo n.º 13
0
 public function testDisconnectClearsPdo()
 {
     $this->db->disconnect();
     $this->assertEmpty($this->db->getPdo());
 }
Exemplo n.º 14
0
   /**
    * Generates sitemap XML
    * @param int $nr Number of sitemap. Big sites are split into several sitemaps. Begining from 0.
    * @return string Sitemap XML      
    */
   function getSitemap($zone, $languageId, $nr)
   {
       global $parametersMod;
       global $site;
       if (!isset($this->mappedZones[$zone]) || $site->getZone($zone) == false) {
           header('HTTP/1.0 404 Not Found');
           \Db::disconnect();
           exit;
       }
       header('Content-type: application/xml; charset="' . CHARSET . '"', true);
       $answer = '';
       $answer .= '<' . '?xml version="1.0" encoding="' . CHARSET . '"?' . '>
 		<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
 	
 	';
       if ($this->mappedZones[$zone] == -1) {
           //unlimited depth
           $pages = $this->getPages($site->getZone($zone), $languageId);
       } else {
           $pages = $this->getPages($site->getZone($zone), $languageId, $this->mappedZones[$zone]);
       }
       //var_dump($pages);
       for ($i = $nr * SITEMAP_MAX_LENGTH; $i < ($nr + 1) * SITEMAP_MAX_LENGTH; $i++) {
           if (isset($pages[$i])) {
               $answer .= '
 			   <url>
 			      <loc>' . $pages[$i]->getLink() . '</loc>
 			';
               if ($pages[$i]->getLastModified()) {
                   $answer .= '<lastmod>' . substr($pages[$i]->getLastModified(), 0, 10) . '</lastmod>
   			';
               }
               if ($frequency = $pages[$i]->getModifyFrequency()) {
                   $tmp_freq = '';
                   if ($frequency < 60 * 30) {
                       //30 min
                       $tmp_freq = 'always';
                   } elseif ($frequency < 60 * 60) {
                       //1 hour
                       $tmp_freq = 'hourly';
                   } elseif ($frequency < 60 * 60 * 24) {
                       //1 day
                       $tmp_freq = 'daily';
                   } elseif ($frequency < 60 * 60 * 24 * 7) {
                       //1 week
                       $tmp_freq = 'weekly';
                   } elseif ($frequency < 60 * 60 * 24 * 30) {
                       //1 month
                       $tmp_freq = 'monthly';
                   } elseif ($frequency < 60 * 60 * 24 * 360 * 2) {
                       //2 years
                       $tmp_freq = 'yearly';
                   } else {
                       $tmp_freq = 'never';
                   }
                   $answer .= '<changefreq>' . $tmp_freq . '</changefreq>
 				';
               }
               if ($tmpPriority = $pages[$i]->getPriority()) {
                   $answer .= '<priority>' . $tmpPriority . '</priority>
   			';
               }
               $answer .= '
 			   </url>
 			';
           }
       }
       $answer .= '
 	</urlset>';
       return $answer;
   }
Exemplo n.º 15
0
 function manage()
 {
     global $cms;
     $answer = '';
     if (isset($_REQUEST['type']) == 'ajax' && $_REQUEST['action'] == 'install') {
         if ($_REQUEST['action'] == 'install') {
             $installation = new \Modules\developer\modules\ModulesInstallation();
             $errors = $installation->getErrors($_REQUEST['module_group'], $_REQUEST['module']);
             if ($errors) {
                 $tmp_answer = '';
                 foreach ($errors as $key => $error) {
                     if ($tmp_answer != '') {
                         $tmp_answer .= "\\n\\n";
                     }
                     $tmp_answer .= addslashes(str_replace("\n", "", str_replace("\r", "", $error)));
                 }
                 $answer .= 'alert(\'' . $tmp_answer . '\')';
             } else {
                 $installation->recursiveInstall($_REQUEST['module_group'], $_REQUEST['module']);
                 $answer .= '
         window.location = \'' . $cms->generateUrl() . '\';
       ';
             }
         }
         echo $answer;
         \Db::disconnect();
         exit;
     } else {
         $installation = new \Modules\developer\modules\ModulesInstallation();
         $this->standardModule->before_content = $installation->findNewModules();
         return $this->standardModule->manage();
     }
 }
Exemplo n.º 16
0
 function makeActions()
 {
     global $site;
     global $parametersMod;
     if (!isset($_REQUEST['action'])) {
         return;
     }
     switch ($_REQUEST['action']) {
         case 'getLanguages':
             if (!$this->_adminAccess()) {
                 return;
             }
             $answer = array('response' => ModelTree::getLanguages(), 'status' => 'success');
             $this->_printJson($answer);
             break;
         case 'getZones':
             if (!$this->_adminAccess()) {
                 return;
             }
             if (!isset($_REQUEST['includeNonManagedZones'])) {
                 trigger_error('Required parameters is not set');
                 return;
             }
             $answer = array('response' => ModelTree::getZones($_REQUEST['includeNonManagedZones']), 'status' => 'success');
             $this->_printJson($answer);
             break;
         case 'getZonePages':
             if (!$this->_adminAccess()) {
                 return;
             }
             if (!isset($_REQUEST['languageId'])) {
                 trigger_error('Language id is not set');
                 return;
             }
             if (!isset($_REQUEST['zoneName'])) {
                 trigger_error('Zone name is not set');
                 return;
             }
             $answer = array('response' => ModelTree::getZonePages($_REQUEST['languageId'], $_REQUEST['zoneName']), 'status' => 'success');
             $this->_printJson($answer);
             break;
         case 'getPages':
             if (!$this->_adminAccess()) {
                 return;
             }
             if (!isset($_REQUEST['parentId'])) {
                 trigger_error('Parent ID is not set');
                 return;
             }
             $answer = array('response' => ModelTree::getPages($_REQUEST['parentId']), 'status' => 'success');
             $this->_printJson($answer);
             break;
         case 'getData':
             if (!$this->_adminAccess()) {
                 return;
             }
             if (!isset($_REQUEST['pageId'])) {
                 trigger_error('Page ID is not set');
                 return;
             }
             $pageId = $_REQUEST['pageId'];
             $pages = array($this->_getPageDataRecursion($pageId));
             $data = array('status' => 'success', 'response' => $pages);
             $this->_printJson($data);
             break;
     }
     \Db::disconnect();
     exit;
 }
Exemplo n.º 17
0
    $site = new \Frontend\Site();
    /*to generate links to site and get other data about frontend*/
    $site->init();
    $cms = new Cms();
    ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
    <title>ImpressPages CMS</title>
    <link rel="SHORTCUT ICON" href="favicon.ico" />
</head>
<frameset rows="64px,*" framespacing="0" border="0">
 <frame name="header" noresize="noresize" frameborder=0 scrolling="no" src="<?php 
    echo $cms->generateActionurl('tep_modules');
    ?>
">
 <frame id="frameContent" name="content" frameborder=0 src="<?php 
    echo $cms->generateActionurl('first_module');
    ?>
">
 <noframes>
  <body>Your browser don't support frames!</body>
 </noframes>
</frameset>
</html>
<?php 
    \Db::disconnect();
} else {
    trigger_error('Database access');
}
Exemplo n.º 18
0
 function ajaxAction()
 {
     global $parametersMod;
     global $cms;
     if (isset($_POST['action'])) {
         switch ($_POST['action']) {
             case 'new_row_number':
                 if (method_exists($this->currentArea, 'beforeSort')) {
                     $this->currentArea->beforeSort();
                 }
                 $sql = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = '" . mysql_real_escape_string($_POST['new_row_number']) . "'\n\t\t\t\twhere `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($_POST['key_id']) . "'";
                 $rs = mysql_query($sql);
                 if (!$rs) {
                     trigger_error($sql . " " . mysql_error());
                 }
                 if (method_exists($this->currentArea, 'afterSort')) {
                     $this->currentArea->afterSort();
                 }
                 \Db::disconnect();
                 exit;
                 break;
             case 'row_number_increase':
                 if (method_exists($this->currentArea, 'beforeSort')) {
                     $this->currentArea->beforeSort();
                 }
                 $sql_current = "select `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "`, `" . mysql_real_escape_string($this->currentArea->sortField) . "` from `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($_POST['key_id']) . "'";
                 $rs_current = mysql_query($sql_current);
                 if ($rs_current) {
                     if ($lock_current = mysql_fetch_assoc($rs_current)) {
                         //current record (need to be moved up)
                         /*searching upper record*/
                         if ($this->level > 0) {
                             $sql_add = " and `" . mysql_real_escape_string($this->currentArea->dbReference) . "` = '" . mysql_real_escape_string($this->upArea->parentId) . "' ";
                         } else {
                             $sql_add = '';
                         }
                         $sql_upper = "select `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "`, `" . mysql_real_escape_string($this->currentArea->sortField) . "`\n                              from `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n                              where `" . mysql_real_escape_string($this->currentArea->sortField) . "` >= '" . mysql_real_escape_string($lock_current[$this->currentArea->sortField]) . "'\n                              and `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` <> '" . mysql_real_escape_string($lock_current[$this->currentArea->dbPrimaryKey]) . "' " . $sql_add . "\n                              order by `" . $this->currentArea->sortField . "` asc limit 1";
                         $rs_upper = mysql_query($sql_upper);
                         if ($rs_upper) {
                             if ($lock_upper = mysql_fetch_assoc($rs_upper)) {
                                 //upper record (need to be moved down)
                                 if ($lock_upper[$this->currentArea->sortField] == $lock_current[$this->currentArea->sortField]) {
                                     $sql_update = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n                                    set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = `" . mysql_real_escape_string($this->currentArea->sortField) . "` - 1\n                                    where `" . mysql_real_escape_string($this->currentArea->sortField) . "` <= " . mysql_real_escape_string($lock_upper[$this->currentArea->sortField]) . " and `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` <> '" . mysql_real_escape_string($lock_current[$this->currentArea->dbPrimaryKey]) . "' " . $sql_add . " ";
                                     $rs_update = mysql_query($sql_update);
                                     if (!$rs_update) {
                                         trigger_error($sql . " " . mysql_error());
                                     }
                                 } else {
                                     $sql_update = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n                                    set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = " . (int) $lock_current[$this->currentArea->sortField] . "\n                                    where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($lock_upper[$this->currentArea->dbPrimaryKey]) . "' " . $sql_add . " limit 1";
                                     $rs_update = mysql_query($sql_update);
                                     if (!$rs_update) {
                                         trigger_error($sql_update . " " . mysql_error());
                                     }
                                     $sql_update = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n\t\t\t\t\t\t\t\t\tset `" . mysql_real_escape_string($this->currentArea->sortField) . "` = " . (int) $lock_upper[$this->currentArea->sortField] . "\n\t\t\t\t\t\t\t\t\twhere `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($lock_current[$this->currentArea->dbPrimaryKey]) . "' " . $sql_add . " limit 1";
                                     $rs_update = mysql_query($sql_update);
                                     if (!$rs_update) {
                                         trigger_error($sql . " " . mysql_error());
                                     }
                                 }
                             }
                         }
                     } else {
                         trigger_error($sql . " Element does not exist");
                     }
                 }
                 echo "\n              window.location = window.location;\t\t\t\t\t   \n          ";
                 if (method_exists($this->currentArea, 'afterSort')) {
                     $this->currentArea->afterSort();
                 }
                 \Db::disconnect();
                 exit;
                 break;
             case 'row_number_decrease':
                 if (method_exists($this->currentArea, 'beforeSort')) {
                     $this->currentArea->beforeSort();
                 }
                 $sql_current = "select `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "`, `" . mysql_real_escape_string($this->currentArea->sortField) . "`\n                            from `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n                            where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($_POST['key_id']) . "'";
                 $rs_current = mysql_query($sql_current);
                 if ($rs_current) {
                     if ($lock_current = mysql_fetch_assoc($rs_current)) {
                         //current record (need to be moved down)
                         /*searching under record*/
                         if ($this->level > 0) {
                             $sql_add = " and `" . mysql_real_escape_string($this->currentArea->dbReference) . "` = '" . mysql_real_escape_string($this->upArea->parentId) . "' ";
                         } else {
                             $sql_add = '';
                         }
                         $sql_under = "select `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "`, `" . mysql_real_escape_string($this->currentArea->sortField) . "`\n                              from `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n                              where `" . mysql_real_escape_string($this->currentArea->sortField) . "` <= '" . mysql_real_escape_string($lock_current[$this->currentArea->sortField]) . "' " . $sql_add . "\n                              and `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` <> '" . mysql_real_escape_string($lock_current[$this->currentArea->dbPrimaryKey]) . "'\n                              order by `" . mysql_real_escape_string($this->currentArea->sortField) . "` desc limit 1";
                         $rs_under = mysql_query($sql_under);
                         if ($rs_under) {
                             if ($lock_under = mysql_fetch_assoc($rs_under)) {
                                 //under record (need to be moved up)
                                 if ($lock_under[$this->currentArea->sortField] == $lock_current[$this->currentArea->sortField]) {
                                     $sql_update = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n                                    set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = `" . mysql_real_escape_string($this->currentArea->sortField) . "` + 1\n                                    where `" . mysql_real_escape_string($this->currentArea->sortField) . "` >= " . mysql_real_escape_string($lock_under[$this->currentArea->sortField]) . "\n                                    and `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` <> '" . mysql_real_escape_string($lock_current[$this->currentArea->dbPrimaryKey]) . "'  " . $sql_add . "";
                                     $rs_update = mysql_query($sql_update);
                                     if (!$rs_update) {
                                         trigger_error($sql_update . " " . mysql_error());
                                     }
                                 } else {
                                     $sql_update = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n                                    set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = " . (int) $lock_current[$this->currentArea->sortField] . "\n                                    where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($lock_under[$this->currentArea->dbPrimaryKey]) . "' " . $sql_add . " limit 1";
                                     $rs_update = mysql_query($sql_update);
                                     if (!$rs_update) {
                                         trigger_error($sql_update . " " . mysql_error());
                                     }
                                     $sql_update = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n                                    set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = " . (int) $lock_under[$this->currentArea->sortField] . "\n                                    where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($lock_current[$this->currentArea->dbPrimaryKey]) . "'  " . $sql_add . " limit 1";
                                     $rs_update = mysql_query($sql_update);
                                     if (!$rs_update) {
                                         trigger_error($sql_update . " " . mysql_error());
                                     }
                                 }
                             }
                         }
                     } else {
                         trigger_error($sql . " Element does not exist");
                     }
                 }
                 echo "document.location = document.location;";
                 if (method_exists($this->currentArea, 'afterSort')) {
                     $this->currentArea->afterSort();
                 }
                 \Db::disconnect();
                 exit;
                 break;
             case 'delete':
                 if ($this->allowDelete($this->currentArea, $_REQUEST['key_id'])) {
                     $this->delete($this->currentArea, $_REQUEST['key_id']);
                     echo "delete_row(" . $_POST['key_id'] . ")";
                 }
                 \Db::disconnect();
                 exit;
                 break;
             case 'insert':
                 $allowInsert = true;
                 $parameters = array();
                 //parameters for main sql for current area table.
                 foreach ($this->currentArea->elements as $key => $element) {
                     $new_error = $element->checkField("i_n_" . $key, "insert", $this->currentArea);
                     if ($new_error != null) {
                         $this->errors[$key] = $new_error;
                     }
                 }
                 if (sizeof($this->errors) == 0) {
                     //allow insert
                     if (method_exists($this->currentArea, 'allowInsert')) {
                         $allowInsert = $this->currentArea->allowInsert($this->currentArea->currentId);
                         if (!$allowInsert) {
                             if (method_exists($this->currentArea, 'lastError')) {
                                 echo "\n              <html>\n                <head>\n                  <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n                </head>\n                <body>\n                  <script type=\"text/javascript\">                  \n                    alert('" . addslashes($this->currentArea->lastError('insert')) . "');\n                  </script>\n                 </body>\n               </html>\n                    ";
                             } else {
                                 echo "\n              <html>\n                <head>\n                  <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n                </head>\n                <body>\n                  <script type=\"text/javascript\">                  \n                    alert('" . addslashes($parametersMod->getValue('developer', 'std_mod', 'admin_translations', 'cant_insert')) . "');\n                  </script>\n                 </body>\n               </html>\n                    \n                    ";
                             }
                             return false;
                         }
                     }
                     //allow insert
                     if (method_exists($this->currentArea, 'beforeInsert')) {
                         $this->currentArea->beforeInsert();
                     }
                     foreach ($this->currentArea->elements as $key => $element) {
                         $new_parameter = $element->getParameters("insert", "i_n_" . $key, $this->currentArea);
                         if ($new_parameter) {
                             $parameters[] = $new_parameter;
                         }
                     }
                     $sql = "insert into `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` set  `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "`= DEFAULT ";
                     $need_comma = true;
                     if ($this->level > 0) {
                         $sql .= ", `" . mysql_real_escape_string($this->currentArea->dbReference) . "` = '" . mysql_real_escape_string($this->upArea->parentId) . "' ";
                         $need_comma = true;
                     }
                     $sortFieldDefined = false;
                     foreach ($parameters as $key => $parameter) {
                         if ($parameter['name'] == $this->currentArea->sortField) {
                             $sortFieldDefined = true;
                         }
                         if ($parameter['value'] === null) {
                             $value = " NULL ";
                         } else {
                             $value = "'" . mysql_real_escape_string($parameter['value']) . "'";
                         }
                         if ($need_comma) {
                             $sql .= ", `" . mysql_real_escape_string($parameter['name']) . "` = " . $value . " ";
                         } else {
                             $sql .= " `" . mysql_real_escape_string($parameter['name']) . "` = " . $value . " ";
                             $need_comma = true;
                         }
                     }
                     if (!$sortFieldDefined) {
                         if ($need_comma) {
                             $sql .= ", `" . mysql_real_escape_string($this->currentArea->sortField) . "` = 0 ";
                         } else {
                             $sql .= " `" . mysql_real_escape_string($this->currentArea->sortField) . "` = 0 ";
                             $need_comma = true;
                         }
                     }
                     $rs = mysql_query($sql);
                     if (!$rs) {
                         trigger_error("Impossible to insert new data " . $sql . " " . mysql_error());
                     } else {
                         $lastInsertId = mysql_insert_id();
                         /* update sort field value */
                         if ($this->currentArea->sortable && $this->currentArea->sortField && $this->currentArea->newRecordPosition == 'top') {
                             /* increase all sort field numbers */
                             $sql = "update `" . mysql_real_escape_string(DB_PREF . "" . $this->currentArea->dbTable) . "` set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = `" . mysql_real_escape_string($this->currentArea->sortField) . "` + 1";
                             $rs = mysql_query($sql);
                             if (!$rs) {
                                 trigger_error("Can't change sort numbers " . $sql . " " . mysql_error());
                             }
                             /* find lowest walue */
                             if ($this->level > 0) {
                                 $sql = "select min(`" . mysql_real_escape_string($this->currentArea->sortField) . "`) as 'min_value' from `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` where `" . mysql_real_escape_string($this->currentArea->dbReference) . "` = '" . mysql_real_escape_string($this->upArea->parentId) . "' and `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` <> " . (int) $lastInsertId . " ";
                             } else {
                                 $sql = "select min(`" . mysql_real_escape_string($this->currentArea->sortField) . "`) as 'min_value' from `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` <> " . (int) $lastInsertId . " ";
                             }
                             $rs = mysql_query($sql);
                             if ($rs) {
                                 if ($lock = mysql_fetch_assoc($rs)) {
                                     /* update inserted record to have the smallest sort field number*/
                                     $sql2 = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = (" . (int) $lock['min_value'] . " - 1) where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($lastInsertId) . "' ";
                                     $rs = mysql_query($sql2);
                                     if (!$rs) {
                                         trigger_error($sql . " " . mysql_error());
                                     }
                                 }
                             } else {
                                 trigger_error("Can't find lowest value " . $sql . " " . mysql_error());
                             }
                         }
                         if ($this->currentArea->sortable && $this->currentArea->sortField && $this->currentArea->newRecordPosition == 'bottom') {
                             /* find biggest walue */
                             if ($this->level > 0) {
                                 $sql = "select max(`" . mysql_real_escape_string($this->currentArea->sortField) . "`) as 'max_value' from `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` where `" . mysql_real_escape_string($this->currentArea->dbReference) . "` = '" . mysql_real_escape_string($this->upArea->parentId) . "' and `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` <> " . (int) $lastInsertId . "";
                             } else {
                                 $sql = "select max(`" . mysql_real_escape_string($this->currentArea->sortField) . "`) as 'max_value' from `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` <> " . (int) $lastInsertId . "";
                             }
                             $rs = mysql_query($sql);
                             if ($rs) {
                                 if ($lock = mysql_fetch_assoc($rs)) {
                                     /* update inserted record to have the smallest sort field number*/
                                     $sql2 = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = (" . (int) $lock['max_value'] . " + 1) where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($lastInsertId) . "' ";
                                     $rs = mysql_query($sql2);
                                     if (!$rs) {
                                         trigger_error($sql . " " . mysql_error());
                                     }
                                 }
                             } else {
                                 trigger_error("Can't find lowest value " . $sql . " " . mysql_error());
                             }
                         }
                         foreach ($this->currentArea->elements as $key => $element) {
                             $new_parameter = $element->processInsert("i_n_" . $key, $lastInsertId, $this->currentArea);
                         }
                         if (method_exists($this->currentArea, 'afterInsert')) {
                             $this->currentArea->afterInsert($lastInsertId);
                             //$this->upArea->afterInsert($lastInsertId);
                         }
                     }
                     $answer = "\n            <html>\n              <head>\n                <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n              </head>\n              <body>\n                <script type=\"text/javascript\">\n                  //parent.window.location.reload(true); throws browser alert to post data again if there was a search before insert.\n                  \n                  //parent.window.location.href = parent.window.location.href; don't work with #xxx\n                                   \n                  var ipUrl = parent.window.location.href.split('#');\n                \n                  parent.window.location = ipUrl[0] + '&anticache=' + Math.floor(Math.random()*1000); //Firefox5 don't reload if the same url.\n                </script>\n              </body></html>\n          ";
                     echo $answer;
                     \Db::disconnect();
                     exit;
                 } else {
                     $answer = "\n          <html>\n            <head>\n              <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n            </head>\n            <body>\n              <script type=\"text/javascript\">\n                var errors = new Array();\n                var new_fields = new Array();\n                ";
                     foreach ($this->errors as $key => $error) {
                         $answer .= "\n                 var error = ['i_n_" . addslashes($key) . "', '" . addslashes($error) . "'];\n                 errors.push(error);\n                 ";
                     }
                     $answer .= "\n            </script>\n            </body></html>\n        ";
                     echo $answer;
                     \Db::disconnect();
                     exit;
                 }
                 break;
             case 'update':
                 $parameters = array();
                 //parameters for main sql for current area table.
                 foreach ($this->currentArea->elements as $key => $element) {
                     $new_error = $element->checkField("i_n_" . $key, "update", $this->currentArea);
                     if ($new_error != null) {
                         $this->errors[$key] = $new_error;
                     }
                 }
                 if (sizeof($this->errors) == 0) {
                     if (method_exists($this->currentArea, 'allowUpdate')) {
                         $allowUpdate = $this->currentArea->allowUpdate($this->currentArea->currentId);
                         if (!$allowUpdate) {
                             if (method_exists($this->currentArea, 'lastError')) {
                                 echo "\n            <html>\n              <head>\n                <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n              </head>\n              <body>\n                <script type=\"text/javascript\">                  \n                  alert('" . addslashes($this->currentArea->lastError('update')) . "');\n                </script>\n               </body>\n             </html>\n                  ";
                             } else {
                                 echo "\n            <html>\n              <head>\n                <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n              </head>\n              <body>\n                <script type=\"text/javascript\">                  \n                  alert('" . addslashes($parametersMod->getValue('developer', 'std_mod', 'admin_translations', 'cant_update')) . "');\n                </script>\n               </body>\n             </html>\n                  \n                  ";
                             }
                             return false;
                         }
                     }
                     if (method_exists($this->currentArea, 'beforeUpdate')) {
                         $this->currentArea->beforeUpdate($this->currentArea->currentId);
                     }
                     foreach ($this->currentArea->elements as $key => $element) {
                         $new_parameter = $element->getParameters("update", "i_n_" . $key, $this->currentArea);
                         if ($new_parameter) {
                             $parameters[] = $new_parameter;
                         }
                     }
                     $main_update = false;
                     if (sizeof($parameters) > 0) {
                         $sql = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` set ";
                         $need_comma = false;
                         foreach ($parameters as $key => $parameter) {
                             if ($parameter['value'] === null) {
                                 $value = " NULL ";
                             } else {
                                 $value = "'" . mysql_real_escape_string($parameter['value']) . "'";
                             }
                             if ($need_comma) {
                                 $sql .= ", `" . mysql_real_escape_string($parameter['name']) . "` = " . $value . " ";
                             } else {
                                 $sql .= " `" . mysql_real_escape_string($parameter['name']) . "` = " . $value . " ";
                                 $need_comma = true;
                             }
                         }
                         $sql .= " where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($this->currentArea->currentId) . "' ";
                         $rs = mysql_query($sql);
                         if (!$rs) {
                             trigger_error("Impossible to update " . $sql);
                         } else {
                             $main_update = true;
                         }
                     } else {
                         $main_update = true;
                     }
                     if ($main_update) {
                         foreach ($this->currentArea->elements as $key => $element) {
                             $new_parameter = $element->processUpdate("i_n_" . $key, $this->currentArea->currentId, $this->currentArea);
                         }
                     }
                     if (method_exists($this->currentArea, 'afterUpdate')) {
                         $this->currentArea->afterUpdate($this->currentArea->currentId);
                     }
                     $answer = "\n              <html>\n              <head>\n                <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n              </head>\n              <body>\n                <script type=\"text/javascript\">\n                //parent.window.location.reload(true);\n                //parent.window.location.href = parent.window.location.href;\n                //parent.window.location.href = '" . str_replace('&amp;', '&', $this->generateUrlBack()) . "';\n                parent.window.location.href = '" . str_replace('&amp;', '&', $_POST['back_url']) . "';\n                </script>\n              </body></html>\n            ";
                     echo $answer;
                     \Db::disconnect();
                     exit;
                 } else {
                     $answer = "\n               <html>\n               <head>\n                 <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n               </head>\n               <body>\n                 <script type=\"text/javascript\">\n                   var errors = new Array();\n                   var new_fields = new Array();\n                   ";
                     foreach ($this->errors as $key => $error) {
                         $answer .= "\n                  var error = ['i_n_" . addslashes($key) . "', '" . addslashes($error) . "'];\n                  errors.push(error);\n                  ";
                     }
                     $answer .= "\n               </script>\n               </body></html>\n              ";
                     echo $answer;
                     \Db::disconnect();
                     exit;
                 }
                 break;
         }
     }
 }