Exemplo n.º 1
0
 protected function initialize()
 {
     if (BUILD_DATABASE === TRUE) {
         $sql_filepath = 'assets/plugins/' . strtolower($this->page_type) . '/assets/sql/build_plugin_tables.sql';
         // If custom DB tables are required for the plugin, build them here
         if (file_exists($sql_filepath) and is_readable($sql_filepath)) {
             $sql = Utilities::load_file($sql_filepath);
             try {
                 $this->db->query($sql);
             } catch (Exception $e) {
                 ECMS_Error::log_exception($e);
             }
         }
     }
     // Add custom actions for the plugin or allow overwrite of core actions
     $this->access_points = array_merge($this->access_points, $this->register_custom_actions());
 }
Exemplo n.º 2
0
 private function _get_popular_categories($page_slug)
 {
     $category_array = array();
     try {
         $sql = "SELECT `tags`\n                    FROM `" . DB_NAME . "`.`" . DB_PREFIX . "entries`\n                        WHERE `page_id`=(\n                            SELECT `page_id`\n                            FROM `" . DB_NAME . "`.`" . DB_PREFIX . "pages`\n                                WHERE `page_slug`=:page_slug\n                                LIMIT 0, 1\n                        )";
         $stmt = DB_Connect::create()->db->prepare($sql);
         $stmt->bindParam(':page_slug', $page_slug, PDO::PARAM_STR);
         $stmt->execute();
         $categories_array = $stmt->fetchAll(PDO::FETCH_OBJ);
         foreach ($categories_array as $categories) {
             $temp_array = explode(',', strtolower($categories->tags));
             foreach ($temp_array as $category) {
                 if (empty($category)) {
                     continue;
                 }
                 $c = str_replace(' ', '-', trim($category));
                 if (array_key_exists($c, $category_array)) {
                     $category_array[$c] += 1;
                 } else {
                     $category_array[$c] = 1;
                 }
             }
         }
         $stmt->closeCursor();
     } catch (Exception $e) {
         ECMS_Error::log_exception($e);
     }
     arsort($category_array);
     return $category_array;
 }
Exemplo n.º 3
0
<?php

// Make sure the form submission is valid
if (Form::is_form_submission_valid() === TRUE) {
    echo Form::handle_form_submission();
    exit;
} else {
    // Throw an exception and die
    ECMS_Error::log_exception(new Exception("An unknown error has occurred.\n"));
}
Exemplo n.º 4
0
 /**
  * Checks if a directory exists, then creates it if it doesn't
  *
  * @return void
  */
 private function checkDir()
 {
     $dir = $this->thumb === TRUE ? $this->dir . 'thumbs/' : $this->dir;
     $dir = $this->preview === TRUE ? $this->dir . 'preview/' : $dir;
     if (!is_dir($dir) && strlen($dir) > 0) {
         if (!mkdir($dir, 0755, TRUE)) {
             ECMS_Error::log_exception(new Exception("'{$dir}' could not be created.<br />"));
         } else {
             return TRUE;
         }
     } else {
         return TRUE;
     }
 }
Exemplo n.º 5
0
 /**
  * Loads a file or an array of files into memory after parsing PHP inside
  *
  * @param mixed $filepath   A file path or array of file paths
  * @param array $var_arr    An array of variables to be passed to files
  * @return string
  */
 public static function load_file($filepath, $var_arr = array())
 {
     // Start an output buffer
     ob_start();
     // Check if an array of file paths was supplied
     if (is_array($filepath)) {
         // Loop through each path
         foreach ($filepath as $file) {
             // If variables for the file exist, extract and define them
             if (array_key_exists($file, $var_arr)) {
                 foreach ($var_arr[$file] as $key => $val) {
                     ${$key} = $val;
                 }
             }
             // Make sure the file exists, then load it
             if (file_exists($file)) {
                 require_once $file;
             } else {
                 ECMS_Error::log_exception(new Exception("Failed to load {$file}"));
             }
         }
     } else {
         // Check if variables were supplied for the file
         if (count($var_arr >= 1)) {
             foreach ($var_arr as $key => $val) {
                 ${$key} = $val;
             }
         }
         // Make sure the file exists, then load it
         if (file_exists($filepath)) {
             require_once $filepath;
         } else {
             ECMS_Error::log_exception(new Exception("Failed to load {$filepath}"));
         }
     }
     // Return the buffer contents
     return ob_get_clean();
 }
Exemplo n.º 6
0
 /**
  * Creates the database tables necessary for the CMS to function
  *
  * @param array $menuPages  The menu configuration array
  * @return void
  */
 public static function build_database()
 {
     // Loads necessary MySQL to build and populate the database
     $file_array = array();
     $var_arr = array();
     $file_array[] = CMS_PATH . 'core/resources/sql/build_database.sql';
     $file_array[] = CMS_PATH . 'core/resources/sql/build_table_pages.sql';
     $file_array[] = CMS_PATH . 'core/resources/sql/build_table_entries.sql';
     $file_array[] = CMS_PATH . 'core/resources/sql/build_table_categories.sql';
     $file_array[] = CMS_PATH . 'core/resources/sql/build_table_entry_categories.sql';
     $file_array[] = CMS_PATH . 'core/resources/sql/build_table_featured.sql';
     $file_array[] = CMS_PATH . 'core/resources/sql/build_table_users.sql';
     $file_array[] = CMS_PATH . 'core/resources/sql/build_table_comments.sql';
     // If an admin is initializing the ECMS, create his or her account
     if (DEV_PASS !== '') {
         $filepath = CMS_PATH . 'core/resources/sql/insert_users_entry.sql';
         // Create a salted hash of the password
         $password_hash = AdminUtilities::createSaltedHash(DEV_PASS);
         // Assign variables needed to properly parse the file
         $var_arr = array($filepath => array('display' => DEV_DISPLAY_NAME, 'username' => DEV_USER_NAME, 'email' => DEV_EMAIL, 'vcode' => sha1(uniqid(time(), TRUE)), 'clearance' => DEV_CLEARANCE, 'password' => $password_hash));
         // Add the file to the array
         $file_array[] = $filepath;
     }
     // Load the files
     $sql = Utilities::load_file($file_array, $var_arr);
     // Execute the loaded queries
     try {
         $dsn = "mysql:host=" . DB_HOST . ";dbname=" . DB_NAME;
         $db = new PDO($dsn, DB_USER, DB_PASS);
         $db->query($sql);
     } catch (Exception $e) {
         ECMS_Error::log_exception($e);
     }
 }
Exemplo n.º 7
0
 private function _get_error_message()
 {
     $error_codes = array('0000' => NULL, '0001' => 'The username you entered is not valid.', '0002' => 'The display name you entered is not valid.', '0003' => 'Your password needs to be at least 8 characters.', '0004' => 'The passwords you entered don\'t match.', '0005' => 'This account has already been verified.');
     if (array_key_exists($this->_sdata->error, $error_codes)) {
         return $error_codes[$this->_sdata->error];
     } else {
         ECMS_Error::log_exception(new Exception('Unknown comment error occurred using error code "' . $this->_error_code . '".'), FALSE);
         return 'An unknown error occurred.';
     }
 }
Exemplo n.º 8
0
 protected function admin_comment_options($bid, $cid, $email)
 {
     $form_action = FORM_ACTION;
     if ($this->isLoggedIn()) {
         try {
             $config = array('legend' => '', 'class' => 'admin-delete');
             $form = new Form($config);
             $form->action = "comment_delete";
             $form->input_arr = array(array('name' => 'bid', 'type' => 'hidden', 'value' => $bid), array('name' => 'cmntid', 'type' => 'hidden', 'value' => $cid), array('name' => 'delete-submit', 'type' => 'submit', 'value' => 'delete'));
             return $form;
         } catch (Exception $e) {
             ECMS_Error::log_exception($e);
         }
     } else {
         return '';
     }
 }
Exemplo n.º 9
0
 public function update_menu()
 {
     // Clean up the posted data
     foreach ($_POST as $key => $val) {
         //            if( $key==='page_slug' && SIV::validate($val, SIV::SLUG) )
         //            {
         //                $$key = $val;
         //            }
         //            else
         //            {
         //TODO Add error handling and send back to form
         //            }
         ${$key} = SIV::clean_output($val, FALSE, FALSE);
     }
     $sql = 'INSERT INTO `' . DB_NAME . '`.`' . DB_PREFIX . 'pages`
             (
                 `page_id`, `page_name`, `page_slug`, `type`, `menu_order`,
                 `show_full`, `hide_in_menu`, `parent_id`, `extra`
             )
             VALUES
             (
                 :page_id, :page_name, :page_slug, :type, :menu_order,
                 :show_full, :hide_in_menu, :parent_id, :extra
             )
             ON DUPLICATE KEY UPDATE
                 `page_name`=:page_name, `page_slug`=:page_slug,
                 `type`=:type, `menu_order`=:menu_order,
                 `show_full`=:show_full, `hide_in_menu`=:hide_in_menu,
                 `parent_id`=:parent_id, `extra`=:extra';
     try {
         $stmt = $this->db->prepare($sql);
         $stmt->bindParam(":page_id", $page_id, PDO::PARAM_INT);
         $stmt->bindParam(":page_name", $page_name, PDO::PARAM_STR);
         $stmt->bindParam(":page_slug", $page_slug, PDO::PARAM_STR);
         $stmt->bindParam(":type", $type, PDO::PARAM_STR);
         $stmt->bindParam(":menu_order", $menu_order, PDO::PARAM_INT);
         $stmt->bindParam(":show_full", $show_full, PDO::PARAM_INT);
         $stmt->bindParam(":hide_in_menu", $hide_in_menu, PDO::PARAM_INT);
         $stmt->bindParam(":parent_id", $parent_id, PDO::PARAM_INT);
         $stmt->bindParam(":extra", $extra, PDO::PARAM_STR);
         $stmt->execute();
         $result = $stmt->errorCode() === '00000';
         $stmt->closeCursor();
         return $result;
     } catch (Exception $e) {
         ECMS_Error::log_exception($e);
     }
 }
Exemplo n.º 10
0
 private static function _handle_response($return, $object)
 {
     // If this is an AJAX call, echo the output
     if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) || isset($_GET['action'])) {
         return $return;
     } else {
         // If the method succeeded and isn't AJAX, it should return TRUE
         if ($return === TRUE) {
             // If a same-domain referrer is available, use it
             if (isset($_SERVER['HTTP_REFERER'])) {
                 $loc = $_SERVER['HTTP_REFERER'];
             } else {
                 if (property_exists($object, 'url0')) {
                     $loc = '/' . $object->url0;
                 } else {
                     $loc = '/';
                 }
             }
             header("Location: {$loc}");
             exit;
         } else {
             ECMS_Error::log_exception(new Exception("Action failed."));
         }
     }
 }
Exemplo n.º 11
0
 public function update_notification_settings()
 {
     // Make sure the user clicked the update button, not the cancel button
     if (array_key_exists('comment-notification-submit', $_POST)) {
         // Grab the entries for which the user still wants notifications
         if (array_key_exists('entries', $_POST) && is_array($_POST['entries'])) {
             foreach ($_POST['entries'] as $entry_id) {
                 if (!isset($where_clause)) {
                     $where_clause = ' `entry_id`<>' . (int) $entry_id;
                 } else {
                     $where_clause .= ' OR `entry_id`<>' . (int) $entry_id;
                 }
             }
         } else {
             $where_clause = 1;
         }
         // Extract the email and validate it
         $decoded_email = Utilities::hextostr($_POST['email']);
         if (SIV::validate($decoded_email, SIV::EMAIL)) {
             $email = $decoded_email;
         } else {
             ECMS_Error::log_exception(new Exception("Invalid email!"));
         }
         // Build the SQL query
         $sql = "UPDATE `" . DB_NAME . "`.`" . DB_PREFIX . "comments`\n                    SET `subscribed`=0\n                    WHERE email = :email\n                    AND ( {$where_clause} )";
         try {
             $stmt = $this->db->prepare($sql);
             $stmt->bindParam(":email", $email, PDO::PARAM_STR);
             $stmt->execute();
             $stmt->closeCursor();
             return TRUE;
         } catch (Exception $e) {
             ECMS_Error::log_exception($e);
         }
     } else {
         header('Location: ' . SITE_URL);
         exit;
     }
 }
Exemplo n.º 12
0
 public static function displaySearchBox($legend = "Search the Site")
 {
     try {
         // Create a new form object and set submission properties
         $form = new Form();
         $form->legend = $legend;
         $form->form_id = 'search-form';
         // Set up hidden form values
         $form->page = 'search';
         $form->action = 'entry-search';
         // Set up input information
         $form->input_arr = array(array('name' => 'search_string', 'id' => 'search-string', 'label' => 'Search Text', 'class' => 'input-text'), array('type' => 'submit', 'name' => 'search-submit', 'value' => 'Search', 'class' => 'input-submit'));
         return $form;
     } catch (Exception $e) {
         ECMS_Error::log_exception($e);
     }
 }