/**
* Logic to save an item
*
* @access public
* @return void
* @since 1.0
*/
function save()
{
// Check for request forgeries
JRequest::checkToken() or jexit('Invalid Token');
//echo '<html> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <body>';
// Initialize variables
$app = JFactory::getApplication();
$db = JFactory::getDBO();
$user = JFactory::getUser();
$config = JFactory::getConfig();
$session = JFactory::getSession();
$task = JRequest::getVar('task');
$ctrl_task = 'task=items.';
// *********************
// Get data from request
// *********************
// Retrieve form data these are subject to basic filtering
$data = JRequest::getVar('jform', array(), 'post', 'array');
// Core Fields and and item Parameters
$custom = JRequest::getVar('custom', array(), 'post', 'array');
// Custom Fields
$jfdata = JRequest::getVar('jfdata', array(), 'post', 'array');
// Joomfish Data
// Set into model: id (needed for loading correct item), and type id (e.g. needed for getting correct type parameters for new items)
$data_id = (int) $data['id'];
$isnew = $data_id == 0;
// If new make sure that type id is set too, before creating the model
if ($isnew) {
$typeid = JRequest::setvar('typeid', (int) @$data['type_id']);
}
// Get the model
$model = $this->getModel('item');
$model->setId($data_id);
// Make sure id is correct
// Get some flags this will also trigger item loading if not already loaded
$isOwner = $model->get('created_by') == $user->get('id');
// Get merged parameters: component, type, menu (FE)
$params = new JRegistry();
$model_params = $model->getComponentTypeParams();
$params->merge($model_params);
// Unique id for new items, needed by some fields for temporary data
$unique_tmp_itemid = JRequest::getVar('unique_tmp_itemid');
// Auto title for some content types
if ($params->get('auto_title', 0)) {
$data['title'] = (int) $data['id'];
}
// item id or ZERO for new items
// *************************************
// ENFORCE can change category ACL perms
// *************************************
$perms = FlexicontentHelperPerm::getPerm();
// Per content type change category permissions
$current_type_id = $isnew || !$model->get('type_id') ? (int) @$data['type_id'] : $model->get('type_id');
// GET current (existing/old) item TYPE ID
$CanChangeFeatCat = $user->authorise('flexicontent.change.cat.feat', 'com_flexicontent.type.' . $current_type_id);
$CanChangeSecCat = $user->authorise('flexicontent.change.cat.sec', 'com_flexicontent.type.' . $current_type_id);
$CanChangeCat = $user->authorise('flexicontent.change.cat', 'com_flexicontent.type.' . $current_type_id);
$AutoApproveChanges = $perms->AutoApproveChanges;
$enable_featured_cid_selector = $perms->MultiCat && $CanChangeFeatCat;
$enable_cid_selector = $perms->MultiCat && $CanChangeSecCat;
$enable_catid_selector = $isnew && !$params->get('catid_default') || !$isnew && !$model->get('catid') || $CanChangeCat;
// Enforce maintaining featured categories
$featured_cats_parent = $params->get('featured_cats_parent', 0);
$featured_cats = array();
if ($featured_cats_parent && !$enable_featured_cid_selector) {
$featured_tree = flexicontent_cats::getCategoriesTree($published_only = 1, $parent_id = $featured_cats_parent, $depth_limit = 0);
$disabled_cats = $params->get('featured_cats_parent_disable', 1) ? array($featured_cats_parent) : array();
$featured_cid = array();
if (!$isnew) {
foreach ($model->get('categories') as $item_cat) {
if (isset($featured_tree[$item_cat]) && !isset($disabled_cats[$item_cat])) {
$featured_cid[] = $item_cat;
}
}
}
$data['featured_cid'] = $featured_cid;
}
// Enforce maintaining secondary categories
if (!$enable_cid_selector) {
if ($isnew) {
$data['cid'] = $params->get('cid_default');
} else {
if (isset($featured_cid)) {
$featured_cid_arr = array_flip($featured_cid);
$sec_cid = array();
foreach ($model->get('cats') as $item_cat) {
if (!isset($featured_cid_arr[$item_cat])) {
$sec_cid[] = $item_cat;
}
}
$data['cid'] = $sec_cid;
} else {
$data['cid'] = $model->get('cats');
}
}
}
if (!$enable_catid_selector) {
if ($isnew && $params->get('catid_default')) {
$data['catid'] = $params->get('catid_default');
} else {
if ($model->get('catid')) {
$data['catid'] = $model->get('catid');
}
}
}
// **************************
// Basic Form data validation
// **************************
// Get the JForm object, but do not pass any data we only want the form object,
// in order to validate the data and not create a filled-in form
$form = $model->getForm();
// Validate Form data for core fields and for parameters
$post = $model->validate($form, $data);
// Check for validation error
if (!$post) {
// Get the validation messages and push up to three validation messages out to the user
$errors = $form->getErrors();
for ($i = 0, $n = count($errors); $i < $n && $i < 3; $i++) {
$app->enqueueMessage($errors[$i] instanceof Exception ? $errors[$i]->getMessage() : $errors[$i], 'error');
}
// Set POST form date into the session, so that they get reloaded
$app->setUserState($form->option . '.edit.' . $form->context . '.data', $data);
// Save the jform data in the session
$app->setUserState($form->option . '.edit.' . $form->context . '.custom', $custom);
// Save the custom fields data in the session
$app->setUserState($form->option . '.edit.' . $form->context . '.jfdata', $jfdata);
// Save the falang translations into the session
$app->setUserState($form->option . '.edit.' . $form->context . '.unique_tmp_itemid', $unique_tmp_itemid);
// Save temporary unique item id into the session
// Redirect back to the item form
$this->setRedirect($_SERVER['HTTP_REFERER']);
if (JRequest::getVar('fc_doajax_submit')) {
echo flexicontent_html::get_system_messages_html();
exit;
// Ajax submit, do not rerender the view
}
return false;
//die('error');
}
// Some values need to be assigned after validation
$post['attribs'] = @$data['attribs'];
// Workaround for item's template parameters being clear by validation since they are not present in item.xml
$post['custom'] =& $custom;
// Assign array of custom field values, they are in the 'custom' form array instead of jform
$post['jfdata'] =& $jfdata;
// Assign array of Joomfish field values, they are in the 'jfdata' form array instead of jform
// Assign template parameters of the select ilayout as an sub-array (the DB model will handle the merging of parameters)
$ilayout = $data['attribs']['ilayout'];
if (!empty($data['layouts'][$ilayout])) {
//echo "<pre>"; print_r($post['attribs']);
//$post['attribs'] = array_merge($post['attribs'], $data['layouts'][$ilayout]);
$post['attribs']['layouts'] = $data['layouts'];
//echo "<pre>"; print_r($post['attribs']); exit;
}
// USEFULL FOR DEBUGING for J2.5 (do not remove commented code)
//$diff_arr = array_diff_assoc ( $data, $post);
//echo "<pre>"; print_r($diff_arr); jexit();
// Make sure Content ID in the REQUEST is set, this is needed in BACKEND, needed in some cases
// NOTE this is not the same as jform['cid'] which is the category IDs of the Content Item
JRequest::setVar('cid', array($model->getId()), 'post', 'array');
// ********************************************************************************
// PERFORM ACCESS CHECKS, NOTE: we need to check access again, despite having
// checked them on edit form load, because user may have tampered with the form ...
// ********************************************************************************
$itemAccess = $model->getItemAccess();
$canAdd = $itemAccess->get('access-create');
// includes check of creating in at least one category
$canEdit = $itemAccess->get('access-edit');
// includes privileges edit and edit-own
$type_id = (int) @$post['type_id'];
// Typecast to int, (already done for J2.5 via validating)
if (!$isnew && $model->get('type_id') == $type_id) {
// Existing item with Type not being ALTERED, content type can be maintained regardless of privilege
$canCreateType = true;
} else {
// New item or existing item with Type is being ALTERED, check privilege to create items of this type
$canCreateType = $model->canCreateType(array($type_id), true, $types);
}
// *****************************************************************
// Calculate user's CREATE / EDIT privileges on current content item
// *****************************************************************
$hasCoupon = false;
// Normally used in frontend only
if (!$isnew) {
// If no edit privilege, check if item is editable till logoff
if (!$canEdit) {
if ($session->has('rendered_uneditable', 'flexicontent')) {
$rendered_uneditable = $session->get('rendered_uneditable', array(), 'flexicontent');
$canEdit = isset($rendered_uneditable[$model->get('id')]) && $rendered_uneditable[$model->get('id')];
$hasCoupon = isset($rendered_uneditable[$model->get('id')]) && $rendered_uneditable[$model->get('id')] == 2;
// editable via coupon
}
}
} else {
// No special CREATE allowing case for backend
}
// New item: check if user can create in at least one category
if ($isnew && !$canAdd) {
JError::raiseWarning(403, JText::_('FLEXI_NO_ACCESS_CREATE'));
$this->setRedirect($_SERVER['HTTP_REFERER']);
if (JRequest::getVar('fc_doajax_submit')) {
echo flexicontent_html::get_system_messages_html();
exit;
// Ajax submit, do not rerender the view
}
return;
}
// Existing item: Check if user can edit current item
if (!$isnew && !$canEdit) {
JError::raiseWarning(403, JText::_('FLEXI_NO_ACCESS_EDIT'));
$this->setRedirect($_SERVER['HTTP_REFERER']);
if (JRequest::getVar('fc_doajax_submit')) {
echo flexicontent_html::get_system_messages_html();
exit;
// Ajax submit, do not rerender the view
}
return;
}
if (!$canCreateType) {
$msg = isset($types[$type_id]) ? JText::sprintf('FLEXI_NO_ACCESS_CREATE_CONTENT_OF_TYPE', JText::_($types[$type_id]->name)) : ' Content Type ' . $type_id . ' was not found OR is not published';
JError::raiseWarning(403, $msg);
$this->setRedirect($_SERVER['HTTP_REFERER']);
if (JRequest::getVar('fc_doajax_submit')) {
echo flexicontent_html::get_system_messages_html();
exit;
// Ajax submit, do not rerender the view
}
return;
}
// Get "BEFORE SAVE" categories for information mail
$before_cats = array();
if (!$isnew) {
$query = 'SELECT DISTINCT c.id, c.title FROM #__categories AS c' . ' JOIN #__flexicontent_cats_item_relations AS rel ON rel.catid = c.id' . ' WHERE rel.itemid = ' . (int) $model->get('id');
$db->setQuery($query);
$before_cats = $db->loadObjectList('id');
$before_maincat = $model->get('catid');
$original_item = $model->getItem($post['id'], $check_view_access = false, $no_cache = true, $force_version = 0);
}
// ****************************************
// Try to store the form data into the item
// ****************************************
if (!$model->store($post)) {
// Set error message about saving failed, and also the reason (=model's error message)
$msg = JText::_('FLEXI_ERROR_STORING_ITEM');
JError::raiseWarning(500, $msg . ": " . $model->getError());
// Set POST form date into the session, so that they get reloaded
$app->setUserState($form->option . '.edit.' . $form->context . '.data', $data);
// Save the jform data in the session
$app->setUserState($form->option . '.edit.' . $form->context . '.custom', $custom);
// Save the custom fields data in the session
$app->setUserState($form->option . '.edit.' . $form->context . '.jfdata', $jfdata);
// Save the falang translations into the session
$app->setUserState($form->option . '.edit.' . $form->context . '.unique_tmp_itemid', $unique_tmp_itemid);
// Save temporary unique item id into the session
// Saving has failed check-in and redirect back to the item form,
// redirect back to the item form reloading the posted data
$model->checkin();
$this->setRedirect($_SERVER['HTTP_REFERER']);
if (JRequest::getVar('fc_doajax_submit')) {
echo flexicontent_html::get_system_messages_html();
exit;
// Ajax submit, do not rerender the view
}
return;
//die('save error');
}
// **************************************************
// Check in model and get item id in case of new item
// **************************************************
$model->checkin();
$post['id'] = $isnew ? (int) $model->get('id') : $post['id'];
// Get items marked as newly submitted
$newly_submitted = $session->get('newly_submitted', array(), 'flexicontent');
if ($isnew) {
// Mark item as newly submitted, to allow to a proper "THANKS" message after final save & close operation (since user may have clicked add instead of add & close)
$newly_submitted[$model->get('id')] = 1;
$session->set('newly_submitted', $newly_submitted, 'flexicontent');
}
$newly_submitted_item = @$newly_submitted[$model->get('id')];
// ***********************************************************************************************************
// Get newly saved -latest- version (store task gets latest) of the item, and also calculate publish privelege
// ***********************************************************************************************************
$item = $model->getItem($post['id'], $check_view_access = false, $no_cache = true, $force_version = -1);
$canPublish = $model->canEditState($item, $check_cat_perm = true) || $hasCoupon;
// ********************************************************************************************
// Use session to detect multiple item saves to avoid sending notification EMAIL multiple times
// ********************************************************************************************
$is_first_save = true;
if ($session->has('saved_fcitems', 'flexicontent')) {
$saved_fcitems = $session->get('saved_fcitems', array(), 'flexicontent');
$is_first_save = $isnew ? true : !isset($saved_fcitems[$model->get('id')]);
}
// Add item to saved items of the corresponding session array
$saved_fcitems[$model->get('id')] = $timestamp = time();
// Current time as seconds since Unix epoc;
$session->set('saved_fcitems', $saved_fcitems, 'flexicontent');
// ********************************************
// Get categories added / removed from the item
// ********************************************
$query = 'SELECT DISTINCT c.id, c.title FROM #__categories AS c' . ' JOIN #__flexicontent_cats_item_relations AS rel ON rel.catid = c.id' . ' WHERE rel.itemid = ' . (int) $model->get('id');
$db->setQuery($query);
$after_cats = $db->loadObjectList('id');
if (!$isnew) {
$cats_added_ids = array_diff(array_keys($after_cats), array_keys($before_cats));
foreach ($cats_added_ids as $cats_added_id) {
$cats_added_titles[] = $after_cats[$cats_added_id]->title;
}
$cats_removed_ids = array_diff(array_keys($before_cats), array_keys($after_cats));
foreach ($cats_removed_ids as $cats_removed_id) {
$cats_removed_titles[] = $before_cats[$cats_removed_id]->title;
}
$cats_altered = count($cats_added_ids) + count($cats_removed_ids);
$after_maincat = $model->get('catid');
}
// *******************************************************************************************************************
// We need to get emails to notify, from Global/item's Content Type parameters -AND- from item's categories parameters
// *******************************************************************************************************************
$notify_emails = array();
if ($is_first_save || $cats_altered || $params->get('nf_enable_debug', 0)) {
// Get needed flags regarding the saved items
$approve_version = 2;
$pending_approval_state = -3;
$draft_state = -4;
$current_version = FLEXIUtilities::getCurrentVersions($item->id, true);
// Get current item version
$last_version = FLEXIUtilities::getLastVersions($item->id, true);
// Get last version (=latest one saved, highest version id),
// $post variables vstate & state may have been (a) tampered in the form, and/or (b) altered by save procedure so better not use them
$needs_version_reviewal = !$isnew && $last_version > $current_version && !$canPublish && !$AutoApproveChanges;
$needs_publication_approval = $isnew && $item->state == $pending_approval_state && !$canPublish;
$draft_from_non_publisher = $item->state == $draft_state && !$canPublish;
if ($draft_from_non_publisher) {
// Suppress notifications for draft-state items (new or existing ones), for these each author will publication approval manually via a button
$nConf = false;
} else {
// Get notifications configuration and select appropriate emails for current saving case
$nConf = $model->getNotificationsConf($params);
//echo "<pre>"; print_r($nConf); "</pre>";
}
if ($nConf) {
$states_notify_new = $params->get('states_notify_new', array(1, 0, FLEXI_J16GE ? 2 : -1, -3, -4, -5));
if (empty($states_notify_new)) {
$states_notify_new = array();
} else {
if (!is_array($states_notify_new)) {
$states_notify_new = !FLEXI_J16GE ? array($states_notify_new) : explode("|", $states_notify_new);
}
}
$states_notify_existing = $params->get('states_notify_existing', array(1, 0, FLEXI_J16GE ? 2 : -1, -3, -4, -5));
if (empty($states_notify_existing)) {
$states_notify_existing = array();
} else {
if (!is_array($states_notify_existing)) {
$states_notify_existing = !FLEXI_J16GE ? array($states_notify_existing) : explode("|", $states_notify_existing);
}
}
$n_state_ok = in_array($item->state, $states_notify_new);
$e_state_ok = in_array($item->state, $states_notify_existing);
if ($needs_publication_approval) {
$notify_emails = $nConf->emails->notify_new_pending;
} else {
if ($isnew && $n_state_ok) {
$notify_emails = $nConf->emails->notify_new;
} else {
if ($isnew) {
$notify_emails = array();
} else {
if ($needs_version_reviewal) {
$notify_emails = $nConf->emails->notify_existing_reviewal;
} else {
if (!$isnew && $e_state_ok) {
$notify_emails = $nConf->emails->notify_existing;
} else {
if (!$isnew) {
$notify_emails = array();
}
}
}
}
}
}
if ($needs_publication_approval) {
$notify_text = $params->get('text_notify_new_pending');
} else {
if ($isnew) {
$notify_text = $params->get('text_notify_new');
} else {
if ($needs_version_reviewal) {
$notify_text = $params->get('text_notify_existing_reviewal');
} else {
if (!$isnew) {
$notify_text = $params->get('text_notify_existing');
}
}
}
}
//print_r($notify_emails); jexit();
}
}
// *********************************************************************************************************************
// If there are emails to notify for current saving case, then send the notifications emails, but
// *********************************************************************************************************************
if (!empty($notify_emails) && count($notify_emails)) {
$notify_vars = new stdClass();
$notify_vars->needs_version_reviewal = $needs_version_reviewal;
$notify_vars->needs_publication_approval = $needs_publication_approval;
$notify_vars->isnew = $isnew;
$notify_vars->notify_emails = $notify_emails;
$notify_vars->notify_text = $notify_text;
$notify_vars->before_cats = $before_cats;
$notify_vars->after_cats = $after_cats;
$notify_vars->original_item = @$original_item;
$model->sendNotificationEmails($notify_vars, $params, $manual_approval_request = 0);
}
// ***************************************************
// CLEAN THE CACHE so that our changes appear realtime
// ***************************************************
$cache = FLEXIUtilities::getCache($group = '', 0);
$cache->clean('com_flexicontent_items');
$cache->clean('com_flexicontent_filters');
$cache = FLEXIUtilities::getCache($group = '', 1);
$cache->clean('com_flexicontent_items');
$cache->clean('com_flexicontent_filters');
// ****************************************************************************************************************************
// Recalculate EDIT PRIVILEGE of new item. Reason for needing to do this is because we can have create permission in a category
// and thus being able to set this category as item's main category, but then have no edit/editown permission for this category
// ****************************************************************************************************************************
$asset = 'com_content.article.' . $model->get('id');
$canEdit = $user->authorise('core.edit', $asset) || $user->authorise('core.edit.own', $asset) && $isOwner;
// ALTERNATIVE 1
//$canEdit = $model->getItemAccess()->get('access-edit'); // includes privileges edit and edit-own
// ALTERNATIVE 2
//$rights = FlexicontentHelperPerm::checkAllItemAccess($user->get('id'), 'item', $model->get('id'));
//$canEdit = in_array('edit', $rights) || (in_array('edit.own', $rights) && $isOwner) ;
// *******************************************************************************************************
// Check if user can not edit item further (due to changed main category, without edit/editown permission)
// *******************************************************************************************************
if (!$canEdit) {
if ($task == 'apply' || $task == 'apply_type') {
// APPLY TASK: Temporarily set item to be editable till closing it and not through all session
// (we will/should clear this flag when item is closed, since we have another flag to indicate new items
$rendered_uneditable = $session->get('rendered_uneditable', array(), 'flexicontent');
$rendered_uneditable[$model->get('id')] = -1;
$session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent');
$canEdit = 1;
} else {
if ($newly_submitted_item) {
// NEW ITEM: Do not use editable till logoff behaviour
// ALSO: Clear editable FLAG set in the case that 'apply' button was used during new item creation
if (!$params->get('items_session_editable', 0)) {
$rendered_uneditable = $session->get('rendered_uneditable', array(), 'flexicontent');
if (isset($rendered_uneditable[$model->get('id')])) {
unset($rendered_uneditable[$model->get('id')]);
$session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent');
}
}
} else {
// EXISTING ITEM: (if enabled) Use the editable till logoff behaviour
if ($params->get('items_session_editable', 0)) {
// Set notice for existing item being editable till logoff
JError::raiseNotice(403, JText::_('FLEXI_CANNOT_EDIT_AFTER_LOGOFF'));
// Allow item to be editable till logoff
$rendered_uneditable = $session->get('rendered_uneditable', array(), 'flexicontent');
$rendered_uneditable[$model->get('id')] = 1;
$session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent');
$canEdit = 1;
}
}
}
// Set notice about saving an item that cannot be changed further
if (!$canEdit) {
$app->enqueueMessage(JText::_('FLEXI_CANNOT_MAKE_FURTHER_CHANGES_TO_CONTENT'), 'message');
}
}
// ****************************************************************
// Check for new Content Item is being closed, and clear some flags
// ****************************************************************
if ($task != 'apply' && $task != 'apply_type' && $newly_submitted_item) {
// Clear item from being marked as newly submitted
unset($newly_submitted[$model->get('id')]);
$session->set('newly_submitted', $newly_submitted, 'flexicontent');
// The 'apply' task may set 'editable till logoff' FLAG ...
// CLEAR IT, since NEW content this is meant to be used temporarily
if (!$params->get('items_session_editable', 0)) {
$rendered_uneditable = $session->get('rendered_uneditable', array(), 'flexicontent');
if (isset($rendered_uneditable[$model->get('id')])) {
unset($rendered_uneditable[$model->get('id')]);
$session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent');
}
}
}
// ****************************************
// Saving is done, decide where to redirect
// ****************************************
switch ($task) {
case 'apply':
case 'apply_type':
$link = 'index.php?option=com_flexicontent&' . $ctrl_task . 'edit&cid=' . (int) $model->get('id');
break;
case 'saveandnew':
$link = $type_id ? 'index.php?option=com_flexicontent&view=item&typeid=' . $type_id : 'index.php?option=com_flexicontent&view=item';
break;
default:
$link = 'index.php?option=com_flexicontent&view=items';
break;
}
$msg = JText::_('FLEXI_ITEM_SAVED');
$this->setRedirect($link, $msg);
if (JRequest::getVar('fc_doajax_submit')) {
JFactory::getApplication()->enqueueMessage($msg, 'message');
echo flexicontent_html::get_system_messages_html();
exit;
// Ajax submit, do not rerender the view
}
}
function addCurrentVersionData($item_id = null, $clean_database = false)
{
// check if the section was chosen to avoid adding data on static contents
if (!FLEXI_CAT_EXTENSION) {
return true;
}
$db =& $this->_db;
$nullDate = $db->getNullDate();
// @TODO: move somewhere else
$this->formatFlexiPlugins();
// Clean categories cache
$catscache = JFactory::getCache('com_flexicontent_cats');
$catscache->clean();
// Get some basic info of all items, or of the given item
$query = "SELECT c.id,c.catid,c.version,c.created,c.modified,c.created_by,c.introtext,c.`fulltext`" . " FROM #__content as c" . " JOIN #__categories as cat ON c.catid=cat.id " . " WHERE cat.extension='" . FLEXI_CAT_EXTENSION . "'" . ($item_id ? " AND c.id=" . $item_id : "");
$db->setQuery($query);
$rows = $db->loadObjectList('id');
if (!$item_id) {
// Get current version ids of ALL ITEMS not having current versions
$diff_arrays = $this->getDiffVersions();
} else {
// Get current version id of a SPECIFIC ITEM
$diff_arrays = array(FLEXIUtilities::getCurrentVersions($item_id));
}
//$jcorefields = flexicontent_html::getJCoreFields();
$add_cats = true;
$add_tags = true;
// For all items not having the current version, add it
foreach ($diff_arrays as $item) {
$item_id = @(int) $item["id"];
if (isset($rows[$item_id])) {
$row =& $rows[$item_id];
// Get field values of the current item version
$query = "SELECT f.id,fir.value,f.field_type,f.name,fir.valueorder,f.iscore " . " FROM #__flexicontent_fields_item_relations as fir" . " LEFT JOIN #__flexicontent_fields as f on f.id=fir.field_id " . " WHERE fir.item_id=" . $row->id . " AND f.iscore=0";
// old versions stored categories & tags into __flexicontent_fields_item_relations
$db->setQuery($query);
$fieldsvals = $db->loadObjectList();
// Delete existing unversioned (current version) field values ONLY if we are asked to 'clean' the database
if ($clean_database && $fieldsvals) {
$query = 'DELETE FROM #__flexicontent_fields_item_relations WHERE item_id = ' . $row->id;
$db->setQuery($query);
$db->query();
}
// Delete any existing versioned field values to avoid conflicts, this maybe redudant, since they should not exist,
// but we do it anyway because someone may have truncated or delete records only in table 'flexicontent_versions' ...
// NOTE: we do not delete data with field_id negative as these exist only in the versioning table
$query = 'DELETE FROM #__flexicontent_items_versions WHERE item_id = ' . $row->id . ' AND version= ' . $row->version . ' AND field_id > 0';
$db->setQuery($query);
$db->query();
// Add the 'maintext' field to the fields array for adding to versioning table
$f = new stdClass();
$f->id = 1;
$f->iscore = 1;
$f->valueorder = 1;
$f->field_type = "maintext";
$f->name = "text";
$f->value = $row->introtext;
if (JString::strlen($row->fulltext) > 1) {
$f->value .= '<hr id="system-readmore" />' . $row->fulltext;
}
if (substr($f->value, 0, 3) != "<p>") {
$f->value = "<p>" . $f->value . "</p>";
}
$fieldsvals[] = $f;
// Add the 'categories' field to the fields array for adding to versioning table
$query = "SELECT catid FROM #__flexicontent_cats_item_relations WHERE itemid='" . $row->id . "';";
$db->setQuery($query);
$categories = FLEXI_J16GE ? $db->loadColumn() : $db->loadResultArray();
if (!$categories || !count($categories)) {
$categories = array($catid = $row->catid);
$query = "INSERT INTO #__flexicontent_cats_item_relations VALUES('{$catid}','" . $row->id . "', '0');";
$db->setQuery($query);
$db->query();
}
$f = new stdClass();
$f->id = 13;
$f->iscore = 1;
$f->valueorder = 1;
$f->version = (int) $row->version;
$f->value = serialize($categories);
if ($add_cats) {
$fieldsvals[] = $f;
}
// Add the 'tags' field to the fields array for adding to versioning table
$query = "SELECT tid FROM #__flexicontent_tags_item_relations WHERE itemid='" . $row->id . "';";
$db->setQuery($query);
$tags = FLEXI_J16GE ? $db->loadColumn() : $db->loadResultArray();
$f = new stdClass();
$f->id = 14;
$f->iscore = 1;
$f->valueorder = 1;
$f->version = (int) $row->version;
$f->value = serialize($tags);
if ($add_tags) {
$fieldsvals[] = $f;
}
// Add field values to field value versioning table
foreach ($fieldsvals as $fieldval) {
// add the new values to the database
$obj = new stdClass();
$obj->field_id = $fieldval->id;
$obj->item_id = $row->id;
$obj->valueorder = $fieldval->valueorder;
$obj->version = (int) $row->version;
$obj->value = $fieldval->value;
//echo "version: ".$obj->version.",fieldid : ".$obj->field_id.",value : ".$obj->value.",valueorder : ".$obj->valueorder."<br />";
//echo "inserting into __flexicontent_items_versions<br />";
$db->insertObject('#__flexicontent_items_versions', $obj);
if ($clean_database && !$fieldval->iscore) {
// If clean_database is on we need to re-add the deleted values
unset($obj->version);
//echo "inserting into __flexicontent_fields_item_relations<br />";
$db->insertObject('#__flexicontent_fields_item_relations', $obj);
}
//$searchindex .= @$fieldval->search;
}
// **********************************************************************************
// Add basic METADATA of current item version (kept in table #__flexicontent_versions)
// **********************************************************************************
$v = new stdClass();
$v->item_id = (int) $row->id;
$v->version_id = (int) $row->version;
$v->created = $row->modified && $row->modified != $nullDate ? $row->modified : $row->created;
$v->created_by = $row->created_by;
$v->comment = '';
//echo "inserting into __flexicontent_versions<br />";
$db->insertObject('#__flexicontent_versions', $v);
}
}
return true;
}
/**
* @param int $id
* @param UserTable $user
*/
private function deletePreparaty( $id, $user )
{
global $_CB_framework;
$db = JFactory::getDBO();
require_once ( $_CB_framework->getCfg( 'absolute_path' ) . '/components/com_flexicontent/classes/flexicontent.helper.php' );
//require_once (JPATH_COMPONENT_SITE.DS.'classes'.DS.'flexicontent.helper.php');
$state = -2;
$app = JFactory::getApplication();
$user = JFactory::getUser();
$dispatcher = JDispatcher::getInstance();
JRequest::setVar("isflexicontent", "yes");
static $event_failed_notice_added = false;
$query = 'SELECT id FROM #__content'
. ' WHERE id = '.(int)$id.
" AND created_by = " . (int) $user->get( 'id' );
$db->setQuery( $query );
if(!$db->loadResult()){
$profileUrl = $_CB_framework->userProfileUrl( $user->get( 'id' ) , false, '' );
cbRedirect( $profileUrl, CBTxt::T( 'You can\'t deleted this drug!' ) );
}
if ( $id )
{
$v = FLEXIUtilities::getCurrentVersions((int)$id);
$query = 'UPDATE #__content'
. ' SET state = ' . (int)$state
. ' WHERE id = '.(int)$id
//. ' AND ( checked_out = 0 OR ( checked_out = ' . (int) $user->get('id'). ' ) )'
;
$db->setQuery( $query );
$db->query();
if ( $db->getErrorNum() ) if (FLEXI_J16GE) throw new Exception($db->getErrorMsg(), 500); else JError::raiseError(500, $db->getErrorMsg());
$query = 'UPDATE #__flexicontent_items_tmp'
. ' SET state = ' . (int)$state
. ' WHERE id = '.(int)$id
//. ' AND ( checked_out = 0 OR ( checked_out = ' . (int) $user->get('id'). ' ) )'
;
$db->setQuery( $query );
$db->query();
if ( $db->getErrorNum() ) if (FLEXI_J16GE) throw new Exception($db->getErrorMsg(), 500); else JError::raiseError(500, $db->getErrorMsg());
$query = 'UPDATE #__flexicontent_items_versions'
. ' SET value = ' . (int)$state
. ' WHERE item_id = '.(int)$id
. ' AND valueorder = 1'
. ' AND field_id = 10'
. ' AND version = ' .(int)$v['version']
;
$db->setQuery( $query );
$db->query();
if ( $db->getErrorNum() ) if (FLEXI_J16GE) throw new Exception($db->getErrorMsg(), 500); else JError::raiseError(500, $db->getErrorMsg());
}
// ****************************************************************
// Trigger Event 'onContentChangeState' of Joomla's Content plugins
// ****************************************************************
if (FLEXI_J16GE) {
// Make sure we import flexicontent AND content plugins since we will be triggering their events
JPluginHelper::importPlugin('content');
// PREPARE FOR TRIGGERING content events
// We need to fake joomla's states ... when triggering events
$fc_state = $state;
if ( in_array($fc_state, array(1,-5)) ) $jm_state = 1; // published states
else if ( in_array($fc_state, array(0,-3,-4)) ) $jm_state = 0; // unpublished states
else $jm_state = $fc_state; // trashed & archive states
$fc_itemview = $app->isSite() ? FLEXI_ITEMVIEW : 'item';
$item = new stdClass();
// Compatibility steps (including Joomla compatible state),
// so that 3rd party plugins using the change state event work properly
JRequest::setVar('view', 'article'); JRequest::setVar('option', 'com_content');
$item->state = $jm_state;
$result = $dispatcher->trigger($this->event_change_state, array('com_content.article', (array) $id, $jm_state));
// Revert compatibilty steps ... the $item->state is not used further regardless if it was changed,
// besides the event_change_state using plugin should have updated DB state value anyway
JRequest::setVar('view', $fc_itemview); JRequest::setVar('option', 'com_flexicontent');
if ($item->state == $jm_state) $item->state = $fc_state; // this check is redundant, item->state is not used further ...
if (in_array(false, $result, true) && !$event_failed_notice_added) {
JError::raiseNotice(10, JText::_('One of plugin event handler for onContentChangeState failed') );
$event_failed_notice_added = true;
return false;
}
}
$profileUrl = $_CB_framework->userProfileUrl( $user->get( 'id' ) , false, '' );
cbRedirect( $profileUrl, CBTxt::T( 'Drug deleted successfully!' ) );
}
/**
* Method to CHECK item's -VIEWING- ACCESS, this could be moved to the controller,
* if we do this, then we must check the view variable, because DISPLAY() CONTROLLER TASK
* is shared among all views ... or create a separate FRONTEND controller for the ITEM VIEW
*
* @access private
* @return array
* @since 1.5
*/
function _check_viewing_access($version = false)
{
global $globalcats;
$app = JFactory::getApplication();
$user = JFactory::getUser();
$session = JFactory::getSession();
$aid = (int) $user->get('aid');
$gid = (int) $user->get('gid');
$cid = $this->_cid;
$params = $this->_item->parameters;
$cparams = $this->_cparams;
$fcreturn = serialize(array('id' => @$this->_item->id, 'cid' => $cid));
// a special url parameter, used by some SEF code
$referer = @$_SERVER['HTTP_REFERER'];
// the previously viewed page (refer)
// a basic item title string
$title_str = "<br />" . JText::_('FLEXI_TITLE') . ": " . $this->_item->title . '[id: ' . $this->_item->id . ']';
// Since we will check access for VIEW (=read) only, we skip checks if TASK Variable is set,
// the edit() or add() or other controller task, will be responsible for checking permissions.
if (@$this->_item->id && !JRequest::getVar('task', false) && JRequest::getVar('view') == FLEXI_ITEMVIEW) {
//*************************************************************
// STEP A: Calculate ownership, edit permission and read access
// (a) isOwner, (b) canedititem, (c) canviewitem
//*************************************************************
// (a) Calculate if owned by current user
$isOwner = $this->_item->created_by == $user->get('id');
// (b) Calculate edit access ...
// NOTE: we will allow view access if current user can edit the item (but set a warning message about it, see bellow)
$canedititem = $params->get('access-edit');
$caneditstate = $params->get('access-edit-state');
if (!$caneditstate) {
// Item not editable, check if item is editable till logoff
if ($session->has('rendered_uneditable', 'flexicontent')) {
$rendered_uneditable = $session->get('rendered_uneditable', array(), 'flexicontent');
$canedititem = isset($rendered_uneditable[$this->_item->id]);
}
}
// (c) Calculate read access ...
$canviewitem = $params->get('access-view');
// *********************************************************************************
// STEP B: Calculate SOME ITEM PUBLICATION STATE FLAGS, used to decide if current item is active
// FLAGS: item_is_published, item_is_scheduled, item_is_expired, cats_are_published
// *********************************************************************************
$item_is_published = $this->_item->state == 1 || $this->_item->state == -5 || $this->_item->state == (FLEXI_J16GE ? 2 : -1);
$item_is_scheduled = $this->_item->publication_scheduled;
$item_is_expired = $this->_item->publication_expired;
if ($cid) {
// cid is set, check state of current item category only
// NOTE: J1.6+ all ancestor categories from current one to the root, for J1.5 only the current one ($cid)
if (!isset($this->_item->ancestor_cats_published)) {
$ancestor_cats_published = true;
foreach ($globalcats[$cid]->ancestorsarray as $pcid) {
$ancestor_cats_published = $ancestor_cats_published && $globalcats[$pcid]->published == 1;
}
$this->_item->ancestor_cats_published = $ancestor_cats_published;
}
$cats_are_published = $this->_item->ancestor_cats_published;
//$this->_item->catpublished;
$cats_np_err_mssg = JText::sprintf('FLEXI_CONTENT_UNAVAILABLE_ITEM_CURRCAT_UNPUBLISHED', $cid);
} else {
// cid is not set, we have no current category, the item is visible if it belongs to at one published category
$itemcats = $this->_item->categories;
$cats_are_published = true;
foreach ($itemcats as $catid) {
if (!isset($globalcats[$catid])) {
continue;
}
$cats_are_published |= $globalcats[$catid]->published;
// For J1.6+ check all ancestor categories from current one to the root
foreach ($globalcats[$catid]->ancestorsarray as $pcid) {
$cats_are_published = $cats_are_published && $globalcats[$pcid]->published == 1;
}
}
$cats_np_err_mssg = JText::_('FLEXI_CONTENT_UNAVAILABLE_ITEM_ALLCATS_UNPUBLISHED');
}
// Calculate if item is active ... and viewable is also it's (current or All) categories are published
$item_active = $item_is_published && !$item_is_scheduled && !$item_is_expired;
$item_n_cat_active = $item_active && $cats_are_published;
$previewing_and_unlogged = $version && $user->guest;
// this is a flag indicates to redirect to login instead of 404 error
$ignore_publication = $canedititem || $caneditstate || $isOwner || $previewing_and_unlogged;
$inactive_notice_set = false;
$item_state_pending = $this->_item->state == -3;
$item_state_draft = $this->_item->state == -4;
//***********************************************************************************************************************
// STEP C: CHECK item state, if publication state is not ignored terminate with 404 NOT found, otherwise add a notice
// NOTE: Asking all users to login when item is not active maybe wrong approach, so instead we raise 404 error, but we
// will ask them to login only if previewing a latest or specific version (so ignore publication FLAG includes this case)
// (a) Check that item is PUBLISHED (1,-5) or ARCHIVED (-1)
// (b) Check that item has expired publication date
// (c) Check that item has scheduled publication date
// (d) Check that current item category or all items categories are published
//***********************************************************************************************************************
// (a) Check that item is PUBLISHED (1,-5) or ARCHIVED (-1)
if (!$caneditstate && ($item_state_pending || $item_state_draft) && $isOwner) {
// SPECIAL workflow case, regardless of (view/edit privilege), allow users to view unpublished owned content, (a) if waiting for approval, or (b) if can request approval
$inactive_notice_set = true;
} else {
if (!$item_is_published && !$ignore_publication) {
// Raise error that the item is unpublished
$msg = JText::_('FLEXI_CONTENT_UNAVAILABLE_ITEM_UNPUBLISHED') . $title_str;
if (FLEXI_J16GE) {
throw new Exception($msg, 404);
} else {
JError::raiseError(404, $msg);
}
} else {
if (!$item_is_published && !$inactive_notice_set) {
// Item edittable, set warning that ...
JError::raiseNotice(404, JText::_('FLEXI_CONTENT_UNAVAILABLE_ITEM_UNPUBLISHED'));
$inactive_notice_set = true;
}
}
}
// NOTE: First, we check for expired publication, since if item expired, scheduled publication is meaningless
// (b) Check that item has expired publication date
if ($item_is_expired && !$ignore_publication) {
// Raise error that the item is scheduled for publication
$msg = JText::_('FLEXI_CONTENT_UNAVAILABLE_ITEM_EXPIRED') . $title_str;
if (FLEXI_J16GE) {
throw new Exception($msg, 404);
} else {
JError::raiseError(404, $msg);
}
} else {
if ($item_is_expired && !$inactive_notice_set) {
// Item edittable, set warning that ...
JError::raiseNotice(404, JText::_('FLEXI_CONTENT_UNAVAILABLE_ITEM_EXPIRED'));
$inactive_notice_set = true;
}
}
// (c) Check that item has scheduled publication date
if ($item_is_scheduled && !$ignore_publication) {
// Raise error that the item is scheduled for publication
$msg = JText::_('FLEXI_CONTENT_UNAVAILABLE_ITEM_SCHEDULED') . $title_str;
if (FLEXI_J16GE) {
throw new Exception($msg, 404);
} else {
JError::raiseError(404, $msg);
}
} else {
if ($item_is_scheduled && !$inactive_notice_set) {
// Item edittable, set warning that ...
JError::raiseNotice(404, JText::_('FLEXI_CONTENT_UNAVAILABLE_ITEM_SCHEDULED'));
$inactive_notice_set = true;
}
}
// (d) Check that current item category or all items categories are published
if (!$cats_are_published && !$ignore_publication) {
// Terminate execution with a HTTP not-found Server Error
$msg = $cats_np_err_mssg . $title_str;
if (FLEXI_J16GE) {
throw new Exception($msg, 404);
} else {
JError::raiseError(404, $msg);
}
} else {
if (!$cats_are_published && !$inactive_notice_set) {
// Item edittable, set warning that item's (ancestor) category is unpublished
JError::raiseNotice(404, $cats_np_err_mssg);
$inactive_notice_set = true;
}
}
//*******************************************************************************************
// STEP D: CHECK viewing access in relation to if user being logged and being owner / editor
// (a) redirect user previewing a non-current item version, to either current item version or to refer if has no edit permission
// (b) redirect item owner to previous page if user has no access (read/edit) to the item
// (c) redirect unlogged user to login, so that user can possible login to privileged account
// (d) redirect unauthorized logged user to the unauthorized page (if this is set)
// (e) finally raise a 403 forbidden Server Error if user is unauthorized to access item
//*******************************************************************************************
// SPECIAL case when previewing an non-current version of an item, this is allowed only if user can edit the item
$current_version = FLEXIUtilities::getCurrentVersions($this->_id, true);
// Get current item version
if ($version && $version != $current_version && !$canedititem && !$previewing_and_unlogged) {
// (a) redirect user previewing a non-current item version, to either current item version or to refer if has no edit permission
JError::raiseNotice(403, JText::_('FLEXI_ALERTNOTAUTH_PREVIEW_UNEDITABLE') . "<br />" . JText::_('FLEXI_ALERTNOTAUTH_TASK'));
if ($item_n_cat_active && $canviewitem) {
$app->redirect(JRoute::_(FlexicontentHelperRoute::getItemRoute($this->_item->slug, $this->_item->categoryslug, 0, $this->_item)));
} else {
$app->redirect($referer);
// Item not viewable OR no view access, redirect to refer page
}
} else {
if (!$item_n_cat_active && !$previewing_and_unlogged) {
if (!$caneditstate && ($item_state_pending || $item_state_draft) && $isOwner) {
// no redirect, SET message to owners, to wait for approval or to request approval of their content
$app->enqueueMessage(JText::_($item_state_pending ? 'FLEXI_ALERT_VIEW_OWN_PENDING_STATE' : 'FLEXI_ALERT_VIEW_OWN_DRAFT_STATE'), 'notice');
} else {
if (!$canedititem && !$caneditstate && $isOwner) {
// (b) redirect item owner to previous page if user cannot access (read/edit) the item
JError::raiseNotice(403, JText::_($item_state_pending ? 'FLEXI_ALERTNOTAUTH_VIEW_OWN_PENDING' : 'FLEXI_ALERTNOTAUTH_VIEW_OWN_UNPUBLISHED'));
$app->redirect($referer);
} else {
if ($canedititem || $caneditstate) {
// no redirect, SET notice to the editors, that they are viewing unreadable content because they can edit the item
$app->enqueueMessage(JText::_('FLEXI_CONTENT_ACCESS_ALLOWED_BECAUSE_EDITABLE_PUBLISHABLE'), 'notice');
} else {
$app->enqueueMessage('INTERNAL ERROR: item inactive but checks were ignored despite current user not begin item owner or item assigned editor', 'notice');
$app->redirect($referer);
}
}
}
} else {
if (!$canviewitem && !$canedititem || !$item_n_cat_active) {
if ($user->guest) {
// (c) redirect unlogged user to login, so that user can possible login to privileged account
$uri = JFactory::getURI();
$return = $uri->toString();
$com_users = FLEXI_J16GE ? 'com_users' : 'com_user';
$url = $cparams->get('login_page', 'index.php?option=' . $com_users . '&view=login');
$return = strtr(base64_encode($return), '+/=', '-_,');
$url .= '&return=' . $return;
//$url .= '&return='.base64_encode($return);
$url .= '&fcreturn=' . base64_encode($fcreturn);
JError::raiseWarning(403, JText::sprintf("FLEXI_LOGIN_TO_ACCESS", $url));
$app->redirect($url);
} else {
$msg = JText::_('FLEXI_ALERTNOTAUTH_VIEW');
$msg .= $item->type_id && !$item->has_type_access ? "<br/>" . JText::_("FLEXI_ALERTNOTAUTH_VIEW_TYPE") : '';
$msg .= $item->catid && !$item->has_mcat_access ? "<br/>" . JText::_("FLEXI_ALERTNOTAUTH_VIEW_MCAT") : '';
if ($cparams->get('unauthorized_page', '')) {
// (d) redirect unauthorized logged user to the unauthorized page (if this is set)
JError::raiseNotice(403, $msg);
$app->redirect($cparams->get('unauthorized_page'));
} else {
// (e) finally raise a 403 forbidden Server Error if user is unauthorized to access item
if (FLEXI_J16GE) {
throw new Exception($msg, 403);
} else {
JError::raiseError(403, $msg);
}
}
}
} else {
}
}
}
}
// End of Existing item (not new)
}
/**
* Method to change the state of an item
*
* @access public
* @return boolean True on success
* @since 1.0
*/
function setitemstate($id, $state = 1)
{
$app = JFactory::getApplication();
$user = JFactory::getUser();
$dispatcher = JDispatcher::getInstance();
JRequest::setVar("isflexicontent", "yes");
static $event_failed_notice_added = false;
if ($id) {
$v = FLEXIUtilities::getCurrentVersions((int) $id);
$query = 'UPDATE #__content' . ' SET state = ' . (int) $state . ' WHERE id = ' . (int) $id;
$this->_db->setQuery($query);
$this->_db->query();
if ($this->_db->getErrorNum()) {
if (FLEXI_J16GE) {
throw new Exception($this->_db->getErrorMsg(), 500);
} else {
JError::raiseError(500, $this->_db->getErrorMsg());
}
}
$query = 'UPDATE #__flexicontent_items_tmp' . ' SET state = ' . (int) $state . ' WHERE id = ' . (int) $id;
$this->_db->setQuery($query);
$this->_db->query();
if ($this->_db->getErrorNum()) {
if (FLEXI_J16GE) {
throw new Exception($this->_db->getErrorMsg(), 500);
} else {
JError::raiseError(500, $this->_db->getErrorMsg());
}
}
$query = 'UPDATE #__flexicontent_items_versions' . ' SET value = ' . (int) $state . ' WHERE item_id = ' . (int) $id . ' AND valueorder = 1' . ' AND field_id = 10' . ' AND version = ' . (int) $v['version'];
$this->_db->setQuery($query);
$this->_db->query();
if ($this->_db->getErrorNum()) {
if (FLEXI_J16GE) {
throw new Exception($this->_db->getErrorMsg(), 500);
} else {
JError::raiseError(500, $this->_db->getErrorMsg());
}
}
}
// ****************************************************************
// Trigger Event 'onContentChangeState' of Joomla's Content plugins
// ****************************************************************
if (FLEXI_J16GE) {
// Make sure we import flexicontent AND content plugins since we will be triggering their events
JPluginHelper::importPlugin('content');
// PREPARE FOR TRIGGERING content events
// We need to fake joomla's states ... when triggering events
$fc_state = $state;
if (in_array($fc_state, array(1, -5))) {
$jm_state = 1;
} else {
if (in_array($fc_state, array(0, -3, -4))) {
$jm_state = 0;
} else {
$jm_state = $fc_state;
}
}
// trashed & archive states
$fc_itemview = $app->isSite() ? FLEXI_ITEMVIEW : 'item';
$item = new stdClass();
// Compatibility steps (including Joomla compatible state),
// so that 3rd party plugins using the change state event work properly
JRequest::setVar('view', 'article');
JRequest::setVar('option', 'com_content');
$item->state = $jm_state;
$result = $dispatcher->trigger($this->event_change_state, array('com_content.article', (array) $id, $jm_state));
// Revert compatibilty steps ... the $item->state is not used further regardless if it was changed,
// besides the event_change_state using plugin should have updated DB state value anyway
JRequest::setVar('view', $fc_itemview);
JRequest::setVar('option', 'com_flexicontent');
if ($item->state == $jm_state) {
$item->state = $fc_state;
}
// this check is redundant, item->state is not used further ...
if (in_array(false, $result, true) && !$event_failed_notice_added) {
JError::raiseNotice(10, JText::_('One of plugin event handler for onContentChangeState failed'));
$event_failed_notice_added = true;
return false;
}
}
return true;
}
/**
* Logic to save an item
*
* @access public
* @return void
* @since 1.0
*/
function save()
{
// Check for request forgeries
JRequest::checkToken() or jexit( 'Invalid Token' );
// Initialize variables
$app = JFactory::getApplication();
$db = JFactory::getDBO();
$user = JFactory::getUser();
$menu = $app->getMenu()->getActive();
$config = JFactory::getConfig();
$session = JFactory::getSession();
$task = JRequest::getVar('task');
$model = $this->getModel(FLEXI_ITEMVIEW);
$isnew = !$model->getId();
$ctrl_task = FLEXI_J16GE ? 'task=items.' : 'controller=items&task=';
$fc_params = JComponentHelper::getParams( 'com_flexicontent' );
$dolog = $fc_params->get('print_logging_info');
// Get the COMPONENT only parameters
$comp_params = JComponentHelper::getComponent('com_flexicontent')->params;
$params = FLEXI_J16GE ? clone ($comp_params) : new JParameter( $comp_params ); // clone( JComponentHelper::getParams('com_flexicontent') );
// Merge the type parameters
$tparams = $model->getTypeparams();
$tparams = FLEXI_J16GE ? new JRegistry($tparams) : new JParameter($tparams);
$params->merge($tparams);
// Merge the menu parameters
if ($menu) {
$menu_params = FLEXI_J16GE ? $menu->params : new JParameter($menu->params);
$params->merge($menu_params);
}
// Get needed parameters
$submit_redirect_url_fe = $params->get('submit_redirect_url_fe', '');
$allowunauthorize = $params->get('allowunauthorize', 0);
// *********************
// Get data from request
// *********************
if (FLEXI_J16GE) {
// Retrieve form data these are subject to basic filtering
$data = JRequest::getVar('jform', array(), 'post', 'array'); // Core Fields and and item Parameters
$custom = JRequest::getVar('custom', array(), 'post', 'array'); // Custom Fields
$jfdata = JRequest::getVar('jfdata', array(), 'post', 'array'); // Joomfish Data
if ( ! @ $data['rules'] ) $data['rules'] = array();
}
else {
// Retrieve form data these are subject to basic filtering
$data = JRequest::get( 'post' ); // Core & Custom Fields and item Parameters
}
// Set data id into model in case not already set ?
$model->setId((int) $data['id']);
// *************************************
// ENFORCE can change category ACL perms
// *************************************
$perms = FlexicontentHelperPerm::getPerm();
// Per content type change category permissions
if (FLEXI_J16GE) {
$current_type_id = ($isnew || !$model->get('type_id')) ? $data['type_id'] : $model->get('type_id'); // GET current (existing/old) item TYPE ID
$CanChangeFeatCat = $user->authorise('flexicontent.change.cat.feat', 'com_flexicontent.type.' . $current_type_id);
$CanChangeSecCat = $user->authorise('flexicontent.change.cat.sec', 'com_flexicontent.type.' . $current_type_id);
$CanChangeCat = $user->authorise('flexicontent.change.cat', 'com_flexicontent.type.' . $current_type_id);
} else {
$CanChangeFeatCat = 1;
$CanChangeSecCat = 1;
$CanChangeCat = 1;
}
$featured_cats_parent = $params->get('featured_cats_parent', 0);
$featured_cats = array();
$enable_featured_cid_selector = $perms->MultiCat && $CanChangeFeatCat;
$enable_cid_selector = $perms->MultiCat && $CanChangeSecCat;
$enable_catid_selector = ($isnew && !$tparams->get('catid_default')) || (!$isnew && !$model->get('catid')) || $CanChangeCat;
// Enforce maintaining featured categories
$featured_cats_parent = $params->get('featured_cats_parent', 0);
$featured_cats = array();
if ( $featured_cats_parent && !$enable_featured_cid_selector )
{
$featured_tree = flexicontent_cats::getCategoriesTree($published_only=1, $parent_id=$featured_cats_parent, $depth_limit=0);
$featured_cid = array();
if (!$isnew) {
foreach($model->get('categories') as $item_cat) if (isset($featured_tree[$item_cat])) $featured_cid[] = $item_cat;
}
$data['featured_cid'] = $featured_cid;
}
// Enforce maintaining secondary categories
if (!$enable_cid_selector) {
if ($isnew) {
$data['cid'] = $tparams->get('cid_default');
} else if ( isset($featured_cid) ) {
$featured_cid_arr = array_flip($featured_cid);
$sec_cid = array();
foreach($model->get('cats') as $item_cat) if (!isset($featured_cid_arr[$item_cat])) $sec_cid[] = $item_cat;
$data['cid'] = $sec_cid;
} else {
$data['cid'] = $model->get('cats');
}
}
if (!$enable_catid_selector) {
if ($isnew && $tparams->get('catid_default'))
$data['catid'] = $tparams->get('catid_default');
else if ($model->get('catid'))
$data['catid'] = $model->get('catid');
}
// **************************
// Basic Form data validation
// **************************
if (FLEXI_J16GE)
{
// *** MANUALLY CHECK CAPTCHA ***
$use_captcha = $params->get('use_captcha', 1); // 1 for guests, 2 for any user
$captcha_formop = $params->get('captcha_formop', 0); // 0 for submit, 1 for submit/edit (aka always)
$is_submitop = ((int) $data['id']) == 0;
$display_captcha = $use_captcha >= 2 || ( $use_captcha == 1 && $user->guest );
$display_captcha = $display_captcha && ( $is_submitop || $captcha_formop); // for submit operation we do not need to check 'captcha_formop' ...
if ($display_captcha)
{
// Try to force the use of recaptcha plugin
JFactory::getConfig()->set('captcha', 'recaptcha');
if ( $app->getCfg('captcha') == 'recaptcha' && JPluginHelper::isEnabled('captcha', 'recaptcha') ) {
JPluginHelper::importPlugin('captcha');
$dispatcher = JDispatcher::getInstance();
$result = $dispatcher->trigger('onCheckAnswer', JRequest::getString('recaptcha_response_field'));
if (!$result[0]) {
$errmsg = JText::_('FLEXI_CAPTCHA_FAILED');
$errmsg .= ' '.JText::_('FLEXI_MUST_REFILL_SOME_FIELDS');
echo "<script>alert('".$errmsg."');";
echo "window.history.back();";
echo "</script>";
jexit();
}
}
}
// Validate Form data for core fields and for parameters
$form = $model->getForm(); // Do not pass any data we only want the form object in order to validate the data and not create a filled-in form
$post = $model->validate($form, $data);
// Check for validation error
if (!$post) {
// Get the validation messages.
$errors = $form->getErrors();
// Push up to three validation messages out to the user.
for ($i = 0, $n = count($errors); $i < $n && $i < 3; $i++) {
if ($errors[$i] instanceof Exception)
$app->enqueueMessage($errors[$i]->getMessage(), 'notice');
else
$app->enqueueMessage($errors[$i], 'notice');
}
// Save the jform data in the session.
$app->setUserState($form->option.'.edit.'.$form->context.'.data', $data);
// Save the custom fields data in the session.
$app->setUserState($form->option.'.edit.'.$form->context.'.custom', $custom);
// Redirect back to the registration form.
$this->setRedirect( $_SERVER['HTTP_REFERER'] );
return false;
//die('error');
}
/*if (!$post) {
//JError::raiseWarning( 500, "Error while validating data: " . $model->getError() );
echo "Error while validating data: " . $model->getError();
echo '<span class="fc_return_msg">'.JText::sprintf('FLEXI_CLICK_HERE_TO_RETURN', '"JavaScript:window.history.back();"').'</span>';
jexit();
}*/
// Some values need to be assigned after validation
$post['attribs'] = @$data['attribs']; // Workaround for item's template parameters being clear by validation since they are not present in item.xml
$post['custom'] = & $custom; // Assign array of custom field values, they are in the 'custom' form array instead of jform
$post['jfdata'] = & $jfdata; // Assign array of Joomfish field values, they are in the 'jfdata' form array instead of jform
// Assign template parameters of the select ilayout as an sub-array (the DB model will handle the merging of parameters)
$ilayout = @ $data['attribs']['ilayout']; // normal not be set if frontend template editing is not shown
if( $ilayout && !empty($data['layouts'][$ilayout]) ) $post['attribs']['layouts'] = $data['layouts'];
//echo "<pre>"; print_r($post['attribs']); exit;
}
else {
$post = $data;
// Some values need to be assigned after validation
$post['text'] = JRequest::getVar( 'text', '', 'post', 'string', JREQUEST_ALLOWRAW ); // Workaround for allowing raw text field
// Assign template parameters of the select ilayout as an sub-array (the DB model will handle the merging of parameters)
$ilayout = @ $post['params']['ilayout']; // normal not be set if frontend template editing is not shown
if( $ilayout && !empty($post['layouts'][$ilayout]) ) $post['params']['layouts'] = $post['layouts'];
//echo "<pre>"; print_r($post['params']); exit;
}
// USEFULL FOR DEBUGING for J2.5 (do not remove commented code)
//$diff_arr = array_diff_assoc ( $data, $post);
//echo "<pre>"; print_r($diff_arr); jexit();
// ********************************************************************************
// PERFORM ACCESS CHECKS, NOTE: we need to check access again, despite having
// checked them on edit form load, because user may have tampered with the form ...
// ********************************************************************************
$type_id = (int) @ $post['type_id']; // Typecast to int, (already done for J2.5 via validating)
if ( !$isnew && $model->get('type_id') == $type_id ) {
// Existing item with Type not being ALTERED, content type can be maintained regardless of privilege
$canCreateType = true;
} else {
// New item or existing item with Type is being ALTERED, check privilege to create items of this type
$canCreateType = $model->canCreateType( array($type_id), true, $types );
}
// ****************************************************************
// Calculate user's privileges on current content item
// ... canPublish IS RECALCULATED after saving, maybe comment out ?
// ****************************************************************
if (!$isnew) {
if (FLEXI_J16GE) {
$asset = 'com_content.article.' . $model->get('id');
$canPublish = $user->authorise('core.edit.state', $asset) || ($user->authorise('core.edit.state.own', $asset) && $model->get('created_by') == $user->get('id'));
$canEdit = $user->authorise('core.edit', $asset) || ($user->authorise('core.edit.own', $asset) && $model->get('created_by') == $user->get('id'));
// ALTERNATIVE 1
//$canEdit = $model->getItemAccess()->get('access-edit'); // includes privileges edit and edit-own
// ALTERNATIVE 2
//$rights = FlexicontentHelperPerm::checkAllItemAccess($user->get('id'), 'item', $model->get('id'));
//$canEdit = in_array('edit', $rights) || (in_array('edit.own', $rights) && $model->get('created_by') == $user->get('id')) ;
} else if ($user->gid >= 25) {
$canPublish = true;
$canEdit = true;
} else if (FLEXI_ACCESS) {
$rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, $model->get('id'), $model->get('catid'));
$canPublish = in_array('publish', $rights) || (in_array('publishown', $rights) && $model->get('created_by') == $user->get('id')) ;
$canEdit = in_array('edit', $rights) || (in_array('editown', $rights) && $model->get('created_by') == $user->get('id')) ;
} else {
$canPublish = $user->authorize('com_content', 'publish', 'content', 'all');
$canEdit = $user->authorize('com_content', 'edit', 'content', 'all') || ($user->authorize('com_content', 'edit', 'content', 'own') && $model->get('created_by') == $user->get('id'));
//$canPublish = ($user->gid >= 21); // At least J1.5 Publisher
//$canEdit = ($user->gid >= 20); // At least J1.5 Editor
}
if ( !$canEdit ) {
// No edit privilege, check if item is editable till logoff
if ($session->has('rendered_uneditable', 'flexicontent')) {
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
$canEdit = isset($rendered_uneditable[$model->get('id')]) && $rendered_uneditable[$model->get('id')];
}
}
} else {
if (FLEXI_J16GE) {
$canAdd = $model->getItemAccess()->get('access-create'); // includes check of creating in at least one category
$not_authorised = !$canAdd;
$canPublish = $user->authorise('core.edit.state', 'com_flexicontent') || $user->authorise('core.edit.state.own', 'com_flexicontent');
} else if ($user->gid >= 25) {
$canAdd = 1;
} else if (FLEXI_ACCESS) {
$canAdd = FAccess::checkUserElementsAccess($user->gmid, 'submit');
$canAdd = @$canAdd['content'] || @$canAdd['category'];
$canPublishAll = FAccess::checkAllContentAccess('com_content','publish','users',$user->gmid,'content','all');
$canPublishOwnAll = FAccess::checkAllContentAccess('com_content','publishown','users',$user->gmid,'content','all');
$canPublish = ($user->gid < 25) ? $canPublishAll || $canPublishOwnAll : 1;
} else {
$canAdd = $user->authorize('com_content', 'add', 'content', 'all');
//$canAdd = ($user->gid >= 19); // At least J1.5 Author
$not_authorised = ! $canAdd;
$canPublish = ($user->gid >= 21);
}
if ( $allowunauthorize ) {
$canAdd = true;
$canCreateType = true;
}
}
// ... we use some strings from administrator part
// load english language file for 'com_flexicontent' component then override with current language file
JFactory::getLanguage()->load('com_flexicontent', JPATH_ADMINISTRATOR, 'en-GB', true);
JFactory::getLanguage()->load('com_flexicontent', JPATH_ADMINISTRATOR, null, true);
// Check for new content
if ( ($isnew && !$canAdd) || (!$isnew && !$canEdit)) {
$msg = JText::_( 'FLEXI_ALERTNOTAUTH' );
if (FLEXI_J16GE) throw new Exception($msg, 403); else JError::raiseError(403, $msg);
}
if ( !$canCreateType ) {
$msg = isset($types[$type_id]) ?
JText::sprintf( 'FLEXI_NO_ACCESS_CREATE_CONTENT_OF_TYPE', JText::_($types[$type_id]->name) ) :
' Content Type '.$type_id.' was not found OR is not published';
if (FLEXI_J16GE) throw new Exception($msg, 403); else JError::raiseError(403, $msg);
return;
}
// Get "BEFORE SAVE" categories for information mail
$before_cats = array();
if ( !$isnew )
{
$query = 'SELECT DISTINCT c.id, c.title FROM #__categories AS c'
. ' JOIN #__flexicontent_cats_item_relations AS rel ON rel.catid = c.id'
. ' WHERE rel.itemid = '.(int) $model->get('id');
$db->setQuery( $query );
$before_cats = $db->loadObjectList('id');
$before_maincat = $model->get('catid');
$original_item = $model->getItem($post['id'], $check_view_access=false, $no_cache=true, $force_version=0);
}
// ****************************************
// Try to store the form data into the item
// ****************************************
if ( ! $model->store($post) )
{
// Set error message about saving failed, and also the reason (=model's error message)
$msg = JText::_( 'FLEXI_ERROR_STORING_ITEM' );
JError::raiseWarning( 500, $msg .": " . $model->getError() );
// Since an error occured, check if (a) the item is new and (b) was not created
if ($isnew && !$model->get('id')) {
$msg = '';
$link = 'index.php?option=com_flexicontent&'.$ctrl_task.'add&id=0&typeid='.$type_id.'&'. (FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken()) .'=1';
$this->setRedirect($link, $msg);
} else {
$msg = '';
$link = 'index.php?option=com_flexicontent&'.$ctrl_task.'edit&id='.$model->get('id').'&'. (FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken()) .'=1';
$this->setRedirect($link, $msg);
}
// Saving has failed check-in and return, (above redirection will be used)
$model->checkin();
return;
}
// **************************************************
// Check in model and get item id in case of new item
// **************************************************
$model->checkin();
$post['id'] = $isnew ? (int) $model->get('id') : $post['id'];
// Get items marked as newly submitted
$newly_submitted = $session->get('newly_submitted', array(), 'flexicontent');
if ($isnew) {
// Mark item as newly submitted, to allow to a proper "THANKS" message after final save & close operation (since user may have clicked add instead of add & close)
$newly_submitted[$model->get('id')] = 1;
$session->set('newly_submitted', $newly_submitted, 'flexicontent');
}
$newly_submitted_item = @ $newly_submitted[$model->get('id')];
// ***********************************************************************************************************
// Get newly saved -latest- version (store task gets latest) of the item, and also calculate publish privelege
// ***********************************************************************************************************
$item = $model->getItem($post['id'], $check_view_access=false, $no_cache=true, $force_version=-1);
$canPublish = $model->canEditState( $item, $check_cat_perm=true );
// ********************************************************************************************
// Use session to detect multiple item saves to avoid sending notification EMAIL multiple times
// ********************************************************************************************
$is_first_save = true;
if ($session->has('saved_fcitems', 'flexicontent')) {
$saved_fcitems = $session->get('saved_fcitems', array(), 'flexicontent');
$is_first_save = $isnew ? true : !isset($saved_fcitems[$model->get('id')]);
}
// Add item to saved items of the corresponding session array
$saved_fcitems[$model->get('id')] = $timestamp = time(); // Current time as seconds since Unix epoc;
$session->set('saved_fcitems', $saved_fcitems, 'flexicontent');
// ********************************************
// Get categories added / removed from the item
// ********************************************
$query = 'SELECT DISTINCT c.id, c.title FROM #__categories AS c'
. ' JOIN #__flexicontent_cats_item_relations AS rel ON rel.catid = c.id'
. ' WHERE rel.itemid = '.(int) $model->get('id');
$db->setQuery( $query );
$after_cats = $db->loadObjectList('id');
if ( !$isnew ) {
$cats_added_ids = array_diff(array_keys($after_cats), array_keys($before_cats));
foreach($cats_added_ids as $cats_added_id) {
$cats_added_titles[] = $after_cats[$cats_added_id]->title;
}
$cats_removed_ids = array_diff(array_keys($before_cats), array_keys($after_cats));
foreach($cats_removed_ids as $cats_removed_id) {
$cats_removed_titles[] = $before_cats[$cats_removed_id]->title;
}
$cats_altered = count($cats_added_ids) + count($cats_removed_ids);
$after_maincat = $model->get('catid');
}
// *******************************************************************************************************************
// We need to get emails to notify, from Global/item's Content Type parameters -AND- from item's categories parameters
// *******************************************************************************************************************
$notify_emails = array();
if ( $is_first_save || $cats_altered || $params->get('nf_enable_debug',0) )
{
// Get needed flags regarding the saved items
$approve_version = 2;
$pending_approval_state = -3;
$draft_state = -4;
$current_version = FLEXIUtilities::getCurrentVersions($item->id, true); // Get current item version
$last_version = FLEXIUtilities::getLastVersions($item->id, true); // Get last version (=latest one saved, highest version id),
// $post variables vstate & state may have been (a) tampered in the form, and/or (b) altered by save procedure so better not use them
$needs_version_reviewal = !$isnew && ($last_version > $current_version) && !$canPublish;
$needs_publication_approval = $isnew && ($item->state == $pending_approval_state) && !$canPublish;
$draft_from_non_publisher = $item->state==$draft_state && !$canPublish;
if ($draft_from_non_publisher) {
// Suppress notifications for draft-state items (new or existing ones), for these each author will publication approval manually via a button
$nConf = false;
} else {
// Get notifications configuration and select appropriate emails for current saving case
$nConf = $model->getNotificationsConf($params); //echo "<pre>"; print_r($nConf); "</pre>";
}
if ($nConf)
{
$states_notify_new = $params->get('states_notify_new', array(1,0,(FLEXI_J16GE ? 2:-1),-3,-4,-5));
if ( empty($states_notify_new) ) $states_notify_new = array();
else if ( ! is_array($states_notify_new) ) $states_notify_new = !FLEXI_J16GE ? array($states_notify_new) : explode("|", $states_notify_new);
$states_notify_existing = $params->get('states_notify_existing', array(1,0,(FLEXI_J16GE ? 2:-1),-3,-4,-5));
if ( empty($states_notify_existing) ) $states_notify_existing = array();
else if ( ! is_array($states_notify_existing) ) $states_notify_existing = !FLEXI_J16GE ? array($states_notify_existing) : explode("|", $states_notify_existing);
$n_state_ok = in_array($item->state, $states_notify_new);
$e_state_ok = in_array($item->state, $states_notify_existing);
if ($needs_publication_approval) $notify_emails = $nConf->emails->notify_new_pending;
else if ($isnew && $n_state_ok) $notify_emails = $nConf->emails->notify_new;
else if ($isnew) $notify_emails = array();
else if ($needs_version_reviewal) $notify_emails = $nConf->emails->notify_existing_reviewal;
else if (!$isnew && $e_state_ok) $notify_emails = $nConf->emails->notify_existing;
else if (!$isnew) $notify_emails = array();
if ($needs_publication_approval) $notify_text = $params->get('text_notify_new_pending');
else if ($isnew) $notify_text = $params->get('text_notify_new');
else if ($needs_version_reviewal) $notify_text = $params->get('text_notify_existing_reviewal');
else if (!$isnew) $notify_text = $params->get('text_notify_existing');
//print_r($notify_emails); jexit();
}
}
// *********************************************************************************************************************
// If there are emails to notify for current saving case, then send the notifications emails, but
// *********************************************************************************************************************
if ( !empty($notify_emails) && count($notify_emails) ) {
$notify_vars = new stdClass();
$notify_vars->needs_version_reviewal = $needs_version_reviewal;
$notify_vars->needs_publication_approval = $needs_publication_approval;
$notify_vars->isnew = $isnew;
$notify_vars->notify_emails = $notify_emails;
$notify_vars->notify_text = $notify_text;
$notify_vars->before_cats = $before_cats;
$notify_vars->after_cats = $after_cats;
$notify_vars->original_item = @ $original_item;
$model->sendNotificationEmails($notify_vars, $params, $manual_approval_request=0);
}
// ***************************************************
// CLEAN THE CACHE so that our changes appear realtime
// ***************************************************
if (FLEXI_J16GE) {
$cache = FLEXIUtilities::getCache($group='', 0);
$cache->clean('com_flexicontent_items');
$cache->clean('com_flexicontent_filters');
$cache = FLEXIUtilities::getCache($group='', 1);
$cache->clean('com_flexicontent_items');
$cache->clean('com_flexicontent_filters');
} else {
$itemcache = JFactory::getCache('com_flexicontent_items');
$itemcache->clean();
$filtercache = JFactory::getCache('com_flexicontent_filters');
$filtercache->clean();
}
// ****************************************************************************************************************************
// Recalculate EDIT PRIVILEGE of new item. Reason for needing to do this is because we can have create permission in a category
// and thus being able to set this category as item's main category, but then have no edit/editown permission for this category
// ****************************************************************************************************************************
if (FLEXI_J16GE) {
$asset = 'com_content.article.' . $model->get('id');
$canEdit = $user->authorise('core.edit', $asset) || ($user->authorise('core.edit.own', $asset) && $model->get('created_by') == $user->get('id'));
// ALTERNATIVE 1
//$canEdit = $model->getItemAccess()->get('access-edit'); // includes privileges edit and edit-own
// ALTERNATIVE 2
//$rights = FlexicontentHelperPerm::checkAllItemAccess($user->get('id'), 'item', $model->get('id'));
//$canEdit = in_array('edit', $rights) || (in_array('edit.own', $rights) && $model->get('created_by') == $user->get('id')) ;
} else if (FLEXI_ACCESS && $user->gid < 25) {
$rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, $model->get('id'), $model->get('catid'));
$canEdit = in_array('edit', $rights) || (in_array('editown', $rights) && $model->get('created_by') == $user->get('id')) ;
} else {
// This is meaningful when executed in frontend, since all backend users (managers and above) can edit items
$canEdit = $user->authorize('com_content', 'edit', 'content', 'all') || ($user->authorize('com_content', 'edit', 'content', 'own') && $model->get('created_by') == $user->get('id'));
}
// *******************************************************************************************************
// Check if user can not edit item further (due to changed main category, without edit/editown permission)
// *******************************************************************************************************
if (!$canEdit)
{
if ($task=='apply') {
// APPLY TASK: Temporarily set item to be editable till closing it
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
$rendered_uneditable[$model->get('id')] = 1;
$session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent');
$canEdit = 1;
}
else if ( $newly_submitted_item ) {
// NEW ITEM: Do not use editable till logoff behaviour
// ALSO: Clear editable FLAG set in the case that 'apply' button was used during new item creation
if ( !$params->get('items_session_editable', 0) ) {
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
if ( isset($rendered_uneditable[$model->get('id')]) ) {
unset( $rendered_uneditable[$model->get('id')] );
$session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent');
}
}
}
else {
// EXISTING ITEM: (if enabled) Use the editable till logoff behaviour
if ( $params->get('items_session_editable', 0) ) {
// Set notice for existing item being editable till logoff
JError::raiseNotice( 403, JText::_( 'FLEXI_CANNOT_EDIT_AFTER_LOGOFF' ) );
// Allow item to be editable till logoff
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
$rendered_uneditable[$model->get('id')] = 1;
$session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent');
$canEdit = 1;
}
}
// Set notice about saving an item that cannot be changed further
if ( !$canEdit ) {
$app->enqueueMessage(JText::_( 'FLEXI_CANNOT_MAKE_FURTHER_CHANGES_TO_CONTENT' ), 'message' );
}
}
// ****************************************************************
// Check for new Content Item is being closed, and clear some flags
// ****************************************************************
if ($task!='apply' && $newly_submitted_item )
{
// Clear item from being marked as newly submitted
unset($newly_submitted[$model->get('id')]);
$session->set('newly_submitted', $newly_submitted, 'flexicontent');
// The 'apply' task may set 'editable till logoff' FLAG ...
// CLEAR IT, since NEW content this is meant to be used temporarily
if ( !$params->get('items_session_editable', 0) ) {
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
if ( isset($rendered_uneditable[$model->get('id')]) ) {
unset( $rendered_uneditable[$model->get('id')] );
$session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent');
}
}
}
// ****************************************
// Saving is done, decide where to redirect
// ****************************************
// REDIRECT CASE FOR APPLYING: Save and reload the item edit form
if ($task=='apply') {
$msg = JText::_( 'FLEXI_ITEM_SAVED' );
// Create the URL
global $globalcats;
$Itemid = JRequest::getInt('Itemid', 0); // maintain current menu item if this was given
$item_url = JRoute::_(FlexicontentHelperRoute::getItemRoute($item->id.':'.$item->alias, $globalcats[$item->catid]->slug, $Itemid));
$link = $item_url
.(strstr($item_url, '?') ? '&' : '?').'task=edit'
;
// Important pass referer back to avoid making the form itself the referer
// but also check that referer URL is 'safe' (allowed) , e.g. not an offsite URL, otherwise set referer to HOME page
$referer = JRequest::getString('referer', JURI::base(), 'post');
if ( ! flexicontent_html::is_safe_url($referer) ) $referer = JURI::base();
$return = '&return='.base64_encode( $referer );
$link .= $return;
}
// REDIRECT CASES FOR SAVING
else {
// REDIRECT CASE: Return to a custom page after creating a new item (e.g. a thanks page)
if ( $newly_submitted_item && $submit_redirect_url_fe ) {
$link = $submit_redirect_url_fe;
$msg = JText::_( 'FLEXI_ITEM_SAVED' );
}
// REDIRECT CASE: Save and preview the latest version
else if ($task=='save_a_preview') {
$msg = JText::_( 'FLEXI_ITEM_SAVED' );
$link = JRoute::_(FlexicontentHelperRoute::getItemRoute($model->_item->id.':'.$model->_item->alias, $model->_item->catid, 0, $model->_item).'&preview=1', false);
}
// REDIRECT CASE: Return to the form 's referer (previous page) after item saving
else {
$msg = $newly_submitted_item ? JText::_( 'FLEXI_THANKS_SUBMISSION' ) : JText::_( 'FLEXI_ITEM_SAVED' );
// Check that referer URL is 'safe' (allowed) , e.g. not an offsite URL, otherwise for returning to HOME page
$link = JRequest::getString('referer', JURI::base(), 'post');
if ( ! flexicontent_html::is_safe_url($link) ) {
if ( $dolog ) JFactory::getApplication()->enqueueMessage( 'refused redirection to possible unsafe URL: '.$link, 'notice' );
$link = JURI::base();
}
}
}
$this->setRedirect($link, $msg);
}
function save_import()
{
// Check for request forgeries
//JRequest::checkToken() or jexit( 'Invalid Token' );
//mara
$arr_countries = array('AL' => 'Albania',
'AM' => 'Armenia' ,
'ARG' =>'Argentina' ,
'AU' => 'Australia' ,
'AUT' => 'Austria' ,
'AZ' =>'Azerbaidjan' ,
'BEL' => 'Belgium' ,
'BGD' => 'Bangladesh' ,
'BLG' => 'Bulgaria' ,
'BLR' => 'Belarus' ,
'BOS' => 'Bosnia-Herzegovina' ,
'BRA' => 'Brazil' ,
'CAN' => 'Canada' ,
'CB' => 'Cuba' ,
'CHE' => 'Switzerland' ,
'CHI' => 'China' ,
'CHL' => 'Chile' ,
'CS' => 'Czech Republic' ,
'DEU' => 'Germany' ,
'DNK' => 'Denmark' ,
'EGP' => 'Egypt' ,
'EST' => 'Estonia' ,
'FIN' => 'Finland' ,
'FRA' => 'France' ,
'GBR' => 'Great Britain' ,
'GBRUSA' => 'Great Britain' ,
'GEO' => 'Georgia' ,
'GR' => 'Greece' ,
'HK' => 'Hong Kong' ,
'HOR' => 'Croatia' ,
'HUN' => 'Hungary' ,
'IDZ' => 'Indonesia' ,
'IND' => 'India' ,
'IOR' => 'Jordan' ,
'IRA' => 'Iran' ,
'IRL' => 'Ireland' ,
'ISL' => 'Iceland' ,
'ISR' => 'Israel' ,
'ITA' => 'Italy' ,
'JPN' => 'Japan' ,
'KAZ' => 'Kazakhstan' ,
'KGZ' => 'Kyrgyzstan' ,
'KIP' => 'Cyprus' ,
'LAT' => 'Latvia' ,
'LIT' => 'Lithuania' ,
'LUX' => 'Luxembourg' ,
'MAK' => 'Macedonia' ,
'ME' => 'Montenegro' ,
'MEK' => 'Mexico' ,
'MLT' => 'Malta' ,
'MOL' => 'Moldavia' ,
'MON' => 'Monaco' ,
'NID' => 'Netherlands' ,
'NOR' => 'Norway' ,
'PAK' => 'Pakistan' ,
'POL' => 'Poland' ,
'PORT' => 'Portugal' ,
'PR' => 'Puerto Rico' ,
'PS' => 'Palestinian Territory' ,
'RS' => 'Serbia' ,
'RUM' => 'Romania' ,
'RUS' => 'Russian Federation' ,
'SA' => 'Saudi Arabia' ,
'SCH' => 'Serbia' ,
'SGP' => 'Singapore' ,
'SHE' => 'Switzerland' ,
'SKO' => 'South Korea' ,
'SLO' => 'Slovenia' ,
'SLR' => 'Slovak Republic' ,
'SM' => 'San Marino' ,
'SPN' => 'Spain' ,
'SWE' => 'Sweden' ,
'SYR' => 'Syria' ,
'TA' => 'Thailand' ,
'TUR' => 'Turkey' ,
'UAR' => 'South Africa' ,
'UGS' => 'Serbia' ,
'UKR' => 'Ukraine' ,
'unk' => 'Unknown' ,
'USA' => 'United States' ,
'USAFRA' => 'United States' ,
'Uzb' => 'Uzbekistan' ,
'VTN' => 'Vietnam');
mysql_connect('localhost', 'root', 'staSPE8e');
mysql_select_db('vidal');
mysql_query("SET NAMES utf8");
$query = "SELECT pa.ATCCode,m.LatName,n.NozologyCode,Document.DocumentID,"
."Document.RusName,Document.EngName,Document.CompiledComposition,Document.PhInfluence,Document.PhKinetics,"
."Document.Dosage,Document.OverDosage,Document.Interaction,Document.Lactation,Document.SideEffects,"
."Document.StorageCondition,Document.Indication,Document.ContraIndication,Document.SpecialInstruction "
. "FROM Document"
." LEFT JOIN Document_IndicNozology as n ON Document.DocumentID = n.DocumentID"
." LEFT JOIN Molecule_Document as md ON md.DocumentID = Document.DocumentID"
." LEFT JOIN Molecule as m ON m.MoleculeID = md.MoleculeID"
." LEFT JOIN Product_Document as pd ON pd.DocumentID = Document.DocumentID"
." LEFT JOIN Product_ATC as pa ON pd.ProductID = pa.ProductID"
." GROUP BY Document.DocumentID";
$result = mysql_query($query) or die(mysql_error());
while($all = mysql_fetch_array($result)){
// Initialize variables
$app = JFactory::getApplication();
$db = JFactory::getDBO();
$user = JFactory::getUser();
$menu = $app->getMenu()->getActive();
$config = JFactory::getConfig();
$session = JFactory::getSession();
$task = JRequest::getVar('task');
$model = $this->getModel(FLEXI_ITEMVIEW);
$isnew = !$model->getId();
$ctrl_task = FLEXI_J16GE ? 'task=items.' : 'controller=items&task=';
$fc_params = JComponentHelper::getParams( 'com_flexicontent' );
$dolog = $fc_params->get('print_logging_info');
// Get the COMPONENT only parameters
$comp_params = JComponentHelper::getComponent('com_flexicontent')->params;
$params = FLEXI_J16GE ? clone ($comp_params) : new JParameter( $comp_params ); // clone( JComponentHelper::getParams('com_flexicontent') );
// Merge the type parameters
$tparams = $model->getTypeparams();
$tparams = FLEXI_J16GE ? new JRegistry($tparams) : new JParameter($tparams);
$params->merge($tparams);
// Merge the menu parameters
if ($menu) {
$menu_params = FLEXI_J16GE ? $menu->params : new JParameter($menu->params);
$params->merge($menu_params);
}
// Get needed parameters
$submit_redirect_url_fe = $params->get('submit_redirect_url_fe', '');
$allowunauthorize = $params->get('allowunauthorize', 0);
$data = array();
$data['title'] = $all['RusName'];
//content
$data['text'] = $all['CompiledComposition'].$all['PhInfluence'].$all['PhKinetics'].$all['Dosage'].$all['OverDosage'].$all['Interaction'].$all['Lactation'].$all['SideEffects'].$all['StorageCondition'].$all['Indication'].$all['ContraIndication'].$all['SpecialInstruction'];
$data['state'] = 1;
$data['catid'] = 45;
$data['type_id'] = 2;
$data['id'] = 0;
//insert into content
//flexicontent_fields_item_relations
//15 field RusName EngName
//19 field Zabolev
$zab = '';
if($all['NozologyCode']){
$tmp = $all['NozologyCode'];
$zab_cif = substr($tmp,1,2);
$alpha = substr($tmp,0,1);
switch($alpha){
case 'A' : $zab = 'A00–B99'; break;
case 'B' : $zab = 'A00–B99';break;
case 'C' : $zab = 'C00–D48';break;
case 'D' : $zab = $zab_cif <= 48 ? 'C00–D48' : 'D50–D89';break;
case 'E' : $zab = 'E00–E90';break;
case 'F' : $zab = 'F00–F99';break;
case 'G' : $zab = 'G00–G99';break;
case 'H' : $zab = $zab_cif <= 59 ? 'H00–H59' : 'H60–H95';break;
case 'I' : $zab = 'I00–I99';break;
case 'J' : $zab = 'J00–J99';break;
case 'K' : $zab = 'K00–K93';break;
case 'L' : $zab = 'L00–L99';break;
case 'M' : $zab = 'M00–M99';break;
case 'N' : $zab = 'N00–N99';break;
case 'O' : $zab = 'O00–O99';break;
case 'P' : $zab = 'P00–P96'; break;
case 'R' : $zab = 'R00–R99'; break;
case 'S' : $zab = 'S00–T98'; break;
case 'V' : $zab = 'V01–Y98';break;
case 'Z' : $zab = 'Z00–Z99';break;
case 'U' : $zab = 'U00–U99'; break;
default: $zab = '';
}
}
$custom = array();
$custom['zabolevanie'] = $zab;
$custom['field24'] = $all['ATCCode'];
/*$custom['field24_1'] = '';
$custom['field24_2'] = '';
$custom['field24_3'] = '';
$custom['field24_4'] = '';
$custom['field24_5'] = '';*/
$custom['preparat'][0] = addslashes($all['RusName']);
$custom['preparat'][1] = addslashes($all['EngName']);
$custom['field22'][0] = addslashes($all['LatName']);
$query = "SELECT p.DateOfCloseRegistration, p.RegistrationNumber, p.Composition, p.ZipInfo, "
." c.LocalName, c.CountryCode "
. "FROM Product as p"
." JOIN Product_Company as pc ON pc.ProductID = p.ProductID"
." JOIN Company as c ON c.CompanyID = pc.CompanyID"
." JOIN Product_Document d ON d.ProductID = p.ProductID"
." WHERE d.DocumentID = ".$all['DocumentID'];
$result1 = mysql_query($query) or die(mysql_error());
$field_pr = array();
$z = 0;
while($proizv = mysql_fetch_array($result1)){
if(isset($arr_countries[$proizv['CountryCode']])){
$custom['field21'][0]['country'][$z] = addslashes($arr_countries[$proizv['CountryCode']]);
$custom['field21'][0]['naimen'][$z] = addslashes($proizv['LocalName']);//."<br />".$proizv['Composition']);
$custom['field21'][0]['vypusk'][$z] = addslashes($proizv['ZipInfo']);
$custom['field21'][0]['reg'][$z] = addslashes($proizv['RegistrationNumber']);
$custom['field21'][0]['date'][$z] = addslashes($proizv['DateOfCloseRegistration']);
}
$z++;
}
// *********************
// Get data from request
// *********************
if (FLEXI_J16GE) {
// Retrieve form data these are subject to basic filtering
// $data = JRequest::getVar('jform', array(), 'post', 'array'); // Core Fields and and item Parameters
// $custom = JRequest::getVar('custom', array(), 'post', 'array'); // Custom Fields
$jfdata = JRequest::getVar('jfdata', array(), 'post', 'array'); // Joomfish Data
if ( ! @ $data['rules'] ) $data['rules'] = array();
}
else {
// Retrieve form data these are subject to basic filtering
$data = JRequest::get( 'post' ); // Core & Custom Fields and item Parameters
}
// Set data id into model in case not already set ?
$model->setId((int) $data['id']);
// *************************************
// ENFORCE can change category ACL perms
// *************************************
$perms = FlexicontentHelperPerm::getPerm();
// Per content type change category permissions
if (FLEXI_J16GE) {
$current_type_id = ($isnew || !$model->get('type_id')) ? $data['type_id'] : $model->get('type_id'); // GET current (existing/old) item TYPE ID
$CanChangeFeatCat = $user->authorise('flexicontent.change.cat.feat', 'com_flexicontent.type.' . $current_type_id);
$CanChangeSecCat = $user->authorise('flexicontent.change.cat.sec', 'com_flexicontent.type.' . $current_type_id);
$CanChangeCat = $user->authorise('flexicontent.change.cat', 'com_flexicontent.type.' . $current_type_id);
} else {
$CanChangeFeatCat = 1;
$CanChangeSecCat = 1;
$CanChangeCat = 1;
}
$featured_cats_parent = $params->get('featured_cats_parent', 0);
$featured_cats = array();
$enable_featured_cid_selector = $perms->MultiCat && $CanChangeFeatCat;
$enable_cid_selector = $perms->MultiCat && $CanChangeSecCat;
$enable_catid_selector = ($isnew && !$tparams->get('catid_default')) || (!$isnew && !$model->get('catid')) || $CanChangeCat;
// Enforce maintaining featured categories
$featured_cats_parent = $params->get('featured_cats_parent', 0);
$featured_cats = array();
if ( $featured_cats_parent && !$enable_featured_cid_selector )
{
$featured_tree = flexicontent_cats::getCategoriesTree($published_only=1, $parent_id=$featured_cats_parent, $depth_limit=0);
$featured_cid = array();
if (!$isnew) {
foreach($model->get('categories') as $item_cat) if (isset($featured_tree[$item_cat])) $featured_cid[] = $item_cat;
}
$data['featured_cid'] = $featured_cid;
}
// Enforce maintaining secondary categories
if (!$enable_cid_selector) {
if ($isnew) {
$data['cid'] = $tparams->get('cid_default');
} else if ( isset($featured_cid) ) {
$featured_cid_arr = array_flip($featured_cid);
$sec_cid = array();
foreach($model->get('cats') as $item_cat) if (!isset($featured_cid_arr[$item_cat])) $sec_cid[] = $item_cat;
$data['cid'] = $sec_cid;
} else {
$data['cid'] = $model->get('cats');
}
}
if (!$enable_catid_selector) {
if ($isnew && $tparams->get('catid_default'))
$data['catid'] = $tparams->get('catid_default');
else if ($model->get('catid'))
$data['catid'] = $model->get('catid');
}
// **************************
// Basic Form data validation
// **************************
if (FLEXI_J16GE)
{
// *** MANUALLY CHECK CAPTCHA ***
$use_captcha = $params->get('use_captcha', 1); // 1 for guests, 2 for any user
$captcha_formop = $params->get('captcha_formop', 0); // 0 for submit, 1 for submit/edit (aka always)
$is_submitop = ((int) $data['id']) == 0;
$display_captcha = $use_captcha >= 2 || ( $use_captcha == 1 && $user->guest );
$display_captcha = $display_captcha && ( $is_submitop || $captcha_formop); // for submit operation we do not need to check 'captcha_formop' ...
if ($display_captcha)
{
// Try to force the use of recaptcha plugin
JFactory::getConfig()->set('captcha', 'recaptcha');
if ( $app->getCfg('captcha') == 'recaptcha' && JPluginHelper::isEnabled('captcha', 'recaptcha') ) {
JPluginHelper::importPlugin('captcha');
$dispatcher = JDispatcher::getInstance();
$result = $dispatcher->trigger('onCheckAnswer', JRequest::getString('recaptcha_response_field'));
if (!$result[0]) {
$errmsg = JText::_('FLEXI_CAPTCHA_FAILED');
$errmsg .= ' '.JText::_('FLEXI_MUST_REFILL_SOME_FIELDS');
echo "<script>alert('".$errmsg."');";
echo "window.history.back();";
echo "</script>";
jexit();
}
}
}
// Validate Form data for core fields and for parameters
$form = $model->getForm(); // Do not pass any data we only want the form object in order to validate the data and not create a filled-in form
$post = $model->validate($form, $data);
// Check for validation error
if (!$post) {
// Get the validation messages.
$errors = $form->getErrors();
// Push up to three validation messages out to the user.
for ($i = 0, $n = count($errors); $i < $n && $i < 3; $i++) {
if ($errors[$i] instanceof Exception)
$app->enqueueMessage($errors[$i]->getMessage(), 'notice');
else
$app->enqueueMessage($errors[$i], 'notice');
}
// Save the jform data in the session.
$app->setUserState($form->option.'.edit.'.$form->context.'.data', $data);
// Save the custom fields data in the session.
$app->setUserState($form->option.'.edit.'.$form->context.'.custom', $custom);
// Redirect back to the registration form.
$this->setRedirect( $_SERVER['HTTP_REFERER'] );
return false;
//die('error');
}
/*if (!$post) {
//JError::raiseWarning( 500, "Error while validating data: " . $model->getError() );
echo "Error while validating data: " . $model->getError();
echo '<span class="fc_return_msg">'.JText::sprintf('FLEXI_CLICK_HERE_TO_RETURN', '"JavaScript:window.history.back();"').'</span>';
jexit();
}*/
// Some values need to be assigned after validation
$post['attribs'] = @$data['attribs']; // Workaround for item's template parameters being clear by validation since they are not present in item.xml
$post['custom'] = & $custom; // Assign array of custom field values, they are in the 'custom' form array instead of jform
$post['jfdata'] = & $jfdata; // Assign array of Joomfish field values, they are in the 'jfdata' form array instead of jform
// Assign template parameters of the select ilayout as an sub-array (the DB model will handle the merging of parameters)
$ilayout = @ $data['attribs']['ilayout']; // normal not be set if frontend template editing is not shown
if( $ilayout && !empty($data['layouts'][$ilayout]) ) $post['attribs']['layouts'] = $data['layouts'];
//echo "<pre>"; print_r($post['attribs']); exit;
}
else {
$post = $data;
// Some values need to be assigned after validation
$post['text'] = JRequest::getVar( 'text', '', 'post', 'string', JREQUEST_ALLOWRAW ); // Workaround for allowing raw text field
// Assign template parameters of the select ilayout as an sub-array (the DB model will handle the merging of parameters)
$ilayout = @ $post['params']['ilayout']; // normal not be set if frontend template editing is not shown
if( $ilayout && !empty($post['layouts'][$ilayout]) ) $post['params']['layouts'] = $post['layouts'];
//echo "<pre>"; print_r($post['params']); exit;
}
// USEFULL FOR DEBUGING for J2.5 (do not remove commented code)
//$diff_arr = array_diff_assoc ( $data, $post);
//echo "<pre>"; print_r($diff_arr); jexit();
// ********************************************************************************
// PERFORM ACCESS CHECKS, NOTE: we need to check access again, despite having
// checked them on edit form load, because user may have tampered with the form ...
// ********************************************************************************
$type_id = (int) @ $post['type_id']; // Typecast to int, (already done for J2.5 via validating)
if ( !$isnew && $model->get('type_id') == $type_id ) {
// Existing item with Type not being ALTERED, content type can be maintained regardless of privilege
$canCreateType = true;
} else {
// New item or existing item with Type is being ALTERED, check privilege to create items of this type
$canCreateType = $model->canCreateType( array($type_id), true, $types );
}
// ****************************************************************
// Calculate user's privileges on current content item
// ... canPublish IS RECALCULATED after saving, maybe comment out ?
// ****************************************************************
if (!$isnew) {
if (FLEXI_J16GE) {
$asset = 'com_content.article.' . $model->get('id');
$canPublish = $user->authorise('core.edit.state', $asset) || ($user->authorise('core.edit.state.own', $asset) && $model->get('created_by') == $user->get('id'));
$canEdit = $user->authorise('core.edit', $asset) || ($user->authorise('core.edit.own', $asset) && $model->get('created_by') == $user->get('id'));
// ALTERNATIVE 1
//$canEdit = $model->getItemAccess()->get('access-edit'); // includes privileges edit and edit-own
// ALTERNATIVE 2
//$rights = FlexicontentHelperPerm::checkAllItemAccess($user->get('id'), 'item', $model->get('id'));
//$canEdit = in_array('edit', $rights) || (in_array('edit.own', $rights) && $model->get('created_by') == $user->get('id')) ;
} else if ($user->gid >= 25) {
$canPublish = true;
$canEdit = true;
} else if (FLEXI_ACCESS) {
$rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, $model->get('id'), $model->get('catid'));
$canPublish = in_array('publish', $rights) || (in_array('publishown', $rights) && $model->get('created_by') == $user->get('id')) ;
$canEdit = in_array('edit', $rights) || (in_array('editown', $rights) && $model->get('created_by') == $user->get('id')) ;
} else {
$canPublish = $user->authorize('com_content', 'publish', 'content', 'all');
$canEdit = $user->authorize('com_content', 'edit', 'content', 'all') || ($user->authorize('com_content', 'edit', 'content', 'own') && $model->get('created_by') == $user->get('id'));
//$canPublish = ($user->gid >= 21); // At least J1.5 Publisher
//$canEdit = ($user->gid >= 20); // At least J1.5 Editor
}
if ( !$canEdit ) {
// No edit privilege, check if item is editable till logoff
if ($session->has('rendered_uneditable', 'flexicontent')) {
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
$canEdit = isset($rendered_uneditable[$model->get('id')]) && $rendered_uneditable[$model->get('id')];
}
}
} else {
if (FLEXI_J16GE) {
$canAdd = $model->getItemAccess()->get('access-create'); // includes check of creating in at least one category
$not_authorised = !$canAdd;
$canPublish = $user->authorise('core.edit.state', 'com_flexicontent') || $user->authorise('core.edit.state.own', 'com_flexicontent');
} else if ($user->gid >= 25) {
$canAdd = 1;
} else if (FLEXI_ACCESS) {
$canAdd = FAccess::checkUserElementsAccess($user->gmid, 'submit');
$canAdd = @$canAdd['content'] || @$canAdd['category'];
$canPublishAll = FAccess::checkAllContentAccess('com_content','publish','users',$user->gmid,'content','all');
$canPublishOwnAll = FAccess::checkAllContentAccess('com_content','publishown','users',$user->gmid,'content','all');
$canPublish = ($user->gid < 25) ? $canPublishAll || $canPublishOwnAll : 1;
} else {
$canAdd = $user->authorize('com_content', 'add', 'content', 'all');
//$canAdd = ($user->gid >= 19); // At least J1.5 Author
$not_authorised = ! $canAdd;
$canPublish = ($user->gid >= 21);
}
if ( $allowunauthorize ) {
$canAdd = true;
$canCreateType = true;
}
}
// ... we use some strings from administrator part
// load english language file for 'com_flexicontent' component then override with current language file
JFactory::getLanguage()->load('com_flexicontent', JPATH_ADMINISTRATOR, 'en-GB', true);
JFactory::getLanguage()->load('com_flexicontent', JPATH_ADMINISTRATOR, null, true);
// Check for new content
if ( ($isnew && !$canAdd) || (!$isnew && !$canEdit)) {
$msg = JText::_( 'FLEXI_ALERTNOTAUTH' );
if (FLEXI_J16GE) throw new Exception($msg, 403); else JError::raiseError(403, $msg);
}
if ( !$canCreateType ) {
$msg = isset($types[$type_id]) ?
JText::sprintf( 'FLEXI_NO_ACCESS_CREATE_CONTENT_OF_TYPE', JText::_($types[$type_id]->name) ) :
' Content Type '.$type_id.' was not found OR is not published';
if (FLEXI_J16GE) throw new Exception($msg, 403); else JError::raiseError(403, $msg);
return;
}
// Get "BEFORE SAVE" categories for information mail
$before_cats = array();
if ( !$isnew )
{
$query = 'SELECT DISTINCT c.id, c.title FROM #__categories AS c'
. ' JOIN #__flexicontent_cats_item_relations AS rel ON rel.catid = c.id'
. ' WHERE rel.itemid = '.(int) $model->get('id');
$db->setQuery( $query );
$before_cats = $db->loadObjectList('id');
$before_maincat = $model->get('catid');
$original_item = $model->getItem($post['id'], $check_view_access=false, $no_cache=true, $force_version=0);
}
// ****************************************
// Try to store the form data into the item
// ****************************************
if ( ! $model->store($post) )
{
// Set error message about saving failed, and also the reason (=model's error message)
$msg = JText::_( 'FLEXI_ERROR_STORING_ITEM' );
JError::raiseWarning( 500, $msg .": " . $model->getError() );
// Since an error occured, check if (a) the item is new and (b) was not created
if ($isnew && !$model->get('id')) {
$msg = '';
$link = 'index.php?option=com_flexicontent&'.$ctrl_task.'add&id=0&typeid='.$type_id.'&'. (FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken()) .'=1';
$this->setRedirect($link, $msg);
} else {
$msg = '';
$link = 'index.php?option=com_flexicontent&'.$ctrl_task.'edit&id='.$model->get('id').'&'. (FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken()) .'=1';
$this->setRedirect($link, $msg);
}
// Saving has failed check-in and return, (above redirection will be used)
$model->checkin();
return;
}
// **************************************************
// Check in model and get item id in case of new item
// **************************************************
$model->checkin();
$post['id'] = $isnew ? (int) $model->get('id') : $post['id'];
// Get items marked as newly submitted
$newly_submitted = $session->get('newly_submitted', array(), 'flexicontent');
if ($isnew) {
// Mark item as newly submitted, to allow to a proper "THANKS" message after final save & close operation (since user may have clicked add instead of add & close)
$newly_submitted[$model->get('id')] = 1;
$session->set('newly_submitted', $newly_submitted, 'flexicontent');
}
$newly_submitted_item = @ $newly_submitted[$model->get('id')];
// ***********************************************************************************************************
// Get newly saved -latest- version (store task gets latest) of the item, and also calculate publish privelege
// ***********************************************************************************************************
$item = $model->getItem($post['id'], $check_view_access=false, $no_cache=true, $force_version=-1);
$canPublish = $model->canEditState( $item, $check_cat_perm=true );
// ********************************************************************************************
// Use session to detect multiple item saves to avoid sending notification EMAIL multiple times
// ********************************************************************************************
$is_first_save = true;
if ($session->has('saved_fcitems', 'flexicontent')) {
$saved_fcitems = $session->get('saved_fcitems', array(), 'flexicontent');
$is_first_save = $isnew ? true : !isset($saved_fcitems[$model->get('id')]);
}
// Add item to saved items of the corresponding session array
$saved_fcitems[$model->get('id')] = $timestamp = time(); // Current time as seconds since Unix epoc;
$session->set('saved_fcitems', $saved_fcitems, 'flexicontent');
// ********************************************
// Get categories added / removed from the item
// ********************************************
$query = 'SELECT DISTINCT c.id, c.title FROM #__categories AS c'
. ' JOIN #__flexicontent_cats_item_relations AS rel ON rel.catid = c.id'
. ' WHERE rel.itemid = '.(int) $model->get('id');
$db->setQuery( $query );
$after_cats = $db->loadObjectList('id');
if ( !$isnew ) {
$cats_added_ids = array_diff(array_keys($after_cats), array_keys($before_cats));
foreach($cats_added_ids as $cats_added_id) {
$cats_added_titles[] = $after_cats[$cats_added_id]->title;
}
$cats_removed_ids = array_diff(array_keys($before_cats), array_keys($after_cats));
foreach($cats_removed_ids as $cats_removed_id) {
$cats_removed_titles[] = $before_cats[$cats_removed_id]->title;
}
$cats_altered = count($cats_added_ids) + count($cats_removed_ids);
$after_maincat = $model->get('catid');
}
// *******************************************************************************************************************
// We need to get emails to notify, from Global/item's Content Type parameters -AND- from item's categories parameters
// *******************************************************************************************************************
$notify_emails = array();
if ( $is_first_save || $cats_altered || $params->get('nf_enable_debug',0) )
{
// Get needed flags regarding the saved items
$approve_version = 2;
$pending_approval_state = -3;
$draft_state = -4;
$current_version = FLEXIUtilities::getCurrentVersions($item->id, true); // Get current item version
$last_version = FLEXIUtilities::getLastVersions($item->id, true); // Get last version (=latest one saved, highest version id),
// $post variables vstate & state may have been (a) tampered in the form, and/or (b) altered by save procedure so better not use them
$needs_version_reviewal = !$isnew && ($last_version > $current_version) && !$canPublish;
$needs_publication_approval = $isnew && ($item->state == $pending_approval_state) && !$canPublish;
$draft_from_non_publisher = $item->state==$draft_state && !$canPublish;
if ($draft_from_non_publisher) {
// Suppress notifications for draft-state items (new or existing ones), for these each author will publication approval manually via a button
$nConf = false;
} else {
// Get notifications configuration and select appropriate emails for current saving case
$nConf = $model->getNotificationsConf($params); //echo "<pre>"; print_r($nConf); "</pre>";
}
if ($nConf)
{
$states_notify_new = $params->get('states_notify_new', array(1,0,(FLEXI_J16GE ? 2:-1),-3,-4,-5));
if ( empty($states_notify_new) ) $states_notify_new = array();
else if ( ! is_array($states_notify_new) ) $states_notify_new = !FLEXI_J16GE ? array($states_notify_new) : explode("|", $states_notify_new);
$states_notify_existing = $params->get('states_notify_existing', array(1,0,(FLEXI_J16GE ? 2:-1),-3,-4,-5));
if ( empty($states_notify_existing) ) $states_notify_existing = array();
else if ( ! is_array($states_notify_existing) ) $states_notify_existing = !FLEXI_J16GE ? array($states_notify_existing) : explode("|", $states_notify_existing);
$n_state_ok = in_array($item->state, $states_notify_new);
$e_state_ok = in_array($item->state, $states_notify_existing);
if ($needs_publication_approval) $notify_emails = $nConf->emails->notify_new_pending;
else if ($isnew && $n_state_ok) $notify_emails = $nConf->emails->notify_new;
else if ($isnew) $notify_emails = array();
else if ($needs_version_reviewal) $notify_emails = $nConf->emails->notify_existing_reviewal;
else if (!$isnew && $e_state_ok) $notify_emails = $nConf->emails->notify_existing;
else if (!$isnew) $notify_emails = array();
if ($needs_publication_approval) $notify_text = $params->get('text_notify_new_pending');
else if ($isnew) $notify_text = $params->get('text_notify_new');
else if ($needs_version_reviewal) $notify_text = $params->get('text_notify_existing_reviewal');
else if (!$isnew) $notify_text = $params->get('text_notify_existing');
//print_r($notify_emails); jexit();
}
}
// *********************************************************************************************************************
// If there are emails to notify for current saving case, then send the notifications emails, but
// *********************************************************************************************************************
if ( !empty($notify_emails) && count($notify_emails) ) {
$notify_vars = new stdClass();
$notify_vars->needs_version_reviewal = $needs_version_reviewal;
$notify_vars->needs_publication_approval = $needs_publication_approval;
$notify_vars->isnew = $isnew;
$notify_vars->notify_emails = $notify_emails;
$notify_vars->notify_text = $notify_text;
$notify_vars->before_cats = $before_cats;
$notify_vars->after_cats = $after_cats;
$notify_vars->original_item = @ $original_item;
$model->sendNotificationEmails($notify_vars, $params, $manual_approval_request=0);
}
// ***************************************************
// CLEAN THE CACHE so that our changes appear realtime
// ***************************************************
if (FLEXI_J16GE) {
$cache = FLEXIUtilities::getCache($group='', 0);
$cache->clean('com_flexicontent_items');
$cache->clean('com_flexicontent_filters');
$cache = FLEXIUtilities::getCache($group='', 1);
$cache->clean('com_flexicontent_items');
$cache->clean('com_flexicontent_filters');
} else {
$itemcache = JFactory::getCache('com_flexicontent_items');
$itemcache->clean();
$filtercache = JFactory::getCache('com_flexicontent_filters');
$filtercache->clean();
}
// ****************************************************************************************************************************
// Recalculate EDIT PRIVILEGE of new item. Reason for needing to do this is because we can have create permission in a category
// and thus being able to set this category as item's main category, but then have no edit/editown permission for this category
// ****************************************************************************************************************************
if (FLEXI_J16GE) {
$asset = 'com_content.article.' . $model->get('id');
$canEdit = $user->authorise('core.edit', $asset) || ($user->authorise('core.edit.own', $asset) && $model->get('created_by') == $user->get('id'));
// ALTERNATIVE 1
//$canEdit = $model->getItemAccess()->get('access-edit'); // includes privileges edit and edit-own
// ALTERNATIVE 2
//$rights = FlexicontentHelperPerm::checkAllItemAccess($user->get('id'), 'item', $model->get('id'));
//$canEdit = in_array('edit', $rights) || (in_array('edit.own', $rights) && $model->get('created_by') == $user->get('id')) ;
} else if (FLEXI_ACCESS && $user->gid < 25) {
$rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, $model->get('id'), $model->get('catid'));
$canEdit = in_array('edit', $rights) || (in_array('editown', $rights) && $model->get('created_by') == $user->get('id')) ;
} else {
// This is meaningful when executed in frontend, since all backend users (managers and above) can edit items
$canEdit = $user->authorize('com_content', 'edit', 'content', 'all') || ($user->authorize('com_content', 'edit', 'content', 'own') && $model->get('created_by') == $user->get('id'));
}
// *******************************************************************************************************
// Check if user can not edit item further (due to changed main category, without edit/editown permission)
// *******************************************************************************************************
if (!$canEdit)
{
if ($task=='apply') {
// APPLY TASK: Temporarily set item to be editable till closing it
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
$rendered_uneditable[$model->get('id')] = 1;
$session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent');
$canEdit = 1;
}
else if ( $newly_submitted_item ) {
// NEW ITEM: Do not use editable till logoff behaviour
// ALSO: Clear editable FLAG set in the case that 'apply' button was used during new item creation
if ( !$params->get('items_session_editable', 0) ) {
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
if ( isset($rendered_uneditable[$model->get('id')]) ) {
unset( $rendered_uneditable[$model->get('id')] );
$session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent');
}
}
}
else {
// EXISTING ITEM: (if enabled) Use the editable till logoff behaviour
if ( $params->get('items_session_editable', 0) ) {
// Set notice for existing item being editable till logoff
JError::raiseNotice( 403, JText::_( 'FLEXI_CANNOT_EDIT_AFTER_LOGOFF' ) );
// Allow item to be editable till logoff
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
$rendered_uneditable[$model->get('id')] = 1;
$session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent');
$canEdit = 1;
}
}
// Set notice about saving an item that cannot be changed further
if ( !$canEdit ) {
$app->enqueueMessage(JText::_( 'FLEXI_CANNOT_MAKE_FURTHER_CHANGES_TO_CONTENT' ), 'message' );
}
}
// ****************************************************************
// Check for new Content Item is being closed, and clear some flags
// ****************************************************************
if ($task!='apply' && $newly_submitted_item )
{
// Clear item from being marked as newly submitted
unset($newly_submitted[$model->get('id')]);
$session->set('newly_submitted', $newly_submitted, 'flexicontent');
// The 'apply' task may set 'editable till logoff' FLAG ...
// CLEAR IT, since NEW content this is meant to be used temporarily
if ( !$params->get('items_session_editable', 0) ) {
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
if ( isset($rendered_uneditable[$model->get('id')]) ) {
unset( $rendered_uneditable[$model->get('id')] );
$session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent');
}
}
}
}
//$this->setRedirect($link, $msg);
}
