public function save_oke($page) { $result = true; if (valid_input(trim($page["url"]), VALIDATE_URL, VALIDATE_NONEMPTY) == false) { $this->output->add_message("URL is empty or contains invalid characters."); $result = false; } else { if (strpos($page["url"], "//") !== false || $page["url"][0] !== "/") { $this->output->add_message("Invalid URL."); $result = false; } } if (in_array($page["language"], array_keys(config_array(SUPPORTED_LANGUAGES))) == false) { $this->output->add_message("Language not supported."); $result = false; } if (($layouts = $this->get_layouts()) != false) { if (in_array($page["layout"], $layouts) == false) { $this->output->add_message("Invalid layout."); $result = false; } } if (trim($page["title"]) == "") { $this->output->add_message("Empty title not allowed."); $result = false; } if (valid_input($page["language"], VALIDATE_NONCAPITALS, 2) == false) { $this->output->add_message("Invalid language code."); $result = false; } $module = ltrim($page["url"], "/"); $public_pages = page_to_module(config_file("public_pages")); $private_pages = page_to_module(config_file("private_pages")); if (in_array($module, $public_pages) || in_array($module, $private_pages)) { $this->output->add_message("URL belongs to a module."); $result = false; } else { $query = "select * from pages where id!=%d and url=%s limit 1"; if (($page = $this->db->execute($query, $page["id"], $page["url"])) != false) { if (count($page) > 0) { $this->output->add_message("URL belongs to another page."); $result = false; } } } return $result; }
public function __construct() { $arguments = func_get_args(); call_user_func_array(array("parent", "__construct"), $arguments); if ($this->language === null) { return; } /* Add supported languages */ foreach ($this->language->supported as $lang => $label) { $this->elements[$lang] = array("label" => $label, "type" => "text", "overview" => false, "required" => true); } /* Set page options */ $modules = page_to_module(array_merge(config_file("public_pages"), config_file("private_pages"))); sort($modules); array_unshift($modules, "*"); $modules = array_combine($modules, $modules); $this->elements["page"]["options"] = $modules; }
function page_to_module($page) { if (is_array($page) == false) { if (($pos = strrpos($page, ".")) !== false) { $page = substr($page, 0, $pos); } } else { foreach ($page as $i => $item) { $page[$i] = page_to_module($item); } } return $page; }
public function access_allowed($page) { static $access = array(); /* Always access */ $allowed = array(LOGOUT_MODULE); if ($this->is_admin || in_array($page, $allowed)) { return true; } /* Public module */ if (in_array($page, page_to_module(config_file("public_pages")))) { return true; } /* Public page in database */ $query = "select count(*) as count from pages where url=%s and private=%d"; if (($result = $this->db->execute($query, "/" . $page, NO)) == false) { return false; } else { if ($result[0]["count"] > 0) { return true; } } /* No roles, no access */ if (count($this->record["role_ids"]) == 0) { return false; } /* Cached? */ if (isset($access[$page])) { return $access[$page]; } /* Check access */ $conditions = $rids = array(); foreach ($this->record["role_ids"] as $rid) { array_push($conditions, "%d"); array_push($rids, $rid); } if (in_array($page, page_to_module(config_file("private_pages")))) { /* Pages on disk (modules) */ $query = "select %S from roles where id in (" . implode(", ", $conditions) . ")"; if (($access = $this->db->execute($query, $page, $rids)) == false) { return false; } } else { /* Pages in database */ $query = "select a.level from page_access a, pages p " . "where a.page_id=p.id and p.url=%s and a.level>0 " . "and a.role_id in (" . implode(", ", $conditions) . ")"; if (($access = $this->db->execute($query, "/" . $page, $rids)) == false) { return false; } } $access[$page] = max(array_flatten($access)) > 0; return $access[$page]; }
private function module_on_disk($url, $pages) { $module = null; $url = explode("/", $url); $url_count = count($url); foreach ($pages as $line) { $page = explode("/", $line); $parts = count($page); $match = true; for ($i = 0; $i < $parts; $i++) { if ($page[$i] == "*") { continue; } else { if ($page[$i] !== $url[$i]) { $match = false; break; } } } if ($match && strlen($line) >= strlen($module)) { $module = page_to_module($line); $this->type = page_to_type($line); } } return $module; }
function page_access_list($db, $user) { $access_rights = array(); /* Public pages on disk */ $public = page_to_module(config_file("public_pages")); foreach ($public as $page) { $access_rights[$page] = 1; } /* Private pages on disk */ $private_pages = page_to_module(config_file("private_pages")); foreach ($private_pages as $page) { $access_rights[$page] = $user->is_admin ? YES : NO; } if ($user->logged_in && $user->is_admin == false) { $query = "select * from roles where id in " . "(select role_id from user_role where user_id=%d)"; if (($roles = $db->execute($query, $user->id)) === false) { return false; } foreach ($roles as $role) { $role = array_slice($role, 2); foreach ($role as $page => $level) { $level = (int) $level; if ($user->is_admin && $level == NO) { $level = YES; } if (isset($access_rights[$page]) == false) { $access_rights[$page] = $level; } else { if ($access_rights[$page] < $level) { $access_rights[$page] = $level; } } } } } /* Pages in database */ if (($pages = $db->execute("select * from pages")) === false) { return false; } foreach ($pages as $page) { $access_rights[ltrim($page["url"], "/")] = is_false($page["private"]) || $user->is_admin ? YES : NO; } if ($user->logged_in && $user->is_admin == false) { $conditions = $rids = array(); foreach ($user->role_ids as $rid) { array_push($conditions, "role_id=%d"); array_push($rids, $rid); } $query = "select p.url,a.level from pages p, page_access a " . "where p.id=a.page_id and (" . implode(" or ", $conditions) . ")"; if (($pages = $db->execute($query, $rids)) === false) { return false; } foreach ($pages as $page) { $url = ltrim($page["url"], "/"); if ($access_rights[$url] < $page["level"]) { $access_rights[$url] = $page["level"]; } } } return $access_rights; }