public function save_oke($page)
{
$result = true;
if (valid_input(trim($page["url"]), VALIDATE_URL, VALIDATE_NONEMPTY) == false) {
$this->output->add_message("URL is empty or contains invalid characters.");
$result = false;
} else {
if (strpos($page["url"], "//") !== false || $page["url"][0] !== "/") {
$this->output->add_message("Invalid URL.");
$result = false;
}
}
if (in_array($page["language"], array_keys(config_array(SUPPORTED_LANGUAGES))) == false) {
$this->output->add_message("Language not supported.");
$result = false;
}
if (($layouts = $this->get_layouts()) != false) {
if (in_array($page["layout"], $layouts) == false) {
$this->output->add_message("Invalid layout.");
$result = false;
}
}
if (trim($page["title"]) == "") {
$this->output->add_message("Empty title not allowed.");
$result = false;
}
if (valid_input($page["language"], VALIDATE_NONCAPITALS, 2) == false) {
$this->output->add_message("Invalid language code.");
$result = false;
}
$module = ltrim($page["url"], "/");
$public_pages = page_to_module(config_file("public_pages"));
$private_pages = page_to_module(config_file("private_pages"));
if (in_array($module, $public_pages) || in_array($module, $private_pages)) {
$this->output->add_message("URL belongs to a module.");
$result = false;
} else {
$query = "select * from pages where id!=%d and url=%s limit 1";
if (($page = $this->db->execute($query, $page["id"], $page["url"])) != false) {
if (count($page) > 0) {
$this->output->add_message("URL belongs to another page.");
$result = false;
}
}
}
return $result;
}
public function __construct()
{
$arguments = func_get_args();
call_user_func_array(array("parent", "__construct"), $arguments);
if ($this->language === null) {
return;
}
/* Add supported languages
*/
foreach ($this->language->supported as $lang => $label) {
$this->elements[$lang] = array("label" => $label, "type" => "text", "overview" => false, "required" => true);
}
/* Set page options
*/
$modules = page_to_module(array_merge(config_file("public_pages"), config_file("private_pages")));
sort($modules);
array_unshift($modules, "*");
$modules = array_combine($modules, $modules);
$this->elements["page"]["options"] = $modules;
}
function page_to_module($page)
{
if (is_array($page) == false) {
if (($pos = strrpos($page, ".")) !== false) {
$page = substr($page, 0, $pos);
}
} else {
foreach ($page as $i => $item) {
$page[$i] = page_to_module($item);
}
}
return $page;
}
public function access_allowed($page)
{
static $access = array();
/* Always access
*/
$allowed = array(LOGOUT_MODULE);
if ($this->is_admin || in_array($page, $allowed)) {
return true;
}
/* Public module
*/
if (in_array($page, page_to_module(config_file("public_pages")))) {
return true;
}
/* Public page in database
*/
$query = "select count(*) as count from pages where url=%s and private=%d";
if (($result = $this->db->execute($query, "/" . $page, NO)) == false) {
return false;
} else {
if ($result[0]["count"] > 0) {
return true;
}
}
/* No roles, no access
*/
if (count($this->record["role_ids"]) == 0) {
return false;
}
/* Cached?
*/
if (isset($access[$page])) {
return $access[$page];
}
/* Check access
*/
$conditions = $rids = array();
foreach ($this->record["role_ids"] as $rid) {
array_push($conditions, "%d");
array_push($rids, $rid);
}
if (in_array($page, page_to_module(config_file("private_pages")))) {
/* Pages on disk (modules)
*/
$query = "select %S from roles where id in (" . implode(", ", $conditions) . ")";
if (($access = $this->db->execute($query, $page, $rids)) == false) {
return false;
}
} else {
/* Pages in database
*/
$query = "select a.level from page_access a, pages p " . "where a.page_id=p.id and p.url=%s and a.level>0 " . "and a.role_id in (" . implode(", ", $conditions) . ")";
if (($access = $this->db->execute($query, "/" . $page, $rids)) == false) {
return false;
}
}
$access[$page] = max(array_flatten($access)) > 0;
return $access[$page];
}
private function module_on_disk($url, $pages)
{
$module = null;
$url = explode("/", $url);
$url_count = count($url);
foreach ($pages as $line) {
$page = explode("/", $line);
$parts = count($page);
$match = true;
for ($i = 0; $i < $parts; $i++) {
if ($page[$i] == "*") {
continue;
} else {
if ($page[$i] !== $url[$i]) {
$match = false;
break;
}
}
}
if ($match && strlen($line) >= strlen($module)) {
$module = page_to_module($line);
$this->type = page_to_type($line);
}
}
return $module;
}
function page_access_list($db, $user)
{
$access_rights = array();
/* Public pages on disk
*/
$public = page_to_module(config_file("public_pages"));
foreach ($public as $page) {
$access_rights[$page] = 1;
}
/* Private pages on disk
*/
$private_pages = page_to_module(config_file("private_pages"));
foreach ($private_pages as $page) {
$access_rights[$page] = $user->is_admin ? YES : NO;
}
if ($user->logged_in && $user->is_admin == false) {
$query = "select * from roles where id in " . "(select role_id from user_role where user_id=%d)";
if (($roles = $db->execute($query, $user->id)) === false) {
return false;
}
foreach ($roles as $role) {
$role = array_slice($role, 2);
foreach ($role as $page => $level) {
$level = (int) $level;
if ($user->is_admin && $level == NO) {
$level = YES;
}
if (isset($access_rights[$page]) == false) {
$access_rights[$page] = $level;
} else {
if ($access_rights[$page] < $level) {
$access_rights[$page] = $level;
}
}
}
}
}
/* Pages in database
*/
if (($pages = $db->execute("select * from pages")) === false) {
return false;
}
foreach ($pages as $page) {
$access_rights[ltrim($page["url"], "/")] = is_false($page["private"]) || $user->is_admin ? YES : NO;
}
if ($user->logged_in && $user->is_admin == false) {
$conditions = $rids = array();
foreach ($user->role_ids as $rid) {
array_push($conditions, "role_id=%d");
array_push($rids, $rid);
}
$query = "select p.url,a.level from pages p, page_access a " . "where p.id=a.page_id and (" . implode(" or ", $conditions) . ")";
if (($pages = $db->execute($query, $rids)) === false) {
return false;
}
foreach ($pages as $page) {
$url = ltrim($page["url"], "/");
if ($access_rights[$url] < $page["level"]) {
$access_rights[$url] = $page["level"];
}
}
}
return $access_rights;
}
