function move_page($userId, $pageId, $parentId, $pagetitle, $pagename, $deleteoriginalentry) { /** * return true or false. * First check if page with same name exists in destination parent. If it does, and the parent is different from * current parent, dont copy or move and return false * */ //var_dump($str); $query = "SELECT `page_id` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_parentid` = '{$parentId}' AND `page_name` = '{$pagename}'"; $result = mysql_query($query); if (mysql_num_rows($result) > 0) { return "Error: There exists a page with the same name in the destination path."; } $parentInfo = getPageInfo($parentId); if (!getPermissions($userId, $parentId, "settings")) { return "Error: You do not have permission to copy or move to the destination page."; } if ($parentInfo['page_module'] == "link") { return "Error: Cannot move or copy a page to a page of the type link."; } $str = array(); parseUrlDereferenced($parentId, $str); $arrlen = count($str); for ($i = 0; $i < count($str); $i++) { if ($pageId == $str[$i]) { return 'Error : You are trying to copy a parent to a child page. This will create a loop'; } } //if the deleteoriginal entry is set then the page is MOVED from the original location to the new location. if ($deleteoriginalentry == true) { if ($pageId != 0) { $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "pages` SET `page_parentid` = '" . $parentId . "' , `page_title` = '" . $pagetitle . "' , `page_name` = '" . $pagename . "' WHERE `page_id` ='{$pageId}' ;"; $result = mysql_query($query); if (mysql_affected_rows() != 1) { return 'Unable to perform the required action'; } global $urlRequestRoot; header("location:" . $urlRequestRoot . getPagePath($pageId) . "+settings&displayinfo=" . rawurlencode("The page has been successfully moved.")); } else { return 'Error : You do not have permission to move the root page.'; } } else { $recursive = false; if (isset($_POST['recursivelycopypage'])) { $recursive = true; } if (copyPage($userId, $pageId, $parentId, $pagetitle, $pagename, $recursive)) { displayinfo("Page copied successfully!"); } } }
/** * Determines which permissions a user can grant, and to which groups and users on a given page * @param $userid User id of the user attempting to grant permissions * @param $pagepath Array containing the page ids of the nodes on the path to the given page * @param $modifiableGroups Buffer to store the groups the user can grant permissions to * @param $grantableActions Buffer to store the list of actions the user can grant permissions for * @return Boolean, indicating whether the function was successful */ function grantPermissions($userid, $pageid) { //serving change permission requests if (isset($_GET['doaction']) && $_GET['doaction'] == "changePerm") { $permtype = escape($_GET['permtype']); $pageid = escape($_GET['pageid']); $usergroupid = escape($_GET['usergroupid']); $permid = escape($_GET['permid']); $perm = escape($_GET['perm']); $flag = true; if ($perm == 'Y' || $perm == 'N') { if ($permission = mysql_fetch_array(mysql_query("SELECT `perm_permission` FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'"))) { if ($permission['perm_permission'] != $perm) { mysql_query("UPDATE `" . MYSQL_DATABASE_PREFIX . "userpageperm` SET `perm_permission` = '{$perm}' WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'"); if (mysql_affected_rows() == 0) { $flag = false; } } } else { mysql_query("INSERT `" . MYSQL_DATABASE_PREFIX . "userpageperm`(`perm_type`, `page_id`, `usergroup_id`, `perm_id`, `perm_permission`) VALUES('{$permtype}','{$pageid}','{$usergroupid}','{$permid}','{$perm}')"); if (mysql_affected_rows() == 0) { $flag = false; } } } else { if ($permission = mysql_fetch_array(mysql_query("SELECT `perm_permission` FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'"))) { mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'"); if (mysql_affected_rows() == 0) { $flag = false; } } } if ($flag) { echo "1"; } else { echo "0"; } disconnect(); exit; } //serving refresh permissions request if (isset($_GET['doaction']) && $_GET['doaction'] == 'getpermvars' && isset($_GET['pageid'])) { global $cmsFolder, $urlRequestRoot, $templateFolder; $pageid = escape($_GET['pageid']); if (mysql_fetch_array(mysql_query("SELECT `page_name` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_id` = '{$pageid}'"))) { $pagepath = array(); parseUrlDereferenced($pageid, $pagepath); $pageid = $pagepath[count($pagepath) - 1]; $groups = array_reverse(getGroupIds($userid)); $virtue = ''; $maxPriorityGroup = getMaxPriorityGroup($pagepath, $userid, $groups, $virtue); if ($maxPriorityGroup == -1) { return 'You do not have the required permissions to view this page.'; } if ($virtue == 'user') { $grantableActions = getGroupPermissions($groups, $pagepath, $userid); } else { $grantableActions = getGroupPermissions($groups, $pagepath); } $actionCount = count($_POST['permission']); $checkedActions = array(); for ($i = 0; $i < $actionCount; $i++) { list($modTemp, $actTemp) = explode('_', escape($_POST['permission'][$i]), 2); if (isset($_POST[$modTemp . $actTemp])) { if (isset($grantableActions[$modTemp])) { for ($j = 0; $j < count($grantableActions[$modTemp]); $j++) { if ($grantableActions[$modTemp][$j][1] == $actTemp) { $checkedActions[$modTemp][] = $grantableActions[$modTemp][$j]; break; } } } } } if (count($checkedActions) > 0) { $grantableActions = $checkedActions; } $modifiableGroups = getModifiableGroups($userid, $maxPriorityGroup); $modifiableGroupIds = array(0, 1); for ($i = 0; $i < count($modifiableGroups); $i++) { $modifiableGroupIds[] = $modifiableGroups[$i]['group_id']; } $permissions = formattedPermissions($pagepath, $modifiableGroupIds, $grantableActions); $ret = <<<RET pageid = {$pageid}; {$permissions} RET; echo $ret; } else { echo "Error: Invalid Pageid passed"; } disconnect(); exit; } global $cmsFolder, $urlRequestRoot; $pagepath = array(); parseUrlDereferenced($pageid, $pagepath); $pageid = $pagepath[count($pagepath) - 1]; $groups = array_reverse(getGroupIds($userid)); $virtue = ''; $maxPriorityGroup = getMaxPriorityGroup($pagepath, $userid, $groups, $virtue); if ($maxPriorityGroup == -1) { return 'You do not have the required permissions to view this page.'; } if ($virtue == 'user') { $grantableActions = getGroupPermissions($groups, $pagepath, $userid); } else { $grantableActions = getGroupPermissions($groups, $pagepath); } if (isset($_POST['permission'])) { $actionCount = count($_POST['permission']); } else { $actionCount = ""; } $checkedActions = array(); for ($i = 0; $i < $actionCount; $i++) { list($modTemp, $actTemp) = explode('_', escape($_POST['permission'][$i]), 2); if (isset($_POST[$modTemp . $actTemp])) { if (isset($grantableActions[$modTemp])) { for ($j = 0; $j < count($grantableActions[$modTemp]); $j++) { if ($grantableActions[$modTemp][$j][1] == $actTemp) { $checkedActions[$modTemp][] = $grantableActions[$modTemp][$j]; break; } } } } } if (count($checkedActions) > 0) { $grantableActions = $checkedActions; } $modifiableGroups = getModifiableGroups($userid, $maxPriorityGroup); $modifiableGroupIds = array(0, 1); for ($i = 0; $i < count($modifiableGroups); $i++) { $modifiableGroupIds[] = $modifiableGroups[$i]['group_id']; } $perms = json_encode(formatPermissions($grantableActions)); $permissions = formattedPermissions($pagepath, $modifiableGroupIds, $grantableActions); $groups = customGetGroups($maxPriorityGroup); $users = customGetAllUsers(); global $templateFolder; $smarttableconfig = array('permtable' => array('sPaginationType' => 'two_button', 'bAutoWidth' => 'false', 'aoColumns' => '{ "sWidth": "100px" }'), 'permtable2' => array('sPaginationType' => 'two_button', 'bAutoWidth' => 'false', 'aoColumns' => '{ "sWidth": "100px" }')); $ret = smarttable::render(array('permtable', 'permtable2'), $smarttableconfig); $globals = getGlobalSettings(); $baseURL = "./+grant&doaction=changePerm"; if ($globals['url_rewrite'] == 'false') { $baseURL = prettyurl($baseURL); } $selected = "var selected = {'permissions' : [], 'users' : [], 'groups' : []};"; if (isset($_GET['doaction']) && $_GET['doaction'] == 'getUserPerm') { $get_selectedPerms = array(); $get_selectedGroups = array(); $get_selectedUsers = array(); foreach ($_POST as $key => $var) { if (substr($key, 0, 12) == "permissions_") { $get_selectedPerms[] = (int) substr($key, 12); } } list($get_sortedGroupPerms, $get_sortedUserPerms) = getAllPermissionsOnPage($pagepath, $modifiableGroupIds, $grantableActions); $save = 0; foreach ($get_sortedGroupPerms['Y'] as $get_groupId => $get_data) { $found = false; foreach ($get_sortedGroupPerms['Y'][$get_groupId] as $get_permId) { foreach ($get_selectedPerms as $selected_perm) { if ($selected_perm == $get_permId) { $get_selectedGroups[] = (int) $get_groupId; $found = true; } } if ($found) { break; } } if ($get_groupId == 0 && $found) { $save += 1; } if ($get_groupId == 1 && $found) { $save += 2; } } foreach ($get_sortedUserPerms['Y'] as $get_userId => $get_data) { $found = false; foreach ($get_sortedUserPerms['Y'][$get_userId] as $get_permId) { foreach ($get_selectedPerms as $selected_perm) { if ($selected_perm == $get_permId) { $get_selectedUsers[] = (int) $get_userId; $found = true; } } if ($found) { break; } } } $get_selectedGroups = filterByPriority($maxPriorityGroup, $get_selectedGroups); if ($save % 2 == 1) { $get_selectedGroups[] = 0; } if ($save / 2 == 1) { $get_selectedGroups[] = 1; } $selected = "var selected = {'permissions' : " . json_encode($get_selectedPerms) . ", 'users' : " . json_encode($get_selectedUsers) . ", 'groups' : " . json_encode($get_selectedGroups) . "};"; } if (isset($_GET['doaction']) && $_GET['doaction'] == 'getPermUser') { $get_selectedPerms = array(); $get_selectedGroups = array(); $get_selectedUsers = array(); foreach ($_POST as $key => $var) { if (substr($key, 0, 6) == "users_") { $get_selectedUsers[] = (int) substr($key, 6); } else { if (substr($key, 0, 7) == "groups_") { $get_selectedGroups[] = (int) substr($key, 7); } } } list($get_sortedGroupPerms, $get_sortedUserPerms) = getAllPermissionsOnPage($pagepath, $modifiableGroupIds, $grantableActions); $save = 0; foreach ($get_sortedGroupPerms['Y'] as $get_groupId => $get_data) { if (isPresent($get_groupId, $get_selectedGroups)) { foreach ($get_sortedGroupPerms['Y'][$get_groupId] as $get_permId) { if (!isPresent($get_permId, $get_selectedPerms)) { $get_selectedPerms[] = $get_permId; } } } } foreach ($get_sortedUserPerms['Y'] as $get_userId => $get_data) { if (isPresent($get_userId, $get_selectedUsers)) { foreach ($get_sortedUserPerms['Y'][$get_userId] as $get_permId) { if (!isPresent($get_permId, $get_selectedPerms)) { $get_selectedPerms[] = $get_permId; } } } } $selected = "var selected = {'permissions' : " . json_encode($get_selectedPerms) . ", 'users' : " . json_encode($get_selectedUsers) . ", 'groups' : " . json_encode($get_selectedGroups) . "};"; } $ret .= <<<RET <style type="text/css" title="currentStyle"> \tdiv#permtable_filter input { width: 90px; } \tdiv#permtable2_filter input { width: 90px; } </style> <script type="text/javascript" language="javascript" src="{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/scripts/permissionsTable.js"></script> <script type="text/javascript"> var baseURL = "{$baseURL}"; var pageid = {$pageid}; var permissions = {$perms}; var permGroups; var permUsers; var groups = {{$groups}}; var users = {{$users}}; {$permissions} {$selected} </script> <div id='info'></div> <INPUT type=checkbox id='skipAlerts'> Skip Alerts <br> <div id='permTable'> </div> <table width=100%> <tr> <td width=50%> <a href='javascript:selectAll1()'>Select All</a> <a href='javascript:clearAll1()'>Clear All</a> <a href='javascript:toggle1()'>Toggle</a> <a href='javascript:getuserperm()'>Check Users having selected Permission</a><br> <form action='./+grant&doaction=getUserPerm' method="POST" id='getuserperm'> <table class="userlisttable display" id='permtable' name='permtable'><thead><tr><th>Permissions</th></thead><tbody id='actionsList'> </tbody></table> </form> </td> <td width=50%> <a href='javascript:selectAll2()'>Select All</a> <a href='javascript:clearAll2()'>Clear All</a> <a href='javascript:toggle2()'>Toggle</a> <a href='javascript:getpermuser()'>Check Permissions selected User is having</a><br> <form action='./+grant&doaction=getPermUser' method="POST" id='getpermuser'> <table class="userlisttable display" id='permtable2' name='permtable2'><thead><tr><th>Users</th></thead><tbody id='usersList'> </tbody></table> </form> </td> </tr> </table> <a href='javascript:populateList()'>Click here if the lists are empty</a> RET; global $STARTSCRIPTS; $STARTSCRIPTS .= " populateList();"; return $ret; }
function admin($pageid, $userid) { if (isset($_GET['doaction']) && $_GET['doaction'] == 'getsuggestions' && isset($_GET['forwhat'])) { if (strlen($_GET['forwhat']) >= 3) { echo getSuggestions($_GET['forwhat']); disconnect(); exit; } } global $urlRequestRoot, $templateFolder, $cmsFolder, $ICONS; if (isset($_GET['indexsite'])) { global $sourceFolder; require "{$sourceFolder}/modules/search/admin/spider.php"; if ($_GET['indexsite'] == 1) { $serveruri = isset($_SERVER['ORIG_SCRIPT_NAME']) ? $_SERVER['ORIG_SCRIPT_NAME'] : $_SERVER['SCRIPT_NAME']; $uri = substr($serveruri, 0, stripos($serveruri, "index.php")); $site = "http://" . $_SERVER['HTTP_HOST'] . $uri . "home/"; index_site($site, 0, -1, 'full', "", "+\n&", 0); displayinfo("Index for site created"); } else { index_all(); } } $result = mysql_fetch_array(mysql_query("SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE `attribute` = 'reindex_frequency'")); if ($result != NULL) { $threshold = $result['value']; } else { $threshold = 30; } $result = mysql_fetch_array(mysql_query("SELECT to_days(CURRENT_TIMESTAMP)-to_days(`indexdate`) AS 'diff' FROM `sites` WHERE `url` LIKE '%home%'")); if ($result == NULL) { displayinfo("It seems the site doesn't have index for the search to work. Click <a href='./+admin&indexsite=1'>here</a> to index the site."); } else { if ($result['diff'] > $threshold) { displayinfo("Your site index was created {$result['diff']} days before. Click <a href='./+admin&indexsite=2'>here</a> to reindex your site."); } } $quicklinks = <<<ADMINPAGE \t<fieldset> \t<legend>{$ICONS['Website Administration']['small']}Website Administration</legend> \t<a name='quicklinks'></a> \t<table class="iconspanel"> \t<tr> \t<td><a href="./+admin&subaction=global"><div>{$ICONS['Global Settings']['large']}<br/>Global Settings</div></a></td>\t \t<td><a href="./+admin&subaction=template"><div>{$ICONS['Templates Management']['large']}<br/>Templates Management</div></a></td> \t<td><a href="./+admin&subaction=module"><div>{$ICONS['Modules Management']['large']}<br/>Module Management</div></a></td> \t<td><a href="./+admin&subaction=widgets"><div>{$ICONS['Widgets']['large']}<br/>Widgets Management</div></a></td> \t</tr> \t<tr> \t<td><a href="./+admin&subaction=icon"><div>{$ICONS['Icons']['large']}<br/>Icons Management</div></a></td> \t<td><a href="./+admin&subaction=email"><div>{$ICONS['Email Registrants']['large']}<br/>Email Registrants</div></a></td> \t<td><a href="./+admin&subaction=editgroups"><div>{$ICONS['User Groups']['large']}<br/>Group Management</div></a></td> \t<td><a href="./+admin&subaction=expert"><div>{$ICONS['Site Maintenance']['large']}<br/>Site Maintenance</div></a></td> \t</tr> \t<tr> \t \t<td colspan=2><a href="./+admin&subaction=useradmin"><div>{$ICONS['User Management']['large']}<br/>User Management</div></a></td> \t<td colspan=2><a href="./+admin&subaction=editprofileform"><div>{$ICONS['User Profile']['large']}<br/>User Profiles</div></a></td> \t</tr> \t</table> \t</fieldset> ADMINPAGE; if (isset($_GET['subaction'])) { require_once "email.lib.php"; if ($_GET['subaction'] == "email") { return displayEmail() . $quicklinks; } else { if ($_GET['subaction'] == "openemail") { return displayEmail(escape($_GET['name'])) . $quicklinks; } else { if ($_GET['subaction'] == "emailsend") { sendEmail(); return displayEmail(escape($_POST['emailtemplates'])) . $quicklinks; } else { if ($_GET['subaction'] == "emailsave") { saveEmail(); return displayEmail(escape($_POST['emailtemplates'])) . $quicklinks; } } } } } if (isset($_GET['subaction']) && ($_GET['subaction'] == 'module' || $_GET['subaction'] == 'template')) { $type = escape($_GET['subaction']); if ($type == 'module') { displaywarning("Module Installation/Uninstallation has the potential to completely bring down the CMS, so Install only modules from trusted source"); } require_once "module.lib.php"; require_once "template.lib.php"; $type = ucfirst($type); $function = "handle{$type}Management"; $op = $function(); if ($op != "") { return $op . $quicklinks; } return managementForm($type) . $quicklinks; } global $sourceFolder; if (!isset($_GET['subaction']) && !isset($_GET['subsubaction'])) { return $quicklinks; } require_once "users.lib.php"; $op = ""; $ophead = ""; $str = ""; if (isset($_GET['subaction']) || isset($_GET['subsubaction']) || isset($_GET['id']) || isset($_GET['movePermId']) || isset($_GET['module'])) { if (isset($_GET['subaction']) && $_GET['subaction'] == 'global' && isset($_POST['update_global_settings'])) { updateGlobalSettings(); } else { if (isset($_GET['subaction']) && $_GET['subaction'] == 'global' && isset($_GET['del_black'])) { delete_blacklist(); } else { if (isset($_GET['subaction']) && $_GET['subaction'] == 'useradmin') { $op .= handleUserMgmt(); $ophead = "{$ICONS['User Management']['small']}User Management"; } else { if (isset($_GET['subaction']) && $_GET['subaction'] == 'widgets') { $op .= handleWidgetAdmin($pageid); $ophead = "{$ICONS['Widgets']['small']}Widgets Management"; } else { if (isset($_GET['subaction']) && $_GET['subaction'] == 'icon') { require_once "iconmanagement.lib.php"; $res = handleIconManagement(); if (isset($_GET['iconURL'])) { return $res; } $op .= $res; $ophead = "{$ICONS['Icons']['small']}Icons Management"; } else { if (isset($_GET['subaction']) && $_GET['subaction'] == 'editgroups') { require_once "permission.lib.php"; $pagepath = array(); parseUrlDereferenced($pageid, $pagepath); $virtue = ''; $maxPriorityGroup = getMaxPriorityGroup($pagepath, $userid, array_reverse(getGroupIds($userid)), $virtue); $modifiableGroups = getModifiableGroups($userid, $maxPriorityGroup); $op .= groupManagementForm($userid, $modifiableGroups, $pagepath); $ophead = "{$ICONS['Group Management']['small']}Group Management"; } else { if (isset($_GET['subaction']) && $_GET['subaction'] == 'reloadtemplates') { $op .= reloadTemplates(); $ophead = "{$ICONS['Templates Management']['small']}Reloading Templates"; } else { if (isset($_GET['subaction']) && $_GET['subaction'] == 'reloadmodules') { $op .= reloadModules(); $ophead = "{$ICONS['Modules Management']['small']}Reloading Modules"; } else { if (isset($_GET['subaction']) && $_GET['subaction'] == 'checkPerm') { $op .= admin_checkFunctionPerms(); $ophead = "{$ICONS['Access Permissions']['small']}Checking Permissions Consistency"; } elseif (isset($_GET['subaction']) && $_GET['subaction'] == 'checkAdminUser') { $op .= admin_checkAdminUser(); $ophead = "Checking Administrator User"; } elseif (isset($_GET['subaction']) && $_GET['subaction'] == 'checkAdminPerms') { $op .= admin_checkAdminPerms(); $ophead = "Checking Administrator Permissions"; } elseif (isset($_GET['subaction']) && $_GET['subaction'] == 'changePermRank') { $op .= admin_changePermRank(); $ophead = "{$ICONS['Access Permissions']['small']}Changing Permissions Rank"; } elseif (isset($_GET['subaction']) && $_GET['subaction'] == 'editprofileform' || isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'editprofileform') { $op .= admin_editProfileForm(); $ophead = "{$ICONS['User Profile']['small']}Edit User Profile Form"; } elseif (isset($_GET['id'])) { $op .= admin_userAdmin(); } elseif (isset($_GET['movePermId'])) { $op .= admin_changePermRank(); $ophead = "{$ICONS['Access Permissions']['small']}Changing Permissions Rank"; } elseif (isset($_GET['module'])) { $op .= admin_changePermRank(escape($_GET['module'])); $ophead = "{$ICONS['Access Permissions']['small']}Changing Permissions Rank for module '" . escape($_GET['module']) . "'"; } } } } } } } } } } if ($op != "") { $op = "<fieldset><legend>{$ophead}</legend>{$op}</fieldset>"; } if (isset($_GET['subaction']) && $_GET['subaction'] == 'global') { $str .= globalSettingsForm(); } else { if (isset($_GET['subaction']) && $_GET['subaction'] == 'editgroups') { //do nothing so that "expert only" doesn't comes up } else { if (isset($_GET['subaction']) && $_GET['subaction'] == 'useradmin') { $op .= userManagementForm(); } else { if (isset($_GET['subaction']) && $_GET['subaction'] == 'expert') { $str .= "<fieldset><legend>{$ICONS['Site Maintenance']['small']}Experts Only</legend>"; $str .= '<a href="./+admin&subaction=checkPerm">Check Permission List</a><br />'; $str .= '<a href="./+admin&subaction=checkAdminUser">Check Admin User</a><br />'; $str .= '<a href="./+admin&subaction=checkAdminPerms">Check Admin Perms</a><br />'; $str .= '<a href="./+admin&subaction=changePermRank">Change Perm Ranks</a><br />'; $str .= '<a href="./+admin&subaction=reloadtemplates">Reload Templates</a><br />'; $str .= '<a href="./+admin&subaction=reloadmodules">Reload Modules</a><br />'; $str .= '<a href="./+admin&indexsite=2">Reindex Site for Searching</a></br/></fieldset>'; } } } } return $str . $op . $quicklinks; }