/** * * Function sort out paramaters * This function creates folders needed when duplicating a template * @param number $folder_name_id - the id of this template * @param number $tutorial_id_from_post - the parent template name for the new tutorial * @version 1.0 * @author Patrick Lockley */ function create_new_template($folder_name_id, $parent_template_name) { global $dir_path, $new_path, $temp_dir_path, $temp_new_path, $xerte_toolkits_site; $row_framework = db_query_one("SELECT template_framework from {$xerte_toolkits_site->database_table_prefix}originaltemplatesdetails WHERE template_name = ?", array($parent_template_name)); // I think this is wrong, currently looking like : /home/david/src/xerteonlinetoolkits/modules//templates/0 should presumably be home/david/src/xerteonlinetoolkits/modules/xerte/templates/Nottingham $dir_path = $xerte_toolkits_site->basic_template_path . $row_framework['template_framework'] . "/templates/" . $parent_template_name; /** * Get the id of the folder we are looking to copy into */ _debug("Creating new template : {$folder_name_id}, {$parent_template_name}"); $new_path = $xerte_toolkits_site->users_file_area_full . $folder_name_id . "-" . $_SESSION['toolkits_logon_username'] . "-" . $parent_template_name; $path = $xerte_toolkits_site->users_file_area_full . $folder_name_id . "-" . $_SESSION['toolkits_logon_username'] . "-" . $parent_template_name; if (is_dir($path)) { _debug("Trying to create new template at location - {$path} - it's already in use. Aborting"); die("Template directory already exists; will not overwrite/re-create."); } if (mkdir($path)) { _debug("Created {$path} ok"); if (@chmod($path, 0777)) { $ok = copy_r($dir_path, $path); _debug("Copy_r returned " . print_r($ok, true)); return $ok; } else { _debug("Failed to set rights "); receive_message($_SESSION['toolkits_logon_username'], "FILE_SYSTEM", "MAJOR", "Failed to set rights on parent folder for template", "Failed to set rights on parent folder " . $path); return false; } } else { receive_message($_SESSION['toolkits_logon_username'], "FILE_SYSTEM", "CRITICAL", "Failed to create parent folder for template", "Failed to create parent folder " . $path); return false; } }
/** * * Function database connect * This function checks http security settings * @param string $success_string = Successful message for the error log * @param string $error_string = Error message for the error log * @version 1.0 * @author Patrick Lockley */ function database_connect($success_string, $error_string) { global $xerte_toolkits_site; /* * Try to connect */ $mysql_connect_id = @mysql_connect($xerte_toolkits_site->database_host, $xerte_toolkits_site->database_username, $xerte_toolkits_site->database_password); /* * Check for connection and error if failed */ if (!$mysql_connect_id) { die("<h2>Xerte Online Toolkits</h2>\r\n <p><strong>Sorry, the system cannot connect to the database at present</strong></p>\r\n <p>This may be because the database server is offline, or this instance of Xerte has not been setup (see <a href='setup'>/setup</a>). </p>\r\n <p>The mysql error is <strong>" . mysql_error() . "</strong></p>"); } $database_fail = false; mysql_select_db($xerte_toolkits_site->database_name) or $database_fail = true; /* * database failing code */ $username = '******'; if (isset($_SESSION['toolkits_logon_username'])) { $username = $_SESSION['toolkits_logon_username']; } if ($database_fail) { receive_message($username, "ADMIN", "CRITICAL", "DATABASE FAILED AT " . $error_string, "MYSQL ERROR MESSAGE IS " . mysql_error()); die("Sorry, the system cannot connect to the database at present. The mysql error is " . mysql_error()); } else { receive_message($username, "ADMIN", "SUCCESS", "DATABASE CONNECTED", $success_string); } /* * if all worked returned the mysql ID */ return $mysql_connect_id; }
function get_default_engine($template_id) { global $xerte_toolkits_site; $row = db_query_one("SELECT td.extra_flags FROM {$xerte_toolkits_site->database_table_prefix}templatedetails td WHERE td.template_id = ?", array($template_id)); if ($row == false) { receive_message($_SESSION['toolkits_logon_username'], "ADMIN", "CRITICAL", "Failed to get default template engine", "Failed to get the default template engine"); } else { $engine = 'javascript'; $extra_flags = explode(";", $row['extra_flags']); foreach ($extra_flags as $flag) { $parameter = explode("=", $flag); switch ($parameter[0]) { case 'engine': $engine = $parameter[1]; break; } } return $engine; } }
function move_folder($folder_id, $destination) { global $xerte_toolkits_site; $mysql_id = database_connect("Move file database connect success", "Move file database connect failure"); if ($destination != "") { /* * Move folder in database */ $prefix = $xerte_toolkits_site->database_table_prefix; $query_folder = "UPDATE {$prefix}folderdetails SET folder_parent = ? WHERE (folder_id = ? )"; $params = array($destination, $folder_id); $ok = db_query($query_folder, $params); if ($ok) { receive_message($_SESSION['toolkits_logon_username'], "USER", "SUCCESS", "Folder " . $folder_id . " moved into " . $destination . " for " . $_SESSION['toolkits_logon_username'], "File " . $new_files_array[$x] . " moved into " . $destination . " for " . $_SESSION['toolkits_logon_username']); } else { receive_message($_SESSION['toolkits_logon_username'], "USER", "SUCCESS", "File " . $folder_id . " failed to move into " . $destination . " for " . $_SESSION['toolkits_logon_username'], "Folder " . $new_files_array[$x] . " failed to move into " . $destination . " for " . $_SESSION['toolkits_logon_username']); } } }
echo "file has been corrupted<BR>"; //die(); } $unescaped_data = $_POST['filedata']; if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) { $unescaped_data = stripslashes($_POST['filedata']); } $filedata = apply_filters("editor_save_data", $unescaped_data); /** * Save and play do slightly different things. Save sends an extra variable so we update data.xml as well as preview.xml */ if ($_POST['fileupdate'] == "true") { $file_handle = fopen($xerte_toolkits_site->root_file_path . $savepath, 'w'); if (fwrite($file_handle, $filedata) != false) { receive_message($_SESSION['toolkits_logon_username'], "ADMIN", "SUCCESS", "Template " . $_POST['filename'] . " saved", $filedata); } else { receive_message($_SESSION['toolkits_logon_username'], "ADMIN", "CRITICAL", "Template " . $_POST['filename'] . " failed to save", $filedata); } fclose($file_handle); } /** * Update preview.xml */ $filedata = apply_filters("editor_save_preview", $unescaped_data); $file_handle = fopen($xerte_toolkits_site->root_file_path . $_POST['filename'], 'w'); if (fwrite($file_handle, $filedata) != false) { receive_message($_SESSION['toolkits_logon_username'], "ADMIN", "SUCCESS", "Template " . $_POST['filename'] . " saved", $filedata); } else { receive_message($_SESSION['toolkits_logon_username'], "ADMIN", "CRITICAL", "Template " . $_POST['filename'] . " failed to save", $filedata); } fclose($file_handle);
<?php /** * * delete file template, allows the site to delete files from the media folder * * @author Patrick Lockley * @version 1.0 * @copyright Copyright (c) 2008,2009 University of Nottingham * @package */ include "../error_library.php"; /** XXX/ TODO SECURITY HOLE - NEED TO CHECK $_POST['file'] IS VALID */ if (unlink(urldecode($_POST['file']))) { receive_message($_SESSION['toolkits_logon_username'], "FILE", "SUCCESS", "The file " . $_POST['file'] . "has been deleted", "User " . $_SESSION['toolkits_logon_username'] . " has deleted " . $_POST['file']); } else { receive_message($_SESSION['toolkits_logon_username'], "FILE", "MAJOR", "The file " . $_POST['file'] . "hasn't been deleted", "User " . $_SESSION['toolkits_logon_username'] . " was not deleted " . $_POST['file']); }
/** * * Function get user root folder * Get the id for the users root folder * @author Patrick Lockley * @version 1.0 * @copyright Copyright (c) 2008,2009 University of Nottingham * @package */ function get_user_root_folder() { global $xerte_toolkits_site; $query = "select folder_id from " . $xerte_toolkits_site->database_table_prefix . "folderdetails where login_id='" . $_SESSION['toolkits_logon_id'] . "' AND folder_name = '" . $_SESSION['toolkits_logon_username'] . "'"; $query_response = mysql_query($query); if ($query_response != FALSE) { $row = mysql_fetch_array($query_response); return $row['folder_id']; } else { receive_message($_SESSION['toolkits_logon_username'], "ADMIN", "CRITICAL", "Failed to get users root folder", "Failed to get users root folder"); } }
function valid_login($username, $password, $xerte_toolkits_site) { $link = mysql_connect($xerte_toolkits_site->database_host, $xerte_toolkits_site->database_username, $xerte_toolkits_site->database_password); mysql_select_db($xerte_toolkits_site->database_name); $ldap_hosts = mysql_query("select * from " . $xerte_toolkits_site->database_table_prefix . "ldap"); if (!$ldap_hosts) { if (strpos($xerte_toolkits_site->ldap_host, "\$\$\$")) { $login_check = false; $host = explode("\$\$\$", $xerte_toolkits_site->ldap_host); $port = explode("\$\$\$", $xerte_toolkits_site->ldap_port); $bind_pwd = explode("\$\$\$", $xerte_toolkits_site->bind_pwd); $basedn = explode("\$\$\$", $xerte_toolkits_site->basedn); $bind_dn = explode("\$\$\$", $xerte_toolkits_site->bind_dn); for ($x = 0; $x < count($host); $x++) { $login_check = authenticate_to_host($host[$x], $port[$x], $bind_pwd[$x], $basedn[$x], $bind_dn[$x], $username, $password, $xerte_toolkits_site); if ($login_check) { break; } } if ($login_check) { receive_message($username, "USER", "SUCCESS", "Logging in succeeded for " . $username, "Logging in succeeded for " . $username); return $login_check; } else { receive_message($username, "USER", "CRITICAL", "Login failed for " . $username, "Login failed for " . $username); return $login_check; } } else { $host = $xerte_toolkits_site->ldap_host; $port = $xerte_toolkits_site->ldap_port; $bind_pwd = $xerte_toolkits_site->bind_pwd; $basedn = $xerte_toolkits_site->basedn; $bind_dn = $xerte_toolkits_site->bind_dn; $result = authenticate_to_host($host, $port, $bind_pwd, $basedn, $bind_dn, $username, $password, $xerte_toolkits_site); if ($result) { receive_message($username, "USER", "SUCCESS", "Logging in succeeded for " . $username, "Logging in succeeded for " . $username); return $result; } else { receive_message($username, "USER", "CRITICAL", "Login failed for " . $username, "Login failed for " . $username); return $result; } } } else { while ($host = mysql_fetch_array($ldap_hosts)) { $result = authenticate_to_host($host['ldap_host'], $host['ldap_port'], $host['ldap_password'], $host['ldap_username'], $host['ldap_basedn'], $host['ldap_filter'], $host['ldap_filter_attr'], $username, $password, $xerte_toolkits_site); if ($result[0]) { return true; } } } return false; }
if (!empty($_FILES)) { if (!apply_filters('editor_upload_file', $_FILES)) { _debug("file upload for " . print_r($_FILES, true) . " failed. "); die("File upload failed; check server logs."); } } else { die("No file(s) uploaded"); } /** * These checks remain from R708 */ $pass = true; if (strpos($_FILES['Filedata']['name'], '../') !== false) { $pass = false; } if (strpos($_FILES['Filedata']['name'], '...') !== false) { $pass = false; } if ($pass === false) { receive_message($_SESSION['toolkits_logon_username'], "UPLOAD", "CRITICAL", "Invalid filename: " . $_FILES['Filedata']['name'], "Invalid filename: " . $_FILES['Filedata']['name']); exit; } /** * Passed all the checks so lets try to write the file */ $new_file_name = $xerte_toolkits_site->root_file_path . $_GET['path'] . $_FILES['Filedata']['name']; if (!move_uploaded_file($_FILES['Filedata']['tmp_name'], $new_file_name)) { receive_message($_SESSION['toolkits_logon_username'], "UPLOAD", "CRITICAL", "Error saving file: " . $new_file_name, "Error saving file: " . error_get_last()); die("Couldn't move uploaded file into place."); } apply_filters('editor_post_upload_file', $new_file_name);
/** * * Function make new template * This function checks http security settings * @param string $type = type of template * @param string $zip_path = the path we are zipping * @version 1.0 * @author Patrick Lockley */ function make_new_template($type, $zip_path) { global $xerte_toolkits_site, $delete_folder_array, $folder_id; $database_connect_id = database_connect("new_template(import) database connect success", "new_template(import) database connect fail"); /* *get the root folder for this user */ $root_folder_id = get_user_root_folder(); /* * get the maximum id number from templates, as the id for this template */ $maximum_template_id = get_maximum_template_number(); $root_folder = get_user_root_folder(); $prefix = $xerte_toolkits_site->database_table_prefix; $query_for_template_type_id = "select template_type_id, template_framework from {$prefix}originaltemplatesdetails where template_name = ?"; $params = array($type); $row_template_type = db_query_one($query_for_template_type_id, $params); /* * create the new template record in the database */ /* * See if we have been given a name, if not, use a fixed one. */ if ($_POST['templatename'] != "") { $template_name = $_POST['templatename']; } else { $template_name = IMPORT_NAME_IF_EMPTY; } $query_for_new_template = "INSERT INTO {$prefix}templatedetails " . "(template_id, creator_id, template_type_id, date_created, date_modified, access_to_whom, template_name, extra_flags) " . "VALUES (?,?,?,?,?,?,?,?)"; $params = array($maximum_template_id + 1, $_SESSION['toolkits_logon_id'], $row_template_type['template_type_id'], date('Y-m-d'), date('Y-m-d'), "Private", $template_name, "engine=javascript"); $ok = db_query($query_for_new_template, $params); if ($ok !== false) { /* * Are we importing into a folder */ if ($folder_id == "") { $folder_id = $root_folder_id; } $query_for_template_rights = "INSERT INTO {$prefix}templaterights" . " (template_id,user_id,role, folder)" . "VALUES (?,?,?,?)"; $params = array($maximum_template_id + 1, $_SESSION['toolkits_logon_id'], "creator", $folder_id); $ok = db_query($query_for_template_rights, $params); if ($ok !== false) { /* * Make the folders and copy the files in */ receive_message($_SESSION['toolkits_logon_username'], "ADMIN", "SUCCESS", "Created new template record for the database", $query_for_new_template . " " . $query_for_template_rights); mkdir($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->users_file_area_short . ($maximum_template_id + 1) . "-" . $_SESSION['toolkits_logon_username'] . "-" . $type); chmod($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->users_file_area_short . ($maximum_template_id + 1) . "-" . $_SESSION['toolkits_logon_username'] . "-" . $type, 0777); copy_loop($zip_path, $xerte_toolkits_site->root_file_path . $xerte_toolkits_site->users_file_area_short . ($maximum_template_id + 1) . "-" . $_SESSION['toolkits_logon_username'] . "-" . $type . "/"); echo IMPORT_SUCCESS . "****"; /* * Remove the files */ array_splice($delete_folder_array, 0); delete_loop($zip_path); foreach ($delete_folder_array as $delete_folder) { rmdir($delete_folder); } $delete_folder_array = null; rmdir($zip_path); } else { receive_message($_SESSION['toolkits_logon_username'], "ADMIN", "CRITICAL", "Failed to create new template record for the database", $query_for_template_rights); } } else { receive_message($_SESSION['toolkits_logon_username'], "ADMIN", "CRITICAL", "Failed to create new template record for the database", $query_for_new_template); echo "FAILED-" . $_SESSION['toolkits_most_recent_error']; } }
foreach ($files_to_move as $file) { @rename($file, $destination . $file); } // Now remove all the (media|thumbs|common|models) files. recursive_delete($toplevel_src_path, true); } $template_src = $temp_dir . DIRECTORY_SEPARATOR . $folder . DIRECTORY_SEPARATOR; rename($template_src . "template.rlt", $xerte_module_path . "xerte/parent_templates/" . $folder . "/" . $folder . ".rlt"); rename($template_src . "template.xml", $xerte_module_path . "xerte/templates/" . $folder . "/data.xml"); rename($template_src . "template.xwd", $xerte_module_path . "xerte/parent_templates/" . $folder . "/data.xwd"); // Remove anything now left. recursive_delete($temp_dir, true); if ($_POST['folder'] == "") { /* * No folder was posted, so add records to the database id. */ _debug("Adding template to database ({$folder}/ {$desc}/ {$name} etc)"); $prefix = $xerte_toolkits_site->database_table_prefix; $sql = "INSERT INTO {$prefix}originaltemplatedetails \n (template_framework, template_name, description, date_uploaded, display_name, display_id, access_rights, active)\n VALUES (?,?,?,?,?,?,?,?)"; $parameters = array('xerte', $folder, $desc, date('Y-m-d'), $name, '0', '', 'false'); $ok = db_query($sql, $parameters); if ($ok) { receive_message($_SESSION['toolkits_logon_username'], "USER", "SUCCESS", "Folder creation succeeded for " . $_SESSION['toolkits_logon_username'], "Folder creation succeeded for " . $_SESSION['toolkits_logon_username']); echo IMPORT_TEMPLATE_FOLDER_CREATE . "****"; _debug("template saved to db ok; import presumably ok."); } else { receive_message($_SESSION['toolkits_logon_username'], "USER", "CRITICAL", "Folder creation failed for " . $_SESSION['toolkits_logon_username'], "Folder creation failed for " . $_SESSION['toolkits_logon_username']); echo IMPORT_TEMPLATE_FOLDER_FAIL . "****"; _debug("template failed to save to db"); } }
/** * * Function move file * This function is used to move files and folders * @param array $files_to_move = an array of files and folders to move * @param string $destination = Name of the new folder * @version 1.0 * @author Patrick Lockley */ function move_file($files_to_move, $destination) { global $xerte_toolkits_site; $mysql_id = database_connect("Move file database connect success", "Move file database connect failure"); $new_files_array = explode(",", $files_to_move); /* * Files array can be complicated, and this thread can lock the system, so limit max files to 50 */ if (count($new_files_array) != 0 && count($new_files_array) <= 50) { /* * check their is a destination */ if ($destination != "") { for ($x = 0; $x != count($new_files_array); $x++) { // check there are files if ($new_files_array[$x] != "") { if ($new_files_array[$x + 1] == "file") { if ($new_files_array[$x + 2] == "folder_workspace") { $parent = get_user_root_folder(); } if ($destination == "folder_workspace") { $destination = get_user_root_folder(); } if ($destination == "recyclebin") { $destination = get_recycle_bin(); } /* * Move files in the database */ $query_file = "UPDATE " . $xerte_toolkits_site->database_table_prefix . "templaterights SET folder = \"" . $destination . "\" where (template_id=\"" . $new_files_array[$x] . "\" AND user_id =\"" . $_SESSION['toolkits_logon_id'] . "\")"; if (mysql_query($query_file)) { receive_message($_SESSION['toolkits_logon_username'], "USER", "SUCCESS", "File " . $new_files_array[$x] . " moved into " . $destination . " for " . $_SESSION['toolkits_logon_username'], "File " . $new_files_array[$x] . " moved into " . $destination . " for " . $_SESSION['toolkits_logon_username']); } else { receive_message($_SESSION['toolkits_logon_username'], "USER", "SUCCESS", "File " . $new_files_array[$x] . " failed to move into " . $destination . " for " . $_SESSION['toolkits_logon_username'], "File " . $new_files_array[$x] . " failed to move into " . $destination . " for " . $_SESSION['toolkits_logon_username']); } } else { /* * destination is the root folder */ if ($destination == "folder_workspace") { $destination = get_user_root_folder(); } $query_folder = "UPDATE " . $xerte_toolkits_site->database_table_prefix . "folderdetails SET folder_parent = \"" . $destination . "\" where (folder_id=\"" . $new_files_array[$x] . "\")"; if (mysql_query($query_folder)) { receive_message($_SESSION['toolkits_logon_username'], "USER", "SUCCESS", "Folder " . $new_files_array[$x] . " moved into " . $destination . " for " . $_SESSION['toolkits_logon_username'], "File " . $new_files_array[$x] . " moved into " . $destination . " for " . $_SESSION['toolkits_logon_username']); } else { receive_message($_SESSION['toolkits_logon_username'], "USER", "SUCCESS", "File " . $new_files_array[$x] . " failed to move into " . $destination . " for " . $_SESSION['toolkits_logon_username'], "Folder " . $new_files_array[$x] . " failed to move into " . $destination . " for " . $_SESSION['toolkits_logon_username']); } } $x += 2; } } } } mysql_close($mysql_id); }
/** * * Function make new template * This function checks http security settings * @param string $type = type of template * @param string $zip_path = the path we are zipping * @version 1.0 * @author Patrick Lockley */ function make_new_template($type, $zip_path) { global $xerte_toolkits_site, $delete_folder_array, $folder_id; $database_connect_id = database_connect("new_template(import) database connect success", "new_template(import) database connect fail"); /* *get the root folder for this user */ $root_folder_id = get_user_root_folder(); /* * get the maximum id number from templates, as the id for this template */ $maximum_template_id = get_maximum_template_number(); $root_folder = get_user_root_folder(); $query_for_template_type_id = "select template_type_id, template_framework from " . $xerte_toolkits_site->database_table_prefix . "originaltemplatesdetails where template_name = '" . $type . "'"; $query_for_template_type_id_response = mysql_query($query_for_template_type_id); $row_template_type = mysql_fetch_array($query_for_template_type_id_response); /* * create the new template record in the database */ /* * See if we have been given a name, if not, use a fixed one. */ if ($_POST['templatename'] != "") { $template_name = mysql_real_escape_string($_POST['templatename']); } else { $template_name = IMPORT_NAME_IF_EMPTY; } $query_for_new_template = "INSERT INTO " . $xerte_toolkits_site->database_table_prefix . "templatedetails (template_id, creator_id, template_type_id, date_created, date_modified, access_to_whom, template_name) VALUES (\"" . ($maximum_template_id + 1) . "\",\"" . $_SESSION['toolkits_logon_id'] . "\", \"" . $row_template_type['template_type_id'] . "\",\"" . date('Y-m-d') . "\",\"" . date('Y-m-d') . "\",\"Private\",\"" . $template_name . "\")"; if (mysql_query($query_for_new_template)) { /* * Are we importing into a folder */ if ($folder_id == "") { $folder_id = $root_folder_id; } $query_for_template_rights = "INSERT INTO " . $xerte_toolkits_site->database_table_prefix . "templaterights (template_id,user_id,role, folder) VALUES (\"" . ($maximum_template_id + 1) . "\",\"" . $_SESSION['toolkits_logon_id'] . "\", \"creator\" ,\"" . $folder_id . "\")"; if (mysql_query($query_for_template_rights)) { /* * Make the folders and copy the files in */ receive_message($_SESSION['toolkits_logon_username'], "ADMIN", "SUCCESS", "Created new template record for the database", $query_for_new_template . " " . $query_for_template_rights); mkdir($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->users_file_area_short . ($maximum_template_id + 1) . "-" . $_SESSION['toolkits_logon_username'] . "-" . $type); chmod($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->users_file_area_short . ($maximum_template_id + 1) . "-" . $_SESSION['toolkits_logon_username'] . "-" . $type, 0777); mkdir($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->users_file_area_short . ($maximum_template_id + 1) . "-" . $_SESSION['toolkits_logon_username'] . "-" . $type . "/media/"); chmod($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->users_file_area_short . ($maximum_template_id + 1) . "-" . $_SESSION['toolkits_logon_username'] . "-" . $type . "/media/", 0777); copy_loop($zip_path, $xerte_toolkits_site->root_file_path . $xerte_toolkits_site->users_file_area_short . ($maximum_template_id + 1) . "-" . $_SESSION['toolkits_logon_username'] . "-" . $type . "/"); echo IMPORT_SUCCESS . "****"; /* * Remove the files */ array_splice($delete_folder_array, 0); delete_loop($zip_path); while ($delete_folder = array_pop($delete_folder_array)) { rmdir($delete_folder); } rmdir($zip_path); } else { receive_message($_SESSION['toolkits_logon_username'], "ADMIN", "CRITICAL", "Failed to create new template record for the database", $query_for_template_rights); } } else { receive_message($_SESSION['toolkits_logon_username'], "ADMIN", "CRITICAL", "Failed to create new template record for the database", $query_for_new_template); echo "FAILED-" . $_SESSION['toolkits_most_recent_error']; } mysql_close($database_connect_id); }
/** * * Function get user root folder * Get the id for the users root folder * @author Patrick Lockley * @version 1.0 * @package */ function get_user_root_folder() { global $xerte_toolkits_site; $prefix = $xerte_toolkits_site->database_table_prefix; $query = "select folder_id from {$prefix}folderdetails where login_id= ? AND folder_name = ?"; $params = array($_SESSION['toolkits_logon_id'], $_SESSION['toolkits_logon_username']); $query_response = db_query($query, $params); if ($query_response != FALSE) { $row = $query_response[0]; return $row['folder_id']; } else { receive_message($_SESSION['toolkits_logon_username'], "ADMIN", "CRITICAL", "Failed to get users root folder", "Failed to get users root folder"); } }
require_once "../../../config.php"; include "../user_library.php"; include "../deletion_library.php"; include "../template_status.php"; _load_language_file("/website_code/php/templates/delete_template.inc"); $database_id = database_connect("delete template database connect success", "delete template database connect failed"); /* * get the folder id to delete */ if (is_numeric($_POST['template_id'])) { $safe_template_id = mysql_real_escape_string($_POST['template_id']); if (!is_template_syndicated($safe_template_id)) { if (is_user_creator($safe_template_id)) { $query_for_folder_id = "select * from " . $xerte_toolkits_site->database_table_prefix . "templaterights where template_id=\"" . $safe_template_id . "\""; $query_for_folder_id_response = mysql_query($query_for_folder_id); $row = mysql_fetch_array($query_for_folder_id_response); // delete from the database $query_to_delete_template = "update " . $xerte_toolkits_site->database_table_prefix . "templaterights set folder=\"" . get_recycle_bin() . "\" where template_id=\"" . $safe_template_id . "\" and user_id=\"" . $_SESSION['toolkits_logon_id'] . "\""; if (mysql_query($query_to_delete_template)) { receive_message($_SESSION['toolkits_logon_username'], "ADMIN", "CRITICAL", "Moved file to users recycle bin", "Moved file to users recycle bin"); } else { receive_message($_SESSION['toolkits_logon_username'], "ADMIN", "CRITICAL", "Failed to move file to the recycle bin", "Failed to move file to the recycle bin"); } } else { echo DELETE_TEMPLATE_NOT_CREATOR; } } else { echo DELETE_TEMPLATE_SYNDICATED; } mysql_close($database_id); }
/** * * Function create folder loop * This function creates folders needed when duplicating a template * @param string $folder_name_id - the id of the new template * @param number $id_to_copy - the id of the old template * @param string $tutorial_id_from_post - The name of this tutorial type i.e Nottingham * @version 1.0 * @author Patrick Lockley */ function duplicate_template($folder_name_id, $id_to_copy, $tutorial_id_from_post) { global $dir_path, $new_path, $temp_dir_path, $temp_new_path, $xerte_toolkits_site; $database_id = database_connect("file_library database connect success", "file_library database connect fail"); $query_for_framework = "select template_framework from " . $xerte_toolkits_site->database_table_prefix . "originaltemplatesdetails where template_name =\"" . $tutorial_id_from_post . "\""; $query_for_framework_response = mysql_query($query_for_framework); $row_framework = mysql_fetch_array($query_for_framework_response); $dir_path = $xerte_toolkits_site->users_file_area_full . $id_to_copy . "-" . $_SESSION['toolkits_logon_username'] . "-" . $tutorial_id_from_post . "/"; /* * Get the id of the folder we are looking to copy into */ $new_path = $xerte_toolkits_site->users_file_area_full . $folder_name_id . "-" . $_SESSION['toolkits_logon_username'] . "-" . $tutorial_id_from_post . "/"; $path = $xerte_toolkits_site->users_file_area_full . $folder_name_id . "-" . $_SESSION['toolkits_logon_username'] . "-" . $tutorial_id_from_post . "/"; if (mkdir($path)) { if (@chmod($path, 0777)) { $d = opendir($dir_path); if (create_folder_loop($d, -1)) { if (file_exists($new_path = $xerte_toolkits_site->users_file_area_full . $folder_name_id . "-" . $_SESSION['toolkits_logon_username'] . "-" . $tutorial_id_from_post . "/lockfile.txt")) { unlink($new_path = $xerte_toolkits_site->users_file_area_full . $folder_name_id . "-" . $_SESSION['toolkits_logon_username'] . "-" . $tutorial_id_from_post . "/lockfile.txt"); } return true; } else { return false; } } else { receive_message($_SESSION['toolkits_logon_username'], "FILE_SYSTEM", "MAJOR", "Failed to set rights on parent folder for template", "Failed to set rights on parent folder " . $path); return false; } } else { receive_message($_SESSION['toolkits_logon_username'], "FILE_SYSTEM", "CRITICAL", "Failed to create parent folder for template", "Failed to create parent folder " . $path); return false; } }
*/ $maximum_template_id = get_maximum_template_number(); //$query_for_root_folder = "select folder_id from " . $xerte_toolkits_site->database_table_prefix . "folderdetails where login_id = '" . $_SESSION['toolkits_logon_id'] . "' and folder_parent='0'"; //$query_for_root_folder_response = mysql_query($query_for_root_folder); //$row_root = mysql_fetch_array($query_for_root_folder_response); $query_for_template_type_id = "select otd.template_type_id, otd.template_name, otd.template_framework, td.extra_flags from " . $xerte_toolkits_site->database_table_prefix . "originaltemplatesdetails otd, " . $xerte_toolkits_site->database_table_prefix . "templatedetails td where otd.template_type_id = td.template_type_id AND td.template_id = '" . mysql_real_escape_string($_POST['template_id']) . "'"; $query_for_template_type_id_response = mysql_query($query_for_template_type_id); $row_template_type = mysql_fetch_array($query_for_template_type_id_response); /* * create the new template record in the database */ $query_for_new_template = "INSERT INTO " . $xerte_toolkits_site->database_table_prefix . "templatedetails (template_id, creator_id, template_type_id, date_created, date_modified, access_to_whom, template_name, extra_flags) VALUES (\"" . ($maximum_template_id + 1) . "\",\"" . $_SESSION['toolkits_logon_id'] . "\", \"" . $row_template_type['template_type_id'] . "\",\"" . date('Y-m-d') . "\",\"" . date('Y-m-d') . "\",\"Private\",\"Copy of " . mysql_real_escape_string($_POST['template_name']) . "\", \"" . mysql_real_escape_string($row_template_type['extra_flags']) . "\")"; if (mysql_query($query_for_new_template)) { $query_for_template_rights = "INSERT INTO " . $xerte_toolkits_site->database_table_prefix . "templaterights (template_id,user_id,role, folder) VALUES (\"" . ($maximum_template_id + 1) . "\",\"" . $_SESSION['toolkits_logon_id'] . "\", \"creator\" ,\"" . mysql_real_escape_string($folder_id) . "\")"; if (mysql_query($query_for_template_rights)) { receive_message($_SESSION['toolkits_logon_username'], "ADMIN", "SUCCESS", "Created new template record for the database", $query_for_new_template . " " . $query_for_template_rights); include $xerte_toolkits_site->root_file_path . $xerte_toolkits_site->module_path . $row_template_type['template_framework'] . "/duplicate_template.php"; duplicate_template($maximum_template_id + 1, $_POST['template_id'], $row_template_type['template_name']); } else { receive_message($_SESSION['toolkits_logon_username'], "ADMIN", "CRITICAL", "Failed to create new template record for the database", $query_for_template_rights); echo "FAILED-" . $_SESSION['toolkits_most_recent_error']; } } else { receive_message($_SESSION['toolkits_logon_username'], "ADMIN", "CRITICAL", "Failed to create new template record for the database", $query_for_new_template); echo "FAILED-" . $_SESSION['toolkits_most_recent_error']; } mysql_close($database_connect_id); } else { echo DUPLICATE_TEMPLATE_NOT_CREATOR; } }
/** * * Function create folder loop * This function creates folders needed when duplicating a template * @param string $folder_name_id - the id of the new template * @param number $id_to_copy - the id of the old template * @param string $tutorial_id_from_post - The name of this tutorial type i.e Nottingham * @version 1.0 * @author Patrick Lockley */ function duplicate_template($folder_name_id, $id_to_copy, $tutorial_id_from_post) { global $dir_path, $new_path, $temp_dir_path, $temp_new_path, $xerte_toolkits_site; $dir_path = $xerte_toolkits_site->users_file_area_full . $id_to_copy . "-" . $_SESSION['toolkits_logon_username'] . "-" . $tutorial_id_from_post . "/"; /* * Get the id of the folder we are looking to copy into */ $new_path = $xerte_toolkits_site->users_file_area_full . $folder_name_id . "-" . $_SESSION['toolkits_logon_username'] . "-" . $tutorial_id_from_post . "/"; if (mkdir($new_path)) { if (@chmod($new_path, 0777)) { if (create_folder_loop($dir_path, $new_path)) { if (file_exists($new_path = $xerte_toolkits_site->users_file_area_full . $folder_name_id . "-" . $_SESSION['toolkits_logon_username'] . "-" . $tutorial_id_from_post . "/lockfile.txt")) { unlink($new_path = $xerte_toolkits_site->users_file_area_full . $folder_name_id . "-" . $_SESSION['toolkits_logon_username'] . "-" . $tutorial_id_from_post . "/lockfile.txt"); } return true; } else { return false; } } else { receive_message($_SESSION['toolkits_logon_username'], "FILE_SYSTEM", "MAJOR", "Failed to set rights on parent folder for template", "Failed to set rights on parent folder " . $path); return false; } } else { receive_message($_SESSION['toolkits_logon_username'], "FILE_SYSTEM", "CRITICAL", "Failed to create parent folder for template", "Failed to create parent folder " . $new_path); return false; } }