/** * Delete module */ public function deletemoduleAction() { $this->_checkCanEdit(); $module = Request::post('id', 'string', false); $removeRelated = Request::post('delete_related', 'boolean', false); $manager = new Backend_Modules_Manager(); $moduleName = $manager->getModuleName($module); if (!$module || !strlen($module) || !$manager->isValidModule($moduleName)) { Response::jsonError($this->_lang->WRONG_REQUEST); } $filesToDelete = array(); if ($removeRelated) { $item = $manager->getModuleConfig($moduleName); $classFile = './system/app/' . str_replace('_', '/', $item['class']) . '.php'; if (file_exists($classFile)) { $filesToDelete[] = $classFile; } if (!empty($item['designer'])) { if (file_exists($item['designer'])) { $filesToDelete[] = $item['designer']; } $crudJs = './js/app/system/crud/' . strtolower($manager->getModuleName($item['class'])) . '.js'; if (file_exists($crudJs)) { $filesToDelete[] = $crudJs; } $actionJs = './js/app/actions/' . strtolower($manager->getModuleName($item['class'])) . '.js'; if (file_exists($actionJs)) { $filesToDelete[] = $actionJs; } } } // check before deleting if (!empty($filesToDelete)) { $err = array(); foreach ($filesToDelete as $file) { if (!is_writable($file)) { $err[] = $file; } } if (!empty($err)) { Response::jsonError($this->_lang->CANT_WRITE_FS . "\n<br>" . implode(",\n<br>", $err)); } } $manager->removeModule($moduleName); if (!$manager->save()) { Response::jsonError($this->_lang->CANT_WRITE_FS . ' ' . $manager->getConfig()->getName()); } // try to delete if (!empty($filesToDelete)) { $err = array(); foreach ($filesToDelete as $file) { if (!unlink($file)) { $err[] = $file; } } if (!empty($err)) { Response::jsonError($this->_lang->CANT_WRITE_FS . "\n<br>" . implode(",\n<br>", $err)); } } Response::jsonSuccess(); }
/** * Check user permissions and authentication */ public function checkAuth() { $user = User::getInstance(); $uid = false; if ($user->isAuthorized()) { $uid = $user->id; } if (!$uid || !$user->isAdmin()) { if (Request::isAjax()) { Response::jsonError($this->_lang->MSG_AUTHORIZE); } else { $this->loginAction(); } } /* * Check CSRF token */ if ($this->_configBackend->get('use_csrf_token') && Request::hasPost()) { $csrf = new Security_Csrf(); $csrf->setOptions(array('lifetime' => $this->_configBackend->get('use_csrf_token_lifetime'), 'cleanupLimit' => $this->_configBackend->get('use_csrf_token_garbage_limit'))); if (!$csrf->checkHeader() && !$csrf->checkPost()) { $this->_errorResponse($this->_lang->MSG_NEED_CSRF_TOKEN); } } $this->_user = $user; $isSysController = in_array(get_called_class(), $this->_configBackend->get('system_controllers'), true); if ($isSysController) { return; } if (!$this->_user->canView($this->_module)) { $this->_errorResponse($this->_lang->CANT_VIEW); } $moduleManager = new Backend_Modules_Manager(); // $modules = Config::factory(Config::File_Array , $this->_configMain['backend_modules']); /* * Redirect for undefined module */ if (!$moduleManager->isValidModule($this->_module)) { $this->_errorResponse($this->_lang->WRONG_REQUEST); } $moduleCfg = $moduleManager->getModuleConfig($this->_module); /* * Redirect for disabled module */ if ($moduleCfg['active'] == false) { $this->_errorResponse($this->_lang->CANT_VIEW); } /* * Redirect for dev module at prouction */ if ($moduleCfg['dev'] && !$this->_configMain['development']) { $this->_errorResponse($this->_lang->CANT_VIEW); } }