function _findFilePath($file_path)
{
if (false == ($test_path = realpath($file_path))) {
$file_path = realpath(NServer::env('DOCUMENT_ROOT') . $file_path);
}
return $file_path;
}
/**
* insert_audit_trail - This is only for timed_remove so that we don't
* lose the audit_trail.
* Refactor: Duplication of audit_trail_controller->insert();
*
* @param array Required params - asset, asset_id, action_taken
* @return void
**/
function insert_audit_trail($params = array())
{
if (empty($params)) {
return false;
}
$required_params = array('asset', 'asset_id', 'action_taken');
foreach ($required_params as $param) {
if (!isset($params[$param])) {
return false;
}
}
$model =& NModel::factory($this->name);
// apply fields in the model
$fields = $model->fields();
foreach ($fields as $field) {
$model->{$field} = isset($params[$field]) ? $params[$field] : null;
}
$model->user_id = $this->website_user_id;
$model->ip = NServer::env('REMOTE_ADDR');
if (in_array('cms_created', $fields)) {
$model->cms_created = $model->now();
}
if (in_array('cms_modified', $fields)) {
$model->cms_modified = $model->now();
}
// set the user id if it's applicable and available
if (in_array('cms_modified_by_user', $fields)) {
$model->cms_modified_by_user = $this->website_user_id;
}
$model->insert();
}
static function env($key)
{
if (isset($_SERVER[$key])) {
return $_SERVER[$key];
} else {
if (isset($_ENV[$key])) {
return $_ENV[$key];
} else {
if (getenv($key) !== false) {
return getenv($key);
}
}
}
if ($key == 'DOCUMENT_ROOT') {
$offset = 0;
if (!strpos(NServer::env('SCRIPT_NAME'), '.php')) {
$offset = 4;
}
return substr(NServer::env('SCRIPT_FILENAME'), 0, strlen(NServer::env('SCRIPT_FILENAME')) - (strlen(NServer::env('SCRIPT_NAME')) + $offset));
}
if ($key == 'PHP_SELF') {
return r(NServer::env('DOCUMENT_ROOT'), '', NServer::env('SCRIPT_FILENAME'));
}
return null;
}
function search404($params)
{
if ($this->getParam('q')) {
return $this->searchForm($params);
}
$uri = NServer::env('PHP_SELF');
$words = explode('/', $uri);
// remove any empty elements
foreach ($words as $i => $val) {
if (empty($val)) {
unset($words[$i]);
}
}
$this->setParam('q', urldecode(implode(' ', $words)));
return $this->searchForm($params);
}
function test_dispatcher_setup()
{
$uri = NServer::setUri();
$dispatcher =& new NDispatcher($uri);
$dispatcher->setParams($uri);
$this->assertEquals($dispatcher->controller, "page", "Controller set from URI");
$this->assertEquals($dispatcher->action, "edit", "Action set from URI");
$this->assertEquals($dispatcher->parameter, "1", "Parameter set from URI");
$_SERVER['REQUEST_URI'] = '/bogus/action/999999';
$_SERVER['PATH_INFO'] = '/bogus/action/999999';
$uri = NServer::setUri();
$dispatcher =& new NDispatcher($uri);
$dispatcher->setParams($uri);
$this->assertEquals($dispatcher->controller, "bogus", "Bogus Controller allowed by dispatcher");
$this->assertEquals($dispatcher->action, "action", "Bogus Action allowed by dispatcher");
$this->assertEquals($dispatcher->parameter, "999999", "Bogus Parameter allowed by dispatcher");
}
function __construct()
{
if (defined('ADMIN_URL') && constant('ADMIN_URL') != false && is_string(ADMIN_URL) && preg_match('|^/' . APP_DIR . '/|', $_SERVER['REQUEST_URI'])) {
if (!preg_match('|http[s]?://' . $_SERVER['SERVER_NAME'] . '|', ADMIN_URL)) {
$loc = preg_replace('|/$|', '', ADMIN_URL) . $_SERVER['REQUEST_URI'];
// if you don't want a 404 and want to redirect instead, comment out this line
die(NDispatcher::error404());
header('Location:' . $loc);
exit;
}
}
if (is_null($this->name)) {
$this->name = 'nterchange';
}
if (is_null($this->base_view_dir)) {
$this->base_view_dir = BASE_DIR;
}
if (!defined('IN_NTERCHANGE')) {
define('IN_NTERCHANGE', preg_match('|^/' . APP_DIR . '|', NServer::env('REQUEST_URI')) ? true : false);
}
parent::__construct();
}
function viewlist()
{
$this->auto_render = false;
include_once 'n_quickform.php';
$model =& $this->getDefaultModel();
$pk = $model->primaryKey();
$setting_forms = array();
$user_settings = $GLOBALS['USER_SETTINGS'];
foreach ($user_settings as $setting => $default) {
$model->reset();
$model->user_id = (int) $this->_auth->currentUserId();
$model->setting = $setting;
$form = new NQuickForm('setting_' . $setting);
$form->addElement('header', null, $model->settingToText($setting));
$description = $this->getSettingDescription($setting);
if (!$description) {
$description = 'Setting';
}
$form->addElement('hidden', 'setting', $setting);
$checkbox =& $form->addElement('checkbox', 'value', $description, null, array('id' => 'qf_' . $model->setting));
if ($model->find(null, true)) {
// set the form action to edit
$form->updateAttributes(array('action' => '/' . APP_DIR . '/' . $this->name . '/edit/' . $model->{$pk}));
$form->addElement('hidden', $pk, $model->{$pk});
// check the box according to the value
$checkbox->setChecked((bool) $model->value);
} else {
$form->updateAttributes(array('action' => '/' . APP_DIR . '/' . $this->name . '/create'));
$checkbox->setChecked((bool) $default);
}
$form->addElement('hidden', '_referer', urlencode(NServer::env('REQUEST_URI')));
$form->addElement('submit', '__submit__', 'Submit');
$form->addRule('setting', null, 'required');
$setting_forms[] =& $form;
}
$this->set('settings', $setting_forms);
$this->render(array('layout' => 'default'));
}
/**
* checkRedirect - Look in the database to see if there's a redirect to follow.
* If there is - hit renderRedirect.
*
* @return void
**/
function checkRedirect()
{
include_once 'n_server.php';
$current_url = NServer::env('REQUEST_URI');
// Check DB for direct match.
$model =& $this->getDefaultModel();
$model->reset();
$model->url = $current_url;
$model->regex = 0;
$model->find();
while ($model->fetch()) {
$this->renderRedirect($model->toArray());
}
// Let's look at the regex matches.
$model->reset();
$model->regex = 1;
$model->find();
$urls =& $model->fetchAll();
foreach ($urls as $url) {
if ($url->regex != 0 && eregi($url->url, $current_url)) {
$this->renderRedirect($url->toArray());
}
}
}
/**
* insert - Actually insert a cms_audit_trail record. Must be logged in to nterchange
* for this to succeed.
* NOTE: If you need to log an audit trail record without being logged in (eg. timed content removal)
* there is an alternate method in the cms_audit_trail model.
*
* @param array Required params - asset, asset_id, action_taken
* @return void
**/
function insert($params = array())
{
$this->_auth = new NAuth();
if (empty($params)) {
return false;
}
$required_params = array('asset', 'asset_id', 'action_taken');
foreach ($required_params as $param) {
if (!isset($params[$param])) {
return false;
}
}
$model =& $this->getDefaultModel();
// apply fields in the model
$fields = $model->fields();
foreach ($fields as $field) {
$model->{$field} = isset($params[$field]) ? $params[$field] : null;
}
$model->user_id = $this->_auth->currentUserID();
$model->ip = NServer::env('REMOTE_ADDR');
if (in_array('cms_created', $fields)) {
$model->cms_created = $model->now();
}
if (in_array('cms_modified', $fields)) {
$model->cms_modified = $model->now();
}
// set the user id if it's applicable and available
if (in_array('cms_modified_by_user', $fields)) {
$model->cms_modified_by_user = $this->_auth->currentUserID();
}
$model->insert();
}
function page($parameter)
{
if (!defined('IN_SURFTOEDIT')) {
define('IN_SURFTOEDIT', $this->nterchange && $this->edit);
}
$this->base_view_dir = ROOT_DIR;
if (!$parameter) {
$this->do404();
return;
}
$this->auto_render = false;
// load the model
$model =& $this->getDefaultModel();
$pk = $model->primaryKey();
if (!$model->get($parameter)) {
// get the page info
// if the page doesn't exist, then 404
$this->do404();
return;
}
if (!$this->nterchange && $model->external_url && preg_match('/^(http[s]?)|(\\/)/', $model->external_url)) {
header('Location:' . $model->external_url);
return;
}
// check if a disclaimer is required
if (defined('SITE_DISCLAIMER') && constant('SITE_DISCLAIMER') && !$this->nterchange && ($disclaimer =& NController::factory('disclaimer'))) {
$disclaimer->checkDisclaimer($parameter);
}
// find the action
$action = $this->getTemplate($model->page_template_id);
$action = $action ? $action : 'default';
// set up caching
if (!$this->nterchange && defined('PAGE_CACHING') && PAGE_CACHING == true && $model->cache_lifetime != 0) {
// set the view cache values
$this->view_cache_name = 'page' . $parameter . (NServer::env('QUERY_STRING') ? ':' . md5(NServer::env('QUERY_STRING')) : '');
$this->view_caching = true;
$this->view_cache_lifetime = $model->cache_lifetime;
$this->view_cache_lifetimes[] = $model->cache_lifetime;
$this->view_client_cache_lifetime = isset($model->client_cache_lifetime) ? $model->client_cache_lifetime : '3600';
header('Expires:' . gmdate('D, d M Y H:i:s \\G\\M\\T', time() + $this->view_client_cache_lifetime));
header('Cache-Control:max-age=' . $this->view_client_cache_lifetime . ', must-revalidate');
} else {
header('Cache-Control:max-age=0, must-revalidate');
}
// set the page fields
$this->set($model->toArray());
// load the page, checking if it's cached if we're not in nterchange
if ($this->nterchange || $this->getParam('mode') == 'print' || !$this->isCached(array('action' => $action))) {
if (defined('PAGE_CACHING') && PAGE_CACHING == false) {
$this->debug('Cache not created for page for Page ID ' . $model->{$pk} . ' because PAGE_CACHING is set to false.', N_DEBUGTYPE_CACHE);
} else {
if ($model->cache_lifetime == 0) {
$this->debug('Cache not created for page for Page ID ' . $model->{$pk} . ' because caching is turned off for that page.', N_DEBUGTYPE_CACHE);
} else {
if (!$this->nterchange) {
$this->debug('Created cached page for Page ID ' . $model->{$pk} . '.', N_DEBUGTYPE_CACHE);
}
}
}
$this->page_last_modified = strtotime($model->cms_modified);
// load up the manual content (site name, breadcrumbs, children, nav, etc.)
$contents['_SITE_NAME_'] = htmlentities(SITE_NAME);
$contents['_EXTERNAL_CACHE_'] = defined('EXTERNAL_CACHE') && constant('EXTERNAL_CACHE') ? EXTERNAL_CACHE : false;
$contents['_PAGE_EDIT_'] = '';
if ($this->checkUserLevel()) {
$this->page_edit_allowed = true;
$this->content_edit_allowed = true;
}
if ($this->nterchange && $this->edit && SITE_WORKFLOW) {
// set up the user's rights on the page
$workflow =& NController::factory('workflow');
if (($workflow_group_model =& $workflow->getWorkflowGroup($model)) && ($users = $workflow->getWorkflowUsers($workflow_group_model->{$workflow_group_model->primaryKey()}))) {
$contents['_PAGE_EDIT_'] = '<div id="workflow">This page is owned by the "' . $workflow_group_model->workflow_title . '" Workflow Group</div>' . "\n";
$current_user = $this->_auth->currentUserID();
$edit = false;
foreach ($users as $user) {
if ($current_user == $user->user_id) {
$edit = true;
}
}
$this->content_edit_allowed = $edit;
$assigns['workflow'] = $workflow_group_model->workflow_title;
$user_rights = $workflow->getWorkflowUserRights($model);
$this->content_edit_allowed = $user_rights & WORKFLOW_RIGHT_EDIT ? true : false;
} else {
switch ($this->_auth->getAuthData('user_level')) {
case N_USER_NORIGHTS:
$this->page_edit_allowed = false;
$this->content_edit_allowed = false;
break;
case N_USER_EDITOR:
$this->page_edit_allowed = false;
$this->content_edit_allowed = true;
break;
}
}
unset($workflow);
}
if ($this->edit && $this->page_edit_allowed) {
// $contents['_PAGE_EDIT_'] .= '<div><a href="/nterchange/page/edit/' . $parameter . '?_referer=' . urlencode($_SERVER['REQUEST_URI']) . '" title="Edit Page - "' . $model->title . '""><img src="/nterchange/images/edit.gif" alt="Edit Page" width="18" height="9" border="0" /></a></div>' . "\n\n";
$contents['_PAGE_EDIT_'] .= $this->render(array('action' => 'surftoedit', 'return' => true));
}
$contents['HOME_LINK'] = $this->getHref($model->getInfo($model->getRootNode()));
$contents['HOME_CHILDREN'] = $this->getHomeChildren();
$contents['BREADCRUMBS'] = $this->getBreadcrumbs();
$contents['CHILDREN'] = $this->getChildren();
// get ancestor
$ancestor = $this->getAncestor();
if ($ancestor && count($ancestor)) {
$contents['ancestor'] = $ancestor['filename'];
$contents['ancestor_id'] = $ancestor[$pk];
}
if ($this->nterchange) {
$contents['header'] = '';
$contents['header'] .= "\n <!-- Surf-to-Edit -->\n ";
$contents['header'] .= '<link href="/nterchange/stylesheets/surftoedit.css" rel="stylesheet">';
$contents['header'] .= "\n ";
$contents['header'] .= '<script src="/nterchange/javascripts/surftoedit.js"></script>';
}
if ($this->nterchange) {
$contents['admin_dir'] = 1;
}
if ($this->nterchange && $this->edit) {
$contents['page_edit'] = 1;
}
// set the variables so far
$this->set($contents);
// load the content into those vars using custom views
$this->set($this->getContent());
// last-modified
$this->set('last_modified', $this->page_last_modified);
}
if (!$this->nterchange && defined('PAGE_CACHING') && PAGE_CACHING == true && $model->cache_lifetime != 0) {
$this->view_caching = true;
}
if (!$this->nterchange && defined('PAGE_CACHING') && PAGE_CACHING == true) {
foreach ($this->view_cache_lifetimes as $cache_lifetime) {
if ($this->view_cache_lifetime == -1 || $this->view_cache_lifetime > $cache_lifetime) {
$this->view_cache_lifetime = $cache_lifetime;
}
}
}
if (SITE_PRINTABLE && isset($model->printable) && $model->printable && $this->getParam('mode') == 'print') {
$this->view_caching = false;
$this->render(array('action' => 'print'));
} else {
$this->render(array('action' => $action));
}
}
function siteAdminList($id = null)
{
// set view caching to false so as to not cache every item
$this->view_caching = false;
$page_ctrl =& NController::singleton('page');
$model =& $page_ctrl->getDefaultModel();
$model->reset();
$pk = $model->primaryKey();
$html = '';
$model->parent_id = $id ? (int) $id : 'null';
if ($model->find()) {
$this->set('reorder', $id == 0 ? false : true);
$this->set('parent_id', $id);
$html .= $this->render(array('action' => 'site_admin_list_start', 'return' => true));
$i = 0;
$assigns['_referer'] = urlencode(NServer::env('REQUEST_URI'));
$pages =& $model->fetchAll();
foreach ($pages as $page) {
$page_edit = false;
$surfedit = false;
switch ($this->_auth->getAuthData('user_level')) {
case N_USER_EDITOR:
$surfedit = true;
break;
case N_USER_ADMIN:
case N_USER_ROOT:
$page_edit = true;
$surfedit = true;
break;
}
if (SITE_WORKFLOW) {
$assigns['workflow'] = '';
$workflow =& NController::singleton('workflow');
if ($workflow_group_model =& $workflow->getWorkflowGroup($page)) {
$user_rights = $workflow->getWorkflowUserRights($page);
if ($user_rights & WORKFLOW_RIGHT_EDIT) {
$surfedit = true;
}
$assigns['workflow'] = $workflow_group_model->workflow_title;
}
}
$assigns['id'] = $page->{$pk};
$assigns['title'] = $page->title;
$assigns['active'] = $page->active;
$assigns['visible'] = $page->visible;
$assigns['page_edit'] = $page_edit;
$assigns['surfedit'] = $surfedit;
$assigns['odd_or_even'] = $i % 2 == 0 ? 'even' : 'odd';
$this->set($assigns);
$html .= $this->render(array('action' => 'sitemap_list_item', 'return' => true));
$i++;
$html .= $this->siteAdminList($page->{$pk});
}
unset($pages);
$html .= $this->render(array('action' => 'site_admin_list_end', 'return' => true));
}
unset($model, $page_ctrl);
return $html;
}
<?php
// if (file_exists($_SERVER['DOCUMENT_ROOT'].$_SERVER['REQUEST_URI'])) return false;
if (preg_match('/\\.(?:png|jpg|jpeg|gif|css|js)$/', $_SERVER["REQUEST_URI"])) {
return false;
}
require_once dirname(__FILE__) . '/../vendor/autoload.php';
$dispatcher = new NDispatcher(NServer::setUri());
$dispatcher->dispatch();
unset($dispatcher);
