if ($faqconfig->get('main.ldapSupport')) { $authLdap = new PMF_Auth_AuthLdap(); $user->addAuth($authLdap, 'ldap'); } if ($user->login($faqusername, $faqpassword)) { // login, if user account is NOT blocked if ($user->getStatus() != 'blocked') { $auth = true; } else { $error = $PMF_LANG['ad_auth_fail']; $user = null; } } else { // error $logging = new PMF_Logging(); $logging->logAdmin($user, 'Loginerror\\nLogin: '******'\\nPass: ********'); $error = $PMF_LANG['ad_auth_fail']; $user = null; } } else { // authenticate with session information $user = PMF_User_CurrentUser::getFromSession($faqconfig->get('main.ipCheck')); if ($user) { $auth = true; } else { $user = null; } } // get user rights $permission = array(); if (isset($auth)) {
} if ($faqConfig->get('security.ssoSupport')) { $authSso = new PMF_Auth_Sso($faqConfig); $user->addAuth($authSso, 'sso'); } if ($user->login($faqusername, $faqpassword)) { // login, if user account is NOT blocked if ($user->getStatus() != 'blocked') { $auth = true; } else { $error = $PMF_LANG['ad_auth_fail']; } } else { // error $logging = new PMF_Logging($faqConfig); $logging->logAdmin($user, 'Loginerror\\nLogin: '******'\\nErrors: ' . implode(', ', $user->errors)); $error = $PMF_LANG['ad_auth_fail']; } } else { // Try to authenticate with cookie information $user = PMF_User_CurrentUser::getFromCookie($faqConfig); // authenticate with session information if (!$user instanceof PMF_User_CurrentUser) { $user = PMF_User_CurrentUser::getFromSession($faqConfig); } if ($user instanceof PMF_User_CurrentUser) { $auth = true; } else { $user = new PMF_User_CurrentUser($faqConfig); } }
$(document).ready(function(){ setTimeout(function() { window.location = "index.php?action=editentry&id=<?php print $record_id; ?> &lang=<?php print $recordData['lang']; ?> "; }, 5000); }); </script> <?php } elseif (isset($submit['submit'][0])) { $logging = new PMF_Logging(); $logging->logAdmin($user, 'Beitragdel, ' . $record_id); $path = PMF_ROOT_DIR . DIRECTORY_SEPARATOR . PMF_ATTACHMENTS_DIR . DIRECTORY_SEPARATOR . $record_id . '/'; if (@is_dir($path)) { $do = dir($path); while ($dat = $do->read()) { if ($dat != "." && $dat != "..") { unlink($path . $dat); } } rmdir($path); } $faq->deleteRecord($record_id, $record_lang); printf('<p class="success">%s</p>', $PMF_LANG['ad_entry_delsuc']); } } else { print $PMF_LANG['err_NotAuth'];
$author = PMF_Filter::filterInput(INPUT_POST, 'author', FILTER_SANITIZE_STRING); $email = PMF_Filter::filterInput(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL); $comment = PMF_Filter::filterInput(INPUT_POST, 'comment', FILTER_SANITIZE_STRING); $record_id = PMF_Filter::filterInput(INPUT_POST, 'id', FILTER_VALIDATE_INT); $solution_id = PMF_Filter::filterInput(INPUT_POST, 'solution_id', FILTER_VALIDATE_INT); $revision_id = PMF_Filter::filterInput(INPUT_POST, 'revision_id', FILTER_VALIDATE_INT); $changed = PMF_Filter::filterInput(INPUT_POST, 'changed', FILTER_SANITIZE_STRING); // Permissions $user_permission = PMF_Filter::filterInput(INPUT_POST, 'userpermission', FILTER_SANITIZE_STRING); $restricted_users = 'all' == $user_permission ? -1 : PMF_Filter::filterInput(INPUT_POST, 'restricted_users', FILTER_VALIDATE_INT); $group_permission = PMF_Filter::filterInput(INPUT_POST, 'grouppermission', FILTER_SANITIZE_STRING); $restricted_groups = 'all' == $group_permission ? -1 : PMF_Filter::filterInput(INPUT_POST, 'restricted_groups', FILTER_VALIDATE_INT); if (isset($submit['submit'][1]) && !is_null($question) && !is_null($categories['rubrik'])) { // new entry $logging = new PMF_Logging(); $logging->logAdmin($user, 'Beitragcreatesave'); printf("<h2>%s</h2>\n", $PMF_LANG['ad_entry_aor']); $recordData = array('id' => null, 'lang' => $record_lang, 'active' => $active, 'sticky' => !is_null($sticky) ? 1 : 0, 'thema' => html_entity_decode($question), 'content' => html_entity_decode($content), 'keywords' => $keywords, 'author' => $author, 'email' => $email, 'comment' => !is_null($comment) ? 'y' : 'n', 'date' => date('YmdHis'), 'dateStart' => empty($dateStart) ? '00000000000000' : str_replace('-', '', $dateStart) . '000000', 'dateEnd' => empty($dateEnd) ? '99991231235959' : str_replace('-', '', $dateEnd) . '235959', 'linkState' => '', 'linkDateCheck' => 0); // Add new record and get that ID $faqRecord = new PMF_Faq_Record(); $faqChangelog = new PMF_Faq_Changelog(); if ($faqRecord->create($recordData)) { $recordId = $faqRecord->getRecordId(); // Create ChangeLog entry $changelogData = array('record_id' => $recordId, 'record_lang' => $recordData['lang'], 'revision_id' => 0, 'user_id' => $user->getUserId(), 'date' => $_SERVER['REQUEST_TIME'], 'changelog' => nl2br($changed)); $faqChangelog->create($changelogData); // Create the visit entry $visits = PMF_Visits::getInstance(); $visits->add($recordId, $recordData['lang']); // Insert the new category relations $categoryRelations = new PMF_Category_Relations();
$categoryData = array('category_id' => $categoryId, 'category_lang' => $categoryRelations->getLanguage(), 'record_id' => $record_id, 'record_lang' => $record_lang); // delete category relations $categoryRelations->delete($categoryId); // save or update the category relations $categoryRelations->create($categoryData); // Add user permissions $userPermission = array('category_id' => $categoryId, 'user_id' => $restricted_users); $categoryUser->update($categoryId, $userPermission); // Add group permission $groupPermission = array('category_id' => $categoryId, 'group_id' => $restricted_groups); $categoryGroup->update($category, $group_permission); } } elseif (isset($submit['submit'][0])) { $faqRecord = new PMF_Faq_Record(); $logging = new PMF_Logging(); $logging->logAdmin($user, 'Deleted record ' . $record_id); $path = PMF_ROOT_DIR . DIRECTORY_SEPARATOR . PMF_ATTACHMENTS_DIR . DIRECTORY_SEPARATOR . $record_id . '/'; if (@is_dir($path)) { $do = dir($path); while ($dat = $do->read()) { if ($dat != "." && $dat != "..") { unlink($path . $dat); } } rmdir($path); } $faq->deleteRecord($record_id, $record_lang); //$faqRecord->delete($record_id); print $PMF_LANG['ad_entry_delsuc']; } } else {
// Permissions $permissions = array(); if ('all' === PMF_Filter::filterInput(INPUT_POST, 'userpermission', FILTER_SANITIZE_STRING)) { $permissions += array('restricted_user' => array(-1)); } else { $permissions += array('restricted_user' => array(PMF_Filter::filterInput(INPUT_POST, 'restricted_users', FILTER_VALIDATE_INT))); } if ('all' === PMF_Filter::filterInput(INPUT_POST, 'grouppermission', FILTER_SANITIZE_STRING)) { $permissions += array('restricted_groups' => array(-1)); } else { $permissions += PMF_Filter::filterInputArray(INPUT_POST, array('restricted_groups' => array('filter' => FILTER_VALIDATE_INT, 'flags' => FILTER_REQUIRE_ARRAY))); } if (!is_null($question) && !is_null($categories)) { // Save entry $logging = new PMF_Logging($faqConfig); $logging->logAdmin($user, 'Beitragsave ' . $recordId); printf('<header><h2><i class="icon-pencil"></i> %s</h2></header>', $PMF_LANG['ad_entry_aor']); $tagging = new PMF_Tags($faqConfig); if ('yes' == $revision) { // Add current version into revision table $faq->addNewRevision($recordId, $recordLang); $revisionId++; } $recordData = array('id' => $recordId, 'lang' => $recordLang, 'revision_id' => $revisionId, 'active' => $active, 'sticky' => !is_null($sticky) ? 1 : 0, 'thema' => html_entity_decode($question), 'content' => html_entity_decode($content), 'keywords' => $keywords, 'author' => $author, 'email' => $email, 'comment' => !is_null($comment) ? 'y' : 'n', 'date' => empty($date) ? date('YmdHis') : str_replace(array('-', ':', ' '), '', $date), 'dateStart' => empty($dateStart) ? '00000000000000' : str_replace('-', '', $dateStart) . '000000', 'dateEnd' => empty($dateEnd) ? '99991231235959' : str_replace('-', '', $dateEnd) . '235959', 'linkState' => '', 'linkDateCheck' => 0); // Create ChangeLog entry $faq->createChangeEntry($recordId, $user->getUserId(), nl2br($changed), $recordLang, $revisionId); // Create the visit entry $visits = new PMF_Visits($faqConfig); $visits->add($recordId); // save or update the FAQ record if ($faq->isAlreadyTranslated($recordId, $recordLang)) {
$searchHelper = new PMF_Helper_Search($faqConfig); $searchHelper->setSearchterm($searchString); echo $searchHelper->renderAdminSuggestionResult($faqSearchResult); } } else { echo $PMF_LANG['err_NotAuth']; } break; // delete FAQs // delete FAQs case 'delete_record': if ($permission['delbt']) { $recordId = PMF_Filter::filterInput(INPUT_POST, 'record_id', FILTER_VALIDATE_INT); $recordLang = PMF_Filter::filterInput(INPUT_POST, 'record_lang', FILTER_SANITIZE_STRING); $logging = new PMF_Logging($faqConfig); $logging->logAdmin($user, 'Deleted FAQ ID ' . $recordId); $faq->deleteRecord($recordId, $recordLang); echo $PMF_LANG['ad_entry_delsuc']; } else { echo $PMF_LANG['err_NotAuth']; } break; // delete open questions // delete open questions case 'delete_question': if ($permission['delquestion']) { $checks = array('filter' => FILTER_VALIDATE_INT, 'flags' => FILTER_REQUIRE_ARRAY); $questionIds = PMF_Filter::filterInputArray(INPUT_POST, array('questions' => $checks)); if (!is_null($questionIds['questions'])) { foreach ($questionIds['questions'] as $questionId) { $faq->deleteQuestion((int) $questionId);