/** * WebsiteBaker Community Edition (WBCE) * Way Better Content Editing. * Visit http://wbce.org to learn more and to join the community. * * @copyright Ryan Djurovich (2004-2009) * @copyright WebsiteBaker Org. e.V. (2009-2015) * @copyright WBCE Project (2015-) * @license GNU GPL2 (or any later version) */ require_once '../../config.php'; $admin = new admin('admintools', 'admintools', true, false); if ($admin->get_permission('admintools') == true) { $admintool_link = ADMIN_URL . '/admintools/index.php'; $module_edit_link = ADMIN_URL . '/admintools/tool.php?tool=droplets'; $modified_when = time(); $modified_by = intval($admin->get_user_id()); $query = 'INSERT INTO `%smod_droplets` SET `name`="", `code`="", `description`="", `comments`="", `active`=1, `modified_when`="%s", `modified_by`="%s"'; $database->query(sprintf($query, TABLE_PREFIX, $modified_when, $modified_by)); if ($database->is_error()) { $admin->print_error($database->get_error(), $module_edit_link); } else { $droplet_id = intval($database->get_one("SELECT LAST_INSERT_ID()")); $admin->print_success($TEXT['SUCCESS'], ADMIN_URL . '/admintools/tool.php?tool=droplets&do=modify&droplet_id=' . $droplet_id); } } else { die(header('Location: ' . WB_URL)); } // Print admin footer $admin->print_footer();
// After check print the header $admin->print_header(); // Get perms $sql = 'SELECT `admin_groups`,`admin_users` ' . 'FROM `' . TABLE_PREFIX . 'pages` ' . 'WHERE `page_id` = ' . $page_id; $results = $database->query($sql); $results_array = $results->fetchRow(); if (!$admin->ami_group_member($results_array['admin_users']) && !$admin->is_group_match($admin->get_groups_id(), $results_array['admin_groups'])) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } // Get page module $sql = 'SELECT `module` FROM `' . TABLE_PREFIX . 'sections` ' . 'WHERE `page_id`=' . $page_id . ' AND `section_id`=' . $section_id; $module = $database->get_one($sql); if (!$module) { $admin->print_error($database->is_error() ? $database->get_error() : $MESSAGE['PAGES_NOT_FOUND']); } // Update the pages table $now = time(); $sql = 'UPDATE `' . TABLE_PREFIX . 'pages` ' . 'SET `modified_when`=' . $now . ', ' . '`modified_by`=' . $admin->get_user_id() . ' ' . 'WHERE `page_id`=' . $page_id; $database->query($sql); // Include the modules saving script if it exists if (file_exists(WB_PATH . '/modules/' . $module . '/save.php')) { include_once WB_PATH . '/modules/' . $module . '/save.php'; } // Check if there is a db error, otherwise say successful if ($database->is_error()) { $admin->print_error($database->get_error(), ADMIN_URL . '/pages/modify.php?page_id=' . $page_id); } else { $admin->print_success($MESSAGE['PAGES_SAVED'], ADMIN_URL . '/pages/modify.php?page_id=' . $page_id); } // Print admin footer $admin->print_footer();
$sql = 'SELECT `admin_groups`,`admin_users` FROM `' . TABLE_PREFIX . 'pages` '; $sql .= 'WHERE `page_id` = ' . $page_id; $results = $database->query($sql); if ($database->is_error()) { trigger_error($database->get_error(), E_USER_ERROR); } $results_array = $results->fetchRow(MYSQL_ASSOC); $old_admin_groups = explode(',', str_replace('_', '', $results_array['admin_groups'])); $old_admin_users = explode(',', str_replace('_', '', $results_array['admin_users'])); $in_old_group = FALSE; foreach ($admin->get_groups_id() as $cur_gid) { if (in_array($cur_gid, $old_admin_groups)) { $in_old_group = TRUE; } } if (!$in_old_group and !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } // Get page module $sql = 'SELECT `module` FROM `' . TABLE_PREFIX . 'sections` '; $sql .= 'WHERE `page_id`=' . $page_id . ' AND `section_id`=' . $section_id; $module = $database->get_one($sql); if ($database->is_error()) { trigger_error($database->get_error(), E_USER_ERROR); } if (!$module) { $admin->print_error($database->is_error() ? $database->get_error() : $MESSAGE['PAGES_NOT_FOUND']); } // Update the pages table $now = time(); $sql = 'UPDATE `' . TABLE_PREFIX . 'pages` SET ';
exit(); } */ // Get perms // $database = new database(); $results = $database->query("SELECT admin_groups,admin_users FROM " . TABLE_PREFIX . "pages WHERE page_id = '{$page_id}'"); $results_array = $results->fetchRow(); $old_admin_groups = explode(',', $results_array['admin_groups']); $old_admin_users = explode(',', $results_array['admin_users']); $in_old_group = FALSE; foreach ($admin->get_groups_id() as $cur_gid) { if (in_array($cur_gid, $old_admin_groups)) { $in_old_group = TRUE; } } if (!$in_old_group && !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } // Get page details // $database = new database(); $query = "SELECT * FROM " . TABLE_PREFIX . "pages WHERE page_id = '{$page_id}'"; $results = $database->query($query); if ($database->is_error()) { $admin->print_header(); $admin->print_error($database->get_error()); } if ($results->numRows() == 0) { $admin->print_header(); $admin->print_error($MESSAGE['PAGES_NOT_FOUND']); } $results_array = $results->fetchRow();
} //Das muss hier so gemacht werden: require_once '../info.php'; $mod_dir = $module_directory; $tablename = $module_directory; $mpath = WB_PATH . '/modules/' . $mod_dir . '/'; require_once $mpath . '/functions.php'; // Include WB functions file require WB_PATH . '/framework/functions.php'; $theauto_header = false; require_once WB_PATH . '/framework/class.admin.php'; $admin = new admin('Pages', 'pages_modify', $theauto_header, TRUE); if (!$admin->is_authenticated()) { die; } if ($admin->get_user_id() > 1) { echo '<h1>Access for admin 1 only</h1>'; } // Get id $copysection = ''; if (isset($_GET['copysection']) and is_numeric($_POST['copysection'])) { $copysection = ' AND section_id = ' . $_GET['copysection'] . ' '; //Nur diese Section copieren } // Einen Datensatz abfragen unf ggf Feld 'is_topic_id' einfügen. $sql = 'SELECT * FROM `' . TABLE_PREFIX . 'mod_news_posts` WHERE active=1 ' . $copysection . ' AND is_topic_id = 0 LIMIT 1'; $query_post = $database->query($sql); if ($database->is_error()) { $sql = 'ALTER TABLE `' . TABLE_PREFIX . 'mod_news_posts` ADD `is_topic_id` INT NOT NULL DEFAULT \'0\''; $database->query($sql); if (!$database->is_error()) {
$admin->print_header(); $admin->print_error($droplet_id . ' ) ' . $MESSAGE['GENERIC_SECURITY_ACCESS'], $ToolUrl); } $admin->print_header(); // Validate all fields if ($admin->get_post('title') == '') { $admin->print_error($MESSAGE['GENERIC_FILL_IN_ALL'] . ' ( Droplet Name )', $ToolUrl); } else { $title = $admin->add_slashes($admin->get_post('title')); $active = (int) $admin->get_post('active'); $admin_view = (int) $admin->get_post('admin_view'); $admin_edit = (int) $admin->get_post('admin_edit'); $show_wysiwyg = (int) $admin->get_post('show_wysiwyg'); $description = $admin->add_slashes($admin->get_post('description')); $tags = array('<?php', '?>', '<?'); $content = $admin->add_slashes(str_replace($tags, '', $_POST['savecontent'])); $comments = trim($admin->add_slashes($admin->get_post('comments'))); $modified_when = time(); $modified_by = (int) $admin->get_user_id(); } // Update row $sql = 'UPDATE `' . TABLE_PREFIX . 'mod_droplets` SET ' . '`name` = \'' . $title . '\', ' . '`active` = ' . $active . ', ' . '`admin_view` = ' . $admin_view . ', ' . '`admin_edit` = ' . $admin_edit . ', ' . '`show_wysiwyg` = ' . $show_wysiwyg . ', ' . '`description` = \'' . $description . '\', ' . '`code` = \'' . $content . '\', ' . '`comments` = \'' . $comments . '\', ' . '`modified_when` = ' . $modified_when . ', ' . '`modified_by` = ' . $modified_by . ' ' . 'WHERE `id` = ' . $droplet_id; $database->query($sql); // Check if there is a db error, otherwise say successful if ($database->is_error()) { $admin->print_error($database->get_error(), $ToolUrl); } else { $admin->print_success($TEXT['SUCCESS'], $ToolUrl); } // Print admin footer $admin->print_footer();
public function createPage($title, $parent, $module, $visibility, $admin_groups, $viewing_groups) { global $database; // admin object initialisieren require_once WB_PATH . '/framework/class.admin.php'; require_once WB_PATH . '/framework/functions.php'; require_once WB_PATH . '/framework/class.order.php'; $admin = new admin('Pages', 'pages_add', false, false); $title = htmlspecialchars($title); // sicherstellen, dass Admin in der Admin-Gruppe und in der Betrachter-Gruppe existiert if (!in_array(1, $admin_groups)) { $admin_groups[] = 1; } if (!in_array(1, $viewing_groups)) { $viewing_groups[] = 1; } // Leerer Titel? if ($title == '' || substr($title, 0, 1) == '.') { $this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, kit_error_blank_title)); return false; } // pruefen, ob die Seite ueber die erforderlichen Rechte verfuegt if (!in_array(1, $admin->get_groups_id())) { $admin_perm_ok = false; foreach ($admin_groups as $adm_group) { if (in_array($adm_group, $admin->get_groups_id())) { $admin_perm_ok = true; } } if ($admin_perm_ok == false) { $this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, kit_error_insufficient_permissions)); return false; } $admin_perm_ok = false; foreach ($viewing_groups as $view_group) { if (in_array($view_group, $admin->get_groups_id())) { $admin_perm_ok = true; } } if ($admin_perm_ok == false) { $this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, kit_error_insufficient_permissions)); return false; } } $admin_groups = implode(',', $admin_groups); $viewing_groups = implode(',', $viewing_groups); // Dateinamen erstellen if ($parent == '0') { $link = '/' . page_filename($title); // Dateinamen 'index' und 'intro' umbenennen um Kollisionen zu vermeiden if ($link == '/index' || $link == '/intro') { $link .= '_0'; $filename = WB_PATH . PAGES_DIRECTORY . '/' . page_filename($title) . '_0' . PAGE_EXTENSION; } else { $filename = WB_PATH . PAGES_DIRECTORY . '/' . page_filename($title) . PAGE_EXTENSION; } } else { $parent_section = ''; $parent_titles = array_reverse(get_parent_titles($parent)); foreach ($parent_titles as $parent_title) { $parent_section .= page_filename($parent_title) . '/'; } if ($parent_section == '/') { $parent_section = ''; } $page_filename = page_filename($title); $page_filename = str_replace('_', '-', $page_filename); $link = '/' . $parent_section . $page_filename; $filename = WB_PATH . PAGES_DIRECTORY . '/' . $parent_section . $page_filename . PAGE_EXTENSION; make_dir(WB_PATH . PAGES_DIRECTORY . '/' . $parent_section); } // prufen, ob bereits eine Datei mit dem gleichen Dateinamen existiert $dbPages = new db_wb_pages(); $where = array(); $where[db_wb_pages::field_link] = $link; $pages = array(); if (!$dbPages->sqlSelectRecord($where, $pages)) { $this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbPages->getError())); return false; } if (sizeof($pages) > 0 || file_exists(WB_PATH . PAGES_DIRECTORY . $link . PAGE_EXTENSION) || file_exists(WB_PATH . PAGES_DIRECTORY . $link . '/')) { $this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, sprintf(kit_error_page_exists, $link))); return false; } // include the ordering class $order = new order(TABLE_PREFIX . 'pages', 'position', 'page_id', 'parent'); // clean order $order->clean($parent); // get the new order $position = $order->get_new($parent); // Template und Sprache der uebergeordneten Seite ermitteln $where = array(); $where[db_wb_pages::field_page_id] = $parent; $pages = array(); if (!$dbPages->sqlSelectRecord($where, $pages)) { $this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbPages->getError())); return false; } if (sizeof($pages) > 0) { $template = $pages[0][db_wb_pages::field_template]; $language = $pages[0][db_wb_pages::field_language]; } else { $template = ''; $language = DEFAULT_LANGUAGE; } // Neue Seite in Tabelle einfuegen $data = array(); $data[db_wb_pages::field_page_title] = $title; $data[db_wb_pages::field_menu_title] = $title; $data[db_wb_pages::field_parent] = $parent; $data[db_wb_pages::field_template] = $template; $data[db_wb_pages::field_target] = '_top'; $data[db_wb_pages::field_position] = $position; $data[db_wb_pages::field_visibility] = $visibility; $data[db_wb_pages::field_searching] = 1; $data[db_wb_pages::field_menu] = 1; $data[db_wb_pages::field_language] = $language; $data[db_wb_pages::field_admin_groups] = $admin_groups; $data[db_wb_pages::field_viewing_groups] = $viewing_groups; $data[db_wb_pages::field_modified_when] = time(); $data[db_wb_pages::field_modified_by] = $admin->get_user_id(); $page_id = -1; if (!$dbPages->sqlInsertRecord($data, $page_id)) { $this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbPages->getError())); return false; } // work out the level $level = level_count($page_id); // work out root parent $root_parent = root_parent($page_id); // work out page trail $page_trail = get_page_trail($page_id); $where = array(); $where[db_wb_pages::field_page_id] = $page_id; $data = array(); $data[db_wb_pages::field_link] = $link; $data[db_wb_pages::field_level] = $level; $data[db_wb_pages::field_root_parent] = $root_parent; $data[db_wb_pages::field_page_trail] = $page_trail; if (!$dbPages->sqlUpdateRecord($data, $where)) { $this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbPages->getError())); return false; } // create a new file in the /pages directory create_access_file($filename, $page_id, $level); // add position 1 to new page $position = 1; // add a new record to section table $dbSections = new db_wb_sections(); $data = array(); $data[db_wb_sections::field_page_id] = $page_id; $data[db_wb_sections::field_position] = $position; $data[db_wb_sections::field_module] = $module; $data[db_wb_sections::field_block] = 1; $section_id = -1; if (!$dbSections->sqlInsertRecord($data, $section_id)) { $this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $dbSections->getError())); return false; } if (file_exists(WB_PATH . '/modules/' . $module . '/add.php')) { require WB_PATH . '/modules/' . $module . '/add.php'; } if ($database->is_error()) { $this->setError(sprintf('[%s - %s] %s', __METHOD__, __LINE__, $database->get_error())); return false; } return $page_id; }
$language = DEFAULT_LANGUAGE; } // Insert page into pages table $sql = 'INSERT INTO `' . TABLE_PREFIX . 'pages` SET '; $sql .= '`parent` = ' . $parent . ', '; $sql .= '`target` = "_top", '; $sql .= '`page_title` = "' . $title . '", '; $sql .= '`menu_title` = "' . $title . '", '; $sql .= '`template` = "' . $template . '", '; $sql .= '`visibility` = "' . $visibility . '", '; $sql .= '`position` = ' . $position . ', '; $sql .= '`menu` = 1, '; $sql .= '`language` = "' . $language . '", '; $sql .= '`searching` = 1, '; $sql .= '`modified_when` = ' . time() . ', '; $sql .= '`modified_by` = ' . $admin->get_user_id() . ', '; $sql .= '`admin_groups` = "' . $admin_groups . '", '; $sql .= '`viewing_groups` = "' . $viewing_groups . '", '; $sql .= '`link` = \'\', '; $sql .= '`description` = \'\', '; $sql .= '`keywords` = \'\', '; $sql .= '`page_trail` = \'\', '; $sql .= '`admin_users` = \'\', '; $sql .= '`viewing_users` = \'\''; $database->query($sql); if ($database->is_error()) { $admin->print_error($database->get_error()); } // Get the page id $page_id = $database->get_one("SELECT LAST_INSERT_ID()"); // Work out level
$order->clean($parent); // Get new order $position = $order->get_new($parent); // Work-out if the page parent (if selected) has a seperate template or language to the default $sql = 'SELECT `template`, `language` FROM `' . TABLE_PREFIX . 'pages` ' . 'WHERE `page_id` = ' . (int) $parent; $query_parent = $database->query($sql); if ($query_parent->numRows() > 0) { $fetch_parent = $query_parent->fetchRow(MYSQLI_ASSOC); $template = $fetch_parent['template']; $language = $fetch_parent['language']; } else { $template = ''; $language = DEFAULT_LANGUAGE; } // Insert page into pages table $sql = 'INSERT INTO `' . TABLE_PREFIX . 'pages` ' . 'SET `parent`=' . (int) $parent . ', ' . '`link` = \'\', ' . '`description`=\'\', ' . '`keywords`=\'\', ' . '`page_trail`=\'\', ' . '`admin_users`=\'\', ' . '`viewing_users`=\'\', ' . '`target`=\'_top\', ' . '`page_title`=\'' . $database->escapeString($title) . '\', ' . '`menu_title`=\'' . $database->escapeString($title) . '\', ' . '`template`=\'' . $database->escapeString($template) . '\', ' . '`visibility`=\'' . $database->escapeString($visibility) . '\', ' . '`position`=' . (int) $position . ', ' . '`menu`=1, ' . '`language`=\'' . $database->escapeString($language) . '\', ' . '`searching`=1, ' . '`modified_when`=' . time() . ', ' . '`modified_by`=' . (int) $admin->get_user_id() . ', ' . '`admin_groups`=\'' . $database->escapeString($admin_groups) . '\', ' . '`viewing_groups`=\'' . $database->escapeString($viewing_groups) . '\''; if (!$database->query($sql)) { $admin->print_error($database->get_error()); } // Get the new page id $page_id = $database->getLastInsertId(); // Work out level $level = level_count($page_id); // Work out root parent $root_parent = root_parent($page_id); // Work out page trail $page_trail = get_page_trail($page_id); // Update page with new level and link $sql = 'UPDATE `' . TABLE_PREFIX . 'pages` SET ' . '`root_parent` = ' . (int) $root_parent . ', ' . '`level` = ' . (int) $level . ', ' . '`link` = \'' . $database->escapeString($link) . '\', ' . (defined('PAGE_LANGUAGES') && PAGE_LANGUAGES && $field_set && $language == DEFAULT_LANGUAGE && file_exists(WB_PATH . '/modules/mod_multilingual/update_keys.php') ? '`page_code` = ' . (int) $page_id . ', ' : '') . '`page_trail`=\'' . $database->escapeString($page_trail) . '\' ' . 'WHERE `page_id` = ' . $page_id; if (!$database->query($sql)) { $admin->print_error($database->get_error());
$secq = $database->query("SELECT section_id, page_id FROM " . TABLE_PREFIX . "mod_" . $mod_dir . " WHERE topic_id = '{$topic_id}'"); $secqfetch = $secq->fetchRow(); if ($secqfetch['page_id'] != $page_id or $secqfetch['section_id'] != $section_id) { die("Parameter mismatch"); } } else { $secq = $database->query("SELECT section_id FROM " . TABLE_PREFIX . "sections WHERE module = '{$mod_dir}' AND section_id = '{$section_id}' AND page_id = '{$page_id}'"); if ($secq->numRows() != 1) { die("Something strange has happened!"); } } } //Aus module_settings.php: //$authorsgroup: Die Gruppe, der Autoren angehören. //$noadmin_nooptions: Default: 1: Nur der Admin (Gruppe 1) kann Settings ändern $user_id = $admin->get_user_id(); $user_in_groups = $admin->get_groups_id(); $authoronly = false; //$authoronly: Zeigt im weiteren Verlauf an, ob der User nur als Autor berechtigt ist. $showoptions = true; $author_invited = false; //Flag, zeigt an: Ist als Autor eingeladen = darf bearbeiten, aber ist NICHT Ersteller (posted_by) if ($authorsgroup > 0) { //Care about users if (in_array($authorsgroup, $user_in_groups)) { $authoronly = true; $showoptions = false; echo "AUTOR"; } else { $author_trust_rating = 0; //Best Trust; Flag aus module_settings.php wird zurückgesetzt
// this catches XSS in these params, too if (!$page_id && !$section_id) { $admin->print_error('Invalid arguments passed - script stopped.'); } // Get perms // unset($admin_header); $page = $admin->get_page_details($page_id, ADMIN_URL . '/pages/index.php'); $old_admin_groups = explode(',', str_replace('_', '', $page['admin_groups'])); $old_admin_users = explode(',', str_replace('_', '', $page['admin_users'])); $in_group = false; foreach ($admin->get_groups_id() as $cur_gid) { if (in_array($cur_gid, $old_admin_groups)) { $in_group = true; } } if (!$in_group && !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) { print $admin->get_group_id() . $admin->get_user_id(); // print_r ($old_admin_groups); $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } // some additional security checks: // Check whether the section_id belongs to the page_id at all if ($section_id != 0) { $section = $admin->get_section_details($section_id, ADMIN_URL . '/pages/index.php'); if (!$admin->get_permission($section['module'], 'module')) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } } // Workout if the developer wants to show the info banner if (isset($print_info_banner) && $print_info_banner == true) { // Get page details already defined
// header will be set here, see database->is_error $admin = new admin('Pages', 'pages_modify'); // Get perms $sql = 'SELECT `admin_groups`,`admin_users` FROM `' . TABLE_PREFIX . 'pages` '; $sql .= 'WHERE `page_id` = ' . intval($page_id); $res_pages = $database->query($sql); $rec_pages = $res_pages->fetchRow(MYSQL_ASSOC); $old_admin_groups = explode(',', str_replace('_', '', $rec_pages['admin_groups'])); $old_admin_users = explode(',', str_replace('_', '', $rec_pages['admin_users'])); $in_group = FALSE; foreach ($admin->get_groups_id() as $cur_gid) { if (in_array($cur_gid, $old_admin_groups)) { $in_group = TRUE; } } if (!$in_group && !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) { $admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']); } // some additional security checks: // Check whether the section_id belongs to the page_id at all if ($section_id != 0) { $sql = "SELECT `module` FROM `" . TABLE_PREFIX . "sections` WHERE `page_id` = '{$page_id}' AND `section_id` = '{$section_id}'"; $res_sec = $database->query($sql); if ($database->is_error()) { $admin->print_error($database->get_error()); } if ($res_sec->numRows() == 0) { $admin->print_error($MESSAGE['PAGES']['NOT_FOUND']); } // check module permissions: $sec = $res_sec->fetchRow(MYSQL_ASSOC);
$backend->print_error('You do not have permissions to modify this page'); } // some additional security checks: // Check whether the section_id belongs to the page_id at all if ($section_id != 0) { $sql = "SELECT `module` FROM `%ssections` WHERE `page_id` = %d AND `section_id` = %d"; $res_sec = $backend->db()->query(sprintf($sql, CAT_TABLE_PREFIX, $page_id, $section_id)); if ($backend->db()->isError()) { $backend->print_error($backend->db()->getError()); } if ($res_sec->numRows() == 0) { $backend->print_error('Not Found'); } // check module permissions: $sec = $res_sec->fetchRow(MYSQL_ASSOC); if (!$_bc_user->get_permission($sec['module'], 'module')) { $backend->print_error('You do not have permissions to modify this page'); } } // Workout if the developer wants to show the info banner if (isset($print_info_banner) && $print_info_banner == true) { $backend->print_banner(); } // Work-out if the developer wants us to update the timestamp for when the page was last modified if (isset($update_when_modified) && $update_when_modified == true) { $sql = 'UPDATE `%spages` '; $sql .= 'SET `modified_when` = ' . time() . ', '; $sql .= '`modified_by` = ' . intval($admin->get_user_id()) . ' '; $sql .= 'WHERE page_id = ' . intval($page_id); $backend->db()->query(sprintf($sql, CAT_TABLE_PREFIX)); }
if (!is_numeric($page_id)) { $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL); } elseif ($page_id > 0) { $page = $admin->get_page_details($page_id, ADMIN_URL . '/pages/index.php'); } else { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS'], ADMIN_URL); } $old_admin_groups = explode(',', str_replace('_', '', $page['admin_groups'])); $old_admin_users = explode(',', str_replace('_', '', $page['admin_users'])); $in_group = false; foreach ($admin->get_groups_id() as $cur_gid) { if (in_array($cur_gid, $old_admin_groups)) { $in_group = true; } } if (!$in_group && !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) { print $admin->get_group_id() . $admin->get_user_id(); // print_r ($old_admin_groups); $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } // some additional security checks: // Check whether the section_id belongs to the page_id at all if (!is_numeric($section_id)) { $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL); } elseif ($section_id > 0) { $section = $admin->get_section_details($section_id, ADMIN_URL . '/pages/index.php'); if (!$admin->get_permission($section['module'], 'module')) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS'], ADMIN_URL); } } // Workout if the developer wants to show the info banner
/* * @version 0.1.0 * @author Ruud Eisinga (Ruud) * @date 2009-04-10 */ require '../../config.php'; require_once WB_PATH . '/framework/class.admin.php'; require_once WB_PATH . '/framework/functions.php'; $admin = new admin('admintools', 'admintools', false, false); if ($admin->get_permission('admintools') == true) { $admintool_link = ADMIN_URL . '/admintools/index.php'; $module_edit_link = ADMIN_URL . '/admintools/tool.php?tool=capslider'; $admin = new admin('admintools', 'admintools'); $modified_when = time(); $modified_by = $admin->get_user_id(); $btable = TABLE_PREFIX . 'mod_capslider_slide'; $database->query("INSERT INTO " . $btable . " (active,modified_when,modified_by) VALUES ('1','{$modified_when}','{$modified_by}' )"); // Get the id $slide_id = $database->get_one("SELECT LAST_INSERT_ID()"); // Say that a new record has been added, then redirect to modify page if ($database->is_error()) { $admin->print_error($database->get_error(), $module_edit_link); } else { $admin->print_success($TEXT['SUCCESS'], WB_URL . '/modules/capslider/modify_slide.php?slide_id=' . $slide_id); } // Print admin footer $admin->print_footer(); } else { die(header('Location: ../../index.php')); }
} // After check print the header // Work-out file mode if (!$bAdvanced) { // Check if should be set to 777 or left alone if (isset($_POST['world_writeable']) && $_POST['world_writeable'] == 'true') { $file_mode = '0777'; $dir_mode = '0777'; } else { $file_mode = STRING_FILE_MODE; $dir_mode = STRING_DIR_MODE; } } else { $file_mode = STRING_FILE_MODE; $dir_mode = STRING_DIR_MODE; if ($admin->get_user_id() == '1') { // Work-out the octal value for file mode $u = 0; if (isset($_POST['file_u_r']) && $_POST['file_u_r'] == 'true') { $u = $u + 4; } if (isset($_POST['file_u_w']) && $_POST['file_u_w'] == 'true') { $u = $u + 2; } if (isset($_POST['file_u_e']) && $_POST['file_u_e'] == 'true') { $u = $u + 1; } $g = 0; if (isset($_POST['file_g_r']) && $_POST['file_g_r'] == 'true') { $g = $g + 4; }
$template->set_var(array('TEXT_WEBSITE_TITLE' => $TEXT['WEBSITE_TITLE'], 'TEXT_WEBSITE_DESCRIPTION' => $TEXT['WEBSITE_DESCRIPTION'], 'TEXT_WEBSITE_KEYWORDS' => $TEXT['WEBSITE_KEYWORDS'], 'TEXT_WEBSITE_HEADER' => $TEXT['WEBSITE_HEADER'], 'TEXT_WEBSITE_FOOTER' => $TEXT['WEBSITE_FOOTER'], 'TEXT_HEADER' => $TEXT['HEADER'], 'TEXT_FOOTER' => $TEXT['FOOTER'], 'TEXT_VISIBILITY' => $TEXT['VISIBILITY'], 'TEXT_RESULTS_HEADER' => $TEXT['RESULTS_HEADER'], 'TEXT_RESULTS_LOOP' => $TEXT['RESULTS_LOOP'], 'TEXT_RESULTS_FOOTER' => $TEXT['RESULTS_FOOTER'], 'TEXT_NO_RESULTS' => $TEXT['NO_RESULTS'], 'TEXT_TEXT' => $TEXT['TEXT'], 'TEXT_DEFAULT' => $TEXT['DEFAULT'], 'TEXT_LANGUAGE' => $TEXT['LANGUAGE'], 'TEXT_TIMEZONE' => $TEXT['TIMEZONE'], 'TEXT_CHARSET' => $TEXT['CHARSET'], 'TEXT_DATE_FORMAT' => $TEXT['DATE_FORMAT'], 'TEXT_TIME_FORMAT' => $TEXT['TIME_FORMAT'], 'TEXT_TEMPLATE' => $TEXT['TEMPLATE'], 'TEXT_THEME' => $TEXT['THEME'], 'TEXT_WYSIWYG_EDITOR' => $TEXT['WYSIWYG_EDITOR'], 'TEXT_PAGE_LEVEL_LIMIT' => $TEXT['PAGE_LEVEL_LIMIT'], 'TEXT_INTRO_PAGE' => $TEXT['INTRO_PAGE'], 'TEXT_FRONTEND' => $TEXT['FRONTEND'], 'TEXT_LOGIN' => $TEXT['LOGIN'], 'TEXT_REDIRECT_AFTER' => $TEXT['REDIRECT_AFTER'], 'TEXT_SIGNUP' => $TEXT['SIGNUP'], 'TEXT_PHP_ERROR_LEVEL' => $TEXT['PHP_ERROR_LEVEL'], 'TEXT_PAGES_DIRECTORY' => $TEXT['PAGES_DIRECTORY'], 'TEXT_MEDIA_DIRECTORY' => $TEXT['MEDIA_DIRECTORY'], 'TEXT_PAGE_EXTENSION' => $TEXT['PAGE_EXTENSION'], 'TEXT_PAGE_SPACER' => $TEXT['PAGE_SPACER'], 'TEXT_RENAME_FILES_ON_UPLOAD' => $TEXT['RENAME_FILES_ON_UPLOAD'], 'TEXT_APP_NAME' => $TEXT['APP_NAME'], 'TEXT_SESSION_IDENTIFIER' => $TEXT['SESSION_IDENTIFIER'], 'TEXT_SEC_ANCHOR' => $TEXT['SEC_ANCHOR'], 'TEXT_SERVER_OPERATING_SYSTEM' => $TEXT['SERVER_OPERATING_SYSTEM'], 'TEXT_LINUX_UNIX_BASED' => $TEXT['LINUX_UNIX_BASED'], 'TEXT_WINDOWS' => $TEXT['WINDOWS'], 'TEXT_ADMIN' => $TEXT['ADMIN'], 'TEXT_TYPE' => $TEXT['TYPE'], 'TEXT_DATABASE' => $TEXT['DATABASE'], 'TEXT_HOST' => $TEXT['HOST'], 'TEXT_USERNAME' => $TEXT['USERNAME'], 'TEXT_PASSWORD' => $TEXT['PASSWORD'], 'TEXT_NAME' => $TEXT['NAME'], 'TEXT_TABLE_PREFIX' => $TEXT['TABLE_PREFIX'], 'TEXT_SAVE' => $TEXT['SAVE'], 'TEXT_RESET' => $TEXT['RESET'], 'TEXT_CHANGES' => $TEXT['CHANGES'], 'TEXT_ENABLED' => $TEXT['ENABLED'], 'TEXT_DISABLED' => $TEXT['DISABLED'], 'TEXT_MANAGE_SECTIONS' => $HEADING['MANAGE_SECTIONS'], 'TEXT_MANAGE' => $TEXT['MANAGE'], 'TEXT_SEARCH' => $TEXT['SEARCH'], 'TEXT_PUBLIC' => $TEXT['PUBLIC'], 'TEXT_PRIVATE' => $TEXT['PRIVATE'], 'TEXT_REGISTERED' => $TEXT['REGISTERED'], 'TEXT_NONE' => $TEXT['NONE'], 'TEXT_FILES' => strtoupper(substr($TEXT['FILES'], 0, 1)) . substr($TEXT['FILES'], 1), 'TEXT_DIRECTORIES' => $TEXT['DIRECTORIES'], 'TEXT_FILESYSTEM_PERMISSIONS' => $TEXT['FILESYSTEM_PERMISSIONS'], 'TEXT_USER' => $TEXT['USER'], 'TEXT_GROUP' => $TEXT['GROUP'], 'TEXT_OTHERS' => $TEXT['OTHERS'], 'TEXT_READ' => $TEXT['READ'], 'TEXT_WRITE' => $TEXT['WRITE'], 'TEXT_EXECUTE' => $TEXT['EXECUTE'], 'TEXT_WARN_PAGE_LEAVE' => '', 'TEXT_SMART_LOGIN' => $TEXT['SMART_LOGIN'], 'TEXT_MULTIPLE_MENUS' => $TEXT['MULTIPLE_MENUS'], 'TEXT_HOMEPAGE_REDIRECTION' => $TEXT['HOMEPAGE_REDIRECTION'], 'TEXT_SECTION_BLOCKS' => $TEXT['SECTION_BLOCKS'], 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], 'TEXT_PAGE_TRASH' => $TEXT['PAGE_TRASH'], 'TEXT_PAGE_LANGUAGES' => $TEXT['PAGE_LANGUAGES'], 'TEXT_INLINE' => $TEXT['INLINE'], 'TEXT_SEPARATE' => $TEXT['SEPARATE'], 'TEXT_HOME_FOLDERS' => $TEXT['HOME_FOLDERS'], 'TEXT_WYSIWYG_STYLE' => $TEXT['WYSIWYG_STYLE'], 'TEXT_WORLD_WRITEABLE_FILE_PERMISSIONS' => $TEXT['WORLD_WRITEABLE_FILE_PERMISSIONS'], 'MODE_SWITCH_WARNING' => $MESSAGE['SETTINGS']['MODE_SWITCH_WARNING'], 'WORLD_WRITEABLE_WARNING' => $MESSAGE['SETTINGS']['WORLD_WRITEABLE_WARNING'], 'TEXT_MODULE_ORDER' => $TEXT['MODULE_ORDER'], 'TEXT_MAX_EXCERPT' => $TEXT['MAX_EXCERPT'], 'TEXT_TIME_LIMIT' => $TEXT['TIME_LIMIT'])); if ($is_advanced) { $template->parse('show_page_level_limit', 'show_page_level_limit_block', true); $template->parse('show_checkbox_1', 'show_checkbox_1_block', true); $template->parse('show_checkbox_2', 'show_checkbox_2_block', true); $template->parse('show_checkbox_3', 'show_checkbox_3_block', true); $template->parse('show_php_error_level', 'show_php_error_level_block', true); $template->parse('show_charset', 'show_charset_block', true); $template->parse('show_wysiwyg', 'show_wysiwyg_block', true); $template->parse('show_search', 'show_search_block', false); $template->parse('show_redirect_timer', 'show_redirect_timer_block', true); } else { $template->set_block('show_page_level_limit', ''); $template->set_block('show_checkbox_1', ''); $template->set_block('show_checkbox_2', ''); $template->set_block('show_checkbox_3', ''); $template->set_block('show_php_error_level', ''); $template->set_block('show_charset', ''); $template->set_block('show_wysiwyg', ''); $template->set_block('show_search', ''); $template->set_block('show_redirect_timer', ''); } if ($is_advanced && $admin->get_user_id() == '1') { $template->parse('show_access', 'show_access_block', true); } else { $template->set_block('show_access', ''); } // Parse template objects output $template->parse('main', 'main_block', false); $template->pparse('output', 'page'); $admin->print_footer();