/**
* @access public
* @param integer PageID
* @return boolean Is true on success
*/
function LoadPage($PageID)
{
$imageID = GetPostOrGet('imageID');
//$page = GetPostOrGet('page');
if (is_numeric($imageID)) {
return $this->LoadImagePage($PageID, $imageID);
} else {
return $this->LoadGalleryPage($PageID);
}
}
/**
* This function returns the text of the actual modulpage
* @author ComaWStefan
* @access public
* @param string Action This is the action to tell the modul what to do next
* @return string Textpage of the module to be set into the template
*/
function GetPage($Action)
{
$out = "<h2>Sitemap</h2>\r\n";
$topNode = GetPostOrGet('TopNode');
if (!is_integer($topNode)) {
$topNode = 0;
}
switch ($Action) {
default:
$out .= $this->_ShowStructure($topNode);
break;
}
return $out;
}
/**
* @param string MailTo The reciever of the mail
*/
function _sendMail($MailTo)
{
$mailFromName = GetPostOrGet('contact_mail_from_name');
$mailFrom = GetPostOrGet('contact_mail_from');
$message = GetPostOrGet('contact_message');
$mailError = '';
// no email
if ($mailFrom == '') {
$mailError = $this->_Lang['the_email_address_must_be_indicated'];
} else {
if (!isEMailAddress($mailFrom)) {
$mailError = $this->_Lang['this_is_a_invalid_email_address'];
}
}
$nameError = '';
// empty name
if ($mailFromName == '') {
$nameError = $this->_Lang['the_name_must_be_indicated'];
}
$messageError = '';
// empty message
if ($message == '') {
$messageError = $this->_Lang['please_enter_your_message'];
}
// if no errors occured
if ($nameError == '' && $mailError == '' && $messageError == '') {
// who is the 'real' sender
$from = $this->_Config->Get('administrator_emailaddress', 'administrator@comacms');
// the information about the sender
$fromInfo = $mailFromName . ' <' . $mailFrom . '>';
// the title of the message
$title = sprintf($this->_Lang['new_email_from_a_visitor_of_%homepage%'], $this->_Config->Get('pagename', 'homepage'));
//generate the message
$messageContent = sprintf($this->_Lang['contact_message_%from%_%message'], $fromInfo, $message);
$output = "</p><fieldset><legend>{$this->_Lang['contact']}</legend>";
// try to send the email
if (sendmail($MailTo, $from, $title, $messageContent)) {
$output .= $this->_Lang['your_message_was_sent_succesdfully'];
} else {
// TODO: try to give some hints what to do
$output .= $this->_Lang['an_error_occured_on_sending_this_message'];
}
$output .= '</fieldset><p>';
return $output;
} else {
// otherwise show the mailform to make it possible to correct the input
return $this->_mailForm($mailFromName, $mailFrom, $message, $mailError, $nameError, $messageError);
}
}
/**
* Available actions (value of <var>$Action</var>):
* - register
* - checkRegistration
* - registerError
* - insert new user
* - complete registration
* @access public
* @param string Action text
* @return sting Pagetext
*/
function GetPage($Action)
{
$out = "";
switch ($Action) {
case 'checkRegistration':
$out .= $this->_checkRegistration(GetPostOrGet('showname'), GetPostOrGet('name'), GetPostOrGet('email'), GetPostOrGet('password'), GetPostOrGet('password_repetition'));
break;
case 'activateRegistration':
$out .= $this->_activateRegistration(GetPostOrGet('code'));
break;
default:
$out .= $this->_register();
}
return $out;
}
/**
* Returns the code of the page
* @access public
* @param string Action Gives the name of the subpage to call
* @return string Pagedata
*/
function GetPage($Action = '')
{
$out = '';
// Get external parameters
$style = GetPostOrGet('style');
if (empty($style)) {
$style = $this->_Config->Get('style', 'comacms');
}
$save = GetPostOrGet('save');
if (!empty($save)) {
$Action = 'saveStyle';
}
switch ($Action) {
case 'saveStyle':
$this->_PagePreview->SaveStyle($style);
case 'style':
$out .= $this->_Style($style);
break;
default:
$out .= $this->_PagePreview();
break;
}
return $out;
}
/**
* @access public
* @return string
*/
function _saveImage()
{
$file_path = GetPostOrGet('image_path');
$article_id = GetPostOrGet('article_id');
if (file_exists($file_path)) {
$sql = "UPDATE " . DB_PREFIX . "articles SET \n\t\t\t\t\tarticle_image= '{$file_path}'\n\t\t\t\t\tWHERE article_id={$article_id}";
db_result($sql);
}
}
/**
* @param array admin_lang
* @access private
*/
function addGroup($admin_lang)
{
// get the needed vars
$group_name = GetPostOrGet('group_name');
$group_manager = GetPostOrGet('group_manager');
$group_description = GetPostOrGet('group_description');
if ($group_name == '') {
// go back there is no group name!
header("Location: admin.php?page=groups&action=new_group&error=empty_name&group_manager={$group_manager}&group_description={$group_description}");
die;
} else {
if (is_numeric($group_manager)) {
// is this a valid call?
// check that there is no group with the same name
$sql = "SELECT *\t\r\n\t\t\t\t\tFROM " . DB_PREFIX . "groups\r\n\t\t\t\t\tWHERE group_name='{$group_name}'";
$exist_result = db_result($sql);
if ($exist = mysql_fetch_object($exist_result)) {
header("Location: admin.php?page=groups&action=new_group&error=name&group_name={$group_name}&group_manager={$group_manager}&group_description={$group_description}");
die;
}
// create the group
$sql = "INSERT INTO " . DB_PREFIX . "groups (group_name, group_manager, group_description)\r\n\t\t\t\t\tVALUES ('{$group_name}', {$group_manager}, '{$group_description}')";
db_result($sql);
// add the user to the group
$group_id = mysql_insert_id();
$sql = "INSERT INTO " . DB_PREFIX . "group_users (group_id, user_id)\r\n\t\t\t\t\tVALUES({$group_id}, {$group_manager})";
db_result($sql);
}
}
header('Location: admin.php?page=groups');
die;
}
/**
* mainpage with an overview over all files and a form to select 3 files for an upload
* @access private
*/
function _homePage()
{
$path = GetPostOrGet('path');
if (substr($path, -1, 1) == '/') {
$path = substr($path, 0, -1);
}
$pathPart = explode('/', $path);
array_pop($pathPart);
$uppath = implode('/', $pathPart);
$pathLen = strlen($path);
$out = "\t\t\t<fieldset>\n\t \t\t\t<legend>" . $this->_Translation->GetTranslation('upload') . "</legend>\n\t\t\t\t<form enctype=\"multipart/form-data\" action=\"admin.php?page=files\" method=\"post\">\n\t\t\t\t\t<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"1600000\" />\n\t\t\t\t\t<input type=\"hidden\" name=\"action\" value=\"upload\" />\n\t\t\t\t\t<input type=\"hidden\" name=\"path\" value=\"" . $path . "\" />\n\t\t\t\t\t<div class=\"row\">\n\t\t\t\t\t\t<label>\n\t\t\t\t\t\t\t<strong>" . $this->_Translation->GetTranslation('file') . " 1:</strong>\n\t\t\t\t\t\t</label>\n\t\t\t\t\t\t<input name=\"uploadfile0\" type=\"file\" />\n\t\t\t\t\t</div>\n\t\t\t\t\t<div class=\"row\">\n\t\t\t\t\t\t<label>\n\t\t\t\t\t\t\t<strong>" . $this->_Translation->GetTranslation('file') . " 2:</strong>\n\t\t\t\t\t\t</label>\n\t\t\t\t\t\t<input name=\"uploadfile1\" type=\"file\" />\n\t\t\t\t\t</div>\n\t\t\t\t\t<div class=\"row\">\n\t\t\t\t\t\t<label>\n\t\t\t\t\t\t\t<strong>" . $this->_Translation->GetTranslation('file') . " 3:</strong>\n\t\t\t\t\t\t</label>\n\t\t\t\t\t\t<input name=\"uploadfile2\" type=\"file\" />\n\t\t\t\t\t</div>\n\t\t\t\t\t<div class=\"row\">\n\t\t\t\t\t\t<input type=\"submit\" class=\"button\" value=\"" . $this->_Translation->GetTranslation('upload_files') . "\"/>\n\t\t\t\t\t</div>\n\t\t\t\t</form>\n\t\t\t\t<div class=\"row\">\n\t\t\t\t\t<a href=\"admin.php?page=files&action=check_new_files\" class=\"button\">" . $this->_Translation->GetTranslation('check_for_changes') . "</a>\n\t\t\t\t</div>\n\t\t\t</fieldset>\n\t\t\t<fieldset>\n\t \t\t\t<legend>" . $this->_Translation->GetTranslation('create_directory') . "</legend>\n\t\t\t\t<form action=\"admin.php?page=files\" method=\"post\">\n\t\t\t\t\t<input type=\"hidden\" name=\"action\" value=\"new_dir\" />\n\t\t\t\t\t<input type=\"hidden\" name=\"path\" value=\"" . $path . "\" />\n\t\t\t\t\t<div class=\"row\">\n\t\t\t\t\t\t<label>\n\t\t\t\t\t\t\t<strong>" . $this->_Translation->GetTranslation('directory') . " </strong>\n\t\t\t\t\t\t</label>\n\t\t\t\t\t\t<input name=\"dirname\" type=\"text\" />\n\t\t\t\t\t</div>\n\t\t\t\t\t\n\t\t\t\t\t<div class=\"row\">\n\t\t\t\t\t\t<input type=\"submit\" class=\"button\" value=\"" . $this->_Translation->GetTranslation('create_directory') . "\"/>\n\t\t\t\t\t</div>\n\t\t\t\t</form>\n\t\t\t</fieldset>\t<h3>Pfad: /" . $path . "</h3>";
if ($pathLen > 0) {
$out .= "\n\t\t\t\t<div class=\"row\">\n\t\t\t\t\t<a href=\"admin.php?page=files&path=" . $uppath . "\" class=\"button\">" . $this->_Translation->GetTranslation('directory_up') . "</a>\n\t\t\t\t</div>";
}
$out .= "\n\t\t\t<table id=\"files\" class=\"text_table full_width\">\n\t\t\t\t<thead>\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<th>\n\t\t\t\t\t\t\t" . $this->_Translation->GetTranslation('preview') . "\n\t\t\t\t\t\t</th>\n\t\t\t\t\t\t<th>\n\t\t\t\t\t\t\t<a href=\"admin.php?page=files&order=filename#files\" title=\"" . @sprintf($this->_Translation->GetTranslation('sort_ascending_by_%name%'), $this->_Translation->GetTranslation('filename')) . "\"><img alt=\"[" . @sprintf($this->_Translation->GetTranslation('sort_ascending_by_%name%'), $this->_Translation->GetTranslation('filename')) . "]\" src=\"img/up.png\"/></a>\n\t\t\t\t\t\t\t" . $this->_Translation->GetTranslation('filename') . "\n\t\t\t\t\t\t\t<a href=\"admin.php?page=files&order=filename&desc=1#files\" title=\"" . @sprintf($this->_Translation->GetTranslation('sort_descending_by_%name%'), $this->_Translation->GetTranslation('filename')) . "\"><img alt=\"[" . @sprintf($this->_Translation->GetTranslation('sort_descending_by_%name%'), $this->_Translation->GetTranslation('filename')) . "]\" src=\"img/down.png\"/></a>\n\t\t\t\t\t\t</th>\n\t\t\t\t\t\t<th class=\"small_width\">\n\t\t\t\t\t\t\t<a href=\"admin.php?page=files&order=filesize#files\" title=\"" . sprintf($this->_Translation->GetTranslation('sort_ascending_by_%name%'), $this->_Translation->GetTranslation('filesize')) . "\"><img alt=\"[" . sprintf($this->_Translation->GetTranslation('sort_ascending_by_%name%'), $this->_Translation->GetTranslation('filesize')) . "]\" src=\"img/up.png\"/></a>\n\t\t\t\t\t\t\t" . $this->_Translation->GetTranslation('filesize') . "\n\t\t\t\t\t\t\t<a href=\"admin.php?page=files&order=filesize&desc=1#files\" title=\"" . sprintf($this->_Translation->GetTranslation('sort_descending_by_%name%'), $this->_Translation->GetTranslation('filesize')) . "\"><img alt=\"[" . sprintf($this->_Translation->GetTranslation('sort_descending_by_%name%'), $this->_Translation->GetTranslation('filesize')) . "]\" src=\"img/down.png\"/></a>\n\t\t\t\t\t\t</th>\n\t\t\t\t\t\t<th class=\"table_date_width_plus\">\n\t\t\t\t\t\t\t<a href=\"admin.php?page=files&order=filedate#files\" title=\"" . sprintf($this->_Translation->GetTranslation('sort_ascending_by_%name%'), $this->_Translation->GetTranslation('date')) . "\"><img alt=\"[" . sprintf($this->_Translation->GetTranslation('sort_ascending_by_%name%'), $this->_Translation->GetTranslation('date')) . "]\" src=\"img/up.png\"/></a>\n\t\t\t\t\t\t\t" . $this->_Translation->GetTranslation('uploaded_on') . "\n\t\t\t\t\t\t\t<a href=\"admin.php?page=files&order=filedate&desc=1#files\" title=\"" . sprintf($this->_Translation->GetTranslation('sort_descending_by_%name%'), $this->_Translation->GetTranslation('date')) . "\"><img alt=\"[" . sprintf($this->_Translation->GetTranslation('sort_descending_by_%name%'), $this->_Translation->GetTranslation('date')) . "]\" src=\"img/down.png\"/></a>\n\t\t\t\t\t\t</th>\n\t\t\t\t\t\t<th class=\"small_width\">\n\t\t\t\t\t\t\t<a href=\"admin.php?page=files&order=filetype#files\" title=\"" . sprintf($this->_Translation->GetTranslation('sort_ascending_by_%name%'), $this->_Translation->GetTranslation('filetype')) . "\"><img alt=\"[" . sprintf($this->_Translation->GetTranslation('sort_ascending_by_%name%'), $this->_Translation->GetTranslation('filetype')) . "]\" src=\"img/up.png\"/></a>\n\t\t\t\t\t\t\t" . $this->_Translation->GetTranslation('filetype') . "\n\t\t\t\t\t\t\t<a href=\"admin.php?page=files&order=filetype&desc=1#files\" title=\"" . sprintf($this->_Translation->GetTranslation('sort_descending_by_%name%'), $this->_Translation->GetTranslation('filetype')) . "\"><img alt=\"[" . sprintf($this->_Translation->GetTranslation('sort_descending_by_%name%'), $this->_Translation->GetTranslation('filetype')) . "]\" src=\"img/down.png\"/></a>\n\t\t\t\t\t\t</th>\n\t\t\t\t\t\t<th class=\"table_mini_width\">\n\t\t\t\t\t\t\t<a href=\"admin.php?page=files&order=filedownloads#files\" title=\"" . sprintf($this->_Translation->GetTranslation('sort_ascending_by_%name%'), $this->_Translation->GetTranslation('downloads')) . "\"><img alt=\"[" . sprintf($this->_Translation->GetTranslation('sort_ascending_by_%name%'), $this->_Translation->GetTranslation('downloads')) . "]\" src=\"img/up.png\"/></a>\n\t\t\t\t\t\t\t<abbr title=\"" . $this->_Translation->GetTranslation('downloads') . "\">" . $this->_Translation->GetTranslation('downl') . "</abbr>\n\t\t\t\t\t\t\t<a href=\"admin.php?page=files&order=filedownloads&desc=1#files\" title=\"" . sprintf($this->_Translation->GetTranslation('sort_descending_by_%name%'), $this->_Translation->GetTranslation('downloads')) . "\"><img alt=\"[" . sprintf($this->_Translation->GetTranslation('sort_descending_by_%name%'), $this->_Translation->GetTranslation('downloads')) . "]\" src=\"img/down.png\"/></a>\n\t\t\t\t\t\t</th>\n\t\t\t\t\t\t<th class=\"actions\">" . $this->_Translation->GetTranslation('actions') . "</th>\n\t\t\t\t\t</tr>\n\t\t\t\t</thead>\n\t\t\t\t\r\n";
$dateDayFormat = $this->_Config->Get('date_day_format', 'd.m.Y');
$dateTimeFormat = $this->_Config->Get('date_time_format', 'H:i:s');
$dateFormat = $dateDayFormat . ' ' . $dateTimeFormat;
$thumbnailfolder = $this->_Config->Get('thumbnailfolder', 'data/thumbnails/');
$files = new Files($this->_SqlConnection, $this->_User);
$order = FILES_NAME;
$ascending = true;
$orderByGet = GetPostOrGet('order');
$desc = GetPostOrGet('desc');
switch ($orderByGet) {
case 'filesize':
$order = FILES_SIZE;
break;
case 'filedate':
$order = FILES_DATE;
break;
case 'filetype':
$order = FILES_TYPE;
break;
case 'filedownloads':
$order = FILES_DOWNLOADS;
break;
case 'filename':
default:
$order = FILES_NAME;
break;
}
// descending or ascending?
if ($desc == 1) {
$ascending = false;
}
// get all files from the database/ which are registered in the database
$filesArrayTmp = $files->FillArray($order, $ascending);
//print str_replace(' ',' ',nl2br(print_r($fileArray, true)));
//die();
$filesCount = count($filesArrayTmp);
$filesArray = array();
for ($i = 0; $i < $filesCount; $i++) {
$fileArray = $filesArrayTmp[$i];
if (substr($fileArray['FILE_NAME'], 0, $pathLen) == $path && strlen($fileArray['FILE_NAME']) > $pathLen && !strpos($fileArray['FILE_NAME'], '/', $pathLen + 1)) {
$fileArray['FILE_SIZE'] = kbormb($fileArray['FILE_SIZE']);
$fileArray['FILE_DATE'] = date($dateFormat, $fileArray['FILE_DATE']);
$fileArray['FILE_DOWNLOAD_FILE'] = sprintf($this->_Translation->GetTranslation('download_file_%file%'), $fileArray['FILE_NAME']);
$fileArray['FILE_DELETE_FILE'] = sprintf($this->_Translation->GetTranslation('delete_file_%file%'), $fileArray['FILE_NAME']);
$fileArray['FILE_MOVE_FILE'] = sprintf($this->_Translation->GetTranslation('move_file_%file%'), $fileArray['FILE_NAME']);
$preview = '';
if (strpos($fileArray['FILE_TYPE'], 'image/') === 0) {
$image = new ImageConverter($fileArray['FILE_PATH']);
// max: 100px;
$maximum = 100;
$size = $image->CalcSizeByMax($maximum);
$imageUrl = $image->SaveResizedTo($size[0], $size[1], $thumbnailfolder, $size[0] . 'x' . $size[1] . '_');
if (file_exists($imageUrl)) {
$preview = "<img alt=\"{$fileArray['FILE_NAME']}\" src=\"" . generateUrl($imageUrl) . "\" />";
}
}
$fileArray['FILE_PREVIEW'] = $preview;
if ($pathLen > 0) {
$fileArray['FILE_NAME'] = substr($fileArray['FILE_NAME'], $pathLen + 1);
}
if ($fileArray['FILE_TYPE'] == 'dir') {
$det = $pathLen > 0 ? '/' : '';
$fileArray['FILE_NAME'] = '<a href="admin.php?page=files&path=' . $path . $det . $fileArray['FILE_NAME'] . '">' . $fileArray['FILE_NAME'] . '</a>';
}
$fileArray['FILE_ACTION'] = '';
if ($fileArray['FILE_TYPE'] != 'dir') {
$file_id = $fileArray['FILE_ID'];
$fileArray['FILE_ACTION'] .= '<a href="download.php?file_id=' . $file_id . '" ><img src="img/download.png" alt="[' . $fileArray['FILE_DOWNLOAD_FILE'] . ']" title="' . $fileArray['FILE_DOWNLOAD_FILE'] . '"/></a>';
$fileArray['FILE_ACTION'] .= '<a href="admin.php?page=files&action=move&file_id=' . $file_id . '" ><img src="img/restore.png" alt="[' . $fileArray['FILE_MOVE_FILE'] . ']" title="' . $fileArray['FILE_MOVE_FILE'] . '"/></a>';
}
$filesArray[] = $fileArray;
}
}
$this->_ComaLate->SetReplacement('FILES', $filesArray);
$this->_ComaLate->SetReplacement('SIZE_COUNT', kbormb($files->SizeCount));
$this->_ComaLate->SetReplacement('LANG_ALTOGETHER', $this->_Translation->GetTranslation('altogether'));
$out .= '<FILES:loop>
<tr>
<td>{FILE_PREVIEW}</td>
<td>{FILE_NAME}</td>
<td>{FILE_SIZE}</td>
<td>{FILE_DATE}</td>
<td>{FILE_TYPE}</td>
<td>{FILE_DOWNLOADS}</td>
<td>{FILE_ACTION}
<a href="admin.php?page=files&action=delete&file_id={FILE_ID}" ><img src="img/del.png" alt="[{FILE_DELETE_FILE}]" title="{FILE_DELETE_FILE}" /></a></td>
</tr>
</FILES>
</table>
{LANG_ALTOGETHER} {SIZE_COUNT}';
return $out;
}
/**
* @return void
*/
function LoadPage($pagename)
{
$load_old = false;
$change = GetPostOrGet('change');
if (is_numeric($change) && $this->_User->IsLoggedIn && $change != 0) {
$load_old = true;
} else {
$change = 0;
}
if ($load_old) {
$sql = "SELECT *\r\n\t\t\t\t\tFROM " . DB_PREFIX . "pages_history\r\n\t\t\t\t\tWHERE page_id={$pagename}\r\n\t\t\t\t\tORDER BY page_date ASC\r\n\t\t\t\t\tLIMIT " . ($change - 1) . ",1";
} else {
$sql = "SELECT *\r\n\t\t\t\t\t\tFROM " . DB_PREFIX . "pages\r\n\t\t\t\t\t\tWHERE page_name='{$pagename}' AND page_lang='{$this->_Translation->OutputLanguage}'";
}
$page_result = $this->_SqlConnection->SqlQuery($sql);
if (!($page_data = mysql_fetch_object($page_result))) {
$sql = "SELECT *\r\n\t\t\t\t\t\tFROM " . DB_PREFIX . "pages\r\n\t\t\t\t\t\tWHERE page_name='{$pagename}'";
$page_result = $this->_SqlConnection->SqlQuery($sql);
if (!($page_data = mysql_fetch_object($page_result))) {
$sql = "SELECT *\r\n\t\t\t\t\t\t\tFROM " . DB_PREFIX . "pages\r\n\t\t\t\t\t\t\tWHERE page_id='{$pagename}'";
$page_result = $this->_SqlConnection->SqlQuery($sql);
if (!($page_data = mysql_fetch_object($page_result))) {
header("Location: special.php?page=404&want={$pagename}");
die;
}
}
}
//TODO: access deleted pages
if (!$load_old && $page_data->page_access == 'deleted') {
header("Location: special.php?page=410&want={$pagename}");
//HTTP 410 Gone
die;
}
//TODO: generate a warning if an 'old' page is shown
$this->Title = $page_data->page_title;
$this->PositionOfPage($page_data->page_id);
$this->PageID = $page_data->page_id;
$this->Language = $page_data->page_lang;
if ($page_data->page_type == 'text') {
include __ROOT__ . '/classes/page/page_text.php';
$page = new Page_Text($this->_SqlConnection, $this->_Config, $this->_Translation, $this->_ComaLate, $this->_User);
if (!is_numeric($change)) {
$change = 0;
}
$page->LoadPageFromRevision($page_data->page_id, $change);
$this->Text = $page->HTML;
} elseif ($page_data->page_type == 'gallery') {
include __ROOT__ . '/classes/page/page_gallery.php';
$page = new Page_Gallery($this->_SqlConnection, $this->_Config, $this->_Translation, $this->_ComaLate, $this->_User);
$page->LoadPage($page_data->page_id);
$this->Text = $page->HTML;
}
if ($load_old || $page_data->page_access == 'deleted') {
$this->Text = "\n<div class=\"warning\">Sie befinden sich auf einer Seite, die so wie Sie sie sehen, nicht mehr existiert.</div>\n\n" . $this->Text;
}
}
/**
* Removes all users from a group after asking for confirmation
*
* @access private
* @return string A template for the confirmation formular
*/
function _RemoveAllUsers()
{
// Get external parameters
$GroupID = GetPostOrGet('group_id');
$Confirmation = GetPostOrGet('confirmation');
if ($GroupID != 0 && $Confirmation == 1) {
// we got a group... check wether it got any users and if remove all of them
$sql = 'SELECT *
FROM ' . DB_PREFIX . "group_users\n\t\t\t\t\t\tWHERE group_id='{$GroupID}'";
$result = $this->_SqlConnection->SqlQuery($sql);
if (mysql_fetch_object($result)) {
// The group got some users... remove them!
mysql_free_result($result);
$sql = 'DELETE
FROM ' . DB_PREFIX . "group_users\n\t\t\t\t\t\t\tWHERE group_id='{$GroupID}'";
$this->_SqlConnection->SqlQuery($sql);
$template = "\r\n\t\t\t\t" . $this->_ViewGroup($GroupID);
return $template;
} else {
// Nothing to do... there are no users in the group...
$template = "\r\n\t\t\t\t" . $this->_ViewGroup($GroupID);
return $template;
}
} elseif ($GroupID != 0) {
// Get some information about the group
$sql = 'SELECT group_name
FROM ' . DB_PREFIX . "groups\n\t\t\t\t\t\tWHERE group_id={$GroupID}";
$result = $this->_SqlConnection->SqlQuery($sql);
$group = mysql_fetch_object($result);
$group = $group->group_name;
mysql_free_result($result);
// Generate a formular to find a new user for the group
$formMaker = new FormMaker($this->_Translation->GetTranslation('todo'), $this->_SqlConnection);
$formMaker->AddForm('remove_all_users', 'admin.php', $this->_Translation->GetTranslation('remove'), $this->_Translation->GetTranslation('remove_all_users'), 'post');
$formMaker->AddHiddenInput('remove_all_users', 'page', 'groups');
$formMaker->AddHiddenInput('remove_all_users', 'action', 'remove_all_users');
$formMaker->AddHiddenInput('remove_all_users', 'group_id', $GroupID);
$formMaker->AddInput('remove_all_users', 'confirmation', 'select', $this->_Translation->GetTranslation('remove_users'), sprintf($this->_Translation->GetTranslation('do_you_really_want_to_remove_all_users_from_the_group_%group%?'), $group));
$formMaker->AddSelectEntry('remove_all_users', 'confirmation', true, 0, $this->_Translation->GetTranslation('no'));
$formMaker->AddSelectEntry('remove_all_users', 'confirmation', false, 1, $this->_Translation->GetTranslation('yes'));
// Generate the template to correct the inputs
$template = "\r\n\t\t\t\t" . $formMaker->GenerateSingleFormTemplate($this->_ComaLate, false);
return $template;
} else {
// Set the user back to the homepage
$template = "\r\n\t\t\t\t" . $this->_HomePage();
return $template;
}
}
function UseModule($Identifer, $Parameters)
{
$Parameters = explode('&', $Parameters);
$all = false;
$count = 6;
$location = '%';
// parse all parameters
foreach ($Parameters as $parameter) {
$parameter = explode('=', $parameter, 2);
if (empty($parameter[1])) {
$parameter[1] = true;
}
${$parameter}[0] = $parameter[1];
}
$dates = new Dates($this->_SqlConnection, $this->_ComaLib, $this->_User, $this->_Config);
// we want to get "all" dates
if ($all) {
$count = -1;
}
$datesArray = array();
$found = 0;
// get the count of all possible matches
// if location is set, it is a conditional request
if ($location != '%') {
$found = $dates->GetExtendedCount($location);
} else {
$found = $dates->GetCount();
}
$start = 0;
$linksArray = array();
$linksTemplate = '';
$links = uniqid('LINKS_');
// it is usefull to use "page links"
if ($found > $count && $count > 1) {
$parts = $found / $count;
$max = round($parts, 0);
$max = $max >= $parts ? $max : $max + 1;
$linksTemplate = '<' . $links . ':loop>
<a href="?page={PAGE_ID}&page_nr={LINK_NR}">{LINK_TEXT}</a> {LINK_MINUS}
</' . $links . '>';
$pageNr = GetPostOrGet('page_nr');
if (!is_numeric($pageNr)) {
$pageNr = 0;
}
if ($pageNr > 0) {
$linksTemplate = '<a href="?page={PAGE_ID}&page_nr=' . ($pageNr - 1) . '">{LANG_PREVIOUS}</a> -' . $linksTemplate;
}
if ($pageNr < $max - 1) {
$linksTemplate .= ' - <a href="?page={PAGE_ID}&page_nr=' . ($pageNr + 1) . '">{LANG_NEXT}</a>';
}
for ($i = 0; $i < $parts; $i++) {
$linksArray[$i] = array('LINK_NR' => $i, 'LINK_TEXT' => $i + 1, 'LINK_MINUS' => '-');
}
$linksArray[$max - 1]['LINK_MINUS'] = '';
$this->_ComaLate->SetReplacement($links, $linksArray);
$this->_ComaLate->SetReplacement('LANG_NEXT', $this->_Translation->GetTranslation('next'));
$this->_ComaLate->SetReplacement('LANG_PREVIOUS', $this->_Translation->GetTranslation('previous'));
$linksTemplate = '<div>' . $linksTemplate . '</div>';
$start = $count * $pageNr;
if ($start > $found) {
$start = ($max - 1) * $count;
}
}
// Get the array with the dates
if ($location != '%') {
$datesArray = $dates->ExtendedFillArray($location, $count, $start);
} else {
$datesArray = $dates->FillArray($count, $start);
}
$name = uniqid('EVENTS_');
$this->_ComaLate->SetReplacement($name, $datesArray);
$this->_ComaLate->SetReplacement('PAGE_ID', GetPostOrGet('page'));
$this->_ComaLate->SetReplacement('LANG_DATE', $this->_Translation->GetTranslation('date'));
$this->_ComaLate->SetReplacement('LANG_LOCATION', $this->_Translation->GetTranslation('location'));
$this->_ComaLate->SetReplacement('LANG_TOPIC', $this->_Translation->GetTranslation('topic'));
$template = '</p>' . $linksTemplate . '
<table class="full_width">
<thead>
<tr>
<th class="table_date_width">
{LANG_DATE}
</th>
<th class="small_width">
{LANG_LOCATION}
</th>
<th>
{LANG_TOPIC}
</th>
</tr>
</thead>
<tbody>
<' . $name . ':loop>
<tr>
<td>
{EVENT_DATE}
</td>
<td>
{EVENT_LOCATION}
</td>
<td>
{EVENT_TOPIC_HTML}
</td>
</tr>
</' . $name . '>
</tbody>
</table>' . $linksTemplate . '<p>';
return $template;
}
/**
*
* string page_users()
* returns the user-admin-page where you can add, change and delete users
*
*/
function page_users()
{
global $_GET, $_POST, $PHP_SELF, $admin_lang, $actual_user_id, $actual_user_passwd_md5, $actual_user_online_id, $actual_user_online_id, $_SERVER, $user;
$out = "";
if (isset($_GET['action']) || isset($_POST['action'])) {
if (isset($_GET['action'])) {
$action = $_GET['action'];
} else {
$action = $_POST['action'];
}
$user_id = GetPostOrGet('user_id', 0);
$user_name = GetPostOrGet('user_name', '');
$user_showname = GetPostOrGet('user_showname', '');
$user_email = GetPostOrGet('user_email', '');
$user_icq = GetPostOrGet('user_icq', '');
$user_admin = GetPostOrGet('user_admin', '');
$user_password = GetPostOrGet('user_password', '');
$user_password_confirm = GetPostOrGet('user_password_confirm', '');
if ($action == "add") {
if ($user_name == "" || $user_showname == "" || $user_password == "" || $user_password != $user_password_confirm) {
$action = "add-error";
} elseif ($user_email != "" && !isEMailAddress($user_email)) {
$action = "add-error";
} elseif ($user_icq != "" && !isIcqNumber($user_icq)) {
$action = "add-error";
} else {
if ($user_admin == "on") {
$user_admin = "y";
} else {
$user_admin = "n";
}
$user_icq = str_replace("-", "", $user_icq);
$user_password = md5($user_password);
$sql = "INSERT INTO " . DB_PREFIX . "users\r\n\t\t\t\t\t\t(user_showname, user_name, user_password, user_registerdate, user_admin, user_icq, user_email)\r\n\t\t\t\t\t\tVALUES ('{$user_showname}', '{$user_name}', '{$user_password}', '" . mktime() . "', '{$user_admin}', '{$user_icq}', '{$user_email}')";
db_result($sql);
}
} elseif ($action == "save") {
if ($user_name == "" || $user_showname == "" || $user_password != $user_password_confirm) {
$action = "save-error";
} elseif ($user_email != "" && !isEMailAddress($user_email)) {
$action = "save-error";
} elseif ($user_icq != "" && !isIcqNumber($user_icq)) {
$action = "save-error";
} else {
if ($user_password != "") {
$user_password = "******" . md5($user_password) . "'";
}
if ($user_admin == "on") {
$user_admin = "user_admin= 'y', ";
} else {
$user_admin = "user_admin= 'n', ";
}
$user_icq = str_replace("-", "", $user_icq);
if ($user_id == $user->ID) {
if ($user_password_confirm != "") {
$actual_user_passwd_md5 = md5($user_password_confirm);
}
$actual_user_name = $user_name;
setcookie("CMS_user_cookie", $actual_user_online_id . "|" . $actual_user_name . "|" . $actual_user_passwd_md5, time() + 14400);
}
$sql = "UPDATE " . DB_PREFIX . "users\r\n\t\t\t\t\tSET user_showname='{$user_showname}', user_name='{$user_name}', user_email='{$user_email}', {$user_admin} user_icq='{$user_icq}'{$user_password}\r\n\t\t\t\t\tWHERE user_id={$user_id}";
db_result($sql);
}
} elseif ($action == "delete") {
if (isset($_GET['sure']) || isset($_POST['sure'])) {
if (isset($_GET['sure'])) {
$sure = $_GET['sure'];
} else {
$sure = $_POST['sure'];
}
if ($sure == 1 && $user_id != $user->ID) {
$sql = "SELECT *\r\n\t\t\t\t\t\t\tFROM " . DB_PREFIX . "users\r\n\t\t\t\t\t\t\tWHERE user_id={$user_id}";
$result = db_result($sql);
$user_data = mysql_fetch_object($result);
$sql = "DELETE FROM " . DB_PREFIX . "users\r\n\t\t\t\t\t\t\tWHERE user_id={$user_id}";
db_result($sql);
$out .= "Der Benutzer "" . $user_data->user_showname . "" ist nun unwiederuflich gelöscht worden!<br />";
}
} else {
$sql = "SELECT *\r\n\t\t\t\t\t\tFROM " . DB_PREFIX . "users\r\n\t\t\t\t\t\tWHERE user_id={$user_id}";
$result = db_result($sql);
$user = mysql_fetch_object($result);
$out .= "Den Benutzer "" . $user->user_showname . "" unwiederruflich löschen?<br />\r\n\t\t\t\t<a href=\"admin.php?page=users&action=delete&user_id=" . $user_id . "&sure=1\" title=\"Wirklich Löschen\" class=\"button\">" . $admin_lang['yes'] . "</a>\r\n\t\t\t\t<a href=\"admin.php?page=users\" title=\"Nicht Löschen\" class=\"button\">" . $admin_lang['no'] . "</a>";
return $out;
}
}
if ($action == "edit" || $action == "new" || $action == "add-error" || $action == "save-error") {
if ($user_id != 0 || $action == "new" || $action == "add-error" || $action == "save-error") {
if ($user_id != 0) {
$sql = "SELECT *\r\n\t\t\t\t\t\t\tFROM " . DB_PREFIX . "users\r\n\t\t\t\t\t\t\tWHERE user_id={$user_id}";
$user_result = db_result($sql);
if (($user = mysql_fetch_object($user_result)) || $action == "new") {
if ($action != "save-error") {
$user_showname = $user->user_showname;
$user_name = $user->user_name;
$user_email = $user->user_email;
$user_icq = $user->user_icq;
$user_admin = $user->user_admin;
}
}
}
$out .= "\t\t\t<form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\">\r\n\t\t\t\t<input type=\"hidden\" name=\"page\" value=\"users\"/>\r\n";
if ($action == "new" || $action == "add-error") {
$out .= "\t\t\t\t<input type=\"hidden\" name=\"action\" value=\"add\"/>\r\n";
} else {
$out .= "\t\t\t\t<input type=\"hidden\" name=\"action\" value=\"save\"/>\r\n\t\t\t\t<input type=\"hidden\" name=\"user_id\" value=\"" . $user_id . "\"/>\r\n";
}
$out .= "\t\t\t\t<fieldset><legend>Benutzer</legend>\r\n\t\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t\t<label><strong>Anzeigename:</strong>";
if ($action == "add-error" || $action == "save-error" && $user_showname == "") {
$out .= "\t\t\t\t\t\t\t<span class=\"error\">Der Anzeigename darf nicht leer sein.</span>\r\n";
}
$out .= "\t\t\t\t\t\t\t<span class=\"info\">Der Name wird immer angezeigt, wenn der Benutzer z.B. einen News-Eintrag geschrieben hat.(Notwendig)</span>\r\n\t\t\t\t\t\t</label>\r\n\t\t\t\t\t\t\t<input type=\"text\" name=\"user_showname\" value=\"" . $user_showname . "\" />\r\n\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t\t<label><strong>Nick:</strong>\r\n";
if ($action == "add-error" || $action == "save-error" && $user_name == "") {
$out .= "\t\t\t\t\t\t\t<span class=\"error\">Der Nick muss angegeben werden.</span>\r\n";
}
$out .= "\t\t\t\t\t\t\t<span class=\"info\">Mit dem Nick kann sich der Benutzer einloggen, so muss er nicht seinen unter Umständen komplizierten Namen,der angezeigt wird, eingeben muss. (Notwendig)</span>\r\n\t\t\t\t\t\t</label>\r\n\t\t\t\t\t\t\t<input type=\"text\" name=\"user_name\" value=\"" . $user_name . "\" />\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t\t<label><strong>E-Mail:</strong>\r\n";
if ($action == "add-error" || $action == "save-error" && $user_email != "" && !isEMailAddress($user_email)) {
$out .= "\t\t\t\t\t\t\t<span class=\"error\">Die Angegebene E-Mail-Adresse ist ungültig.</span>\r\n";
}
$out .= "\t\t\t\t\t\t\t<span class=\"info\">Über die Egl-Mail-Adresse wird der Benutzer kontaktiert. Sie ist also notwendig.</span>\r\n\t\t\t\t\t\t</label>\r\n\t\t\t\t\t\t\t<input type=\"text\" name=\"user_email\" value=\"" . $user_email . "\" />\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t\t<label><strong>ICQ:</strong>\r\n";
if (($action == "add-error" || $action == "save-error") && ($user_icq != "" && !isIcqNumber($user_icq))) {
$out .= "\t\t\t\t\t\t\t<span class=\"error\">Die Angegebene ICQ-Nummer ist ungültig.</span>\r\n";
}
$out .= "\t\t\t\t\t\t\t<span class=\"info\">Die ICQ Nummer kann angegben werden, ist aber nicht dirngend notwendig.</span>\r\n\t\t\t\t\t\t</label>\r\n\t\t\t\t\t\t\t<input type=\"text\" name=\"user_icq\" value=\"" . $user_icq . "\" maxlength=\"12\" />\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t\t<label><strong>Passwort:</strong>\r\n";
if (($action == "add-error" || $action == "save-error") && $user_password != "" && $user_password_confirm != "" && $user_password != $user_password_confirm) {
$out .= "\t\t\t\t\t\t\t<span class=\"error\">Das Passwort und seine Wiederholung sind ungleich</span>\r\n";
$user_password = "";
$user_password_confirm = "rep-wrong";
} elseif ($action == "add-error" && $user_password == "") {
$out .= "\t\t\t\t\t\t\t<span class=\"error\">Das Passwort fehlt.</span>\r\n";
$user_password_confirm = "";
} elseif ($action == "save-error" && $user_password_confirm != "" && $user_password == "") {
$out .= "\t\t\t\t\t\t\t<span class=\"error\">Das Passwort fehlt obwohl die Wiederholung angegeben war.</span>\r\n";
$user_password_confirm = "";
}
if ($action == "add-error" && $user_password_confirm == "" && $user_password != "") {
$user_password = "";
}
$out .= "\t\t\t\t\t\t\t<span class=\"info\">Mit diesem Passwort kann sich der Benutzer in die geschätzten Bereiche einloggen. (";
if ($action == "save-error" || $action == "edit") {
$out .= "Wenn beide Felder für das Passwort leer gelassen werden, wird das Passwort nicht verändert.";
} elseif ($action == "add-error" || $action == "new") {
$out .= "Notwendig";
}
$out .= ")</span>\r\n\t\t\t\t\t\t</label>\r\n\t\t\t\t\t\t\t<input type=\"password\" name=\"user_password\" value=\"" . "\" />\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t\t<label><strong>Passwort wiederholen:</strong>\r\n";
if (($action == "add-error" || $action == "save-error") && $user_password == "" && $user_password_confirm == "rep-wrong") {
$out .= "\t\t\t\t\t\t\t<span class=\"error\">Das Passwort und seine Wiederholung sind ungleich</span>\r\n";
$user_password = "";
$user_password_confirm = "";
} elseif ($action == "add-error" && $user_password_confirm == "") {
$out .= "\t\t\t\t\t\t\t<span class=\"error\">Die Wiederholung des Passwortes fehlt.</span>\r\n";
} elseif ($action == "save-error" && $user_password != "" && $user_password_confirm == "") {
$out .= "\t\t\t\t\t\t\t<span class=\"error\">Die Wiederholung des Passwortes fehlt.</span>\r\n";
}
$out .= "\t\t\t\t\t\t\t<span class=\"info\">Durch eine Wiederholung wird sichergestellt, dass man sich bei der Eingabe nicht vertippt hat.";
if ($action == "add-error" || $action == "add") {
$out .= "(Notwendig)";
}
$out .= "</span>\r\n\t\t\t\t\t\t</label>\r\n\t\t\t\t\t\t\t<input type=\"password\" name=\"user_password_confirm\" value=\"" . "\" />\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t\t<label><strong>Administrator:</strong>\r\n\t\t\t\t\t\t\t<span class=\"info\">Ist ein Benutzer Administrator so hat er keinerlei Einschränkungen in seinem Handeln. <strong>Nur auswählen wenn es wirklich Notwendig ist.</strong></span>\r\n\t\t\t\t\t\t</label>\r\n\t\t\t\t\t\t\t<input type=\"checkbox\" name=\"user_admin\"";
if ($user_admin == "y" || $user_admin == "on") {
$out .= " checked=\"true\"";
}
$out .= "/>\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t\t\t<input type=\"submit\" class=\"button\" value=\"";
if ($action == "new") {
$out .= $admin_lang['create'];
} else {
$out .= $admin_lang['save'];
}
$out .= "\" />\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t</fieldset>\r\n\t\t\t</form>";
return $out;
}
}
}
$out .= "\t\t\t<table class=\"text_table full_width\">\r\n\t\t\t\t<tr>\r\n\t\t\t\t\t<th>" . $admin_lang['name'] . "</th>\r\n\t\t\t\t\t<th>Kürzel</th>\r\n\t\t\t\t\t<th>Email</th>\r\n\t\t\t\t\t<th>Admin</th>\r\n\t\t\t\t\t<th>Aktionen</th>\r\n\t\t\t\t</tr>\r\n";
$users_result = db_result("SELECT * FROM " . DB_PREFIX . "users");
while ($user_db = mysql_fetch_object($users_result)) {
$out .= "\t\t\t\t<tr>\r\n\t\t\t\t\t<td>{$user_db->user_showname}</td>\r\n\t\t\t\t\t<td>{$user_db->user_name}</td>\r\n\t\t\t\t\t<td>{$user_db->user_email}</td>\r\n\t\t\t\t\t<td>";
if ($user_db->user_admin == 'y') {
$out .= $admin_lang['yes'];
} else {
$out .= $admin_lang['no'];
}
$out .= "</td>\r\n\t\t\t\t\t<td><a href=\"" . $PHP_SELF . "?page=users&action=edit&user_id=" . $user_db->user_id . "\" ><img src=\"./img/edit.png\" height=\"16\" width=\"16\" alt=\"" . $admin_lang['edit'] . "\" title=\"" . $admin_lang['edit'] . "\"/></a>";
if ($user->ID == $user_db->user_id) {
$out .= " ";
} else {
$out .= "<a href=\"" . $PHP_SELF . "?page=users&action=delete&user_id=" . $user_db->user_id . "\" ><img src=\"./img/del.png\" height=\"16\" width=\"16\" alt=\"" . $admin_lang['delete'] . "\" title=\"" . $admin_lang['delete'] . "\"/></a>";
}
$out .= "</td>\r\n\t\t\t\t</tr>\r\n";
}
//<tr><td colspan="7"><a href="<?php echo $PHP_SELF."?newuser=y"; " />Neuen User hinzufügen</a></td></tr>
$out .= "\t\t\t</table>\r\n\t\t\t<a href=\"" . $PHP_SELF . "?page=users&action=new\" title=\"Einen neuen Benutzer erstellen\" class=\"button\">Neuen Benutzer erstellen</a>";
//( if(!isset($pw)) { $pw = "1"; } if(!isset($pwwdh)) { $pwwdh= "1"; } if($pw!=$pwwdh) { echo "<h3>Die Wiederhohlung des Passwortes ist fehlerhaft...<br>Aus diesem Grund wurde der Eintrag nicht gespeichert.</h3>"; }
return $out;
}
/**
* Dectivates the page which is transmitted in $GET/POST['name']
* @access private
* @return srting
*/
function _DeactivatePage()
{
$moduleName = GetPostOrGet('name');
// is the module existent?
if (file_exists("modules/{$moduleName}/{$moduleName}_info.php")) {
// get the 'other' modules
$modulesActivated = unserialize($this->_Config->Get('modules_activated'));
// no data was saved...
if (is_array($modulesActivated)) {
// is the module activated?
if (in_array($moduleName, $modulesActivated)) {
// 'deactivate' it!
unset($modulesActivated[array_search($moduleName, $modulesActivated)]);
// Save these changes
$this->_Config->Save('modules_activated', serialize($modulesActivated));
}
}
// Go back to the default-view
return $this->_HomePage();
}
}
function _EditPageMoveUp($PageID)
{
$imageID = GetPostOrGet('imageID');
$sql = "SELECT gallery.gallery_id\n\t\t\t\t\tFROM (" . DB_PREFIX . "pages page\n\t\t\t\t\tLEFT JOIN " . DB_PREFIX . "pages_gallery gallery ON page.page_id = gallery.page_id)\n\t\t\t\t\tWHERE page.page_id={$PageID} AND page.page_type='gallery'\n\t\t\t\t\tLIMIT 1";
$pageResult = $this->_SqlConnection->SqlQuery($sql);
$pageData = mysql_fetch_object($pageResult);
$galleryID = $pageData->gallery_id;
$sql = "SELECT *\n\t\t \t\t\tFROM " . DB_PREFIX . "gallery\n\t\t \t\t\tWHERE gallery_id={$galleryID} AND gallery_file_id={$imageID}";
$firstImageResult = $this->_SqlConnection->SqlQuery($sql);
$firstImage = mysql_fetch_object($firstImageResult);
$firstID = $firstImage->gallery_file_id;
$firstOrderid = $firstImage->gallery_orderid;
$sql = "SELECT *\n\t\t \t\t\tFROM " . DB_PREFIX . "gallery\n\t\t \t\t\tWHERE gallery_id={$galleryID} AND gallery_orderid < {$firstOrderid}\n\t\t \t\t\tORDER BY gallery_orderid DESC";
$secondImageResult = $this->_SqlConnection->SqlQuery($sql);
if ($secondImage = mysql_fetch_object($secondImageResult)) {
$secondID = $secondImage->gallery_file_id;
$secondOrderid = $secondImage->gallery_orderid;
$sql = "UPDATE " . DB_PREFIX . "gallery\n\t\t \t\t\t\tSET gallery_orderid={$secondOrderid} \n\t\t \t\t\t\tWHERE gallery_id={$galleryID} AND gallery_file_id={$firstID}";
$this->_SqlConnection->SqlQuery($sql);
$sql = "UPDATE " . DB_PREFIX . "gallery\n\t\t \t\t\t\tSET gallery_orderid={$firstOrderid} \n\t\t \t\t\t\tWHERE gallery_id={$galleryID} AND gallery_file_id={$secondID}";
$this->_SqlConnection->SqlQuery($sql);
}
return $this->_EditPageOverview($PageID);
}
include 'classes/inlinemenu.php';
include 'classes/module.php';
include 'functions.php';
include 'lib/comalate/comalate.class.php';
$lib = new ComaLib();
$extern_page = GetPostOrGet('page');
$queries_count = 0;
define('DB_PREFIX', $d_pre);
$sqlConnection = new Sql($d_user, $d_pw, $d_server);
$sqlConnection->Connect($d_base);
$config = new Config();
$config->LoadAll();
$user = new User($sqlConnection);
$output = new ComaLate();
$styleName = $config->Get('style', 'default');
$headerStyleName = GetPostOrGet('style');
if (!empty($headerStyleName)) {
$styleName = $headerStyleName;
}
$output->LoadTemplate('./styles/', $styleName);
$output->SetMeta('generator', 'ComaCMS v0.2 (http://comacms.berlios.de)');
$output->SetCondition('notinadmin', true);
if (!isset($extern_page) && endsWith($_SERVER['PHP_SELF'], 'index.php')) {
$extern_page = $config->Get('default_page', 'home');
} elseif (!isset($extern_page)) {
$extern_page = '';
}
if (startsWith($extern_page, 'a:')) {
header('Location: admin.php?page=' . substr($extern_page, 2));
die;
} elseif (startsWith($extern_page, 's:')) {
/**
* Returns a template for a userprofile
* @access private
* @return string Template
*/
function _ShowProfile()
{
// Initialize the template
$template = '<h2>{LANG_USERPROFILE}</h2>';
$this->_ComaLate->SetReplacement('LANG_USERPROFILE', $this->_Translation->GetTranslation('user_profile'));
// Get external parameters
$UserName = GetPostOrGet('user_name');
// Get information about the user from the database
$sql = "SELECT *\n\t\t\t\t\tFROM " . DB_PREFIX . "users\n\t\t\t\t\tWHERE user_name='{$UserName}'";
$userResult = $this->_SqlConnection->SqlQuery($sql);
if ($user = mysql_fetch_object($userResult)) {
// Generate profile array
$userProfile = array();
$userProfile[] = array('PROFILE_FIELD_NAME' => 'showname', 'PROFILE_FIELD_TRANSLATION' => $this->_Translation->GetTranslation('showname'), 'PROFILE_FIELD_VALUE' => $user->user_showname, 'PROFILE_FIELD_INFORMATION' => $this->_Translation->GetTranslation('the_name_that_is_displayed_if_the_user_writes_a_news_for_example'));
$userProfile[] = array('PROFILE_FIELD_NAME' => 'email', 'PROFILE_FIELD_TRANSLATION' => $this->_Translation->GetTranslation('email'), 'PROFILE_FIELD_VALUE' => $user->user_email, 'PROFILE_FIELD_INFORMATION' => $this->_Translation->GetTranslation('using_the_email_address_the_user_is_contacted_by_the_system'));
$userProfile[] = array('PROFILE_FIELD_NAME' => 'preferred_language', 'PROFILE_FIELD_TRANSLATION' => $this->_Translation->GetTranslation('preferred_language'), 'PROFILE_FIELD_VALUE' => $this->_Translation->GetTranslation($user->user_preferred_language), 'PROFILE_FIELD_INFORMATION' => $this->_Translation->GetTranslation('this_is_the_preferred_language_of_the_user'));
// Get custom fields
$sql = "SELECT value.custom_fields_values_value, field.custom_fields_information, field.custom_fields_name, field.custom_fields_title, field.custom_fields_required\n\t\t\t\t\t\tFROM (" . DB_PREFIX . "custom_fields field\n\t\t\t\t\t\tLEFT JOIN " . DB_PREFIX . "custom_fields_values value\n\t\t\t\t\t\tON field.custom_fields_id = value.custom_fields_values_fieldid)\n\t\t\t\t\t\tWHERE value.custom_fields_values_userid='{$user->user_id}'";
$customFieldsValuesResult = $this->_SqlConnection->SqlQuery($sql);
while ($customFieldsValue = mysql_fetch_object($customFieldsValuesResult)) {
$userProfile[] = array('PROFILE_FIELD_NAME' => $customFieldsValue->custom_fields_name, 'PROFILE_FIELD_TRANSLATION' => $customFieldsValue->custom_fields_title, 'PROFILE_FIELD_VALUE' => $customFieldsValue->custom_fields_values_value, 'PROFILE_FIELD_INFORMATION' => $customFieldsValue->custom_fields_information . ($customFieldsValue->custom_fields_required == 1 ? ' ' . $this->_Translation->GetTranslation('(required)') : ''));
}
$this->_ComaLate->SetReplacement('USER_PROFILE', $userProfile);
// Set replacements for language
$this->_ComaLate->SetReplacement('LANG_PROFILE', $this->_Translation->GetTranslation('profile'));
// Generate the template
$template .= '<fieldset>
<legend>{LANG_PROFILE}</legend>
<USER_PROFILE:loop>
<div class="row">
<label for="{PROFILE_FIELD_NAME}">
<strong>{PROFILE_FIELD_TRANSLATION}:</strong>
<span class="info">{PROFILE_FIELD_INFORMATION}</span>
</label>
<span class="edit">{PROFILE_FIELD_VALUE} </span>
</div>
</USER_PROFILE>
</fieldset>
';
return $template;
} else {
return $template . "\r\n\t\t\t" . $this->_Translation->GetTranslation('the_user_could_not_be_found');
}
}
$config_data .= '$d_server = \'' . $database_server . '\';' . "\r\n";
$config_data .= '$d_user = \'' . $database_username . '\';' . "\r\n";
$config_data .= '$d_pw = \'' . $database_password . '\';' . " \r\n";
$config_data .= '$d_base = \'' . $database_name . '\';' . "\r\n";
$config_data .= '$d_pre = \'' . $database_prefix . '\';' . " \r\n\r\n";
$config_data .= 'define(\'COMACMS_INSTALLED\', true);' . "\r\n";
$config_data .= '?>';
$fp = @fopen('../config.php', 'w');
$result = @fputs($fp, $config_data, strlen($config_data));
@fclose($fp);
$content = "<input type=\"hidden\" name=\"step\" value=\"6\" />\r\n\t\t\t\t<input type=\"hidden\" name=\"lang\" value=\"{$language}\" />\r\n\t\t\t\t<input type=\"hidden\" name=\"confirmation\" value=\"yes\" />\r\n\t\t\t\t<legend>{$admin_lang['create_administrator']}</legend>\r\n\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t<label for=\"admin_showname\">\r\n\t\t\t\t\t\t<strong>{$admin_lang['name']}:</strong>\r\n\t\t\t\t\t\t<span class=\"info\">{$admin_lang['todo']}</span>\r\n\t\t\t\t\t</label>\r\n\t\t\t\t\t<input type=\"text\" name=\"admin_showname\" id=\"admin_showname\"/>\r\n\t\t\t\t</div>\r\n\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t<label for=\"admin_name\">\r\n\t\t\t\t\t\t<strong>{$admin_lang['loginname']}:</strong>\r\n\t\t\t\t\t\t<span class=\"info\">{$admin_lang['todo']}</span>\r\n\t\t\t\t\t</label>\r\n\t\t\t\t\t<input type=\"text\" name=\"admin_name\" id=\"admin_name\"/>\r\n\t\t\t\t</div>\r\n\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t<label for=\"admin_password\">\r\n\t\t\t\t\t\t<strong>{$admin_lang['password']}:</strong>\r\n\t\t\t\t\t\t<span class=\"info\">{$admin_lang['todo']}</span>\r\n\t\t\t\t\t</label>\r\n\t\t\t\t\t<input type=\"password\" name=\"admin_password\" id=\"admin_password\"/>\r\n\t\t\t\t</div>\r\n\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t<label for=\"admin_password2\">\r\n\t\t\t\t\t\t<strong>{$admin_lang['password_repetition']}:</strong>\r\n\t\t\t\t\t\t<span class=\"info\">{$admin_lang['todo']}</span>\r\n\t\t\t\t\t</label>\r\n\t\t\t\t\t<input type=\"password\" name=\"admin_password2\" id=\"admin_password2\"/>\r\n\t\t\t\t</div>\r\n\t\t\t\t\r\n\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t<input type=\"submit\" value=\"{$admin_lang['next']}\"/>\r\n\t\t\t\t</div>\r\n\t\t";
} elseif ($step == 6 && $confirmation == 'yes') {
$admin_name = GetPostOrGet('admin_name');
$admin_showname = GetPostOrGet('admin_showname');
$admin_password = GetPostOrGet('admin_password');
$admin_password2 = GetPostOrGet('admin_password2');
include '../config.php';
require_once '../classes/sql.php';
$sql = "INSERT INTO {$d_pre}users (user_name, user_showname, user_password, user_registerdate, user_admin, user_icq)\r\n\t\tVALUES ('{$admin_name}', '{$admin_showname}', '" . md5($admin_password) . "', '" . mktime() . "', 'y', '');\r\n\t\tINSERT INTO {$d_pre}config (config_name, config_value)\r\n\t\tVALUES ('install_date', '" . mktime() . "');\r\n\t\tINSERT INTO {$d_pre}pages (page_lang, page_access, page_name, page_title, page_parent_id, page_creator, page_type, page_date, page_edit_comment)\r\n\t\tVALUES('de', 'public', 'home', '{$admin_lang['homepage']}', 0, 1, 'text', " . mktime() . ", 'Installed the Homepage');";
//TODO: make sure that the id of the default page is everytime the right one
$ok = true;
if ($admin_name == "" || $admin_showname == "" || $admin_password == "") {
$content = $admin_lang['the_form_was_not_filled_in_completely'];
"Die Angaben zum Adminaccount sind unvollständig.";
$content .= "<a class=\"button\" href=\"install.php?lang={$language}&step=3\">{$admin_lang['back']}</a>";
$ok = false;
}
if ($admin_password != $admin_password2) {
$content = $admin_lang['the_repetition_of_the_password_was_incorrect'];
//"Das Passwort wurde nicht korrekt wiederholt";
$content .= "<a class=\"button\" href=\"install.php?lang={$language}&step=3\">{$admin_lang['back']}</a>";
}
$menuArray[] = array($translation->GetTranslation('logout'), 'logout');
// Switch between the subpages of the userinterface
$subpage = GetPostOrGet('subpage');
$action = GetPostOrGet('action');
switch ($subpage) {
case 'logout':
// call the logout and redirect to the index
$user->Logout();
header("Location: index.php");
die;
case 'memberlist':
include_once __ROOT__ . '/classes/user/user_memberlist.php';
$memberlist = new User_Memberlist($sqlConnection, $translation, $config, $user, $lib, $output);
$title = $translation->GetTranslation('memberlist');
$text = $memberlist->GetPage(GetPostOrGet('action'), 'userinterface');
break;
case 'userinterface':
default:
if (substr($page, 0, 7) == 'module_') {
// get the name of the module which's admin-interface should be shown
$moduleName = substr($page, 7);
$access = $config->Get($moduleName . '_author_access');
if (!is_bool($access)) {
if (file_exists(__ROOT__ . "/modules/{$moduleName}/{$moduleName}_info.php")) {
$module = array();
include __ROOT__ . "/modules/{$moduleName}/{$moduleName}_info.php";
if (array_key_exists('author_access', $module)) {
$access = $module['author_access'];
} else {
$access = false;
/**
* @param string MailTo The reciever of the mail
*/
function _sendMail($MailTo)
{
$mailFromName = GetPostOrGet('contact_mail_from_name');
$mailFrom = GetPostOrGet('contact_mail_from');
$message = GetPostOrGet('contact_message');
$action = GetPostOrGet('action');
$antispam = GetPostOrGet('contact_important_name');
$mailError = '';
if ($antispam != '') {
$mailError = $this->_Translation->GetTranslation('please_leave_the_important_name_field_empty');
}
// no email
if ($mailFrom == '') {
$mailError = $this->_Translation->GetTranslation('the_email_address_must_be_indicated');
} else {
if (!isEMailAddress($mailFrom)) {
$mailError = $this->_Translation->GetTranslation('this_is_a_invalid_email_address');
}
}
$check = false;
if ($action != '') {
$check = true;
}
$template = $this->_mailForm($mailFromName, $mailFrom, $message, $check);
if ($template == '') {
// who is the 'real' sender
$from = $this->_Config->Get('administrator_emailaddress', 'administrator@comacms');
// the information about the sender
$fromInfo = $mailFromName . ' <' . $mailFrom . '>';
// the title of the message
$title = sprintf($this->_Translation->GetTranslation('new_email_from_a_visitor_of_%homepage%'), $this->_Config->Get('pagename', 'homepage'));
//generate the message
$messageContent = sprintf($this->_Translation->GetTranslation('contact_message_%from%_%message'), $fromInfo, $message);
$output = "</p><fieldset><legend>" . $this->_Translation->GetTranslation('contact') . "</legend>";
// try to send the email
if ($mailError != '') {
$output .= $mailError;
} else {
if (sendmail($MailTo, $from, $title, $messageContent)) {
$output .= $this->_Translation->GetTranslation('your_message_was_sent_succesdfully');
} else {
// TODO: try to give some hints what to do
$output .= $this->_Translation->GetTranslation('an_error_occured_on_sending_this_message');
}
}
$output .= '</fieldset><p>';
return $output;
} else {
// otherwise show the mailform to make it possible to correct the input
return $template;
}
}
# created : 2005-07-11
# copyright : (C) 2005-2007 The ComaCMS-Team
# email : comacms@williblau.de
#----------------------------------------------------------------------
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#----------------------------------------------------------------------
/**
* @ignore
*/
define('COMACMS_RUN', true);
// include the file common.php to make all preparing actions
include 'common.php';
$action = GetPostOrGet('action');
if (!isset($page)) {
$page = 'admincontrol';
}
if ($page == '') {
$page = 'admincontrol';
}
if (!isset($action)) {
$action = '';
}
// If the user isn't logged in
if (!$user->IsLoggedIn) {
$redirect = '';
if ($page != '') {
$redirect .= '&redirect=' . rawurldecode($page);
}
/**
* Deletes a Menu by it's ID
* @access public
* @return void
*/
function _DeleteMenuSure()
{
// Get external parameters
$MenuID = GetPostOrGet('menu_id');
$MenuName = GetPostOrGet('menu_name');
// Check external parameters
if (is_numeric($MenuID) && $MenuName != 'DEFAULT' && $MenuName != '') {
// Remove the menu from the database
$sql = "DELETE\n \t\t\t\t\tFROM " . DB_PREFIX . "menu\n \t\t\t\t\tWHERE menu_id='{$MenuID}'";
$this->_SqlConnection->SqlQuery($sql);
// Remove all entrys of the menu from the database
$sql = "DELETE\n\t\t\t\t\tFROM " . DB_PREFIX . "menu_entries\n\t\t\t\t\tWHERE menu_entries_menuid='{$MenuID}'";
$this->_SqlConnection->SqlQuery($sql);
}
}
/**
* Checks the administrator inputs
* @access private
* @param string $Language The actual language
* @return void Returns the add administrator page or sets the user back to the database settings
*/
function _CheckAdministrator($Language)
{
// Get external parameters
$Style = GetPostOrGet('style');
$Confirmation = GetPostOrGet('confirmation');
$AdminShowName = GetPostOrGet('admin_showname');
$AdminName = GetPostOrGet('admin_name');
$AdminPassword = GetPostOrGet('admin_password');
$AdminPassword2 = GetPostOrGet('admin_password2');
// Give config variables their default value to prevent PHP Eclipse from warning about a missing variable
$d_server = 'localhost';
$d_pre = 'comacms_';
$d_user = '******';
$d_pw = '';
$d_base = 'comacms';
// Is the database realy Initialized or tries someone to skip the databasesettings?
if ($Confirmation != 'yes') {
header("Location: install.php?page=5&lang={$Language}&style={$Style}&confirmation=yes");
}
// Initialize the FormMaker class
$formMaker = new FormMaker($this->_Translation->GetTranslation('todo'), $this->_SqlConnection);
// Add a new form for the admin registration
$formMaker->AddForm('admin_registration', 'install.php', $this->_Translation->GetTranslation('next'), $this->_Translation->GetTranslation('create_administrator'), 'post');
// Add the hidden inputs
$formMaker->AddHiddenInput('admin_registration', 'page', '8');
$formMaker->AddHiddenInput('admin_registration', 'lang', $Language);
$formMaker->AddHiddenInput('admin_registration', 'style', $Style);
$formMaker->AddHiddenInput('admin_registration', 'confirmation', 'yes');
// Add the inputs
$formMaker->AddInput('admin_registration', 'admin_showname', 'text', $this->_Translation->GetTranslation('name'), $this->_Translation->GetTranslation('the_name_that_is_displayed_if_the_user_writes_a_news_for_example'), $AdminShowName);
$formMaker->AddInput('admin_registration', 'admin_name', 'text', $this->_Translation->GetTranslation('loginname'), $this->_Translation->GetTranslation('with_this_nick_the_user_can_login_so_he_must_not_fill_in_his_long_name'), $AdminName);
$formMaker->AddInput('admin_registration', 'admin_password', 'password', $this->_Translation->GetTranslation('password'), $this->_Translation->GetTranslation('with_this_password_the_user_can_login_to_restricted_areas'), $AdminPassword);
$formMaker->AddInput('admin_registration', 'admin_password2', 'password', $this->_Translation->GetTranslation('password_repetition'), $this->_Translation->GetTranslation('it_is_guaranteed_by_a_repetition_that_the_user_did_not_mistype_during_the_input'), $AdminPassword2);
// Add the checks for the formular
$formMaker->AddCheck('admin_registration', 'admin_showname', 'empty', $this->_Translation->GetTranslation('the_name_must_be_indicated'));
$formMaker->AddCheck('admin_registration', 'admin_name', 'empty', $this->_Translation->GetTranslation('the_nickname_must_be_indicated'));
$formMaker->AddCheck('admin_registration', 'admin_password', 'empty', $this->_Translation->GetTranslation('the_password_field_must_not_be_empty'));
$formMaker->AddCheck('admin_registration', 'admin_password', 'not_same_password_value_as', $this->_Translation->GetTranslation('the_password_and_its_repetition_are_unequal'), 'admin_password2');
$formMaker->AddCheck('admin_registration', 'admin_password2', 'empty', $this->_Translation->GetTranslation('the_password_field_must_not_be_empty'));
// Check the form and generate errorinformations
$ok = $formMaker->CheckInputs('admin_registration', true);
// If everything is ok
if ($ok && $Confirmation == 'yes') {
include __ROOT__ . '/config.php';
$sql = "INSERT INTO {$d_pre}users (user_name, user_showname, user_password, user_registerdate, user_admin, user_activated)\n\t\t\t\t\t\tVALUES ('{$AdminName}', '{$AdminShowName}', '" . md5($AdminPassword) . "', '" . mktime() . "', 1, 1);\n\t\t\t\t\t\tINSERT INTO {$d_pre}config (config_name, config_value)\n\t\t\t\t\t\tVALUES ('install_date', '" . mktime() . "');\n\t\t\t\t\t\tINSERT INTO {$d_pre}config (config_name, config_value)\n\t\t\t\t\t\tVALUES ('style', '{$Style}');\n\t\t\t\t\t\tINSERT INTO {$d_pre}pages (page_lang, page_access, page_name, page_title, page_parent_id, page_creator, page_type, page_date, page_edit_comment)\n\t\t\t\t\t\tVALUES('{$Language}', 'public', 'home', '" . $this->_Translation->GetTranslation('homepage') . "', 0, 1, 'text', " . mktime() . ", 'Installed the Homepage');";
$this->_SqlConnection = new Sql($d_user, $d_pw, $d_server);
$this->_SqlConnection->Connect($d_base);
$this->_SqlConnection->SqlExecMultiple($sql);
$lastid = mysql_insert_id();
$sql = "INSERT INTO {$d_pre}pages_text (page_id, text_page_text,text_page_html)\n\t\t\t\t\t\tVALUES ({$lastid}, '" . $this->_Translation->GetTranslation('welcome_to_this_homepage') . "', '" . $this->_Translation->GetTranslation('welcome_to_this_homepage') . "')";
$this->_SqlConnection->SqlQuery($sql);
// Lead on to the next page
header("Location: install.php?page=9&lang={$Language}&style={$Style}");
die;
} else {
// Generate template
$template = "\r\n\t\t\t\t" . $formMaker->GenerateMultiFormTemplate(&$this->_ComaLate, true);
return $template;
}
}
/**
* Gets HTML out from the different parts of the Menuengine
* @access public
* @param string Action parts name of the Menuengine
* @return string HTML Code of the menu part
*/
function GetPage($Action = '')
{
$adminLang = $this->_AdminLang;
$out = "\r\n\t\t\t<h2>" . $adminLang['menu-editor'] . "</h2>\r\n";
switch ($Action) {
case 'newEntry':
$out .= $this->_AddMenuEntry(GetPostOrGet('menu_menuid'), GetPostOrGet('menu_name'));
break;
case 'addEntry':
$out .= $this->_Menu->AddMenuEntry(GetPostOrGet('menu_entry_menuid'), GetPostOrGet('menu_entry_title'), GetPostOrGet('menu_entry_link'), GetPostOrGet('menu_entry_css_id'));
$out .= $this->_ShowMenu(GetPostOrGet('menu_entry_menuid'), GetPostOrGet('menu_name'));
break;
case 'editEntry':
$out .= $this->_EditMenuEntry(GetPostOrGet('menu_entry_id'), GetPostOrGet('menu_entry_menuid'), GetPostOrGet('menu_name'));
break;
case 'updateEntry':
$out .= $this->_Menu->UpdateMenuEntry(GetPostOrGet('menu_entry_id'), GetPostOrGet('menu_entry_menuid'), GetPostOrGet('menu_entry_title'), GetPostOrGet('menu_entry_link'), GetPostOrGet('menu_entry_css_id'));
$out .= $this->_ShowMenu(GetPostOrGet('menu_entry_menuid'), GetPostOrGet('menu_name'));
break;
case 'up':
$out .= $this->_Menu->ItemMoveUp(GetPostOrGet('menu_entry_orderid'), GetPostOrGet('menu_entry_menuid'));
$out .= $this->_ShowMenu(GetPostOrGet('menu_entry_menuid'), GetPostOrGet('menu_name'));
break;
case 'down':
$out .= $this->_Menu->ItemMoveDown(GetPostOrGet('menu_entry_orderid'), GetPostOrGet('menu_entry_menuid'));
$out .= $this->_ShowMenu(GetPostOrGet('menu_entry_menuid'), GetPostOrGet('menu_name'));
break;
case 'deleteEntry':
$out .= $this->_DeleteMenuEntry(GetPostOrGet('menu_entry_id'), GetPostOrGet('menu_entry_menuid'), GetPostOrGet('menu_name'));
break;
case 'deleteEntrySure':
$out .= $this->_Menu->DeleteMenuEntry(GetPostOrGet('menu_entry_id'));
$out .= $this->_ShowMenu(GetPostOrGet('menu_entry_menuid'), GetPostOrGet('menu_name'));
break;
case 'newMenu':
$out .= $this->_AddMenu();
break;
case 'addMenu':
$out .= $this->_Menu->AddMenu(GetPostOrGet('menu_title'));
$out .= $this->_HomePage();
break;
case 'editMenu':
$out .= $this->_EditMenu(GetPostOrGet('menu_menuid'), GetPostOrGet('menu_name'));
break;
case 'updateMenu':
$out .= $this->_Menu->UpdateMenu(GetPostOrGet('menu_menuid'), GetPostOrGet('menu_title'), GetPostOrGet('menu_name'));
$out .= $this->_HomePage();
break;
case 'deleteMenu':
$out .= $this->_DeleteMenu(GetPostOrGet('menu_menuid'), GetPostOrGet('menu_name'));
break;
case 'deleteMenuSure':
$out .= $this->_Menu->DeleteMenu(GetPostOrGet('menu_menuid'), GetPostOrGet('menu_name'));
$out .= $this->_HomePage();
break;
case 'showMenu':
$out .= $this->_ShowMenu(GetPostOrGet('menu_entries_menuid'), GetPostOrGet('menu_name'));
break;
default:
$out .= $this->_HomePage(GetPostOrGet('menu_id'));
}
return $out;
}
/**
* Checks the inputs of the user and saves them to the database if they are correct
* @access private
* @return string The template for the correctionspage
*/
function _CheckProfile()
{
// Get external parameters
$UserID = GetPostOrGet('user_id');
// Check wether the actual logged in user is the same that should be edited
if ($UserID == $this->_User->ID) {
// Get the values of the editfields
$UserShowname = GetPostOrGet('user_showname');
$UserName = GetPostOrGet('user_name');
$UserEmail = GetPostOrGet('user_email');
$UserPassword = GetPostOrGet('user_password');
$UserPasswordRepetition = GetPostOrGet('user_password_repetition');
$UserPreferredLanguage = GetPostOrGet('user_preferred_language');
// Get the missing data of the user
$sql = "SELECT user_email\n\t\t\t\t\t\tFROM " . DB_PREFIX . "users\n\t\t\t\t\t\tWHERE user_id='{$this->_User->ID}'";
$userResult = $this->_SqlConnection->SqlQuery($sql);
$user = mysql_fetch_object($userResult);
mysql_free_result($userResult);
// Initialize the formmaker class
$formMaker = new FormMaker($this->_Translation->GetTranslation('todo'), $this->_SqlConnection);
$formMaker->AddForm('edit_user', 'special.php', $this->_Translation->GetTranslation('save'), $this->_Translation->GetTranslation('user'), 'post');
$formMaker->AddHiddenInput('edit_user', 'page', 'userinterface');
$formMaker->AddHiddenInput('edit_user', 'action', 'check_profile');
$formMaker->AddHiddenInput('edit_user', 'user_id', $UserID);
$formMaker->AddInput('edit_user', 'user_showname', 'text', $this->_Translation->GetTranslation('name'), $this->_Translation->GetTranslation('the_name_that_is_displayed_if_the_user_writes_a_news_for_example'), $UserShowname);
$formMaker->AddCheck('edit_user', 'user_showname', 'empty', $this->_Translation->GetTranslation('the_nickname_must_be_indicated'));
if ($this->_User->Showname != $UserShowname) {
$formMaker->AddCheck('edit_user', 'user_showname', 'already_assigned', $this->_Translation->GetTranslation('the_name_is_already_assigned'), '', 'users', 'user_showname');
}
$formMaker->AddInput('edit_user', 'user_name', 'text', $this->_Translation->GetTranslation('loginname'), $this->_Translation->GetTranslation('with_this_nick_the_user_can_login_so_he_must_not_fill_in_his_long_name'), $UserName);
$formMaker->AddCheck('edit_user', 'user_name', 'empty', $this->_Translation->GetTranslation('the_nickname_must_be_indicated'));
if ($this->_User->Name != $UserName) {
$formMaker->AddCheck('edit_user', 'user_name', 'already_assigned', $this->_Translation->GetTranslation('the_nickname_is_already_assigned'), '', 'users', 'user_name');
}
$formMaker->AddInput('edit_user', 'user_email', 'text', $this->_Translation->GetTranslation('email'), $this->_Translation->GetTranslation('using_the_email_address_the_user_is_contacted_by_the_system'), $UserEmail);
$formMaker->AddCheck('edit_user', 'user_email', 'empty', $this->_Translation->GetTranslation('the_email_address_must_be_indicated'));
$formMaker->AddCheck('edit_user', 'user_email', 'not_email', $this->_Translation->GetTranslation('this_is_not_a_valid_email_address'));
if ($user->user_email != $UserEmail) {
$formMaker->AddCheck('edit_user', 'user_email', 'already_assigned', $this->_Translation->GetTranslation('the_email_is_already_assigned_to_another_user'), '', 'users', 'user_email');
}
$formMaker->AddInput('edit_user', 'user_password', 'password', $this->_Translation->GetTranslation('password'), $this->_Translation->GetTranslation('with_this_password_the_user_can_login_to_restricted_areas'), !empty($UserPassword) ? $UserPassword : '');
$formMaker->AddInput('edit_user', 'user_password_repetition', 'password', $this->_Translation->GetTranslation('password_repetition'), $this->_Translation->GetTranslation('it_is_guaranteed_by_a_repetition_that_the_user_did_not_mistype_during_the_input'), !empty($UserPasswordRepetition) ? $UserPasswordRepetition : '');
if (!empty($UserPassword) || !empty($UserPasswordRepetition)) {
$formMaker->AddCheck('edit_user', 'user_password', 'empty', $this->_Translation->GetTranslation('the_password_field_must_not_be_empty'));
$formMaker->AddCheck('edit_user', 'user_password', 'not_same_password_value_as', $this->_Translation->GetTranslation('the_password_and_its_repetition_are_unequal'), 'user_password_repetition');
$formMaker->AddCheck('edit_user', 'user_password_repetition', 'empty', $this->_Translation->GetTranslation('the_password_field_must_not_be_empty'));
}
$formMaker->AddInput('edit_user', 'user_preferred_language', 'select', $this->_Translation->GetTranslation('preferred_language'), $this->_Translation->GetTranslation('this_is_your_preferred_language_of_the_installed_ones'));
// Get all languages installed in the system
$languageFolder = dir(__ROOT__ . "/lang/");
while ($file = $languageFolder->read()) {
// check if the found file is really a language file
if ($file != "." && $file != ".." && strpos($file, 'lang_') === 0 && substr($file, -4) == '.php') {
// extract the pure language name
$file = str_replace('lang_', '', $file);
$file = str_replace('.php', '', $file);
// Check wether the language is the actual one of the user
if ($UserPreferredLanguage == $file) {
$selected = true;
} else {
$selected = false;
}
// Add the found language to the formmaker class
$formMaker->AddSelectEntry('edit_user', 'user_preferred_language', $selected, $file, $this->_Translation->GetTranslation($file));
}
}
// Get custom fields
$sql = "SELECT value.custom_fields_values_value, field.custom_fields_information, field.custom_fields_name, field.custom_fields_title, field.custom_fields_type, field.custom_fields_required\n\t\t\t\t\tFROM (" . DB_PREFIX . "custom_fields field\n\t\t\t\t\tLEFT JOIN " . DB_PREFIX . "custom_fields_values value\n\t\t\t\t\tON field.custom_fields_id = value.custom_fields_values_fieldid)\n\t\t\t\t\tWHERE value.custom_fields_values_userid='{$this->_User->ID}'\n\t\t\t\t\tOR value.custom_fields_values_userid IS NULL";
$customFieldsDataResult = $this->_SqlConnection->SqlQuery($sql);
while ($customFieldsData = mysql_fetch_object($customFieldsDataResult)) {
// Get external value for that field
${$customFieldsData->custom_fields_name} = GetPostOrGet($customFieldsData->custom_fields_name);
// Add input to the formmaker class
$formMaker->AddInput('edit_user', $customFieldsData->custom_fields_name, 'text', $customFieldsData->custom_fields_title, $customFieldsData->custom_fields_information . ($customFieldsData->custom_fields_required == 1 ? ' ' . $this->_Translation->GetTranslation('(required)') : ''), ${$customFieldsData->custom_fields_name});
// Get the type of the field
switch ($customFieldsData->custom_fields_type) {
case 'EMail':
$type = 'not_email';
$text = $this->_Translation->GetTranslation('this_is_not_a_valid_email_address');
break;
case 'ICQ':
$type = 'not_icq';
$text = $this->_Translation->GetTranslation('this_is_not_a_valid_icq_number');
break;
default:
$type = '';
$text = '';
break;
}
// Add necessary checks
if ($customFieldsData->custom_fields_required == 1) {
// Check wether the field has any value
$formMaker->AddCheck('edit_user', $customFieldsData->custom_fields_name, 'empty', sprintf($this->_Translation->GetTranslation('you_have_to_give_a_value_for_the_field_%field%!'), $customFieldsData->custom_fields_title));
// Check wether the field has the necessary value
if (!empty($type) && !empty($text)) {
$formMaker->AddCheck('edit_user', $customFieldsData->custom_fields_name, $type, $text);
}
} else {
if (!empty(${$customFieldsData->custom_fields_name})) {
$formMaker->AddCheck('edit_user', $customFieldsData->custom_fields_name, $type, $text);
}
}
}
if ($formMaker->CheckInputs('edit_user', true)) {
$user_password = !empty($UserPassword) ? ", user_password='******'" : '';
// Update the user in the database
$sql = "UPDATE " . DB_PREFIX . "users\n\t\t\t\t\t\t\tSET user_showname='{$UserShowname}',\n\t\t\t\t\t\t\t\tuser_name='{$UserName}',\n\t\t\t\t\t\t\t\tuser_preferred_language='{$UserPreferredLanguage}',\n\t\t\t\t\t\t\t\tuser_email='{$UserEmail}'{$user_password}\n\t\t\t\t\t\t\tWHERE user_id={$UserID}";
$this->_SqlConnection->SqlQuery($sql);
// Get custom fields
$sql = "SELECT value.custom_fields_values_value, field.custom_fields_name, value.custom_fields_values_id, field.custom_fields_id, value.custom_fields_values_userid\n\t\t\t\t\t\tFROM (" . DB_PREFIX . "custom_fields field\n\t\t\t\t\t\tLEFT JOIN " . DB_PREFIX . "custom_fields_values value\n\t\t\t\t\t\tON field.custom_fields_id = value.custom_fields_values_fieldid)\n\t\t\t\t\t\tWHERE value.custom_fields_values_userid='{$this->_User->ID}'\n\t\t\t\t\t\tOR value.custom_fields_values_userid IS NULL";
$customFieldsDataResult = $this->_SqlConnection->SqlQuery($sql);
while ($customFieldsData = mysql_fetch_object($customFieldsDataResult)) {
// Get external value for that field
${$customFieldsData->custom_fields_name} = GetPostOrGet($customFieldsData->custom_fields_name);
if ($customFieldsData->custom_fields_values_userid != '') {
// Update existing entry
$sql = "UPDATE " . DB_PREFIX . "custom_fields_values\n\t\t\t\t\t\t\t\t\tSET custom_fields_values_value='" . ${$customFieldsData->custom_fields_name} . "'\n\t\t\t\t\t\t\t\t\tWHERE custom_fields_values_id='{$customFieldsData->custom_fields_values_id}'";
$this->_SqlConnection->SqlQuery($sql);
} else {
// Insert a new entry into the database
$sql = "INSERT INTO " . DB_PREFIX . "custom_fields_values\n\t\t\t\t\t\t\t\t\t(custom_fields_values_userid, custom_fields_values_fieldid, custom_fields_values_value)\n\t\t\t\t\t\t\t\t\tVALUES ('{$this->_User->ID}', '{$customFieldsData->custom_fields_id}', '" . ${$customFieldsData->custom_fields_name} . "')";
$this->_SqlConnection->SqlQuery($sql);
}
}
// Set user back to userinterface
header('Location: special.php?page=userinterface&lang=' . $UserPreferredLanguage);
die;
} else {
// Generate the template
$template = "\r\n\t\t\t\t" . $formMaker->GenerateMultiFormTemplate(&$this->_ComaLate, true);
return $template;
}
} else {
if ($this->_User->IsAdmin) {
header('Location: admin.php?page=users&action=edit_user&user_id=' . $UserID);
} else {
return $this->_Translation->GetTranslation('you_have_no_right_to_edit_the_profile_of_another_user');
}
}
}
function getPage($Action)
{
$output = ' ';
switch ($Action) {
case 'show':
$articleId = GetPostOrGet('articleId');
if (is_numeric($articleId)) {
$output = $this->_ShowArticlePage($articleId);
} else {
$output = $this->_OverviewPage();
}
break;
default:
$output = $this->_OverviewPage();
}
return $output;
}
/**
* @access private
* @return string
*/
function _deletePage()
{
$confirmation = GetPostOrGet('confirmation');
$dateID = GetPostOrGet('dateID');
$dates = new Dates($this->_SqlConnection, $this->_ComaLib, $this->_User, $this->_Config);
// has the user confirmed that he is sure to delete the date?
if ($confirmation == 1 && is_numeric($dateID)) {
$dates->DeleteDate($dateID);
} else {
if (is_numeric($dateID)) {
$dateEntry = $dates->GetDate($dateID);
if (count($dateEntry) > 0) {
$out = "<h2>{$this->_Lang['delete_date']}</h2>\r\n";
$out .= sprintf($this->_Lang['Do_you_really_want_to_delete_the_date_%date_topic%_for_the_%date%_at_%time%_o_clock'], $dateEntry['DATE_TOPIC'], date("d.m.Y", $dateEntry['DATE_DATE']), date("H:i", $dateEntry['DATE_DATE']));
$out .= "<br />\r\n\t\t\t<a class=\"button\" href=\"admin.php?page=module_dates&action=delete&dateID={$dateID}&confirmation=1\" title=\"Wirklich Löschen\">{$this->_Lang['yes']}</a>\r\n\t\t\t<a class=\"button\" href=\"admin.php?page=module_dates\" title=\"Nicht Löschen\">{$this->_Lang['no']}</a>";
return $out;
}
}
}
return $this->_homePage();
}
/**
* Create a new Useraccount for the actual page
* @param Sql &$SqlConnection A link to the SqlConnection class
* @param Language &$Translation A link to the Translation class
* @param Config &$Config A link to the configuration of the system
* @return void
*/
function Account(&$SqlConnection, &$Translation, &$Config)
{
global $_COOKIE;
// Set local links to the System classes
$this->_SqlConnection =& $SqlConnection;
$this->_Translation =& $Translation;
$this->_Config =& $Config;
// Get external Variables
$LoginName = GetPostOrGet('login_name');
$LoginPassword = GetPostOrGet('login_password');
$Lang = strtolower(GetPostOrGet('lang'));
// Tells the cookie: "the user is logged in!"?
if (isset($_COOKIE['ComaCMS_user'])) {
$this->OnlineID = $_COOKIE['ComaCMS_user'];
}
// Tries somebody to log in?
if (!empty($LoginName) && !empty($LoginPassword)) {
$this->Name = $LoginName;
$this->PasswordMd5 = md5($LoginPassword);
}
// Has the user no OnlineId? Generate one!
$newOnlineID = false;
if ($this->OnlineID == '') {
$this->OnlineID = md5(uniqid(rand()));
$newOnlineID = true;
}
if ($LoginName === '' && $LoginPassword === '') {
$this->LoginError = 3;
} elseif ($LoginName === '' && $LoginPassword !== '') {
$this->LoginError = 1;
} elseif ($LoginName !== '' && $LoginPassword === '') {
$this->LoginError = 2;
} elseif ($this->Name != '' && $this->PasswordMd5 != '') {
$sql = "SELECT *\r\n\t\t\t\t\tFROM " . DB_PREFIX . "users\r\n\t\t\t\t\tWHERE user_name='{$this->Name}'\r\n\t\t\t\t\tLIMIT 1";
$original_user_result = $this->_SqlConnection->SqlQuery($sql);
if ($original_user = mysql_fetch_object($original_user_result)) {
// If the user was found check if it is activated
if ($original_user->user_activated == '1') {
// If the user is activated check if the typed password is right
if ($original_user->user_password === $this->PasswordMd5) {
$this->IsLoggedIn = true;
$this->Showname = $original_user->user_showname;
$this->Name = $original_user->user_name;
$this->ID = $original_user->user_id;
if ($original_user->user_admin == '1') {
$this->IsAdmin = true;
}
$this->LoginError = 0;
} else {
$this->IsAdmin = false;
$this->IsLoggedIn = false;
$this->Name = '';
$this->PasswordMd5 = '';
$this->LoginError = 4;
}
} else {
// If the user is not activated set him back to login and throw exception
$this->IsAdmin = false;
$this->IsLoggedIn = false;
$this->Name = '';
$this->PasswordMd5 = '';
$this->LoginError = 5;
}
} else {
// If the user was not found set him back to login
$this->IsAdmin = false;
$this->IsLoggedIn = false;
$this->Name = '';
$this->PasswordMd5 = '';
$this->LoginError = 4;
}
} elseif ($this->OnlineID != '' && !$newOnlineID) {
$sql = "SELECT user.user_showname, user.user_admin, user.user_name, user.user_id, online.online_loggedon, online.online_ip\r\n\t\t\t\t\tFROM (\r\n\t\t\t\t\t\t" . DB_PREFIX . "users user LEFT JOIN " . DB_PREFIX . "online online\r\n\t\t\t\t\t\tON online.online_userid = user.user_id\r\n\t\t\t\t\t)\r\n\t\t\t\t\tWHERE online.online_id = '{$this->OnlineID}'\r\n\t\t\t\t\tLIMIT 1";
$onlineUserResult = $this->_SqlConnection->SqlQuery($sql);
if ($onlineUser = mysql_fetch_object($onlineUserResult)) {
$ip = getenv('REMOTE_ADDR');
// the user has the same ip and is saved as logged on? Give him his rights!
if ($ip == $onlineUser->online_ip && $onlineUser->online_loggedon == 'yes') {
$this->IsLoggedIn = true;
$this->Showname = $onlineUser->user_showname;
$this->Name = $onlineUser->user_name;
$this->ID = $onlineUser->user_id;
if ($onlineUser->user_admin == '1') {
$this->IsAdmin = true;
}
$this->LoginError = 0;
} else {
$this->ID = $onlineUser->user_id;
$this->IsAdmin = false;
$this->IsLoggedIn = false;
$this->Name = '';
$this->PasswordMd5 = '';
$this->LoginError = -1;
}
}
}
// Load authorizations for the user
if ($this->IsLoggedIn) {
$this->AccessRights = new Authentication(&$this->_SqlConnection, $this->ID);
$this->AccessRights->LoadAll();
}
// Set the cookie (for the next 1 hour/3600 seconds)
setcookie('ComaCMS_user', $this->OnlineID, time() + 3600);
// Check: has the user changed the language by hand?
if (!empty($Lang)) {
$this->_Translation->SetOutputLanguage($Lang);
} elseif (isset($_COOKIE['ComaCMS_user_lang'])) {
$this->_Translation->SetOutputLanguage($_COOKIE['ComaCMS_user_lang']);
} elseif ($this->IsLoggedIn) {
$sql = "SELECT user_preferred_language\r\n\t\t\t\t\t\tFROM " . DB_PREFIX . "users\r\n\t\t\t\t\t\tWHERE user_id='{$this->ID}'";
$userResult = $this->_SqlConnection->SqlQuery($sql);
if ($user = mysql_fetch_object($userResult)) {
$this->_Translation->SetOutputLanguage($user->user_preferred_language);
}
}
// if no language is set, load the language from the HTTP-header
if (!$this->_Translation->CheckOutputLanguage()) {
if (isset($_ENV['HTTP_ACCEPT_LANGUAGE'])) {
$langs = $_ENV['HTTP_ACCEPT_LANGUAGE'];
$langs = preg_replace("#\\;q=[0-9\\.]+#i", '', $langs);
$langs = explode(',', $langs);
foreach ($langs as $lang) {
if ($this->_Translation->SetOutputLanguage($lang)) {
break;
}
}
}
}
// If still no language was determined get the default language of the system and if not set use english as default
if (!$this->_Translation->CheckOutputLanguage()) {
$this->_Translation->SetOutputLanguage($this->_Config->Get('default_langugage', 'en'));
}
// Set the cookie (for the next 93(= 3x31) days)
setcookie('ComaCMS_user_lang', $this->_Translation->OutputLanguage, time() + 8035200);
}
function Edit($page_id, $title = '', $text = '', $edit_comment = '')
{
global $_SERVER, $admin_lang;
$change = GetPostOrGet('change');
$count = 1;
$out = '';
$page_data = null;
$got_mysql = false;
if ($text == '' && $title == '') {
if (is_numeric($change) && $text == '' && $title == '') {
$out .= "<strong>Achtung:</strong> Sie bearbeiten nicht die aktuelle Version, wenn Sie speichern wird ihr Text den aktuellen Text überschreiben!";
$sql = "SELECT *\r\n\t\t\t\t\t\tFROM (" . DB_PREFIX . "pages_history page\r\n\t\t\t\t\t\tLEFT JOIN " . DB_PREFIX . "pages_text_history text ON text.page_id = page.id ) \r\n\t\t\t\t\t\tWHERE page.page_id={$page_id}\r\n\t\t\t\t\t\tORDER BY page.page_date ASC\r\n\t\t\t\t\t\tLIMIT " . ($change - 1) . ",1";
} else {
if ($text == '' && $title == '') {
$sql = "SELECT *\r\n\t\t\t\t\t\tFROM " . DB_PREFIX . "pages_history\r\n\t\t\t\t\t\tWHERE page_id = {$page_id}\r\n\t\t\t\t\t\tLIMIT 0,1";
$count_result = db_result($sql);
$count = mysql_num_rows($count_result);
$sql = "SELECT struct.page_id, struct.page_title, text.text_page_text, struct.page_edit_comment\r\n\t\t\t\t\t\tFROM ( " . DB_PREFIX . "pages struct\r\n\t\t\t\t\t\tLEFT JOIN " . DB_PREFIX . "pages_text text ON text.page_id = struct.page_id )\r\n\t\t\t\t\t\tWHERE struct.page_id='{$page_id}' AND struct.page_type='text'";
}
}
$page_result = db_result($sql);
if ($page_data = mysql_fetch_object($page_result)) {
$got_mysql = true;
}
}
if ($got_mysql || ($text != '' || $title != '')) {
if ($text != '' || $title != '') {
$page_title = stripslashes($title);
$page_text = stripslashes($text);
$page_edit_comment = stripslashes($edit_comment);
$show_preview = true;
} else {
$page_title = $page_data->page_title;
$page_text = $page_data->text_page_text;
$page_edit_comment = $admin_lang['edited'] . '...';
$show_preview = false;
}
$page_text = str_replace('&', '&', $page_text);
// FIXME: doesn't solve the problem with umlauts
/*$page_text = str_replace('�', 'ä', $page_text);
$page_text = str_replace('�', 'Ä', $page_text);
$page_text = str_replace('�', 'ü', $page_text);
$page_text = str_replace('�', 'Ü', $page_text);
$page_text = str_replace('�', 'ö', $page_text);
$page_text = str_replace('�', 'Ö', $page_text);
$page_text = str_replace('�', 'ß', $page_text);
**/
$page_text = str_replace('<', '<', $page_text);
$page_text = str_replace('>', '>', $page_text);
$out .= "\t\t\t<fieldset><legend>Seite Bearbeiten</legend><form action=\"admin.php\" method=\"post\">\r\n\t\t\t\t<input type=\"hidden\" name=\"page\" value=\"pagestructure\" />\r\n\t\t\t\t<input type=\"hidden\" name=\"action\" value=\"savePage\" />\r\n\t\t\t\t<input type=\"hidden\" name=\"pageID\" value=\"{$page_id}\" />\r\n\t\t\t\t<input type=\"text\" name=\"pageTitle\" value=\"{$page_title}\" /><br />\r\n\t\t\t\t<script type=\"text/javascript\" language=\"JavaScript\" src=\"system/functions.js\"></script>\r\n\t\t\t\t<script type=\"text/javascript\" language=\"javascript\">\r\n\t\t\t\t\twriteButton(\"img/button_fett.png\",\"Formatiert Text fett\",\"**\",\"**\",\"Fetter Text\",\"f\");\r\n\t\t\t\t\twriteButton(\"img/button_kursiv.png\",\"Formatiert Text kursiv\",\"//\",\"//\",\"Kursiver Text\",\"k\");\r\n\t\t\t\t\twriteButton(\"img/button_unterstrichen.png\",\"Unterstreicht den Text\",\"__\",\"__\",\"Unterstrichener Text\",\"u\");\r\n\t\t\t\t\twriteButton(\"img/button_ueberschrift.png\",\"Markiert den Text als Überschrift\",\"==== \",\" ====\",\"Überschrift\",\"h\");\r\n\t\t\t\t</script><br />\r\n\t\t\t\t<textarea id=\"editor\" class=\"edit\" name=\"pageText\">{$page_text}</textarea>\r\n\t\t\t\t<script type=\"text/javascript\" language=\"javascript\">\r\n\t\t\t\t\tdocument.write('<div style=\"float:right;\">');\r\n\t\t\t\t\tdocument.write('<img onclick=\"resizeBox(-5)\" title=\"Eingabefeld verkleinern\" alt=\"Eingabefeld verkleinern\" class=\"resize\" src=\"img/up.png\" /> ');\r\n\t\t\t\t\tdocument.write('<img onclick=\"resizeBox(5)\" title=\"Eingabefeld vergrößern\" alt=\"Eingabefeld vergrößern\" class=\"resize\" src=\"img/down.png\" /><br />');\r\n\t\t\t\t\tdocument.write('</div>');\t\r\n\t\t\t\t</script>\r\n\t\t\t\t{$admin_lang['comment_on_change']}: <input name=\"pageEditComment\" style=\"width:20em;\" value=\"" . ($count == 0 ? $page_data->page_edit_comment : (is_numeric($change) ? sprintf($admin_lang['edited_from_version'], $change) : $page_edit_comment)) . "\" maxlength=\"100\" type=\"text\"/><br />\r\n\t\t\t\t<input type=\"submit\" value=\"Speichern\" class=\"button\" />\r\n\t\t\t\t<input type=\"submit\" value=\"Vorschau\" name=\"pagePreview\" class=\"button\" />\r\n\t\t\t\t<input type=\"submit\" value=\"Abbrechen\" name=\"pageAbort\" class=\"button\"/>\r\n\t\t\t</form></fieldset>\r\n";
if ($show_preview) {
$page_text = TextActions::ConvertToPreHTML($page_text);
$out .= "<fieldset>\r\n\t\t\t\t\t\t<legend>Vorschau</legend>\r\n\t\t\t\t\t\t<iframe class=\"pagepreview\" src=\"index.php?content=" . urlencode($page_text) . "\"></iframe>\r\n\t\t\t\t\t</fieldset>";
}
}
return $out;
}
# (at your option) any later version.
#----------------------------------------------------------------------
/*
* Usage:
* download.php?file_id=$[id_of the_file]
* Example:
* download.php?file_id=14
*/
/**
* @ignore
*/
define('COMACMS_RUN', true);
// Do the things which are necessary
include 'common.php';
// Load the file_id for the file which should be downloaded
$file_id = GetPostOrGet('file_id');
// Is it a numeric ID?
if (is_numeric($file_id)) {
// It is possible that this is a real file_id
// Look up in the database
$sql = "SELECT *\r\n\t\t\tFROM " . DB_PREFIX . "files\r\n\t\t\tWHERE file_id = {$file_id}\r\n\t\t\tLIMIT 0,1";
$file_result = db_result($sql);
if ($file = mysql_fetch_object($file_result)) {
// We have found a file in the database
if (!file_exists($file->file_path)) {
// Check: exists the file also on the server?
// Show error page "download not found"
header('Location: special.php?page=d404');
die;
}
// Increment the downloads-count of the file
/**
* @access private
* @return string
*/
function _SavePage()
{
// Load the main-preferences file
$this->_Preferences->Load('system/settings.php');
// Load the preferences files of the modules (if there are some)
// get the activated modules
$modulesActivated = unserialize($this->_Config->Get('modules_activated'));
// some data aviailable?
if (is_array($modulesActivated)) {
if (count($modulesActivated) >= 0) {
foreach ($modulesActivated as $moduleName) {
$settingsFile = "modules/{$moduleName}/{$moduleName}_settings.php";
if (file_exists($settingsFile)) {
// Load the config file of this module
$this->_Preferences->Load($settingsFile);
}
}
}
}
if (count($this->_Preferences->Settings) <= 0) {
return $this->GetPage('');
}
// Go through all preferences entries
foreach ($this->_Preferences->Settings as $settings) {
foreach ($settings as $setting) {
$settingValue = GetPostOrGet('setting_' . $setting['name']);
//TODO : value-type-check!!
if (!empty($settingValue) || is_numeric($settingValue) && $settingValue == 0 || $setting['datatype'] == 'string0') {
$currentValue = $this->_Config->Get($setting['name']);
// Check if something has changed
if ($currentValue != $settingValue) {
// TODO: check the data before saving
$this->_Config->Save($setting['name'], $settingValue);
}
}
}
}
// Show the 'main-view'
return $this->GetPage('');
}