function usr()
{
if (!isset($this->Usr)) {
$this->Usr = Usr($this->usr_id);
}
return $this->Usr;
}
static function rememberLogin($do)
{
if (Usr()->is()) {
$E = D()->client_usr->Entry(array('usr_id' => Usr(), 'client_id' => Client()));
$E->save_login = (int) $do;
}
}
static function allUpdate()
{
if (!Usr()->superuser) {
return false;
}
qgEntry_module::updateAuto();
return 1;
}
static function setFront($t, $f, $v)
{
if (!Usr()->superuser) {
return false;
}
D()->query("UPDATE qg_db_field SET dbm_front = " . (int) $v . " WHERE tab='" . $t . "' AND name='" . $f . "' ");
return true;
}
static function login($email, $pw)
{
$vs = D()->row("SELECT * FROM usr WHERE email = " . D()->quote(trim($email)));
$Usr = Usr($vs);
if (!$Usr->active) {
return 0;
}
if ($Usr->pw === md5($pw)) {
Auth::login($Usr);
return 1;
}
return 0;
}
static function init()
{
!isset($_SESSION) && session_start();
if (self::$maxpause && isset($_SESSION['qgLastAccessTime']) && $_SESSION['qgLastAccessTime'] + self::$maxpause < time()) {
$_SESSION = array();
}
$_SESSION['qgLastAccessTime'] = time();
liveClient::init();
Auth::listen();
if (!isset($_SESSION['liveSess'])) {
$_SESSION['liveSess'] = D()->sess->insert(array('ip' => $_SERVER['REMOTE_ADDR'], 'usr_id' => Usr(), 'client_id' => liveClient::$id, 'time' => time()));
}
self::$id = $_SESSION['liveSess'];
}
public static function init()
{
self::$now = $old_lang = Usr()->lang;
if (isset($_GET['changeLanguage'])) {
self::$now = $_GET['changeLanguage'];
} elseif (preg_match('/^([a-z][a-z])\\//', appRequestUri, $match)) {
self::$now = $match[1];
}
if (!isset(self::$all[self::$now])) {
self::$now = '';
}
if (self::$now === '') {
self::$now = self::frombrowser();
}
if ($old_lang !== self::$now) {
if (Usr()->is()) {
D()->usr->Entry(Usr())->lang = self::$now;
}
}
}
public static function init()
{
self::$now = Usr()->is() ? Usr()->lang : (isset($_SESSION['qg']['lang']) ? $_SESSION['qg']['lang'] : self::$def);
if (isset($_GET['changeLanguage'])) {
self::$now = $_GET['changeLanguage'];
} elseif (preg_match('/^([a-z][a-z])\\//', appRequestUri, $match)) {
self::$now = $match[1];
}
if (!isset(self::$all[self::$now])) {
self::$now = '';
}
if (self::$now === '') {
self::$now = self::frombrowser();
}
if (Usr()->is()) {
Usr()->lang = self::$now;
} else {
$_SESSION['qg']['lang'] = self::$now;
}
}
$T = $Cont->text($id . '_desc');
echo '<div ' . ($Cont->edit ? 'contenteditable cmstxt=' . $T->id : '') . '>' . $T . '</div>';
break;
case 'email':
echo '<input value="' . $value . '" type=email class=input id="l' . $id . '" name="' . $id . '"' . $required . '>';
break;
case 'url':
echo '<input value="' . $value . '" type=url class=input id="l' . $id . '" name="' . $id . '"' . $required . '>';
break;
default:
echo '<input value="' . $value . '" type=text class=input id="l' . $id . '" name="' . $id . '"' . $required . '>';
}
}
?>
<?php
if ($Cont->SET['captcha']->v && !Usr()->is()) {
?>
<tr>
<td> <?php
echo $Ticket->captchaImage();
?>
<td> <?php
echo $Ticket->captchaInput();
?>
<?php
}
?>
<tr>
<td>
<td>
<?php
<?php
namespace qg;
if (!Usr()->superuser) {
return false;
/* show default settings */
}
$file = realpath(appPATH . 'qg/cmsPhpFiles/' . $Cont . '.php');
$_SESSION['fileEditor']['allow'][$file] = 1;
$src = appURL . 'editor?file=' . urldecode($file);
?>
<a style="color:inherit; position:absolute; right: -1px; top: 50px; z-index:1;" target=_blank href="<?php
echo $src;
?>
">
<button style="padding:10px 12px">open</button>
</a>
<div style="height:500px;">
<iframe id="<?php
echo $i = i();
?>
" src="<?php
echo $src;
?>
" style="position:absolute; top:0; left:0; right:0; bottom:0; min-height:120px; width:100%; height:100%; border:0"></iframe>
<script>
!function(){
var iframe = document.getElementById('<?php
echo $i;
?>
<?php
if (isset(G()->loginError)) {
switch (G()->loginError) {
case 'username':
case 'inactive':
case 'password':
?>
<div class=loginErrot>Ihr Loginversuch ist fehlgeschlagen</div>
<?php
}
}
?>
<?php
if (!Usr()->is()) {
?>
<?php
$i = 0;
foreach (Client()->Usrs() as $ClientUsr) {
?>
<?php
if ($Cont->SET['history']->v < ++$i) {
break;
}
$Usr = $ClientUsr->Usr();
?>
<form method=post action="">
<?php
static function setField($t, $e, $f, $v)
{
if (!Usr()->superuser) {
return false;
}
D()->{$t}->Entry($e)->{$f} = $v;
return 'zzz_deparced';
}
<?php
require_once 'cms.backend.superuser.db/lib.php';
$t = $vars['table'];
$T = D()->{$t};
$SET_T = $Cont->SET['table'][(string) $T];
//$sqlAccess = $T->accessSql();
$sqlAccess = (int) Usr()->superuser;
$where = "\t" . $sqlAccess . " > 0 ";
if (isset($vars['find'])) {
$where .= "\tAND " . $T->find($vars['find'], 1);
}
$ShowFs = array();
foreach ($T->Fields() as $F) {
if (!$SET_T['field'][(string) $F]['show']->v) {
continue;
}
$ShowFs[] = $F;
}
if (isset($vars['search']) && $vars['search']) {
$h = sqlSearchHelper($vars['search'], $ShowFs);
$where .= ' AND ' . $h['where'];
}
$perPage = 10;
$num = D()->one("SELECT count(*) FROM " . $T . " WHERE " . $where);
$numPages = ceil($num / $perPage);
$page = isset($vars['page']) ? (int) $vars['page'] : 1;
$page = min($numPages, $page);
$page = max(1, $page);
$sql = "SELECT *, \t\t\t\t\t\t\t\t\t\t\t" . "\t" . $sqlAccess . " as _access\t\t\t\t\t\t" . "FROM \t\t\t\t\t\t\t\t\t\t\t\t" . "\t" . $T . " \t\t\t\t\t\t\t\t\t\t\t" . "WHERE\t\t\t\t\t\t\t\t\t\t\t\t" . "\t" . $where . " \t\t\t\t\t\t\t\t\t" . (isset($h['order']) ? "ORDER BY " . $h['order'] . "\t\t\t\t\t\t\t" : '') . "LIMIT " . ($page - 1) * $perPage . ", " . $perPage . " " . "";
$res = D()->query($sql);
continue;
}
$Ls[$vs['id']] = D()->log->Entry($vs['log_id_ch']);
}
?>
<table style="width:100%" class=noWrap>
<?php
foreach ($Ls as $pid => $L) {
?>
<tr>
<td>
<?php
echo qgCms_link($pid);
?>
<td style="width:160px; color:<?php
echo Usr()->id == $L->sess()->usr()->id ? 'red' : '';
?>
" title="<?php
echo hee($L->sess()->usr()->firstname . ' ' . $L->sess()->usr()->lastname);
?>
">
<?php
echo $L->sess()->usr()->email;
?>
<?php
$d = strftime('%d', $L->time);
$m = strftime('%m', $L->time);
$Y = strftime('%Y', $L->time);
$H = strftime('%H', $L->time);
$M = strftime('%M', $L->time);
$nd = strftime('%d');
function fromXmlNode($node)
{
if (!$node) {
return;
}
if ($node['module']) {
$access = D()->one("SELECT access FROM module WHERE name = " . D()->quote($node['module']));
if ($access || Usr()->superuser) {
$this->setModule($node['module']);
}
}
if ($node['visible']) {
$this->setVisible((int) $node['visible']);
}
if ($node['offline']) {
$this->onlineEnd((int) $node['offline']);
}
if ($node['public']) {
$this->setPublic((int) (bool) $node['public']);
}
if ($node['class']) {
foreach (explode(' ', $node['class']) as $class) {
$this->addClass($class);
}
}
$posCounter = 1;
foreach ($node->children() as $name => $part) {
switch ($name) {
case 'cont':
$pos = isset($part['pos']) ? (string) $part['pos'] : $posCounter++;
$Cont = $this->Cont($pos);
$Cont->fromXmlNode($part);
break;
case 'page':
$Cont = $this->createChild();
$Cont->fromXmlNode($part);
break;
case 'title':
foreach ($part->attributes() as $lang => $title) {
isset(L::$all[$lang]) && $this->title()->get($lang)->set($title);
}
break;
}
}
}
function fromXmlNode($node)
{
if (!$node) {
return;
}
foreach ($node->attributes() as $name => $value) {
if ($name === 'pos') {
// deprecated
trigger_error('Unterseiten definition "' . $name . '" is deprecated! use name=...');
$name = 'name';
}
if ($name === 'offline') {
// deprecated
trigger_error('Unterseiten definition "' . $name . '" is deprecated! use online_end=...');
$name = 'online_end';
}
isset(L::$all[$name]) && $this->Title()->get($name)->set($value);
switch ($name) {
case 'module':
if (!Usr()->superuser && !D()->one("SELECT access FROM module WHERE name = " . D()->quote($value))) {
break;
}
case 'online_end':
case 'online_start':
case 'visible':
case 'public':
// todo: public="0" not working??
// todo: public="0" not working??
case 'name':
$this->set(array($name => $value));
break;
case 'class':
foreach (explode(' ', $node['class']) as $class) {
$this->addClass($class);
}
}
}
foreach ($node->children() as $name => $part) {
switch ($name) {
case 'cont':
$Cont = $this->createCont();
break;
case 'page':
$Cont = $this->createChild();
break;
}
$Cont->fromXmlNode($part);
}
}
}
$T = $Cont->Text('login failed');
!(string) $T && $T->set('Ihr Loginversuch ist fehlgeschlagen');
if (isset(G()->loginError)) {
switch (G()->loginError) {
case 'username':
case 'inactive':
case 'password':
?>
<div class="loginError"><?php
echo $T;
?>
</div><?php
}
}
if (!Usr()->is() || $Cont->edit) {
?>
<?php
$i = 0;
foreach (Client()->Usrs() as $ClientUsr) {
if ($Cont->SET['history']->v < ++$i) {
break;
}
$Usr = $ClientUsr->Usr();
?>
<form method=post>
<?php
if ($Cont->SET['saveLogin']->v) {
?>
<input name=save_login type=checkbox value=1 <?php
// use 'render' ? would be .5 miliseconds slower :(
liveSess::$maxpause = G()->SET['qg']['session']['maxpause']->v;
liveSess::init();
G()->win = isset(G()->ASK['rTicket']) ? G()->ASK['rTicket'] : (isset($_GET['rTicket']) ? $_GET['rTicket'] : null);
if (G()->win && !rTicket::check(G()->win)) {
Answer(array('info' => 'rTicket nicht gültig'));
}
if (!G()->win) {
G()->win = rTicket::get();
}
L::init();
liveLog::init();
// todo: country from ip?
$l_country = 'ch';
if (Usr()->is()) {
$values = Usr()->getVs();
if (isset($values['country']) && $values['country']) {
$l_country = $values['country'];
}
}
$winCountryTranslate = array('ch' => 's', 'at' => 'a', 'de' => 'u', 'it' => 'a', 'fr' => 'a', 'pl' => 'k');
setLocale(LC_ALL, L() . '_' . strtoupper($l_country) . '.utf8', L() . $winCountryTranslate[strtolower($l_country)], L());
if (strpos(appRequestUri, 'dbFile/') === 0) {
$request = substr(appRequestUri, 7);
dbFile::output($request);
}
File::uploadListener();
if (isset($_GET['qgha'])) {
$ok = hashAction::fire($_GET['qgha']);
}
if (isset(G()->ASK['serverInterface'])) {
<br>
<br>
<h2>Dokumentation</h2>
<ul>
<li>
<a href="http://manual.content-manager.ch/de/schnelleinstieg/" target="_blank">zur Anleitung</a>
<li>
<a href="http://demo.content-manager.ch/de/home/" target="_blank">demo Umgebung</a>
</ul>
<?php
if (isset($param['msg'])) {
$arr = array('Message:' => $param['msg'], 'Link' => $param['link'], 'Browser' => $_SERVER['HTTP_USER_AGENT'], 'E-Mail:' => Usr()->email, 'Firstname' => Usr()->firstname, 'Lastname' => Usr()->lastname);
$Mail = D()->mail->Entry();
$Mail->subject = 'shwups-CMS feedback';
$Mail->sender = Usr()->email;
$Mail->sendername = Usr()->firstname . ' ' . Usr()->lastname;
$Mail->html = array2formatedStr($arr);
$Mail->addTo('*****@*****.**');
$Mail->send();
G()->SET['cms']['cached_feedback_text']->setUser('');
echo '<br><i style="color:#c44">Danke für Ihr Feedback. <br>Wir werden uns so schnell wie möglich darum kümmern!</i><br><br>';
}
?>
<br>
<h2>Support Anfrage:</h2>
<form id="cmsFeedbackForm" onsubmit="cms.panel.tabs.show('help'); return false;">
<textarea name="msg" required style="width:100%; height:200px"><?php
echo G()->SET['cms']->make('cached_feedback_text', 'Bitte schauen Sie sich diese Seite an...')->custom()->v;
?>
</textarea>
static function setPublic($pid, $v)
{
if (!self::checkRight(3)) {
return false;
}
Page($pid)->setPublic($v);
Page($pid)->changeUser(Usr(), 3);
G()->Answer = array('cmsInfo' => L('Recht geändert'));
return (bool) $v;
}
<?php
qg::on('action', function () {
if (strpos(appRequestUri, 'editor/') === 0 && isset($_GET['file'])) {
/* wird bereits geprüft zzz
if (!isset($_GET['file'])) {
echo 'no file'; exit();
}
*/
$file = urldecode($_GET['file']);
if (!isset($_SESSION['fileEditor']['allow'][$file]) && !Usr()->superuser) {
echo 'no access';
exit;
}
!is_dir(dirname($file)) && mkdir(dirname($file));
!is_file($file) && touch($file);
if ($ask = G()->ASK) {
$done = 0;
if (isset($ask['save']) && is_file($file)) {
copy($file, appPATH . 'cache/tmp/pri/fileEditorBackup_' . urlencode($file) . '_' . date('dmYhi'));
if (file_put_contents($file, $ask['save']) && is_writable($file)) {
$done = 1;
}
}
Answer($done);
}
globalTemplate(sysPATH . 'fileEditor/view/html-template.php');
include sysPATH . 'fileEditor/view/codemirror.php';
exit;
}
});
Page = <?php
echo $Cont;
?>
;
document.addEventListener('keydown', function(e) {
if (e.target.isContentEditable || e.target.form !== undefined) return;
if (e.shiftKey || e.metaKey || e.altKey || e.ctrlKey) return;
switch (e.which) {
case 69: //e
location.href = '<?php
echo Url()->addParam('qgCms_editmode', $cmsSET['editmode']->v ? 0 : 1, false);
?>
';
break;
<?php
if (Usr()->superuser) {
?>
case 68: //d
location.href = '<?php
echo Url()->addParam('debugmode', debug ? 0 : 1, false);
?>
';
break;
<?php
}
?>
case 66: //b
<?php
$BPage = $Cont->in(83) ? Page(2) : Page($cmsSET['backend']['lastpage']->v);
$url = $BPage->url();
if ($BPage->access()) {
static function searchUsr($s, $opts = array())
{
$d = debug_backtrace();
$d = $d[0];
trigger_error('deprecated searchUsr ' . $d['file'] . ' :' . $d['line']);
$Grps = Usr()->grps();
$sh = sqlSearchHelper($s, array('id', 'lastname', 'firstname', 'email', 'city'));
$sql = " SELECT \t\t\t\t\t\t\t\t" . "\tid, email, firstname, lastname\t\t" . " FROM \t\t\t\t\t\t\t\t\t" . "\tusr\t\t\t\t\t\t\t\t\t" . " WHERE " . $sh['where'] . "\t\t\t\t" . (isset($opts['grp']) ? "\tAND id IN( SELECT usr_id FROM usr_grp WHERE grp_id = " . (int) $opts['grp'] . " )" : '') . " \tAND \t\t\t\t\t\t\t\t" . "\t( \t\t\t\t\t\t\t\t\t" . "\t\tid IN( SELECT usr_id FROM usr_grp WHERE grp_id IN(" . implode(',', $Grps) . ") )\t " . "\t)\t\t\t\t\t\t\t\t\t" . " ORDER BY " . $sh['order'] . "\t\t\t\t" . "";
$res = array();
$i = 0;
foreach (D()->query($sql) as $vs) {
if ($i++ > 10) {
break;
}
$File = Usr($vs['id'])->Image;
$imgSrc = @$File->url() . '/w-32/h-32/img.jpg';
$res[$vs['id']]['html'] = '<img src="' . $imgSrc . '" style="float:left; display:block; margin-right:3px">' . '<b>' . $vs['firstname'] . ' ' . $vs['lastname'] . '</b><br>' . '<i>' . $vs['email'] . '</i></div>';
$res[$vs['id']]['text'] = $vs['firstname'] . ' ' . $vs['lastname'];
$res[$vs['id']]['value'] = $vs['id'];
}
return $res;
}
static function onBefore()
{
if (!Usr()->superuser) {
return false;
}
}
<?php
namespace qg;
?>
<div id="qgCmsUserProfile">
<h2><?php
echo L('Benutzer wechseln');
?>
</h2>
<?php
foreach (Client()->Usrs() as $ClientUsr) {
?>
<?php
if ($ClientUsr->usr_id == Usr()->id) {
continue;
}
?>
<form method="post">
<table>
<tr>
<td style="width:20px" title="<?php
echo L('eingeloggt bleiben');
?>
">
<input name="save_login" type=checkbox value=1 <?php
echo $ClientUsr->save_login ? 'checked' : '';
?>
>
<td style="width:40%">
" style="background-image:url(<?php
echo sysURL;
?>
cms/pub/css/pix/backend.png)">
<?php
echo L('zum Backend');
?>
<span>[B]</span>
</a>
<li>
<a show=login style="background-image:url(<?php
echo sysURL;
?>
cms/pub/css/pix/users.png)">
<?php
echo hee(Usr()->firstname . ' ' . Usr()->lastname);
?>
</a>
<li>
<a show=help style="background-image:url(<?php
echo sysURL;
?>
cms/pub/css/pix/help.png)">
<?php
echo L('Hilfe');
?>
</a>
<li>
<a href="<?php
echo Url()->addParam('liveUser_logout', 1);
?>
<?php
namespace qg;
$useLayouts = $Cont->vs['type'] === 'p';
$modules = $useLayouts ? cms::getLayouts() : cms::getModules();
?>
<div id=qgCMSModuleChange>
<?php
foreach ($modules as $name => $path) {
?>
<?php
$vs = D()->row("SELECT * FROM module WHERE name = '" . $name . "'");
if (!$vs['access'] && !Usr()->superuser) {
continue;
}
$text = is_file($path . 'description.txt') ? file_get_contents($path . 'description.txt') : '';
$img = is_file($path . '/preview.png') ? 'background-image:url(' . appURL . 'view/module/' . $name . '/preview.png);' : '';
?>
<div style="cursor:pointer" name="<?php
echo $name;
?>
" class="cmsListItem <?php
echo $Cont->vs['module'] === $name ? 'active' : '';
?>
">
<?php
if (is_file($path . 'pub/64.png')) {
?>
<img src="<?php
echo path2uri($path);
//if ($element['type']->v==='description' || !isset($_POST[$id])) { continue; }
if ($element['type']->v === 'description') {
$_POST[$id] = strip_tags($Cont->text($id . '_desc'));
}
if (!isset($_POST[$id])) {
continue;
}
$field = $element['alias']->v ? $element['alias']->v : $id;
$vs[$field] = $_POST[$id];
if (!$T->{$field}) {
$F = $T->addField($field);
$F->setTyp('TEXT');
}
}
if (Usr()->is()) {
$old = D()->one('SELECT log_id FROM ' . $table . ' WHERE usr_id = ' . Usr());
} else {
$old = D()->one('SELECT log_id FROM ' . $table . ' WHERE sess_id = ' . (int) liveSess::$id);
}
if ($Cont->SET['oneEntryPerSession']->v && $old) {
$T->update($old, $vs);
} else {
$T->insert($vs);
}
}
// redirect
if ($Cont->SET['redirect']->v) {
$link = $Cont->SET['redirect']->v;
$Page = null;
$redirect = is_numeric(trim($link)) ? $_SERVER['SCHEME'] . '://' . $_SERVER['HTTP_HOST'] . Page($link)->url() : $link;
header('Location: ' . $redirect);
<?php
namespace qg;
$sql = "SELECT log.* FROM log, sess WHERE log.sess_id = sess.id AND log.page_id AND sess.usr_id = " . Usr() . " ORDER BY log.id DESC LIMIT 1,30";
?>
<table style="width:100%">
<?php
foreach (D()->query($sql) as $vs) {
$L = D()->log->Entry($vs['id']);
?>
<tr>
<td>
<?php
echo cms_link($vs['page_id']);
?>
<?php
$d = strftime('%d', $L->time);
$m = strftime('%m', $L->time);
$Y = strftime('%Y', $L->time);
$H = strftime('%H', $L->time);
$M = strftime('%M', $L->time);
$nd = strftime('%d');
$nm = strftime('%m');
$nY = strftime('%Y');
$nH = strftime('%H');
$nM = strftime('%M');
?>
<td>
<span style="color:<?php
echo $d === $nd ? 'red' : '';
<div class="cmsAddModule">
<?php
foreach (cms::getModules() as $name => $path) {
?>
<?php
$vs = D()->row("SELECT * FROM module WHERE name = '" . $name . "'");
if (!$vs['access'] and !Usr()->superuser) {
continue;
}
if ($name === 'cms.cont.flexible') {
continue;
}
?>
<div id="addMocule_<?php
echo $name;
?>
" class="cmsListItem" >
<?php
if (is_file($path . 'pub/64.png')) {
?>
<img src="<?php
echo path2uri($path);
?>
pub/64.png" style="float:left; display:block" alt="" />
<?php
} else {
?>
<img src="<?php
echo sysURL;
