function con_edit_save_content($idsidelang, $container, $number, $idtype, $typenumber, $value)
{
global $db, $auth, $cms_db, $lang, $cfg_client, $cfg_client;
$author = $auth->auth['uid'];
// strip trailingslashes if they occur in internal links
$value = preg_replace('#cms://(idcatside|idcat)=(\\d+)/#U', 'cms://\\1=\\2', $value);
set_magic_quotes_gpc($value);
// Eintrag in die 'con_content'-Tabelle
$sql = "SELECT value FROM {$cms_db['content']} WHERE idsidelang='{$idsidelang}' AND container='{$container}' AND number='{$number}' AND idtype='{$idtype}' AND typenumber='{$typenumber}'";
$db->query($sql);
// Steht schon Content in der Datenbank?
if ($db->next_record()) {
// hat sich was geändert?
if (addslashes($db->f('value')) != $value) {
// interne Bildpfade relativ machen
$in = array("!href=(\\\\)?[\"\\']" . $cfg_client['htmlpath'] . "([^\"\\'\\\\]*)(\\\\)?[\"\\']!i", "!src=(\\\\)?[\"\\']" . $cfg_client['htmlpath'] . "([^\"\\'\\\\]*)(\\\\)?[\"\\']!i");
$out = array("href=\\1\"\\2\\3\"", "src=\\1\"\\2\\3\"");
$value = preg_replace($in, $out, $value);
// wurde überhaupt was eingegeben?
if ($value != '') {
$sql = "UPDATE {$cms_db['content']} SET value='{$value}', author='{$author}', lastmodified='" . time() . "' WHERE idsidelang='{$idsidelang}' AND container='{$container}' AND number='{$number}' AND idtype='{$idtype}' AND typenumber='{$typenumber}'";
$db->query($sql);
$change = 'true';
} else {
$sql = "DELETE FROM " . $cms_db['content'] . " WHERE idsidelang='{$idsidelang}' AND container='{$container}' AND number='{$number}' AND idtype='{$idtype}' AND typenumber='{$typenumber}'";
$db->query($sql);
$change = 'true';
}
}
} else {
if ($value != '') {
// neuer Eintrag?
$sql = "INSERT INTO {$cms_db['content']} (idsidelang, container, number, idtype, typenumber, value, author, created, lastmodified) VALUES('{$idsidelang}', '{$container}', '{$number}', '{$idtype}', '{$typenumber}', '{$value}', '{$author}', '" . time() . "', '" . time() . "')";
$db->query($sql);
$change = 'true';
}
}
if ($change) {
// Änderungsdatum aktualisieren
$sql = "UPDATE {$cms_db['side_lang']} SET lastmodified='" . time() . "', author='{$author}' WHERE idsidelang='{$idsidelang}'";
$db->query($sql);
// Seitenkopien suchen
$sql = "SELECT idcatside FROM {$cms_db['side_lang']} A LEFT JOIN {$cms_db['cat_side']} B USING(idside) WHERE A.idsidelang='{$idsidelang}'";
$db->query($sql);
while ($db->next_record()) {
$list[] = $db->f('idcatside');
}
// Status der Seite auf geändert stellen
change_code_status($list, '1', 'idcatside');
unset($change);
}
}
function con_config_side_save($idcat, $idside, $idtpl, $idtplconf, $idsidelang, $idcatside, $idcatnew, $author, $title, $meta_keywords, $summary, $online, $user_protected, $view, $created, $lastmodified, $startdate, $starttime, $enddate, $endtime, $meta_author, $meta_description, $meta_robots, $meta_redirect_time, $meta_redirect, $meta_redirect_url, $rewrite_use_automatic, $rewrite_url, $idlay, $use_redirect = true)
{
global $db, $client, $sess, $perm, $lang, $cms_db, $cfg_client, $cms_lang, $val_ct;
global $idcatside, $idside;
if (!(is_numeric($idtpl) || is_int($idtpl))) {
return;
}
if (!(is_numeric($idtplconf) || is_int($idtplconf))) {
return;
}
if (empty($title)) {
$title = $cms_lang['con_defaulttitle'];
}
$rewrite_use_automatic = $rewrite_use_automatic > 0 ? 1 : 0;
rewriteGenerateMapping();
if ($rewrite_use_automatic) {
$rewrite_url = rewriteGenerateUrlString($title);
$rewrite_url = rewriteMakeUniqueStringForLang('idcatside', $idcatside, $rewrite_url);
} else {
$rewrite_url = rewriteGenerateUrlString($rewrite_url, true);
}
// idcatside für rechte
$idcatside_for_rights = $idcatside;
$idcat_for_rights = $idcat;
if (!is_array($idcatnew)) {
$idcatnew['0'] = $idcat;
}
$start = createDate($startdate, $starttime);
$end = createDate($enddate, $endtime);
$meta_redirect = $meta_redirect == '1' ? '1' : '0';
$meta_redirect_url = $meta_redirect_url == 'http://' || $meta_redirect_url == '' ? '' : $meta_redirect_url;
set_magic_quotes_gpc($title);
set_magic_quotes_gpc($summary);
set_magic_quotes_gpc($meta_author);
set_magic_quotes_gpc($meta_description);
set_magic_quotes_gpc($meta_keywords);
set_magic_quotes_gpc($meta_robots);
set_magic_quotes_gpc($meta_redirect_url);
if (empty($idside)) {
//echo "new page";exit;
// Seite erstellen
$sql = "INSERT INTO {$cms_db['side']} (idclient) VALUES ('{$client}')";
$db->query($sql);
// neue idside suchen
$idside = mysql_insert_id();
// Seite in alle Ordner einfügen
foreach ($idcatnew as $value) {
//sortindex suchen
$sql = "SELECT MAX(sortindex) AS sortindex FROM " . $cms_db['cat_side'] . " WHERE idcat='{$value}'";
$db->query($sql);
if ($db->next_record()) {
$sortindex = $db->f('sortindex') + 1;
} else {
$sortindex = 1;
}
$sql = "SELECT * FROM {$cms_db['cat_side']} WHERE idcat='{$value}' AND is_start='1'";
$db->query($sql);
$is_start = $db->next_record() ? '0' : '1';
$sql = "INSERT INTO {$cms_db['cat_side']} (idcat, idside, sortindex, is_start) VALUES ('{$value}', '{$idside}', '{$sortindex}', '{$is_start}')";
$db->query($sql);
}
// idcatside suchen
$sql = "SELECT idcatside FROM {$cms_db['cat_side']} WHERE idside='{$idside}'";
$idcatside = array();
getIdList($sql, $idcatside, '', 'idcatside');
// für jede Sprache erstellen
$a_languages = get_languages_by_client($client);
foreach ($a_languages as $tmp_lang) {
if ($tmp_lang == $lang) {
$side_online = $online;
$side_start = $start;
$side_end = $end;
} else {
$side_online = 0;
$side_start = time();
$side_end = time();
}
//TODO Problems to update template in multilang pages
$catobject =& sf_factoryGetObject('PAGE', 'Cat');
$catobject->loadByIdcatIdlang($idcatnew['0'], $tmp_lang);
$cat_is_protected = $catobject->getIsProtected();
if ($cat_is_protected) {
$side_online = $side_online | 0x4;
}
if ($tmp_lang == $lang) {
$tmp_meta_description = $meta_description;
$tmp_meta_keywords = $meta_keywords;
$tmp_meta_robots = $meta_robots;
} else {
$cfg_lang = $val_ct->get_by_group('cfg_lang', $client, $tmp_lang);
$tmp_meta_description = htmlentities($cfg_lang['meta_description'], ENT_COMPAT, 'UTF-8');
$tmp_meta_keywords = htmlentities($cfg_lang['meta_keywords'], ENT_COMPAT, 'UTF-8');
$tmp_meta_robots = htmlentities($cfg_lang['meta_robots'], ENT_COMPAT, 'UTF-8');
}
$sql = 'INSERT INTO ' . $cms_db['side_lang'];
$sql .= ' (idside, idlang, title, meta_keywords, summary, created, lastmodified, author, meta_redirect, meta_redirect_url,';
$sql .= ' user_protected, online, start, end, meta_author, meta_description, meta_robots, meta_redirect_time, rewrite_use_automatic, rewrite_url) ';
$sql .= 'VALUES (';
$sql .= " '{$idside}', '{$tmp_lang}', '{$title}', '{$tmp_meta_keywords}', '{$summary}', '{$created}', '{$lastmodified}', '{$author}', ";
$sql .= " '{$meta_redirect}', '{$meta_redirect_url}', '{$user_protected}', '{$side_online}', '{$side_start}', '{$side_end}', ";
$sql .= " '{$meta_author}', '{$tmp_meta_description}', '{$tmp_meta_robots}', '{$meta_redirect_time}', '{$rewrite_use_automatic}', '{$rewrite_url}')";
$db->query($sql);
}
// idsidelang für die Templateerstellung raussuchen
$sql = "SELECT idsidelang FROM " . $cms_db['side_lang'] . " WHERE idside='{$idside}'";
$tmp_idsidelang = array();
$affectedrows = getIdList($sql, $tmp_idsidelang, '', 'idsidelang');
//print_r($tmp_idsidelang);exit;
// Template erstellen
if ($affectedrows) {
foreach ($tmp_idsidelang as $value) {
con_config_tpl_save($idtpl, $idlay, '', $value, $idtplconf);
}
//exit;
}
// Seite für Frontend erzeugen
if ($cfg_client['publish'] == '1') {
foreach ($a_languages as $tmp_lang) {
$sql = 'INSERT INTO ' . $cms_db['code'] . "(idlang, idcatside, changed) VALUES ('{$tmp_lang}', '" . $idcatside['0'] . "', '1')";
$db->query($sql);
}
}
// Event
fire_event('con_side_new', array('idside' => $idside, 'name' => $title));
// Content aus Cache löschen
sf_factoryCallMethod('UTILS', 'DbCache', null, null, 'flushByGroup', array('frontend', 'content'));
// Danach ins Frontend?
// ermittle redirect-url
if ($view) {
$url_location = $sess->url($cfg_client['htmlpath'] . $cfg_client['contentfile'] . '?lang=' . $lang . '&idcatside=' . $idcatside['0'] . '&view=' . $view);
} else {
$url_location = $sess->url("main.php?area=con_editframe&idcatside=" . $idcatside['0']);
}
$idcatside = $idcatside['0'];
} else {
// handle $online-Angabe
// 0 -> offline setzen
// 1 -> online setzen
// 2 -> zeitsteuerung setzen
switch ((int) $online) {
case 0:
$change_online = 'online & 0xFC';
break;
case 1:
$change_online = '((online & 0xFC) | 0x01)';
break;
case 2:
$change_online = '((online & 0xFC) | 0x02)';
break;
default:
$change_online = '0';
break;
}
// update der 'side_lang' Tabelle
$sql = 'UPDATE ' . $cms_db['side_lang'] . ' ';
$sql .= 'SET';
$sql .= " title='{$title}', meta_keywords='{$meta_keywords}', summary='{$summary}', meta_redirect='{$meta_redirect}', ";
$sql .= " meta_redirect_url='{$meta_redirect_url}', user_protected = '{$user_protected}', online = {$change_online}, start='{$start}', ";
$sql .= " end='{$end}', meta_author='{$meta_author}', meta_description='{$meta_description}', meta_robots='{$meta_robots}', ";
$sql .= " meta_redirect_time = '{$meta_redirect_time}', rewrite_use_automatic = '{$rewrite_use_automatic}', rewrite_url = '{$rewrite_url}' ";
$sql .= 'WHERE idsidelang = ' . $idsidelang;
$db->query($sql);
// in welchem Ordner existiert die Seite?
$sql = 'SELECT idcat FROM ' . $cms_db['cat_side'] . ' WHERE idside = ' . $idside;
$tmp_idcat = array();
getIdList($sql, $tmp_idcat, 'idcat');
if (is_array($tmp_idcat)) {
// Seite in neue Ordner einfügen
foreach ($idcatnew as $value) {
if (!in_array($value, $tmp_idcat)) {
$sql = 'SELECT * FROM ' . $cms_db['cat_side'] . ' WHERE idcat = ' . $value . ' AND is_start = 1';
$db->query($sql);
$is_start = $db->next_record() ? '0' : '1';
//sortindex suchen
$sql = "SELECT MAX(sortindex) AS sortindex FROM " . $cms_db['cat_side'] . " WHERE idcat='{$value}'";
$db->query($sql);
if ($db->next_record()) {
$sortindex = $db->f('sortindex') + 1;
} else {
$sortindex = 1;
}
if ($value == $idcatnew['0'] && !in_array($idcat, $idcatnew)) {
$sql = 'UPDATE ' . $cms_db['cat_side'] . ' ';
$sql .= 'SET';
$sql .= ' idcat = ' . $value . ',';
$sql .= ' sortindex = ' . $sortindex . ',';
$sql .= ' is_start = ' . $is_start . ' ';
$sql .= 'WHERE idcat = ' . $idcat;
$sql .= ' AND idside = ' . $idside;
$db->query($sql);
if (in_array($idcat, $idcatnew)) {
unset($tmp_idcat[$idcat]);
}
//alte kategorie neu sortieren
if (!function_exists('con_reindex_page_sort')) {
include_once 'inc/fnc.con.php';
}
con_reindex_page_sort($idcat);
} else {
//sortindex suchen
$sql = "SELECT MAX(sortindex) AS sortindex FROM " . $cms_db['cat_side'] . " WHERE idcat='{$value}'";
$db->query($sql);
if ($db->next_record()) {
$sortindex = $db->f('sortindex') + 1;
} else {
$sortindex = 1;
}
$sql = 'INSERT INTO ' . $cms_db['cat_side'] . ' ';
$sql .= ' (idcat , idside , is_start, sortindex) ';
$sql .= 'VALUES';
$sql .= " ({$value}, {$idside}, {$is_start}, {$sortindex}) ";
$db->query($sql);
}
}
}
// Seite aus nicht benutzen Ordnern löschen
// jb_todo: rechte löschen??
foreach ($tmp_idcat as $value) {
if (!in_array($value, $idcatnew)) {
// suche alle idcatsides, die nicht mehr existieren
$sql = 'SELECT idcatside FROM ' . $cms_db['cat_side'] . " WHERE idcat='{$value}' AND idside='{$idside}'";
$db->query($sql);
$db->next_record();
// lösche alte 'code' Einträge
$sql = 'DELETE FROM ' . $cms_db['code'] . " WHERE idcatside='" . $db->f('idcatside') . "'";
$db->query($sql);
// lösche alte 'cat_side' Einträge
$sql = 'DELETE FROM ' . $cms_db['cat_side'] . " WHERE idside='{$idside}' AND idcat='{$value}'";
$db->query($sql);
// falls kein Startartikel mehr vorhanden neuen setzen
$sql = 'SELECT * FROM ' . $cms_db['cat_side'] . " WHERE idcat='{$value}' AND is_start='1'";
$db->query($sql);
if (!$db->affected_rows()) {
$sql = 'UPDATE ' . $cms_db['cat_side'] . " SET is_start = '1' WHERE idcat='{$value}' ORDER BY sortindex LIMIT 1";
$db->query($sql);
}
//sortindex neu sortieren
if (!function_exists('con_reindex_page_sort')) {
include_once 'inc/fnc.con.php';
}
con_reindex_page_sort($value);
// jb_todo:
// lösche alte 'tpl_conf' Einträge
// muß noch eingetragen werden
//Event
fire_event('get_unused_idcatside_by_save_side', array('idside' => $idside, 'idcat' => $value, 'idcatside' => $db->f('idcatside')));
}
}
}
// Template konfigurieren
$have_perm_save_configdata = $perm->have_perm(27, 'side', $idcatside_for_rights, $idcat_for_rights);
// if ($idtplconf == '0' && $idtpl != '0') {
// $sql = 'SELECT idsidelang FROM ' . $cms_db['side_lang'] . " WHERE idside = $idside";
// $tmp_idsidelang = array();
// $affected_rows = getIdList($sql, $tmp_idsidelang, '', 'idsidelang');
// //print_r($tmp_idsidelang);exit;
//
// // Template erstellen
// if ($affected_rows) {
// foreach ($tmp_idsidelang as $value) {
// con_config_tpl_save($idtpl, $idlay, '', $value, $idtplconf, $have_perm_save_configdata);
// }
// }
// }
// else {
con_config_tpl_save($idtpl, $idlay, '', $idsidelang, $idtplconf, $have_perm_save_configdata);
// }
// Rechte setzen
if ($perm->have_perm(22, 'side', $idcatside_for_rights, $idcat_for_rights)) {
global $backend_cms_gruppenids, $backend_cms_gruppenrechte, $backend_cms_gruppenrechtegeerbt, $backend_cms_gruppenrechteueberschreiben;
$perm->set_group_rights('side', $idcatside_for_rights, $backend_cms_gruppenids, $backend_cms_gruppenrechte, $backend_cms_gruppenrechtegeerbt, $backend_cms_gruppenrechteueberschreiben, '', 0x7ffd0000, $idcat_for_rights, 0x7ffd0000);
}
if ($perm->have_perm(14, 'cat', $idcat_for_rights)) {
global $frontend_cms_gruppenids, $frontend_cms_gruppenrechte, $frontend_cms_gruppenrechtegeerbt, $frontend_cms_gruppenrechteueberschreiben;
$perm->set_group_rights('frontendpage', $idcatside_for_rights, $frontend_cms_gruppenids, $frontend_cms_gruppenrechte, $frontend_cms_gruppenrechtegeerbt, $frontend_cms_gruppenrechteueberschreiben, '', 68719476735.0, $idcat_for_rights, 4294967295.0);
}
// Codestatus ändern
change_code_status($idcatside_for_rights, 1, 'idcatside');
// Event
fire_event('con_side_edit', array('idside' => $idside, 'name' => $title));
// Content aus Cache löschen
sf_factoryCallMethod('UTILS', 'DbCache', null, null, 'flushByGroup', array('frontend', 'content'));
// ermittle redirect-url
if ($view) {
$url_location = $sess->url($cfg_client['htmlpath'] . $cfg_client['contentfile'] . '?lang=' . $lang . '&idcatside=' . $idcatside . '&view=' . $view);
} else {
$url_location = $sess->url('main.php?area=con');
}
}
// Cache-Group Frontend löschen
sf_factoryCallMethod('UTILS', 'DbCache', null, null, 'flushByGroup', array('frontend'));
if ($use_redirect) {
redirect_page($url_location);
}
}
function auth_validatelogin()
{
global $challengefail, $challenge, $doublelogin, $username, $password, $cms_db, $sess;
$sf_user =& sf_factoryGetObject('ADMINISTRATION', 'User');
$sf_user->setUpdateLastmodifiedMeta(false);
$sf_user->loadByUsernamePassword($username, $password, true);
unset($sf_user);
if (isset($username)) {
$this->auth['uname'] = trim($username);
} elseif ($this->nobody) {
$uid = $this->auth['uname'] = $this->auth['uid'] = 'nobody';
return $uid;
}
if (isset($challenge)) {
if (!$sess->challenge_me($challenge)) {
$challengefail = true;
// Event
fire_event('login_challenge_fail', array('username' => $username, 'password' => $password, 'challenge' => $challenge));
return false;
}
}
// User aus der Datenbank suchen
set_magic_quotes_gpc($username);
$this->db->query("\n SELECT DISTINCT salutation,\n\t\t\t\t\tstreet,\n\t\t\t\t\tstreet_alt,\n\t\t\t\t\tzip,\n\t\t\t\t\tlocation,\n\t\t\t\t\tstate,\n\t\t\t\t\tcountry,\n\t\t\t\t\tphone,\n\t\t\t\t\tfax,\n\t\t\t\t\tmobile,\n\t\t\t\t\tpager,\n\t\t\t\t\thomepage,\n\t\t\t\t\tbirthday,\n\t\t\t\t\tfirm,\n\t\t\t\t\tposition,\n\t\t\t\t\tfirm_street,\n\t\t\t\t\tfirm_street_alt,\n\t\t\t\t\tfirm_zip,\n\t\t\t\t\tfirm_location,\n\t\t\t\t\tfirm_state,\n\t\t\t\t\tfirm_country,\n\t\t\t\t\tfirm_email,\n\t\t\t\t\tfirm_phone,\n\t\t\t\t\tfirm_fax,\n\t\t\t\t\tfirm_mobile,\n\t\t\t\t\tfirm_pager,\n\t\t\t\t\tfirm_homepage,\n\t\t\t\t\tcomment, A.user_id, password, A.name, surname, email, C.name AS groupname, C.description \n\t\t\t\t\tFROM \n\t\t\t\t\t\t" . $cms_db['users'] . " A \n\t\t\t\t\t\tLEFT JOIN " . $cms_db['users_groups'] . " B USING(user_id) \n\t\t\t\t\t\tLEFT JOIN " . $cms_db['groups'] . " C USING(idgroup) \n\t\t\t\t\t\tLEFT JOIN " . $cms_db['perms'] . " D USING(idgroup) \n\t\t\t\t\tWHERE \n\t\t\t\t\t\tA.username='******' \n\t\t\t\t\t\tAND A.password='******' \n\t\t\t\t\t\tAND A.is_active='1' \n\t\t\t\t\t\tAND C.is_active='1' \n\t\t\t\t\t\tAND ((D.type='cms_access' AND D.id = 'area_backend' AND D.perm = 1) OR C.is_sys_admin='1') LIMIT 0, 1\n\t\t\t\t");
if ($this->db->next_record()) {
// Use Single Login
if ($this->force_single_login) {
if (!$sess->single_id($this->db->f('user_id'))) {
$doublelogin = true;
// Event
fire_event('login_single_fail', array('username' => $username, 'password' => $password));
return false;
}
}
// Event
fire_event('login_success', array('uid' => $this->db->f('user_id')));
$this->auth['name'] = $this->db->f('name');
$this->auth['surname'] = $this->db->f('surname');
$this->auth['group_name'] = $this->db->f('groupname');
$this->auth['group_desc'] = $this->db->f('description');
$this->auth['email'] = $this->db->f('email');
$this->auth['salutation'] = $this->db->f('salutation');
$this->auth['street'] = $this->db->f('street');
$this->auth['street_alt'] = $this->db->f('street_alt');
$this->auth['zip'] = $this->db->f('zip');
$this->auth['location'] = $this->db->f('location');
$this->auth['state'] = $this->db->f('state');
$this->auth['country'] = $this->db->f('country');
$this->auth['phone'] = $this->db->f('phone');
$this->auth['fax'] = $this->db->f('fax');
$this->auth['mobile'] = $this->db->f('mobile');
$this->auth['pager'] = $this->db->f('pager');
$this->auth['homepage'] = $this->db->f('homepage');
$this->auth['birthday'] = $this->db->f('birthday');
$this->auth['firm'] = $this->db->f('firm');
$this->auth['position'] = $this->db->f('position');
$this->auth['firm_street'] = $this->db->f('firm_street');
$this->auth['firm_street_alt'] = $this->db->f('firm_street_alt');
$this->auth['firm_zip'] = $this->db->f('firm_zip');
$this->auth['firm_location'] = $this->db->f('firm_location');
$this->auth['firm_state'] = $this->db->f('firm_state');
$this->auth['firm_country'] = $this->db->f('firm_country');
$this->auth['firm_email'] = $this->db->f('firm_email');
$this->auth['firm_phone'] = $this->db->f('firm_phone');
$this->auth['firm_fax'] = $this->db->f('firm_fax');
$this->auth['firm_mobile'] = $this->db->f('firm_mobile');
$this->auth['firm_pager'] = $this->db->f('firm_pager');
$this->auth['firm_homepage'] = $this->db->f('firm_homepage');
$this->auth['comment'] = $this->db->f('comment');
// Use Single Login
if ($this->force_single_login) {
$sess->single_me($this->db->f('user_id'));
}
return $this->db->f('user_id');
}
// Event
fire_event('login_fail', array('username' => $username, 'password' => $password));
return false;
}
/**
* Einen Datensatz über die ID updaten.
* Um eine gültige Eingabe zu haben, muss der Wert
* id angegeben werden.
*
* @access private
* @args $mixed['id']
* ['value']
*/
function _update_by_id($mixed)
{
global $cms_db, $db;
//build query
set_magic_quotes_gpc($mixed['value']);
//$mixed['value'] = make_string_dump ($mixed['value']);
$sql_value = " value ='" . $mixed['value'] . "' ";
$sql = "UPDATE \t\t" . $cms_db['values'] . "\n\t\t\t\tSET\t\t\t{$sql_value}\n\t\t\t\tWHERE\t\tidvalues = " . $mixed['id'];
//die($sql);
$db->query($sql);
}
function make_array_to_urlstring($in)
{
if (!is_array($in)) {
return;
}
ksort($in);
$tmp[] = '';
// $tmp[] = 0;
$in = array_diff($in, $tmp);
foreach ($in as $key => $value) {
if (is_array($value)) {
// leere Arrayelemente löschen und in String wandeln
$value = array_diff($value, $tmp);
if (is_array($value)) {
$value = implode(',', $value);
}
}
set_magic_quotes_gpc($value);
$value = urlencode($value);
$out .= $key . '=' . $value . '&';
}
$out = preg_replace('/&$/', '', $out);
return $out;
}
function mod_save($idmod_in, $name, $verbose, $description, $modversion, $modcat, $input, $output, $idclient, $repid = '', $sql_install = '', $sql_uninstall = '', $sql_update = '', $mod_rebuild_sql = false, $source_id = '0', $mod_no_wedding = false, $stripe = false, $mod_config_takeover = false)
{
global $db, $auth, $cms_db, $cfg_cms, $cms_lang, $cfg_client, $rep, $perm;
global $idmod;
//make global for header redirect
$idmod = $idmod_in;
// Eintrag in 'mod' Tabelle
if (empty($name) || $name == '') {
$name = $cms_lang['mod_defaultname'];
}
if (empty($modversion) || $modversion == '') {
$modversion = '1.0';
}
if ($stripe == 1) {
$name = make_string_dump($name);
$verbose = make_string_dump($verbose);
$description = make_string_dump($description);
$modversion = make_string_dump($modversion);
$modcat = make_string_dump($modcat);
$input = make_string_dump($input);
$output = make_string_dump($output);
} elseif ($stripe != 2) {
set_magic_quotes_gpc($name);
set_magic_quotes_gpc($verbose);
set_magic_quotes_gpc($description);
set_magic_quotes_gpc($modversion);
set_magic_quotes_gpc($modcat);
set_magic_quotes_gpc($input);
set_magic_quotes_gpc($output);
}
$checked = ($err_i = $rep->mod_test(cms_stripslashes($input), $idmod)) || ($err_0 = $rep->mod_test(cms_stripslashes($output), $idmod)) ? '0' : '1';
$modverbose = $verbose == '-1' ? $name : $verbose;
$mod_sql_uninstall = $sql_uninstall;
$mod_sql_install = $sql_install;
$sql_install = mysql_escape_string($rep->decode_sql($sql_install));
$sql_uninstall = mysql_escape_string($rep->decode_sql($sql_uninstall));
$sql_update = mysql_escape_string($rep->decode_sql($sql_update));
if ($mod_no_wedding == true) {
$source_id = 0;
$repositoryid = $rep->gen_new_mod($name);
$update_source = ", source_id='0'";
} elseif ($source_id) {
$repositoryid = $rep->gen_new_mod($name, true);
} elseif ($repid == '') {
$repositoryid = $rep->gen_new_mod($name);
if ($errno = $rep->error(true)) {
return $errno;
}
} else {
$repositoryid = $rep->gen_new_mod($name, true);
}
if ($errno = $rep->error(true)) {
return $errno;
} elseif (empty($input) && empty($output)) {
return '0424';
}
if (!$idmod) {
// Modul existiert noch nicht
$sql = "INSERT INTO\r\n\t\t\t\t" . $cms_db['mod'] . "\r\n\t\t\t\t(name, description, version, cat, input, output, idclient, author, created, lastmodified,\r\n\t\t\t\trepository_id, install_sql, uninstall_sql, update_sql, source_id, verbose, checked)\r\n\t\t\t\tVALUES\r\n\t\t\t\t('{$name}', '{$description}', '{$modversion}', '{$modcat}', '{$input}', '{$output}', '{$idclient}',\r\n\t\t\t\t'" . $auth->auth['uid'] . "', '" . time() . "', '" . time() . "', '{$repositoryid}', '{$sql_install}', '{$sql_uninstall}', '{$sql_update}', '{$source_id}', '{$modverbose}', '{$checked}')";
$affect = $db->query($sql);
if (!$affect || $affect < 1) {
return '0400';
}
$idmod = $last_id = $db->insert_id();
if ($mod_config_takeover == true) {
$modul = $rep->mod_data($source_id, $idclient);
mod_save_config($idmod, make_string_dump($modul['config']));
}
// Event
fire_event('mod_new', array('idmod' => $idmod, 'name' => $name));
} else {
// hat sich das Modul geändert?
$sql = "SELECT output FROM " . $cms_db['mod'] . " WHERE idmod='{$idmod}'";
$db->query($sql);
$db->next_record();
$output_old = $db->f('output');
set_magic_quotes_gpc($output_old);
//don't change verbose name by sql update
if ($verbose == '-2') {
$sql_verbose_name = '';
} else {
$sql_verbose_name = "verbose = '{$modverbose}',";
}
if ($output != $output_old) {
$sql = "UPDATE " . $cms_db['mod'] . "\r\n\t\t\t\t\tSET\r\n\t\t\t\t\tname='{$name}', description='{$description}', version = '{$modversion}', cat = '{$modcat}',\r\n\t\t\t\t\tinput='{$input}', output='{$output}', author='" . $auth->auth['uid'] . "', lastmodified='" . time() . "',\r\n\t\t\t\t\tinstall_sql ='{$sql_install}', uninstall_sql ='{$sql_uninstall}', update_sql ='{$sql_update}' {$update_source}, repository_id = '{$repositoryid}', {$sql_verbose_name} checked = '{$checked}'\r\n\t\t\t\t\tWHERE\r\n\t\t\t\t\tidmod='{$idmod}'";
$db->query($sql);
$change = 'true';
} else {
$sql = "UPDATE " . $cms_db['mod'] . "\r\n\t\t\t\t\tSET\r\n\t\t\t\t\tname='{$name}', description='{$description}', version = '{$modversion}', cat = '{$modcat}', input='{$input}',\r\n\t\t\t\t\tauthor='" . $auth->auth['uid'] . "', lastmodified='" . time() . "', install_sql='{$sql_install}',\r\n\t\t\t\t\tuninstall_sql='{$sql_uninstall}', update_sql='{$sql_update}' {$update_source}, repository_id = '{$repositoryid}', {$sql_verbose_name} checked = '{$checked}'\r\n\t\t\t\t\tWHERE\r\n\t\t\t\t\tidmod='{$idmod}'";
$db->query($sql);
}
// Event
fire_event('mod_edit', array('idmod' => $idmod, 'name' => $name));
}
if ($idclient > 0 && $mod_sql_install != '' && $mod_rebuild_sql == true) {
if ($mod_sql_uninstall != '') {
$error = $rep->bulk_sql($mod_sql_uninstall);
}
if (!$error) {
$error = $rep->bulk_sql($mod_sql_install);
}
if (!$error) {
$sql = "UPDATE " . $cms_db['mod'] . " SET is_install='1', lastmodified='" . time() . "' WHERE idmod='{$idmod}'";
$db->query($sql);
}
// Event
fire_event('mod_install_sql', array('idmod' => $idmod, 'name' => $name));
}
if ($change) {
// Status der 'code' Tabelle ändern
$list = get_idtplconf_by_using_type($idmod, 'mod');
$list = get_idcode_by_idtplconf($list);
change_code_status($list, '1');
unset($list);
}
// Rechte setzen
if ($perm->have_perm('6', 'mod', $idmod)) {
global $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben;
$perm->set_group_rights('mod', $idmod, $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben, '', 0xafd);
}
return !$error ? '0412' : $error;
}
function plug_save($idplug, $name, $description, $plugversion, $plugcat, $idclient, $repid = '', $sql_install = '', $sql_uninstall = '', $sql_update = '', $root_name = 'hold_old_data', $index_file = 'hold_old_data')
{
global $db, $auth, $cms_db, $cfg_cms, $cms_lang, $cfg_client, $rep, $perm;
//ATTENTION!!! make idplug global / necessary for apply header
global $idplug;
// Eintrag in 'plug' Tabelle
if ($name == '') {
$name = $cms_lang['plug_defaultname'];
}
set_magic_quotes_gpc($name);
set_magic_quotes_gpc($description);
set_magic_quotes_gpc($plugversion);
set_magic_quotes_gpc($plugcat);
set_magic_quotes_gpc($root_name);
set_magic_quotes_gpc($index_file);
remove_magic_quotes_gpc($sql_install);
remove_magic_quotes_gpc($sql_uninstall);
remove_magic_quotes_gpc($sql_update);
$root_name = str_replace('plugins/', '', $root_name);
if ($root_name == 'name_des_verzeichnisses') {
$root_name = strtolower($name);
}
$repositoryid = $repid == '' ? $rep->gen_new_plug($name) : $repid;
if (!$idplug) {
// plugin existiert noch nicht
// todo:formcheck name, version usw.
$root_name = $root_name == 'hold_old_data' ? '' : $root_name;
$index_file = $index_file == 'hold_old_data' ? '' : $index_file;
$sql = "INSERT INTO\n\t\t\t " . $cms_db['plug'] . "\n\t\t\t (name, description, version, cat, author, created, lastmodified, repository_id, root_name, index_file,\n\t\t\t idclient)\n\t\t\t VALUES\n\t\t\t ('{$name}', '{$description}', '{$plugversion}', '{$plugcat}', '" . $auth->auth['uid'] . "', '" . time() . "', '\n\t\t\t " . time() . "', '{$repositoryid}', '{$root_name}', '{$index_file}', '{$idclient}')";
$db->query($sql);
$idplug = $last_id = $db->insert_id();
if ($rep->_plug_init($idplug)) {
$return = '1612';
} else {
$return = true !== (plug_new($root_name, $index_file) && $rep->_plug_init($idplug)) ? '1613' : '1612';
}
// Event
fire_event('plug_new', array('idplug' => $idplug, 'name' => $name));
} else {
$rep->plug_execute($idplug, 'this', 'update', 'install', $rep->decode_sql($sql_install));
$rep->plug_execute($idplug, 'this', 'update', 'uninstall', $rep->decode_sql($sql_uninstall));
$rep->plug_execute($idplug, 'this', 'update', 'update', $rep->decode_sql($sql_update));
$root_name = $root_name == 'hold_old_data' ? 'root_name' : "'{$root_name}'";
$index_file = $index_file == 'hold_old_data' ? 'index_file' : "'{$index_file}'";
$sql = "UPDATE\n\t\t\t " . $cms_db['plug'] . "\n\t\t\t SET\n\t\t\t name='{$name}', description='{$description}', version = '{$plugversion}', cat = '{$plugcat}', author='\n\t\t\t " . $auth->auth['uid'] . "', lastmodified='" . time() . "', root_name={$root_name}, repository_id = '{$repositoryid}',\n\t\t\t index_file={$index_file} WHERE idplug={$idplug} OR source_id={$idplug}";
$db->query($sql);
//todo:checken in wie weit die rechte der installierten Plugins betroffen sind!
// Rechte setzen
if ($perm->have_perm('6', 'plug', $idplug)) {
global $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben;
$perm->set_group_rights('plug', $idplug, $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben, '', 0x38afd);
}
// Event
fire_event('plug_edit', array('idplug' => $idplug, 'name' => $name));
$return = '1612';
}
return $return;
}
function clients_rename_client($idclient, $name, $desc)
{
global $db, $auth, $cms_db, $perm;
set_magic_quotes_gpc($name);
set_magic_quotes_gpc($desc);
$sql = "UPDATE \n\t\t\t\t" . $cms_db['clients'] . "\n\t\t\tSET \n\t\t\t\tname='{$name}', \n\t\t\t\tdescription='{$desc}', \n\t\t\t\tauthor='" . $auth->auth['uid'] . "', \n\t\t\t\tlastmodified='" . time() . "' \n\t\t\tWHERE \n\t\t\t\tidclient='{$idclient}'";
$db->query($sql);
//Rechte setzen
if ($perm->have_perm(6, 'clients', $idclient)) {
global $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben;
$perm->set_group_rights('clients', $idclient, $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben);
}
}
function lay_edit_layout($idlay, $name, $description, $code, $doctype, $doctype_autoinsert, $idclient)
{
global $db, $client, $auth, $cms_db, $cfg_cms, $css, $js, $cms_lang, $cfg_client, $perm;
// Eintrag in 'lay' Tabelle
if ($name == '') {
$name = $cms_lang['lay_defaultname'];
}
set_magic_quotes_gpc($name);
set_magic_quotes_gpc($description);
set_magic_quotes_gpc($code);
// Layout existiert noch nicht - neu erzeugen
if (!$idlay) {
$sql = "INSERT INTO\n\t\t\t\t\t" . $cms_db['lay'] . "\n\t\t\t\t\t(name, description, deletable, code, doctype, doctype_autoinsert, idclient, author, created, lastmodified)\n\t\t\t\tVALUES\n\t\t\t\t\t('{$name}', '{$description}', '1', '{$code}', '{$doctype}', '{$doctype_autoinsert}', \n\t\t\t\t\t\t'{$idclient}', '" . $auth->auth['uid'] . "', '" . time() . "', '" . time() . "')";
$db->query($sql);
// neue Layout-ID suchen
$sql = "SELECT MAX(idlay) AS idlay FROM " . $cms_db['lay'];
$db->query($sql);
$db->next_record();
$idlay = $db->f('idlay');
// Event neues Layout
fire_event('lay_new', array('idlay' => $idlay, 'name' => $name));
// Layout existiert - updaten
} else {
// hat sich das Layout geändert?
$sql = "SELECT code FROM " . $cms_db['lay'] . " WHERE idlay='{$idlay}'";
$db->query($sql);
$db->next_record();
$code_old = $db->f('code');
set_magic_quotes_gpc($code_old);
$sql = "UPDATE " . $cms_db['lay'] . "\n\t\t\t\tSET\n\t\t\t\t\tname='{$name}', \n\t\t\t\t\tdescription='{$description}', \n\t\t\t\t\tcode='{$code}',\n\t\t\t\t\tdoctype='{$doctype}',\n\t\t\t\t\tdoctype_autoinsert='{$doctype_autoinsert}',\n\t\t\t\t\tauthor='" . $auth->auth['uid'] . "', lastmodified='" . time() . "'\n\t\t\t\tWHERE\n\t\t\t\t\tidlay='{$idlay}'";
$db->query($sql);
$change = 'true';
//rechte setzen
if ($perm->have_perm('6', 'lay', $idlay)) {
global $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben;
$perm->set_group_rights('lay', $idlay, $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben, '', 0xf5);
}
// Event
fire_event('lay_edit', array('idlay' => $idlay, 'name' => $name));
}
// welche CSS-Dateien werden benutzt?
$sql = "SELECT B.idupl FROM {$cms_db['lay_upl']} A LEFT JOIN {$cms_db['upl']} B USING(idupl) LEFT JOIN {$cms_db['filetype']} C ON B.idfiletype=C.idfiletype WHERE idlay='{$idlay}' AND C.filetype='css'";
$db->query($sql);
while ($db->next_record()) {
$tmp_files['css'][] = $db->f('idupl');
}
if (!is_array($tmp_files['css'])) {
$tmp_files['css']['0'] = '0';
}
if (!is_array($css)) {
$css['0'] = '0';
}
// benutzte CSS-Dateien in lay_upl schreiben
foreach ($css as $value) {
if (!in_array($value, $tmp_files['css'])) {
if ($value != '0') {
$sql = "INSERT INTO {$cms_db['lay_upl']} (idlay, idupl) VALUES ('{$idlay}', '{$value}')";
$db->query($sql);
$change = 'true';
}
}
}
// unbenutze CSS-Dateien aus lay_upl löschen
foreach ($tmp_files['css'] as $value) {
if (!in_array($value, $css)) {
$sql = "DELETE FROM {$cms_db['lay_upl']} WHERE idupl='{$value}' AND idlay='{$idlay}'";
$db->query($sql);
$change = 'true';
}
}
// welche JS-Dateien werden benutzt?
$sql = "SELECT B.idupl FROM {$cms_db['lay_upl']} A LEFT JOIN {$cms_db['upl']} B USING(idupl) LEFT JOIN {$cms_db['filetype']} C ON B.idfiletype=C.idfiletype WHERE idlay='{$idlay}' AND C.filetype='js'";
$db->query($sql);
while ($db->next_record()) {
$tmp_files['js'][] = $db->f('idupl');
}
if (!is_array($tmp_files['js'])) {
$tmp_files['js']['0'] = '0';
}
if (!is_array($js)) {
$js['0'] = '0';
}
// benutzte JS-Dateien in lay_upl schreiben
foreach ($js as $value) {
if (!in_array($value, $tmp_files['js'])) {
if ($value != '0') {
$sql = "INSERT INTO {$cms_db['lay_upl']} (idlay, idupl) VALUES ('{$idlay}', '{$value}')";
$db->query($sql);
$change = 'true';
}
}
}
// unbenutze JS-Dateien aus lay_upl löschen
foreach ($tmp_files['js'] as $value) {
if (!in_array($value, $js)) {
$sql = "DELETE FROM {$cms_db['lay_upl']} WHERE idupl='{$value}' AND idlay='{$idlay}'";
$db->query($sql);
$change = 'true';
}
}
if ($change) {
// Status der 'code' Tabelle ändern
$list = get_idtplconf_by_using_type($idlay, 'lay');
$list = get_idcode_by_idtplconf($list);
change_code_status($list, '1');
unset($list);
}
return $idlay;
}
function lang_rename_language($idlang, $name, $desc, $charset, $rewrite_key, $rewrite_mapping)
{
global $db, $auth, $cms_db, $perm;
set_magic_quotes_gpc($name);
set_magic_quotes_gpc($desc);
set_magic_quotes_gpc($rewrite_key);
set_magic_quotes_gpc($rewrite_mapping);
$iso_3166_code = strlen($_REQUEST['iso_3166']) > 8 ? '' : $_REQUEST['iso_3166'];
$sql = "UPDATE\n\t\t\t\t" . $cms_db['lang'] . "\n\t\t\tSET\n\t\t\t\tname='{$name}',\n\t\t\t\tdescription='{$desc}',\n\t\t\t\tcharset='{$charset}',\n\t\t\t\tiso_3166_code='{$iso_3166_code}',\n\t\t\t\trewrite_key='{$rewrite_key}',\n\t\t\t\trewrite_mapping='{$rewrite_mapping}',\n\t\t\t\tauthor='" . $auth->auth['uid'] . "',\n\t\t\t\tlastmodified='" . time() . "'\n\t\t\tWHERE\n\t\t\t\tidlang='{$idlang}'";
$db->query($sql);
//Rechte setzen
if ($perm->have_perm(22, 'clientlangs', $idlang)) {
global $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben;
$perm->set_group_rights('clientlangs', $idlang, $cms_gruppenids, $cms_gruppenrechte, $cms_gruppenrechtegeerbt, $cms_gruppenrechteueberschreiben);
}
}
function user_save()
{
global $auth, $db, $cms_db, $username, $password, $password_validate, $name, $surname, $email, $group, $iduser, $idgroup, $order, $ascdesc, $oldusername, $comment;
global $salutation, $street, $street_alt, $zip, $location, $state, $country, $phone, $fax, $mobile, $pager, $homepage, $birthday, $firm, $position, $firm_street, $firm_street_alt, $firm_zip, $firm_location, $firm_state, $firm_country, $firm_email, $firm_phone, $firm_fax, $firm_mobile, $firm_pager, $firm_homepage, $title;
global $iduser;
//User Objekt anlegen
$sf_user = sf_factoryGetObject('ADMINISTRATION', 'User');
// Passwort vergleich
$password = trim($password);
$password_validate = trim($password_validate);
$username = trim($username);
if ((!empty($password) || empty($password) && empty($iduser)) && ($password != $password_validate || strlen($password) < 3)) {
return 'incorrect';
}
// keine Passwort
if (empty($iduser) && empty($password)) {
return 'incorrect';
}
// Kein Loginname
if (empty($username)) {
return 'nologinname';
}
// Username auf Existenz pr�fen
if (is_int($sf_user->usernameExists($username))) {
return 'existusername';
}
if (!is_array($group)) {
$group['0'] = $idgroup;
}
// Wenn Sysadmin gew�hlt wurde, alle anderen kicken
if (in_array('2', $group)) {
unset($group);
$group['0'] = '2';
}
set_magic_quotes_gpc($username);
set_magic_quotes_gpc($name);
set_magic_quotes_gpc($surname);
set_magic_quotes_gpc($email);
set_magic_quotes_gpc($password);
set_magic_quotes_gpc($salutation);
set_magic_quotes_gpc($title);
set_magic_quotes_gpc($street);
set_magic_quotes_gpc($street_alt);
set_magic_quotes_gpc($zip);
set_magic_quotes_gpc($location);
set_magic_quotes_gpc($state);
set_magic_quotes_gpc($country);
set_magic_quotes_gpc($phone);
set_magic_quotes_gpc($fax);
set_magic_quotes_gpc($mobile);
set_magic_quotes_gpc($pager);
set_magic_quotes_gpc($homepage);
set_magic_quotes_gpc($birthday);
set_magic_quotes_gpc($firm);
set_magic_quotes_gpc($position);
set_magic_quotes_gpc($firm_street);
set_magic_quotes_gpc($firm_street_alt);
set_magic_quotes_gpc($firm_zip);
set_magic_quotes_gpc($firm_location);
set_magic_quotes_gpc($firm_state);
set_magic_quotes_gpc($firm_country);
set_magic_quotes_gpc($firm_email);
set_magic_quotes_gpc($firm_phone);
set_magic_quotes_gpc($firm_fax);
set_magic_quotes_gpc($firm_mobile);
set_magic_quotes_gpc($firm_pager);
set_magic_quotes_gpc($firm_homepage);
set_magic_quotes_gpc($comment);
// Besteht User bereits?
if (!empty($iduser)) {
$sf_user->loadByIduser($iduser);
// sonst neuen Benutzer vorbereiten
} else {
$sf_user->setIsOnline(1);
$sf_user->setIsDeletable(1);
}
// Variablen setzen
$sf_user->setUsername($username);
if (!empty($password)) {
$sf_user->setPassword($password);
}
$sf_user->setTitle($title);
$sf_user->setName($name);
$sf_user->setSurname($surname);
$sf_user->setEmail($email);
$sf_user->setPosition($position);
$sf_user->setSalutation($salutation);
$sf_user->setStreet($street);
$sf_user->setZip($zip);
$sf_user->setLocation($location);
$sf_user->setPhone($phone);
$sf_user->setFax($fax);
$sf_user->setComment($comment);
$sf_user->setStreetAlt($street_alt);
$sf_user->setState($state);
$sf_user->setCountry($country);
$sf_user->setMobile($mobile);
$sf_user->setPager($pager);
$sf_user->setHomepage($homepage);
$sf_user->setBirthday($birthday);
$sf_user->setFirm($firm);
$sf_user->setFirmStreet($firm_street);
$sf_user->setFirmStreetAlt($firm_street_alt);
$sf_user->setFirmZip($firm_zip);
$sf_user->setFirmLocation($firm_location);
$sf_user->setFirmState($firm_state);
$sf_user->setFirmCountry($firm_country);
$sf_user->setFirmEmail($firm_email);
$sf_user->setFirmPhone($firm_phone);
$sf_user->setFirmFax($firm_fax);
$sf_user->setFirmMobile($firm_mobile);
$sf_user->setFirmPager($firm_pager);
$sf_user->setFirmHomepage($firm_homepage);
$sf_user->setIdgroups($group);
//Anlegen oder Speichern
$sf_user->save();
}
function con_create_site_meta_from_idcatside($idclient, $idlang_current, $idcatside_from, $name = '', $lang_postfix = true, $target_idcat = -1, $options = array())
{
global $db, $cms_db, $cfg_cms;
//cast
$idclient = (int) $idclient;
$idlang_current = (int) $idlang_current;
$idcatside_from = (int) $idcatside_from;
if ($idclient < 1 || $idlang_current < 1 || $idcatside_from < 1) {
return false;
}
set_magic_quotes_gpc($name);
//init
$db2 = new DB_cms();
//get necessary values from source idcatside
$sql = "SELECT * FROM " . $cms_db['cat_side'] . " WHERE idcatside='{$idcatside_from}'";
$db->query($sql);
if ($db->next_record()) {
$idcat_from = $db->f('idcat');
$idside_from = $db->f('idside');
$sortindex_from = $db->f('sortindex');
$is_start_from = $db->f('is_start');
} else {
return false;
}
//copy to same idcat or to an other category
$idcat_to = $target_idcat < 1 ? $idcat_from : $target_idcat;
//create idside
$sql = "INSERT INTO " . $cms_db['side'] . " (idclient) VALUES ('{$idclient}')";
$db->query($sql);
$idside_to = mysql_insert_id();
//create idcatside
$sql = "INSERT INTO \n\t\t\t\t" . $cms_db['cat_side'] . " (idcat, idside, is_start) \n\t\t\tVALUES\n\t\t\t\t('{$idcat_to}', '{$idside_to}', '0')";
$db->query($sql);
$idcatside_to = mysql_insert_id();
//sortindex
$db->query("SELECT MAX(sortindex) AS max FROM " . $cms_db['cat_side'] . " WHERE idcat='{$idcat_to}'");
$db->next_record();
$lastindex = (int) $db->f('max');
if ($lastindex < 1) {
$lastindex = 1;
} else {
++$lastindex;
}
$sql = "UPDATE " . $cms_db['cat_side'] . " SET sortindex='{$lastindex}' WHERE idcatside='{$idcatside_to}'";
$db->query($sql);
//check and set startpage
if ($options['set_startflag'] == 'from_source') {
$sql = "UPDATE " . $cms_db['cat_side'] . " SET is_start='{$is_start_from}' WHERE idcatside='{$idcatside_to}'";
$db->query($sql);
} else {
$sql = "SELECT * FROM " . $cms_db['cat_side'] . " WHERE idcat='{$idcat_to}' AND is_start='1'";
$db->query($sql);
if (!$db->affected_rows()) {
$sql = "UPDATE " . $cms_db['cat_side'] . " SET is_start='1' WHERE idcat='{$idcat_to}' AND sortindex='1'";
$db->query($sql);
}
}
//get lang infos
include_once $cfg_cms['cms_path'] . "inc/fnc.clients.php";
$arr_langs = clients_get_langs($idclient, true);
//insert metadata foreach lang
$db3 = new DB_cms();
$sql = "SELECT * FROM " . $cms_db['side_lang'] . " WHERE idside='{$idside_from}'";
$db3->query($sql);
while ($db3->next_record()) {
$idlang = $db3->f('idlang');
if ($name == '') {
$name = make_string_dump($db3->f('title'));
}
if ($lang_postfix && $idlang_current != $idlang) {
$title = $name . ' (' . $arr_langs[$idlang]['name'] . ')';
} else {
$title = $name;
}
$summary = make_string_dump($db3->f('summary'));
$meta_author = make_string_dump($db3->f('meta_author'));
$meta_description = make_string_dump($db3->f('meta_description'));
$meta_keywords = make_string_dump($db3->f('meta_keywords'));
$meta_robots = make_string_dump($db3->f('meta_robots'));
$meta_redirect_url = make_string_dump($db3->f('meta_redirect_url'));
$rewrite_url = make_string_dump($db3->f('rewrite_url'));
//get the stat
$online = (int) $db3->f('online') & 0xff;
//handle online/ offline, protection options
//online
if ($options['set_online'] == 'yes') {
$online = $online | 0x1;
} else {
if ($options['set_online'] == 'no') {
$online = $online & 0xfe;
}
}
//protected
if ($options['set_protected'] == 'yes') {
$online = $online | 0x4;
} else {
if ($options['set_protected'] == 'no') {
$online = $online & 0xfb;
}
}
//make rewrite url
if (!function_exists('rewriteGenerateUrlString')) {
include_once $cfg_cms['cms_path'] . 'inc/fnc.mod_rewrite.php';
}
$rewrite_url = rewriteGenerateUrlString($title);
$rewrite_url = rewriteMakeUniqueStringForLang('idcatside', $idcatside_to, $rewrite_url);
//echo $online;exit;
$sql2 = "INSERT INTO " . $cms_db['side_lang'] . " \n\t\t\t\t\t(idside, idlang, idtplconf, title, meta_keywords, summary, online, \n\t\t\t\t\t\tmeta_redirect, meta_redirect_url, author, \n\t\t\t\t\t\tcreated, lastmodified, user_protected, visited, edit_ttl, \n\t\t\t\t\t\tmeta_author, meta_description, meta_robots, meta_redirect_time,\n\t\t\t\t\t\trewrite_use_automatic, rewrite_url, start, end) \n\t\t\t\tVALUES ('" . $idside_to . "', '{$idlang}', '0', '{$title}', '{$meta_keywords}', '{$summary}', '{$online}',\n\t\t\t\t\t '" . $db3->f('meta_redirect') . "', '{$meta_redirect_url}', '" . $db3->f('author') . "', \r\n\t\t\t\t\t'" . time() . "', '" . time() . "', '" . $db3->f('user_protected') . "', '" . $db3->f('visited') . "', '" . $db3->f('edit_ttl') . "', \r\n\t\t\t\t\t'{$meta_author}', '{$meta_description}', '{$meta_robots}', '" . $db3->f('meta_redirect_time') . "',\r\n\t\t\t\t\t'1', '{$rewrite_url}', " . time() . ", " . time() . ")";
$db2->query($sql2);
}
return $idcatside_to;
}
protected function _saveContent($idsidelang, $idcontainer, $idrepeat, $formtypenumber, $idmodtag, $content)
{
$author = $this->cfg->auth('uid');
$change = FALSE;
$cms_db = $GLOBALS['cms_db'];
//strip trailingslashes if they occur in internal links
$content = preg_replace('#cms://(idcatside|idcat)=(\\d+)/#U', 'cms://\\1=\\2', $content);
//make internal image pathes relative
$in = array("!href=(\\\\)?[\"\\']" . $this->cfg->client('path_http') . $this->cfg->client('path_rel') . "([^\"\\'\\\\]*)(\\\\)?[\"\\']!i", "!src=(\\\\)?[\"\\']" . $this->cfg->client('path_http') . $this->cfg->client('path_rel') . "([^\"\\'\\\\]*)(\\\\)?[\"\\']!i", "!href=(\\\\)?[\"\\']" . $this->cfg->client('path_http_edit') . $this->cfg->client('path_rel') . "([^\"\\'\\\\]*)(\\\\)?[\"\\']!i", "!src=(\\\\)?[\"\\']" . $this->cfg->client('path_http_edit') . $this->cfg->client('path_rel') . "([^\"\\'\\\\]*)(\\\\)?[\"\\']!i");
$out = array("href=\\1\"\\2\\3\"", "src=\\1\"\\2\\3\"", "href=\\1\"\\2\\3\"", "src=\\1\"\\2\\3\"");
$content = preg_replace($in, $out, $content);
set_magic_quotes_gpc($content);
$sql = "SELECT \r\n\t\t\t\t\tvalue \r\n\t\t\t\tFROM \r\n\t\t\t\t\t" . $this->dbnames['content'] . " \r\n\t\t\t\tWHERE \r\n\t\t\t\t\tidsidelang='{$idsidelang}' \r\n\t\t\t\t\tAND container='{$idcontainer}' \r\n\t\t\t\t\tAND number='{$idrepeat}' \r\n\t\t\t\t\tAND idtype='{$formtypenumber}' \r\n\t\t\t\t\tAND typenumber='{$idmodtag}'";
$this->db->query($sql);
//Update
if ($this->db->next_record()) {
// hat sich was ge�ndert?
if (addslashes($this->db->f('value')) != $content) {
// wurde �berhaupt was eingegeben?
if ($content != '') {
$sql = "UPDATE\r\n\t\t\t\t\t\t\t\t" . $this->dbnames['content'] . " \r\n\t\t\t\t\t\t\tSET \r\n\t\t\t\t\t\t\t\tvalue='{$content}', \r\n\t\t\t\t\t\t\t\tauthor='{$author}', \r\n\t\t\t\t\t\t\t\tlastmodified='" . time() . "' \r\n\t\t\t\t\t\t\tWHERE \r\n\t\t\t\t\t\t\t\tidsidelang='{$idsidelang}' \r\n\t\t\t\t\t\t\t\tAND container='{$idcontainer}' \r\n\t\t\t\t\t\t\t\tAND number='{$idrepeat}' \r\n\t\t\t\t\t\t\t\tAND idtype='{$formtypenumber}' \r\n\t\t\t\t\t\t\t\tAND typenumber='{$idmodtag}'";
$this->db->query($sql);
$change = TRUE;
} else {
$sql = "DELETE FROM \r\n\t\t\t\t\t\t\t\t" . $cms_db['content'] . " \r\n\t\t\t\t\t\t\tWHERE \r\n\t\t\t\t\t\t\t\tidsidelang='{$idsidelang}' \r\n\t\t\t\t\t\t\t\tAND container='{$idcontainer}' \r\n\t\t\t\t\t\t\t\tAND number='{$idrepeat}' \r\n\t\t\t\t\t\t\t\tAND idtype='{$formtypenumber}' \r\n\t\t\t\t\t\t\t\tAND typenumber='{$idmodtag}'";
$this->db->query($sql);
$change = TRUE;
}
}
} else {
if ($content != '') {
$sql = "INSERT INTO\r\n\t\t\t\t\t\t\t{$cms_db['content']} \r\n\t\t\t\t\t\t\t(idsidelang, container, number, idtype, typenumber, value, author, created, lastmodified) \r\n\t\t\t\t\t\tVALUES\r\n\t\t\t\t\t\t\t('{$idsidelang}', '{$idcontainer}', '{$idrepeat}', '{$formtypenumber}', '{$idmodtag}', '{$content}', '{$author}', '" . time() . "', '" . time() . "')";
$this->db->query($sql);
$change = TRUE;
}
}
if ($change) {
$this->_updateSideLangAndCodestatus($idsidelang);
}
}
function user_save()
{
global $auth, $db, $cms_db, $username, $password, $password_validate, $name, $surname, $email, $group, $iduser, $idgroup, $order, $ascdesc, $oldusername, $comment;
global $salutation, $street, $street_alt, $zip, $location, $state, $country, $phone, $fax, $mobile, $pager, $homepage, $birthday, $firm, $position, $firm_street, $firm_street_alt, $firm_zip, $firm_location, $firm_state, $firm_country, $firm_email, $firm_phone, $firm_fax, $firm_mobile, $firm_pager, $firm_homepage, $title;
global $iduser;
// Passwort vergleich
$password = trim($password);
$password_validate = trim($password_validate);
$username = trim($username);
if ((!empty($password) || empty($password) && empty($iduser)) && ($password != $password_validate || strlen($password) < 3)) {
return 'incorrect';
}
// keine Passwort
if (empty($iduser) && empty($password)) {
return 'incorrect';
}
// Kein Loginname
if (empty($username)) {
return 'nologinname';
}
// Username auf Existenz prüfen
if ($username != $oldusername && !isset($_REQUEST['sf_apply'])) {
$sql = "SELECT username FROM " . $cms_db['users'] . " WHERE username='******' LIMIT 0, 1";
$db->query($sql);
if ($db->affected_rows() && $db->f('username') == $username) {
return 'existusername';
}
}
if (!is_array($group)) {
$group['0'] = $idgroup;
}
// Wenn Sysadmin gewählt wurde, alle anderen kicken
if (in_array('2', $group)) {
unset($group);
$group['0'] = '2';
}
$current_time = time();
set_magic_quotes_gpc($username);
set_magic_quotes_gpc($name);
set_magic_quotes_gpc($surname);
set_magic_quotes_gpc($email);
set_magic_quotes_gpc($password);
set_magic_quotes_gpc($salutation);
set_magic_quotes_gpc($title);
set_magic_quotes_gpc($street);
set_magic_quotes_gpc($street_alt);
set_magic_quotes_gpc($zip);
set_magic_quotes_gpc($location);
set_magic_quotes_gpc($state);
set_magic_quotes_gpc($country);
set_magic_quotes_gpc($phone);
set_magic_quotes_gpc($fax);
set_magic_quotes_gpc($mobile);
set_magic_quotes_gpc($pager);
set_magic_quotes_gpc($homepage);
set_magic_quotes_gpc($birthday);
set_magic_quotes_gpc($firm);
set_magic_quotes_gpc($position);
set_magic_quotes_gpc($firm_street);
set_magic_quotes_gpc($firm_street_alt);
set_magic_quotes_gpc($firm_zip);
set_magic_quotes_gpc($firm_location);
set_magic_quotes_gpc($firm_state);
set_magic_quotes_gpc($firm_country);
set_magic_quotes_gpc($firm_email);
set_magic_quotes_gpc($firm_phone);
set_magic_quotes_gpc($firm_fax);
set_magic_quotes_gpc($firm_mobile);
set_magic_quotes_gpc($firm_pager);
set_magic_quotes_gpc($firm_homepage);
set_magic_quotes_gpc($comment);
// Besteht User bereits?
if (!empty($iduser)) {
if ($iduser > 1) {
$sql = "DELETE FROM " . $cms_db['users_groups'] . " WHERE user_id='{$iduser}'";
}
$db->query($sql);
$password_sql = !empty($password) ? ", password='******'\'' : '';
$sql = "UPDATE " . $cms_db['users'] . " SET\n\t\t\t\tusername='******',\n\t\t\t\tlastmodified='{$current_time}',\n\t\t\t\tlastmodified_author = '" . $auth->auth['uid'] . "',\n\t\t\t\tname='{$name}',\n\t\t\t\tsurname='{$surname}',\n\t\t\t\temail='{$email}',\n\t\t\t\tsalutation='{$salutation}',\n\t\t\t\ttitle='{$title}',\n\t\t\t\tstreet='{$street}',\n\t\t\t\tstreet_alt='{$street_alt}',\n\t\t\t\tzip='{$zip}',\n\t\t\t\tlocation='{$location}',\n\t\t\t\tstate='{$state}',\n\t\t\t\tcountry='{$country}',\n\t\t\t\tphone='{$phone}',\n\t\t\t\tfax='{$fax}',\n\t\t\t\tmobile='{$mobile}',\n\t\t\t\tpager='{$pager}',\n\t\t\t\thomepage='{$homepage}',\n\t\t\t\tbirthday='{$birthday}',\n\t\t\t\tfirm='{$firm}',\n\t\t\t\tposition='{$position}',\n\t\t\t\tfirm_street='{$firm_street}',\n\t\t\t\tfirm_street_alt='{$firm_street_alt}',\n\t\t\t\tfirm_zip='{$firm_zip}',\n\t\t\t\tfirm_location='{$firm_location}',\n\t\t\t\tfirm_state='{$firm_state}',\n\t\t\t\tfirm_country='{$firm_country}',\n\t\t\t\tfirm_email='{$firm_email}',\n\t\t\t\tfirm_phone='{$firm_phone}',\n\t\t\t\tfirm_fax='{$firm_fax}',\n\t\t\t\tfirm_mobile='{$firm_mobile}',\n\t\t\t\tfirm_pager='{$firm_pager}',\n\t\t\t\tfirm_homepage='{$firm_homepage}',\n\t\t\t\tcomment='{$comment}'{$password_sql}\n\t\t\tWHERE user_id ='{$iduser}'";
$db->query($sql);
$sf_user =& sf_factoryGetObject('ADMINISTRATION', 'User');
$sf_user->loadByIduser($iduser);
fire_event('user_update', $sf_user->data);
unset($sf_user);
} else {
$sql = "INSERT INTO " . $cms_db['users'] . "\n\t\t\t\t(username, password, name, created, author, lastmodified, lastmodified_author, surname, email, is_active, is_deletable, salutation, title, street,\n\t\t\t\tstreet_alt, zip, location, state, country, phone, fax, mobile, pager, homepage, birthday,\n\t\t\t\tfirm, position, firm_street, firm_street_alt, firm_zip, firm_location, firm_state, firm_country,\n\t\t\t\tfirm_email, firm_phone, firm_fax, firm_mobile, firm_pager, firm_homepage, comment)\n \t\tVALUES\n \t ('{$username}', '" . md5($password) . "', '{$name}', '{$current_time}', '" . $auth->auth['uid'] . "', '{$current_time}', '" . $auth->auth['uid'] . "', '{$surname}', '{$email}','1', '1', '{$salutation}','{$title}',\n\t\t\t\t'{$street}', '{$street_alt}', '{$zip}', '{$location}', '{$state}', '{$country}', '{$phone}', '{$fax}',\n\t\t\t\t'{$mobile}', '{$pager}', '{$homepage}', '{$birthday}', '{$firm}', '{$position}', '{$firm_street}',\n\t\t\t\t'{$firm_street_alt}', '{$firm_zip}', '{$firm_location}', '{$firm_state}', '{$firm_country}',\n\t\t\t\t'{$firm_email}', '{$firm_phone}', '{$firm_fax}', '{$firm_mobile}', '{$firm_pager}', '{$firm_homepage}',\n\t\t\t\t'{$comment}')";
$db->query($sql);
$sql = "SELECT user_id FROM " . $cms_db['users'] . " WHERE username='******'";
$db->query($sql);
$db->next_record();
$iduser = $db->f('user_id');
$sf_user =& sf_factoryGetObject('ADMINISTRATION', 'User');
$sf_user->loadByIduser($iduser);
fire_event('user_create', $sf_user->data);
unset($sf_user);
}
if ($iduser > 1) {
foreach ($group as $value) {
$value = (int) $value;
//hide group --kein--
if ($value < 2) {
continue;
}
$sql = "INSERT INTO " . $cms_db['users_groups'] . " VALUES ('', '{$iduser}', '{$value}')";
$db->query($sql);
}
}
}
