public function actionEdit($moduleComponentId)
{
global $sourceFolder;
global $templateFolder;
global $urlRequestRoot;
global $uploadFolder;
require_once "{$sourceFolder}/upload.lib.php";
$arr = getUploadedFiles($moduleComponentId, 'gallery');
if (isset($_POST['btnDeleteImage']) && isset($_POST['imagename']) && $_POST['imagename'] != '') {
deleteFile($moduleComponentId, 'gallery', $_POST['imagename']);
$gallQuery = "DELETE FROM `gallery_pics` WHERE `upload_filename`='" . escape($_POST['imagename']) . "'";
$gallResult = mysql_query($gallQuery);
} else {
if (isset($_POST['btnEditComment']) && isset($_POST['imagename']) && $_POST['imagename'] != '') {
$imageName = escape($_POST['imagename']);
$comment = escape($_POST['desc']);
$gallQuery = "UPDATE `gallery_pics` SET `gallery_filecomment`=\"{$comment}\" WHERE `upload_filename`=\"{$imageName}\"";
$gallResult = mysql_query($gallQuery);
}
}
if (isset($_POST['btnEditGallname']) && isset($_POST['gallName']) && isset($_POST['gallDesc']) && $_POST['gallName'] != '' && $_POST['gallDesc'] != '') {
if (is_numeric($_POST['imagesPerPage'])) {
$perPage = (int) escape($_POST['imagesPerPage']);
}
$viewCount = $_POST['allowViews'] ? 1 : 0;
$ratingCount = $_POST['allowRatings'] ? 1 : 0;
$gallQuery = "UPDATE `gallery_name` SET `gallery_name`='" . escape($_POST['gallName']) . "',`gallery_desc`='" . escape($_POST['gallDesc']) . "', `imagesPerPage`='" . $perPage . "',`allowViews`='" . $viewCount . "',`allowRatings`='" . $ratingCount . "' WHERE `page_modulecomponentid`='{$moduleComponentId}'";
$gallResult = mysql_query($gallQuery);
}
$content2 = getFileUploadForm($this->moduleComponentId, "gallery", './+edit', 10000000, 5);
$allowableTypes = array('jpeg', 'jpg', 'png', 'gif');
$uploadSuccess = submitFileUploadForm($this->moduleComponentId, "gallery", $this->userId, false, $allowableTypes);
if (is_array($uploadSuccess) && isset($uploadSuccess[0])) {
for ($i = 0; $i < count($uploadSuccess); $i++) {
$gallQuery3 = "INSERT INTO `gallery_pics` (`upload_filename`, `page_modulecomponentid`, `gallery_filecomment`) VALUES('{$uploadSuccess[$i]}', '{$this->moduleComponentId}', 'No Comment')";
$gallResult3 = mysql_query($gallQuery3);
}
}
$arr = getUploadedFiles($this->moduleComponentId, 'gallery');
global $ICONS;
$content2 = "<fieldset><legend>{$ICONS['Gallery Edit']['small']}Edit Gallery</legend>" . $content2;
$result = mysql_fetch_array(mysql_query("SELECT * FROM `gallery_name` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}'"));
if ($result) {
$checkViews = $result['allowViews'] == 1 ? 'checked="checked" ' : '';
$checkRatings = $result['allowRatings'] == 1 ? 'checked="checked" ' : '';
}
$content2 .= <<<GALFORM
\t\t\t\t\t<br /><br />
\t\t\t\t\t<script type="text/javascript">
\t\t\t\t\t\t<!--
\t\t\t\t\t\tfunction validate() {
\t\t\t\t\t\t\tvar strValidChars = "0123456789.-";
\t\t\t\t\t\t\tvar strString = document.getElementById('perPage').value;
\t\t\t\t\t\t\tif (strString.length == 0)
\t\t\t\t\t\t\t\talert("Empty Images Per Page will be taken as default value(10).");
\t\t\t\t\t\t\tfor (i = 0; i < strString.length; i++) {
\t\t\t\t\t\t\t\tif (strValidChars.indexOf(strString.charAt(i)) == -1) {
\t\t\t\t\t\t\t\t\talert("The value in the Images Per Page field doesn't seems to be valid number. An invalid number will be replaced by default value(10).");
\t\t\t\t\t\t\t\t\tbreak;\t\t\t\t\t\t\t \t
\t\t\t\t\t\t\t\t}
\t\t\t\t\t\t\t}
\t\t\t\t\t\t}
\t\t\t\t\t\t-->
\t\t\t\t\t</script>
\t\t\t\t\t<form name="edit" method="POST" action="./+edit">
\t\t\t\t\t<table>
\t\t\t\t\t\t<tr><th colspan=2>Edit gallery name and description</th></tr>
\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t<td>New Gallery Name</td>
\t\t\t\t\t\t\t<td><input type='text' name="gallName" value='{$result['gallery_name']}'></td>
\t\t\t\t\t\t</tr>
\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t<td>New Gallery Description</td>
\t\t\t\t\t\t\t<td><input type='text' name="gallDesc" value='{$result['gallery_desc']}'></td>
\t\t\t\t\t\t</tr>
\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t<td>Show Gallery views ?</td>
\t\t\t\t\t\t\t<td><input type="checkbox" name="allowViews" {$checkViews}></td>
\t\t\t\t\t\t</tr>
\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t<td>Show Gallery rating ?</td>
\t\t\t\t\t\t\t<td><input type="checkbox" name="allowRatings" {$checkRatings}></td>
\t\t\t\t\t\t</tr>
\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t<td>Images Per Page</td>
\t\t\t\t\t\t\t<td><input type="text" id=perPage name="imagesPerPage" value='{$result['imagesPerPage']}'></td>
\t\t\t\t\t\t</tr>
\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t<td><input type="submit" name="btnEditGallname" value="Save Settings"></td>
\t\t\t\t\t\t</tr>
\t\t\t\t\t</table>
\t\t\t\t\t</form>
\t\t\t\t\t<br /><br />
GALFORM;
$gallQuery2 = "SELECT * FROM `gallery_pics` where `page_modulecomponentid`= '{$this->moduleComponentId}'";
$gallResult2 = mysql_query($gallQuery2);
$fileArray = array();
while ($row2 = mysql_fetch_assoc($gallResult2)) {
$fileArray[] = $row2;
}
if ($fileArray) {
for ($i = 0; $i < count($fileArray); $i++) {
$galleryFilename = $fileArray[$i]['upload_filename'];
$galleryComment = $fileArray[$i]['gallery_filecomment'];
$galleryComment = $galleryComment != "" ? $galleryComment : "< No Comments >";
$content2 .= "<div class='galleryimagebox'><form name=\"edit\" method=\"POST\" action=\"./+edit\">";
$content2 .= <<<IMGFORM
\t\t\t\t<span style="float:left">
\t\t\t\t\t<center>
\t\t\t\t\t\t<img src="thumb_{$galleryFilename}" alt="{$galleryFilename}" title="Click on the image to delete it"/>
\t\t\t\t\t</center>
\t\t\t\t\t<div class="highslide-caption" id="caption{$i}">{$galleryComment}</div>
\t\t\t\t\t<input type="hidden" name="imagename" value="{$galleryFilename}" />
\t\t\t\t\t<input type="text" name="desc">
\t\t\t\t\t<br/><input type="submit" name="btnEditComment" value="Update comment">
\t\t\t\t\t<input type="submit" name="btnDeleteImage" value="Delete" />
\t\t\t\t</span>
IMGFORM;
$content2 .= "</form></div>";
}
}
return $content2 . "</fieldset>";
}
public function actionFaculty()
{
if (isset($_POST["updateDetail"]) && isset($_POST["facultyId"]) && $_POST["updateDetail"] != "" && $_POST["facultyId"] != "") {
$facultyId = intval($_POST["facultyId"]);
if (!is_int($facultyId)) {
return;
}
$facultyDetail = addslashes($_POST["updateDetail"]);
$facultyId = addslashes($facultyId);
$updateFacultyDataQuery = "UPDATE `faculty_data` SET `faculty_data`='{$facultyDetail}' WHERE `faculty_dataId`={$facultyId} AND ";
$upDateFacultyDataQuery .= "`page_moduleComponentId`={$this->moduleComponentId}";
$updateFacultyDataData = mysql_query($updateFacultyDataQuery);
}
if (isset($_POST["updateSectionDetail"]) && isset($_POST["SectionDetail"])) {
if ($_POST["updateSectionDetail"] != "" && $_POST["SectionDetail"] != "") {
$facultyId = intval($_POST["SectionDetail"]);
if (!is_int($facultyId)) {
return;
}
$facultyDetail = addslashes($_POST["SectionDetail"]);
$facultyId = addslashes($facultyId);
$updateFacultyDataQuery = "UPDATE `faculty_template` SET `template_sectionName`='{$facultyDetail}' WHERE ";
$updateFacultyDataQuery .= "`template_sectionId`={$facultyId} AND `page_moduleComponentId`={$this->moduleComponentId}";
$updateFacultyDataData = mysql_query($updateFacultyDataQuery);
}
}
if (isset($_POST["addFacultyData"]) && $_POST["addFacultyData"] != "" && isset($_POST["sectionId"]) && $_POST["sectionId"] != "") {
$sectionId = intval($_POST["sectionId"]);
if (!is_int($sectionId)) {
return;
}
$addDetail = addslashes($_POST["addFacultyData"]);
$sectionId = addslashes($sectionId);
$checkMaxValReached = "SELECT * FROM `faculty_template` WHERE `template_sectionId`={$sectionId}";
$checkMaxValReachedQuery = mysql_query($checkMaxValReached);
$maxSectionLimit = mysql_fetch_assoc($checkMaxValReachedQuery);
$maxSection = "SELECT * FROM `faculty_data` WHERE `faculty_sectionId`={$sectionId} AND ";
$maxSection .= "`page_moduleComponentId`={$this->moduleComponentId}";
$maxSectionQuery = mysql_query($maxSection);
if (mysql_num_rows($maxSectionQuery) < intval($maxSectionLimit['template_sectionLimit'])) {
$addFacultyDetail = "INSERT INTO `faculty_data` (`faculty_sectionId`,`faculty_data`,`page_moduleComponentId`) VALUES ";
$addFacultyDetail .= "({$sectionId},'{$addDetail}',{$this->moduleComponentId})";
$addFacultyDetailQuery = mysql_query($addFacultyDetail);
} else {
echo "Limit Exceeded";
exit;
}
}
if (isset($_POST["DeleteFacultyId"]) && $_POST["DeleteFacultyId"] != "") {
$facultyId = intval($_POST["DeleteFacultyId"]);
$facultyId = addslashes($facultyId);
$deleteData = "DELETE FROM `faculty_data` WHERE `page_moduleComponentId`={$this->moduleComponentId} AND `faculty_dataId`={$facultyId}";
$deleteQuery = mysql_query($deleteData);
}
if (isset($_POST["facultyName"]) && isset($_POST["facultyEmail"])) {
if ($_POST["facultyName"] != "") {
$facultyName = addslashes($_POST["facultyName"]);
$updateFacultyNameQuery = "UPDATE `" . MYSQL_DATABASE_PREFIX . "pages` SET `page_title`='{$facultyName}' WHERE ";
$updateFacultyNameQuery .= "`page_modulecomponentid`={$this->moduleComponentId} AND `page_module`='faculty'";
$updateFacultyNameData = mysql_query($updateFacultyNameQuery);
}
if ($_POST["facultyEmail"] != "") {
$facultyEmail = addslashes($_POST["facultyEmail"]);
$updateFacultyEmailQuery = "UPDATE `faculty_module` SET `email`='{$facultyEmail}' WHERE ";
$updateFacultyEmailQuery .= "`page_moduleComponentId`={$this->moduleComponentId}";
$updateFacultyEmailData = mysql_query($updateFacultyEmailQuery) or displayerror(mysql_error());
}
}
global $urlRequestRoot, $sourceFolder, $cmsFolder, $templateFolder, $moduleFolder, $urlRequestRoot;
require_once "{$sourceFolder}/{$moduleFolder}/faculty/template_edit.php";
require_once $sourceFolder . "/upload.lib.php";
$facultyDetail = "";
$getImage = "SELECT * FROM `faculty_module` WHERE `page_moduleComponentId`={$this->moduleComponentId}";
$getImageQuery = mysql_query($getImage);
$isExistPh = mysql_fetch_assoc($getImageQuery);
$facultyDetail .= <<<IMG
\t\t<img src="{$isExistPh['photo']}" />
IMG;
$facultyDetail .= '<br />Upload files : <br />';
$facultyDetail .= getFileUploadForm($this->moduleComponentId, "faculty", './+faculty', UPLOAD_SIZE_LIMIT, 1, "facultyProfilePic") . '</fieldset>';
if (isset($_FILES["facultyProfilePic"])) {
$checkImageExist = "SELECT * FROM `faculty_module` WHERE `page_moduleComponentId`={$this->moduleComponentId}";
$checkImageExistQuery = mysql_query($checkImageExist);
$isExistPh = mysql_fetch_assoc($checkImageExistQuery);
if ($isExistPh["photo"] != NULL) {
if (!deleteFile($this->moduleComponentId, 'faculty', $isExistPh["photo"])) {
displayerror("Unable to Update");
return false;
}
}
$allowableTypes = array('jpeg', 'jpg', 'png', 'gif');
$fileUpload = submitFileUploadForm($this->moduleComponentId, "faculty", $this->userId, UPLOAD_SIZE_LIMIT, $allowableTypes, 'facultyProfilePic');
$updatePhoto = "UPDATE `faculty_module` SET `photo`='{$fileUpload[0]}' WHERE `page_moduleComponentId`={$this->moduleComponentId}";
$updatePhotoQuery = mysql_query($updatePhoto) or displayerror(mysql_error());
}
$pageName = getPageTitle(getPageIdFromModuleComponentId("faculty", $this->moduleComponentId));
$emailId = getEmailForFaculty($this->moduleComponentId);
$facultyDetail .= <<<ChangeName
\t <form action="./+faculty" method="POST">
\t <table border="1">
\t <tr>
\t <td>Faculty Name:</td><td><input type="text" name="facultyName" value="{$pageName}"/></td>
\t </tr>
\t <tr>
\t <td>Email:</td><td> <input type="text" name="facultyEmail" value="{$emailId}"/></td>
\t </tr>
\t <tr>
\t <td colspan="2"><input type="submit"/></td>
\t </tr>
</table>
\t </form>
ChangeName;
$folder = "{$urlRequestRoot}/{$cmsFolder}/{$moduleFolder}/faculty/main.js";
$facultyDetail .= "<script type='text/javascript' src='{$folder}'></script>";
$templateId = getTemplateId($this->moduleComponentId);
$sectionDetail = getTemplateDataFromModuleComponentId($this->moduleComponentId);
while ($sectionDetailArray = mysql_fetch_assoc($sectionDetail)) {
$sectionId = $sectionDetailArray['template_sectionId'];
$facultyDetail .= <<<facultyName
\t <h2>{$sectionDetailArray['template_sectionName']}
facultyName;
$facultyDetail .= "</h2><hr/>";
$facultyDetail .= printFacultyDataWithLiFaculty($sectionId, $this->moduleComponentId, 0);
$sectionChildNode1DetailQuery = "SELECT * FROM `faculty_template` WHERE `template_id`={$templateId} AND ";
$sectionChildNode1DetailQuery .= "`template_sectionParentId`={$sectionDetailArray['template_sectionId']}";
$sectionChildNode1DetailResult = mysql_query($sectionChildNode1DetailQuery);
while ($sectionChildNode1DetailArray = mysql_fetch_assoc($sectionChildNode1DetailResult)) {
$facultyDetail .= printFacultyDataWithLiFaculty($sectionChildNode1DetailArray['template_sectionId'], $this->moduleComponentId, 1);
$sectionChildNode2DetailQuery = "SELECT * FROM `faculty_template` WHERE `template_id`={$templateId} AND ";
$sectionChildNode2DetailQuery .= "`template_sectionParentId`={$sectionChildNode1DetailArray['template_sectionId']}";
$sectionChildNode2DetailResult = mysql_query($sectionChildNode2DetailQuery);
while ($sectionChildNode2DetailArray = mysql_fetch_assoc($sectionChildNode2DetailResult)) {
$facultyDataChild = printFacultyDataWithLi($sectionChildNode2DetailArray['template_sectionId'], $this->moduleComponentId, 1);
$facultyDetail .= <<<facultyName
\t <h4>{$facultyDataChild}</h4>
facultyName;
}
}
}
return $facultyDetail;
}
function profile($userId, $forEditRegistrant = false)
{
global $sourceFolder, $moduleFolder;
if (isset($_POST['profileimgaction']) && $_POST['profileimgaction'] == 'uploadnew') {
require_once "{$sourceFolder}/upload.lib.php";
//Upload profile image
$allowableTypes = array('jpeg', 'jpg', 'png', 'gif');
$fakeModuleComponentId = $userId;
$uploadSuccess = submitFileUploadForm($fakeModuleComponentId, "profile", $userId, 512 * 1024, $allowableTypes, 'profileimage');
if (!is_array($uploadSuccess) && $uploadSuccess === false) {
displayerror("Profile image could not be uploaded. Maximum size should be 512 KB.");
} else {
if (is_array($uploadSuccess)) {
//Deleting old profile image
$profileimgnames = getUploadedFiles($fakeModuleComponentId, 'profile');
foreach ($profileimgnames as $img) {
if ($img['upload_filename'] != $uploadSuccess[0]) {
deleteFile($fakeModuleComponentId, 'profile', $img['upload_filename']);
}
}
}
}
} else {
if (isset($_POST['profileimgaction']) && $_POST['profileimgaction'] == 'noimage') {
require_once "{$sourceFolder}/upload.lib.php";
$fakeModuleComponentId = $userId;
$profileimgnames = getUploadedFiles($fakeModuleComponentId, 'profile');
foreach ($profileimgnames as $img) {
deleteFile($fakeModuleComponentId, 'profile', $img['upload_filename']);
}
}
}
/// Retrieve existing information
$profileQuery = 'SELECT `user_name`, `user_fullname`, `user_password` FROM `' . MYSQL_DATABASE_PREFIX . 'users` WHERE `user_id` = \'' . $userId . "'";
$profileResult = mysql_query($profileQuery);
if (!$profileResult) {
displayerror('An error occurred while trying to process your request.<br />' . mysql_error() . '<br />' . $profileQuery);
return '';
}
$profileRow = mysql_fetch_row($profileResult);
$newUserName = $userName = $profileRow[0];
$newUserFullname = $userFullname = $profileRow[1];
$userPassword = $profileRow[2];
require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php";
require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php";
/// Check if the user is trying to see the profile form, or has already submitted it
if (isset($_POST['btnSubmitProfile'])) {
if ($forEditRegistrant || !isProfileFormCaptchaEnabled() || submitCaptcha()) {
if (!$forEditRegistrant) {
$passwordValidated = false;
if (isset($_POST['user_password']) && $_POST['user_password'] != '' && md5($_POST['user_password']) == $userPassword) {
$passwordValidated = true;
}
}
$updates = array();
if (isset($_POST['user_name']) && $_POST['user_name'] != '' && $_POST['user_name'] != $userName) {
$updates[] = "`user_name` = '" . escape($_POST['user_name']) . "'";
$newUserName = escape($_POST['user_name']);
}
if (isset($_POST['user_fullname']) && $_POST['user_fullname'] != '' && $_POST['user_fullname'] != $userFullname) {
$updates[] = "`user_fullname` = '" . escape($_POST['user_fullname']) . "'";
$newUserFullname = escape($_POST['user_fullname']);
}
$errors = true;
if (!$forEditRegistrant && $_POST['user_newpassword'] != '') {
if (!$passwordValidated) {
displayerror('Error! The current password you entered was incorrect.');
} elseif ($_POST['user_newpassword'] != $_POST['user_newrepassword']) {
displayerror('Error! The New Password you entered does not match the password you typed in the Confirmation Box.');
} elseif ($_POST['user_newpassword'] == $_POST['user_password']) {
displayerror('Error! The old and new passwords are the same.');
} else {
$updates[] = "`user_password` = MD5('" . escape($_POST['user_newpassword']) . "')";
$errors = false;
}
} else {
$errors = false;
}
if (count($updates) > 0) {
$profileQuery = 'UPDATE `' . MYSQL_DATABASE_PREFIX . 'users` SET ' . join($updates, ', ') . " WHERE `user_id` = '{$userId}'";
$profileResult = mysql_query($profileQuery);
if (!$profileResult) {
displayerror('An error was encountered while attempting to process your request.');
$errors = true;
}
$userName = $newUserName;
$userFullname = $newUserFullname;
if (!$forEditRegistrant) {
setAuth($userId);
}
}
$errors = !submitRegistrationForm(0, $userId, true, true) || $errors;
if (!$errors) {
displayinfo('All fields updated successfully!<br />' . '<input type="button" onclick="history.go(-2)" value="Go back" />');
}
}
}
return getProfileForm($userId, $userName, $userFullname, $forEditRegistrant);
}
/**
* Function handleIconManagement
* @description Returns the Icon Admin page html and handles AJAX requests for page /+admin$subaction=i
*
* @return HTML of the FORM
*/
function handleIconManagement()
{
/*
* Upload a new icon
*/
if (isset($_POST['FileUploadForm'])) {
global $userId, $sourceFolder;
require_once "{$sourceFolder}/upload.lib.php";
$allowableTypes = array('jpeg', 'jpg', 'png', 'gif');
$result = submitFileUploadForm($userId, 'iconman', $userId, false, $allowableTypes, 'iconUpload');
}
/**
* If user is setting an icon to a page, then generate an ajax response
*/
if (isset($_GET['iconURL'])) {
$rootUri = hostURL();
global $cmsFolder, $templateFolder;
if (isset($_GET["iconURL"]) && isset($_GET['targetId'])) {
///Security checks
$iconURL = $_GET["iconURL"];
$iconURL = str_replace($rootUri, "", $iconURL);
$parse = strstr($iconURL, "{$cmsFolder}/{$templateFolder}/common/icons/");
if ($parse == "") {
$parse = strstr($iconURL, "{$cmsFolder}/uploads/iconman/");
}
$iconURL = $parse;
$iconURL = escape($iconURL);
$target = escape($_GET["targetId"]);
/**
* Save the Icon in Database - The following entries are saved
* icon URL - path relative to the website installation folder on the server
*/
mysql_query("UPDATE `" . MYSQL_DATABASE_PREFIX . "pages` SET `page_image`='{$iconURL}' WHERE `page_id`='{$target}'");
$pageDetails = getPageInfo($target);
if ($pageDetails['page_image'] != NULL) {
echo "<img src=\"{$rootUri}/{$cmsFolder}/{$templateFolder}/common/icons/16x16/status/weather-clear.png\" /> ";
} else {
echo "<img src=\"{$rootUri}/{$cmsFolder}/{$templateFolder}/common/icons/16x16/status/dialog-error.png\" width=12 height=12/> ";
}
echo $pageDetails["page_name"];
} else {
if (isset($_GET['iconAction'])) {
$action = $_GET['iconAction'];
} else {
die("Restricted access");
}
}
exit(0);
}
/**
* @description Icon Management Form Generation Code Starts here
*/
$iconForm = "";
$iconForm .= <<<ICONFORM
\t\t<style type="text/css">
\t\t.myIconForm div {
\t\t\tpadding: 5px;
\t\t}
\t\t.myIconForm div a{
\t\t\ttext-decoration: none!important;
\t\t}\t
\t\t</style>
\t\t
ICONFORM;
global $cmsFolder;
global $sourceFolder;
global $templateFolder;
global $userId;
$myhostURL = hostURL();
///Ajax handler functions, drag and drop handlers defined in icon.event.handler.js
$iconForm .= "<script type=\"text/javascript\" src=\"{$myhostURL}/{$cmsFolder}/{$templateFolder}/common/scripts/icon.event.handler.js\"></script>";
$iconForm .= <<<STYLES
\t\t<style type="text/css">
\t\t.myIconForm {
\t\t\tmargin:0;
\t\t\tpadding:0;
\t\t}
\t\t#iconTreeMenu {
\t\t\tposition:relative;
\t\t}
\t\t.myIconForm ul {
\t\t\tmargin: 5px;
\t\t\twidth: 100%;
\t\t\tmargin-left: 10px;
\t\t\tpadding: 0;
\t\t\tborder-left: solid 1px #333;
\t\t}
\t\t.myFormIcon ul li a {
\t\t\tpadding: 5px;
\t\t}
\t\t.myIconList {
\t\t\theight:500px;
\t\t\toverflow:scroll;
\t\t\tmax-width:100%;
\t\t}
\t\t</style>
STYLES;
///This contains file upload functions of CMS. Look into upload.lib.php documentation for more
require_once "{$sourceFolder}/upload.lib.php";
///Just a duplicate copy for sending it to the upload functions.
$fakeid = $userId;
///get the html for upload - input tag
$imageUploadField = getMultipleFileUploadField('iconUpload', 'iconman', 512 * 1024);
//$iconForm .= $imageUploadField;
$uploadForm = <<<FORM
\t<form method="POST" action="./+admin&subaction=icon" enctype="multipart/form-data">
\t{$imageUploadField}
\t<input type="submit" />
\t</form>
\t
FORM;
///Display Icons
$iconForm .= "<table class=\"myIconForm\"><tr><td id=\"iconTreeMenu\">";
///Fetch the site's complete tree structure of pages.
///The elements here are the ones on which icons are dropped.
$iconForm .= getTreeView(0, -1, $myhostURL, $userId, 1);
$iconForm .= "</td>";
$iconForm .= "<td>";
///Fetch Icon file list and get as html
$selectionList = getIconList();
///Gather the html and append the iconform html
$iconForm .= <<<SELECTION
\t\t<div class="selection" id="targetIcon">
\t\t\t<h3>Upload new icons</h3>
\t\t\t\t<p align="left">
\t\t\t\t\t{$uploadForm}<br/>
\t\t\t\t\t- Select Multiple files
\t\t\t\t</p>
\t\t\t<h3>List of available icons</h3>
\t\t\t<p align="left">
\t\t\t\tUsage : <br />
\t\t\t\t- Drag and drop<br />
\t\t\t\t- Select an icon and then choose the target.
\t\t\t\t</p>
\t\t\t<div class="selectlist">
\t\t\t\t{$selectionList}
\t\t\t</div>
\t\t</div>
SELECTION;
$iconForm .= "</td>";
$iconForm .= "</tr></table>";
return $iconForm;
}
public function actionEdit()
{
global $sourceFolder, $ICONS;
//require_once("$sourceFolder/diff.lib.php");
require_once $sourceFolder . "/upload.lib.php";
if (isset($_GET['deldraft'])) {
$dno = escape($_GET['dno']);
$query = "DELETE FROM `article_draft` WHERE `page_modulecomponentid`='" . $this->moduleComponentId . "' AND `draft_number`=" . $dno;
$result = mysql_query($query) or die(mysql_error());
}
global $ICONS;
$header = <<<HEADER
\t\t<fieldset><legend><a name='topquicklinks'>Quicklinks</a></legend>
\t\t<table class='iconspanel'>
\t\t<tr>
\t\t<td><a href='#editor'><div>{$ICONS['Edit Page']['large']}<br/>Edit Page</div></a></td>
\t\t<td><a href='#files'><div>{$ICONS['Uploaded Files']['large']}<br/>Manage Uploaded Files</div></a></td>
\t\t<td><a href='#drafts'><div>{$ICONS['Drafts']['large']}<br/>Saved Drafts</div></a></td>
\t\t<td><a href='#revisions'><div>{$ICONS['Page Revisions']['large']}<br/>Page Revisions</div></a></td>
\t\t<td><a href='#comments'><div>{$ICONS['Page Comments']['large']}<br/>Page Comments</div></a></td>
\t\t</tr>
\t\t</table>
\t
\t\t</fieldset><br/><br/>
HEADER;
submitFileUploadForm($this->moduleComponentId, "article", $this->userId, UPLOAD_SIZE_LIMIT);
if (isset($_GET['delComment']) && $this->userId == 1) {
mysql_query("DELETE FROM `article_comments` WHERE `comment_id` = '" . escape($_GET['delComment']) . "'");
if (mysql_affected_rows()) {
displayinfo("Comment deleted!");
} else {
displayerror("Error in deleting comment");
}
}
if (isset($_GET['preview']) && isset($_POST['CKEditor1'])) {
return "<div id=\"preview\" class=\"warning\"><a name=\"preview\">Preview</a></div>" . $this->actionView(stripslashes($_POST[CKEditor1])) . $this->getCkBody(stripslashes($_POST[CKEditor1]));
}
if (isset($_GET['version'])) {
$revision = $this->getRevision($_GET['version']);
return "<div id=\"preview\" class=\"warning\"><a name=\"preview\">Previewing Revision Number " . $_GET['version'] . "</a></div>" . $this->actionView($revision) . $this->getCkBody($revision);
}
if (isset($_GET['dversion'])) {
$draft = $this->getDraft($_GET['dversion']);
displayinfo("Viewing Draft number " . $_GET['dversion']);
return $header . $this->getCkBody($draft);
}
if (isset($_POST['CKEditor1'])) {
/*Save the diff :-*/
$query = "SELECT article_content FROM article_content WHERE page_modulecomponentid='" . $this->moduleComponentId . "'";
$result = mysql_query($query);
$row = mysql_fetch_assoc($result);
$diff = mysql_escape_string($this->diff($_POST['CKEditor1'], $row['article_content']));
$query = "SELECT MAX(article_revision) AS MAX FROM `article_contentbak` WHERE page_modulecomponentid ='" . $this->moduleComponentId . "'";
$result = mysql_query($query);
if (!$result) {
displayerror(mysql_error() . "article.lib L:44");
return;
}
if (mysql_num_rows($result)) {
$row = mysql_fetch_assoc($result);
$revId = $row['MAX'] + 1;
} else {
$revId = 1;
}
$query = "INSERT INTO `article_contentbak` (`page_modulecomponentid` ,`article_revision` ,`article_diff`,`user_id`)\nVALUES ('{$this->moduleComponentId}', '{$revId}','{$diff}','{$this->userId}')";
$result = mysql_query($query);
if (!$result) {
displayerror(mysql_error() . "article.lib L:44");
return;
}
/*Save the diff end.*/
$query = "UPDATE `article_content` SET `article_content` = '" . escape($_POST["CKEditor1"]) . "' WHERE `page_modulecomponentid` ='{$this->moduleComponentId}' ";
$result = mysql_query($query);
if (mysql_affected_rows() < 0) {
displayerror("Unable to update the article content");
} else {
/* Index the page by sphider */
$page = replaceAction(selfURI(), "edit", "view");
global $sourceFolder, $moduleFolder;
require_once "{$sourceFolder}/{$moduleFolder}/search/admin/spider.php";
index_url($page, 0, 0, '', 0, 0, 1);
}
/* Update the choice of editor*/
if (isset($_POST['editor'])) {
$editor = escape($_POST['editor']);
$query = "UPDATE `article_content` SET `default_editor` = '" . $editor . "' WHERE `page_modulecomponentid` ='{$this->moduleComponentId}' ";
$result = mysql_query($query);
if (mysql_affected_rows() < 0) {
displayerror("Unable to update the article Editor");
}
}
return $this->actionView();
}
$fulleditpage = $this->getCkBody();
$commentsedit = "<fieldset><legend><a name='comments'>{$ICONS['Page Comments']['small']}Comments</a></legend>";
if ($this->isCommentsEnabled()) {
$comments = mysql_query("SELECT `comment_id`,`user`,`timestamp`,`comment` FROM `article_comments` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' ORDER BY `timestamp`");
if (mysql_num_rows($comments) == 0) {
$commentsedit .= "No comments have been posted !";
}
while ($row = mysql_fetch_array($comments)) {
$commentsedit .= $this->renderComment($row['comment_id'], $row['user'], $row['timestamp'], $row['comment'], 1);
}
} else {
$commentsedit .= "Comments are disabled for this page! You can allow comments from <a href='./+settings'>pagesettings</a>.";
}
$commentsedit .= "</fieldset>";
$top = "<a href='#topquicklinks'>Top</a>";
$fulleditpage .= $commentsedit . $top;
return $header . $fulleditpage;
}
/**
* function actionEdit:
* Edit interface for all safedit module instances
* will be called from $this->getHtml function
*/
public function actionEdit()
{
$ret = <<<RET
<style type="text/css">
textarea {
\tfont-size: 130%;
\tbackground: white;
}
</style>
RET;
global $sourceFolder, $ICONS;
require_once $sourceFolder . "/upload.lib.php";
submitFileUploadForm($this->moduleComponentId, "safedit", $this->userId, UPLOAD_SIZE_LIMIT);
$end = "<fieldset id='uploadFile'><legend>{$ICONS['Uploaded Files']['small']}File Upload</legend>Upload files : <br />" . getFileUploadForm($this->moduleComponentId, "safedit", './+edit', UPLOAD_SIZE_LIMIT, 5) . getUploadedFilePreviewDeleteForm($this->moduleComponentId, "safedit", './+edit') . '</fieldset>';
$val = mysql_fetch_assoc(mysql_query("SELECT `page_title` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_module` = 'safedit' AND `page_modulecomponentid` = '{$this->moduleComponentId}'"));
$ret .= "<h1>Editing '" . $val['page_title'] . "' page</h1>";
if (isset($_GET['subaction'])) {
if ($_GET['subaction'] == "addSection") {
$show = isset($_POST['sectionShow']);
$heading = escape($_POST['heading']);
$result = mysql_query("SELECT MAX(`section_id`)+1 as `section_id` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}'") or die(mysql_error());
$row = mysql_fetch_row($result);
$sectionId = $row[0];
$result = mysql_query("SELECT MAX(`section_priority`)+1 as `section_priority` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}'");
$row = mysql_fetch_row($result);
$priority = $row[0];
$query = "INSERT INTO `safedit_sections`(`page_modulecomponentid`,`section_id`,`section_heading`,`section_type`,`section_show`,`section_priority`) VALUES ('{$this->moduleComponentId}','{$sectionId}','{$heading}','" . escape($_POST['type']) . "','{$show}','{$priority}')";
mysql_query($query) or die($query . "<br>" . mysql_error());
if (mysql_affected_rows() > 0) {
displayinfo("Section: {$heading}, created");
} else {
displayerror("Couldn't create section");
}
} else {
if ($_GET['subaction'] == 'deleteSection') {
$sectionId = escape($_GET['sectionId']);
$query = "DELETE FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sectionId}'";
mysql_query($query) or die($query . "<br>" . mysql_error());
if (mysql_affected_rows() > 0) {
displayinfo("Section deleted succesfully");
} else {
displayerror("Couldn't delete section");
}
} else {
if ($_GET['subaction'] == 'saveSection') {
$sectionId = escape($_POST['sectionId']);
$heading = escape($_POST['heading']);
$typeUpdate = isset($_POST['type']) ? ", `section_type` = '{$_POST['type']}'" : '';
$show = ", `section_show` = '" . isset($_POST['sectionShow']) . "'";
$result = mysql_query("SELECT `section_type` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sectionId}'");
$row = mysql_fetch_row($result);
$type = $row[0];
if ($type == "para" || $type == "ulist" || $type == "olist") {
$sectionContent = escape($this->processSave($_POST['content']));
} else {
if ($type == "picture") {
$sectionContent = escape($_POST['selectFile']);
}
}
$query = "UPDATE `safedit_sections` SET `section_heading` = '{$heading}', `section_content` = '{$sectionContent}'{$typeUpdate}{$show} WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sectionId}'";
mysql_query($query) or die($query . "<br>" . mysql_error());
if (mysql_affected_rows() > 0) {
displayinfo("Section saved successfully");
}
} else {
if ($_GET['subaction'] == 'moveUp' || $_GET['subaction'] == 'moveDown') {
$compare = $_GET['subaction'] == 'moveUp' ? '<=' : '>=';
$arrange = $_GET['subaction'] == 'moveUp' ? 'DESC' : 'ASC';
$sectionId = escape($_GET['sectionId']);
$query = "SELECT `section_id`,`section_priority` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_priority` '{$compare}' (SELECT `section_priority` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sectionId}') ORDER BY `section_priority` '{$arrange}' LIMIT 2";
$result = mysql_query($query);
$row = mysql_fetch_row($result);
$sid = $row[0];
$spr = $row[1];
if ($row = mysql_fetch_row($result)) {
mysql_query("UPDATE `safedit_sections` SET `section_priority` = '{$spr}' WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$row[0]}'");
mysql_query("UPDATE `safedit_sections` SET `section_priority` = '{$row[1]}' WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sid}'");
}
} else {
if ($_GET['subaction'] == 'moveTop' || $_GET['subaction'] == 'moveBottom') {
$sectionId = escape($_GET['sectionId']);
$cpri = mysql_fetch_row(mysql_query("SELECT `section_priority` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sectionId}'")) or die(mysql_error());
if ($_GET['subaction'] == 'moveTop') {
$sign = '+';
$cmpr = '<';
$set = '0';
} else {
$sign = '-';
$cmpr = '>';
$set = mysql_fetch_row(mysql_query("SELECT MAX(`section_priority`) FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}'")) or die(mysql_error());
$set = isset($set[0]) ? $set[0] : '';
}
$cmpr = $_GET['subaction'] == 'moveTop' ? '<' : '>';
$query = "UPDATE `safedit_sections` SET `section_priority` = `section_priority`{$sign}1 WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_priority` {$cmpr} '{$cpri[0]}'";
mysql_query($query) or die(mysql_error());
mysql_query("UPDATE `safedit_sections` SET `section_priority` = '{$set}' WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sectionId}'") or die(mysql_error());
}
}
}
}
}
}
$result = mysql_query("SELECT `section_id`,`section_heading`,`section_type`,`section_content`,`section_show` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' ORDER BY `section_priority`");
while ($row = mysql_fetch_assoc($result)) {
$show = $row['section_show'] ? 'checked ' : '';
$type = $row['section_type'];
$help = $type != "picture" ? " <a href='#help' title='Only Plain text allowed, Click to know more'>{$ICONS['Help']['small']}</a>" : '';
$ret .= <<<RET
<form action='./+edit&subaction=saveSection' method=POST><input type=hidden value='{$row['section_id']}' name='sectionId' /><fieldset><legend><input type=checkbox name='sectionShow' {$show}/><input type=text name=heading value='{$row['section_heading']}' style='border:0;background:none;' /> <a href='./+edit&subaction=moveUp§ionId={$row['section_id']}' title='Move one level Up'>{$ICONS['Up']['small']}</a> <a href='./+edit&subaction=moveDown§ionId={$row['section_id']}' title='Move one level Down'>{$ICONS['Down']['small']}</a> <a href='./+edit&subaction=moveTop§ionId={$row['section_id']}' title='Move to Top'>{$ICONS['Top']['small']}</a> <a href='./+edit&subaction=moveBottom§ionId={$row['section_id']}' title='Move to Bottom'>{$ICONS['Bottom']['small']}</a> <a href='./+edit&subaction=deleteSection§ionId={$row['section_id']}' title='Delete Section'>{$ICONS['Delete Section']['small']}</a>{$help}</legend><div class='safedit_section'>
RET;
$safeContent = safe_html($row['section_content']);
if ($type == "ulist" || $type == "olist" || $type == "para") {
$usel = $type == "ulist" ? ' selected' : '';
$osel = $type == "olist" ? ' selected' : '';
$psel = $type == "para" ? ' selected' : '';
$ret .= <<<PARA
<textarea name=content rows=7 style="width:100%">{$safeContent}</textarea>
<select name=type>
<option value="para"{$psel}>Paragraph</option>
<option value="ulist"{$usel}>List</option>
<option value="olist"{$osel}>Numbered List</option>
</select>
PARA;
} else {
if ($type == "picture") {
$files = getUploadedFiles($this->moduleComponentId, "safedit");
$ret .= "<a href='#uploadFile'>Upload File</a><br /><select name=selectFile><option value=''>No picture</option>";
foreach ($files as $currFile) {
$select = $row['section_content'] == $currFile['upload_filename'] ? ' selected' : '';
$ret .= "<option value='{$currFile['upload_filename']}'{$select}>{$currFile['upload_filename']}</option>";
}
$ret .= "</select>";
}
}
$ret .= <<<SUBMIT
<input type=submit value='Save section' /></div></fieldset></form>
SUBMIT;
}
$ret .= <<<RET
<fieldset>
<legend>{$ICONS['Add']['small']}Create New Section</legend>
<form action="./+edit&subaction=addSection" method=POST>
<select name='type'>
<option value="para">Paragraph</option>
<option value="ulist">List</option>
<option value="olist">Numbered List</option>
<option value="picture">Picture</option>
</select>
<input type=text name="heading" />
<input type=checkbox name="sectionShow" checked />
<input type=submit value="Add section" name="btnAddSection" />
</form>
</fieldset>
RET;
$ret .= $end;
$ret .= <<<RET
<small id="help"><ul><li>You can display only Plain text, any custom formatting will be prevented.<br />To make a link, enclose the text with '{' and '}' and add the target to the end of the line after '|'<br />For eg:<br />{This is a link}, and this is not a link|http://www.google.com<br />The above line will make a link to google.com</li><li>Leave section heading text box blank(without even spaces) to avoid displaying Heading</li></ul></small>
RET;
return $ret;
}
function submitRegistrationFormFile($moduleCompId, $elementId, $userId, $postVarName, $elementName, $elementSize, $elementTypeOptions, $elementMoreThan, $elementLessThan, $elementCheckInt, $elementIsRequired)
{
if ($elementIsRequired && !isset($_FILES[$postVarName])) {
displayerror('Required file ' . $elementName . ' not uploaded.');
return false;
}
$existsQuery = "SELECT `form_elementdata` from `form_elementdata` WHERE `user_id` = {$userId} AND " . "`page_modulecomponentid` = '{$moduleCompId}' AND `form_elementid` = '{$elementId}'";
$existsResult = mysql_query($existsQuery);
global $sourceFolder;
require_once "{$sourceFolder}/upload.lib.php";
/// if the user is uploading a file with any name again, delete existing file
if ($_FILES[$postVarName]['error'][0] != UPLOAD_ERR_NO_FILE) {
if (mysql_num_rows($existsResult) > 0) {
$existsRow = mysql_fetch_array($existsResult);
if (deleteFile($moduleCompId, 'form', $existsRow[0])) {
$deleteQuery = "DELETE FROM `form_elementdata` WHERE `form_elementid` = '{$elementId}' AND `page_modulecomponentid` = '{$moduleCompId}'";
mysql_query($deleteQuery);
}
}
}
$maxFileSizeInBytes = $elementLessThan;
if ($maxFileSizeInBytes == NULL || $maxFileSizeInBytes == "" || $maxFileSizeInBytes == 0) {
$maxFileSizeInBytes = 2 * 1024 * 1024;
}
if (trim($elementTypeOptions) == "") {
$uploadableFileTypes = false;
} else {
$uploadableFileTypes = explode("|", $elementTypeOptions);
if (count($uploadableFileTypes) == 0) {
$uploadableFileTypes = false;
}
}
$uploadFileName = submitFileUploadForm($moduleCompId, "form", $userId, $maxFileSizeInBytes, $uploadableFileTypes, $postVarName);
if (!isset($uploadFileName[0])) {
return !$elementIsRequired;
}
$uploadFileName = $uploadFileName[0];
$submitQuery = 'INSERT INTO `form_elementdata`(`user_id`, `page_modulecomponentid`, `form_elementid`, `form_elementdata`) ' . "VALUES('{$userId}', '{$moduleCompId}', '{$elementId}', '{$uploadFileName}')";
if (!mysql_query($submitQuery) || mysql_affected_rows() != 1) {
displayerror('Error updating information in the database.');
return false;
}
return true;
}