function makeActions() { global $site; global $parametersMod; require_once BASE_DIR . MODULE_DIR . 'administrator/email_queue/module.php'; if (isset($_REQUEST['cm_group']) && isset($_REQUEST['cm_name'])) { $menuModule = Db::getMenuModModule(null, $_REQUEST['cm_group'], $_REQUEST['cm_name']); if ($menuModule) { eval(' $new_module = new \\Modules\\standard\\content_management\\Widgets\\' . $menuModule['g_name'] . '\\' . $menuModule['m_name'] . '\\Module(); '); $new_module->makeActions(); } } if (isset($_POST['id'])) { $road = $site->getZone($site->currentZone)->getRoadToElement($_POST['id']); $urlVars = array(); foreach ($road as $key => $value) { $urlVars[] = $value->getUrl(); } echo 'window.location.href = \'' . $site->generateUrl(null, $site->currentZone, $urlVars) . '\';'; } if (isset($_POST['action']) && $_POST['action'] == 'sitemap_list') { $list = $this->getSitemapInList(); echo $list; } \Db::disconnect(); exit; }
public function setup() { global $baseParams; $db = new Db($baseParams['__YKVAL_DB_DSN__'], 'root', 'lab', $baseParams['__YKVAL_DB_OPTIONS__']); $db->connect(); # $db->truncateTable('queue'); $db->disconnect(); }
function __construct() { session_name(SESSION_NAME); session_start(); if (sizeof($_POST) > 0 || sizeof($_GET) > 0) { //CSRF atack check if ((!isset($_REQUEST['security_token']) || $this->securityToken() != $_REQUEST['security_token']) && (!isset($_REQUEST['action']) || $_REQUEST['action'] != "login" || isset($_REQUEST['module_id']))) { global $cms; echo ' <script type="text/javascript">document.location=\'admin.php\'</script> '; /* trigger_error("Possible CSRF atack.\n Referer:".(isset($_SERVER['HTTP_REFERER'])?"No":$_SERVER["http_referer"])."\n Destination:".$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]);*/ \Db::disconnect(); exit; } } }
function makeActions() { if (isset($_REQUEST['action'])) { switch ($_REQUEST['action']) { case 'getSystemInfo': $module = new Module(); $systemInfo = $module->getSystemInfo(); if (isset($_REQUEST['afterLogin'])) { // request after login. if ($systemInfo == '') { $_SESSION['modules']['administrator']['system']['show_system_message'] = false; //don't display system alert at the top. return; } else { $md5 = \DbSystem::getSystemVariable('last_system_message_shown'); if ($systemInfo && (!$md5 || $md5 != md5($systemInfo))) { //we have a new message $newMessage = false; foreach (json_decode($systemInfo) as $infoKey => $infoValue) { if ($infoValue->type != 'status') { $newMessage = true; } } $_SESSION['modules']['administrator']['system']['show_system_message'] = $newMessage; //display system alert } else { //this message was already seen. $_SESSION['modules']['administrator']['system']['show_system_message'] = false; //don't display system alert at the top. return; } } } else { //administrator/system tab. \DbSystem::setSystemVariable('last_system_message_shown', md5($systemInfo)); $_SESSION['modules']['administrator']['system']['show_system_message'] = false; //don't display system alert at the top. } echo $systemInfo; break; } } \Db::disconnect(); exit; }
private function makeRedirect() { $curEl = $this->getCurrentElement(); if ($curEl) { //if page exist. switch ($curEl->getType()) { case 'subpage': case 'redirect': $currentUrl = $this->getCurrentUrl(); if (isset($_SESSION['frontend']['redirects'][$currentUrl])) { unset($_SESSION['frontend']['redirects']); return; //infinite redirect loop. Stop redirecting; } else { if (!isset($_GET['cms_action']) || $_GET['cms_action'] != 'manage_content') { $_SESSION['frontend']['redirects'][$currentUrl] = 1; //to detect infinite loop header('HTTP/1.1 301 Moved Permanently'); header('Location: ' . $curEl->getLink()); \Db::disconnect(); exit; } } break; } } unset($_SESSION['frontend']['redirects']); }
public static function makeActions($zoneName) { global $site; global $parametersMod; global $log; $newsletterZone = $site->getZoneByModule('community', 'newsletter'); if (!$newsletterZone) { return; } if (isset($_REQUEST['action'])) { switch ($_REQUEST['action']) { case 'subscribe': if (isset($_REQUEST['email']) && Db::subscribed($_REQUEST['email'], $site->currentLanguage['id'])) { $status = 'subscribed'; $url = $site->generateUrl(null, $zoneName, array("subscribed")); } elseif (!preg_match('#^[a-z0-9.!\\#$%&\'*+-/=?^_`{|}~]+@([0-9.]+|([^\\s]+\\.+[a-z]{2,6}))$#si', $_REQUEST['email'])) { $status = 'incorrect_email'; $url = $site->generateUrl(null, $zoneName, array("incorrect_email")); } else { $site->requireTemplate('community/newsletter/template.php'); if ($_REQUEST['email'] && !Db::registeredAndNotActivated($_REQUEST['email'], $site->currentLanguage['id'])) { Db::subscribe($_REQUEST['email'], $site->currentLanguage['id']); } $subscriber = Db::getSubscriberByEmail($_REQUEST['email'], $site->currentLanguage['id']); $emailQueue = new \Modules\administrator\email_queue\Module(); $link = $site->generateUrl(null, $newsletterZone->getName(), array(), array("action" => "conf", "id" => $subscriber['id'], "code" => $subscriber['verification_code'])); $emailHtml = Template::subscribeConfirmation($link); $emailQueue->addEmail($parametersMod->getValue('standard', 'configuration', 'main_parameters', 'email'), $parametersMod->getValue('standard', 'configuration', 'main_parameters', 'name'), $_REQUEST['email'], '', $parametersMod->getValue('community', 'newsletter', 'subscription_translations', 'subject_confirmation'), $emailHtml, true, true, null); $emailQueue->send(); $status = 'email_confirmation'; $url = $site->generateUrl(null, $zoneName, array("email_confirmation")); } echo ' { "status":"' . $status . '", "url":"' . $url . '" }'; $log->log('community/newsletter', 'Start subscribtion', $_REQUEST['email']); \Db::disconnect(); exit; break; case 'unsubscribe': //unsubscribe through website if ($parametersMod->getValue('community', 'newsletter', 'options', 'show_unsubscribe_button')) { //if unsubscribe through webpage is allowed Db::unsubscribe($_REQUEST['email'], $site->currentLanguage['id']); echo ' { "status":"email_confirmation", "url":"' . $site->generateUrl(null, $zoneName, array("unsubscribed")) . '" }'; $log->log('community/newsletter', 'Unsubscribe (website form)', $_REQUEST['email']); \Db::disconnect(); exit; } break; case 'cancel': //unsubscribe through e-mail link if (isset($_REQUEST['id']) && isset($_REQUEST['code'])) { $record = DB::getSubscriber($_REQUEST['id']); $log->log('community/newsletter', 'Unsubscribe (e-mail link)', $record['email']); Db::unsubscribe($_REQUEST['email'], $site->currentLanguage['id'], $_REQUEST['id'], $_REQUEST['code']); header('location: ' . $site->generateUrl(null, $newsletterZone->getName(), array("unsubscribed"), array())); \Db::disconnect(); exit; } break; case 'conf': if (isset($_GET['id']) && isset($_GET['code'])) { if (Db::confirm($_GET['id'], $_GET['code'], $site->currentLanguage['id'])) { header('location: ' . $site->generateUrl(null, $newsletterZone->getName(), array("subscribed"), array())); $record = DB::getSubscriber($_GET['id']); $log->log('community/newsletter', 'Confirm subscribtion', $record['email']); } else { header('location: ' . $site->generateUrl(null, $newsletterZone->getName(), array("error_confirmation"), array())); $log->log('community/newsletter', 'Incorrect confirmation link', $_GET['id'] . ' ' . $_GET['code']); } } break; case 'get_link': if (isset($_REQUEST['page'])) { switch ($_REQUEST['page']) { case 'error_confirmation': echo $site->generateUrl(null, $zoneName, array("error_confirmation")); break; case 'email_confirmation': echo $site->generateUrl(null, $zoneName, array("email_confirmation")); break; case 'subscribed': echo $site->generateUrl(null, $zoneName, array("subscribed")); break; case 'incorrect_email': echo $site->generateUrl(null, $zoneName, array("incorrect_email")); break; case 'unsubscribed': echo $site->generateUrl(null, $zoneName, array("unsubscribed")); break; } } \Db::disconnect(); exit; break; } } }
switch ($_REQUEST['action']) { case 'delete': $db->deleteNote($activeNoteId); $newId = $db->getMaxId(); setcookie("ACTIVE_NOTE_ID", $newId); $activeNoteId = $newId; break; case 'update': $db->updateNote($_COOKIE['ACTIVE_NOTE_ID'], $_REQUEST['content']); break; case 'new': $db->createNote("New note."); $newId = $db->getMaxId(); setcookie("ACTIVE_NOTE_ID", $newId); $activeNoteId = $newId; break; case 'navigate': setcookie("ACTIVE_NOTE_ID", $_REQUEST['id']); $activeNoteId = $_REQUEST['id']; break; } } // create Smarty template $template = new Smarty(); // pass the variables to the corresponding template and display it $template->assign("ACTIVE_NOTE_ID", $activeNoteId); $template->assign("notes", $db->getNotes()); $template->display('index.tpl'); //disconnect $db->disconnect();
public function __destruct() { Db::disconnect(); }
function ajax_action() { global $parametersMod; global $cms; if (isset($_POST['action'])) { switch ($_POST['action']) { case 'new_row_number': $sql = "update `" . DB_PREF . $this->current_area->db_table . "` set `" . mysql_real_escape_string($this->current_area->sort_field) . "` = '" . mysql_real_escape_string($_POST['new_row_number']) . "'\n\t\t\t\twhere `" . $this->current_area->db_key . "` = '" . mysql_real_escape_string($_POST['key_id']) . "'"; $rs = mysql_query($sql); if (!$rs) { trigger_error($sql . " " . mysql_error()); } \Db::disconnect(); exit; break; case 'row_number_increase': $sql_current = "select `" . $this->current_area->db_key . "`, `" . mysql_real_escape_string($this->current_area->sort_field) . "` from `" . DB_PREF . $this->current_area->db_table . "` where `" . $this->current_area->db_key . "` = '" . mysql_real_escape_string($_POST['key_id']) . "'"; $rs_current = mysql_query($sql_current); if ($rs_current) { if ($lock_current = mysql_fetch_assoc($rs_current)) { //current record (need to be moved up) /*searching upper record*/ if ($this->level > 0) { $sql_add = " and " . $this->current_area->get_db_reference() . " = '" . mysql_real_escape_string($this->up_area->get_parent_id()) . "' "; } else { $sql_add = ''; } $sql_upper = "select `" . $this->current_area->db_key . "`, `" . mysql_real_escape_string($this->current_area->sort_field) . "`\n\t\t\t\t\t\tfrom `" . DB_PREF . $this->current_area->db_table . "` \n\t\t\t\t\t\twhere `" . mysql_real_escape_string($this->current_area->sort_field) . "` >= '" . mysql_real_escape_string($lock_current[$this->current_area->sort_field]) . "' \n\t\t\t\t\t\tand `" . $this->current_area->db_key . "` <> '" . mysql_real_escape_string($lock_current[$this->current_area->db_key]) . "' " . $sql_add . "\n\t\t\t\t\t\torder by `" . mysql_real_escape_string($this->current_area->sort_field) . "` asc limit 1"; $rs_upper = mysql_query($sql_upper); if ($rs_upper) { if ($lock_upper = mysql_fetch_assoc($rs_upper)) { //upper record (need to be moved down) if ($lock_upper[$this->current_area->sort_field] == $lock_current[$this->current_area->sort_field]) { $sql_update = "update `" . DB_PREF . $this->current_area->db_table . "`\n\t\t\t\t\t\t\t\t\tset `" . mysql_real_escape_string($this->current_area->sort_field) . "` = `" . mysql_real_escape_string($this->current_area->sort_field) . "` - 1 \n\t\t\t\t\t\t\t\t\twhere `" . mysql_real_escape_string($this->current_area->sort_field) . "` <= " . mysql_real_escape_string($lock_upper[$this->current_area->sort_field]) . " and `" . $this->current_area->db_key . "` <> '" . mysql_real_escape_string($lock_current[$this->current_area->db_key]) . "' " . $sql_add . " "; $rs_update = mysql_query($sql_update); if (!$rs_update) { trigger_error($sql . " " . mysql_error()); } } else { $sql_update = "update `" . DB_PREF . $this->current_area->db_table . "`\n\t\t\t\t\t\t\t\t\tset `" . mysql_real_escape_string($this->current_area->sort_field) . "` = " . mysql_real_escape_string($lock_current[$this->current_area->sort_field]) . "\n\t\t\t\t\t\t\t\t\twhere `" . $this->current_area->db_key . "` = '" . mysql_real_escape_string($lock_upper[$this->current_area->db_key]) . "' " . $sql_add . " limit 1"; $rs_update = mysql_query($sql_update); if (!$rs_update) { trigger_error($sql_update . " " . mysql_error()); } $sql_update = "update `" . DB_PREF . $this->current_area->db_table . "`\n\t\t\t\t\t\t\t\t\tset `" . mysql_real_escape_string($this->current_area->sort_field) . "` = " . mysql_real_escape_string($lock_upper[$this->current_area->sort_field]) . " \n\t\t\t\t\t\t\t\t\twhere `" . $this->current_area->db_key . "` = '" . mysql_real_escape_string($lock_current[$this->current_area->db_key]) . "' " . $sql_add . " limit 1"; $rs_update = mysql_query($sql_update); if (!$rs_update) { trigger_error($sql . " " . mysql_error()); } } } } } else { trigger_error($sql . " Element does not exist"); } } echo "\n window.location = window.location;\t\t\t\t\t \n "; \Db::disconnect(); exit; break; case 'row_number_decrease': $sql_current = "select `" . $this->current_area->db_key . "`, `" . mysql_real_escape_string($this->current_area->sort_field) . "`\n \t\t\t\tfrom `" . DB_PREF . $this->current_area->db_table . "` \n \t\t\t\twhere `" . $this->current_area->db_key . "` = '" . mysql_real_escape_string($_POST['key_id']) . "'"; $rs_current = mysql_query($sql_current); if ($rs_current) { if ($lock_current = mysql_fetch_assoc($rs_current)) { //current record (need to be moved down) /*searching under record*/ if ($this->level > 0) { $sql_add = " and " . $this->current_area->get_db_reference() . " = '" . mysql_real_escape_string($this->up_area->get_parent_id()) . "' "; } else { $sql_add = ''; } $sql_under = "select `" . $this->current_area->db_key . "`, `" . mysql_real_escape_string($this->current_area->sort_field) . "`\n \t\t\t\t\t\tfrom `" . DB_PREF . $this->current_area->db_table . "` \n \t\t\t\t\t\twhere `" . mysql_real_escape_string($this->current_area->sort_field) . "` <= '" . mysql_real_escape_string($lock_current[$this->current_area->sort_field]) . "' " . $sql_add . "\n \t\t\t\t\t\tand `" . $this->current_area->db_key . "` <> '" . mysql_real_escape_string($lock_current[$this->current_area->db_key]) . "'\n \t\t\t\t\t\torder by `" . mysql_real_escape_string($this->current_area->sort_field) . "` desc limit 1"; $rs_under = mysql_query($sql_under); if ($rs_under) { if ($lock_under = mysql_fetch_assoc($rs_under)) { //under record (need to be moved up) if ($lock_under[$this->current_area->sort_field] == $lock_current[$this->current_area->sort_field]) { $sql_update = "update `" . DB_PREF . $this->current_area->db_table . "`\n \t\t\t\t\t\t\t\t\tset `" . mysql_real_escape_string($this->current_area->sort_field) . "` = `" . mysql_real_escape_string($this->current_area->sort_field) . "` + 1\n \t\t\t\t\t\t\t\t\twhere `" . mysql_real_escape_string($this->current_area->sort_field) . "` >= " . mysql_real_escape_string($lock_under[$this->current_area->sort_field]) . " and `" . $this->current_area->db_key . "` <> '" . mysql_real_escape_string($lock_current[$this->current_area->db_key]) . "' " . $sql_add . ""; $rs_update = mysql_query($sql_update); if (!$rs_update) { trigger_error($sql_update . " " . mysql_error()); } } else { $sql_update = "update `" . DB_PREF . $this->current_area->db_table . "`\n \t\t\t\t\t\t\t\t\tset `" . mysql_real_escape_string($this->current_area->sort_field) . "` = " . $lock_current[$this->current_area->sort_field] . " \n \t\t\t\t\t\t\t\t\twhere `" . $this->current_area->db_key . "` = '" . mysql_real_escape_string($lock_under[$this->current_area->db_key]) . "' " . $sql_add . " limit 1"; $rs_update = mysql_query($sql_update); if (!$rs_update) { trigger_error($sql_update . " " . mysql_error()); } $sql_update = "update `" . DB_PREF . $this->current_area->db_table . "`\n \t\t\t\t\t\t\t\t\tset `" . mysql_real_escape_string($this->current_area->sort_field) . "` = " . $lock_under[$this->current_area->sort_field] . " \n \t\t\t\t\t\t\t\t\twhere `" . $this->current_area->db_key . "` = '" . mysql_real_escape_string($lock_current[$this->current_area->db_key]) . "' " . $sql_add . " limit 1"; $rs_update = mysql_query($sql_update); if (!$rs_update) { trigger_error($sql_update . " " . mysql_error()); } } } } } else { trigger_error($sql . " Element does not exist"); } } echo "document.location = document.location;"; \Db::disconnect(); exit; break; case 'delete': if ($this->allow_delete($this->current_area, $_REQUEST['key_id'], $this->current_area, $_REQUEST['key_id'])) { $this->delete($this->current_area, $_REQUEST['key_id']); echo "delete_row(" . $_POST['key_id'] . ")"; } \Db::disconnect(); exit; break; case 'insert': $parameters = array(); //parameters for main sql for current area table. foreach ($this->current_area->get_elements() as $key => $element) { $new_error = $element->check_field("i_n_" . $key, "insert"); if ($new_error != null) { $this->errors[$key] = $new_error; } } if (sizeof($this->errors) == 0) { foreach ($this->current_area->get_elements() as $key => $element) { $new_parameter = $element->get_parameters("insert", "i_n_" . $key); if ($new_parameter) { $parameters[] = $new_parameter; } } $sql = "insert into `" . DB_PREF . "" . $this->current_area->get_db_table() . "` set `" . $this->current_area->db_key . "`= DEFAULT "; $need_comma = true; if ($this->level > 0) { $sql .= ", `" . $this->current_area->get_db_reference() . "` = '" . mysql_real_escape_string($this->up_area->parent_id) . "' "; $need_comma = true; } foreach ($parameters as $key => $parameter) { if ($need_comma) { $sql .= ", `" . $parameter['name'] . "` = '" . mysql_real_escape_string($parameter['value']) . "' "; } else { $sql .= " `" . $parameter['name'] . "` = '" . mysql_real_escape_string($parameter['value']) . "' "; $need_comma = true; } } $rs = mysql_query($sql); if (!$rs) { trigger_error("Impossible to insert new data " . $sql); } else { $last_insert_id = mysql_insert_id(); /* update sort field value */ if ($this->current_area->sort_field && $this->current_area->new_record_position == 'top') { /* increase all sort field numbers */ $sql = "update `" . DB_PREF . "" . $this->current_area->get_db_table() . "` set `" . mysql_real_escape_string($this->current_area->sort_field) . "` = `" . mysql_real_escape_string($this->current_area->sort_field) . "` + 1"; $rs = mysql_query($sql); if (!$rs) { trigger_error("Can't change sort numbers " . $sql . " " . mysql_error()); } /* find lowest walue */ if ($this->level > 0) { $sql = "select min(`" . mysql_real_escape_string($this->current_area->sort_field) . "`) as 'min_value' from `" . DB_PREF . "" . $this->current_area->get_db_table() . "` where " . $this->current_area->get_db_reference() . " = '" . mysql_real_escape_string($this->up_area->get_parent_id()) . "' and `" . $this->current_area->db_key . "` <> " . (int) $last_insert_id . " "; } else { $sql = "select min(`" . mysql_real_escape_string($this->current_area->sort_field) . "`) as 'min_value' from `" . DB_PREF . "" . $this->current_area->get_db_table() . "` where `" . $this->current_area->db_key . "` <> " . (int) $last_insert_id . " "; } $rs = mysql_query($sql); if ($rs) { if ($lock = mysql_fetch_assoc($rs)) { /* update inserted record to have the smallest sort field number*/ $sql2 = "update `" . DB_PREF . "" . $this->current_area->get_db_table() . "` set `" . mysql_real_escape_string($this->current_area->sort_field) . "` = (" . $lock['min_value'] . " - 1) where `" . $this->current_area->db_key . "` = " . $last_insert_id . " "; $rs = mysql_query($sql2); if (!$rs) { trigger_error($sql . " " . mysql_error()); } } } else { trigger_error("Can't find lowest value " . $sql . " " . mysql_error()); } } if ($this->current_area->sort_field && $this->current_area->new_record_position == 'bottom') { /* find biggest walue */ if ($this->level > 0) { $sql = "select max(`" . mysql_real_escape_string($this->current_area->sort_field) . "`) as 'max_value' from `" . DB_PREF . "" . $this->current_area->get_db_table() . "` where " . $this->current_area->get_db_reference() . " = '" . mysql_real_escape_string($this->up_area->get_parent_id()) . "' and `" . $this->current_area->db_key . "` <> " . (int) $last_insert_id . ""; } else { $sql = "select max(`" . mysql_real_escape_string($this->current_area->sort_field) . "`) as 'max_value' from `" . DB_PREF . "" . $this->current_area->get_db_table() . "` where `" . $this->current_area->db_key . "` <> " . (int) $last_insert_id . ""; } $rs = mysql_query($sql); if ($rs) { if ($lock = mysql_fetch_assoc($rs)) { /* update inserted record to have the smallest sort field number*/ $sql2 = "update `" . DB_PREF . "" . $this->current_area->get_db_table() . "` set `" . mysql_real_escape_string($this->current_area->sort_field) . "` = (" . $lock['max_value'] . " + 1) where `" . $this->current_area->db_key . "` = " . $last_insert_id . " "; $rs = mysql_query($sql2); if (!$rs) { trigger_error($sql . " " . mysql_error()); } } } else { trigger_error("Can't find lowest value " . $sql . " " . mysql_error()); } } foreach ($this->current_area->get_elements() as $key => $element) { $new_parameter = $element->process_insert("i_n_" . $key, $this->current_area, $last_insert_id); } if (method_exists($this->current_area, 'after_insert')) { $this->current_area->after_insert($last_insert_id); } $elements =& $this->current_area->get_elements(); for ($i = 0; $i < sizeof($elements); $i++) { $elements[$i]->reset("i_n_" . $i); } } $answer = "\n <html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n </head>\n <body>\n <script type=\"text/javascript\">\n parent.window.location.reload(true);\n parent.window.location.href = parent.window.location.href;\n \n </script>\n </body></html>\n "; echo $answer; \Db::disconnect(); exit; } else { $answer = "\n <html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n </head>\n <body>\n <script type=\"text/javascript\">\n var errors = new Array();\n var new_fields = new Array();\n "; foreach ($this->errors as $key => $error) { $answer .= "\n var error = ['i_n_" . addslashes($key) . "', '" . addslashes($error) . "'];\n errors.push(error);\n "; } $answer .= "\n </script>\n </body></html>\n "; echo $answer; \Db::disconnect(); exit; /*$elements = &$this->current_area->get_elements(); for($i=0; $i<sizeof($elements); $i++){ $elements[$i]->memorize("i_n_".$i); }*/ } break; case 'update': $parameters = array(); //parameters for main sql for current area table. foreach ($this->up_area->get_elements() as $key => $element) { $new_error = $element->check_field("i_" . $key, "update"); if ($new_error != null) { $this->errors[$key] = $new_error; } } if (sizeof($this->errors) == 0) { if (method_exists($this->up_area, 'before_update')) { $this->up_area->before_update(mysql_real_escape_string($this->up_area->parent_id)); } foreach ($this->up_area->get_elements() as $key => $element) { $new_parameter = $element->get_parameters("update", "i_" . $key); if ($new_parameter) { $parameters[] = $new_parameter; } } $main_update = false; if (sizeof($parameters) > 0) { $sql = "update `" . DB_PREF . "" . $this->up_area->get_db_table() . "` set "; $need_comma = false; foreach ($parameters as $key => $parameter) { if ($need_comma) { $sql .= ", `" . $parameter['name'] . "` = '" . mysql_real_escape_string($parameter['value']) . "' "; } else { $sql .= " `" . $parameter['name'] . "` = '" . mysql_real_escape_string($parameter['value']) . "' "; $need_comma = true; } } $sql .= " where `" . $this->up_area->get_db_key() . "` = '" . mysql_real_escape_string($this->up_area->parent_id) . "' "; $rs = mysql_query($sql); if (!$rs) { trigger_error("Impossible to update " . $sql); } else { $main_update = true; } } else { $main_update = true; } if ($main_update) { foreach ($this->up_area->get_elements() as $key => $element) { $new_parameter = $element->process_update("i_" . $key, $this->up_area, mysql_real_escape_string($this->up_area->parent_id)); } } if (method_exists($this->up_area, 'after_update')) { $this->up_area->after_update(mysql_real_escape_string($this->up_area->parent_id)); } $elements =& $this->up_area->get_elements(); for ($i = 0; $i < sizeof($elements); $i++) { $elements[$i]->reset(); } $answer = "\n <html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n </head>\n <body>\n <script type=\"text/javascript\">\n parent.window.location.reload(true);\n parent.window.location.href = parent.window.location.href;\n \n </script>\n </body></html>\n "; echo $answer; \Db::disconnect(); exit; } else { $answer = "\n <html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n </head>\n <body>\n <script type=\"text/javascript\">\n var errors = new Array();\n var new_fields = new Array();\n "; foreach ($this->errors as $key => $error) { $answer .= "\n var error = ['i_n_" . addslashes($key) . "', '" . addslashes($error) . "'];\n errors.push(error);\n "; } $answer .= "\n </script>\n </body></html>\n "; echo $answer; \Db::disconnect(); exit; } break; } } }
/** * test_setAttribute_withArgs() * * setAttribute()のテスト(引数指定時) */ public function test_setAttribute_withArgs() { $params = ["driver" => $GLOBALS['DB_DRIVER'], "user" => $GLOBALS['DB_USER'], "pass" => $GLOBALS['DB_PASSWORD'], "dbname" => $GLOBALS['DB_DBNAME'], "host" => $GLOBALS['DB_HOST'], "persistent" => false]; $instance = new Db(); $instance->connect($params); $before_val = $instance->getAttribute('FETCH_MODE'); $tmp_result = $instance->setAttribute(\PDO::ATTR_DEFAULT_FETCH_MODE, \PDO::FETCH_OBJ); $after_val = $instance->getAttribute('FETCH_MODE'); $this->assertTrue($tmp_result); $this->assertNotEquals($before_val, $after_val); $this->assertNotEquals(\PDO::FETCH_OBJ, $after_val); $instance->disconnect(); unset($instance); }
function manage() { global $cms; $answer = ''; if (isset($_REQUEST['type']) == 'ajax' && $_REQUEST['action'] == 'install') { if ($_REQUEST['action'] == 'install') { $errors = ModulesInstallation::getErrors($_REQUEST['module_group'], $_REQUEST['module']); if ($errors) { $tmp_answer = ''; foreach ($errors as $key => $error) { if ($tmp_answer != '') { $tmp_answer .= "\\n\\n"; } $tmp_answer .= addslashes(str_replace("\n", "", str_replace("\r", "", $error))); } $answer .= 'alert(\'' . $tmp_answer . '\')'; } else { ModulesInstallation::install($_REQUEST['module_group'], $_REQUEST['module']); $answer .= ' window.location = \'' . $cms->generateUrl() . '\'; '; } } echo $answer; \Db::disconnect(); exit; } else { //$this->standard_module->before_content = $this->find_new_modules(); widgets installation disabled return $this->standard_module->manage(); } }
function makeActions() { global $site; global $parametersMod; global $session; global $log; $userZone = $site->getZoneByModule('community', 'user'); if (!$userZone) { return; } if (isset($_REQUEST['action'])) { switch ($_REQUEST['action']) { case 'password_reset': $standardForm = new \Library\Php\Form\Standard(\Modules\community\user\Config::getPasswordResetFields()); $errors = $standardForm->getErrors(); $tmpUser = Db::userByEmail($_POST['email']); if (!$tmpUser) { $errors['email'] = $parametersMod->getValue('community', 'user', 'errors', 'email_doesnt_exist'); } if (!isset($_POST['password']) || $_POST['password'] == '' || $parametersMod->getValue('community', 'user', 'options', 'type_password_twice') && $_POST['password'] != $_POST['confirm_password']) { $errors['password'] = $parametersMod->getValue('community', 'user', 'errors', 'passwords_dont_match'); $errors['confirm_password'] = $parametersMod->getValue('community', 'user', 'errors', 'passwords_dont_match'); } if (sizeof($errors) > 0) { $html = $standardForm->generateErrorAnswer($errors); } else { $tmp_code = md5(uniqid(rand(), true)); if ($parametersMod->getValue('community', 'user', 'options', 'encrypt_passwords')) { $additionalFields['new_password'] = md5($_POST['password'] . \Modules\community\user\Config::$hashSalt); } else { $additionalFields['new_password'] = $_POST['password']; } $additionalFields['verification_code'] = $tmp_code; $standardForm->updateDatabase(DB_PREF . 'm_community_user', 'id', $tmpUser['id'], $additionalFields); $this->sendPasswordResetLink($_POST['email'], $tmp_code, $tmpUser['id']); $html = "\n <html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" /></head><body>\n <script type=\"text/javascript\">\n parent.window.location = '" . $site->generateUrl(null, $userZone->getName(), array(Config::$urlPasswordResetSentText)) . "';\n </script>\n </body></html> \n "; } echo $html; \Db::disconnect(); exit; break; case 'password_reset_verification': $current = Db::userById($_REQUEST['id']); if ($current && $current['verified']) { if ($current['verification_code'] == $_REQUEST['code']) { if ($current['new_password'] != '') { if (Db::verifyNewPassword($current['id'])) { $site->dispatchEvent('community', 'user', 'password_reset', array('user_id' => $current['id'])); header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlPasswordResetVerified))); } else { header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlPasswordResetVerificationError))); } } else { header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlPasswordResetVerified))); } } else { header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlPasswordResetVerificationError))); } } else { header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlPasswordResetVerificationError))); } \Db::disconnect(); exit; break; case 'register': $html = ''; if (!$parametersMod->getValue('community', 'user', 'options', 'enable_registration')) { \Db::disconnect(); exit; } $standardForm = new \Library\Php\Form\Standard(\Modules\community\user\Config::getRegistrationFields()); $errors = $standardForm->getErrors(); $sameEmailUser = Db::userByEmail($_POST['email']); if ($_POST['email'] && $sameEmailUser) { $errors['email'] = $parametersMod->getValue('community', 'user', 'errors', 'already_registered'); } if ($parametersMod->getValue('community', 'user', 'options', 'login_type') == 'login') { $sameLoginUser = Db::userByLogin($_POST['login']); if ($sameLoginUser) { $errors['login'] = $parametersMod->getValue('community', 'user', 'errors', 'already_registered'); } } if ($parametersMod->getValue('community', 'user', 'options', 'type_password_twice') && $_POST['password'] != $_POST['confirm_password']) { $errors['password'] = $parametersMod->getValue('community', 'user', 'errors', 'passwords_dont_match'); $errors['confirm_password'] = $parametersMod->getValue('community', 'user', 'errors', 'passwords_dont_match'); } if (sizeof($errors) > 0) { $html = $standardForm->generateErrorAnswer($errors); } else { $tmp_code = md5(uniqid(rand(), true)); if ($parametersMod->getValue('community', 'user', 'options', 'encrypt_passwords')) { $password = md5($_POST['password'] . \Modules\community\user\Config::$hashSalt); } else { $password = $_POST['password']; } if ($parametersMod->getValue('community', 'user', 'options', 'require_email_confirmation')) { $verified = '0'; } else { $verified = '1'; } $insert_id = $standardForm->writeToDatabase(DB_PREF . 'm_community_user', array('verified' => $verified, 'verification_code' => $tmp_code, 'password' => $password, 'last_login' => date("Y-m-d"), 'language_id' => $site->currentLanguage['id'])); if ($insert_id !== false) { $site->dispatchEvent('community', 'user', 'register', array('user_id' => $insert_id)); if ($parametersMod->getValue('community', 'user', 'options', 'require_email_confirmation')) { $this->sendVerificationLink($_POST['email'], $tmp_code, $insert_id); $html = "\n <html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" /></head><body>\n <script type=\"text/javascript\">\n parent.window.location = '" . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRegistrationVerificationRequired)) . "';\n </script>\n </body></html>\n "; } else { if ($parametersMod->getValue('community', 'user', 'options', 'autologin_after_registration')) { $tmpUser = Db::userById($insert_id); if ($tmpUser) { $this->login($tmpUser); $html = $this->redirectAfterLogin(); } } else { $html = "\n <html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" /></head><body>\n <script type=\"text/javascript\">\n parent.window.location.href = '" . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRegistrationVerified)) . "';\n </script>\n </body></html>\n "; } } } else { trigger_error("Cannot register new user"); } } echo $html; \Db::disconnect(); exit; break; case 'update_profile': if ($session->loggedIn()) { $standardForm = new \Library\Php\Form\Standard(\Modules\community\user\Config::getProfileFields()); $errors = $standardForm->getErrors(); $tmpUser = Db::userById($session->userId()); if (isset($_POST['email']) && $_POST['email'] != $tmpUser['email']) { $user_by_new_email = Db::userByEmail($_POST['email']); if ($user_by_new_email && $user_by_new_email['verified']) { $errors['email'] = $parametersMod->getValue('community', 'user', 'errors', 'already_registered'); } } if ($parametersMod->getValue('community', 'user', 'options', 'type_password_twice') && $_POST['password'] != $_POST['confirm_password']) { $errors['password'] = $parametersMod->getValue('community', 'user', 'errors', 'passwords_dont_match'); $errors['confirm_password'] = $parametersMod->getValue('community', 'user', 'errors', 'passwords_dont_match'); } if (sizeof($errors) > 0) { $html = $standardForm->generateErrorAnswer($errors); } else { if ($tmpUser) { $additionalFields = array(); if (isset($_POST['email']) && $_POST['email'] != $tmpUser['email']) { $tmp_code = md5(uniqid(rand(), true)); $additionalFields['new_email'] = $_POST['email']; $additionalFields['verification_code'] = $tmp_code; } if (isset($_POST['password']) && $_POST['password'] != '') { if ($parametersMod->getValue('community', 'user', 'options', 'encrypt_passwords')) { $additionalFields['password'] = md5($_POST['password'] . \Modules\community\user\Config::$hashSalt); } else { $additionalFields['password'] = $_POST['password']; } } $standardForm->updateDatabase(DB_PREF . 'm_community_user', 'id', $tmpUser['id'], $additionalFields); $site->dispatchEvent('community', 'user', 'update_profile', array('user_id' => $tmpUser['id'])); if (isset($_POST['email']) && $_POST['email'] != $tmpUser['email']) { $this->sendUpdateVerificationLink($_POST['email'], $tmp_code, $tmpUser['id']); $html = "\n <html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" /></head><body>\n <script type=\"text/javascript\">\n parent.window.location = '" . $site->generateUrl(null, $userZone->getName(), array(Config::$urlEmailVerificationRequired)) . "';\n </script>\n </body></html>\n "; } else { $html = "\n <html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" /></head><body>\n <script type=\"text/javascript\">\n parent.window.location = '" . $site->generateUrl(null, $userZone->getName(), array(Config::$urlProfile), array("message" => "updated")) . "';\n </script>\n </body></html>\n "; } } else { trigger_error("Something goes wrong. " . $session->userId() . " " . $_POST['email']); } } echo $html; \Db::disconnect(); exit; } break; case 'login': if ($parametersMod->getValue('community', 'user', 'options', 'login_type') == 'login') { $tmpUser = Db::userByLogin($_POST['login']); } else { $tmpUser = Db::userByEmail($_POST['email']); } if ($parametersMod->getValue('community', 'user', 'options', 'encrypt_passwords')) { $tmp_password = md5($_POST['password'] . \Modules\community\user\Config::$hashSalt); } else { $tmp_password = $_POST['password']; } if ($tmpUser && isset($_POST['password']) && $tmp_password == $tmpUser['password']) { $this->login($tmpUser); if ($parametersMod->getValue('community', 'user', 'options', 'enable_autologin') && isset($_POST['autologin']) && $_POST['autologin']) { setCookie(Config::$autologinCookieName, json_encode(array('id' => $tmpUser['id'], 'pass' => md5($tmpUser['password'] . $tmpUser['created_on']))), time() + $parametersMod->getValue('community', 'user', 'options', 'autologin_time') * 60 * 60 * 24, Config::$autologinCookiePath, Config::getCookieDomain()); } $html = $this->redirectAfterLogin(); } else { $standardForm = new \Library\Php\Form\Standard(\Modules\community\user\Config::getRegistrationFields()); $errors = array(); $globalError = null; $site->dispatchEvent('community', 'user', 'incorrect_login', array('post' => $_POST)); if ($parametersMod->getValue('community', 'user', 'options', 'login_type') == 'login') { $globalError = $parametersMod->getValue('community', 'user', 'errors', 'incorrect_login_data'); $errors['login'] = ''; } else { $globalError = $parametersMod->getValue('community', 'user', 'errors', 'incorrect_email_data'); $errors['email'] = ''; } $errors['password'] = ''; $log->log('community/user', 'incorrect frontend login', $_SERVER['REMOTE_ADDR']); $html = $standardForm->generateErrorAnswer($errors, $globalError); } echo $html; \Db::disconnect(); exit; break; case 'registration_verification': $current = Db::userById($_REQUEST['id']); if ($current) { $sameEmailUser = Db::userByEmail($current['email']); $sameLoginUser = Db::userByLogin($current['login']); if ($current['verification_code'] == $_REQUEST['code']) { if ($sameEmailUser && $sameEmailUser['id'] != $current['id']) { header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlVerificationErrorEmailExist))); } elseif ($parametersMod->getValue('community', 'user', 'options', 'login_type') == 'login' && $sameLoginUser && $sameLoginUser != $current['id']) { header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlVerificationErrorUserExist))); } else { Db::verify($current['id']); $site->dispatchEvent('community', 'user', 'registration_verification', array('user_id' => $current['id'])); if ($parametersMod->getValue('community', 'user', 'options', 'autologin_after_registration')) { $this->login($current); $this->redirectAfterLoginHeader(); } else { header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRegistrationVerified))); } } } else { header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRegistrationVerificationError))); } } else { header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRegistrationVerificationError))); } \Db::disconnect(); exit; break; case 'new_email_verification': $sameEmailUser = Db::userById($_REQUEST['id']); if ($sameEmailUser) { if ($sameEmailUser['verification_code'] == $_REQUEST['code']) { $user_with_new_email = Db::userByEmail($sameEmailUser['new_email']); if ($user_with_new_email) { if ($user_with_new_email['id'] == $sameEmailUser['id']) { header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRegistrationVerified))); } else { header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlNewEmailVerificationError))); } } else { if ($sameEmailUser['new_email'] == '') { header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRegistrationVerified))); } else { Db::verifyNewEmail($sameEmailUser['id']); $site->dispatchEvent('community', 'user', 'new_email_verification', array('user_id' => $sameEmailUser['id'])); header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlNewEmailVerified))); } } } else { header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlNewEmailVerificationError))); } } else { header("location: " . $site->generateUrl(null, $userZone->getName(), array(Config::$urlNewEmailVerificationError))); } \Db::disconnect(); exit; break; case 'logout': if ($session->loggedIn()) { $site->dispatchEvent('community', 'user', 'logout', array('user_id' => $session->userId())); } $session->logout(); if ($parametersMod->getValue('community', 'user', 'options', 'enable_autologin')) { setCookie(Config::$autologinCookieName, '', time() - 60, Config::$autologinCookiePath, Config::getCookieDomain()); } header('location: ' . BASE_URL); \Db::disconnect(); exit; break; case 'renew_registration': if (isset($_GET['id'])) { if (Db::renewRegistration($_GET['id']) == 1) { $site->dispatchEvent('community', 'user', 'renew_registration', array('user_id' => $_GET['id'])); header('location: ' . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRenewedRegistration))); } else { header('location: ' . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRenewRegistrationError))); } } else { header('location: ' . $site->generateUrl(null, $userZone->getName(), array(Config::$urlRenewRegistrationError))); } \Db::disconnect(); exit; break; } } }
public function testDisconnectClearsPdo() { $this->db->disconnect(); $this->assertEmpty($this->db->getPdo()); }
/** * Generates sitemap XML * @param int $nr Number of sitemap. Big sites are split into several sitemaps. Begining from 0. * @return string Sitemap XML */ function getSitemap($zone, $languageId, $nr) { global $parametersMod; global $site; if (!isset($this->mappedZones[$zone]) || $site->getZone($zone) == false) { header('HTTP/1.0 404 Not Found'); \Db::disconnect(); exit; } header('Content-type: application/xml; charset="' . CHARSET . '"', true); $answer = ''; $answer .= '<' . '?xml version="1.0" encoding="' . CHARSET . '"?' . '> <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"> '; if ($this->mappedZones[$zone] == -1) { //unlimited depth $pages = $this->getPages($site->getZone($zone), $languageId); } else { $pages = $this->getPages($site->getZone($zone), $languageId, $this->mappedZones[$zone]); } //var_dump($pages); for ($i = $nr * SITEMAP_MAX_LENGTH; $i < ($nr + 1) * SITEMAP_MAX_LENGTH; $i++) { if (isset($pages[$i])) { $answer .= ' <url> <loc>' . $pages[$i]->getLink() . '</loc> '; if ($pages[$i]->getLastModified()) { $answer .= '<lastmod>' . substr($pages[$i]->getLastModified(), 0, 10) . '</lastmod> '; } if ($frequency = $pages[$i]->getModifyFrequency()) { $tmp_freq = ''; if ($frequency < 60 * 30) { //30 min $tmp_freq = 'always'; } elseif ($frequency < 60 * 60) { //1 hour $tmp_freq = 'hourly'; } elseif ($frequency < 60 * 60 * 24) { //1 day $tmp_freq = 'daily'; } elseif ($frequency < 60 * 60 * 24 * 7) { //1 week $tmp_freq = 'weekly'; } elseif ($frequency < 60 * 60 * 24 * 30) { //1 month $tmp_freq = 'monthly'; } elseif ($frequency < 60 * 60 * 24 * 360 * 2) { //2 years $tmp_freq = 'yearly'; } else { $tmp_freq = 'never'; } $answer .= '<changefreq>' . $tmp_freq . '</changefreq> '; } if ($tmpPriority = $pages[$i]->getPriority()) { $answer .= '<priority>' . $tmpPriority . '</priority> '; } $answer .= ' </url> '; } } $answer .= ' </urlset>'; return $answer; }
function manage() { global $cms; $answer = ''; if (isset($_REQUEST['type']) == 'ajax' && $_REQUEST['action'] == 'install') { if ($_REQUEST['action'] == 'install') { $installation = new \Modules\developer\modules\ModulesInstallation(); $errors = $installation->getErrors($_REQUEST['module_group'], $_REQUEST['module']); if ($errors) { $tmp_answer = ''; foreach ($errors as $key => $error) { if ($tmp_answer != '') { $tmp_answer .= "\\n\\n"; } $tmp_answer .= addslashes(str_replace("\n", "", str_replace("\r", "", $error))); } $answer .= 'alert(\'' . $tmp_answer . '\')'; } else { $installation->recursiveInstall($_REQUEST['module_group'], $_REQUEST['module']); $answer .= ' window.location = \'' . $cms->generateUrl() . '\'; '; } } echo $answer; \Db::disconnect(); exit; } else { $installation = new \Modules\developer\modules\ModulesInstallation(); $this->standardModule->before_content = $installation->findNewModules(); return $this->standardModule->manage(); } }
function makeActions() { global $site; global $parametersMod; if (!isset($_REQUEST['action'])) { return; } switch ($_REQUEST['action']) { case 'getLanguages': if (!$this->_adminAccess()) { return; } $answer = array('response' => ModelTree::getLanguages(), 'status' => 'success'); $this->_printJson($answer); break; case 'getZones': if (!$this->_adminAccess()) { return; } if (!isset($_REQUEST['includeNonManagedZones'])) { trigger_error('Required parameters is not set'); return; } $answer = array('response' => ModelTree::getZones($_REQUEST['includeNonManagedZones']), 'status' => 'success'); $this->_printJson($answer); break; case 'getZonePages': if (!$this->_adminAccess()) { return; } if (!isset($_REQUEST['languageId'])) { trigger_error('Language id is not set'); return; } if (!isset($_REQUEST['zoneName'])) { trigger_error('Zone name is not set'); return; } $answer = array('response' => ModelTree::getZonePages($_REQUEST['languageId'], $_REQUEST['zoneName']), 'status' => 'success'); $this->_printJson($answer); break; case 'getPages': if (!$this->_adminAccess()) { return; } if (!isset($_REQUEST['parentId'])) { trigger_error('Parent ID is not set'); return; } $answer = array('response' => ModelTree::getPages($_REQUEST['parentId']), 'status' => 'success'); $this->_printJson($answer); break; case 'getData': if (!$this->_adminAccess()) { return; } if (!isset($_REQUEST['pageId'])) { trigger_error('Page ID is not set'); return; } $pageId = $_REQUEST['pageId']; $pages = array($this->_getPageDataRecursion($pageId)); $data = array('status' => 'success', 'response' => $pages); $this->_printJson($data); break; } \Db::disconnect(); exit; }
$site = new \Frontend\Site(); /*to generate links to site and get other data about frontend*/ $site->init(); $cms = new Cms(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>ImpressPages CMS</title> <link rel="SHORTCUT ICON" href="favicon.ico" /> </head> <frameset rows="64px,*" framespacing="0" border="0"> <frame name="header" noresize="noresize" frameborder=0 scrolling="no" src="<?php echo $cms->generateActionurl('tep_modules'); ?> "> <frame id="frameContent" name="content" frameborder=0 src="<?php echo $cms->generateActionurl('first_module'); ?> "> <noframes> <body>Your browser don't support frames!</body> </noframes> </frameset> </html> <?php \Db::disconnect(); } else { trigger_error('Database access'); }
function ajaxAction() { global $parametersMod; global $cms; if (isset($_POST['action'])) { switch ($_POST['action']) { case 'new_row_number': if (method_exists($this->currentArea, 'beforeSort')) { $this->currentArea->beforeSort(); } $sql = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = '" . mysql_real_escape_string($_POST['new_row_number']) . "'\n\t\t\t\twhere `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($_POST['key_id']) . "'"; $rs = mysql_query($sql); if (!$rs) { trigger_error($sql . " " . mysql_error()); } if (method_exists($this->currentArea, 'afterSort')) { $this->currentArea->afterSort(); } \Db::disconnect(); exit; break; case 'row_number_increase': if (method_exists($this->currentArea, 'beforeSort')) { $this->currentArea->beforeSort(); } $sql_current = "select `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "`, `" . mysql_real_escape_string($this->currentArea->sortField) . "` from `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($_POST['key_id']) . "'"; $rs_current = mysql_query($sql_current); if ($rs_current) { if ($lock_current = mysql_fetch_assoc($rs_current)) { //current record (need to be moved up) /*searching upper record*/ if ($this->level > 0) { $sql_add = " and `" . mysql_real_escape_string($this->currentArea->dbReference) . "` = '" . mysql_real_escape_string($this->upArea->parentId) . "' "; } else { $sql_add = ''; } $sql_upper = "select `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "`, `" . mysql_real_escape_string($this->currentArea->sortField) . "`\n from `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n where `" . mysql_real_escape_string($this->currentArea->sortField) . "` >= '" . mysql_real_escape_string($lock_current[$this->currentArea->sortField]) . "'\n and `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` <> '" . mysql_real_escape_string($lock_current[$this->currentArea->dbPrimaryKey]) . "' " . $sql_add . "\n order by `" . $this->currentArea->sortField . "` asc limit 1"; $rs_upper = mysql_query($sql_upper); if ($rs_upper) { if ($lock_upper = mysql_fetch_assoc($rs_upper)) { //upper record (need to be moved down) if ($lock_upper[$this->currentArea->sortField] == $lock_current[$this->currentArea->sortField]) { $sql_update = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = `" . mysql_real_escape_string($this->currentArea->sortField) . "` - 1\n where `" . mysql_real_escape_string($this->currentArea->sortField) . "` <= " . mysql_real_escape_string($lock_upper[$this->currentArea->sortField]) . " and `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` <> '" . mysql_real_escape_string($lock_current[$this->currentArea->dbPrimaryKey]) . "' " . $sql_add . " "; $rs_update = mysql_query($sql_update); if (!$rs_update) { trigger_error($sql . " " . mysql_error()); } } else { $sql_update = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = " . (int) $lock_current[$this->currentArea->sortField] . "\n where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($lock_upper[$this->currentArea->dbPrimaryKey]) . "' " . $sql_add . " limit 1"; $rs_update = mysql_query($sql_update); if (!$rs_update) { trigger_error($sql_update . " " . mysql_error()); } $sql_update = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n\t\t\t\t\t\t\t\t\tset `" . mysql_real_escape_string($this->currentArea->sortField) . "` = " . (int) $lock_upper[$this->currentArea->sortField] . "\n\t\t\t\t\t\t\t\t\twhere `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($lock_current[$this->currentArea->dbPrimaryKey]) . "' " . $sql_add . " limit 1"; $rs_update = mysql_query($sql_update); if (!$rs_update) { trigger_error($sql . " " . mysql_error()); } } } } } else { trigger_error($sql . " Element does not exist"); } } echo "\n window.location = window.location;\t\t\t\t\t \n "; if (method_exists($this->currentArea, 'afterSort')) { $this->currentArea->afterSort(); } \Db::disconnect(); exit; break; case 'row_number_decrease': if (method_exists($this->currentArea, 'beforeSort')) { $this->currentArea->beforeSort(); } $sql_current = "select `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "`, `" . mysql_real_escape_string($this->currentArea->sortField) . "`\n from `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($_POST['key_id']) . "'"; $rs_current = mysql_query($sql_current); if ($rs_current) { if ($lock_current = mysql_fetch_assoc($rs_current)) { //current record (need to be moved down) /*searching under record*/ if ($this->level > 0) { $sql_add = " and `" . mysql_real_escape_string($this->currentArea->dbReference) . "` = '" . mysql_real_escape_string($this->upArea->parentId) . "' "; } else { $sql_add = ''; } $sql_under = "select `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "`, `" . mysql_real_escape_string($this->currentArea->sortField) . "`\n from `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n where `" . mysql_real_escape_string($this->currentArea->sortField) . "` <= '" . mysql_real_escape_string($lock_current[$this->currentArea->sortField]) . "' " . $sql_add . "\n and `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` <> '" . mysql_real_escape_string($lock_current[$this->currentArea->dbPrimaryKey]) . "'\n order by `" . mysql_real_escape_string($this->currentArea->sortField) . "` desc limit 1"; $rs_under = mysql_query($sql_under); if ($rs_under) { if ($lock_under = mysql_fetch_assoc($rs_under)) { //under record (need to be moved up) if ($lock_under[$this->currentArea->sortField] == $lock_current[$this->currentArea->sortField]) { $sql_update = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = `" . mysql_real_escape_string($this->currentArea->sortField) . "` + 1\n where `" . mysql_real_escape_string($this->currentArea->sortField) . "` >= " . mysql_real_escape_string($lock_under[$this->currentArea->sortField]) . "\n and `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` <> '" . mysql_real_escape_string($lock_current[$this->currentArea->dbPrimaryKey]) . "' " . $sql_add . ""; $rs_update = mysql_query($sql_update); if (!$rs_update) { trigger_error($sql_update . " " . mysql_error()); } } else { $sql_update = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = " . (int) $lock_current[$this->currentArea->sortField] . "\n where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($lock_under[$this->currentArea->dbPrimaryKey]) . "' " . $sql_add . " limit 1"; $rs_update = mysql_query($sql_update); if (!$rs_update) { trigger_error($sql_update . " " . mysql_error()); } $sql_update = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "`\n set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = " . (int) $lock_under[$this->currentArea->sortField] . "\n where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($lock_current[$this->currentArea->dbPrimaryKey]) . "' " . $sql_add . " limit 1"; $rs_update = mysql_query($sql_update); if (!$rs_update) { trigger_error($sql_update . " " . mysql_error()); } } } } } else { trigger_error($sql . " Element does not exist"); } } echo "document.location = document.location;"; if (method_exists($this->currentArea, 'afterSort')) { $this->currentArea->afterSort(); } \Db::disconnect(); exit; break; case 'delete': if ($this->allowDelete($this->currentArea, $_REQUEST['key_id'])) { $this->delete($this->currentArea, $_REQUEST['key_id']); echo "delete_row(" . $_POST['key_id'] . ")"; } \Db::disconnect(); exit; break; case 'insert': $allowInsert = true; $parameters = array(); //parameters for main sql for current area table. foreach ($this->currentArea->elements as $key => $element) { $new_error = $element->checkField("i_n_" . $key, "insert", $this->currentArea); if ($new_error != null) { $this->errors[$key] = $new_error; } } if (sizeof($this->errors) == 0) { //allow insert if (method_exists($this->currentArea, 'allowInsert')) { $allowInsert = $this->currentArea->allowInsert($this->currentArea->currentId); if (!$allowInsert) { if (method_exists($this->currentArea, 'lastError')) { echo "\n <html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n </head>\n <body>\n <script type=\"text/javascript\"> \n alert('" . addslashes($this->currentArea->lastError('insert')) . "');\n </script>\n </body>\n </html>\n "; } else { echo "\n <html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n </head>\n <body>\n <script type=\"text/javascript\"> \n alert('" . addslashes($parametersMod->getValue('developer', 'std_mod', 'admin_translations', 'cant_insert')) . "');\n </script>\n </body>\n </html>\n \n "; } return false; } } //allow insert if (method_exists($this->currentArea, 'beforeInsert')) { $this->currentArea->beforeInsert(); } foreach ($this->currentArea->elements as $key => $element) { $new_parameter = $element->getParameters("insert", "i_n_" . $key, $this->currentArea); if ($new_parameter) { $parameters[] = $new_parameter; } } $sql = "insert into `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` set `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "`= DEFAULT "; $need_comma = true; if ($this->level > 0) { $sql .= ", `" . mysql_real_escape_string($this->currentArea->dbReference) . "` = '" . mysql_real_escape_string($this->upArea->parentId) . "' "; $need_comma = true; } $sortFieldDefined = false; foreach ($parameters as $key => $parameter) { if ($parameter['name'] == $this->currentArea->sortField) { $sortFieldDefined = true; } if ($parameter['value'] === null) { $value = " NULL "; } else { $value = "'" . mysql_real_escape_string($parameter['value']) . "'"; } if ($need_comma) { $sql .= ", `" . mysql_real_escape_string($parameter['name']) . "` = " . $value . " "; } else { $sql .= " `" . mysql_real_escape_string($parameter['name']) . "` = " . $value . " "; $need_comma = true; } } if (!$sortFieldDefined) { if ($need_comma) { $sql .= ", `" . mysql_real_escape_string($this->currentArea->sortField) . "` = 0 "; } else { $sql .= " `" . mysql_real_escape_string($this->currentArea->sortField) . "` = 0 "; $need_comma = true; } } $rs = mysql_query($sql); if (!$rs) { trigger_error("Impossible to insert new data " . $sql . " " . mysql_error()); } else { $lastInsertId = mysql_insert_id(); /* update sort field value */ if ($this->currentArea->sortable && $this->currentArea->sortField && $this->currentArea->newRecordPosition == 'top') { /* increase all sort field numbers */ $sql = "update `" . mysql_real_escape_string(DB_PREF . "" . $this->currentArea->dbTable) . "` set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = `" . mysql_real_escape_string($this->currentArea->sortField) . "` + 1"; $rs = mysql_query($sql); if (!$rs) { trigger_error("Can't change sort numbers " . $sql . " " . mysql_error()); } /* find lowest walue */ if ($this->level > 0) { $sql = "select min(`" . mysql_real_escape_string($this->currentArea->sortField) . "`) as 'min_value' from `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` where `" . mysql_real_escape_string($this->currentArea->dbReference) . "` = '" . mysql_real_escape_string($this->upArea->parentId) . "' and `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` <> " . (int) $lastInsertId . " "; } else { $sql = "select min(`" . mysql_real_escape_string($this->currentArea->sortField) . "`) as 'min_value' from `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` <> " . (int) $lastInsertId . " "; } $rs = mysql_query($sql); if ($rs) { if ($lock = mysql_fetch_assoc($rs)) { /* update inserted record to have the smallest sort field number*/ $sql2 = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = (" . (int) $lock['min_value'] . " - 1) where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($lastInsertId) . "' "; $rs = mysql_query($sql2); if (!$rs) { trigger_error($sql . " " . mysql_error()); } } } else { trigger_error("Can't find lowest value " . $sql . " " . mysql_error()); } } if ($this->currentArea->sortable && $this->currentArea->sortField && $this->currentArea->newRecordPosition == 'bottom') { /* find biggest walue */ if ($this->level > 0) { $sql = "select max(`" . mysql_real_escape_string($this->currentArea->sortField) . "`) as 'max_value' from `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` where `" . mysql_real_escape_string($this->currentArea->dbReference) . "` = '" . mysql_real_escape_string($this->upArea->parentId) . "' and `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` <> " . (int) $lastInsertId . ""; } else { $sql = "select max(`" . mysql_real_escape_string($this->currentArea->sortField) . "`) as 'max_value' from `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` <> " . (int) $lastInsertId . ""; } $rs = mysql_query($sql); if ($rs) { if ($lock = mysql_fetch_assoc($rs)) { /* update inserted record to have the smallest sort field number*/ $sql2 = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` set `" . mysql_real_escape_string($this->currentArea->sortField) . "` = (" . (int) $lock['max_value'] . " + 1) where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($lastInsertId) . "' "; $rs = mysql_query($sql2); if (!$rs) { trigger_error($sql . " " . mysql_error()); } } } else { trigger_error("Can't find lowest value " . $sql . " " . mysql_error()); } } foreach ($this->currentArea->elements as $key => $element) { $new_parameter = $element->processInsert("i_n_" . $key, $lastInsertId, $this->currentArea); } if (method_exists($this->currentArea, 'afterInsert')) { $this->currentArea->afterInsert($lastInsertId); //$this->upArea->afterInsert($lastInsertId); } } $answer = "\n <html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n </head>\n <body>\n <script type=\"text/javascript\">\n //parent.window.location.reload(true); throws browser alert to post data again if there was a search before insert.\n \n //parent.window.location.href = parent.window.location.href; don't work with #xxx\n \n var ipUrl = parent.window.location.href.split('#');\n \n parent.window.location = ipUrl[0] + '&anticache=' + Math.floor(Math.random()*1000); //Firefox5 don't reload if the same url.\n </script>\n </body></html>\n "; echo $answer; \Db::disconnect(); exit; } else { $answer = "\n <html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n </head>\n <body>\n <script type=\"text/javascript\">\n var errors = new Array();\n var new_fields = new Array();\n "; foreach ($this->errors as $key => $error) { $answer .= "\n var error = ['i_n_" . addslashes($key) . "', '" . addslashes($error) . "'];\n errors.push(error);\n "; } $answer .= "\n </script>\n </body></html>\n "; echo $answer; \Db::disconnect(); exit; } break; case 'update': $parameters = array(); //parameters for main sql for current area table. foreach ($this->currentArea->elements as $key => $element) { $new_error = $element->checkField("i_n_" . $key, "update", $this->currentArea); if ($new_error != null) { $this->errors[$key] = $new_error; } } if (sizeof($this->errors) == 0) { if (method_exists($this->currentArea, 'allowUpdate')) { $allowUpdate = $this->currentArea->allowUpdate($this->currentArea->currentId); if (!$allowUpdate) { if (method_exists($this->currentArea, 'lastError')) { echo "\n <html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n </head>\n <body>\n <script type=\"text/javascript\"> \n alert('" . addslashes($this->currentArea->lastError('update')) . "');\n </script>\n </body>\n </html>\n "; } else { echo "\n <html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n </head>\n <body>\n <script type=\"text/javascript\"> \n alert('" . addslashes($parametersMod->getValue('developer', 'std_mod', 'admin_translations', 'cant_update')) . "');\n </script>\n </body>\n </html>\n \n "; } return false; } } if (method_exists($this->currentArea, 'beforeUpdate')) { $this->currentArea->beforeUpdate($this->currentArea->currentId); } foreach ($this->currentArea->elements as $key => $element) { $new_parameter = $element->getParameters("update", "i_n_" . $key, $this->currentArea); if ($new_parameter) { $parameters[] = $new_parameter; } } $main_update = false; if (sizeof($parameters) > 0) { $sql = "update `" . mysql_real_escape_string(DB_PREF . $this->currentArea->dbTable) . "` set "; $need_comma = false; foreach ($parameters as $key => $parameter) { if ($parameter['value'] === null) { $value = " NULL "; } else { $value = "'" . mysql_real_escape_string($parameter['value']) . "'"; } if ($need_comma) { $sql .= ", `" . mysql_real_escape_string($parameter['name']) . "` = " . $value . " "; } else { $sql .= " `" . mysql_real_escape_string($parameter['name']) . "` = " . $value . " "; $need_comma = true; } } $sql .= " where `" . mysql_real_escape_string($this->currentArea->dbPrimaryKey) . "` = '" . mysql_real_escape_string($this->currentArea->currentId) . "' "; $rs = mysql_query($sql); if (!$rs) { trigger_error("Impossible to update " . $sql); } else { $main_update = true; } } else { $main_update = true; } if ($main_update) { foreach ($this->currentArea->elements as $key => $element) { $new_parameter = $element->processUpdate("i_n_" . $key, $this->currentArea->currentId, $this->currentArea); } } if (method_exists($this->currentArea, 'afterUpdate')) { $this->currentArea->afterUpdate($this->currentArea->currentId); } $answer = "\n <html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n </head>\n <body>\n <script type=\"text/javascript\">\n //parent.window.location.reload(true);\n //parent.window.location.href = parent.window.location.href;\n //parent.window.location.href = '" . str_replace('&', '&', $this->generateUrlBack()) . "';\n parent.window.location.href = '" . str_replace('&', '&', $_POST['back_url']) . "';\n </script>\n </body></html>\n "; echo $answer; \Db::disconnect(); exit; } else { $answer = "\n <html>\n <head>\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . CHARSET . "\" />\n </head>\n <body>\n <script type=\"text/javascript\">\n var errors = new Array();\n var new_fields = new Array();\n "; foreach ($this->errors as $key => $error) { $answer .= "\n var error = ['i_n_" . addslashes($key) . "', '" . addslashes($error) . "'];\n errors.push(error);\n "; } $answer .= "\n </script>\n </body></html>\n "; echo $answer; \Db::disconnect(); exit; } break; } } }