protected function initialize()
{
if (BUILD_DATABASE === TRUE) {
$sql_filepath = 'assets/plugins/' . strtolower($this->page_type) . '/assets/sql/build_plugin_tables.sql';
// If custom DB tables are required for the plugin, build them here
if (file_exists($sql_filepath) and is_readable($sql_filepath)) {
$sql = Utilities::load_file($sql_filepath);
try {
$this->db->query($sql);
} catch (Exception $e) {
ECMS_Error::log_exception($e);
}
}
}
// Add custom actions for the plugin or allow overwrite of core actions
$this->access_points = array_merge($this->access_points, $this->register_custom_actions());
}
/**
* Outputs the editing controls for a given entry
*
* @param int $id the ID of the entry to be edited
* @return string HTML markup to display the editing form
*/
public function display_admin()
{
try {
$entry_id = isset($_POST['entry_id']) ? (int) $_POST['entry_id'] : NULL;
// Load form values
$this->get_entry_by_id($entry_id);
// Create a new form object and set submission properties
$form = new Form();
$form->form_id = 'ecms-edit-form';
// Set up hidden form values
$form->page = $this->url0;
$form->action = 'entry-write';
$form->entry_id = $entry_id;
// Make the entry values available to the form if they exist
$form->entry = isset($this->entries[0]) ? $this->entries[0] : array();
// Set up input information
$form->input_arr = array(array('name' => 'title', 'class' => 'input-text', 'label' => 'Entry Title'), array('type' => 'textarea', 'name' => 'entry', 'class' => 'input-textarea', 'label' => 'Entry Body'), array('type' => 'textarea', 'class' => 'input-textarea', 'name' => 'excerpt', 'label' => 'Excerpt (Meta Description)'), array('type' => 'submit', 'class' => 'input-submit', 'name' => 'form-submit', 'value' => 'Save Entry'));
return $form;
} catch (Exception $e) {
ECMS_Error::logException($e);
}
}
private function _get_popular_categories($page_slug)
{
$category_array = array();
try {
$sql = "SELECT `tags`\n FROM `" . DB_NAME . "`.`" . DB_PREFIX . "entries`\n WHERE `page_id`=(\n SELECT `page_id`\n FROM `" . DB_NAME . "`.`" . DB_PREFIX . "pages`\n WHERE `page_slug`=:page_slug\n LIMIT 0, 1\n )";
$stmt = DB_Connect::create()->db->prepare($sql);
$stmt->bindParam(':page_slug', $page_slug, PDO::PARAM_STR);
$stmt->execute();
$categories_array = $stmt->fetchAll(PDO::FETCH_OBJ);
foreach ($categories_array as $categories) {
$temp_array = explode(',', strtolower($categories->tags));
foreach ($temp_array as $category) {
if (empty($category)) {
continue;
}
$c = str_replace(' ', '-', trim($category));
if (array_key_exists($c, $category_array)) {
$category_array[$c] += 1;
} else {
$category_array[$c] = 1;
}
}
}
$stmt->closeCursor();
} catch (Exception $e) {
ECMS_Error::log_exception($e);
}
arsort($category_array);
return $category_array;
}
<?php
// Make sure the form submission is valid
if (Form::is_form_submission_valid() === TRUE) {
echo Form::handle_form_submission();
exit;
} else {
// Throw an exception and die
ECMS_Error::log_exception(new Exception("An unknown error has occurred.\n"));
}
/**
* Checks if a directory exists, then creates it if it doesn't
*
* @return void
*/
private function checkDir()
{
$dir = $this->thumb === TRUE ? $this->dir . 'thumbs/' : $this->dir;
$dir = $this->preview === TRUE ? $this->dir . 'preview/' : $dir;
if (!is_dir($dir) && strlen($dir) > 0) {
if (!mkdir($dir, 0755, TRUE)) {
ECMS_Error::log_exception(new Exception("'{$dir}' could not be created.<br />"));
} else {
return TRUE;
}
} else {
return TRUE;
}
}
/**
* Loads a file or an array of files into memory after parsing PHP inside
*
* @param mixed $filepath A file path or array of file paths
* @param array $var_arr An array of variables to be passed to files
* @return string
*/
public static function load_file($filepath, $var_arr = array())
{
// Start an output buffer
ob_start();
// Check if an array of file paths was supplied
if (is_array($filepath)) {
// Loop through each path
foreach ($filepath as $file) {
// If variables for the file exist, extract and define them
if (array_key_exists($file, $var_arr)) {
foreach ($var_arr[$file] as $key => $val) {
${$key} = $val;
}
}
// Make sure the file exists, then load it
if (file_exists($file)) {
require_once $file;
} else {
ECMS_Error::log_exception(new Exception("Failed to load {$file}"));
}
}
} else {
// Check if variables were supplied for the file
if (count($var_arr >= 1)) {
foreach ($var_arr as $key => $val) {
${$key} = $val;
}
}
// Make sure the file exists, then load it
if (file_exists($filepath)) {
require_once $filepath;
} else {
ECMS_Error::log_exception(new Exception("Failed to load {$filepath}"));
}
}
// Return the buffer contents
return ob_get_clean();
}
private function _get_error_message()
{
$error_codes = array('0000' => NULL, '0001' => 'The username you entered is not valid.', '0002' => 'The display name you entered is not valid.', '0003' => 'Your password needs to be at least 8 characters.', '0004' => 'The passwords you entered don\'t match.', '0005' => 'This account has already been verified.');
if (array_key_exists($this->_sdata->error, $error_codes)) {
return $error_codes[$this->_sdata->error];
} else {
ECMS_Error::log_exception(new Exception('Unknown comment error occurred using error code "' . $this->_error_code . '".'), FALSE);
return 'An unknown error occurred.';
}
}
/**
* Creates the database tables necessary for the CMS to function
*
* @param array $menuPages The menu configuration array
* @return void
*/
public static function build_database()
{
// Loads necessary MySQL to build and populate the database
$file_array = array();
$var_arr = array();
$file_array[] = CMS_PATH . 'core/resources/sql/build_database.sql';
$file_array[] = CMS_PATH . 'core/resources/sql/build_table_pages.sql';
$file_array[] = CMS_PATH . 'core/resources/sql/build_table_entries.sql';
$file_array[] = CMS_PATH . 'core/resources/sql/build_table_categories.sql';
$file_array[] = CMS_PATH . 'core/resources/sql/build_table_entry_categories.sql';
$file_array[] = CMS_PATH . 'core/resources/sql/build_table_featured.sql';
$file_array[] = CMS_PATH . 'core/resources/sql/build_table_users.sql';
$file_array[] = CMS_PATH . 'core/resources/sql/build_table_comments.sql';
// If an admin is initializing the ECMS, create his or her account
if (DEV_PASS !== '') {
$filepath = CMS_PATH . 'core/resources/sql/insert_users_entry.sql';
// Create a salted hash of the password
$password_hash = AdminUtilities::createSaltedHash(DEV_PASS);
// Assign variables needed to properly parse the file
$var_arr = array($filepath => array('display' => DEV_DISPLAY_NAME, 'username' => DEV_USER_NAME, 'email' => DEV_EMAIL, 'vcode' => sha1(uniqid(time(), TRUE)), 'clearance' => DEV_CLEARANCE, 'password' => $password_hash));
// Add the file to the array
$file_array[] = $filepath;
}
// Load the files
$sql = Utilities::load_file($file_array, $var_arr);
// Execute the loaded queries
try {
$dsn = "mysql:host=" . DB_HOST . ";dbname=" . DB_NAME;
$db = new PDO($dsn, DB_USER, DB_PASS);
$db->query($sql);
} catch (Exception $e) {
ECMS_Error::log_exception($e);
}
}
exit;
} else {
if ($menu_page === FALSE) {
require_once CMS_PATH . 'core/helper/class.missing.inc.php';
$menu_page->page_name = 'Invalid URL';
$menu_page->type = 'Missing';
}
}
/*******************************************************************************
* Initialize the main content class and load entry data
*******************************************************************************/
// Create a new object for the correct page type
try {
$main_content = new $menu_page->type($url_array);
} catch (Exception $e) {
ECMS_Error::logException($e);
}
// Load the main entry
$entry = $main_content->display_public();
/*******************************************************************************
* Meta data for the site is created here
*******************************************************************************/
// Load the page title
$title = $main_content->get_page_title($menu_page);
// Load the meta description (must come after $main_content->display_public())
$meta_description = $main_content->get_page_description();
/*******************************************************************************
* Define an autoloader for entry classes
*******************************************************************************/
function __autoload($classname)
{
protected function admin_comment_options($bid, $cid, $email)
{
$form_action = FORM_ACTION;
if ($this->isLoggedIn()) {
try {
$config = array('legend' => '', 'class' => 'admin-delete');
$form = new Form($config);
$form->action = "comment_delete";
$form->input_arr = array(array('name' => 'bid', 'type' => 'hidden', 'value' => $bid), array('name' => 'cmntid', 'type' => 'hidden', 'value' => $cid), array('name' => 'delete-submit', 'type' => 'submit', 'value' => 'delete'));
return $form;
} catch (Exception $e) {
ECMS_Error::log_exception($e);
}
} else {
return '';
}
}
public function update_menu()
{
// Clean up the posted data
foreach ($_POST as $key => $val) {
// if( $key==='page_slug' && SIV::validate($val, SIV::SLUG) )
// {
// $$key = $val;
// }
// else
// {
//TODO Add error handling and send back to form
// }
${$key} = SIV::clean_output($val, FALSE, FALSE);
}
$sql = 'INSERT INTO `' . DB_NAME . '`.`' . DB_PREFIX . 'pages`
(
`page_id`, `page_name`, `page_slug`, `type`, `menu_order`,
`show_full`, `hide_in_menu`, `parent_id`, `extra`
)
VALUES
(
:page_id, :page_name, :page_slug, :type, :menu_order,
:show_full, :hide_in_menu, :parent_id, :extra
)
ON DUPLICATE KEY UPDATE
`page_name`=:page_name, `page_slug`=:page_slug,
`type`=:type, `menu_order`=:menu_order,
`show_full`=:show_full, `hide_in_menu`=:hide_in_menu,
`parent_id`=:parent_id, `extra`=:extra';
try {
$stmt = $this->db->prepare($sql);
$stmt->bindParam(":page_id", $page_id, PDO::PARAM_INT);
$stmt->bindParam(":page_name", $page_name, PDO::PARAM_STR);
$stmt->bindParam(":page_slug", $page_slug, PDO::PARAM_STR);
$stmt->bindParam(":type", $type, PDO::PARAM_STR);
$stmt->bindParam(":menu_order", $menu_order, PDO::PARAM_INT);
$stmt->bindParam(":show_full", $show_full, PDO::PARAM_INT);
$stmt->bindParam(":hide_in_menu", $hide_in_menu, PDO::PARAM_INT);
$stmt->bindParam(":parent_id", $parent_id, PDO::PARAM_INT);
$stmt->bindParam(":extra", $extra, PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->errorCode() === '00000';
$stmt->closeCursor();
return $result;
} catch (Exception $e) {
ECMS_Error::log_exception($e);
}
}
private static function _handle_response($return, $object)
{
// If this is an AJAX call, echo the output
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) || isset($_GET['action'])) {
return $return;
} else {
// If the method succeeded and isn't AJAX, it should return TRUE
if ($return === TRUE) {
// If a same-domain referrer is available, use it
if (isset($_SERVER['HTTP_REFERER'])) {
$loc = $_SERVER['HTTP_REFERER'];
} else {
if (property_exists($object, 'url0')) {
$loc = '/' . $object->url0;
} else {
$loc = '/';
}
}
header("Location: {$loc}");
exit;
} else {
ECMS_Error::log_exception(new Exception("Action failed."));
}
}
}
public function update_notification_settings()
{
// Make sure the user clicked the update button, not the cancel button
if (array_key_exists('comment-notification-submit', $_POST)) {
// Grab the entries for which the user still wants notifications
if (array_key_exists('entries', $_POST) && is_array($_POST['entries'])) {
foreach ($_POST['entries'] as $entry_id) {
if (!isset($where_clause)) {
$where_clause = ' `entry_id`<>' . (int) $entry_id;
} else {
$where_clause .= ' OR `entry_id`<>' . (int) $entry_id;
}
}
} else {
$where_clause = 1;
}
// Extract the email and validate it
$decoded_email = Utilities::hextostr($_POST['email']);
if (SIV::validate($decoded_email, SIV::EMAIL)) {
$email = $decoded_email;
} else {
ECMS_Error::log_exception(new Exception("Invalid email!"));
}
// Build the SQL query
$sql = "UPDATE `" . DB_NAME . "`.`" . DB_PREFIX . "comments`\n SET `subscribed`=0\n WHERE email = :email\n AND ( {$where_clause} )";
try {
$stmt = $this->db->prepare($sql);
$stmt->bindParam(":email", $email, PDO::PARAM_STR);
$stmt->execute();
$stmt->closeCursor();
return TRUE;
} catch (Exception $e) {
ECMS_Error::log_exception($e);
}
} else {
header('Location: ' . SITE_URL);
exit;
}
}
public static function displaySearchBox($legend = "Search the Site")
{
try {
// Create a new form object and set submission properties
$form = new Form();
$form->legend = $legend;
$form->form_id = 'search-form';
// Set up hidden form values
$form->page = 'search';
$form->action = 'entry-search';
// Set up input information
$form->input_arr = array(array('name' => 'search_string', 'id' => 'search-string', 'label' => 'Search Text', 'class' => 'input-text'), array('type' => 'submit', 'name' => 'search-submit', 'value' => 'Search', 'class' => 'input-submit'));
return $form;
} catch (Exception $e) {
ECMS_Error::log_exception($e);
}
}