GNU General Public License for more details. */ // Include WB config.php file and admin class require '../../config.php'; require_once WB_PATH . '/framework/class.admin.php'; // Check if GET and SESSION vars are set if (!isset($_GET['page_id']) or !isset($_GET['section_id']) or !isset($_GET['order_id']) or !is_numeric($_GET['page_id']) or !is_numeric($_GET['section_id']) or !is_numeric($_GET['order_id']) or !isset($_SESSION['USER_ID']) or !isset($_SESSION['GROUP_ID'])) { die($MESSAGE['FRONTEND_SORRY_NO_VIEWING_PERMISSIONS']); } else { $page_id = $_GET['page_id']; $section_id = $_GET['section_id']; $order_id = $_GET['order_id']; } // Check if user is authenticated to view this page $admin = new admin('', '', false, false); if ($admin->get_page_permission($page_id, $action = 'admin') === false) { // User allowed to view this page die($MESSAGE['ADMIN_INSUFFICIENT_PRIVELLIGES']); } // Look for language file if (LANGUAGE_LOADED) { require_once WB_PATH . '/modules/bakery/languages/EN.php'; if (file_exists(WB_PATH . '/modules/bakery/languages/' . LANGUAGE . '.php')) { require_once WB_PATH . '/modules/bakery/languages/' . LANGUAGE . '.php'; } } // Show invoice, delivery note or reminder if (isset($_POST['view'])) { $view = $_POST['view']; } else { $view = 'invoice';
} else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } // end include class.secure.php // Get page id if (!isset($_GET['page_id']) || !is_numeric($_GET['page_id'])) { header("Location: index.php"); exit(0); } else { $page_id = $_GET['page_id']; } require_once LEPTON_PATH . '/framework/class.admin.php'; $admin = new admin('Pages', 'pages_modify'); // Get perms if (!$admin->get_page_permission($page_id, 'admin')) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } $sectionId = isset($_GET['wysiwyg']) ? htmlspecialchars($admin->get_get('wysiwyg')) : NULL; // Get page details $results_array = $admin->get_page_details($page_id); // Get display name of person who last modified the page $user = $admin->get_user_details($results_array['modified_by']); // Convert the unix ts for modified_when to human a readable form $modified_ts = $results_array['modified_when'] != 0 ? $modified_ts = date(TIME_FORMAT . ', ' . DATE_FORMAT, $results_array['modified_when']) : 'Unknown'; // Include page info script $template = new Template(THEME_PATH . '/templates'); $template->set_file('page', 'pages_modify.htt'); $template->set_block('page', 'main_block', 'main'); $template->set_var(array('PAGE_ID' => $results_array['page_id'], 'PAGE_TITLE' => $results_array['page_title'], 'MENU_TITLE' => $results_array['menu_title'], 'ADMIN_URL' => ADMIN_URL, 'LEPTON_URL' => LEPTON_URL, 'LEPTON_PATH' => LEPTON_PATH, 'THEME_URL' => THEME_URL)); $template->set_var(array('MODIFIED_BY' => $user['display_name'], 'MODIFIED_BY_USERNAME' => $user['username'], 'MODIFIED_WHEN' => $modified_ts, 'LAST_MODIFIED' => $MESSAGE['PAGES_LAST_MODIFIED']));
if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) { $visibility = 'public'; } // fix secunia 2010-91-2 $admin_groups = $admin->get_post('admin_groups'); $viewing_groups = $admin->get_post('viewing_groups'); // Work-out if we should check for existing page_code $field_set = $database->field_exists(TABLE_PREFIX . 'pages', 'page_code'); // add Admin to admin and viewing-groups $admin_groups[] = 1; $viewing_groups[] = 1; // After check print the header $admin->print_header(); // check parent page permissions: if ($parent != 0) { if (!$admin->get_page_permission($parent, 'admin')) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } } elseif (!$admin->get_permission('pages_add_l0', 'system')) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } // check module permissions: if (!$admin->get_permission($module, 'module')) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } // Validate data if ($title == '' || substr($title, 0, 1) == '.') { $admin->print_error($MESSAGE['PAGES_BLANK_PAGE_TITLE']); } // Check to see if page created has needed permissions if (!in_array(1, $admin->get_groups_id())) {