public function __construct($URL, $post = array(), $files = array()) { // URL parse $urlparts = parse_url($URL); if (!isset($urlparts['query'])) { $urlparts['query'] = 'show=list'; # required } // create URL $finalURL = explode('&', $urlparts['query']); $URL_parts = array('edit' => 0, 'page' => 1, 'section' => '', 'show' => 'list', 'filter' => array(), 'order' => array()); // assign some internal vars $this->menu = $_SESSION['menu_items']; $this->folder = dirname(__FILE__) . '/../'; $this->POST = $post; $this->FILES = $files; // get database connection $this->DB = new db(); //mysql for intermediate query generation if ($this->mysql_db != false) { require_once dirname(__FILE__) . '/mysql.inc.php'; } // get user object $this->USER = new user($this->POST); // GET actions - page, show, edit and others foreach ($finalURL as $valURL) { $u = explode('=', $valURL); if (!empty($u[0])) { $URL_parts[$u[0]] = $u[1]; switch ($u[0]) { case 'edit': $this->edit = $u[1]; break; case 'page': $this->page = (int) $u[1]; break; case 'section': $this->section = $u[1]; break; case 'show': if (in_array($u[1], array('list', 'insert', 'update', 'delete', 'deletefile', 'export'))) { $this->show = $u[1]; } else { $this->show = 'list'; } break; case 'filter': $this->urlFilter = unserialize(urldecode($u[1])); break; case 'order': $this->urlOrder = unserialize(urldecode($u[1])); break; case 'logout': $this->USER->logout(); break; } } } $this->USER->section = $this->section; // we have to show something if (empty($this->show) && !isset($_GET['lang'])) { die('Error at line "' . __LINE__ . '" in method "' . __METHOD__ . '"' . (isset($this->section) ? ', section ' . $this->section : '') . '<br /> No display request - "$this->show" was not set!'); } // reset page and edit if we have insert if ($this->show == 'insert') { $this->edit = 0; } // reset page but require update to some ID if ($this->show == 'update' || $this->show == 'delete') { if (!$this->edit) { die('Error at line "' . __LINE__ . '" in method "' . __METHOD__ . '"' . (isset($this->section) ? ', section ' . $this->section : '') . '<br /> Nothing to ' . $this->show . '! Set the EDIT request.'); } } // get URL parts from GET with default values $this->URL = $URL_parts; // INSERT log if we DON't have a listing OR we have update and POST (something is updated) if ($this->show != 'list' && $this->show != 'update' || $this->show == 'update' && !empty($this->POST)) { $validFiles = array(); if (!empty($this->FILES)) { foreach ($this->FILES as $kFILES => $vFILES) { if (trim($vFILES['name']) != '') { $validFiles[$kFILES] = $vFILES; } } } $this->DB->fetch(' INSERT INTO `_adminlog` (`request_get`, `request_post`, `request_files`, `user`) VALUES ( :request_get, :request_post, :request_files, :user ) ', array(':request_get' => isset($_GET) && !empty($_GET) ? serialize($_GET) : '', ':request_post' => !empty($this->POST) ? serialize($this->POST) : '', ':request_files' => !empty($validFiles) ? serialize($validFiles) : '', ':user' => $this->USER->userData['idadmin']), 1); } // ====================================================================== // check USER privileges // ====================================================================== // if not INDEX if ($this->section != false) { // check if the user has the priviledge to access this section if (false == $this->USER->can()) { die('<p style="font:16px Arial,Verdana;color:#c00">' . lang::translate('access_denied_section') . '</p> <meta http-equiv="refresh" content="2;url=' . BASE_URL . '" />'); } // check if the user can make current action if (false == $this->USER->can($this->show) && $this->show != 'export') { die('<p style="font:16px Arial,Verdana;color:#c00">' . lang::translate('access_denied_action') . '</p> <meta http-equiv="refresh" content="2;url=' . BASE_URL . '" />'); } // check uploadfile if (false == $this->USER->can('uploadfile') && !empty($this->FILES)) { die('<p style="font:16px Arial,Verdana;color:#c00">' . lang::translate('access_denied_action') . '</p> <meta http-equiv="refresh" content="2;url=' . BASE_URL . '" />'); } } // ====================================================================== // set language links $this->languageFrontEnd = lang::createButtons(); }