Project

General

Profile

wb-2_10_x / branches / main / modules / admin.php @ 9

1
<?php
2
/**
3
 *
4
 * @category        backend
5
 * @package         modules
6
 * @author          WebsiteBaker Project
7
 * @copyright       Ryan Djurovich
8
 * @copyright       WebsiteBaker Org. e.V.
9
 * @link            http://websitebaker.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.3
12
 * @requirements    PHP 5.3.6 and higher
13
 * @version         $Id: admin.php 2 2017-07-02 15:14:29Z Manuela $
14
 * @filesource      $HeadURL: svn://isteam.dynxs.de/wb/2.10.x/branches/main/modules/admin.php $
15
 * @lastmodified    $Date: 2017-07-02 17:14:29 +0200 (Sun, 02 Jul 2017) $
16
 *
17
*/
18

    
19
/* -------------------------------------------------------- */
20
// Must include code to stop this file being accessed directly
21
if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }
22
/* -------------------------------------------------------- */
23

    
24
// Create new admin object, you can set the next variable in your module
25
// to print with or without header, default is with header
26
// it is recommed to set the variable before including the /modules/admin.php
27
    $admin_header = (!isset($admin_header)) ? true : $admin_header;
28
    if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
29
    $admin = new admin('Pages', 'pages_modify',(bool)$admin_header);
30
// get request method
31
    $requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
32
    $aRequestVars  = (isset(${$requestMethod}) ? ${$requestMethod} : null);
33
// Get page id (on error page_id == 0))
34
    $page_id = intval(isset(${$requestMethod}['page_id'])
35
                      ? ${$requestMethod}['page_id']
36
                      : (isset($page_id) ? $page_id : 0)
37
               );
38

    
39
    $requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
40
    $section_id = intval(isset(${$requestMethod}['section_id'])
41
                         ? ${$requestMethod}['section_id']
42
                         : (isset($section_id) ? $section_id : 0)
43
                  );
44

    
45
$module_dir = basename( dirname($_SERVER["SCRIPT_NAME"]) );
46

    
47
// Create js back link
48
$js_back = ADMIN_URL.'/pages/sections.php?page_id='.$page_id;
49

    
50
// Get perms
51
// unset($admin_header);
52
if( !is_numeric( $page_id ) ) {
53
        $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL );
54
} elseif ($page_id > 0) {
55
      $page = $admin->get_page_details($page_id, ADMIN_URL.'/pages/index.php' );
56
} else {
57
    $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS'], ADMIN_URL );
58
}
59

    
60
$old_admin_groups = explode(',', str_replace('_', '', $page['admin_groups']));
61
$old_admin_users = explode(',', str_replace('_', '', $page['admin_users']));
62

    
63
$in_group = false;
64
foreach($admin->get_groups_id() as $cur_gid){
65
    if (in_array($cur_gid, $old_admin_groups)) {
66
        $in_group = true;
67
    }
68
}
69

    
70
if((!$in_group) && !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) {
71
    print $admin->get_group_id().$admin->get_user_id();
72
    // print_r ($old_admin_groups);
73
    $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']  );
74
}
75

    
76
// some additional security checks:
77
// Check whether the section_id belongs to the page_id at all
78
if( !is_numeric( $section_id ) ) {
79
        $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL );
80
    } elseif ($section_id > 0) {
81
    $section = $admin->get_section_details($section_id, ADMIN_URL.'/pages/index.php');
82
    if (!$admin->get_permission($section['module'], 'module'))
83
    {
84
        $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS'], ADMIN_URL );
85
    }
86
}
87

    
88
// Workout if the developer wants to show the info banner
89
if(isset($print_info_banner) && $print_info_banner == true) {
90
    // Get page details already defined
91

    
92
    // Get display name of person who last modified the page
93
    $user = $admin->get_user_details($page['modified_by']);
94

    
95
    // Convert the unix ts for modified_when to human a readable form
96
    $modified_ts = 'Unknown';
97
    if($page['modified_when'] != 0) {
98
        $modified_ts = gmdate(TIME_FORMAT.', '.DATE_FORMAT, $page['modified_when']+TIMEZONE);
99
    }
100

    
101
    // Setup template object, parse vars to it, then parse it
102
    // Create new template object
103
    $template = new Template(dirname($admin->correct_theme_source('pages_modify.htt')));
104
    // $template->debug = true;
105
    $template->set_file('page', 'pages_modify.htt');
106
    $template->set_block('page', 'main_block', 'main');
107
    $template->set_block('main_block', 'section_block', 'section_list');
108
    $template->set_block('section_block', 'block_block', 'block_list');
109
    $template->set_var(array(
110
                'PAGE_ID' => $page['page_id'],
111
                // 'PAGE_IDKEY' => $admin->getIDKEY($page['page_id']),
112
                'PAGE_IDKEY' => $page['page_id'],
113
                'PAGE_TITLE' => ($page['page_title']),
114
                'MENU_TITLE' => ($page['menu_title']),
115
                'ADMIN_URL' => ADMIN_URL,
116
                'WB_URL' => WB_URL,
117
                'THEME_URL' => THEME_URL
118
                ));
119

    
120
    $template->set_var(array(
121
                'MODIFIED_BY' => $user['display_name'],
122
                'MODIFIED_BY_USERNAME' => $user['username'],
123
                'MODIFIED_WHEN' => $modified_ts,
124
                'LAST_MODIFIED' => $MESSAGE['PAGES_LAST_MODIFIED'],
125
                ));
126

    
127
    $template->set_block('main_block', 'show_modify_block', 'show_modify');
128
    if($modified_ts == 'Unknown')
129
    {
130
        $template->set_block('show_modify', '');
131
        $template->set_var('CLASS_DISPLAY_MODIFIED', 'hide');
132

    
133
    } else {
134
        $template->set_var('CLASS_DISPLAY_MODIFIED', '');
135
        $template->parse('show_modify', 'show_modify_block', true);
136
    }
137

    
138
    // Work-out if we should show the "manage sections" link
139
    $sql  = 'SELECT `section_id` FROM `'.TABLE_PREFIX.'sections` WHERE `page_id` = '.(int)$page_id.' ';
140
    $sql .= 'AND `module` = "menu_link"';
141
    $query_sections = $database->query($sql);
142

    
143
    $template->set_block('main_block', 'show_section_block', 'show_section');
144
    if($query_sections->numRows() > 0)
145
    {
146
        $template->set_block('show_section', '');
147
        $template->set_var('DISPLAY_MANAGE_SECTIONS', 'display:none;');
148

    
149
    } elseif(MANAGE_SECTIONS == 'enabled')
150
    {
151

    
152
        $template->set_var('TEXT_MANAGE_SECTIONS', $HEADING['MANAGE_SECTIONS']);
153
        $template->parse('show_section', 'show_section_block', true);
154

    
155
    } else {
156
        $template->set_block('show_section', '');
157
        $template->set_var('DISPLAY_MANAGE_SECTIONS', 'display:none;');
158

    
159
    }
160

    
161
    // Insert language TEXT
162
    $template->set_var(array(
163
                    'TEXT_CURRENT_PAGE' => $TEXT['CURRENT_PAGE'],
164
                    'TEXT_CHANGE_SETTINGS' => $TEXT['CHANGE_SETTINGS'],
165
                    'HEADING_MODIFY_PAGE' => $HEADING['MODIFY_PAGE']
166
                    ));
167

    
168
    // Parse and print header template
169
    $template->parse('main', 'main_block', false);
170
    $template->pparse('output', 'page');
171
    // unset($print_info_banner);
172
    unset($template);
173
    $sSectionBlock = '<div class="block-outer">'."\n";
174

    
175
    if (/*SECTION_BLOCKS && */isset($section) ) {
176
        if (isset($block[$section['block']]) && trim(strip_tags(($block[$section['block']]))) != '')
177
        {
178
            $block_name = htmlentities(strip_tags($block[$section['block']]));
179
        } else {
180
            if ($section['block'] == 1)
181
                     {
182
                $block_name = $TEXT['MAIN'];
183
            } else {
184
                $block_name = '#' . (int) $section['block'];
185
            }
186
        }
187
        $now = time();
188
        $bSectionInactive = !(($now<=$section['publ_end'] || $section['publ_end']==0) && ($now>=$section['publ_start'] || $section['publ_start']==0));
189
//        $sSectionInfoLine  = ($bSectionInactive ? false: true);
190
        $sSectionInfoLine  = ($bSectionInactive ? 'inactive': 'active');
191
//        $sSectionInfoLine  = ($bSectionInactive ? '<div class="section-inactive">': '<div class="section-active">')."\n" ;
192
/*
193
        $sec_anchor = (defined( 'SEC_ANCHOR' ) && ( SEC_ANCHOR != '' )  ? 'id="'.SEC_ANCHOR.$section['section_id'].'"' : '');
194
        $sSectionInfoLine = '<div class="section-info" '.$sec_anchor.' ><b>'.$TEXT['BLOCK']
195
                          . ': </b>'.$block_name.' ('.$section['block'].') <b> Modul: </b>'
196
                          . $section['module'].'<b>  ID: </b>'.$section_id.'</div>'.PHP_EOL;
197
        echo $sSectionInfoLine;
198
*/
199
        $sSectionIdPrefix = (defined( 'SEC_ANCHOR' ) && ( SEC_ANCHOR != '' )  ? SEC_ANCHOR : '' );
200
        $sCallingScript = $_SERVER['SCRIPT_NAME'];
201
        $data = array();
202
        echo $sSectionBlock;
203

    
204
        $tpl = new Template(dirname($admin->correct_theme_source('SectionInfoLine.htt')),'keep');
205
        // $template->debug = true;
206
        $tpl->set_file('page', 'SectionInfoLine.htt');
207

    
208
        $tpl->set_block('page', 'main_block', 'main');
209
        $tpl->set_block('main_block', 'section_block', 'section_save');
210

    
211
        $data['aTarget.SectionIdPrefix'] = $sSectionIdPrefix.$section_id;
212
        $data['aTarget.SectionInfoLine'] = $sSectionInfoLine;
213
        $data['aTarget.SectionIdPrefix'] = $sSectionIdPrefix.$section_id;
214
        $data['aTarget.sectionBlock'] = $section['block'];
215
        $data['aTarget.SectionId'] = $section_id;
216
        $data['aTarget.pageId'] = $page_id;
217
        $data['aTarget.FTAN'] = $admin->getFTAN();
218
        $data['aTarget.BlockName'] = $block_name;
219
        $data['aTarget.sectionUrl'] = ADMIN_URL.'/pages/';
220
        $data['aTarget.sectionModule'] = $section['module'];
221
        $data['aTarget.title'] = $section['title'];
222
        $tpl->parse('section_save', '');
223
        if( preg_match( '/'.preg_quote(ADMIN_PATH,'/').'\/pages\/(settings|sections)\.php$/is', $sCallingScript)) {
224
            if( $admin->get_permission('pages_settings') ) {
225
                $data['lang.TEXT_SUBMIT'] = $TEXT['SAVE'];
226
                $tpl->parse('section_save', 'section_block');
227
            }
228
        }
229
        $tpl->set_var($data);
230
        $tpl->parse('main', 'main_block', false);
231
        $tpl->pparse('output', 'page');
232
        unset($tpl);
233
    }
234
//print '<pre>';print_r( $aTokens = unserialize($_SESSION['TOKENS']) );print '</pre>';
235
} //
236

    
237
// Work-out if the developer wants us to update the timestamp for when the page was last modified
238
if(isset($update_when_modified) && $update_when_modified == true) {
239
    $sql  = 'UPDATE `'.TABLE_PREFIX.'pages` SET '
240
          . '`modified_when` = '.time().','
241
          . '`modified_by` = '.$admin->get_user_id().' '
242
          . 'WHERE `page_id` = '.$page_id;
243
    $database->query($sql);
244
}