Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        framewotk
5
 * @package         backend admin
6
 * @author          Ryan Djurovich, WebsiteBaker Project
7
 * @copyright       WebsiteBaker Org. e.V.
8
 * @link            http://websitebaker.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.3
11
 * @requirements    PHP 5.3.6 and higher
12
 * @version         $Id: class.admin.php 2 2017-07-02 15:14:29Z Manuela $
13
 * @filesource      $HeadURL: svn://isteam.dynxs.de/wb/2.10.x/trunk/framework/class.admin.php $
14
 * @lastmodified    $Date: 2017-07-02 17:14:29 +0200 (Sun, 02 Jul 2017) $
15
 *
16
 */
17
/* -------------------------------------------------------- */
18
// Must include code to stop this file being accessed directly
19
if(!defined('WB_PATH')) {
20
    require_once(dirname(__FILE__).'/globalExceptionHandler.php');
21
    throw new IllegalFileException();
22
}
23
/* -------------------------------------------------------- */
24
if (!class_exists('wb', false)) {require(WB_PATH.'/framework/class.wb.php');}
25

    
26
// Get WB version
27
require_once(ADMIN_PATH.'/interface/version.php');
28

    
29
// Include EditArea wrapper functions
30
// require_once(WB_PATH . '/include/editarea/wb_wrapper_edit_area.php');
31
//require_once(WB_PATH . '/framework/SecureForm.php');
32

    
33

    
34
class admin extends wb {
35

    
36
    private $section_name;
37
    private $section_permission;
38

    
39
    // Authenticate user then auto print the header
40
    public function __construct($section_name= '##skip##', $section_permission = 'start', $auto_header = true, $auto_auth = true)
41
    {
42
        parent::__construct(1);
43
    if( $section_name != '##skip##' )
44
    {
45
        global $database, $MESSAGE;
46
        $database = @$GLOBALS['database'];
47
        // Specify the current applications name
48
        $this->section_name = $section_name;
49
        $this->section_permission = $section_permission;
50
        $maintance = ( defined( 'SYSTEM_LOCKED') && ( SYSTEM_LOCKED == true) ? true : false);
51
        // Authenticate the user for this application
52
        if($auto_auth == true)
53
        {
54
            // First check if the user is logged-in
55
            if($this->is_authenticated() == false)
56
            {
57
                header('Location: '.ADMIN_URL.'/login/index.php');
58
                exit(0);
59
            }
60

    
61
            // Now check if they are allowed in this section
62
            if($this->get_permission($section_permission) == false) {
63
                die($MESSAGE['ADMIN_INSUFFICIENT_PRIVELLIGES']);
64
            }
65
        }
66
        if( ( $maintance == true) || $this->get_session( 'USER_ID') != 1) {
67
          //  check for show maintenance screen and terminate if needed
68
          $this->ShowMaintainScreen( 'locked');
69
        }
70

    
71
        // Check if the backend language is also the selected language. If not, send headers again.
72
        $sql  = 'SELECT `language` FROM `'.TABLE_PREFIX.'users` ';
73
        $sql .= 'WHERE `user_id`='.(int)$this->get_user_id();
74
        $user_language = $database->get_one($sql);
75
        $admin_folder = str_replace(WB_PATH, '', ADMIN_PATH);
76
        if((LANGUAGE != $user_language) && file_exists(WB_PATH .'/languages/' .$user_language .'.php')
77
            && strpos($_SERVER['SCRIPT_NAME'],$admin_folder.'/') !== false) {
78
            // check if page_id is set
79
            $page_id_url = (isset($_GET['page_id'])) ? '&page_id=' .(int) $_GET['page_id'] : '';
80
            $section_id_url = (isset($_GET['section_id'])) ? '&section_id=' .(int) $_GET['section_id'] : '';
81
            $sScriptUrl = $_SERVER['SCRIPT_NAME'];
82
            if(isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] != '') { // check if there is an query-string
83
                header('Location: '.$sScriptUrl.'?lang='.$user_language .$page_id_url .$section_id_url.'&'.$_SERVER['QUERY_STRING']);
84
            } else {
85
                header('Location: '.$sScriptUrl.'?lang='.$user_language .$page_id_url .$section_id_url);
86
            }
87
            exit();
88
        }
89

    
90
        // Auto header code
91
        if($auto_header == true) {
92
            $this->print_header();
93
        }
94
    }
95
    }
96

    
97
    private function mysqlVersion() {
98
      global $database;
99
      $sql = 'SELECT VERSION( ) AS versionsinfo';
100
      if( $oRes = ($database->query($sql)) ) {
101
          $aRes = $oRes->fetchRow(MYSQLI_ASSOC);
102
          return $aRes['versionsinfo'];
103
      }
104
      return 0;
105
    }
106

    
107
    private function mysqlStrict() {
108
      global $database;
109
      $retVal ='';
110
      $sql = 'SELECT @@global.sql_mode AS strictinfo';
111
      if( $oRes = ($database->query($sql)) ) {
112
          $aRes = $oRes->fetchRow(MYSQLI_ASSOC);
113
          $retVal = $aRes['strictinfo'];
114
      }
115
      return is_numeric( strpos( $retVal,'STRICT' ) );
116
    }
117

    
118
    public function print_info (){
119
        global $MENU, $MESSAGE, $TEXT, $database;
120
// Create new template object with phplib
121
        $oTpl = new Template(dirname($this->correct_theme_source('call_help.htt')));
122
        $oTpl->set_file('page', 'call_help.htt');
123
        $oTpl->set_block('page', 'main_block', 'main');
124
        $aLang = array(
125
            'CANCEL' => $TEXT['CANCEL'],
126
            'TITLE_INFO' => 'WebsiteBaker System-Info',
127

    
128
        );
129
        $aTplDefaults = array(
130
            'ADMIN_URL' => ADMIN_URL.'',
131
            'INFO_URL' => ADMIN_URL.'/start/wb_info.php',
132
            'sAddonThemeUrl' => THEME_URL.'',
133
        );
134
        $oTpl->set_var($aLang);
135
        $oTpl->set_var($aTplDefaults);
136
/*-- finalize the page -----------------------------------------------------------------*/
137
        $oTpl->parse('main', 'main_block', false);
138
        $oTpl->pparse('output', 'page');
139

    
140
    }
141

    
142
    // Print the admin header
143
    public function print_header($body_tags = '') {
144
        // Get vars from the language file
145
        global $MENU, $MESSAGE, $TEXT, $database;
146
        // Connect to database and get website title
147
        // $GLOBALS['FTAN'] = $this->getFTAN();
148
//        $this->createFTAN();
149
        $sql = 'SELECT `value` FROM `'.TABLE_PREFIX.'settings` '
150
             . 'WHERE `name`=\'website_title\'';
151
        $get_title = $database->query($sql);
152
        $aWebsiteTitle= $get_title->fetchRow( MYSQLI_ASSOC );
153
        // Setup template object, parse vars to it, then parse it
154
        $header_template = new Template(dirname($this->correct_theme_source('header.htt')));
155
        $header_template->set_file('page', 'header.htt');
156
        $header_template->set_block('page', 'header_block', 'header');
157
        if(defined('DEFAULT_CHARSET')) {
158
            $charset=DEFAULT_CHARSET;
159
        } else {
160
            $charset='utf-8';
161
        }
162

    
163
        // work out the URL for the 'View menu' link in the WB backend
164
        // if the page_id is set, show this page otherwise show the root directory of WB
165
        $view_url = WB_URL;
166
        $info_url = ($this->get_user_id()==1 ? ADMIN_URL.'/start/info.php':ADMIN_URL);
167
        if(isset($_GET['page_id'])) {
168
            // extract page link from the database
169
            $sql = 'SELECT `link` FROM `'.TABLE_PREFIX.'pages` '
170
                 . 'WHERE `page_id`='.intval($_GET['page_id']);
171
            $result = @$database->query($sql);
172
            $row = @$result->fetchRow( MYSQLI_ASSOC );
173
            if($row) $view_url .= PAGES_DIRECTORY .$row['link']. PAGE_EXTENSION;
174
        }
175

    
176

    
177
        $convertToReadableSize = function ($size){
178
          $base = log($size) / log(1024);
179
          $suffix = array("", " KB", " MB", " GB", " TB");
180
          $f_base = floor($base);
181
          return round(pow(1024, $base - floor($base)), 1) . $suffix[$f_base];
182
        };
183

    
184
        $sIconPost = '0';
185
        $aFileStat = array();
186
        $sErrorlogFile = WB_PATH.'/var/logs/php_error.log.php';
187
        $sErrorlogUrl  = WB_URL.'/var/logs/php_error.log.php';
188
        if (is_readable($sErrorlogFile)){
189
            clearstatcache($sErrorlogFile);
190
            $iFileSize = filesize($sErrorlogFile);
191
            $sIconPost = (($iFileSize>3000)?'1':'0');
192
        }
193
        $header_template->set_var('ERROR_SIZE', $convertToReadableSize($iFileSize)); //
194
//        $header_template->set_var('ERROR_MSG', $sErrorlogMsg); //
195
        $header_template->set_var('ERROR_LOG', $sErrorlogUrl); // $sErrorlogUrl
196
        $header_template->set_var('POST',$sIconPost);
197

    
198
        $datalist['Header'] =
199
                      array(
200
                            'FTAN_GET' => ( DEBUG ? $this->getFTAN('GET') : '' ),
201
                            'SECTION_NAME'        => $MENU[strtoupper($this->section_name)],
202
                            'TEMPLATE_DIR'        => DEFAULT_THEME,
203
                            'STYLE'               => strtolower($this->section_name),
204
                            'BODY_TAGS'           => $body_tags,
205
                            'WEBSITE_TITLE'       => ($aWebsiteTitle['value']),
206
                            'TEXT_ADMINISTRATION' => $TEXT['ADMINISTRATION'],
207
                            'CURRENT_USER'        => $MESSAGE['START_CURRENT_USER'],
208
                            'DISPLAY_NAME'        => $this->get_display_name(),
209
                            'CHARSET'             => $charset,
210
                            'LANGUAGE'            => strtolower(LANGUAGE),
211
                            'WB_URL'              => WB_URL,
212
                            'ADMIN_URL'           => ADMIN_URL,
213
                            'THEME_URL'           => THEME_URL,
214
                            'TEMPLATE'            => defined('TEMPLATE')?TEMPLATE:DEFAULT_TEMPLATE,
215
                            'EDITOR'              => WYSIWYG_EDITOR,
216
                            'TITLE_START'         => $MENU['START'],
217
                            'TITLE_VIEW'          => $MENU['VIEW'],
218
                            'TITLE_HELP'          => $MENU['HELP'],
219
                            'TITLE_INFO'          => 'WebsiteBaker System-Info',
220
                            'TITLE_LOGOUT'        =>  $MENU['LOGOUT'],
221
                            'URL_VIEW'            => $view_url,
222
                            'INFO_URL'            => $info_url,
223
                            'URL_HELP'            => 'http://help.websitebaker.org/',
224
                            'BACKEND_MODULE_CSS'  => $this->register_backend_modfiles('css'),    // adds backend.css
225
                            'BACKEND_MODULE_JS'   => $this->register_backend_modfiles('js')      // adds backend.js
226
                        );
227

    
228
/*------------------------------------------------------------------------------------*/
229
    $header_template->set_var($datalist['Header'] );
230
    $header_template->set_block( 'header_block', 'maintenance_block', 'maintenance');
231
    if( $this->get_user_id() == 1) {
232

    
233
      $sys_locked = ( ( ( int)( defined( 'SYSTEM_LOCKED') ? SYSTEM_LOCKED : 0)) == 1);
234
      $header_template->set_var( 'MAINTENANCE_MODE', ( $sys_locked ? $this->_oTrans->TEXT_MAINTENANCE_OFF :
235
        $this->_oTrans->TEXT_MAINTENANCE_ON));
236
      $header_template->set_var( 'MAINTENANCE_ICON', THEME_URL.'/images/'.( $sys_locked ? 'lock' :
237
        'unlock').'.png');
238
      $header_template->set_var( 'MAINTAINANCE_URL', ADMIN_URL.'/settings/locking.php');
239
      $header_template->parse( 'maintenance', 'maintenance_block', true);
240
    } else {
241
      $header_template->set_block( 'maintenance_block', '');
242
    }
243
/*------------------------------------------------------------------------------------*/
244

    
245
        // Create the backend menu
246
        $aMenu = array(
247
//                    array(ADMIN_URL.'/start/index.php',               '', $MENU['START'],       'start',       1),
248
                    array(ADMIN_URL.'/pages/index.php',               '', $MENU['PAGES'],       'pages',       1),
249
                    array(ADMIN_URL.'/media/index.php',               '', $MENU['MEDIA'],       'media',       1),
250
                    array(ADMIN_URL.'/addons/index.php',              '', $MENU['ADDONS'],      'addons',      1),
251
                    array(ADMIN_URL.'/preferences/index.php',         '', $MENU['PREFERENCES'], 'preferences', 0),
252
                    array(ADMIN_URL.'/settings/index.php?advanced=0', '', $MENU['SETTINGS'],    'settings',    1),
253
                    array(ADMIN_URL.'/admintools/index.php',          '', $MENU['ADMINTOOLS'],  'admintools',  1),
254
                    array(ADMIN_URL.'/access/index.php',              '', $MENU['ACCESS'],      'access',      1),
255
                    );
256
        $header_template->set_block('header_block', 'linkBlock', 'link');
257
        foreach($aMenu AS $menu_item)
258
        {
259
            $link = $menu_item[0];
260
            $target = ($menu_item[1] == '') ? '_self' : $menu_item[1];
261
            $titleMenu = $menu_item[2];
262
            $permission_title = $menu_item[3];
263
            $required = $menu_item[4];
264
            $replace_old = array(ADMIN_URL, WB_URL, '/', 'index.php');
265
            if ($required == false || $this->get_link_permission($permission_title)) {
266
                $header_template->set_var('LINK', $link);
267
                $header_template->set_var('TARGET', $target);
268
                // If link is the current section apply a class name
269
                if ($permission_title == strtolower($this->section_name)) {
270
                    $info_url = ($this->get_user_id()==1 ? ADMIN_URL.'/start/info.php?url='.$link:ADMIN_URL);
271
                    $header_template->set_var('CLASS', $menu_item[3] . ' current');
272
                } else {
273
                    $header_template->set_var('CLASS', $menu_item[3]);
274
                }
275
                $header_template->set_var('TITLE', $titleMenu);
276
                // Print link
277
                $header_template->parse('link', 'linkBlock', true);
278
                $header_template->set_block('header_block', 'infoBlockBasis',   'infoBasis');
279
                $header_template->set_block('header_block', 'infoBlockExented', 'infoExented');
280

    
281
                $header_template->set_block('header_block', 'button_info_block', 'button_info');
282
                $bCanShowInfoBlock = (DEBUG&&$this->ami_group_member('1') || ($this->get_user_id()=='1'));
283
                if (!$bCanShowInfoBlock){
284
                    $header_template->set_block('button_info', '');
285
                } else {
286
                    $header_template->parse('button_info', 'button_info_block', true);
287
                }
288
                if ((strtolower($this->section_name) == 'admintools') && (!$bCanShowInfoBlock))
289
                {
290
//                    print ($this->section_name).'<br />';
291
                    $header_template->set_block('infoBasis', '');
292
                    $header_template->set_var( array(
293
                                        'VERSION'             => WB_VERSION,
294
                                        'SP'                  => (defined('WB_SP') ? WB_SP : ''),
295
                                        'REVISION'            => WB_REVISION,
296
                                        'PHP_VERSION'         => phpversion(),
297
                                        'TEXT_EXT_INFO'       => 'SQL  Server:',
298
                                        'EXT_INFO'            => $this->mysqlVersion(),
299
                                        'EXT_INFO1'           => ( ($this->mysqlStrict())?'STRICT': 'NON STRICT' ),
300
                                    ) );
301

    
302
                    $header_template->parse('infoExented', 'infoBlockExented', true);
303
                } else {
304
//                    print '<b>'.$menu_item[3].'/<b><br />';
305
//                    $header_template->set_block('infoExented', '');
306
                    $header_template->set_block('infoExented', '');
307
                    $header_template->set_var( array(
308
                                        'VERSION'             => VERSION,
309
                                        'SP'                  => (defined('SP') ? SP : ''),
310
                                        'REVISION'            => REVISION,
311
                                        'PHP_VERSION'         => phpversion(),
312
                                        'SERVER_ADDR'         => ($this->get_user_id() == 1
313
                                                                   ? (!isset($_SERVER['SERVER_ADDR'])
314
                                                                      ? '127.0.0.1'
315
                                                                      : $_SERVER['SERVER_ADDR'])
316
                                                                  : ''),
317
                                    ) );
318
                    $header_template->parse('infoBasis', 'infoBlockBasis', true);
319
                }
320
            }
321
        }
322

    
323
        $header_template->parse('header', 'header_block', false);
324
        $header_template->pparse('output', 'page');
325
    }
326

    
327
    // Print the admin footer
328
        public function print_footer($activateJsAdmin = false) {
329
        // include the required file for Javascript admin
330
        if($activateJsAdmin != false) {
331
            if(file_exists(WB_PATH.'/modules/jsadmin/jsadmin_backend_include.php')){
332
                @include_once(WB_PATH.'/modules/jsadmin/jsadmin_backend_include.php');
333
            }
334
        }
335

    
336
        // Setup template object, parse vars to it, then parse it
337
        $footer_template = new Template(dirname($this->correct_theme_source('footer.htt')));
338
        $footer_template->set_file('page', 'footer.htt');
339
        $footer_template->set_block('page', 'footer_block', 'header');
340
        $footer_template->set_var(array(
341
                        'BACKEND_BODY_MODULE_JS' => $this->register_backend_modfiles_body('js'),
342
                        'WB_URL' => WB_URL,
343
                        'ADMIN_URL' => ADMIN_URL,
344
                        'THEME_URL' => THEME_URL,
345
                        'INFO_URL' =>  ADMIN_URL.'/start/wb_info.php',
346
             ) );
347
        $footer_template->parse('header', 'footer_block', false);
348
        $footer_template->pparse('output', 'page');
349
    }
350

    
351
    // Return a system permission
352
    public function get_permission($name, $type = 'system') {
353
        // Append to permission type
354
        $type .= '_permissions';
355
        // Check if we have a section to check for
356
        if($name == 'start') {
357
            return true;
358
        } else {
359
            // Set system permissions var
360
            $system_permissions = $this->get_session('SYSTEM_PERMISSIONS');
361
            // Set module permissions var
362
            $module_permissions = $this->get_session('MODULE_PERMISSIONS');
363
            // Set template permissions var
364
            $template_permissions = $this->get_session('TEMPLATE_PERMISSIONS');
365
            // Return true if system perm = 1
366
            if (isset($$type) && is_array($$type) && is_numeric(array_search($name, $$type))) {
367
                if($type == 'system_permissions') {
368
                    return true;
369
                } else {
370
                    return false;
371
                }
372
            } else {
373
                if($type == 'system_permissions') {
374
                    return false;
375
                } else {
376
                    return true;
377
                }
378
            }
379
        }
380
    }
381

    
382
 public function get_user_details($user_id) {
383
  global $database;
384
  $retval = array('username'=>'unknown','display_name'=>'Unknown','email'=>'');
385
  $sql  = 'SELECT `username`,`display_name`,`email` ';
386
  $sql .= 'FROM `'.TABLE_PREFIX.'users` ';
387
  $sql .= 'WHERE `user_id`='.(int)$user_id;
388
  if( ($resUsers = $database->query($sql)) ) {
389
   if( ($recUser = $resUsers->fetchRow(MYSQLI_ASSOC)) ) {
390
    $retval = $recUser;
391
   }
392
  }
393
  return $retval;
394
 }
395

    
396
    //
397
    public function get_section_details( $section_id, $backLink = 'index.php' ) {
398
    global $database, $TEXT;
399
        $sql  = 'SELECT * FROM `'.TABLE_PREFIX.'sections` ';
400
        $sql .= 'WHERE `section_id`='.intval($section_id);
401
        if(($resSection = $database->query($sql))){
402
            if(!($recSection = $resSection->fetchRow(MYSQLI_ASSOC))) {
403
                $this->print_header();
404
                $this->print_error($TEXT['SECTION'].' '.$TEXT['NOT_FOUND'], $backLink, true);
405
            }
406
            } else {
407
                $this->print_header();
408
                $this->print_error($database->get_error(), $backLink, true);
409
            }
410
        return $recSection;
411
    }
412

    
413
    public function get_page_details( $page_id, $backLink = 'index.php' ) {
414
        global $database, $TEXT;
415
        $sql  = 'SELECT * FROM `'.TABLE_PREFIX.'pages` ';
416
        $sql .= 'WHERE `page_id`='.intval($page_id);
417
        if(($resPages = $database->query($sql))){
418
            if(!($recPage = $resPages->fetchRow(MYSQLI_ASSOC))) {
419
            $this->print_header();
420
            $this->print_error($TEXT['PAGE'].' '.$TEXT['NOT_FOUND'], $backLink, true);
421
            }
422
        } else {
423
            $this->print_header();
424
            $this->print_error($database->get_error(), $backLink, true);
425
        }
426
        return $recPage;
427
    }
428

    
429
    public function get_page_permission($page,$action='admin') {
430
        if($action != 'viewing') { $action = 'admin'; }
431
        $action_groups = $action.'_groups';
432
        $action_users  = $action.'_users';
433
        $groups = $users = '0';
434
        if(is_array($page)) {
435
            $groups = $page[$action_groups];
436
            $users  = $page[$action_users];
437
        } else {
438
            global $database;
439
            $sql  = 'SELECT `'.$action_groups.'`,`'.$action_users.'` ';
440
            $sql .= 'FROM `'.TABLE_PREFIX.'pages` ';
441
            $sql .= 'WHERE `page_id`='.(int)$page;
442
            if( ($res = $database->query($sql)) ) {
443
                if( ($rec = $res->fetchRow(MYSQLI_ASSOC)) ) {
444
                    $groups = $rec[$action_groups];
445
                    $users  = $rec[$action_users];
446
                }
447
            }
448
        }
449
        return ($this->ami_group_member($groups) || $this->is_group_match($this->get_user_id(), $users));
450
    }
451

    
452
    // Returns a system permission for a menu link
453
    public function get_link_permission($title) {
454
        $title = str_replace('_blank', '', $title);
455
        $title = strtolower($title);
456
        // Set system permissions var
457
        $system_permissions = $this->get_session('SYSTEM_PERMISSIONS');
458
        // Set module permissions var
459
        $module_permissions = $this->get_session('MODULE_PERMISSIONS');
460
        if($title == 'start') {
461
            return true;
462
        } else {
463
            // Return true if system perm = 1
464
            if(is_numeric(array_search($title, $system_permissions))) {
465
                return true;
466
            } else {
467
                return false;
468
            }
469
        }
470
    }
471

    
472
    // Function to add optional module Javascript or CSS stylesheets into the <body> section of the backend
473
    public function register_backend_modfiles_body($file_id="js")
474
    {
475
        $sCallingScript = $_SERVER['SCRIPT_NAME'];
476
        $AcpDir = str_replace('\\','/', ADMIN_PATH).'/';
477
        if( preg_match( '/'.'pages\/(settings|sections)\.php$/is', $sCallingScript)) {
478
          return;
479
        }
480
        // sanity check of parameter passed to the function
481
        $file_id = strtolower($file_id);
482
        if($file_id !== "javascript" && $file_id !== "js")
483
        {
484
            return;
485
        }
486
        global $database;
487
        $body_links = "";
488
        // define default baselink and filename for optional module javascript and stylesheet files
489
        if($file_id == "js") {
490
            $base_link = '<script src="'.WB_URL.'/modules/{MODULE_DIRECTORY}/backend_body.js" type="text/javascript"></script>';
491
            $base_file = "backend_body.js";
492
        }
493
        // check if backend_body.js files needs to be included to the <body></body> section of the backend
494
        if(isset($_GET['tool']))
495
        {
496
            // check if displayed page contains a installed admin tool
497
            $sql  = 'SELECT * FROM `'.TABLE_PREFIX.'addons` ';
498
            $sql .= 'WHERE `type`=\'module\' AND `function`=\'tool\' AND `directory`=\''.$database->escapeString($_GET['tool']).'\'';
499
            $result = $database->query($sql);
500
            if($result->numRows())
501
            {
502
                // check if admin tool directory contains a backend_body.js file to include
503
                $tool = $result->fetchRow(MYSQLI_ASSOC);
504
                if(file_exists(WB_PATH .'/modules/' .$tool['directory'] .'/'.$base_file))
505
                {
506
                    // return link to the backend_body.js file
507
                    return str_replace('{MODULE_DIRECTORY}', $tool['directory'], $base_link);
508
                }
509
            }
510
        } elseif(isset($_GET['page_id']) || isset($_POST['page_id']))
511
        {
512
            // check if displayed page in the backend contains a page module
513
            if (isset($_GET['page_id']))
514
            {
515
                $page_id = (int) $database->escapeString($_GET['page_id']);
516
            } else {
517
                $page_id = (int) $database->escapeString($_POST['page_id']);
518
            }
519
            // gather information for all models embedded on actual page
520
            $sql = 'SELECT DISTINCT `module` FROM `'.TABLE_PREFIX.'sections` WHERE `page_id`='.(int)$page_id;
521
            $query_modules = $database->query($sql);
522
            while($row = $query_modules->fetchRow(MYSQLI_ASSOC)) {
523
                // check if page module directory contains a backend_body.js file
524
                if(file_exists(WB_PATH .'/modules/' .$row['module'] .'/'.$base_file)) {
525
                    // create link with backend_body.js source for the current module
526
                    $tmp_link = str_replace("{MODULE_DIRECTORY}", $row['module'], $base_link);
527
                    // ensure that backend_body.js is only added once per module type
528
                    if(strpos($body_links, $tmp_link) === false) {
529
                        $body_links .= $tmp_link ."\n";
530
                    }
531
                }
532
            }
533
            // write out links with all external module javascript/CSS files, remove last line feed
534
            return rtrim($body_links);
535
        }
536
    }
537

    
538

    
539
    // Function to add optional module Javascript or CSS stylesheets into the <head> section of the backend  preg_quote($AcpDir,'/').
540
    public function register_backend_modfiles($file_id="css") {
541
        $sCallingScript = $_SERVER['SCRIPT_NAME'];
542
        $AcpDir = str_replace('\\','/', ADMIN_PATH).'/';
543
        if( preg_match( '/'.'pages\/(settings|sections)\.php$/is', $sCallingScript)) {
544
          return;
545
        }
546
        // sanity check of parameter passed to the function
547
        $file_id = strtolower($file_id);
548
        if($file_id !== "css" && $file_id !== "javascript" && $file_id !== "js") {
549
            return;
550
        }
551

    
552
        global $database;
553
        // define default baselink and filename for optional module javascript and stylesheet files
554
        $head_links = "";
555
        if($file_id == "css") {
556
          $base_link = '<link href="'.WB_URL.'/modules/{MODULE_DIRECTORY}/backend.css"';
557
            $base_link.= ' rel="stylesheet" type="text/css" media="screen" />';
558
            $base_file = "backend.css";
559
        } else {
560
            $base_link = '<script src="'.WB_URL.'/modules/{MODULE_DIRECTORY}/backend.js" type="text/javascript"></script>';
561
            $base_file = "backend.js";
562
        }
563

    
564
        // check if backend.js or backend.css files needs to be included to the <head></head> section of the backend
565
        if(isset($_GET['tool'])) {
566
            // check if displayed page contains a installed admin tool
567
            $sql  = 'SELECT * FROM `'.TABLE_PREFIX.'addons` ';
568
            $sql .= 'WHERE `type`=\'module\' AND `function`=\'tool\' AND `directory`=\''.$database->escapeString($_GET['tool']).'\'';
569
            $result = $database->query($sql);
570
            if($result->numRows()) {
571
                // check if admin tool directory contains a backend.js or backend.css file to include
572
                $tool = $result->fetchRow(MYSQLI_ASSOC);
573
                if(file_exists(WB_PATH .'/modules/' .$tool['directory'] .'/'.$base_file)) {
574
                    // return link to the backend.js or backend.css file
575
                    return str_replace("{MODULE_DIRECTORY}", $tool['directory'], $base_link);
576
                }
577
            }
578
        } elseif(isset($_GET['page_id']) || isset($_POST['page_id'])) {
579
            // check if displayed page in the backend contains a page module
580
            if (isset($_GET['page_id'])) {
581
                $page_id = (int)$_GET['page_id'];
582
            } else {
583
                $page_id = (int)$_POST['page_id'];
584
            }
585
            // gather information for all models embedded on actual page
586
            $sql = 'SELECT `module` FROM `'.TABLE_PREFIX.'sections` WHERE `page_id`='.(int)$page_id;
587
            $query_modules = $database->query($sql);
588
            while($row = $query_modules->fetchRow(MYSQLI_ASSOC)) {
589
//                if ($row['module']=='wysiwyg') {$row['module']=WYSIWYG_EDITOR;}
590
                // check if page module directory contains a backend.js or backend.css file
591
                if(file_exists(WB_PATH .'/modules/' .$row['module'] .'/'.$base_file))
592
                {
593
                    // create link with backend.js or backend.css source for the current module
594
                    $tmp_link = str_replace("{MODULE_DIRECTORY}", $row['module'], $base_link);
595
                    // ensure that backend.js or backend.css is only added once per module type
596
                    if(strpos($head_links, $tmp_link) === false) {
597
                        $head_links .= $tmp_link ."\n";
598
                    }
599
                }
600
            }
601
            // write out links with all external module javascript/CSS files, remove last line feed
602
            return rtrim($head_links);
603
        }
604
    }
605
}
(13-13/27)