/trunk/admin/pages/sections_save.php - Annotate - WB 2.11.0 - Tracking

2

Manuela

<?php

2

/**

3

4

 * @category        admin

5

 * @package         pages

6

 * @author          WebsiteBaker Project

7

 * @copyright       Ryan Djurovich

8

 * @copyright       WebsiteBaker Org. e.V.

9

 * @link            http://websitebaker.org/

10

 * @license         http://www.gnu.org/licenses/gpl.html

11

 * @platform        WebsiteBaker 2.8.3

12

 * @requirements    PHP 5.3.6 and higher

13

 * @version         $Id$

14

 * @filesource      $HeadURL$

15

 * @lastmodified    $Date$

16

17

*/

18

19

// Include config file

20

if ( !defined( 'WB_PATH' ) ){ require( dirname(dirname((__DIR__))).'/config.php' ); }

21

22

$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);

23

$aRequestVars = (isset(${$requestMethod})) ? ${$requestMethod} : null;

24

// Make sure people are allowed to access this page

25

if(MANAGE_SECTIONS != 'enabled') {

26

    header('Location: '.ADMIN_URL.'/pages/index.php');

27

    exit(0);

28

29

30

require_once(WB_PATH."/include/jscalendar/jscalendar-functions.php");

31

/**/

32

// Create new admin object

33

if ( !class_exists('admin', false) ) { require(WB_PATH.'/framework/class.admin.php'); }

34

// suppress to print the header, so no new FTAN will be set

35

$admin = new admin('Pages', 'pages_modify',false);

36

37

// Get page id

38

if(!isset($aRequestVars['page_id']) || !is_numeric($aRequestVars['page_id'])) {

39

    $sInfo = __LINE__.') '.strtoupper(basename(__DIR__).'_'.basename(__FILE__, ''.PAGE_EXTENSION)).'::';

40

    $sDEBUG=(@DEBUG?$sInfo:'');

41

    $admin->print_error($sDEBUG.$MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);

42

    exit(0);

43

} else {

44

    $iPageId = $page_id = (int)$aRequestVars['page_id'];

45

46

47

$callingScript = $_SERVER['HTTP_REFERER'];

48

$sBackLink = $callingScript.'?page_id='.$iPageId;

49

//$sBackLink = ADMIN_URL.'/pages/sections.php?page_id='.$iPageId;

50

51

if (!$admin->checkFTAN())

52

53

    $admin->print_header();

54

    $sInfo = __LINE__.') '.strtoupper(basename(__DIR__).'_'.basename(__FILE__, ''.PAGE_EXTENSION)).'::';

55

    $sDEBUG=(@DEBUG?$sInfo:'');

56

    $admin->print_error($sDEBUG.$MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL);

57

58

/*

59

if( (!($page_id = $admin->checkIDKEY('page_id', 0, $_SERVER['REQUEST_METHOD']))) )

60

61

    $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);

62

    exit();

63

64

*/

65

// Get perms

66

$sql  = 'SELECT `admin_groups`,`admin_users` FROM `'.TABLE_PREFIX.'pages` '

67

      . ' WHERE `page_id` = '.(int)$page_id. '';

68

$results = $database->query($sql);

69

$results_array = $results->fetchRow(MYSQLI_ASSOC);

70

$old_admin_groups = explode(',', $results_array['admin_groups']);

71

$old_admin_users = explode(',', $results_array['admin_users']);

72

$in_old_group = FALSE;

73

foreach($admin->get_groups_id() as $cur_gid){

74

    if (in_array($cur_gid, $old_admin_groups)) {

75

        $in_old_group = TRUE;

76

77

78

if((!$in_old_group) && !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) {

79

    $sInfo = __LINE__.') '.(basename(__DIR__).'_'.basename(__FILE__, ''.PAGE_EXTENSION)).'::';

80

    $sDEBUG=(@DEBUG?$sInfo:'');

81

    $admin->print_error($sDEBUG.$MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);

82

83

84

// Get page details

85

$query = 'SELECT COUNT(`page_id`) `numRows` FROM `'.TABLE_PREFIX.'pages` WHERE `page_id` = '.(int)$page_id.'';

86

$numRows = $database->get_one($query);

87

if($database->is_error()) {

88

    $admin->print_header();

89

    $sInfo = __LINE__.') '.strtoupper(basename(__DIR__).'_'.basename(__FILE__, ''.PAGE_EXTENSION)).'_DATABASE_ERROR::';

90

    $sDEBUG=(@DEBUG?$sInfo:'');

91

    $admin->print_error($sDEBUG.$database->get_error());

92

93

if($numRows == 0) {

94

    $admin->print_header();

95

    $sInfo = __LINE__.') '.strtoupper(basename(__DIR__).'_'.basename(__FILE__, ''.PAGE_EXTENSION)).'::';

96

    $sDEBUG=(@DEBUG?$sInfo:'');

97

    $admin->print_error($sDEBUG.$MESSAGE['PAGES_NOT_FOUND']);

98

99

// After check print the header

100

$admin->print_header();

101

102

$results_array = $results->fetchRow(MYSQLI_ASSOC);

103

// Set module permissions

104

$module_permissions = $_SESSION['MODULE_PERMISSIONS'];

105

106

$aSql = array();

107

$section_id = intval($admin->get_post('section_id') );

108

$sTitle  = $admin->StripCodeFromText( $admin->get_post('title_'.$section_id ) );

109

$bSaveTitle = isset( $aRequestVars['inputSection'] );

110

if( $bSaveTitle ) {

111

  $aSql[]  = 'UPDATE `'.TABLE_PREFIX.'sections` SET '

112

         . '`title`=\''.$database->escapeString($sTitle).'\' '

113

         . 'WHERE `section_id`='.(int)$section_id;

114

  foreach( $aSql as $sSql ) {

115

      if(!$database->query($sSql)) {

} else {

120

// Loop through sections

121

    $sql  = 'SELECT `section_id`,`module`,`position` FROM `'.TABLE_PREFIX.'sections` '

122

          . 'WHERE `page_id` = '.(int)$page_id.' '

123

          . 'ORDER BY `position` ';

124

    if($query_sections = $database->query($sql))

125

126

        $num_sections = $query_sections->numRows();

127

        while($section = $query_sections->fetchRow(MYSQLI_ASSOC)) {

128

            if(!is_numeric(array_search($section['module'], $module_permissions))) {

129

                // Update the section record with properties

130

                $section_id = $section['section_id'];

131

                $sql = ''; $publ_start = 0; $publ_end = 0;

132

                $dst = date("I")?" DST":""; // daylight saving time?

133

                if(isset($_POST['block'.$section_id]) && $_POST['block'.$section_id] != '') {

134

                    $sql = "block = '".$admin->add_slashes($_POST['block'.$section_id])."'";

135

136

                // update publ_start and publ_end, trying to make use of the strtotime()-features like "next week", "+1 month", ...

137

                if(isset($_POST['start_date'.$section_id]) && isset($_POST['end_date'.$section_id])) {

138

                    if(trim($_POST['start_date'.$section_id]) == '0' || trim($_POST['start_date'.$section_id]) == '') {

139

                        $publ_start = 0;

140

                    } else {

141

                        $publ_start = jscalendar_to_timestamp($_POST['start_date'.$section_id]);

142

143

                    if(trim($_POST['end_date'.$section_id]) == '0' || trim($_POST['end_date'.$section_id]) == '') {

144

                        $publ_end = 0;

145

                    } else {

146

                        $publ_end = jscalendar_to_timestamp($_POST['end_date'.$section_id], $publ_start);

147

148

                    if($sql != ''){$sql .= ",";}

149

                    $sql .= " publ_start = '".$database->escapeString($publ_start)."'";

150

                    $sql .= ", publ_end = '".$database->escapeString($publ_end)."'";

151

152

153

                $query = "UPDATE ".TABLE_PREFIX."sections SET $sql WHERE section_id = '$section_id'";

154

                if($sql != '') {

155

                    $database->query($query);

// Check for error or print success message

162

if($database->is_error()) {

163

    $sInfo = __LINE__.') '.strtoupper(basename(__DIR__).'_'.basename(__FILE__, ''.PAGE_EXTENSION)).'::';

164

    $sDEBUG=(@DEBUG?$sInfo:'');

165

    $admin->print_error($sDEBUG.$database->get_error(), ADMIN_URL.'/pages/sections.php?page_id='.$page_id );

166

} else {

167

    $admin->print_success($MESSAGE['PAGES_SECTIONS_PROPERTIES_SAVED'], $sBackLink );

168

169

170

// Print admin footer

171

$admin->print_footer();

Project

General

Profile

WB 2.11.0

Project

General

Profile

WB 2.11.0

wb-2_10_x/trunk/admin/pages/sections_save.php