| 1 |
2
|
Manuela
|
<?php
|
| 2 |
|
|
/**
|
| 3 |
|
|
*
|
| 4 |
|
|
* @category backend
|
| 5 |
|
|
* @package modules
|
| 6 |
|
|
* @author WebsiteBaker Project
|
| 7 |
|
|
* @copyright Ryan Djurovich
|
| 8 |
|
|
* @copyright WebsiteBaker Org. e.V.
|
| 9 |
|
|
* @link http://websitebaker.org/
|
| 10 |
|
|
* @license http://www.gnu.org/licenses/gpl.html
|
| 11 |
|
|
* @platform WebsiteBaker 2.8.3
|
| 12 |
|
|
* @requirements PHP 5.3.6 and higher
|
| 13 |
|
|
* @version $Id$
|
| 14 |
|
|
* @filesource $HeadURL$
|
| 15 |
|
|
* @lastmodified $Date$
|
| 16 |
|
|
*
|
| 17 |
|
|
*/
|
| 18 |
|
|
|
| 19 |
|
|
/* -------------------------------------------------------- */
|
| 20 |
|
|
// Must include code to stop this file being accessed directly
|
| 21 |
|
|
if(defined('WB_PATH') == false) { die("Cannot access this file directly"); }
|
| 22 |
|
|
/* -------------------------------------------------------- */
|
| 23 |
|
|
|
| 24 |
|
|
// Create new admin object, you can set the next variable in your module
|
| 25 |
|
|
// to print with or without header, default is with header
|
| 26 |
|
|
// it is recommed to set the variable before including the /modules/admin.php
|
| 27 |
|
|
$admin_header = (!isset($admin_header)) ? true : $admin_header;
|
| 28 |
|
|
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
|
| 29 |
|
|
$admin = new admin('Pages', 'pages_modify',(bool)$admin_header);
|
| 30 |
|
|
// get request method
|
| 31 |
|
|
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
|
| 32 |
|
|
$aRequestVars = (isset(${$requestMethod}) ? ${$requestMethod} : null);
|
| 33 |
|
|
// Get page id (on error page_id == 0))
|
| 34 |
|
|
$page_id = intval(isset(${$requestMethod}['page_id'])
|
| 35 |
|
|
? ${$requestMethod}['page_id']
|
| 36 |
|
|
: (isset($page_id) ? $page_id : 0)
|
| 37 |
|
|
);
|
| 38 |
|
|
|
| 39 |
|
|
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
|
| 40 |
|
|
$section_id = intval(isset(${$requestMethod}['section_id'])
|
| 41 |
|
|
? ${$requestMethod}['section_id']
|
| 42 |
|
|
: (isset($section_id) ? $section_id : 0)
|
| 43 |
|
|
);
|
| 44 |
|
|
|
| 45 |
|
|
$module_dir = basename( dirname($_SERVER["SCRIPT_NAME"]) );
|
| 46 |
|
|
|
| 47 |
|
|
// Create js back link
|
| 48 |
|
|
$js_back = ADMIN_URL.'/pages/sections.php?page_id='.$page_id;
|
| 49 |
|
|
|
| 50 |
|
|
// Get perms
|
| 51 |
|
|
// unset($admin_header);
|
| 52 |
|
|
if( !is_numeric( $page_id ) ) {
|
| 53 |
|
|
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL );
|
| 54 |
|
|
} elseif ($page_id > 0) {
|
| 55 |
|
|
$page = $admin->get_page_details($page_id, ADMIN_URL.'/pages/index.php' );
|
| 56 |
|
|
} else {
|
| 57 |
|
|
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS'], ADMIN_URL );
|
| 58 |
|
|
}
|
| 59 |
|
|
|
| 60 |
|
|
$old_admin_groups = explode(',', str_replace('_', '', $page['admin_groups']));
|
| 61 |
|
|
$old_admin_users = explode(',', str_replace('_', '', $page['admin_users']));
|
| 62 |
|
|
|
| 63 |
|
|
$in_group = false;
|
| 64 |
|
|
foreach($admin->get_groups_id() as $cur_gid){
|
| 65 |
|
|
if (in_array($cur_gid, $old_admin_groups)) {
|
| 66 |
|
|
$in_group = true;
|
| 67 |
|
|
}
|
| 68 |
|
|
}
|
| 69 |
|
|
|
| 70 |
|
|
if((!$in_group) && !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) {
|
| 71 |
|
|
print $admin->get_group_id().$admin->get_user_id();
|
| 72 |
|
|
// print_r ($old_admin_groups);
|
| 73 |
|
|
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS'] );
|
| 74 |
|
|
}
|
| 75 |
|
|
|
| 76 |
|
|
// some additional security checks:
|
| 77 |
|
|
// Check whether the section_id belongs to the page_id at all
|
| 78 |
|
|
if( !is_numeric( $section_id ) ) {
|
| 79 |
|
|
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL );
|
| 80 |
|
|
} elseif ($section_id > 0) {
|
| 81 |
|
|
$section = $admin->get_section_details($section_id, ADMIN_URL.'/pages/index.php');
|
| 82 |
|
|
if (!$admin->get_permission($section['module'], 'module'))
|
| 83 |
|
|
{
|
| 84 |
|
|
$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS'], ADMIN_URL );
|
| 85 |
|
|
}
|
| 86 |
|
|
}
|
| 87 |
|
|
|
| 88 |
|
|
// Workout if the developer wants to show the info banner
|
| 89 |
|
|
if(isset($print_info_banner) && $print_info_banner == true) {
|
| 90 |
|
|
// Get page details already defined
|
| 91 |
|
|
|
| 92 |
|
|
// Get display name of person who last modified the page
|
| 93 |
|
|
$user = $admin->get_user_details($page['modified_by']);
|
| 94 |
|
|
|
| 95 |
|
|
// Convert the unix ts for modified_when to human a readable form
|
| 96 |
|
|
$modified_ts = 'Unknown';
|
| 97 |
|
|
if($page['modified_when'] != 0) {
|
| 98 |
|
|
$modified_ts = gmdate(TIME_FORMAT.', '.DATE_FORMAT, $page['modified_when']+TIMEZONE);
|
| 99 |
|
|
}
|
| 100 |
|
|
|
| 101 |
|
|
// Setup template object, parse vars to it, then parse it
|
| 102 |
|
|
// Create new template object
|
| 103 |
|
|
$template = new Template(dirname($admin->correct_theme_source('pages_modify.htt')));
|
| 104 |
|
|
// $template->debug = true;
|
| 105 |
|
|
$template->set_file('page', 'pages_modify.htt');
|
| 106 |
|
|
$template->set_block('page', 'main_block', 'main');
|
| 107 |
|
|
$template->set_block('main_block', 'section_block', 'section_list');
|
| 108 |
|
|
$template->set_block('section_block', 'block_block', 'block_list');
|
| 109 |
|
|
$template->set_var(array(
|
| 110 |
|
|
'PAGE_ID' => $page['page_id'],
|
| 111 |
|
|
// 'PAGE_IDKEY' => $admin->getIDKEY($page['page_id']),
|
| 112 |
|
|
'PAGE_IDKEY' => $page['page_id'],
|
| 113 |
|
|
'PAGE_TITLE' => ($page['page_title']),
|
| 114 |
|
|
'MENU_TITLE' => ($page['menu_title']),
|
| 115 |
|
|
'ADMIN_URL' => ADMIN_URL,
|
| 116 |
|
|
'WB_URL' => WB_URL,
|
| 117 |
|
|
'THEME_URL' => THEME_URL
|
| 118 |
|
|
));
|
| 119 |
|
|
|
| 120 |
|
|
$template->set_var(array(
|
| 121 |
|
|
'MODIFIED_BY' => $user['display_name'],
|
| 122 |
|
|
'MODIFIED_BY_USERNAME' => $user['username'],
|
| 123 |
|
|
'MODIFIED_WHEN' => $modified_ts,
|
| 124 |
|
|
'LAST_MODIFIED' => $MESSAGE['PAGES_LAST_MODIFIED'],
|
| 125 |
|
|
));
|
| 126 |
|
|
|
| 127 |
|
|
$template->set_block('main_block', 'show_modify_block', 'show_modify');
|
| 128 |
|
|
if($modified_ts == 'Unknown')
|
| 129 |
|
|
{
|
| 130 |
|
|
$template->set_block('show_modify', '');
|
| 131 |
|
|
$template->set_var('CLASS_DISPLAY_MODIFIED', 'hide');
|
| 132 |
|
|
|
| 133 |
|
|
} else {
|
| 134 |
|
|
$template->set_var('CLASS_DISPLAY_MODIFIED', '');
|
| 135 |
|
|
$template->parse('show_modify', 'show_modify_block', true);
|
| 136 |
|
|
}
|
| 137 |
|
|
|
| 138 |
|
|
// Work-out if we should show the "manage sections" link
|
| 139 |
|
|
$sql = 'SELECT `section_id` FROM `'.TABLE_PREFIX.'sections` WHERE `page_id` = '.(int)$page_id.' ';
|
| 140 |
|
|
$sql .= 'AND `module` = "menu_link"';
|
| 141 |
|
|
$query_sections = $database->query($sql);
|
| 142 |
|
|
|
| 143 |
|
|
$template->set_block('main_block', 'show_section_block', 'show_section');
|
| 144 |
|
|
if($query_sections->numRows() > 0)
|
| 145 |
|
|
{
|
| 146 |
|
|
$template->set_block('show_section', '');
|
| 147 |
|
|
$template->set_var('DISPLAY_MANAGE_SECTIONS', 'display:none;');
|
| 148 |
|
|
|
| 149 |
|
|
} elseif(MANAGE_SECTIONS == 'enabled')
|
| 150 |
|
|
{
|
| 151 |
|
|
|
| 152 |
|
|
$template->set_var('TEXT_MANAGE_SECTIONS', $HEADING['MANAGE_SECTIONS']);
|
| 153 |
|
|
$template->parse('show_section', 'show_section_block', true);
|
| 154 |
|
|
|
| 155 |
|
|
} else {
|
| 156 |
|
|
$template->set_block('show_section', '');
|
| 157 |
|
|
$template->set_var('DISPLAY_MANAGE_SECTIONS', 'display:none;');
|
| 158 |
|
|
|
| 159 |
|
|
}
|
| 160 |
|
|
|
| 161 |
|
|
// Insert language TEXT
|
| 162 |
|
|
$template->set_var(array(
|
| 163 |
|
|
'TEXT_CURRENT_PAGE' => $TEXT['CURRENT_PAGE'],
|
| 164 |
|
|
'TEXT_CHANGE_SETTINGS' => $TEXT['CHANGE_SETTINGS'],
|
| 165 |
|
|
'HEADING_MODIFY_PAGE' => $HEADING['MODIFY_PAGE']
|
| 166 |
|
|
));
|
| 167 |
|
|
|
| 168 |
|
|
// Parse and print header template
|
| 169 |
|
|
$template->parse('main', 'main_block', false);
|
| 170 |
|
|
$template->pparse('output', 'page');
|
| 171 |
|
|
// unset($print_info_banner);
|
| 172 |
|
|
unset($template);
|
| 173 |
|
|
$sSectionBlock = '<div class="block-outer">'."\n";
|
| 174 |
|
|
|
| 175 |
|
|
if (/*SECTION_BLOCKS && */isset($section) ) {
|
| 176 |
|
|
if (isset($block[$section['block']]) && trim(strip_tags(($block[$section['block']]))) != '')
|
| 177 |
|
|
{
|
| 178 |
|
|
$block_name = htmlentities(strip_tags($block[$section['block']]));
|
| 179 |
|
|
} else {
|
| 180 |
|
|
if ($section['block'] == 1)
|
| 181 |
|
|
{
|
| 182 |
|
|
$block_name = $TEXT['MAIN'];
|
| 183 |
|
|
} else {
|
| 184 |
|
|
$block_name = '#' . (int) $section['block'];
|
| 185 |
|
|
}
|
| 186 |
|
|
}
|
| 187 |
|
|
$now = time();
|
| 188 |
|
|
$bSectionInactive = !(($now<=$section['publ_end'] || $section['publ_end']==0) && ($now>=$section['publ_start'] || $section['publ_start']==0));
|
| 189 |
|
|
// $sSectionInfoLine = ($bSectionInactive ? false: true);
|
| 190 |
|
|
$sSectionInfoLine = ($bSectionInactive ? 'inactive': 'active');
|
| 191 |
|
|
// $sSectionInfoLine = ($bSectionInactive ? '<div class="section-inactive">': '<div class="section-active">')."\n" ;
|
| 192 |
|
|
/*
|
| 193 |
|
|
$sec_anchor = (defined( 'SEC_ANCHOR' ) && ( SEC_ANCHOR != '' ) ? 'id="'.SEC_ANCHOR.$section['section_id'].'"' : '');
|
| 194 |
|
|
$sSectionInfoLine = '<div class="section-info" '.$sec_anchor.' ><b>'.$TEXT['BLOCK']
|
| 195 |
|
|
. ': </b>'.$block_name.' ('.$section['block'].') <b> Modul: </b>'
|
| 196 |
|
|
. $section['module'].'<b> ID: </b>'.$section_id.'</div>'.PHP_EOL;
|
| 197 |
|
|
echo $sSectionInfoLine;
|
| 198 |
|
|
*/
|
| 199 |
|
|
$sSectionIdPrefix = (defined( 'SEC_ANCHOR' ) && ( SEC_ANCHOR != '' ) ? SEC_ANCHOR : '' );
|
| 200 |
|
|
$sCallingScript = $_SERVER['SCRIPT_NAME'];
|
| 201 |
|
|
$data = array();
|
| 202 |
|
|
echo $sSectionBlock;
|
| 203 |
|
|
|
| 204 |
|
|
$tpl = new Template(dirname($admin->correct_theme_source('SectionInfoLine.htt')),'keep');
|
| 205 |
|
|
// $template->debug = true;
|
| 206 |
|
|
$tpl->set_file('page', 'SectionInfoLine.htt');
|
| 207 |
|
|
|
| 208 |
|
|
$tpl->set_block('page', 'main_block', 'main');
|
| 209 |
|
|
$tpl->set_block('main_block', 'section_block', 'section_save');
|
| 210 |
|
|
|
| 211 |
|
|
$data['aTarget.SectionIdPrefix'] = $sSectionIdPrefix.$section_id;
|
| 212 |
|
|
$data['aTarget.SectionInfoLine'] = $sSectionInfoLine;
|
| 213 |
|
|
$data['aTarget.SectionIdPrefix'] = $sSectionIdPrefix.$section_id;
|
| 214 |
|
|
$data['aTarget.sectionBlock'] = $section['block'];
|
| 215 |
|
|
$data['aTarget.SectionId'] = $section_id;
|
| 216 |
|
|
$data['aTarget.pageId'] = $page_id;
|
| 217 |
|
|
$data['aTarget.FTAN'] = $admin->getFTAN();
|
| 218 |
|
|
$data['aTarget.BlockName'] = $block_name;
|
| 219 |
|
|
$data['aTarget.sectionUrl'] = ADMIN_URL.'/pages/';
|
| 220 |
|
|
$data['aTarget.sectionModule'] = $section['module'];
|
| 221 |
|
|
$data['aTarget.title'] = $section['title'];
|
| 222 |
|
|
$tpl->parse('section_save', '');
|
| 223 |
|
|
if( preg_match( '/'.preg_quote(ADMIN_PATH,'/').'\/pages\/(settings|sections)\.php$/is', $sCallingScript)) {
|
| 224 |
|
|
if( $admin->get_permission('pages_settings') ) {
|
| 225 |
|
|
$data['lang.TEXT_SUBMIT'] = $TEXT['SAVE'];
|
| 226 |
|
|
$tpl->parse('section_save', 'section_block');
|
| 227 |
|
|
}
|
| 228 |
|
|
}
|
| 229 |
|
|
$tpl->set_var($data);
|
| 230 |
|
|
$tpl->parse('main', 'main_block', false);
|
| 231 |
|
|
$tpl->pparse('output', 'page');
|
| 232 |
|
|
unset($tpl);
|
| 233 |
|
|
}
|
| 234 |
|
|
//print '<pre>';print_r( $aTokens = unserialize($_SESSION['TOKENS']) );print '</pre>';
|
| 235 |
|
|
} //
|
| 236 |
|
|
|
| 237 |
|
|
// Work-out if the developer wants us to update the timestamp for when the page was last modified
|
| 238 |
|
|
if(isset($update_when_modified) && $update_when_modified == true) {
|
| 239 |
|
|
$sql = 'UPDATE `'.TABLE_PREFIX.'pages` SET '
|
| 240 |
|
|
. '`modified_when` = '.time().','
|
| 241 |
|
|
. '`modified_by` = '.$admin->get_user_id().' '
|
| 242 |
|
|
. 'WHERE `page_id` = '.$page_id;
|
| 243 |
|
|
$database->query($sql);
|
| 244 |
|
|
}
|