Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         pages
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8
 * @copyright       2009-2011, Website Baker Org. e.V.
9
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12
 * @requirements    PHP 5.2.2 and higher
13
 * @version         $Id: sections.php 1357 2010-12-27 19:50:23Z FrankH $
14
 * @filesource		$HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/admin/pages/sections.php $
15
 * @lastmodified    $Date: 2010-12-27 20:50:23 +0100 (Mon, 27 Dec 2010) $
16
 *
17
 */
18

    
19
// Include config file
20
require('../../config.php');
21

    
22
// Make sure people are allowed to access this page
23
if(MANAGE_SECTIONS != 'enabled')
24
{
25
	header('Location: '.ADMIN_URL.'/pages/index.php');
26
	exit(0);
27
}
28

    
29
// Get page id
30
if(!isset($_GET['page_id']) OR !is_numeric($_GET['page_id']))
31
{
32
	header("Location: index.php");
33
	exit(0);
34
} else {
35
	$page_id = $_GET['page_id'];
36
}
37

    
38
$debug = false; // to show position and section_id
39
If(!defined('DEBUG')) { define('DEBUG',$debug);}
40
// Create new admin object
41
require_once(WB_PATH.'/framework/class.admin.php');
42
$admin = new admin('Pages', 'pages_modify');
43

    
44
if (!$admin->checkFTAN('get') and !$admin->checkFTAN())
45
{
46
	$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);
47
	exit();
48
}
49

    
50
// Check if we are supposed to add or delete a section
51
if(isset($_GET['section_id']) AND is_numeric($_GET['section_id']))
52
{
53
	// Get more information about this section
54
	$section_id = $_GET['section_id'];
55
    $sql  = 'SELECT `module` FROM `'.TABLE_PREFIX.'sections` ';
56
    $sql .= 'WHERE `section_id` ='.$section_id;
57
    $query_section = $database->query($sql);
58

    
59
	if($query_section->numRows() == 0)
60
    {
61
		$admin->print_error('Section not found');
62
	}
63
	$section = $query_section->fetchRow();
64
	// Include the modules delete file if it exists
65
	if(file_exists(WB_PATH.'/modules/'.$section['module'].'/delete.php'))
66
    {
67
		require(WB_PATH.'/modules/'.$section['module'].'/delete.php');
68
	}
69
    $sql  = 'DELETE FROM `'.TABLE_PREFIX.'sections` ';
70
    $sql .= 'WHERE `section_id` ='.$section_id.' LIMIT 1';
71
    $query_section = $database->query($sql);
72

    
73
	if($database->is_error())
74
    {
75
		$admin->print_error($database->get_error());
76
	} else {
77
		require(WB_PATH.'/framework/class.order.php');
78
		$order = new order(TABLE_PREFIX.'sections', 'position', 'section_id', 'page_id');
79
		$order->clean($page_id);
80
		$ftan2 = $admin->getFTAN(2);
81
		$admin->print_success($TEXT['SUCCESS'], ADMIN_URL."/pages/sections.php?page_id=$page_id&amp;$ftan2");
82
		$admin->print_footer();
83
		exit();
84
	}
85
} elseif(isset($_POST['module']) && $_POST['module'] != '')
86
{
87
	// Get section info
88
	$module = preg_replace("/\W/", "", $admin->add_slashes($_POST['module']));  // fix secunia 2010-91-4
89
	// Include the ordering class
90
	require(WB_PATH.'/framework/class.order.php');
91
	// Get new order
92
	$order = new order(TABLE_PREFIX.'sections', 'position', 'section_id', 'page_id');
93
	$position = $order->get_new($page_id);	
94
	// Insert module into DB
95
    $sql  = 'INSERT INTO `'.TABLE_PREFIX.'sections` SET ';
96
    $sql .= '`page_id` = '.$page_id.', ';
97
    $sql .= '`module` = "'.$module.'", ';
98
    $sql .= '`position` = '.$position.', ';
99
    $sql .= '`block`=1';
100
    $database->query($sql);
101
	// Get the section id
102
	$section_id = $database->get_one("SELECT LAST_INSERT_ID()");	
103
	// Include the selected modules add file if it exists
104
	if(file_exists(WB_PATH.'/modules/'.$module.'/add.php'))
105
    {
106
		require(WB_PATH.'/modules/'.$module.'/add.php');
107
	}
108
}
109

    
110
// Get perms
111
// $database = new database();
112
$sql  = 'SELECT `admin_groups`,`admin_users` FROM `'.TABLE_PREFIX.'pages` ';
113
$sql .= 'WHERE `page_id` = '.$page_id;
114
$results = $database->query($sql);
115

    
116
$results_array = $results->fetchRow();
117
$old_admin_groups = explode(',', $results_array['admin_groups']);
118
$old_admin_users = explode(',', $results_array['admin_users']);
119
$in_old_group = FALSE;
120
foreach($admin->get_groups_id() as $cur_gid)
121
{
122
	if (in_array($cur_gid, $old_admin_groups))
123
    {
124
		$in_old_group = TRUE;
125
	}
126
}
127
if((!$in_old_group) && !is_numeric(array_search($admin->get_user_id(), $old_admin_users)))
128
{
129
	$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);
130
}
131

    
132
// Get page details
133
// $database = new database();
134
$sql  = 'SELECT * FROM `'.TABLE_PREFIX.'pages` ';
135
$sql .= 'WHERE `page_id` = '.$page_id;
136
$results = $database->query($sql);
137

    
138
if($database->is_error())
139
{
140
	// $admin->print_header();
141
	$admin->print_error($database->get_error());
142
}
143
if($results->numRows() == 0)
144
{
145
	// $admin->print_header();
146
	$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);
147
}
148
$results_array = $results->fetchRow();
149

    
150
// Set module permissions
151
$module_permissions = $_SESSION['MODULE_PERMISSIONS'];
152

    
153
// Unset block var
154
unset($block);
155
// Include template info file (if it exists)
156
if($results_array['template'] != '')
157
{
158
	$template_location = WB_PATH.'/templates/'.$results_array['template'].'/info.php';
159
} else {
160
	$template_location = WB_PATH.'/templates/'.DEFAULT_TEMPLATE.'/info.php';
161
}
162
if(file_exists($template_location))
163
{
164
	require($template_location);
165
}
166
// Check if $menu is set
167
if(!isset($block[1]) OR $block[1] == '')
168
{
169
	// Make our own menu list
170
	$block[1] = $TEXT['MAIN'];
171
}
172

    
173
/*-- load css files with jquery --*/
174
// include jscalendar-setup
175
$jscal_use_time = true; // whether to use a clock, too
176
require_once(WB_PATH."/include/jscalendar/wb-setup.php");
177

    
178
// Setup template object
179
$template = new Template(THEME_PATH.'/templates');
180
$template->set_file('page', 'pages_sections.htt');
181
$template->set_block('page', 'main_block', 'main');
182
$template->set_var('FTAN', $admin->getFTAN());
183
$template->set_block('main_block', 'module_block', 'module_list');
184
$template->set_block('main_block', 'section_block', 'section_list');
185
$template->set_block('section_block', 'block_block', 'block_list');
186
$template->set_block('main_block', 'calendar_block', 'calendar_list');
187

    
188
// set first defaults and messages
189
$template->set_var(array(
190
				'PAGE_ID' => $results_array['page_id'],
191
				'PAGE_TITLE' => ($results_array['page_title']),
192
				'MENU_TITLE' => ($results_array['menu_title']),
193
				'TEXT_CURRENT_PAGE' => $TEXT['CURRENT_PAGE'],
194
				'HEADING_MANAGE_SECTIONS' => $HEADING['MANAGE_SECTIONS'],
195
				'HEADING_MODIFY_PAGE' => $HEADING['MODIFY_PAGE'],
196
				'TEXT_CHANGE_SETTINGS' => $TEXT['CHANGE_SETTINGS'],
197
				'TEXT_ADD_SECTION' => $TEXT['ADD_SECTION'],
198
				'TEXT_ID' => 'ID',
199
				'TEXT_TYPE' => $TEXT['TYPE'],
200
				'TEXT_BLOCK' => $TEXT['BLOCK'],
201
				'TEXT_PUBL_START_DATE' => $TEXT{'PUBL_START_DATE'},
202
				'TEXT_PUBL_END_DATE' => $TEXT['PUBL_END_DATE'],
203
				'TEXT_ACTIONS' => $TEXT['ACTIONS'],
204
				'ADMIN_URL' => ADMIN_URL,
205
				'WB_URL' => WB_URL,
206
				'WB_PATH' => WB_PATH,
207
				'THEME_URL' => THEME_URL
208
				) 
209
			);
210

    
211
// Insert variables
212
$ftan2 = $admin->getFTAN(2);
213
$template->set_var(array(
214
				'VAR_PAGE_ID' => $results_array['page_id'],
215
				'VAR_PAGE_TITLE' => $results_array['page_title'],
216
				'SETTINGS_LINK' => ADMIN_URL.'/pages/settings.php?page_id='.$results_array['page_id']."&amp;$ftan2",
217
				'MODIFY_LINK' => ADMIN_URL.'/pages/modify.php?page_id='.$results_array['page_id']."&amp;$ftan2"
218
				) 
219
			);
220

    
221
$sql  = 'SELECT `section_id`,`module`,`position`,`block`,`publ_start`,`publ_end` ';
222
$sql .= 'FROM `'.TABLE_PREFIX.'sections` ';
223
$sql .= 'WHERE `page_id` = '.$page_id.' ';
224
$sql .= 'ORDER BY `position` ASC';
225
$query_sections = $database->query($sql);
226

    
227
if($query_sections->numRows() > 0)
228
{
229
	$num_sections = $query_sections->numRows();
230
	while($section = $query_sections->fetchRow())
231
    {
232
		if(!is_numeric(array_search($section['module'], $module_permissions)))
233
        {
234
			// Get the modules real name
235
            $sql = 'SELECT `name` FROM `'.TABLE_PREFIX.'addons` ';
236
            $sql .= 'WHERE `directory` = "'.$section['module'].'"';
237
            $module_name = $database->get_one($sql);
238
            // if(DEBUG && $database->is_error()) { $admin->print_error($database->get_error()); }
239
            $module_tmp = ( trim($module_name) == '' ) ? $section['module'] : $module_name;
240

    
241

    
242
			if(SECTION_BLOCKS)
243
            {
244
                
245
				if(defined('EDIT_ONE_SECTION') && EDIT_ONE_SECTION)
246
                {
247
				    $edit_page ='<a name="'.$section['section_id'].'" href="'.ADMIN_URL.'/pages/modify.php?page_id='.$page_id."&amp;$ftan2&amp;wysiwyg=".$section['section_id'] .'">'.$module_tmp.'</a>';
248
                } else {
249
				    $edit_page ='<a name="'.$section['section_id'].'" href="'.ADMIN_URL.'/pages/modify.php?page_id='.$page_id.'#wb'.$section['section_id'].."&amp;$ftan2"'">'.$module_tmp.'</a>';
250
                }
251
                $edit_page = ( trim($module_name) == '' ) ? '<span class="module_disabled">'.$section['module'].'</span>' : $edit_page;
252
				$input_attribute = 'input_normal';
253
				$template->set_var(array(
254
						'STYLE_DISPLAY_SECTION_BLOCK' => ' style="visibility:visible;"',
255
						'NAME_SIZE' => 180,
256
						'INPUT_ATTRIBUTE' => $input_attribute,
257
						'VAR_SECTION_ID' => $section['section_id'],
258
						'VAR_POSITION' => $section['position'],
259
						'LINK_MODIFY_URL_VAR_MODUL_NAME' => $edit_page,
260
						'SELECT' => '',
261
						'SET_NONE_DISPLAY_OPTION' => ''
262
						)
263
					);
264
				// Add block options to the section_list
265
				$template->clear_var('block_list');
266
				foreach($block AS $number => $name)
267
                {
268
					$template->set_var('NAME', htmlentities(strip_tags($name)));
269
					$template->set_var('VALUE', $number);
270
					$template->set_var('SIZE', 1);
271
					if($section['block'] == $number)
272
                    {
273
						$template->set_var('SELECTED', ' selected="selected"');
274
					} else {
275
						$template->set_var('SELECTED', '');
276
					}
277
					$template->parse('block_list', 'block_block', true);
278
				}
279
			} else {
280
				$edit_page ='<a name="'.$section['section_id'].'" href="'.ADMIN_URL.'/pages/modify.php?page_id='.$page_id.'#'.$section['section_id']."&amp;$ftan2".'">'.$module_tmp.'</a>';
281
                $edit_page = ( trim($module_name) == '' ) ? '<span class="module_disabled">'.$section['module'].'</span>' : $edit_page;
282
				$input_attribute = 'input_small';
283
				$template->set_var(array(
284
						'STYLE_DISPLAY_SECTION_BLOCK' => ' style="display:none;"',
285
						'NAME_SIZE' => 270,
286
						'INPUT_ATTRIBUTE' => $input_attribute,
287
						'VAR_SECTION_ID' => $section['section_id'],
288
						'VAR_POSITION' => $section['position'],
289
						'LINK_MODIFY_URL_VAR_MODUL_NAME' => $edit_page,
290
						'NAME' => htmlentities(strip_tags($block[1])),
291
						'VALUE' => 1,
292
						'SET_NONE_DISPLAY_OPTION' => ''
293
						)
294
					);
295
			}
296
			// Insert icon and images
297
			$template->set_var(array(
298
						'CLOCK_16_PNG' => 'clock_16.png',
299
						'CLOCK_DEL_16_PNG' => 'clock_del_16.png',
300
						'DELETE_16_PNG' => 'delete_16.png'
301
						) 
302
					);
303
			// set calendar start values
304
			if($section['publ_start']==0)
305
            {
306
				$template->set_var('VALUE_PUBL_START', '');
307
			} else {
308
				$template->set_var('VALUE_PUBL_START', date($jscal_format, $section['publ_start']));
309
			}
310
			// set calendar start values
311
			if($section['publ_end']==0)
312
            {
313
				$template->set_var('VALUE_PUBL_END', '');
314
			} else {
315
				$template->set_var('VALUE_PUBL_END', date($jscal_format, $section['publ_end']));
316
			}
317
			// Insert icons up and down
318
			if($section['position'] != 1 )
319
            {
320
				$template->set_var(
321
							'VAR_MOVE_UP_URL',
322
							'<a href="'.ADMIN_URL.'/pages/move_up.php?page_id='.$page_id.'&amp;section_id='.$section['section_id']."&amp;$ftan2".'">
323
							<img src="'.THEME_URL.'/images/up_16.png" alt="{TEXT_MOVE_UP}" />
324
							</a>' );
325
			} else {
326
				$template->set_var(array(
327
							'VAR_MOVE_UP_URL' => ''
328
							) 
329
						);
330
			}
331
			if($section['position'] != $num_sections ) {
332
				$template->set_var(
333
							'VAR_MOVE_DOWN_URL',
334
							'<a href="'.ADMIN_URL.'/pages/move_down.php?page_id='.$page_id.'&amp;section_id='.$section['section_id']."&amp;$ftan2".'">
335
							<img src="'.THEME_URL.'/images/down_16.png" alt="{TEXT_MOVE_DOWN}" />
336
							</a>' );
337
			} else {
338
				$template->set_var(array(
339
							'VAR_MOVE_DOWN_URL' => ''
340
							) 
341
						);
342
			}
343
		} else {
344
		  continue;
345
		}
346

    
347
			$template->set_var(array(
348
							'DISPLAY_DEBUG' => ' style="visibility="visible;"',
349
							'TEXT_SID' => 'SID',
350
							'DEBUG_COLSPAN_SIZE' => 9
351
							) 
352
						);
353
		if($debug)
354
        {
355
			$template->set_var(array(
356
							'DISPLAY_DEBUG' => ' style="visibility="visible;"',
357
							'TEXT_PID' => 'PID',
358
							'TEXT_SID' => 'SID',
359
							'POSITION' => $section['position']
360
							) 
361
						);
362
		} else {
363
			$template->set_var(array(
364
							'DISPLAY_DEBUG' => ' style="display:none;"',
365
							'TEXT_PID' => '',
366
							'POSITION' => ''
367
							) 
368
						);
369
		}
370
		$template->parse('section_list', 'section_block', true);
371
	}
372
}
373

    
374
// now add the calendars -- remember to to set the range to [1970, 2037] if the date is used as timestamp!
375
// the loop is simply a copy from above.
376
$sql  = 'SELECT `section_id`,`module` FROM `'.TABLE_PREFIX.'sections` ';
377
$sql .= 'WHERE page_id = '.$page_id.' ';
378
$sql .= 'ORDER BY `position` ASC';
379
$query_sections = $database->query($sql);
380

    
381
if($query_sections->numRows() > 0)
382
{
383
	$num_sections = $query_sections->numRows();
384
	while($section = $query_sections->fetchRow())
385
    {
386
		// Get the modules real name
387
        $sql  = 'SELECT `name` FROM `'.TABLE_PREFIX.'addons` ';
388
        $sql .= 'WHERE `directory` = "'.$section['module'].'"';
389
        $module_name = $database->get_one($sql);
390

    
391
		if(!is_numeric(array_search($section['module'], $module_permissions)))
392
        {
393
			$template->set_var(array(
394
						'jscal_ifformat' => $jscal_ifformat,
395
						'jscal_firstday' => $jscal_firstday,
396
						'jscal_today' => $jscal_today,
397
						'start_date' => 'start_date'.$section['section_id'],
398
						'end_date' => 'end_date'.$section['section_id'],
399
						'trigger_start' => 'trigger_start'.$section['section_id'],
400
						'trigger_end' => 'trigger_stop'.$section['section_id']
401
						) 
402
					);
403
			if(isset($jscal_use_time) && $jscal_use_time==TRUE) {
404
				$template->set_var(array(
405
						'showsTime' => "true",
406
						'timeFormat' => "24"
407
						) 
408
					);
409
			}  else {
410
				$template->set_var(array(
411
						'showsTime' => "false",
412
						'timeFormat' => "24"
413
						) 
414
					);
415
			}
416
		}
417
		$template->parse('calendar_list', 'calendar_block', true);
418
	}
419
}
420

    
421
// Work-out if we should show the "Add Section" form
422
$sql  = 'SELECT `section_id` FROM `'.TABLE_PREFIX.'sections` ';
423
$sql .= 'WHERE `page_id` = '.$page_id.' AND `module` = "menu_link"';
424
$query_sections = $database->query($sql);
425
if($query_sections->numRows() == 0)
426
{
427
	// Modules list
428
    $sql  = 'SELECT `name`,`directory`,`type` FROM `'.TABLE_PREFIX.'addons` ';
429
    $sql .= 'WHERE `type` = "module" AND `function` = "page" AND `directory` != "menu_link" ';
430
    $sql .= 'ORDER BY `name`';
431
    $result = $database->query($sql);
432
// if(DEBUG && $database->is_error()) { $admin->print_error($database->get_error()); }
433

    
434
	if($result->numRows() > 0)
435
    {
436
		while ($module = $result->fetchRow())
437
        {
438
			// Check if user is allowed to use this module   echo  $module['directory'],'<br />';
439
			if(!is_numeric(array_search($module['directory'], $module_permissions)))
440
            {
441
				$template->set_var('VALUE', $module['directory']);
442
				$template->set_var('NAME', $module['name']);
443
				if($module['directory'] == 'wysiwyg')
444
                {
445
					$template->set_var('SELECTED', ' selected="selected"');
446
				} else {
447
					$template->set_var('SELECTED', '');
448
				}
449
				$template->parse('module_list', 'module_block', true);
450
			} else {
451
			  continue;
452
			}
453
		}
454
	}
455
}
456
// Insert language text and messages
457
$template->set_var(array(
458
					'TEXT_MANAGE_SECTIONS' => $HEADING['MANAGE_SECTIONS'],
459
					'TEXT_ARE_YOU_SURE' => $TEXT['ARE_YOU_SURE'],
460
					'TEXT_TYPE' => $TEXT['TYPE'],
461
					'TEXT_ADD' => $TEXT['ADD'],
462
					'TEXT_SAVE' =>  $TEXT['SAVE'],
463
					'TEXTLINK_MODIFY_PAGE' => $HEADING['MODIFY_PAGE'],
464
					'TEXT_CALENDAR' => $TEXT['CALENDAR'],
465
					'TEXT_DELETE_DATE' => $TEXT['DELETE_DATE'],
466
					'TEXT_ADD_SECTION' => $TEXT['ADD_SECTION'],
467
					'TEXT_MOVE_UP' => $TEXT['MOVE_UP'],
468
					'TEXT_MOVE_DOWN' => $TEXT['MOVE_DOWN']
469
					)
470
				);
471
$template->parse('main', 'main_block', false);
472
$template->pparse('output', 'page');
473

    
474
// Print admin footer
475
$admin->print_footer();
476

    
477
?>
(17-17/21)