Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         pages
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8
 * @copyright       2009-2011, Website Baker Org. e.V.
9
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12
 * @requirements    PHP 5.2.2 and higher
13
 * @version         $Id: sections.php 1404 2011-01-22 12:20:01Z Luisehahne $
14
 * @filesource		$HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/admin/pages/sections.php $
15
 * @lastmodified    $Date: 2011-01-22 13:20:01 +0100 (Sat, 22 Jan 2011) $
16
 *
17
 */
18

    
19
// Include config file
20
require('../../config.php');
21

    
22
// Make sure people are allowed to access this page
23
if(MANAGE_SECTIONS != 'enabled')
24
{
25
	header('Location: '.ADMIN_URL.'/pages/index.php');
26
	exit(0);
27
}
28
/* */
29
$debug = false; // to show position and section_id
30
If(!defined('DEBUG')) { define('DEBUG',$debug);}
31
// Create new admin object
32
require_once(WB_PATH.'/framework/class.admin.php');
33
$admin = new admin('Pages', 'pages_modify');
34

    
35
// Get page id
36
if(!isset($_GET['page_id']) || !is_numeric($_GET['page_id']))
37
{
38
	header("Location: index.php");
39
	exit(0);
40
} else {
41
	$page_id = $_GET['page_id'];
42
}
43

    
44
/*
45
if( (!($page_id = $admin->checkIDKEY('page_id', 0, $_SERVER['REQUEST_METHOD']))) )
46
{
47
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
48
	exit();
49
}
50
*/
51

    
52
// Check if we are supposed to add or delete a section
53
if(isset($_GET['section_id']) && is_numeric($_GET['section_id']))
54
{
55
	// Get more information about this section
56
	$section_id = $_GET['section_id'];
57
    $sql  = 'SELECT `module` FROM `'.TABLE_PREFIX.'sections` ';
58
    $sql .= 'WHERE `section_id` ='.$section_id;
59
    $query_section = $database->query($sql);
60

    
61
	if($query_section->numRows() == 0)
62
    {
63
		$admin->print_error('Section not found');
64
	}
65
	$section = $query_section->fetchRow();
66
	// Include the modules delete file if it exists
67
	if(file_exists(WB_PATH.'/modules/'.$section['module'].'/delete.php'))
68
    {
69
		require(WB_PATH.'/modules/'.$section['module'].'/delete.php');
70
	}
71
    $sql  = 'DELETE FROM `'.TABLE_PREFIX.'sections` ';
72
    $sql .= 'WHERE `section_id` ='.$section_id.' LIMIT 1';
73
    $query_section = $database->query($sql);
74

    
75
	if($database->is_error())
76
    {
77
		$admin->print_error($database->get_error());
78
	} else {
79
		require(WB_PATH.'/framework/class.order.php');
80
		$order = new order(TABLE_PREFIX.'sections', 'position', 'section_id', 'page_id');
81
		$order->clean($page_id);
82
		$admin->print_success($TEXT['SUCCESS'], ADMIN_URL.'/pages/sections.php?page_id='.$page_id );
83
		$admin->print_footer();
84
		exit();
85
	}
86
} elseif(isset($_POST['module']) && $_POST['module'] != '')
87
{
88
	// Get section info
89
	$module = preg_replace("/\W/", "", $admin->add_slashes($_POST['module']));  // fix secunia 2010-91-4
90
	// Include the ordering class
91
	require(WB_PATH.'/framework/class.order.php');
92
	// Get new order
93
	$order = new order(TABLE_PREFIX.'sections', 'position', 'section_id', 'page_id');
94
	$position = $order->get_new($page_id);	
95
	// Insert module into DB
96
    $sql  = 'INSERT INTO `'.TABLE_PREFIX.'sections` SET ';
97
    $sql .= '`page_id` = '.$page_id.', ';
98
    $sql .= '`module` = "'.$module.'", ';
99
    $sql .= '`position` = '.$position.', ';
100
    $sql .= '`block`=1';
101
    $database->query($sql);
102
	// Get the section id
103
	$section_id = $database->get_one("SELECT LAST_INSERT_ID()");	
104
	// Include the selected modules add file if it exists
105
	if(file_exists(WB_PATH.'/modules/'.$module.'/add.php'))
106
    {
107
		require(WB_PATH.'/modules/'.$module.'/add.php');
108
	}
109
}
110

    
111
// Get perms
112
// $database = new database();
113
$sql  = 'SELECT `admin_groups`,`admin_users` FROM `'.TABLE_PREFIX.'pages` ';
114
$sql .= 'WHERE `page_id` = '.$page_id;
115
$results = $database->query($sql);
116

    
117
$results_array = $results->fetchRow();
118
$old_admin_groups = explode(',', $results_array['admin_groups']);
119
$old_admin_users = explode(',', $results_array['admin_users']);
120
$in_old_group = FALSE;
121
foreach($admin->get_groups_id() as $cur_gid)
122
{
123
	if (in_array($cur_gid, $old_admin_groups))
124
    {
125
		$in_old_group = TRUE;
126
	}
127
}
128
if((!$in_old_group) && !is_numeric(array_search($admin->get_user_id(), $old_admin_users)))
129
{
130
	$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);
131
}
132

    
133
// Get page details
134
// $database = new database();
135
$sql  = 'SELECT * FROM `'.TABLE_PREFIX.'pages` ';
136
$sql .= 'WHERE `page_id` = '.$page_id;
137
$results = $database->query($sql);
138

    
139
if($database->is_error())
140
{
141
	// $admin->print_header();
142
	$admin->print_error($database->get_error());
143
}
144
if($results->numRows() == 0)
145
{
146
	// $admin->print_header();
147
	$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);
148
}
149
$results_array = $results->fetchRow();
150

    
151
// Set module permissions
152
$module_permissions = $_SESSION['MODULE_PERMISSIONS'];
153

    
154
// Unset block var
155
unset($block);
156
// Include template info file (if it exists)
157
if($results_array['template'] != '')
158
{
159
	$template_location = WB_PATH.'/templates/'.$results_array['template'].'/info.php';
160
} else {
161
	$template_location = WB_PATH.'/templates/'.DEFAULT_TEMPLATE.'/info.php';
162
}
163
if(file_exists($template_location))
164
{
165
	require($template_location);
166
}
167
// Check if $menu is set
168
if(!isset($block[1]) || $block[1] == '')
169
{
170
	// Make our own menu list
171
	$block[1] = $TEXT['MAIN'];
172
}
173

    
174
/*-- load css files with jquery --*/
175
// include jscalendar-setup
176
$jscal_use_time = true; // whether to use a clock, too
177
require_once(WB_PATH."/include/jscalendar/wb-setup.php");
178

    
179
// Setup template object
180
$template = new Template(THEME_PATH.'/templates');
181
$template->set_file('page', 'pages_sections.htt');
182
$template->set_block('page', 'main_block', 'main');
183
$template->set_block('main_block', 'module_block', 'module_list');
184
$template->set_block('main_block', 'section_block', 'section_list');
185
$template->set_block('section_block', 'block_block', 'block_list');
186
$template->set_block('main_block', 'calendar_block', 'calendar_list');
187
$template->set_var('FTAN', $admin->getFTAN());
188

    
189
// set first defaults and messages
190
$template->set_var(array(
191
				'PAGE_ID' => $results_array['page_id'],
192
				// 'PAGE_IDKEY' => $admin->getIDKEY($results_array['page_id']),
193
				'PAGE_IDKEY' => $results_array['page_id'],
194
				'TEXT_PAGE' => $TEXT['PAGE'],
195
				'PAGE_TITLE' => ($results_array['page_title']),
196
				'MENU_TITLE' => ($results_array['menu_title']),
197
				'TEXT_CURRENT_PAGE' => $TEXT['CURRENT_PAGE'],
198
				'HEADING_MANAGE_SECTIONS' => $HEADING['MANAGE_SECTIONS'],
199
				'HEADING_MODIFY_PAGE' => $HEADING['MODIFY_PAGE'],
200
				'TEXT_CHANGE_SETTINGS' => $TEXT['CHANGE_SETTINGS'],
201
				'TEXT_ADD_SECTION' => $TEXT['ADD_SECTION'],
202
				'TEXT_ID' => 'ID',
203
				'TEXT_TYPE' => $TEXT['TYPE'],
204
				'TEXT_BLOCK' => $TEXT['BLOCK'],
205
				'TEXT_PUBL_START_DATE' => $TEXT{'PUBL_START_DATE'},
206
				'TEXT_PUBL_END_DATE' => $TEXT['PUBL_END_DATE'],
207
				'TEXT_ACTIONS' => $TEXT['ACTIONS'],
208
				'ADMIN_URL' => ADMIN_URL,
209
				'WB_URL' => WB_URL,
210
				'THEME_URL' => THEME_URL
211
				) 
212
			);
213

    
214
// Insert variables
215
$template->set_var(array(
216
				'PAGE_ID' => $results_array['page_id'],
217
				// 'PAGE_IDKEY' => $admin->getIDKEY($results_array['page_id']),
218
				'PAGE_IDKEY' => $results_array['page_id'],
219
				'VAR_PAGE_TITLE' => $results_array['page_title'],
220
				'SETTINGS_LINK' => ADMIN_URL.'/pages/settings.php?page_id='.$results_array['page_id'],
221
				'MODIFY_LINK' => ADMIN_URL.'/pages/modify.php?page_id='.$results_array['page_id']
222
				)
223
			);
224

    
225
$sql  = 'SELECT `section_id`,`module`,`position`,`block`,`publ_start`,`publ_end` ';
226
$sql .= 'FROM `'.TABLE_PREFIX.'sections` ';
227
$sql .= 'WHERE `page_id` = '.$page_id.' ';
228
$sql .= 'ORDER BY `position` ASC';
229
$query_sections = $database->query($sql);
230

    
231
if($query_sections->numRows() > 0)
232
{
233
	$num_sections = $query_sections->numRows();
234
	while($section = $query_sections->fetchRow())
235
    {
236
		if(!is_numeric(array_search($section['module'], $module_permissions)))
237
        {
238
			// Get the modules real name
239
            $sql = 'SELECT `name` FROM `'.TABLE_PREFIX.'addons` ';
240
            $sql .= 'WHERE `directory` = "'.$section['module'].'"';
241
            if(!$database->get_one($sql) || !file_exists(WB_PATH.'/modules/'.$section['module']))
242
			{
243
				$edit_page = '<span class="module_disabled">'.$section['module'].'</span>';
244
			}else
245
			{
246
				$edit_page = '';
247
			}
248
			$edit_page_0 = '<a id="sid'.$section['section_id'].'" href="'.ADMIN_URL.'/pages/modify.php?page_id='.$results_array['page_id'];
249
			$edit_page_1 = $section['section_id'].'">'.$section['module'].'</a>';
250
			if(SECTION_BLOCKS)
251
            {
252
				if($edit_page == '')
253
				{
254
					if(defined('EDIT_ONE_SECTION') && EDIT_ONE_SECTION)
255
					{
256
						$edit_page = $edit_page_0.'&amp;wysiwyg='.$edit_page_1;
257
					} else {
258
						$edit_page = $edit_page_0.'#wb_'.$edit_page_1;
259
					}
260
				}
261
				$input_attribute = 'input_normal';
262
				$template->set_var(array(
263
						'STYLE_DISPLAY_SECTION_BLOCK' => ' style="visibility:visible;"',
264
						'NAME_SIZE' => 300,
265
						'INPUT_ATTRIBUTE' => $input_attribute,
266
						'VAR_SECTION_ID' => $section['section_id'],
267
						// 'VAR_SECTION_IDKEY' => $admin->getIDKEY($section['section_id']),
268
						'VAR_SECTION_IDKEY' => $section['section_id'],
269
						'VAR_POSITION' => $section['position'],
270
						'LINK_MODIFY_URL_VAR_MODUL_NAME' => $edit_page,
271
						'SELECT' => '',
272
						'SET_NONE_DISPLAY_OPTION' => ''
273
						)
274
					);
275
				// Add block options to the section_list
276
				$template->clear_var('block_list');
277
				foreach($block AS $number => $name)
278
                {
279
					$template->set_var('NAME', htmlentities(strip_tags($name)));
280
					$template->set_var('VALUE', $number);
281
					$template->set_var('SIZE', 1);
282
					if($section['block'] == $number)
283
                    {
284
						$template->set_var('SELECTED', ' selected="selected"');
285
					} else {
286
						$template->set_var('SELECTED', '');
287
					}
288
					$template->parse('block_list', 'block_block', true);
289
				}
290
			} else {
291
				if($edit_page == '')
292
				{
293
					$edit_page = $edit_page_0.'#wb_'.$edit_page_1;
294
				}
295
				$input_attribute = 'input_normal';
296
				$template->set_var(array(
297
						'STYLE_DISPLAY_SECTION_BLOCK' => ' style="visibility:hidden;"',
298
						'NAME_SIZE' => 300,
299
						'INPUT_ATTRIBUTE' => $input_attribute,
300
						'VAR_SECTION_ID' => $section['section_id'],
301
						// 'VAR_SECTION_IDKEY' => $admin->getIDKEY($section['section_id']),
302
						'VAR_SECTION_IDKEY' => $section['section_id'],
303
						'VAR_POSITION' => $section['position'],
304
						'LINK_MODIFY_URL_VAR_MODUL_NAME' => $edit_page,
305
						'NAME' => htmlentities(strip_tags($block[1])),
306
						'VALUE' => 1,
307
						'SET_NONE_DISPLAY_OPTION' => ''
308
						)
309
					);
310
			}
311
			// Insert icon and images
312
			$template->set_var(array(
313
						'CLOCK_16_PNG' => 'clock_16.png',
314
						'CLOCK_DEL_16_PNG' => 'clock_del_16.png',
315
						'DELETE_16_PNG' => 'delete_16.png'
316
						) 
317
					);
318
			// set calendar start values
319
			if($section['publ_start']==0)
320
            {
321
				$template->set_var('VALUE_PUBL_START', '');
322
			} else {
323
				$template->set_var('VALUE_PUBL_START', date($jscal_format, $section['publ_start']));
324
			}
325
			// set calendar start values
326
			if($section['publ_end']==0)
327
            {
328
				$template->set_var('VALUE_PUBL_END', '');
329
			} else {
330
				$template->set_var('VALUE_PUBL_END', date($jscal_format, $section['publ_end']));
331
			}
332
			// Insert icons up and down
333
			if($section['position'] != 1 )
334
            {
335
				$template->set_var(
336
							'VAR_MOVE_UP_URL',
337
							'<a href="'.ADMIN_URL.'/pages/move_up.php?page_id='.$page_id.'&amp;section_id='.$section['section_id'].'">
338
							<img src="'.THEME_URL.'/images/up_16.png" alt="{TEXT_MOVE_UP}" />
339
							</a>' );
340
			} else {
341
				$template->set_var(array(
342
							'VAR_MOVE_UP_URL' => ''
343
							) 
344
						);
345
			}
346
			if($section['position'] != $num_sections ) {
347
				$template->set_var(
348
							'VAR_MOVE_DOWN_URL',
349
							'<a href="'.ADMIN_URL.'/pages/move_down.php?page_id='.$page_id.'&amp;section_id='.$section['section_id'].'">
350
							<img src="'.THEME_URL.'/images/down_16.png" alt="{TEXT_MOVE_DOWN}" />
351
							</a>' );
352
			} else {
353
				$template->set_var(array(
354
							'VAR_MOVE_DOWN_URL' => ''
355
							) 
356
						);
357
			}
358
		} else {
359
		  continue;
360
		}
361

    
362
			$template->set_var(array(
363
							'DISPLAY_DEBUG' => ' style="visibility="visible;"',
364
							'TEXT_SID' => 'SID',
365
							'DEBUG_COLSPAN_SIZE' => 9
366
							) 
367
						);
368
		if($debug)
369
        {
370
			$template->set_var(array(
371
							'DISPLAY_DEBUG' => ' style="visibility="visible;"',
372
							'TEXT_PID' => 'PID',
373
							'TEXT_SID' => 'SID',
374
							'POSITION' => $section['position']
375
							) 
376
						);
377
		} else {
378
			$template->set_var(array(
379
							'DISPLAY_DEBUG' => ' style="display:none;"',
380
							'TEXT_PID' => '',
381
							'POSITION' => ''
382
							) 
383
						);
384
		}
385
		$template->parse('section_list', 'section_block', true);
386
	}
387
}
388

    
389
// now add the calendars -- remember to to set the range to [1970, 2037] if the date is used as timestamp!
390
// the loop is simply a copy from above.
391
$sql  = 'SELECT `section_id`,`module` FROM `'.TABLE_PREFIX.'sections` ';
392
$sql .= 'WHERE page_id = '.$page_id.' ';
393
$sql .= 'ORDER BY `position` ASC';
394
$query_sections = $database->query($sql);
395

    
396
if($query_sections->numRows() > 0)
397
{
398
	$num_sections = $query_sections->numRows();
399
	while($section = $query_sections->fetchRow())
400
    {
401
		// Get the modules real name
402
        $sql  = 'SELECT `name` FROM `'.TABLE_PREFIX.'addons` ';
403
        $sql .= 'WHERE `directory` = "'.$section['module'].'"';
404
        $module_name = $database->get_one($sql);
405

    
406
		if(!is_numeric(array_search($section['module'], $module_permissions)))
407
        {
408
			$template->set_var(array(
409
						'jscal_ifformat' => $jscal_ifformat,
410
						'jscal_firstday' => $jscal_firstday,
411
						'jscal_today' => $jscal_today,
412
						'start_date' => 'start_date'.$section['section_id'],
413
						'end_date' => 'end_date'.$section['section_id'],
414
						'trigger_start' => 'trigger_start'.$section['section_id'],
415
						'trigger_end' => 'trigger_stop'.$section['section_id']
416
						) 
417
					);
418
			if(isset($jscal_use_time) && $jscal_use_time==TRUE) {
419
				$template->set_var(array(
420
						'showsTime' => "true",
421
						'timeFormat' => "24"
422
						) 
423
					);
424
			}  else {
425
				$template->set_var(array(
426
						'showsTime' => "false",
427
						'timeFormat' => "24"
428
						) 
429
					);
430
			}
431
		}
432
		$template->parse('calendar_list', 'calendar_block', true);
433
	}
434
}
435

    
436
// Work-out if we should show the "Add Section" form
437
$sql  = 'SELECT `section_id` FROM `'.TABLE_PREFIX.'sections` ';
438
$sql .= 'WHERE `page_id` = '.$page_id.' AND `module` = "menu_link"';
439
$query_sections = $database->query($sql);
440
if($query_sections->numRows() == 0)
441
{
442
	// Modules list
443
    $sql  = 'SELECT `name`,`directory`,`type` FROM `'.TABLE_PREFIX.'addons` ';
444
    $sql .= 'WHERE `type` = "module" AND `function` = "page" AND `directory` != "menu_link" ';
445
    $sql .= 'ORDER BY `name`';
446
    $result = $database->query($sql);
447
// if(DEBUG && $database->is_error()) { $admin->print_error($database->get_error()); }
448

    
449
	if($result->numRows() > 0)
450
    {
451
		while ($module = $result->fetchRow())
452
        {
453
			// Check if user is allowed to use this module   echo  $module['directory'],'<br />';
454
			if(!is_numeric(array_search($module['directory'], $module_permissions)))
455
            {
456
				$template->set_var('VALUE', $module['directory']);
457
				$template->set_var('NAME', $module['name']);
458
				if($module['directory'] == 'wysiwyg')
459
                {
460
					$template->set_var('SELECTED', ' selected="selected"');
461
				} else {
462
					$template->set_var('SELECTED', '');
463
				}
464
				$template->parse('module_list', 'module_block', true);
465
			} else {
466
			  continue;
467
			}
468
		}
469
	}
470
}
471
// Insert language text and messages
472
$template->set_var(array(
473
					'TEXT_MANAGE_SECTIONS' => $HEADING['MANAGE_SECTIONS'],
474
					'TEXT_ARE_YOU_SURE' => $TEXT['ARE_YOU_SURE'],
475
					'TEXT_TYPE' => $TEXT['TYPE'],
476
					'TEXT_ADD' => $TEXT['ADD'],
477
					'TEXT_SAVE' =>  $TEXT['SAVE'],
478
					'TEXTLINK_MODIFY_PAGE' => $HEADING['MODIFY_PAGE'],
479
					'TEXT_CALENDAR' => $TEXT['CALENDAR'],
480
					'TEXT_DELETE_DATE' => $TEXT['DELETE_DATE'],
481
					'TEXT_ADD_SECTION' => $TEXT['ADD_SECTION'],
482
					'TEXT_MOVE_UP' => $TEXT['MOVE_UP'],
483
					'TEXT_MOVE_DOWN' => $TEXT['MOVE_DOWN']
484
					)
485
				);
486
$template->parse('main', 'main_block', false);
487
$template->pparse('output', 'page');
488

    
489
// include the required file for Javascript admin
490
if(file_exists(WB_PATH.'/modules/jsadmin/jsadmin_backend_include.php'))
491
{
492
	include(WB_PATH.'/modules/jsadmin/jsadmin_backend_include.php');
493
}
494

    
495
// Print admin footer
496
$admin->print_footer();
497

    
498
?>
(17-17/21)