Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         pages
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8
 * @copyright       2009-2011, Website Baker Org. e.V.
9
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12
 * @requirements    PHP 5.2.2 and higher
13
 * @version         $Id: sections.php 1457 2011-06-25 17:18:50Z Luisehahne $
14
 * @filesource		$HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/admin/pages/sections.php $
15
 * @lastmodified    $Date: 2011-06-25 19:18:50 +0200 (Sat, 25 Jun 2011) $
16
 *
17
 */
18

    
19
// Include config file
20
require('../../config.php');
21

    
22
// Make sure people are allowed to access this page
23
if(MANAGE_SECTIONS != 'enabled')
24
{
25
	header('Location: '.ADMIN_URL.'/pages/index.php');
26
	exit(0);
27
}
28
/* */
29
$debug = false; // to show position and section_id
30
If(!defined('DEBUG')) { define('DEBUG',$debug);}
31
// Create new admin object
32
require_once(WB_PATH.'/framework/class.admin.php');
33
$admin = new admin('Pages', 'pages_modify');
34

    
35
// Get page id
36
if(!isset($_GET['page_id']) || !is_numeric($_GET['page_id']))
37
{
38
	header("Location: index.php");
39
	exit(0);
40
} else {
41
	$page_id = $_GET['page_id'];
42
}
43

    
44
/*
45
if( (!($page_id = $admin->checkIDKEY('page_id', 0, $_SERVER['REQUEST_METHOD']))) )
46
{
47
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
48
	exit();
49
}
50
*/
51
/*
52
urlencode function and rawurlencode are mostly based on RFC 1738.
53
However, since 2005 the current RFC in use for URIs standard is RFC 3986.
54
Here is a function to encode URLs according to RFC 3986.
55
*/
56
function url_encode($string) {
57
    $string = html_entity_decode($string,ENT_QUOTES,'UTF-8');
58
    $entities = array('%20', '%21', '%2A', '%27', '%28', '%29', '%3B', '%3A', '%40', '%26', '%3D', '%2B', '%24', '%2C', '%2F', '%3F', '%25', '%23', '%5B', '%5D');
59
    $replacements = array(' ','!', '*', "'", "(", ")", ";", ":", "@", "&", "=", "+", "$", ",", "/", "?", "%", "#", "[", "]");
60
    return str_replace($entities, $replacements, rawurlencode($string));
61
}
62

    
63
// Check if we are supposed to add or delete a section
64
if(isset($_GET['section_id']) && is_numeric($_GET['section_id']))
65
{
66
	// Get more information about this section
67
	$section_id = $_GET['section_id'];
68
    $sql  = 'SELECT `module` FROM `'.TABLE_PREFIX.'sections` ';
69
    $sql .= 'WHERE `section_id` ='.$section_id;
70
    $query_section = $database->query($sql);
71

    
72
	if($query_section->numRows() == 0)
73
    {
74
		$admin->print_error('Section not found');
75
	}
76
	$section = $query_section->fetchRow();
77
	// Include the modules delete file if it exists
78
	if(file_exists(WB_PATH.'/modules/'.$section['module'].'/delete.php'))
79
    {
80
		require(WB_PATH.'/modules/'.$section['module'].'/delete.php');
81
	}
82
    $sql  = 'DELETE FROM `'.TABLE_PREFIX.'sections` ';
83
    $sql .= 'WHERE `section_id` ='.$section_id.' LIMIT 1';
84
    $query_section = $database->query($sql);
85

    
86
	if($database->is_error())
87
    {
88
		$admin->print_error($database->get_error());
89
	} else {
90
		require(WB_PATH.'/framework/class.order.php');
91
		$order = new order(TABLE_PREFIX.'sections', 'position', 'section_id', 'page_id');
92
		$order->clean($page_id);
93
		$admin->print_success($TEXT['SUCCESS'], ADMIN_URL.'/pages/sections.php?page_id='.$page_id );
94
		$admin->print_footer();
95
		exit();
96
	}
97
} elseif(isset($_POST['module']) && $_POST['module'] != '')
98
{
99
	// Get section info
100
	$module = preg_replace("/\W/", "", $admin->add_slashes($_POST['module']));  // fix secunia 2010-91-4
101
	// Include the ordering class
102
	require(WB_PATH.'/framework/class.order.php');
103
	// Get new order
104
	$order = new order(TABLE_PREFIX.'sections', 'position', 'section_id', 'page_id');
105
	$position = $order->get_new($page_id);	
106
	// Insert module into DB
107
    $sql  = 'INSERT INTO `'.TABLE_PREFIX.'sections` SET ';
108
    $sql .= '`page_id` = '.$page_id.', ';
109
    $sql .= '`module` = "'.$module.'", ';
110
    $sql .= '`position` = '.$position.', ';
111
    $sql .= '`block`=1';
112
    $database->query($sql);
113
	// Get the section id
114
	$section_id = $database->get_one("SELECT LAST_INSERT_ID()");	
115
	// Include the selected modules add file if it exists
116
	if(file_exists(WB_PATH.'/modules/'.$module.'/add.php'))
117
    {
118
		require(WB_PATH.'/modules/'.$module.'/add.php');
119
	}
120
}
121

    
122
// Get perms
123
// $database = new database();
124
$sql  = 'SELECT `admin_groups`,`admin_users` FROM `'.TABLE_PREFIX.'pages` ';
125
$sql .= 'WHERE `page_id` = '.$page_id;
126
$results = $database->query($sql);
127

    
128
$results_array = $results->fetchRow();
129
$old_admin_groups = explode(',', $results_array['admin_groups']);
130
$old_admin_users = explode(',', $results_array['admin_users']);
131
$in_old_group = FALSE;
132
foreach($admin->get_groups_id() as $cur_gid)
133
{
134
	if (in_array($cur_gid, $old_admin_groups))
135
    {
136
		$in_old_group = TRUE;
137
	}
138
}
139
if((!$in_old_group) && !is_numeric(array_search($admin->get_user_id(), $old_admin_users)))
140
{
141
	$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);
142
}
143

    
144
// Get page details
145
// $database = new database();
146
$sql  = 'SELECT * FROM `'.TABLE_PREFIX.'pages` ';
147
$sql .= 'WHERE `page_id` = '.$page_id;
148
$results = $database->query($sql);
149

    
150
if($database->is_error())
151
{
152
	// $admin->print_header();
153
	$admin->print_error($database->get_error());
154
}
155
if($results->numRows() == 0)
156
{
157
	// $admin->print_header();
158
	$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);
159
}
160
$results_array = $results->fetchRow();
161

    
162
// Set module permissions
163
$module_permissions = $_SESSION['MODULE_PERMISSIONS'];
164

    
165
// Unset block var
166
unset($block);
167
// Include template info file (if it exists)
168
if($results_array['template'] != '')
169
{
170
	$template_location = WB_PATH.'/templates/'.$results_array['template'].'/info.php';
171
} else {
172
	$template_location = WB_PATH.'/templates/'.DEFAULT_TEMPLATE.'/info.php';
173
}
174
if(file_exists($template_location))
175
{
176
	require($template_location);
177
}
178
// Check if $menu is set
179
if(!isset($block[1]) || $block[1] == '')
180
{
181
	// Make our own menu list
182
	$block[1] = $TEXT['MAIN'];
183
}
184

    
185
/*-- load css files with jquery --*/
186
// include jscalendar-setup
187
$jscal_use_time = true; // whether to use a clock, too
188
require_once(WB_PATH."/include/jscalendar/wb-setup.php");
189

    
190
// Setup template object
191
$template = new Template(THEME_PATH.'/templates');
192
$template->set_file('page', 'pages_sections.htt');
193
$template->set_block('page', 'main_block', 'main');
194
$template->set_block('main_block', 'module_block', 'module_list');
195
$template->set_block('main_block', 'section_block', 'section_list');
196
$template->set_block('section_block', 'block_block', 'block_list');
197
$template->set_block('main_block', 'calendar_block', 'calendar_list');
198
$template->set_var('FTAN', $admin->getFTAN());
199

    
200
// set first defaults and messages
201
$template->set_var(array(
202
				'PAGE_ID' => $results_array['page_id'],
203
				// 'PAGE_IDKEY' => $admin->getIDKEY($results_array['page_id']),
204
				'PAGE_IDKEY' => $results_array['page_id'],
205
				'TEXT_PAGE' => $TEXT['PAGE'],
206
				'PAGE_TITLE' => ($results_array['page_title']),
207
				'MENU_TITLE' => ($results_array['menu_title']),
208
				'TEXT_CURRENT_PAGE' => $TEXT['CURRENT_PAGE'],
209
				'HEADING_MANAGE_SECTIONS' => $HEADING['MANAGE_SECTIONS'],
210
				'HEADING_MODIFY_PAGE' => $HEADING['MODIFY_PAGE'],
211
				'TEXT_CHANGE_SETTINGS' => $TEXT['CHANGE_SETTINGS'],
212
				'TEXT_ADD_SECTION' => $TEXT['ADD_SECTION'],
213
				'TEXT_ID' => 'ID',
214
				'TEXT_TYPE' => $TEXT['TYPE'],
215
				'TEXT_BLOCK' => $TEXT['BLOCK'],
216
				'TEXT_PUBL_START_DATE' => $TEXT{'PUBL_START_DATE'},
217
				'TEXT_PUBL_END_DATE' => $TEXT['PUBL_END_DATE'],
218
				'TEXT_ACTIONS' => $TEXT['ACTIONS'],
219
				'ADMIN_URL' => ADMIN_URL,
220
				'WB_URL' => WB_URL,
221
				'THEME_URL' => THEME_URL
222
				) 
223
			);
224

    
225
// Insert variables
226
$template->set_var(array(
227
				'PAGE_ID' => $results_array['page_id'],
228
				// 'PAGE_IDKEY' => $admin->getIDKEY($results_array['page_id']),
229
				'PAGE_IDKEY' => $results_array['page_id'],
230
				'VAR_PAGE_TITLE' => $results_array['page_title'],
231
				'SETTINGS_LINK' => ADMIN_URL.'/pages/settings.php?page_id='.$results_array['page_id'],
232
				'MODIFY_LINK' => ADMIN_URL.'/pages/modify.php?page_id='.$results_array['page_id']
233
				)
234
			);
235

    
236
$sql  = 'SELECT `section_id`,`module`,`position`,`block`,`publ_start`,`publ_end` ';
237
$sql .= 'FROM `'.TABLE_PREFIX.'sections` ';
238
$sql .= 'WHERE `page_id` = '.$page_id.' ';
239
$sql .= 'ORDER BY `position` ASC';
240
$query_sections = $database->query($sql);
241

    
242
if($query_sections->numRows() > 0)
243
{
244
	$num_sections = $query_sections->numRows();
245
	while($section = $query_sections->fetchRow())
246
    {
247
		if(!is_numeric(array_search($section['module'], $module_permissions)))
248
        {
249
			// Get the modules real name
250
            $sql = 'SELECT `name` FROM `'.TABLE_PREFIX.'addons` ';
251
            $sql .= 'WHERE `directory` = "'.$section['module'].'"';
252
            if(!$database->get_one($sql) || !file_exists(WB_PATH.'/modules/'.$section['module']))
253
			{
254
				$edit_page = '<span class="module_disabled">'.$section['module'].'</span>';
255
			}else
256
			{
257
				$edit_page = '';
258
			}
259
			$edit_page_0 = '<a id="sid'.$section['section_id'].'" href="'.ADMIN_URL.'/pages/modify.php?page_id='.$results_array['page_id'];
260
			$edit_page_1 = $section['section_id'].'">'.$section['module'].'</a>';
261
			if(SECTION_BLOCKS)
262
            {
263
				if($edit_page == '')
264
				{
265
					if(defined('EDIT_ONE_SECTION') && EDIT_ONE_SECTION)
266
					{
267
						$edit_page = $edit_page_0.'&amp;wysiwyg='.$edit_page_1;
268
					} else {
269
						$edit_page = $edit_page_0.'#wb_'.$edit_page_1;
270
					}
271
				}
272
				$input_attribute = 'input_normal';
273
				$template->set_var(array(
274
						'STYLE_DISPLAY_SECTION_BLOCK' => ' style="visibility:visible;"',
275
						'NAME_SIZE' => 300,
276
						'INPUT_ATTRIBUTE' => $input_attribute,
277
						'VAR_SECTION_ID' => $section['section_id'],
278
						// 'VAR_SECTION_IDKEY' => $admin->getIDKEY($section['section_id']),
279
						'VAR_SECTION_IDKEY' => $section['section_id'],
280
						'VAR_POSITION' => $section['position'],
281
						'LINK_MODIFY_URL_VAR_MODUL_NAME' => $edit_page,
282
						'SELECT' => '',
283
						'SET_NONE_DISPLAY_OPTION' => ''
284
						)
285
					);
286
				// Add block options to the section_list
287
				$template->clear_var('block_list');
288
				foreach($block AS $number => $name)
289
                {
290
					$template->set_var('NAME', htmlentities(strip_tags($name)));
291
					$template->set_var('VALUE', $number);
292
					$template->set_var('SIZE', 1);
293
					if($section['block'] == $number)
294
                    {
295
						$template->set_var('SELECTED', ' selected="selected"');
296
					} else {
297
						$template->set_var('SELECTED', '');
298
					}
299
					$template->parse('block_list', 'block_block', true);
300
				}
301
			} else {
302
				if($edit_page == '')
303
				{
304
					$edit_page = $edit_page_0.'#wb_'.$edit_page_1;
305
				}
306
				$input_attribute = 'input_normal';
307
				$template->set_var(array(
308
						'STYLE_DISPLAY_SECTION_BLOCK' => ' style="visibility:hidden;"',
309
						'NAME_SIZE' => 300,
310
						'INPUT_ATTRIBUTE' => $input_attribute,
311
						'VAR_SECTION_ID' => $section['section_id'],
312
						// 'VAR_SECTION_IDKEY' => $admin->getIDKEY($section['section_id']),
313
						'VAR_SECTION_IDKEY' => $section['section_id'],
314
						'VAR_POSITION' => $section['position'],
315
						'LINK_MODIFY_URL_VAR_MODUL_NAME' => $edit_page,
316
						'NAME' => htmlentities(strip_tags($block[1])),
317
						'VALUE' => 1,
318
						'SET_NONE_DISPLAY_OPTION' => ''
319
						)
320
					);
321
			}
322
			// Insert icon and images
323
			$template->set_var(array(
324
						'CLOCK_16_PNG' => 'clock_16.png',
325
						'CLOCK_DEL_16_PNG' => 'clock_del_16.png',
326
						'DELETE_16_PNG' => 'delete_16.png'
327
						) 
328
					);
329
			// set calendar start values
330
			if($section['publ_start']==0)
331
            {
332
				$template->set_var('VALUE_PUBL_START', '');
333
			} else {
334
				$template->set_var('VALUE_PUBL_START', date($jscal_format, $section['publ_start']));
335
			}
336
			// set calendar start values
337
			if($section['publ_end']==0)
338
            {
339
				$template->set_var('VALUE_PUBL_END', '');
340
			} else {
341
				$template->set_var('VALUE_PUBL_END', date($jscal_format, $section['publ_end']));
342
			}
343
			// Insert icons up and down
344
			if($section['position'] != 1 )
345
            {
346
				$template->set_var(
347
							'VAR_MOVE_UP_URL',
348
							'<a href="'.ADMIN_URL.'/pages/move_up.php?page_id='.$page_id.'&amp;section_id='.$section['section_id'].'">
349
							<img src="'.THEME_URL.'/images/up_16.png" alt="{TEXT_MOVE_UP}" />
350
							</a>' );
351
			} else {
352
				$template->set_var(array(
353
							'VAR_MOVE_UP_URL' => ''
354
							) 
355
						);
356
			}
357
			if($section['position'] != $num_sections ) {
358
				$template->set_var(
359
							'VAR_MOVE_DOWN_URL',
360
							'<a href="'.ADMIN_URL.'/pages/move_down.php?page_id='.$page_id.'&amp;section_id='.$section['section_id'].'">
361
							<img src="'.THEME_URL.'/images/down_16.png" alt="{TEXT_MOVE_DOWN}" />
362
							</a>' );
363
			} else {
364
				$template->set_var(array(
365
							'VAR_MOVE_DOWN_URL' => ''
366
							) 
367
						);
368
			}
369
		} else {
370
		  continue;
371
		}
372

    
373
			$template->set_var(array(
374
							'DISPLAY_DEBUG' => ' style="visibility="visible;"',
375
							'TEXT_SID' => 'SID',
376
							'DEBUG_COLSPAN_SIZE' => 9
377
							) 
378
						);
379
		if($debug)
380
        {
381
			$template->set_var(array(
382
							'DISPLAY_DEBUG' => ' style="visibility="visible;"',
383
							'TEXT_PID' => 'PID',
384
							'TEXT_SID' => 'SID',
385
							'POSITION' => $section['position']
386
							) 
387
						);
388
		} else {
389
			$template->set_var(array(
390
							'DISPLAY_DEBUG' => ' style="display:none;"',
391
							'TEXT_PID' => '',
392
							'POSITION' => ''
393
							) 
394
						);
395
		}
396
		$template->parse('section_list', 'section_block', true);
397
	}
398
}
399

    
400
// now add the calendars -- remember to to set the range to [1970, 2037] if the date is used as timestamp!
401
// the loop is simply a copy from above.
402
$sql  = 'SELECT `section_id`,`module` FROM `'.TABLE_PREFIX.'sections` ';
403
$sql .= 'WHERE page_id = '.$page_id.' ';
404
$sql .= 'ORDER BY `position` ASC';
405
$query_sections = $database->query($sql);
406

    
407
if($query_sections->numRows() > 0)
408
{
409
	$num_sections = $query_sections->numRows();
410
	while($section = $query_sections->fetchRow())
411
    {
412
		// Get the modules real name
413
        $sql  = 'SELECT `name` FROM `'.TABLE_PREFIX.'addons` ';
414
        $sql .= 'WHERE `directory` = "'.$section['module'].'"';
415
        $module_name = $database->get_one($sql);
416

    
417
		if(!is_numeric(array_search($section['module'], $module_permissions)))
418
        {
419
			$template->set_var(array(
420
						'jscal_ifformat' => $jscal_ifformat,
421
						'jscal_firstday' => $jscal_firstday,
422
						'jscal_today' => $jscal_today,
423
						'start_date' => 'start_date'.$section['section_id'],
424
						'end_date' => 'end_date'.$section['section_id'],
425
						'trigger_start' => 'trigger_start'.$section['section_id'],
426
						'trigger_end' => 'trigger_stop'.$section['section_id']
427
						) 
428
					);
429
			if(isset($jscal_use_time) && $jscal_use_time==TRUE) {
430
				$template->set_var(array(
431
						'showsTime' => "true",
432
						'timeFormat' => "24"
433
						) 
434
					);
435
			}  else {
436
				$template->set_var(array(
437
						'showsTime' => "false",
438
						'timeFormat' => "24"
439
						) 
440
					);
441
			}
442
		}
443
		$template->parse('calendar_list', 'calendar_block', true);
444
	}
445
}
446

    
447
// Work-out if we should show the "Add Section" form
448
$sql  = 'SELECT `section_id` FROM `'.TABLE_PREFIX.'sections` ';
449
$sql .= 'WHERE `page_id` = '.$page_id.' AND `module` = "menu_link"';
450
$query_sections = $database->query($sql);
451
if($query_sections->numRows() == 0)
452
{
453
	// Modules list
454
    $sql  = 'SELECT `name`,`directory`,`type` FROM `'.TABLE_PREFIX.'addons` ';
455
    $sql .= 'WHERE `type` = "module" AND `function` = "page" AND `directory` != "menu_link" ';
456
    $sql .= 'ORDER BY `name`';
457
    $result = $database->query($sql);
458
// if(DEBUG && $database->is_error()) { $admin->print_error($database->get_error()); }
459

    
460
	if($result->numRows() > 0)
461
    {
462
		while ($module = $result->fetchRow())
463
        {
464
			// Check if user is allowed to use this module   echo  $module['directory'],'<br />';
465
			if(!is_numeric(array_search($module['directory'], $module_permissions)))
466
            {
467
				$template->set_var('VALUE', $module['directory']);
468
				$template->set_var('NAME', $module['name']);
469
				if($module['directory'] == 'wysiwyg')
470
                {
471
					$template->set_var('SELECTED', ' selected="selected"');
472
				} else {
473
					$template->set_var('SELECTED', '');
474
				}
475
				$template->parse('module_list', 'module_block', true);
476
			} else {
477
			  continue;
478
			}
479
		}
480
	}
481
}
482
// Insert language text and messages
483
$template->set_var(array(
484
					'TEXT_MANAGE_SECTIONS' => $HEADING['MANAGE_SECTIONS'],
485
					'TEXT_ARE_YOU_SURE' => url_encode($TEXT['ARE_YOU_SURE']),
486
					'TEXT_TYPE' => $TEXT['TYPE'],
487
					'TEXT_ADD' => $TEXT['ADD'],
488
					'TEXT_SAVE' =>  $TEXT['SAVE'],
489
					'TEXTLINK_MODIFY_PAGE' => $HEADING['MODIFY_PAGE'],
490
					'TEXT_CALENDAR' => $TEXT['CALENDAR'],
491
					'TEXT_DELETE_DATE' => $TEXT['DELETE_DATE'],
492
					'TEXT_ADD_SECTION' => $TEXT['ADD_SECTION'],
493
					'TEXT_MOVE_UP' => $TEXT['MOVE_UP'],
494
					'TEXT_MOVE_DOWN' => $TEXT['MOVE_DOWN']
495
					)
496
				);
497
$template->parse('main', 'main_block', false);
498
$template->pparse('output', 'page');
499

    
500
// include the required file for Javascript admin
501
if(file_exists(WB_PATH.'/modules/jsadmin/jsadmin_backend_include.php'))
502
{
503
	include(WB_PATH.'/modules/jsadmin/jsadmin_backend_include.php');
504
}
505

    
506
// Print admin footer
507
$admin->print_footer();
508

    
509
?>
(17-17/21)