Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         pages
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8
 * @copyright       2009-2011, Website Baker Org. e.V.
9
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12
 * @requirements    PHP 5.2.2 and higher
13
 * @version         $Id: sections.php 1625 2012-02-29 00:50:57Z Luisehahne $
14
 * @filesource		$HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/admin/pages/sections.php $
15
 * @lastmodified    $Date: 2012-02-29 01:50:57 +0100 (Wed, 29 Feb 2012) $
16
 *
17
 */
18

    
19
// Include config file
20
require('../../config.php');
21

    
22
// Make sure people are allowed to access this page
23
if(MANAGE_SECTIONS != 'enabled')
24
{
25
	header('Location: '.ADMIN_URL.'/pages/index.php');
26
	exit(0);
27
}
28
/* */
29
$debug = false; // to show position and section_id
30
If(!defined('DEBUG')) { define('DEBUG',$debug);}
31
// Include the WB functions file
32
require_once(WB_PATH.'/framework/functions.php');
33
// Create new admin object
34
require_once(WB_PATH.'/framework/class.admin.php');
35
$admin = new admin('Pages', 'pages_modify', false);
36

    
37
$action = 'show';
38
// Get page id
39
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
40
$page_id = intval((isset(${$requestMethod}['page_id'])) ? ${$requestMethod}['page_id'] : 0);
41
$action = ($page_id ? 'show' : $action);
42
// Get section id if there is one
43
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
44
$section_id = ((isset(${$requestMethod}['section_id'])) ? ${$requestMethod}['section_id']  : 0);
45
$action = ($section_id ? 'delete' : $action);
46
// Get module if there is one
47
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
48
$module = ((isset(${$requestMethod}['module'])) ? ${$requestMethod}['module']  : 0);
49
$action = ($module != '' ? 'add' : $action);
50
$admin_header = true;
51
$backlink = ADMIN_URL.'/pages/sections.php?page_id='.(int)$page_id;
52

    
53
switch ($action):
54
	case 'delete' :
55

    
56
		if( ( !($section_id = intval($admin->checkIDKEY('section_id', 0, $_SERVER['REQUEST_METHOD'])) )) )
57
		{
58
			if($admin_header) { $admin->print_header(); }
59
			$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$backlink);
60
		}
61

    
62
		$action = 'show';
63
	    $sql  = 'SELECT `module` FROM `'.TABLE_PREFIX.'sections` ';
64
	    $sql .= 'WHERE `section_id` ='.$section_id;
65
        if( ( ($modulname = $database->get_one($sql)) == $module) && ($section_id > 0 ) ) {
66
			// Include the modules delete file if it exists
67
			if(file_exists(WB_PATH.'/modules/'.$modulname.'/delete.php'))
68
		    {
69
				require(WB_PATH.'/modules/'.$modulname.'/delete.php');
70
			}
71
		    $sql  = 'DELETE FROM `'.TABLE_PREFIX.'sections` ';
72
		    $sql .= 'WHERE `section_id` ='.(int)$section_id.' LIMIT 1';
73
			if( !$database->query($sql) ) {
74
				if($admin_header) { $admin->print_header(); }
75
				$admin->print_error($database->get_error(),$backlink);
76
			}  else {
77
				require_once(WB_PATH.'/framework/class.order.php');
78
				$order = new order(TABLE_PREFIX.'sections', 'position', 'section_id', 'page_id');
79
				$order->clean($page_id);
80
				$format = $TEXT['SECTION'].' %d  %s %s '.strtolower( $TEXT['DELETED']);
81
				$message = sprintf ($format,$section_id,strtoupper($modulname),strtolower($TEXT['SUCCESS']));
82
				if($admin_header) { $admin->print_header(); }
83
				$admin_header = false;
84
				unset($_POST);
85
				$admin->print_success($message, $backlink );
86
			}
87
        } else {
88
			if($admin_header) { $admin->print_header(); }
89
			$admin->print_error($module.' '.strtolower($TEXT['NOT_FOUND']),$backlink);
90
        }
91

    
92
		break;
93
	case 'add' :
94

    
95
		if (!$admin->checkFTAN())
96
		{
97
			$admin->print_header();
98
			$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$backlink);
99
		}
100
		$action = 'show';
101
		$module = preg_replace('/\W/', '', $module );  // fix secunia 2010-91-4
102
		require_once(WB_PATH.'/framework/class.order.php');
103
		// Get new order
104
		$order = new order(TABLE_PREFIX.'sections', 'position', 'section_id', 'page_id');
105
		$position = $order->get_new($page_id);
106
		// Insert module into DB
107
	    $sql  = 'INSERT INTO `'.TABLE_PREFIX.'sections` SET ';
108
	    $sql .= '`page_id` = '.(int)$page_id.', ';
109
	    $sql .= '`module` = \''.$module.'\', ';
110
	    $sql .= '`position` = '.(int)$position.', ';
111
	    $sql .= '`block` = 1';
112
        if($database->query($sql)) {
113
			// Get the section id
114
			$section_id = $database->get_one("SELECT LAST_INSERT_ID()");
115
			// Include the selected modules add file if it exists
116
			if(file_exists(WB_PATH.'/modules/'.$module.'/add.php'))
117
		    {
118
				require(WB_PATH.'/modules/'.$module.'/add.php');
119
			}
120
        } elseif ($database->is_error())  {
121
			if($admin_header) { $admin->print_header(); }
122
			$admin->print_error($database->get_error());
123
		}
124
		break;
125
	default:
126
		break;
127
endswitch;
128

    
129
switch ($action):
130
	default:
131

    
132
		if($admin_header) { $admin->print_header(); }
133
		// Get perms
134
		$sql  = 'SELECT `admin_groups`,`admin_users` FROM `'.TABLE_PREFIX.'pages` ';
135
		$sql .= 'WHERE `page_id` = '.$page_id;
136
		$results = $database->query($sql);
137

    
138
		$results_array = $results->fetchRow();
139
		$old_admin_groups = explode(',', $results_array['admin_groups']);
140
		$old_admin_users = explode(',', $results_array['admin_users']);
141
		$in_old_group = FALSE;
142
		foreach($admin->get_groups_id() as $cur_gid)
143
		{
144
			if (in_array($cur_gid, $old_admin_groups))
145
		    {
146
				$in_old_group = TRUE;
147
			}
148
		}
149
		if((!$in_old_group) && !is_numeric(array_search($admin->get_user_id(), $old_admin_users)))
150
		{
151
			$admin->print_header();
152
			$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);
153
		}
154

    
155
		// Get page details
156
		$sql  = 'SELECT * FROM `'.TABLE_PREFIX.'pages` ';
157
		$sql .= 'WHERE `page_id` = '.$page_id;
158
		$results = $database->query($sql);
159

    
160
		if($database->is_error())
161
		{
162
			// $admin->print_header();
163
			$admin->print_error($database->get_error());
164
		}
165
		if($results->numRows() == 0)
166
		{
167
			// $admin->print_header();
168
			$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);
169
		}
170
		$results_array = $results->fetchRow();
171

    
172
		// Set module permissions
173
		$module_permissions = $_SESSION['MODULE_PERMISSIONS'];
174

    
175
		// Unset block var
176
		unset($block);
177
		// Include template info file (if it exists)
178
		if($results_array['template'] != '')
179
		{
180
			$template_location = WB_PATH.'/templates/'.$results_array['template'].'/info.php';
181
		} else {
182
			$template_location = WB_PATH.'/templates/'.DEFAULT_TEMPLATE.'/info.php';
183
		}
184
		if(file_exists($template_location))
185
		{
186
			require($template_location);
187
		}
188
		// Check if $menu is set
189
		if(!isset($block[1]) || $block[1] == '')
190
		{
191
			// Make our own menu list
192
			$block[1] = $TEXT['MAIN'];
193
		}
194

    
195
		/*-- load css files with jquery --*/
196
		// include jscalendar-setup
197
		$jscal_use_time = true; // whether to use a clock, too
198
		require_once(WB_PATH."/include/jscalendar/wb-setup.php");
199

    
200
		// Setup template object, parse vars to it, then parse it
201
		// Create new template object
202
		$tpl = new Template(dirname($admin->correct_theme_source('pages_sections.htt')));
203
		// $template->debug = true;
204
		$tpl->set_file('page', 'pages_sections.htt');
205
		$tpl->set_block('page', 'main_block', 'main');
206
		$tpl->set_block('main_block', 'module_block', 'module_list');
207
		$tpl->set_block('main_block', 'section_block', 'section_list');
208
		$tpl->set_block('section_block', 'block_block', 'block_list');
209
		$tpl->set_block('main_block', 'calendar_block', 'calendar_list');
210
		$tpl->set_var('FTAN', $admin->getFTAN());
211

    
212
		// set first defaults and messages
213
		$tpl->set_var(array(
214
						'PAGE_ID' => $results_array['page_id'],
215
						// 'PAGE_IDKEY' => $admin->getIDKEY($results_array['page_id']),
216
						'PAGE_IDKEY' => $results_array['page_id'],
217
						'TEXT_PAGE' => $TEXT['PAGE'],
218
						'PAGE_TITLE' => ($results_array['page_title']),
219
						'MENU_TITLE' => ($results_array['menu_title']),
220
						'TEXT_CURRENT_PAGE' => $TEXT['CURRENT_PAGE'],
221
						'HEADING_MANAGE_SECTIONS' => $HEADING['MANAGE_SECTIONS'],
222
						'HEADING_MODIFY_PAGE' => $HEADING['MODIFY_PAGE'],
223
						'TEXT_CHANGE_SETTINGS' => $TEXT['CHANGE_SETTINGS'],
224
						'TEXT_ADD_SECTION' => $TEXT['ADD_SECTION'],
225
						'TEXT_ID' => 'ID',
226
						'TEXT_TYPE' => $TEXT['TYPE'],
227
						'TEXT_BLOCK' => $TEXT['BLOCK'],
228
						'TEXT_PUBL_START_DATE' => $TEXT{'PUBL_START_DATE'},
229
						'TEXT_PUBL_END_DATE' => $TEXT['PUBL_END_DATE'],
230
						'TEXT_ACTIONS' => $TEXT['ACTIONS'],
231
						'ADMIN_URL' => ADMIN_URL,
232
						'WB_URL' => WB_URL,
233
						'THEME_URL' => THEME_URL
234
						)
235
					);
236

    
237
		// Insert variables
238
		$tpl->set_var(array(
239
						'PAGE_ID' => $results_array['page_id'],
240
						// 'PAGE_IDKEY' => $admin->getIDKEY($results_array['page_id']),
241
						'PAGE_IDKEY' => $results_array['page_id'],
242
						'VAR_PAGE_TITLE' => $results_array['page_title'],
243
						'SETTINGS_LINK' => ADMIN_URL.'/pages/settings.php?page_id='.$results_array['page_id'],
244
						'MODIFY_LINK' => ADMIN_URL.'/pages/modify.php?page_id='.$results_array['page_id']
245
						)
246
					);
247

    
248
		$sql  = 'SELECT `section_id`,`module`,`position`,`block`,`publ_start`,`publ_end` ';
249
		$sql .= 'FROM `'.TABLE_PREFIX.'sections` ';
250
		$sql .= 'WHERE `page_id` = '.$page_id.' ';
251
		$sql .= 'ORDER BY `position` ASC';
252
		$query_sections = $database->query($sql);
253

    
254
		if($query_sections->numRows() > 0)
255
		{
256
			$num_sections = $query_sections->numRows();
257
			while($section = $query_sections->fetchRow())
258
		    {
259
				if(!is_numeric(array_search($section['module'], $module_permissions)))
260
		        {
261
					// Get the modules real name
262
		            $sql = 'SELECT `name` FROM `'.TABLE_PREFIX.'addons` ';
263
		            $sql .= 'WHERE `directory` = "'.$section['module'].'"';
264
		            if(!$database->get_one($sql) || !file_exists(WB_PATH.'/modules/'.$section['module']))
265
					{
266
						$edit_page = '<span class="module_disabled">'.$section['module'].'</span>';
267
					}else
268
					{
269
						$edit_page = '';
270
					}
271
					$sec_anchor = (defined( 'SEC_ANCHOR' ) && ( SEC_ANCHOR != '' )  ? SEC_ANCHOR : '');
272
					$edit_page_0 = '<a id="sid'.$section['section_id'].'" href="'.ADMIN_URL.'/pages/modify.php?page_id='.$results_array['page_id'];
273
					$edit_page_1  = ($sec_anchor!='') ? '#'.$sec_anchor.$section['section_id'].'">' : '">';
274
					$edit_page_1 .= $section['module'].'</a>';
275
					if(SECTION_BLOCKS)
276
		            {
277
						if($edit_page == '')
278
						{
279
							if(defined('EDIT_ONE_SECTION') && EDIT_ONE_SECTION)
280
							{
281
								$edit_page = $edit_page_0.'&amp;wysiwyg='.$section['section_id'].$edit_page_1;
282
							} else {
283
								$edit_page = $edit_page_0.$edit_page_1;
284
							}
285
						}
286
						$input_attribute = 'input_normal';
287
						$tpl->set_var(array(
288
								'STYLE_DISPLAY_SECTION_BLOCK' => ' style="visibility:visible;"',
289
								'NAME_SIZE' => 300,
290
								'INPUT_ATTRIBUTE' => $input_attribute,
291
								'VAR_SECTION_ID' => $section['section_id'],
292
								'VAR_SECTION_IDKEY' => $admin->getIDKEY($section['section_id']),
293
								// 'VAR_SECTION_IDKEY' => $section['section_id'],
294
								'VAR_POSITION' => $section['position'],
295
								'LINK_MODIFY_URL_VAR_MODUL_NAME' => $edit_page,
296
								'SELECT' => '',
297
								'SET_NONE_DISPLAY_OPTION' => ''
298
								)
299
							);
300
						// Add block options to the section_list
301
						$tpl->clear_var('block_list');
302
						foreach($block AS $number => $name)
303
		                {
304
							$tpl->set_var('NAME', htmlentities(strip_tags($name)));
305
							$tpl->set_var('VALUE', $number);
306
							$tpl->set_var('SIZE', 1);
307
							if($section['block'] == $number)
308
		                    {
309
								$tpl->set_var('SELECTED', ' selected="selected"');
310
							} else {
311
								$tpl->set_var('SELECTED', '');
312
							}
313
							$tpl->parse('block_list', 'block_block', true);
314
						}
315
					} else {
316
						if($edit_page == '')
317
						{
318
							$edit_page = $edit_page_0.'#wb_'.$edit_page_1;
319
						}
320
						$input_attribute = 'input_normal';
321
						$tpl->set_var(array(
322
								'STYLE_DISPLAY_SECTION_BLOCK' => ' style="visibility:hidden;"',
323
								'NAME_SIZE' => 300,
324
								'INPUT_ATTRIBUTE' => $input_attribute,
325
								'VAR_SECTION_ID' => $section['section_id'],
326
								'VAR_SECTION_IDKEY' => $admin->getIDKEY($section['section_id']),
327
								// 'VAR_SECTION_IDKEY' => $section['section_id'],
328
								'VAR_POSITION' => $section['position'],
329
								'LINK_MODIFY_URL_VAR_MODUL_NAME' => $edit_page,
330
								'NAME' => htmlentities(strip_tags($block[1])),
331
								'VALUE' => 1,
332
								'SET_NONE_DISPLAY_OPTION' => ''
333
								)
334
							);
335
					}
336
					// Insert icon and images
337
					$tpl->set_var(array(
338
								'CLOCK_16_PNG' => 'clock_16.png',
339
								'CLOCK_DEL_16_PNG' => 'clock_del_16.png',
340
								'DELETE_16_PNG' => 'delete_16.png'
341
								)
342
							);
343
					// set calendar start values
344
					if($section['publ_start']==0)
345
		            {
346
						$tpl->set_var('VALUE_PUBL_START', '');
347
					} else {
348
						$tpl->set_var('VALUE_PUBL_START', date($jscal_format, $section['publ_start']));
349
					}
350
					// set calendar start values
351
					if($section['publ_end']==0)
352
		            {
353
						$tpl->set_var('VALUE_PUBL_END', '');
354
					} else {
355
						$tpl->set_var('VALUE_PUBL_END', date($jscal_format, $section['publ_end']));
356
					}
357
					// Insert icons up and down
358
					if($section['position'] != 1 )
359
		            {
360
						$tpl->set_var(
361
									'VAR_MOVE_UP_URL',
362
									'<a href="'.ADMIN_URL.'/pages/move_up.php?page_id='.$page_id.'&amp;section_id='.$section['section_id'].'">
363
									<img src="'.THEME_URL.'/images/up_16.png" alt="{TEXT_MOVE_UP}" />
364
									</a>' );
365
					} else {
366
						$tpl->set_var(array(
367
									'VAR_MOVE_UP_URL' => ''
368
									)
369
								);
370
					}
371
					if($section['position'] != $num_sections ) {
372
						$tpl->set_var(
373
									'VAR_MOVE_DOWN_URL',
374
									'<a href="'.ADMIN_URL.'/pages/move_down.php?page_id='.$page_id.'&amp;section_id='.$section['section_id'].'">
375
									<img src="'.THEME_URL.'/images/down_16.png" alt="{TEXT_MOVE_DOWN}" />
376
									</a>' );
377
					} else {
378
						$tpl->set_var(array(
379
									'VAR_MOVE_DOWN_URL' => ''
380
									)
381
								);
382
					}
383
				} else {
384
				  continue;
385
				}
386

    
387
					$tpl->set_var(array(
388
									'DISPLAY_DEBUG' => ' style="visibility="visible;"',
389
									'TEXT_SID' => 'SID',
390
									'DEBUG_COLSPAN_SIZE' => 9
391
									)
392
								);
393
				if($debug)
394
		        {
395
					$tpl->set_var(array(
396
									'DISPLAY_DEBUG' => ' style="visibility="visible;"',
397
									'TEXT_PID' => 'PID',
398
									'TEXT_SID' => 'SID',
399
									'POSITION' => $section['position']
400
									)
401
								);
402
				} else {
403
					$tpl->set_var(array(
404
									'DISPLAY_DEBUG' => ' style="display:none;"',
405
									'TEXT_PID' => '',
406
									'POSITION' => ''
407
									)
408
								);
409
				}
410
				$tpl->parse('section_list', 'section_block', true);
411
			}
412
		}
413

    
414
		// now add the calendars -- remember to to set the range to [1970, 2037] if the date is used as timestamp!
415
		// the loop is simply a copy from above.
416
		$sql  = 'SELECT `section_id`,`module` FROM `'.TABLE_PREFIX.'sections` ';
417
		$sql .= 'WHERE page_id = '.$page_id.' ';
418
		$sql .= 'ORDER BY `position` ASC';
419
		$query_sections = $database->query($sql);
420

    
421
		if($query_sections->numRows() > 0)
422
		{
423
			$num_sections = $query_sections->numRows();
424
			while($section = $query_sections->fetchRow())
425
		    {
426
				// Get the modules real name
427
		        $sql  = 'SELECT `name` FROM `'.TABLE_PREFIX.'addons` ';
428
		        $sql .= 'WHERE `directory` = "'.$section['module'].'"';
429
		        $module_name = $database->get_one($sql);
430

    
431
				if(!is_numeric(array_search($section['module'], $module_permissions)))
432
		        {
433
					$tpl->set_var(array(
434
								'jscal_ifformat' => $jscal_ifformat,
435
								'jscal_firstday' => $jscal_firstday,
436
								'jscal_today' => $jscal_today,
437
								'start_date' => 'start_date'.$section['section_id'],
438
								'end_date' => 'end_date'.$section['section_id'],
439
								'trigger_start' => 'trigger_start'.$section['section_id'],
440
								'trigger_end' => 'trigger_stop'.$section['section_id']
441
								)
442
							);
443
					if(isset($jscal_use_time) && $jscal_use_time==TRUE) {
444
						$tpl->set_var(array(
445
								'showsTime' => "true",
446
								'timeFormat' => "24"
447
								)
448
							);
449
					}  else {
450
						$tpl->set_var(array(
451
								'showsTime' => "false",
452
								'timeFormat' => "24"
453
								)
454
							);
455
					}
456
				}
457
				$tpl->parse('calendar_list', 'calendar_block', true);
458
			}
459
		}
460

    
461
		// Work-out if we should show the "Add Section" form
462
		$sql  = 'SELECT `section_id` FROM `'.TABLE_PREFIX.'sections` ';
463
		$sql .= 'WHERE `page_id` = '.$page_id.' AND `module` = "menu_link"';
464
		$query_sections = $database->query($sql);
465
		if($query_sections->numRows() == 0)
466
		{
467
			// Modules list
468
		    $sql  = 'SELECT `name`,`directory`,`type` FROM `'.TABLE_PREFIX.'addons` ';
469
		    $sql .= 'WHERE `type` = "module" AND `function` = "page" AND `directory` != "menu_link" ';
470
		    $sql .= 'ORDER BY `name`';
471
		    $result = $database->query($sql);
472
		// if(DEBUG && $database->is_error()) { $admin->print_error($database->get_error()); }
473

    
474
			if($result->numRows() > 0)
475
		    {
476
				while ($module = $result->fetchRow())
477
		        {
478
					// Check if user is allowed to use this module   echo  $module['directory'],'<br />';
479
					if(!is_numeric(array_search($module['directory'], $module_permissions)))
480
		            {
481
						$tpl->set_var('VALUE', $module['directory']);
482
						$tpl->set_var('NAME', $module['name']);
483
						if($module['directory'] == 'wysiwyg')
484
		                {
485
							$tpl->set_var('SELECTED', ' selected="selected"');
486
						} else {
487
							$tpl->set_var('SELECTED', '');
488
						}
489
						$tpl->parse('module_list', 'module_block', true);
490
					} else {
491
					  continue;
492
					}
493
				}
494
			}
495
		}
496
		// Insert language text and messages
497
		$tpl->set_var(array(
498
							'TEXT_MANAGE_SECTIONS' => $HEADING['MANAGE_SECTIONS'],
499
							'TEXT_ARE_YOU_SURE' => $TEXT['ARE_YOU_SURE'],
500
							'TEXT_TYPE' => $TEXT['TYPE'],
501
							'TEXT_ADD' => $TEXT['ADD'],
502
							'TEXT_SAVE' =>  $TEXT['SAVE'],
503
							'TEXTLINK_MODIFY_PAGE' => $HEADING['MODIFY_PAGE'],
504
							'TEXT_CALENDAR' => $TEXT['CALENDAR'],
505
							'TEXT_DELETE_DATE' => $TEXT['DELETE_DATE'],
506
							'TEXT_ADD_SECTION' => $TEXT['ADD_SECTION'],
507
							'TEXT_MOVE_UP' => $TEXT['MOVE_UP'],
508
							'TEXT_MOVE_DOWN' => $TEXT['MOVE_DOWN']
509
							)
510
						);
511
		$tpl->parse('main', 'main_block', false);
512
		$tpl->pparse('output', 'page');
513
		// include the required file for Javascript admin
514
		if(file_exists(WB_PATH.'/modules/jsadmin/jsadmin_backend_include.php'))
515
		{
516
			include(WB_PATH.'/modules/jsadmin/jsadmin_backend_include.php');
517
		}
518
		break;
519
endswitch;
520

    
521
// Print admin footer
522
$admin->print_footer();
(18-18/22)