Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         pages
6
 * @author          Ryan Djurovich, WebsiteBaker Project
7
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
8
 * @link            http://www.websitebaker2.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id: settings_save.php 1849 2013-01-06 19:04:11Z Luisehahne $
13
 * @filesource      $HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/admin/pages/settings_save.php $
14
 * @lastmodified    $Date: 2013-01-06 20:04:11 +0100 (Sun, 06 Jan 2013) $
15
 *
16
 */
17

    
18
// Create new admin object and print admin header
19
if(!defined('WB_URL'))
20
{
21
    $config_file = realpath('../../config.php');
22
    if(file_exists($config_file) && !defined('WB_URL'))
23
    {
24
    	require($config_file);
25
    }
26
}
27
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
28

    
29
$lang_dir = dirname(__FILE__).'/languages/';
30
$lang = file_exists($lang_dir.LANGUAGE.'.php') ? LANGUAGE : 'EN';
31
//require_once($lang_dir.$lang.'.php');
32
if( !isset($TEXT['PAGE_LANG_LOADED']) ) { require($lang_dir.$lang.'.php'); }
33

    
34
// suppress to print the header, so no new FTAN will be set
35
$admin = new admin('Pages', 'pages_settings',false);
36
$pagetree_url = ADMIN_URL.'/pages/index.php';
37

    
38
// Get page id
39
if(!isset($_POST['page_id']) || (isset($_POST['page_id']) && preg_match('/[^0-9a-z]/i',$_POST['page_id'])) )
40
{
41
	header("Location: index.php");
42
	exit(0);
43
} else {
44
//	$page_id = $admin->checkIDKEY('page_id');
45
//	$page_id = (int)$_POST['page_id']; || preg_match('/[^0-9a-f]/i',$_POST['page_id'])
46
	if((!($page_id = $admin->checkIDKEY('page_id')))) {
47
		$admin->print_header();
48
		$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $pagetree_url);
49
	}
50
}
51

    
52
/*
53
if( (!($page_id = $admin->checkIDKEY('page_id', 0, $_SERVER['REQUEST_METHOD']))) )
54
{
55
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
56
}
57
*/
58
$target_url = ADMIN_URL.'/pages/settings.php?page_id='.$page_id;
59

    
60
if (!$admin->checkFTAN())
61
{
62
	$admin->print_header();
63
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$target_url);
64
}
65

    
66
// After check print the header
67
$admin->print_header();
68

    
69
if(isset($_POST['extendet_submit'])) {
70
//	$val = (((($page_exented=='1') ? $page_exented : 0)) + 1) % 2;
71
	$val = (defined('PAGE_EXTENDET') ? filter_var(PAGE_EXTENDET, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) : false);
72
	$sql  = (defined('PAGE_EXTENDET') ? 'UPDATE `' : 'INSERT INTO `') . TABLE_PREFIX . 'settings` SET ';
73
	$sql .= '`name`=\'page_extendet\', ';
74
	$sql .= '`value`=\''.($val ? 'false' : 'true').'\' ';
75
	$sql .= (defined('PAGE_EXTENDET') ? 'WHERE `name`=\'page_extendet\'' : '');
76
    if($database->query($sql)) {
77
        // redirect to backend
78
echo "<p style=\"text-align:center;\"> If the script</strong> could not be start automatically.\n" .
79
     "Please click <a style=\"font-weight:bold;\" " .
80
     "href=\"".$target_url."\">on this link</a> to start the script!</p>\n";
81
echo "<script type=\"text/javascript\">
82
<!--
83
// Get the location object
84
var locationObj = document.location;
85
// Set the value of the location object
86
document.location = '$target_url';
87
-->
88
</script>";
89

    
90
    } else {
91
    	$admin->print_error($database->get_error(), $target_url );
92
    }
93
}
94

    
95
// Include the WB functions file
96
if(!function_exists('directory_list')) { require(WB_PATH.'/framework/functions.php'); }
97

    
98
// Get values
99
$page_title = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('page_title')));
100
$menu_title = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('menu_title')));
101
$seo_title = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('seo_title')));
102
$page_code = intval($admin->get_post('page_code')) ;
103
$description = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->add_slashes($admin->get_post('description'))));
104
$keywords = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->add_slashes($admin->get_post('keywords'))));
105
$parent = intval($admin->get_post('parent')); // fix secunia 2010-91-3
106
$visibility = $admin->get_post_escaped('visibility');
107
if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) {$visibility = 'public';} // fix secunia 2010-93-3
108
$template = preg_replace('/[^a-z0-9_-]/i', "", $admin->get_post('template')); // fix secunia 2010-93-3
109
$template = (($template == DEFAULT_TEMPLATE ) ? '' : $template);
110
$target = preg_replace("/\W/", "", $admin->get_post('target'));
111
$aAdminGroups   = (isset($_POST['admin_groups']) ? $_POST['admin_groups'] : array('1'));
112
$aAdminUsers    = (isset($_POST['admin_users']) ? $_POST['admin_users'] : array());
113
$aViewingGroups = (isset($_POST['viewing_groups']) ? $_POST['viewing_groups'] : array('1'));
114
$aViewingUsers  = (isset($_POST['viewing_users']) ? $_POST['viewing_users'] : array());
115
$searching = intval($admin->get_post('searching'));
116
$language = strtoupper($admin->get_post('language'));
117
$language = (preg_match('/^[A-Z]{2}$/', $language) ? $language : DEFAULT_LANGUAGE);
118
$menu = intval($admin->get_post('menu')); // fix secunia 2010-91-3
119
$menu = ($menu==0) ? 1 : $menu;
120
$page_code = (isset($_POST['page_code']) ? intval($_POST['page_code']) : 0);
121
$sPageIcon = (isset($_POST['page_icon']) ? $_POST['page_icon'] : 0);
122
$sMenuIcon0 = (isset($_POST['menu_icon_0']) ? $_POST['menu_icon_0'] : 0);
123
$sMenuIcon1 = (isset($_POST['menu_icon_1']) ? $_POST['menu_icon_1'] : 0);
124

    
125
// Validate data
126
if($page_title == '' || substr($page_title,0,1)=='.')
127
{
128
	$admin->print_error($MESSAGE['PAGES_BLANK_PAGE_TITLE'],$target_url);
129
}
130
if($menu_title == '' || substr($menu_title,0,1)=='.')
131
{
132
	$admin->print_error($MESSAGE['PAGES_BLANK_MENU_TITLE'],$target_url);
133
}
134
if($seo_title == '' || substr($seo_title,0,1)=='.')
135
{
136
    $seo_title = $menu_title;
137
}
138

    
139
// Get existing perms
140
$sql  = 'SELECT `parent`,`link`,`position`,`admin_groups`,`admin_users`,`menu_title` ';
141
$sql .= 'FROM `'.TABLE_PREFIX.'pages` WHERE `page_id`='.$page_id;
142

    
143
$results = $database->query($sql);
144

    
145
$results_array = $results->fetchRow(MYSQL_ASSOC);
146
$old_parent = $results_array['parent'];
147
$old_link = $results_array['link'];
148
$old_position = $results_array['position'];
149

    
150
if($admin->ami_group_member('1')) {
151
	if(!$admin->ami_group_member($results_array['admin_groups']) &&
152
	   !$admin->is_group_match($admin->get_user_id(), $results_array['admin_users']))
153
	{
154
		$admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
155
	}
156
	// Setup admin groups
157
	$aAdminGroups = (is_array($aAdminGroups) ? $aAdminGroups : array(1));
158
	array_unshift($aAdminGroups, 1);
159
	$sAdminGroups = implode(',', array_unique($aAdminGroups));
160
	$sAdminGroups = (preg_match('/^,|[^0-9,]|,,|,$/', $sAdminGroups) ? '1' : $sAdminGroups);
161

    
162
	$aAdminUsers = (is_array($aAdminUsers) ? $aAdminUsers : array());
163
	$sAdminUsers = implode(',', array_diff($aAdminUsers, array(0)));
164
	$sAdminUsers = (preg_match('/^,|[^0-9,]|,,|,$/', $sAdminUsers) ? array() : $sAdminUsers);
165
}
166

    
167
$aViewingGroups = (is_array($aViewingGroups) ? $aViewingGroups : array(1));
168
array_unshift($aViewingGroups, 1);
169
$sViewingGroups = implode(',', array_unique($aViewingGroups));
170
$sViewingGroups = (preg_match('/^,|[^0-9,]|,,|,$/', $sViewingGroups) ? '1' : $sViewingGroups);
171

    
172
$aViewingUsers = (is_array($aViewingUsers) ? $aViewingUsers : array());
173
$sViewingUsers = implode(',', array_diff($aViewingUsers, array(0)));
174
$sViewingUsers = (preg_match('/^,|[^0-9,]|,,|,$/', $sViewingUsers) ? array() : $sViewingUsers);
175

    
176
$sPageIcon = (($sPageIcon == '0') ? '' : $sPageIcon);
177
if(!is_readable(WB_PATH.$sPageIcon)) { $sPageIcon = ''; }
178
$sMenuIcon0 = (($sMenuIcon0 == '0') ? '' : $sMenuIcon0);
179
if(!is_readable(WB_PATH.$sMenuIcon0)) { $sMenuIcon0 = ''; }
180
$sMenuIcon1 = (($sMenuIcon1 == '0') ? '' : $sMenuIcon1);
181
if(!is_readable(WB_PATH.$sMenuIcon1)) { $sMenuIcon1 = ''; }
182

    
183
// If needed, get new order
184
if($parent != $old_parent)
185
{
186
	// Include ordering class
187
	require(WB_PATH.'/framework/class.order.php');
188
	$order = new order(TABLE_PREFIX.'pages', 'position', 'page_id', 'parent');
189
	// Get new order
190
	$position = $order->get_new($parent);
191
	// Clean new order
192
	$order->clean($parent);
193
} else {
194
	$position = $old_position;
195
}
196

    
197
// Work out level and root parent
198
if ($parent!='0')
199
{
200
	$level = level_count($parent)+1;
201
	$root_parent = root_parent($parent);
202
} else {
203
// Work out level
204
    $level = level_count($page_id);
205
// Work out root parent
206
    $root_parent = root_parent($page_id);
207
}
208

    
209
$link = '/'.page_filename($seo_title);
210

    
211
// Work-out what the link should be
212
if($parent == '0') {
213
    if($link == '/index' || $link == '/intro')
214
    {
215
    	$link .= '_' .$page_id;
216
    	$filename = WB_PATH.PAGES_DIRECTORY.$link .PAGE_EXTENSION;
217

    
218
    } else {
219
        $filename = WB_PATH.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
220
    }
221
} else {
222
	$parent_section = '';
223
	$parent_titles = array_reverse(get_parent_titles($parent));
224

    
225
	foreach($parent_titles AS $parent_title)
226
    {
227
		$parent_section .= '/'.page_filename($parent_title);
228
	}
229

    
230
	if($parent_section == '/')
231
    {
232
      $parent_section = '';
233
    }
234

    
235
	$link = $parent_section.$link;
236
    $filename = WB_PATH.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
237
}
238

    
239
// Check if a page with same page filename exists
240
// $database = new database();
241
$sql = 'SELECT `page_id`,`page_title` FROM `'.TABLE_PREFIX.'pages` WHERE `link` = "'.$link.'" AND `page_id` != '.$page_id;
242

    
243
$get_same_page = $database->query($sql);
244

    
245
if($get_same_page->numRows() > 0)
246
{
247
	$admin->print_error($MESSAGE['PAGES_PAGE_EXISTS'], $target_url);
248
}
249

    
250
// Update page with new order
251
$sql = 'UPDATE `'.TABLE_PREFIX.'pages` SET `parent`='.$parent.', `position`='.$position.' WHERE `page_id`='.$page_id.'';
252
// $database = new database();
253
$database->query($sql);
254

    
255
// Get page trail
256
$page_trail = get_page_trail($page_id);
257

    
258
// Update page settings in the pages table
259
$sql = 'UPDATE `'.TABLE_PREFIX.'pages` '
260
     . 'SET `parent`='.$parent.', '
261
     .     '`page_title`=\''.$page_title.'\', '
262
     .     '`tooltip`=\''.$page_title.'\', '
263
     .     '`page_icon` =\''.mysql_real_escape_string($sPageIcon).'\', '
264
     .     '`menu_title`=\''.$menu_title.'\', '
265
     .     '`menu_icon_0` =\''.mysql_real_escape_string($sMenuIcon0).'\', '
266
     .     '`menu_icon_1` =\''.mysql_real_escape_string($sMenuIcon1).'\', '
267
     .     '`menu`='.$menu.', '
268
     .     '`level`='.$level.', '
269
     .     '`page_trail`=\''.$page_trail.'\', '
270
     .     '`root_parent`='.$root_parent.', '
271
     .     '`link`=\''.$link.'\', '
272
     .     '`template`=\''.$template.'\', '
273
     .     '`target`=\''.$target.'\', '
274
     .     '`description`=\''.$description.'\', '
275
     .     '`keywords`=\''.$keywords.'\', '
276
     .     '`position`='.$position.', '
277
     .     '`visibility`=\''.$visibility.'\', '
278
     .     '`searching`='.$searching.', '
279
     .     '`language`=\''.$language.'\', ';
280
if($admin->ami_group_member('1')) {
281
	$sql .= ''
282
	     . '`admin_groups`=\''.$sAdminGroups.'\', '
283
	     . '`admin_users`=\''.$sAdminUsers.'\', ';
284
}
285
    $sql .= ''
286
         . '`viewing_groups`=\''.$sViewingGroups.'\', '
287
         . '`viewing_users`=\''.$sViewingUsers.'\', '
288
         . '`page_code`='.$page_code.' '
289
         . 'WHERE `page_id`='.$page_id;
290

    
291
if(!$database->query($sql)) {
292
	$target_url = ADMIN_URL.'/pages/settings.php?page_id='.$page_id;
293
	$admin->print_error($database->get_error(), $target_url );
294
}
295

    
296
// Clean old order if needed
297
if($parent != $old_parent)
298
{
299
	$order->clean($old_parent);
300
}
301

    
302
/* BEGIN page "access file" code */
303

    
304
// Create a new file in the /pages dir if title changed
305
if(!is_writable(WB_PATH.PAGES_DIRECTORY.'/'))
306
{
307
	$admin->print_error($MESSAGE['PAGES_CANNOT_CREATE_ACCESS_FILE'], $target_url);
308
} else {
309
    $old_filename = WB_PATH.PAGES_DIRECTORY.$old_link.PAGE_EXTENSION;
310

    
311
	// First check if we need to create a new file
312
	if(($old_link != $link) || (!file_exists($old_filename)))
313
    {
314
		// Delete old file
315
		$old_filename = WB_PATH.PAGES_DIRECTORY.$old_link.PAGE_EXTENSION;
316
		if(file_exists($old_filename))
317
        {
318
			unlink($old_filename);
319
		}
320

    
321
		// Create access file
322
		create_access_file($filename,$page_id,$level);
323
        if(!file_exists($filename)) {
324
        	$admin->print_error($MESSAGE['PAGES_CANNOT_CREATE_ACCESS_FILE']);
325
        }
326
		// Move a directory for this page
327
		if(is_readable(WB_PATH.PAGES_DIRECTORY.$old_link.'/') && is_dir(WB_PATH.PAGES_DIRECTORY.$old_link.'/'))
328
        {
329
			rename(WB_PATH.PAGES_DIRECTORY.$old_link.'/', WB_PATH.PAGES_DIRECTORY.$link.'/');
330
		}
331
		// Update any pages that had the old link with the new one
332
		$old_link_len = strlen($old_link);
333
        $sql = '';
334
		$query_subs = $database->query("SELECT page_id,link,level FROM ".TABLE_PREFIX."pages WHERE link LIKE '%$old_link/%' ORDER BY LEVEL ASC");
335

    
336
		if($query_subs->numRows() > 0)
337
        {
338
			while($sub = $query_subs->fetchRow())
339
            {
340
				// Double-check to see if it contains old link
341
				if(substr($sub['link'], 0, $old_link_len) == $old_link)
342
                {
343
					// Get new link
344
					$replace_this = $old_link;
345
					$old_sub_link_len =strlen($sub['link']);
346
					$new_sub_link = $link.'/'.substr($sub['link'],$old_link_len+1,$old_sub_link_len);
347
					// Work out level
348
					$new_sub_level = level_count($sub['page_id']);
349
					// Update level and link
350
					$database->query("UPDATE ".TABLE_PREFIX."pages SET link = '$new_sub_link', level = '$new_sub_level' WHERE page_id = '".$sub['page_id']."' LIMIT 1");
351
					// Re-write the access file for this page
352
					$old_subpage_file = WB_PATH.PAGES_DIRECTORY.$new_sub_link.PAGE_EXTENSION;
353
					if(file_exists($old_subpage_file))
354
                    {
355
						unlink($old_subpage_file);
356
					}
357
                    $sAccessFile = WB_PATH.PAGES_DIRECTORY.$new_sub_link.PAGE_EXTENSION;
358
					create_access_file($sAccessFile, $sub['page_id'], $new_sub_level);
359
                    if(!file_exists($sAccessFile)) {
360
                    	$admin->print_error($MESSAGE['PAGES_CANNOT_CREATE_ACCESS_FILE']);
361
                    }
362

    
363
				}
364
			}
365
		}
366
	}
367
}
368

    
369
// using standard function by core,
370
function fix_page_trail($page_id) {
371
    global $database,$admin,$target_url,$pagetree_url,$MESSAGE;
372

    
373
    $target_url = (isset($_POST['back_submit'])) ? $pagetree_url : $target_url;
374

    
375
    // Work out level
376
    $level = level_count($page_id);
377
    // Work out root parent
378
    $root_parent = root_parent($page_id);
379
    // Work out page trail
380
    $page_trail = get_page_trail($page_id);
381
    // Update page with new level and link
382
    $sql  = 'UPDATE `'.TABLE_PREFIX.'pages` SET ';
383
    $sql .= '`root_parent` = '.$root_parent.', ';
384
    $sql .= '`level` = '.$level.', ';
385
    $sql .= '`page_trail` = "'.$page_trail.'" ';
386
    $sql .= 'WHERE `page_id` = '.$page_id;
387

    
388
    if($database->query($sql)) {
389
    	$admin->print_success($MESSAGE['PAGES_SAVED_SETTINGS'], $target_url );
390
    } else {
391
    	$admin->print_error($database->get_error(), $target_url );
392
    }
393
}
394

    
395
// Fix sub-pages page trail
396
fix_page_trail($page_id);
397

    
398
$admin->print_footer();
(22-22/23)