Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         settings
6
 * @author          WebsiteBaker Project
7
 * @copyright       2009-2013, WebsiteBaker Org. e.V.
8
 * @link            http://www.websitebaker.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id: save.php 2098 2014-02-11 01:37:03Z darkviper $
13
 * @filesource      $HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/admin/settings/save.php $
14
 * @lastmodified    $Date: 2014-02-11 02:37:03 +0100 (Tue, 11 Feb 2014) $
15
 *
16
 */
17

    
18
// prevent this file from being accessed directly in the browser (would set all entries in DB settings table to '')
19
if(!isset($_POST['default_language']) || $_POST['default_language'] == '') die(header('Location: index.php'));
20

    
21
// Find out if the user was view advanced options or not
22
$advanced = ($_POST['advanced'] == 'yes') ? '?advanced=yes' : '';
23

    
24
// Print admin header
25
//require('../../config.php');
26
//require_once(WB_PATH.'/framework/class.admin.php');
27

    
28
// Include config file
29
if (!defined('WB_URL')) {
30
	require('../../config.php');
31
}
32
$oDb = WbDatabase::getInstance();
33
$oTrans = Translate::getInstance();
34
$oTrans->enableAddon('admin\\settings');
35

    
36
require_once(WB_PATH.'/framework/functions.php');
37
// suppress to print the header, so no new FTAN will be set
38
if ($advanced == '') {
39
	$admin = new admin('Settings', 'settings_basic',false);
40
} else {
41
	$admin = new admin('Settings', 'settings_advanced',false);
42
}
43

    
44
// Create a javascript back link
45
$js_back = ADMIN_URL.'/settings/index.php'.$advanced;
46
if( !$admin->checkFTAN() )
47
{
48
	$admin->print_header();
49
	$admin->print_error($oTrans->MESSAGE_GENERIC_SECURITY_ACCESS, $js_back );
50
}
51
// After check print the header
52
$admin->print_header();
53
$oTrans->enableAddon('admin\\settings');
54
// Ensure that the specified default email is formally valid
55
if(isset($_POST['server_email']))
56
{
57
	$_POST['server_email'] = strip_tags($_POST['server_email']);
58
//    // $pattern = '/^[-a-z0-9~!$%^&*_=+}{\'?]+(\.[-a-z0-9~!$%^&*_=+}{\'?]+)*@([a-z0-9]([-a-z0-9_]?[a-z0-9])*(\.[-a-z0-9_]+)*\.(aero|arpa|biz|com|coop|edu|gov|info|int|mil|museum|name|net|org|pro|travel|mobi|[a-z]{2})|([1]?\d{1,2}|2[0-4]{1}\d{1}|25[0-5]{1})(\.([1]?\d{1,2}|2[0-4]{1}\d{1}|25[0-5]{1})){3})(:[0-9]{1,5})?\r/im';
59
//    $pattern = '/^[_a-zA-Z0-9-]+(\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*\.(([0-9]{1,3})|([a-zA-Z]{2,6}))$/';
60
//    if(false == preg_match($pattern, $_POST['server_email']))
61
	if(!$admin->validate_email($_POST['server_email']))
62
    {
63
		$admin->print_error($oTrans->MESSAGE_USERS_INVALID_EMAIL.
64
			'<br /><strong>Email: '.htmlentities($_POST['server_email']).'</strong>', $js_back);
65
	}
66
}
67

    
68
if($admin->StripCodeFromText($admin->get_post('wbmailer_routine'))=='smtp') {
69

    
70
	$checkSmtpHost = (($admin->StripCodeFromText($admin->get_post('wbmailer_smtp_host'))=='') ? false : true);
71
//	$checkSmtpHost = (isset($_POST['wbmailer_smtp_host']) && ($_POST['wbmailer_smtp_host']=='') ? false : true);
72
	$checkSmtpUser = (($admin->StripCodeFromText($admin->get_post('wbmailer_smtp_username'))=='') ? false : true);
73
//	$checkSmtpUser = (isset($_POST['wbmailer_smtp_username']) && ($_POST['wbmailer_smtp_username']=='') ? false : true);
74
	$checkSmtpPassword = (($admin->StripCodeFromText($admin->get_post('wbmailer_smtp_password'))=='') ? false : true);
75
//	$checkSmtpPassword = (isset($_POST['wbmailer_smtp_password']) && ($_POST['wbmailer_smtp_password']=='') ? false : true);
76

    
77
	if(!$checkSmtpHost || !$checkSmtpUser || !$checkSmtpPassword) {
78
		$admin->print_error($oTrans->TEXT_REQUIRED.' '.$oTrans->TEXT_WBMAILER_SMTP_AUTH.
79
			'<br /><strong>'.$oTrans->MESSAGE_GENERIC_FILL_IN_ALL.'</strong>', $js_back);
80
	}
81

    
82
}
83

    
84
// Work-out file mode
85
if($advanced == '')
86
{
87
	$file_mode = STRING_FILE_MODE;
88
	$dir_mode = STRING_DIR_MODE;
89
	// Check if should be set to 777 or left alone
90
//	if(isset($_POST['world_writeable']) && $_POST['world_writeable'] == 'true')
91
//    {
92
//		$file_mode = '0777';
93
//		$dir_mode = '0777';
94
//	} else {
95
//		$file_mode = STRING_FILE_MODE;
96
//		$dir_mode = STRING_DIR_MODE;
97
//	}
98
} else {
99
	$file_mode = STRING_FILE_MODE;
100
	$dir_mode = STRING_DIR_MODE;
101
	if($admin->get_user_id()=='1')
102
	{
103
		// Work-out the octal value for file mode
104
		$u = 0;
105
		if(isset($_POST['file_u_r']) && $_POST['file_u_r'] == 'true') {
106
			$u = $u+4;
107
		}
108
		if(isset($_POST['file_u_w']) && $_POST['file_u_w'] == 'true') {
109
			$u = $u+2;
110
		}
111
		if(isset($_POST['file_u_e']) && $_POST['file_u_e'] == 'true') {
112
			$u = $u+1;
113
		}
114
		$g = 0;
115
		if(isset($_POST['file_g_r']) && $_POST['file_g_r'] == 'true') {
116
			$g = $g+4;
117
		}
118
		if(isset($_POST['file_g_w']) && $_POST['file_g_w'] == 'true') {
119
			$g = $g+2;
120
		}
121
		if(isset($_POST['file_g_e']) && $_POST['file_g_e'] == 'true') {
122
			$g = $g+1;
123
		}
124
		$o = 0;
125
		if(isset($_POST['file_o_r']) && $_POST['file_o_r'] == 'true') {
126
			$o = $o+4;
127
		}
128
		if(isset($_POST['file_o_w']) && $_POST['file_o_w'] == 'true') {
129
			$o = $o+2;
130
		}
131
		if(isset($_POST['file_o_e']) && $_POST['file_o_e'] == 'true') {
132
			$o = $o+1;
133
		}
134
		$file_mode = "0".$u.$g.$o;
135
		// Work-out the octal value for dir mode
136
		$u = 0;
137
		if(isset($_POST['dir_u_r']) && $_POST['dir_u_r'] == 'true') {
138
			$u = $u+4;
139
		}
140
		if(isset($_POST['dir_u_w']) && $_POST['dir_u_w'] == 'true') {
141
			$u = $u+2;
142
		}
143
		if(isset($_POST['dir_u_e']) && $_POST['dir_u_e'] == 'true') {
144
			$u = $u+1;
145
		}
146
		$g = 0;
147
		if(isset($_POST['dir_g_r']) && $_POST['dir_g_r'] == 'true') {
148
			$g = $g+4;
149
		}
150
		if(isset($_POST['dir_g_w']) && $_POST['dir_g_w'] == 'true') {
151
			$g = $g+2;
152
		}
153
		if(isset($_POST['dir_g_e']) && $_POST['dir_g_e'] == 'true') {
154
			$g = $g+1;
155
		}
156
		$o = 0;
157
		if(isset($_POST['dir_o_r']) && $_POST['dir_o_r'] == 'true') {
158
			$o = $o+4;
159
		}
160
		if(isset($_POST['dir_o_w']) && $_POST['dir_o_w'] == 'true') {
161
			$o = $o+2;
162
		}
163
		if(isset($_POST['dir_o_e']) && $_POST['dir_o_e'] == 'true') {
164
			$o = $o+1;
165
		}
166
		$dir_mode = "0".$u.$g.$o;
167
	}
168
}
169

    
170
$allow_tags_in_fields = array(
171
    'website_header',
172
    'website_footer',
173
    'wbmail_signature'
174
    );
175
$allow_empty_values = array(
176
    'website_title',
177
    'website_description',
178
    'website_keywords',
179
    'website_header',
180
    'website_footer',
181
    'wbmail_signature',
182
    'wysiwyg_style',
183
    'pages_directory',
184
    'page_icon_dir',
185
    'rename_files_on_upload',
186
    'page_spacer',
187
    'page_icon_dir',
188
    );
189
$aPreventFromUpdate = array(
190
    'sp',
191
    'version',
192
//    'page_extension',
193
    'wb_version'
194
    );
195
$StripCodeFromInput = array(
196
    'website_title',
197
    'website_description',
198
    'website_keywords',
199
    'wbmail_signature',
200
    'wysiwyg_style',
201
    'pages_directory',
202
    'page_icon_dir',
203
    'media_directory',
204
    'page_extension',
205
    'rename_files_on_upload',
206
    'page_spacer',
207
    'page_icon_dir',
208
    );
209

    
210
// Query current settings in the db, then loop through them and update the db with the new value
211
//$settings = array();
212
//$old_settings = array();
213
// Query current settings in the db, then loop through them to get old values
214
$sql = 'SELECT `name`, `value` FROM `'.$oDb->TablePrefix.'settings` '
215
     . 'ORDER BY `name`';
216

    
217
if (($res_settings = $oDb->doQuery($sql))) {
218
	$iQueryStart = $oDb->QueryCount;
219
	while ($setting = $res_settings->fetchRow(MYSQL_ASSOC)) {
220
		$passed = false;
221
		$setting_name = $setting['name'];
222
//		$old_settings = $setting['value'];
223
//		$value = $admin->get_post($setting_name);
224
		if(($value = $admin->get_post($setting_name)) === null) { continue; }
225
//		$value = isset($_POST[$setting_name]) ? $value : $old_settings ;
226
		switch ($setting_name) {
227
			case 'default_timezone':
228
				$value = intval($value);
229
				$value = ( ($value >= -12 && $value <= 13) ? $value :0 ) * 3600;
230
				$passed = ($value != $setting['value']);
231
				break;
232
			case 'string_dir_mode':
233
				$value = $dir_mode;
234
				$passed = ($value != $setting['value']);
235
				break;
236
			case 'string_file_mode':
237
				$value = $file_mode;
238
	 			$passed = ($value != $setting['value']);
239
				break;
240
			case 'page_extension':
241
				$value = $admin->StripCodeFromText($value);
242
				if(!preg_match('/^\.[a-z][a-z0-9]+$/siu', $value)) {
243
					$value = '.php';
244
				}
245
				$passed = ($value != $setting['value']);
246
				break;
247
			case 'sec_anchor':
248
				$value = $admin->StripCodeFromText($value);
249
				$value = (($value=='') ? 'Sec' : $value);
250
	 			$passed = ($value != $setting['value']);
251
				break;
252
			case 'media_directory':
253
				$value = trim($value,'/');
254
				$value = ( ($value != '')  ? '/'.$value : '/media' ); 
255
	 			$passed = ($value != $setting['value']);
256
				break;
257
			 case 'pages_directory':
258
                $sql = 'SELECT COUNT(*) FROM `'.$oDb->TablePrefix.'pages`';
259
                if (!($oDb->getOne($sql))) {
260
                    $value = rtrim($admin->StripCodeFromText($value));
261
                    $passed = ($value != $setting['value']);
262
                }
263
                $value = trim($value,'/');
264
                $value = ( ($value != '')  ? '/'.$value : '' );
265
                break;
266
			default :
267
				if($value == '')  {
268
					$passed = ((in_array($setting_name, $allow_empty_values)) && ($value != $setting['value']));
269
				} else {
270
					if(in_array($setting_name, $StripCodeFromInput) ) {
271
						$value = trim($admin->StripCodeFromText($value));
272
					}
273
					$passed = (($value != '') && ($value != $setting['value']));
274
				}
275
				break;
276
		}
277

    
278
	    if (!in_array($setting_name, $allow_tags_in_fields))
279
	    {
280
	        $value = strip_tags($value);
281
	    }
282
		if (!in_array($setting_name, $aPreventFromUpdate) && $passed) {
283
	        $value = trim($database->escapeString($value));
284
	        $sql = 'UPDATE `'.TABLE_PREFIX.'settings` ';
285
	        $sql .= 'SET `value` = \''.($value).'\' ';
286
	        $sql .= 'WHERE `name` != \'wb_version\' ';
287
	        $sql .= 'AND `name` = \''.$setting_name.'\' ';
288
	        if (!$oDb->doQuery($sql)) {
289
				if($oDb->isError()) {
290
					$admin->print_error($oDb->getError, $js_back );
291
				}
292
	        } 
293
		}
294
	}
295
	$iQueriesDone = $oDb->QueryCount - $iQueryStart;
296
}
297

    
298
/**
299
 * now save search settings
300
 */
301
$StripCodeFromISearch = array(
302
    'search_header',
303
    'search_results_header',
304
    'search_results_loop',
305
    'search_results_footer',
306
    'search_footer',
307
    'search_module_order',
308
    'search_max_excerpt',
309
    'search_no_results',
310
    'search_time_limit',
311
    'search_max_excerpt',
312
    );
313
$allow_empty_values = array(
314
    'header',
315
    'results_header',
316
    'results_loop',
317
    'results_footer',
318
    'footer',
319
    'module_order',
320
    'no_results',
321
    );
322
$allow_tags_in_fields = array(
323
    'header',
324
    'results_header',
325
    'results_loop',
326
    'results_footer',
327
    'no_results',
328
    'footer',
329
    );
330

    
331
// Query current search settings in the db, then loop through them and update the db with the new value
332
$sql = 'SELECT `name`, `value` FROM `'.$oDb->TablePrefix.'search` '
333
     . 'WHERE `extra` =  \'\' ';
334
if (!($oSearch = $oDb->doQuery($sql))) {
335
    if ($oDb->isError()) {
336
    	$admin->print_error(explode(';',$oDb->getError()), $js_back );
337
    }
338
}
339

    
340
while($aSearch = $oSearch->fetchRow(MYSQL_ASSOC))
341
{
342
	$passed = false;
343
	$old_value = $aSearch['value'];
344
	$sSearchName = $aSearch['name'];
345
	$sPostName = 'search_'.$sSearchName;
346

    
347
    $value = $admin->get_post($sPostName);
348
    $value = isset($value) ?  $value : $old_value;
349
    if(in_array($sPostName, $StripCodeFromISearch) ) {
350
        $value = $admin->StripCodeFromText($value);
351
    }
352

    
353
/**
354
 *  hold old value if post is empty
355
 *  check search template
356
 */
357
	switch ($sSearchName) {
358
		case 'template':
359
 			$passed = true;
360
            $value =  ( !($admin->get_post($sPostName)) || ($value == DEFAULT_TEMPLATE ) ) ? '' : $admin->get_post($sPostName);
361
			break;
362
		case 'max_excerpt':
363
 			$passed = true;
364
        	if(preg_match('/[^0-9]+/i', $value)) {
365
                $value = $old_value;
366
        	}
367
			break;
368
		case 'time_limit':
369
            $passed = true;
370
        	if(preg_match('/[^0-9]+/i', $value)) {
371
                $value = $old_value;
372
        	}
373
			break;
374
		default :
375
        	$passed = ($admin->get_post($sPostName) || in_array($sSearchName, $allow_empty_values));
376
            if (!in_array($sSearchName, $allow_tags_in_fields)) {
377
                $value = strip_tags($value);
378
            }
379
			break;
380
	}
381

    
382
    if (($passed == true)) {
383
        $sql = 'UPDATE `'.$oDb->TablePrefix.'search` '
384
             . 'SET `value` = \''.$oDb->escapeString($value).'\' '
385
             . 'WHERE `name` = \''.$sSearchName.'\' AND `extra` = \'\' ';
386
		$oDb->doQuery($sql);
387
    }
388
}
389

    
390
// Check if there was an error updating the db
391
if($oDb->isError()) {
392
	$admin->print_error($oDb->getError, $js_back );
393
} else {
394
	$admin->print_success($oTrans->MESSAGE_SETTINGS_SAVED, $js_back );
395
}
396
$admin->print_footer();
(3-3/4)