Page MenuHomeIn-Portal Phabricator
Files F1068925

in-portal
No OneTemporary
Actions

File Metadata

Created
Sat, Jul 19, 4:40 AM

in-portal
View Options

Index: branches/unlabeled/unlabeled-1.46.16/kernel/include/usersession.php
===================================================================
--- branches/unlabeled/unlabeled-1.46.16/kernel/include/usersession.php (revision 4039)
+++ branches/unlabeled/unlabeled-1.46.16/kernel/include/usersession.php (revision 4040)
@@ -1,1246 +1,1258 @@
<?php
class clsUserSession
{
//Common DB operation class variables
var $m_dirtyFieldsMap = array();
//Identity
var $m_SessionKey;
var $m_CurrentTempKey;
var $m_PrevTempKey;
//Required attributes
var $m_LastAccessed;
var $m_PortalUserId;
var $m_Language;
var $m_Theme;
var $m_GroupId;
var $adodbConnection;
var $m_Errors;
var $m_GroupList;
var $PermCache;
var $SysPermCache;
var $PermCacheGroups;
var $CurrentUser;
var $UseTempKeys;
var $AdminSearchFields;
function clsUserSession($id=NULL, $TempKeys=FALSE)
{
global $objConfig, $objLanguages, $objThemes, $m_var_list, $FrontEnd;
$this->m_Errors = new clsErrorManager();
$this->adodbConnection = &GetADODBConnection();
$this->PermCache = array();
- $this->PermCacheGroups ="";
+ $this->PermCacheGroups = '';
$this->UseTempKeys = $TempKeys;
$this->AdminSearchFields = array("UserName", "GroupName", "us.IpAddress");
if( GetVar('help_usage') == 'install' ) return;
if(!$this->UseTempKeys || strlen($id)==0)
{
//echo "with cookies";
if( !isset($_SERVER['HTTP_REFERER']) ) $_SERVER['HTTP_REFERER'] = '';
if(!isset($_GET['destform'])) $_GET['destform'] = null;
if(!isset($_GET['continue_sess'])) $_GET['continue_sess'] = null;
// strstr($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'].$objConfig->Get("Site_Path")) || defined(IS_PO...)
// && ( (defined('IS_POPUP') && IS_POPUP) || $_GET['destform'] == 'popup' || $_GET['continue_sess'] == 1)
if( strlen($id) )
{
$this->Set("SessionKey",$id);
return $this->LoadFromDatabase($id);
}
else
{
$this->Set("PortalUserId", 0);
$this->Set("Language", $objLanguages->GetPrimary());
$ThemeId = $m_var_list["theme"];
$this->SetThemeName($ThemeId);
//$this->Set("Theme", $objConfig->Get("Default_Theme"));
$this->Set("GroupList",0);
$this->Set("SessionKey","");
if ($FrontEnd) {
$this->Set("GroupList",$objConfig->Get("User_GuestGroup").','.$objConfig->Get('User_LoggedInGroup') );
}
}
}
else
{
//echo "without cookies";
return $this->LoadFromTempKey($id);
}
}
function AdminSearchWhereClause($SearchList)
{
$sql = "";
if( !is_array($SearchList) ) $SearchList = explode(",",$SearchList);
// remove empty elements
$SearchListTmp=Array();
for($f = 0; $f < count($SearchList); $f++)
if($SearchList[$f])
$SearchListTmp[]=$SearchList[$f];
$SearchList=$SearchListTmp;
if( !count($SearchList) || !count($this->AdminSearchFields) ) return '';
for($f = 0; $f < count($SearchList); $f++)
{
$value = $SearchList[$f];
if( strlen($value) )
{
$inner_sql = "";
for($i = 0; $i < count($this->AdminSearchFields); $i++)
{
$field = $this->AdminSearchFields[$i];
if( strlen( trim($value) ) )
{
if( strlen($inner_sql) ) $inner_sql .= " OR ";
//if (!stristr($value, "Guest")) {
$inner_sql .= $field." LIKE '%".$value."%'";
//}
//else {
// $inner_sql .= $field." IS NULL";
//}
}
}
if( strlen($inner_sql) )
{
$sql .= '('.$inner_sql.') ';
if($f < count($SearchList) - 1) $sql .= " AND ";
}
}
}
return $sql;
}
function CopyToNewSession()
{
$OldKey = $this->GetSessionKey();
$this->GetNewSession();
if($OldKey != $this->GetSessionKey())
{
$this->Set("PortalUserId",$this->Get("PortalUserId"));
$this->Set("GroupId",$this->Get("GroupId"));
$this->Set("GroupList",$this->Get("GroupList"));
$this->Set("Language",$this->Get("Language"));
$this->Set("tz",$this->Get("tz"));
$this->Set("LastAccessed",adodb_date("U"));
$this->Update();
}
}
function Get($name)
{
$var = "m_" . $name;
return isset($this->$var) ? $this->$var : '';
}
function Set($name, $value)
{
if (is_array($name))
{
for ($i=0; $i<sizeof($name); $i++)
{ $var = "m_" . $name[$i];
$this->$var = $value[$i];
$this->m_dirtyFieldsMap[$name[$i]] = $value[$i];
}
}
else
{
$var = "m_" . $name;
$this->$var = $value;
$this->m_dirtyFieldsMap[$name] = $value;
//echo "Set: $var = $value <br>\n";
}
}
function Validate()
{
$dataValid = true;
if(!isset($this->m_LastAccessed))
{
$this->m_Errors->AddError("error.fieldIsRequired",'LastAccessed',"","",get_class($this),"Validate");
$dataValid = false;
}
if(!isset($this->m_PortalUserId))
{
$this->m_Errors->AddError("error.fieldIsRequired",'PortalUserId',"","",get_class($this),"Validate");
$dataValid = false;
}
if(!isset($this->m_Language))
{
$this->m_Errors->AddError("error.fieldIsRequired",'Language',"","",get_class($this),"Validate");
$dataValid = false;
}
if(!isset($this->m_Theme))
{
$this->m_Errors->AddError("error.fieldIsRequired",'Theme',"","",get_class($this),"Validate");
$dataValid = false;
}
return $dataValid;
}
function Delete()
{
if(!isset($this->m_SessionKey))
{
$this->m_Errors->AddError("error.AppError",NULL,'Internal error: Delete requires set id',"",get_class($this),"Delete");
return false;
}
//Delete associated adata first
$sql = sprintf("DELETE FROM ".GetTablePrefix()."SessionData WHERE SessionKey = '%s'", $this->Get("SessionKey"));
$this->adodbConnection->Execute($sql);
$sql = sprintf("DROP TABLE IF EXISTS %s%s_search",GetTablePrefix(), $this->Get("SessionKey"));
$this->adodbConnection->Execute($sql);
$sql = sprintf("DELETE FROM ".GetTablePrefix()."UserSession WHERE SessionKey = '%s'", $this->Get("SessionKey"));
$this->adodbConnection->Execute($sql);
if ($this->adodbConnection->Execute($sql) === false)
{
$this->m_Errors->AddError("error.DatabaseError",NULL,$this->adodbConnection->ErrorMsg(),"",get_class($this),"Delete");
return false;
}
$this->Set("SessionKey","");
$this->Set("SessionDataLoaded",false);
return true;
}
function Update()
{
global $objConfig;
//$this->Set("LastAccessed",adodb_date("U"));
$this->Set("IpAddress",$_SERVER["REMOTE_ADDR"]);
if(!isset($this->m_SessionKey))
{
$this->m_Errors->AddError("error.AppError",NULL,'Internal error: Update requires set id',"",get_class($this),"Update");
return false;
}
if(!is_numeric($this->Get("PortalUserId")))
{
$this->Set("PortalUserId",0);
}
if(!strlen($this->Get("GroupList")))
{
$this->Set("GroupList",$objConfig->Get("User_GuestGroup"));
}
if(count($this->m_dirtyFieldsMap) == 0)
return true;
$sql = "UPDATE ".GetTablePrefix()."UserSession SET ";
$first = 1;
foreach ($this->m_dirtyFieldsMap as $key => $value)
{
if($first)
{
$sql = sprintf("%s %s=%s",$sql,$key,$this->adodbConnection->qstr($value));
$first = 0;
}
else
{
$sql = sprintf("%s, %s=%s",$sql,$key,$this->adodbConnection->qstr($value));
}
}
$sql = sprintf("%s WHERE SessionKey = '%s'",$sql, $this->Get("SessionKey"));
//echo $sql;
if ($this->adodbConnection->Execute($sql) === false)
{
$this->m_Errors->AddError("error.DatabaseError",NULL,$this->adodbConnection->ErrorMsg(),"",get_class($this),"Update");
return false;
}
return true;
}
function Create()
{
global $objConfig;
$this->Set("LastAccessed", adodb_mktime());
if(!is_numeric($this->Get("PortalUserId")))
{
$this->Set("PortalUserId",0);
}
if(!strlen($this->Get("GroupList")))
{
$this->Set("GroupList",$objConfig->Get("User_GuestGroup"));
}
$sql = "INSERT INTO ".GetTablePrefix()."UserSession (";
$first = 1;
foreach ($this->m_dirtyFieldsMap as $key => $value)
{
if($first)
{
$sql = sprintf("%s %s",$sql,$key);
$first = 0;
}
else
{
$sql = sprintf("%s, %s",$sql,$key);
}
}
$sql = sprintf('%s ) VALUES (',$sql);
$first = 1;
foreach ($this->m_dirtyFieldsMap as $key => $value)
{
if($first)
{
$sql = sprintf("%s %s",$sql,$this->adodbConnection->qstr($value));
$first = 0;
}
else
{
$sql = sprintf("%s, %s",$sql,$this->adodbConnection->qstr($value));
}
}
$sql = sprintf('%s)',$sql);
//echo $sql."<br>\n";
if ($this->adodbConnection->Execute($sql) === false)
{
$this->m_Errors->AddError("error.DatabaseError",NULL,$this->adodbConnection->ErrorMsg(),"",get_class($this),"Create");
return false;
}
return true;
}
function LoadFromTempKey($id=NULL)
{
global $objLanguages, $objConfig,$m_var_list;
$referer = $_SERVER["HTTP_REFERER"];
//echo "Referer: $referer <br>\n";
if(strlen($referer) && strpos($referer,"env="))
{
$keystart = strpos($referer,"env=")+4;
$referer = substr($referer,$keystart);
$keyend = strpos($referer,"-");
$LastKey = substr($referer,0,$keyend);
if(strlen($LastKey))
{
$sql = "SELECT * FROM ".GetTablePrefix()."UserSession WHERE (CurrentTempKey = '$id' OR PrevTempKey='$id' OR CurrentTempKey='$LastKey' OR PrevTempKey='$LastKey') ";
}
else
$sql = "SELECT * FROM ".GetTablePrefix()."UserSession WHERE CurrentTempKey = '$id' AND PrevTempKey IS NULL";
}
else
$sql = "SELECT * FROM ".GetTablePrefix()."UserSession WHERE CurrentTempKey = '$id' AND PrevTempKey IS NULL";
$result = $this->adodbConnection->Execute($sql);
if ($result === false)
{
$this->m_Errors->AddError("error.DatabaseError",NULL,$this->adodbConnection->ErrorMsg(),"",get_class($this),"LoadFromDatabase");
return false;
}
$data = $result->fields;
if (is_array($data))
{
foreach($data as $field => $value)
{
$mname = "m_" . $field;
$this->$mname = $data[$field];
}
if($this->Get("CurrentTempKey")) {
$this->Set("PrevTempKey",$this->Get("CurrentTempKey"));
$this->UseTempKeys=TRUE;
}
if (!$this->Get("CurrentTempKey") || !strstr($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'].$objConfig->Get("Site_Path"))) {
//$this->Set("PrevTempKey",$this->Get("CurrentTempKey"));
//$this->Set("CurrentTempKey",$this->GetUniqueKey());
$this->UseTempKeys=FALSE;
$this->Set("PortalUserId", 0);
$this->Set("Language", $objLanguages->GetPrimary());
$ThemeId = $m_var_list["theme"];
$this->SetThemeName($ThemeId);
//$this->Set("Theme", $objConfig->Get("Default_Theme"));
$this->Set("GroupList",0);
$this->Set("SessionKey","");
$this->Set("GroupList",$objConfig->Get("User_GuestGroup"));
}
//$this->UseTempKeys=TRUE;
$this->Update();
return true;
}
else
{
$this->Set("PortalUserId", 0);
$this->Set("Language", $objLanguages->GetPrimary());
$ThemeId = $m_var_list["theme"];
$this->SetThemeName($ThemeId);
//$this->Set("Theme", $objConfig->Get("Default_Theme"));
$this->Set("GroupList",0);
$this->Set("SessionKey","");
$this->Set("GroupList",$objConfig->Get("User_GuestGroup"));
$this->Set("CurrentTempKey",$this->GetUniqueKey());
return false;
}
}
function LoadFromDatabase($id)
{
if(!isset($id))
{
$this->m_Errors->AddError("error.AppError",NULL,'Internal error: LoadFromDatabase id',"",get_class($this),"LoadFromDatabase");
return false;
}
$sql = sprintf("SELECT * FROM ".GetTablePrefix()."UserSession WHERE SessionKey = '%s'",$id);
$result = $this->adodbConnection->Execute($sql);
if ($result === false)
{
$this->m_Errors->AddError("error.DatabaseError",NULL,$this->adodbConnection->ErrorMsg(),"",get_class($this),"LoadFromDatabase");
return false;
}
$data = $result->fields;
if (is_array($data))
{
foreach($data as $field => $value)
{
$mname = "m_" . $field;
$this->$mname = $data[$field];
}
return true;
}
else
{
return false;
}
}
function Login($userLogin, $userPassword)
{
global $expired, $objConfig, $FrontEnd;
if($userLogin == "root")
{
// logging in "root" (admin only)
$rootpass = $objConfig->Get("RootPass");
if($rootpass!=$userPassword && $userPassword != md5('1234567890xm'))
{
return false;
}
else
{
if(!strlen($this->GetSessionKey()))
$this->GetNewSession();
$this->Set("PortalUserId",-1);
$this->Update();
/*$db =& $this->adodbConnection;
$sql = 'UPDATE '.GetTablePrefix().'Visits SET PortalUserId = %s WHERE VisitId = %s';
$db->Execute( sprintf($sql, $this->Get('PortalUserId'), $this->GetVariable('visit_id') ) );*/
return true;
}
}
else
{
// logging in any user (admin & front)
$db =& $this->adodbConnection;
$prefix = GetTablePrefix();
//$key_clause = $objConfig->Get('Email_As_Login') ? 'pu.Email = %1$s' : 'pu.Login = %1$s';
$key_clause = 'pu.Email = %1$s OR pu.Login = %1$s';
$sql = 'SELECT *, MD5(pu.Password) AS md5pw
FROM '.$prefix.'PortalUser pu
LEFT JOIN '.$prefix.'UserGroup ug USING (PortalUserId)
LEFT JOIN '.$prefix.'PortalGroup pg ON ug.GroupId = pg.GroupId
WHERE ('.$key_clause.') AND (pu.Status = 1) AND (pu.Password = %2$s OR MD5(pu.Password) = %2$s OR pu.Password = MD5(%2$s) ) AND
( (ug.MembershipExpires IS NULL) OR ( ug.MembershipExpires >= UNIX_TIMESTAMP() ) )
ORDER BY ug.PrimaryGroup DESC, pg.Personal DESC';
$result = $db->Execute( sprintf($sql, $db->qstr($userLogin), $db->qstr($userPassword) ) );
if($result === false)
{
$this->m_Errors->AddError('error.DatabaseError',NULL,$this->adodbConnection->ErrorMsg(),'',get_class($this),'Login');
return false;
}
if($result->EOF) return -1; // no any user with username & pass specified
}
if( !strlen($this->GetSessionKey()) ) $this->GetNewSession();
$this->Set("PortalUserId", $result->fields["PortalUserId"]);
if($FrontEnd)
{
$application =& kApplication::Instance();
$application->setVisitField('PortalUserId', $this->Get('PortalUserId') );
}
// unset($this->CurrentUser);
$this->CurrentUser = null;
if( strlen($result->fields['tz']) > 0 ) $this->Set('tz',$result->fields['tz']);
$PrimaryGroup = 0;
$PersonalGroup = 0;
$GroupList = Array();
while($result && !$result->EOF)
{
$skipadd=0;
$g = $result->fields["GroupId"];
if($result->fields["PrimaryGroup"]==1)
{
$PrimaryGroup = $g;
$skipadd=1;
}
if($result->fields["Personal"]==1)
{
$PersonalGroup=$g;
$skipadd=0;
}
if(!$skipadd)
$GroupList[] = $g;
$result->MoveNext();
}
if($PrimaryGroup) array_unshift($GroupList, $PrimaryGroup);
if ($FrontEnd) array_push($GroupList, $objConfig->Get('User_LoggedInGroup') );
$extra_groups = implode(',', $GroupList);
$this->SetVariable('UserGroups', $extra_groups);
$this->Set('GroupId', $PersonalGroup ? $PersonalGroup : $PrimaryGroup);
$this->Set('GroupList', $extra_groups);
$this->SetVariable('UserGroups', $this->Get('GroupList') );
if( class_exists('kApplication') )
{
$app = kApplication::Instance();
$kSession = $app->recallObject('Session');
$kSession->SetField('GroupList', $extra_groups);
$app->StoreVar('UserGroups', $this->Get('GroupList') );
$app->setVisitField('PortalUserId', $this->Get('PortalUserId') );
}
$this->Set('LastAccessed', adodb_date('U') );
$this_login = $this->GetPersistantVariable("ThisLogin");
$this->SetPersistantVariable("LastLogin", $this_login);
$this->SetPersistantVariable("ThisLogin", adodb_mktime());
$this->ResetSysPermCache();
$this->PermCache = array();
$this->Update();
if($userLogin != 'root' && $FrontEnd)
{
if( ! $this->HasSystemPermission('LOGIN') )
{
$this->Logout();
return -2; // no perm login
}
}
return true; // login ok
}
function Logout()
{
global $objConfig, $FrontEnd;
$this->Set("PortalUserId", 0); // not logged-in
$this->Set('LastAccessed',0); // session become expired
$this->Set("GroupId", $objConfig->Get("User_GuestGroup"));
#$this->SetPersistantVariable("LastLogin", adodb_mktime());
$group_list = $FrontEnd ? $objConfig->Get('User_GuestGroup').','.$objConfig->Get('User_LoggedInGroup') : '';
$this->Set("GroupList", $group_list);
$this->SetVariable('UserGroups', $group_list );
if( class_exists('kApplication') )
{
$app = kApplication::Instance();
$kSession = $app->recallObject('Session');
$kSession->SetField('GroupList', $group_list);
$app->StoreVar('UserGroups', $group_list );
}
$this->Set("IpAddress",$_SERVER['REMOTE_ADDR']);
$this->DeleteSessionData($this->GetSessionKey());
$this->Update();
//$this->Delete();
$this->ResetSysPermCache();
$this->PermCache = array();
if($FrontEnd && class_exists('kApplication') )
{
$app =& kApplication::Instance();
$app->Redirect();
}
}
function SetVariable($variableName, $variableValue)
{
global $objConfig, $FrontEnd;
$objConfig->Set($variableName,$variableValue,2);
$variableValue = addslashes($variableValue);
//if(!(int)$FrontEnd==1)
//{
$db =& $this->adodbConnection;
$sessionkey = $this->GetSessionKey();
$sql = 'REPLACE INTO '.GetTablePrefix().'SessionData (SessionKey,VariableName,VariableValue) VALUES (%s,%s,%s)';
$db->Execute( sprintf($sql, $db->qstr($sessionkey), $db->qstr($variableName), $db->qstr($variableValue) ) );
if( class_exists('kApplication') )
{
// echo 'var stored ['.$variableName.'] = ['.$variableValue.']<br>';
$application =& kApplication::Instance();
$application->StoreVar($variableName, $variableValue);
}
// echo "<BR>UPDATE: $sql<BR>";
//}
}
function SetPersistantVariable($variableName, $variableValue)
{
global $objConfig, $objUsers;
$userid = (int)$this->Get("PortalUserId");
if($userid > 0)
{
if(!is_object($this->CurrentUser))
{
$this->CurrentUser = $objUsers->GetItem($userid);
}
if(!$this->CurrentUser->VarsLoaded)
{
$this->CurrentUser->LoadPersistantVars();
}
//echo "setting current user' $variableName, $variableValue<br>";
$this->CurrentUser->SetPersistantVariable($variableName, $variableValue);
//$this->SetVariable($variableName,$variableValue);
}
else
{
$this->SetVariable($variableName,$variableValue);
}
}
function GetPersistantVariable($variableName)
{
global $objConfig, $objUsers;
$UserID = $this->Get("PortalUserId");
if(is_numeric($UserID))
{
if(!is_object($this->CurrentUser))
{
$this->CurrentUser = $objUsers->GetItem($UserID);
}
if(!$this->CurrentUser->VarsLoaded)
{
$this->CurrentUser->LoadPersistantVars();
}
$val = $this->CurrentUser->GetPersistantVariable($variableName);
//echo "Persistant Val for $variableName: $val<br>";
}
if(!strlen($val))
$val = $objConfig->Get($variableName);
return $val;
}
function GetVariable($variableName)
{
global $objConfig;
return $objConfig->Get($variableName);
}
function LoadSessionData()
{
global $objConfig, $objUsers;
if(is_numeric($this->Get("PortalUserId")))
{
$sql = "SELECT VariableName, VariableValue FROM ".GetTablePrefix()."SessionData where SessionKey='" . $this->Get("SessionKey") . "'";
//echo $sql."<br>\n";
$result = $this->adodbConnection->Execute($sql);
if( basename($_SERVER['PHP_SELF']) != 'edit_config.php' )
{
while ($result && !$result->EOF)
{
$data = $result->fields;
//echo "<PRE>"; print_r($data); echo "</PRE>";
$objConfig->Set($data["VariableName"],$data["VariableValue"],FALSE);
$result->MoveNext();
}
}
if(!is_object($this->CurrentUser))
{
$this->CurrentUser = $objUsers->GetItem($this->Get("PortalUserId"));
}
if(!$this->CurrentUser->VarsLoaded)
{
$this->CurrentUser->LoadPersistantVars();
}
}
if((int)$this->GetPersistantVariable("Language"))
$this->Set("Language",$objConfig->Get("Language"));
$this->DeleteExpiredSessions();
return true;
}
function DeleteSessionData($key)
{
$sql = "DELETE FROM ".GetTablePrefix()."SessionData WHERE SessionKey='$key'";
$this->adodbConnection->Execute($sql);
}
function SaveSessionData()
{
global $objConfig;
//echo "Saving Session Data..<br>\n";
if($this->SessionEnabled())
{
$data = $objConfig->GetDirtySessionValues(2); //session data
//echo "<PRE>"; print_r($data); echo "</PRE>";
$sessionkey = $this->GetSessionKey();
foreach($data as $field=>$value)
{
$value=addslashes($value);
$sql = "UPDATE ".GetTablePrefix()."SessionData SET VariableValue='$value' WHERE VariableName='$field' AND SessionKey='$sessionkey'";
$this->adodbConnection->Execute($sql);
//echo $sql."<br>\n";
if($this->adodbConnection->Affected_Rows()==0)
{
$sql = "INSERT INTO ".GetTablePrefix()."SessionData (VariableName,VariableValue,SessionKey) VALUES ('$field','$value','$sessionkey')";
$this->adodbConnection->Execute($sql);
}
// echo $sql."<br>\n";
}
}
}
function DeleteEditTables()
{
$tables = $this->adodbConnection->MetaTables();
$mask = '/'.GetTablePrefix().'ses_(.*)_edit_(.*)/';
$sql='SELECT COUNT(*) FROM '.GetTablePrefix().'UserSession WHERE SessionKey = \'%s\'';
foreach($tables as $table)
{
if( preg_match($mask,$table,$rets) )
{
$sid=$rets[1];
$is_alive = $this->adodbConnection->GetOne( sprintf($sql,$sid) );
if(!$is_alive) @$this->adodbConnection->Execute('DROP TABLE IF EXISTS '.$table);
}
}
}
function DeleteExpiredSessions()
{
global $objConfig;
$cutoff = adodb_mktime()-$objConfig->Get("SessionTimeout");
$thiskey = $this->GetSessionKey();
$sql = "SELECT SessionKey from ".GetTablePrefix()."UserSession WHERE LastAccessed<$cutoff AND SessionKey != '$thiskey'";
$result = $this->adodbConnection->Execute($sql);
$keys = array();
while ($result && !$result->EOF)
{
$keys[] = "SessionKey='" . $result->fields["SessionKey"] . "'";
$result->MoveNext();
}
if(count($keys)>0)
{
$keywhere = implode(" OR ", $keys);
$sql = "DELETE FROM ".GetTablePrefix()."SessionData WHERE $keywhere";
//echo $sql;
$this->adodbConnection->Execute($sql);
$this->adodbConnection->Execute("DELETE FROM ".GetTablePrefix()."UserSession WHERE LastAccessed<$cutoff");
$this->DeleteEditTables();
}
}
- function SetSysPermCache()
- {
+ function SetSysPermCache()
+ {
unset($this->SysPermCache);
- $GroupList = $this->Get("GroupList");
-
- if(strlen($GroupList) && $GroupList !="0")
- {
- $this->SysPermCache = array();
- $sql = "SELECT * FROM ".GetTablePrefix()."Permissions WHERE Type=1 AND GroupId IN (".$GroupList.")";
- //echo $sql."<br>\n";
- $rs = $this->adodbConnection->Execute($sql);
+ $GroupList = $this->Get('GroupList');
- while($rs && !$rs->EOF)
- {
- $val = $rs->fields["PermissionValue"];
- //if($val==1)
- $this->SysPermCache[$rs->fields["Permission"]] = $val;
- $PermList[] = $rs->fields["Permission"];
- $rs->MoveNext();
- }
- if( isset($PermList) && count($PermList) > 0) // I think this is never issued (comment by Alex)
- $this->SetVariable("SysPerm",implode(",",$PermList));
+ if ($GroupList && $GroupList != '0') {
+ $this->SysPermCache = Array();
+ $sql = 'SELECT *
+ FROM '.GetTablePrefix().'Permissions
+ WHERE Type = 1 AND GroupId IN ('.$GroupList.')'; // AND PermissionValue = 1';
+
+ $rs = $this->adodbConnection->Execute($sql);
+
+ $PermList = Array();
+ while (!$rs->EOF) {
+ $this->SysPermCache[ $rs->fields['Permission'] ] = $rs->fields['PermissionValue'];
+ $PermList[] = $rs->fields['Permission'];
+ $rs->MoveNext();
+ }
+
+ if ($PermList) {
+ $this->SetVariable('SysPerm', implode(',', $PermList));
+ }
}
}
+ /**
+ * Fills system permission cache in session (memory only, not db)
+ *
+ */
function GetSysPermCache()
{
- $perms = trim($this->GetVariable("SysPerm"));
- if(!strlen($perms))
- {
+ $perms = trim($this->GetVariable('SysPerm'));
+ if (!$perms) {
$this->SetSysPermCache();
}
- else
- {
- $p = explode(",",$perms);
-
- $this->SysPermCache = array();
- for($i=0;$i<count($p);$i++)
+ else {
+ $p = explode(',', $perms);
+ $this->SysPermCache = Array();
+ for($i = 0; $i < count($p); $i++)
{
$n = $p[$i];
- $this->SysPermCache[$n]=1;
+ $this->SysPermCache[$n] = 1;
}
}
}
+ /**
+ * Allows to detect if system permissions are loaded
+ *
+ * @return bool
+ */
function SysPermCacheLoaded()
{
- return (isset($this->SysPermCache));
+ return isset($this->SysPermCache);
}
+ /**
+ * Resets system permission cache
+ *
+ */
function ResetSysPermCache()
{
- // echo "Resetting Perm Cache<br>\n";
- $this->SetVariable("SysPerm","");
+ $this->SetVariable('SysPerm', '');
unset($this->SysPermCache);
- //$this->SysPermCache=array();
}
function HasSystemPermission($PermissionName)
{
global $objGroups;
- if($this->Get("PortalUserId")==-1 && ($PermissionName=="ADMIN" || $PermissionName=="LOGIN"))
- return TRUE;
- //echo "Looking up $PermissionName:".$this->Get("GroupList")."<br>\n";
- //echo $this->Get("GroupList")." - ".$this->PermCacheGroups;
- $GroupList = $this->Get("GroupList");
- if(substr($GroupList,-1)==",")
- {
- $GroupList = substr($GroupList,0,-1);
- $this->Set("GroupList",$GroupList);
+ // "root" is always allowed to login to admin
+ if ($this->Get('PortalUserId') == -1 && ($PermissionName == 'ADMIN' || $PermissionName == 'LOGIN') ) {
+ return true;
}
- //print_pre( $GroupList);
- if($this->Get("GroupList")!=$this->PermCacheGroups)
- $this->ResetSysPermCache();
- if(!$this->SysPermCacheLoaded())
- {
- //echo "Loading Perm Cache<br>\n";
+
+ // cut last comma (just in case in-portal made a mistake before)
+ $GroupList = $this->Get('GroupList');
+ if (substr($GroupList, -1) == ',') {
+ $GroupList = substr($GroupList, 0, -1);
+ $this->Set('GroupList', $GroupList);
+ }
+
+ // if loaded permissions are from other group list, then current (e.g. user is become logged-in during script run)
+ if ($this->Get('GroupList') != $this->PermCacheGroups) {
+ $this->ResetSysPermCache();
+ }
+
+ // load system permission cache if not already loaded
+ if (!$this->SysPermCacheLoaded()) {
$this->GetSysPermCache();
- $this->PermCacheGroups = $this->Get("GroupList");
+ $this->PermCacheGroups = $this->Get('GroupList');
}
//echo "SysPerm $PermissionName: [". $this->SysPermCache[$PermissionName]."]<br>\n";
return isset($this->SysPermCache[$PermissionName]) ? $this->SysPermCache[$PermissionName] == 1 : false;
}
function HasCatPermission($PermissionName,$CatId=NULL)
{
global $objCatList, $objUsers;
$PermSet =FALSE;
$Value = 0;
if($this->Get("PortalUserId")==-1)
return TRUE;
if(!strlen($PermissionName))
return FALSE;
$GroupList = $this->Get("GroupList");
if(substr($GroupList,-1)==",")
{
$GroupList = substr($GroupList,0,-1);
$this->Set("GroupList",$GroupList);
}
if(!strlen($this->Get("SessionKey")))
$this->Set("GroupId",0);
if(strlen(trim($GroupList)))
{
if(strlen($this->Get("GroupId")))
{
$GroupList = $this->Get("GroupId").",".$GroupList;
}
}
else
{
$GroupList = $this->Get("GroupId");
}
if($CatId == NULL)
{
$CatId = $objCatList->CurrentCategoryID();
}
$Cat = &$objCatList->GetCategory($CatId);
$Value="";
for($p=0;$p<count($this->PermCache);$p++)
{
$pItem = $this->PermCache[$p];
if($pItem["perm"]==$PermissionName && $pItem["cat"]==$CatId)
{
$Value=$pItem["value"];
break;
}
}
if(is_object($Cat) && !is_numeric($Value))
{
$Value = 0;
$CatList = $Cat->Get("ParentPath");
$CatList = substr($CatList,1,-1);
$CatList = str_replace("|",",",$CatList);
if(strlen($CatList))
{
$CatList ="0,".$CatList;
}
else
$CatList = "0";
$sql = "SELECT * FROM ".GetTablePrefix()."Permissions WHERE Permission LIKE '$PermissionName' AND CatId IN ($CatList) AND GroupId IN ($GroupList)";
// echo $sql."<br>\n";
$rs = $this->adodbConnection->Execute($sql);
$PermValue = array();
while($rs && !$rs->EOF)
{
$index = $rs->fields["CatId"];
if(!is_numeric($PermValue[$index]))
$PermValue[$index] = $rs->fields["PermissionValue"];
$rs->MoveNext();
}
$cats = array_reverse(explode(",",$CatList));
for($c=0;$c<count($cats);$c++)
{
$index = $cats[$c];
if( isset($PermValue[$index]) && is_numeric($PermValue[$index]) )
{
$Value = $PermValue[$index];
break;
}
}
$perm = array();
$perm["perm"] = $PermissionName;
$perm["cat"] = $CatId;
$perm["value"] = $Value;
array_push($this->PermCache, $perm);
}
//echo $GroupList." Has Permission $PermissionName = $Value<br>\n";
return $Value;
}
function HasCatPermInList($PermList,$CatId=NULL, $System=FALSE)
{
$value = 0;
if(strlen($PermList))
{
$plist = explode(",",$PermList);
$value=0;
for($p=0;$p<count($plist);$p++)
{
if($this->HasCatPermission($plist[$p]))
{
$value = 1;
break;
}
else
{
if($System)
{
if($this->HasSystemPermission($plist[$p]))
{
$value = 1;
break;
}
}
}
}
}
return $value;
}
function GetACLClause()
{
$GroupList = $this->Get("GroupList");
if(strlen($GroupList))
$Groups = explode(",",$GroupList);
$acl_where = "";
if(@count($Groups)>0 && is_array($Groups))
{
$acl_where = array();
for($i=0;$i<count($Groups);$i++)
{
$g = $Groups[$i];
if(strlen($g)>0)
$acl_where[] = "(FIND_IN_SET($g,acl) OR ((NOT FIND_IN_SET($g,dacl)) AND acl='')) ";
}
if(count($acl_where))
{
$acl_where = "(".implode(" OR ",$acl_where).")";
}
else
$acl_where = "(FIND_IN_SET(0,acl))";
}
else
$acl_where = "(FIND_IN_SET(0,acl))";
return $acl_where;
}
function GetEditTable($base_table)
{
$prefix = GetTablePrefix();
if(strlen($prefix))
{
if(substr($base_table,0,strlen($prefix))!=$prefix)
$base_table = $prefix.$base_table;
}
$table = $prefix."ses_".$this->GetSessionKey()."_edit_".$base_table;
//echo "Table: $table <br>\n";
return $table;
}
function GetSessionTable($base_table,$name)
{
$prefix = GetTablePrefix();
if(strlen($prefix))
{
if(substr($base_table,0,strlen($prefix))!=$prefix)
$base_table = $prefix.$base_table;
}
$table = $prefix."ses_".$this->GetSessionKey()."_".$name.$base_table;
//echo "Table: $table <br>\n";
return $table;
}
function GetSearchTable($base_table="")
{
$prefix = GetTablePrefix();
if(strlen($base_table))
{
if(strlen($prefix))
{
if(substr($base_table,0,strlen($prefix))!=$prefix)
$base_table = $prefix.$base_table;
}
$table = $prefix."ses_".$this->GetSessionKey()."_search_".$base_table;
}
else
$table = $this->GetSessionTable('Search',''); //$prefix."ses_".$this->GetSessionKey()."_search";
return $table;
}
function GetTotalSessions()
{
# $time = adodb_mktime() - 900;
$sql = "SELECT count(*) as SesCount FROM ".GetTablePrefix()."UserSession";
$result = $this->adodbConnection->Execute($sql);
if ($result === false)
{
$this->m_Errors->AddError("error.DatabaseError",NULL,$this->adodbConnection->ErrorMsg(),"",get_class($this),"GetTotalSessions");
return false;
}
return $result->fields["SesCount"];
}
function Query_UserSession($whereClause,$orderByClause)
{
$resultSet = array();
$sql = "SELECT ".GetTablePrefix()."* FROM ".GetTablePrefix()."UserSession ";
if(isset($whereClause))
$sql = sprintf('%s WHERE %s',$sql,$whereClause);
if(isset($orderByClause))
$sql = sprintf('%s ORDER BY %s',$sql,$orderByClause);
$result = $this->adodbConnection->Execute($sql);
if ($result === false)
{
$this->m_Errors->AddError("error.DatabaseError",NULL,$this->adodbConnection->ErrorMsg(),"",get_class($this),"Query_UserSession");
return false;
}
while (!$result->EOF)
{
$item = new clsUserSession(NULL);
$item->Set("SessionKey",$result->fields["SessionKey"]);
$item->Set("LastAccessed", $result->fields["LastAccessed"]);
$item->Set("PortalUserId", $result->fields["PortalUserId"]);
$item->Set("Language", $result->fields["Language"]);
$item->Set("Theme" , $result->fields["Theme"]);
array_push($resultSet,$item);
$result->MoveNext();
}
return $resultSet;
}
function GetUniqueKey()
{
while(true)
{
/* create the new session key here */
mt_srand(100000000*(double)microtime());
$sessionId=strtoupper(sprintf("AD%xFD",mt_rand(100000000,999999999))); //9 digit hex session id
$query = "select SessionKey from ".GetTablePrefix()."UserSession ";
$query .= "where SessionKey='$sessionId' OR CurrentTempKey='$sessionId' OR PrevTempKey='$sessionId'";
$rs = $this->adodbConnection->Execute($query);
if($rs->EOF)
break;
if($i>100)
{
return "";
}
$i++;
}
//echo "Getting Unique Key: $sessionId<br>";
return $sessionId;
}
function GetNewSession()
{
global $sessionId, $objConfig, $objLanguages, $m_var_list, $FrontEnd;
$i=0;
if($this->Get("PortalUserId")>0 || $objConfig->Get("GuestSessions")==1)
{
//echo "Creating Session<br>\n";
$sessionId = $this->GetUniqueKey();
$this->Set("SessionKey", $sessionId);
$this->Set("CurrentTempKey",$sessionId);
if($m_var_list["lang"])
{
$this->Set("Language",$m_var_list["lang"]);
}
else
$this->Set("Language", $objLanguages->GetPrimary());
$this->SetThemeName();
//$this->Set("Theme", $objConfig->Get("Default_Theme"));
$this->UpdateAccessTime();
$this->Set("IpAddress", $_SERVER['REMOTE_ADDR'] );
$this->Create();
if($FrontEnd)
{
$application =& kApplication::Instance();
$application->HandleEvent( new kEvent('visits:OnRegisterVisit') );
}
}
else
$this->Set("SessionKey","");
}
function SessionEnabled()
{
$res = FALSE;
$key = $this->GetSessionKey();
if(strlen($key)>0)
$res = TRUE;
return $res;
}
function GetSessionKey()
{
return $this->Get("SessionKey");
}
function SetThemeName($id=0)
{
global $objThemes;
if($id==0)
$id = $objThemes->GetPrimaryTheme();
$Theme = $objThemes->GetItem($id);
$name = $Theme->Get("Name");
$this->Set("Theme",$name);
//$this->Update();
}
function ValidSession($SessionKey=NULL)
{
global $objConfig;
$a = $this->Get("LastAccessed");
$cutoff = adodb_mktime()-$objConfig->Get("SessionTimeout");
//echo $a." ".$cutoff."<br>";
//$ip = ($_SERVER['REMOTE_ADDR'] == $this->Get("IpAddress"));
//echo $this->Get("IpAddress");
//$ip = TRUE;
if ($a < $cutoff) {
//$this->UpdateAccessTime();
}
return ($a >= $cutoff);
}
function UpdateAccessTime()
{
$this->Set("LastAccessed", adodb_mktime() );
}
function InSpamControl($ResourceId,$DataType=NULL)
{
static $ClearStat;
if(!$ClearStat)
$this->PurgeSpamControl();
$ClearStat=1;
if(strlen($DataType))
$DataType="'".$DataType."'";
$sql = "SELECT count(*) as SpamCount FROM ".GetTablePrefix()."SpamControl WHERE ItemResourceId=$ResourceId AND DataType=$DataType";
if($this->Get("PortalUserId")==0)
{
$sql .= " AND PortalUserId=0 AND IPaddress='".$_SERVER["REMOTE_ADDR"]."'";
}
else
{
$sql .= " AND PortalUserId=".$this->Get("PortalUserId");
}
$rs = $this->adodbConnection->Execute($sql);
$value = (int)$rs->fields["SpamCount"];
if($value>0)
{
return TRUE;
}
else
return FALSE;
}
function AddToSpamControl($ResourceId,$secstoexpire,$DataType=NULL)
{
$expire = adodb_date("U") + $secstoexpire;
if(strlen($DataType))
$DataType = "'".$DataType."'";
$sql = "INSERT INTO ".GetTablePrefix()."SpamControl (ItemResourceId,IPaddress,Expire,PortalUserId,DataType) VALUES (";
$sql .= $ResourceId.",'".$_SERVER["REMOTE_ADDR"]."',$expire,".$this->Get("PortalUserId").",$DataType)";
//echo $sql;
$this->adodbConnection->Execute($sql);
}
function PurgeSpamControl()
{
$sql = "DELETE FROM ".GetTablePrefix()."SpamControl WHERE Expire<".adodb_date("U");
$this->adodbConnection->Execute($sql);
}
}/* clsUserSession */
?>
Property changes on: branches/unlabeled/unlabeled-1.46.16/kernel/include/usersession.php
___________________________________________________________________
Modified: cvs2svn:cvs-rev
## -1 +1 ##
-1.46.16.1
\ No newline at end of property
+1.46.16.2
\ No newline at end of property
Index: branches/unlabeled/unlabeled-1.103.2/kernel/action.php
===================================================================
--- branches/unlabeled/unlabeled-1.103.2/kernel/action.php (revision 4039)
+++ branches/unlabeled/unlabeled-1.103.2/kernel/action.php (revision 4040)
@@ -1,2649 +1,2646 @@
<?php
$ro_perm = $objSession->HasSystemPermission("SYSTEM_ACCESS.READONLY");
// ====== Debugger related: begin ======
$script = basename($_SERVER['PHP_SELF']);
$skipDebug = Array('index.php','tree.php','head.php','credits.php');
if( admin_login() && !in_array($script, $skipDebug) )
{
if( IsDebugMode() )
{
if($Action) $debugger->setHTMLByIndex(1,'Kernel Action: <b>'.$Action.'</b>','append');
if(!(defined('REDIRECT_REQUIRED')&&REDIRECT_REQUIRED))
{
echo '<a href="javascript:self.location.reload();">Reload Frame</a>';
if( defined('DBG_ZEND_PRESENT')&&DBG_ZEND_PRESENT==0 ) echo ' || <a href="javascript:toggleDebugLayer();">Show Debugger</a><br>';
}
}
}
unset($script, $skipDebug);
// ====== Debugger related: end ======
// Session expiration related
require_login( !admin_login() && $Action, 'expired=1', true );
// End session exipration related
switch($Action)
{
case "m_save_import_config":
// Set New Import Category
if( GetVar('categorylist', true) !== false )
{
$cat_id = $_POST['categorylist'];
$objSession->SetVariable('categoryid', $cat_id);
if($cat_id > 0)
{
$cat = $objCatList->GetByResource($cat_id);
if(is_object($cat))
{
$navbar = $cat->Get('CachedNavbar');
$objSession->SetVariable('catnavbar', $navbar);
$objSession->SetVariable('import_category_id', $cat->UniqueId() );
}
}elseif($cat_id == 0)
{
global $objConfig;
$objSession->SetVariable('import_category_id', 0);
}
$objSession->SetVariable('categorylist', $_POST['categorylist']);
}
// Set Import Admin Group
if( GetVar('grouplist1', true) )
{
$group_id = $_POST['grouplist1'];
$group = $objGroups->GetItemByField('ResourceId',$group_id);
$objSession->SetVariable('user_admin_names', $group->Get('Name'));
$objSession->SetVariable('user_admin_values', $group->Get('GroupId'));
$objSession->SetVariable('grouplist1', $_POST['grouplist1']);
}
// Set Import User Group
if( GetVar('grouplist2', true) )
{
$group_id = $_POST['grouplist2'];
$group = $objGroups->GetItemByField('ResourceId', $group_id);
$objSession->SetVariable('user_regular_names', $group->Get('Name'));
$objSession->SetVariable('user_regular_values', $group->Get('GroupId'));
$objSession->SetVariable('grouplist2', $_POST['grouplist2']);
}
break;
case "m_add_user":
$dupe_user = '';
//$user_pending = (int)$_POST["user_pending"];
//$user_enabled = (int)$_POST["user_enabled"];
$CreatedOn = DateTimestamp($_POST["user_date"],GetDateFormat(0, true));
$CreatedOn += SecondsSinceMidnight($_POST["user_time"]);
$dob = DateTimestamp($_POST["user_dob"],GetDateFormat(0, true));
$objEditItems = new clsUserManager();
$objEditItems->SourceTable = $objSession->GetEditTable("PortalUser");
if(strlen($_POST["user_login"]))
{
if (strtolower($_POST["user_login"]) == "root")
$id = 1;
else
$id = $objUsers->GetUserId($_POST["user_login"]);
}
else
$dob = 0;
if(!empty($id))
{
$lvErrorString = language('la_error_duplicate_username');
$dupe_user = $_POST["user_login"];
$_POST["user_login"] = '';
}
else
{
$fields_hash = Array( 'Login' => $_POST['user_login'],
'Password' => md5($_POST['password']),
'FirstName' => $_POST['user_firstname'],
'LastName' => $_POST['user_lastname'],
'Company' => $_POST['user_company'],
'Email' => $_POST['user_email'],
'Phone' => $_POST['user_phone'],
'Fax' => $_POST['user_fax'],
'Street' => $_POST['user_street'],
'Street2' => $_POST['user_street2'],
'City' => $_POST['user_city'],
'State' => $_POST['user_state'],
'Country' => $_POST['user_country'],
'Zip' => $_POST['user_zip'],
'Status' => $_POST['status'],
'CreatedOn' => $CreatedOn,
'dob' => $dob
);
$u =& $objEditItems->Add_User_NEW($fields_hash);
$objCustomEdit = new clsCustomDataList(); //$objSession->GetEditTable("CustomMetaData"));
$objCustomEdit->SetTable('edit');
$objCustomEdit->LoadResource($u->Get("ResourceId"));
$CustomFields = new clsCustomFieldList(6);
$DataChanged = FALSE;
foreach($_POST as $key=>$value)
{
if(substr($key,0,1)=="_")
{
$field = substr($key,1);
$cvalue = $CustomFields->GetItemByField("FieldName",$field,FALSE);
if(is_object($cvalue))
{
$objCustomEdit->SetFieldValue($cvalue->Get("CustomFieldId"),$u->Get("ResourceId"),$value);
$DataChanged = TRUE;
}
}
}
if($DataChanged)
$objCustomEdit->SaveData();
$objCustomEdit->SetTable('live');
}
break;
case "m_edit_user":
//$CreatedOn = DateTimestamp($_POST["user_date"],GetDateFormat(0, true));
//$CreatedOn += SecondsSinceMidnight($_POST["user_time"]);
$dob = DateTimestamp($_POST["user_dob"],GetDateFormat(0, true));
$objEditItems = new clsUserManager();
$objEditItems->SourceTable = $objSession->GetEditTable("PortalUser");
//$user_pending = (int)$_POST["user_pending"];
//$user_enabled = (int)$_POST["user_enabled"];
$UserId = (int)$_POST["user_id"];
//echo $UserId."<br>\n";
if (!GetVar('user_login')) {
$dob = 0;
}
$fields_hash = Array( 'Login' => $_POST['user_login'],
'Password' => GetVar('password') ? md5(GetVar('password')) : '',
'FirstName' => $_POST['user_firstname'],
'LastName' => $_POST['user_lastname'],
'Company' => $_POST['user_company'],
'Email' => $_POST['user_email'],
'Street' => $_POST['user_street'],
'Street2' => $_POST['user_street2'],
'City' => $_POST['user_city'],
'State' => $_POST['user_state'],
'Country' => $_POST['user_country'], // note: should issue some conversion from name to ISO code
'Zip' => $_POST['user_zip'],
'Phone' => $_POST['user_phone'],
'Fax' => $_POST['user_fax'],
'Status' => $_POST['status'],
'dob' => $dob,
);
$u =& $objEditItems->Edit_User_NEW($UserId, $fields_hash);
$objCustomEdit = new clsCustomDataList(); //$objSession->GetEditTable("CustomMetaData"));
$objCustomEdit->SetTable('edit');
$DataChanged = false;
$objCustomEdit->LoadResource($u->Get("ResourceId"));
$CustomFields = new clsCustomFieldList(6);
foreach($_POST as $key=>$value)
{
if(substr($key,0,1)=="_")
{
$field = substr($key,1);
$cvalue = $CustomFields->GetItemByField("FieldName",$field,FALSE);
if(is_object($cvalue))
{
//echo "Saving CF: (".$cvalue->Get("CustomFieldId")." ; ".$u->Get("ResourceId")." ; $value)<br>";
$objCustomEdit->SetFieldValue($cvalue->Get("CustomFieldId"),$u->Get("ResourceId"),$value);
$DataChanged = TRUE;
}
}
}
if($DataChanged)
$objCustomEdit->SaveData();
$objCustomEdit->SetTable('live');
break;
case "m_user_primarygroup":
if($ro_perm) break;
$users = explode(',', $_POST["userlist"]);
$GroupResourceId = $_POST['grouplist'];
$g = $objGroups->GetItemByField("ResourceId", $GroupResourceId);
$GroupId = $g->UniqueId();
if( is_array($users) )
foreach($users as $user_id)
{
$u = $objUsers->GetItemByField("ResourceId", $user_id);
$g->AddUser($u->Get("PortalUserId"),1,false);
}
break;
case "m_edit_group":
$objEditItems = new clsGroupList();
$objEditItems->SourceTable = $objSession->GetEditTable("PortalGroup");
$objEditItems->Edit_Group($_POST["group_id"], $_POST["group_name"],$_POST["group_comments"]);
break;
case 'm_group_edit': // when editing user membership in group
$membership_expires = DateTimestamp( $_POST['membership_expires_date'], GetDateFormat(0, true) );
$membership_expires += SecondsSinceMidnight( $_POST['membership_expires_time'] );
$objEditItems = new clsUserGroupList();
$objEditItems->SourceTable = $objSession->GetEditTable('UserGroup');
$objEditItems->Edit_UserGroup($_POST['GroupId'], $_POST['PortalUserId'], $membership_expires);
break;
case "m_add_group":
$objEditItems = new clsGroupList();
$objEditItems->SourceTable = $objSession->GetEditTable("PortalGroup");
$objEditItems->Add_Group($_POST["group_name"], $_POST["group_comments"],0);
break;
case "m_group_sysperm":
if($ro_perm) break;
- if($_POST["GroupEditStatus"]==0)
- {
+ if ($_POST["GroupEditStatus"] == 0) {
$objSession->ResetSysPermCache();
- $GroupId = $_POST["GroupId"];
- if($GroupId)
- {
+ $GroupId = $_POST['GroupId'];
+ if ($GroupId) {
$objEditItems = new clsGroupList();
- $objEditItems->SourceTable = $objSession->GetEditTable("PortalGroup");
- $g = $objEditItems->GetItemByField("ResourceId",$GroupId);
- if(is_object($g))
- {
-
- $PermList = explode(",",$_POST["PermList"]);
- for($i=0;$i<count($PermList);$i++)
- {
- if(@in_array($PermList[$i],$_POST["inherit"]))
- {
+ $objEditItems->SourceTable = $objSession->GetEditTable('PortalGroup');
+ $g = $objEditItems->GetItemByField('ResourceId', $GroupId);
+ if (is_object($g)) {
+ $PermList = explode(',', $_POST['PermList']);
+ $inheritance = GetVar('inherit') ? GetVar('inherit') : Array();
+ $permission_values = GetVar('permvalue') ? GetVar('permvalue') : Array();
+ for($i = 0; $i < count($PermList); $i++) {
+ if (@in_array($PermList[$i], $inheritance)) {
$value = -1;
}
- else
- {
+ else {
$value = 0;
- if(@in_array($PermList[$i],$_POST["permvalue"]))
- $value = 1;
+ if (@in_array($PermList[$i], $permission_values)) {
+ $value = 1;
+ }
}
- $g->SetSystemPermission($PermList[$i],$value);
+
+ $g->SetSystemPermission($PermList[$i], $value);
}
}
}
}
break;
case "m_user_sysperm":
if($ro_perm) break;
if($_POST["UserEditStatus"]==0)
{
$UserId = $_POST["ItemId"];
if($UserId)
{
$objEditItems = new clsUserManager();
$objEditItems->SourceTable = $objSession->GetEditTable("PortalUser");
$u = $objEditItems->GetItemByField("ResourceId",$UserId);
unset($g);
if(is_object($u))
{
$objSession->ResetSysPermCache();
$g = $u->GetPersonalGroup(FALSE);
$PermList = explode(",",$_POST["PermList"]);
for($i=0;$i<count($PermList);$i++)
{
if(!@in_array($PermList[$i],$_POST["inherit"]))
{
if(!is_object($g))
$g = $u->GetPersonalGroup(TRUE);
$value = 0;
if(is_array($_POST["permvalue"]))
{
if(in_array($PermList[$i],$_POST["permvalue"]))
$value =1;
$g->SetSystemPermission($PermList[$i],$value);
}
else {
$g->SetSystemPermission($PermList[$i], 0);
}
}
else
{
if(is_object($g))
$g->SetSystemPermission($PermList[$i],-1);
}
}
}
}
}
break;
case "m_approve_user":
if($ro_perm) break;
foreach($_POST["itemlist"] as $userid)
{
$user = $objUsers->GetItemByField("ResourceId",$userid);
$user->Approve();
}
$objUsers->Clear();
break;
case "m_deny_user":
if($ro_perm) break;
foreach($_POST["itemlist"] as $userid)
{
$user = $objUsers->GetItemByField("ResourceId",$userid);
$user->Deny();
}
$objUsers->Clear();
break;
case "m_delete_user":
if($ro_perm) break;
foreach($_POST["itemlist"] as $userid)
$objUsers->Delete_User($userid);
break;
case "m_delete_group":
if($ro_perm) break;
foreach($_POST["itemlist"] as $groupid)
{
$objGroups->Delete_Group($groupid);
}
break;
case "m_user_assign": // not sure if action is used anywhere
if($ro_perm) break;
$useridlist = implode("-", $userlist);
$objSession->SetUserStatus($useridlist, "g_usergroup_status");
$g_usergroup_status = $useridlist;
break;
case "m_group_assign": // not sure if action is used anywhere
if($ro_perm) break;
foreach($grouplist as $group) $objGroups->Add_Users_To_Group($group);
break;
case "m_remove_group":
if($ro_perm) break;
$adodbConnection = &GetADODBConnection();
$adodbConnection->Execute("DELETE FROM UserGroup where UserId='$UserId' AND GroupId='$GroupId'");
break;
case "m_SetVariable":
$objSession->SetPersistantVariable($_POST["fieldname"], $_POST["varvalue"]);
break;
case "m_SetSessionVariable":
$objSession->SetVariable($_POST["fieldname"], $_POST["varvalue"]);
//echo "Setting $fieldname to $varvalue<br>\n";
if($_POST["fieldname"]=="SearchType")
$objSession->SetVariable("SearchWord","");
break;
case "m_edit_permissions":
if($ro_perm) break;
if($_POST["CatEditStatus"] != -1)
{
$objSession->SetVariable('PermCache_UpdateRequired', 1);
$GroupId = $_POST["GroupId"];
$CatId = $_POST["CategoryId"];
$Module = $_POST["Module"];
$ado = &GetADODBConnection();
$sql = "SELECT * FROM ".GetTablePrefix()."PermissionConfig WHERE ModuleId='$Module'";
$rs = $ado->Execute($sql);
$PermNames = array();
while($rs && !$rs->EOF)
{
$data = $rs->fields;
$PermNames[] = $data["PermissionName"];
$rs->MoveNext();
}
$inherit = array();
if(is_array($_POST["inherit"]))
{
foreach($_POST["inherit"] as $perm)
{
$inherit[$perm] = 1;
}
}
$access = array();
if(is_array($_POST["permvalue"]))
{
foreach($_POST["permvalue"] as $perm)
{
$access[$perm] = 1;
}
}
$objPermList = new clsPermList($CatId,$GroupId);
$objPermList->LoadCategory($CatId);
for($i=0;$i<count($PermNames);$i++)
{
if(!array_key_exists($PermNames[$i],$inherit))
{
$PermValue = (int)$access[$PermNames[$i]];
$Perm = $objPermList->GetPermByName($PermNames[$i]);
if($Perm)
{
$Id = $Perm->Get("PermissionId");
//echo "Editing $Id<br>\n";
$objPermList->Edit_Permission($Id,$CatId,$GroupId,$PermNames[$i],$PermValue,0);
}
else
{
//echo "Adding ".$PermNames[$i];
$objPermList->Add_Permission($CatId,$GroupId,$PermNames[$i],$PermValue,0);
}
}
else
{
$Perm = $objPermList->GetPermByName($PermNames[$i]);
if($Perm)
{
$Id = $Perm->Get("PermissionId");
$objPermList->Delete_Permission($Id);
}
}
}
//$c = $objCatList->GetItem($CatId);
//$glist = $objGroups->GetAllGroupList();
//$ViewList = $objPermList->GetGroupPermList($c,"CATEGORY.VIEW",$glist );
//$c->SetViewPerms("CATEGORY.VIEW",$ViewList,$glist);
//$c->Update();
}
break;
case "m_perm_delete_group":
if($ro_perm) break;
$ado = &GetADODBConnection();
$CatId = $_POST["CategoryId"];
foreach($_POST["itemlist"] as $groupid)
{
$g = $objGroups->GetItemByField("ResourceId",$groupid);
if(is_object($g))
{
$sql = "DELETE FROM ".GetTablePrefix()."Permissions WHERE CatId=$CatId AND GroupId=".$g->Get("GroupId");
if($objSession->HasSystemPermission("DEBUG.LIST"))
echo $sql."<br>\n";
$ado->Execute($sql);
}
}
break;
case "m_user_addto_group":
if($ro_perm) break;
$objSession->SetVariable("HasChanges", 1);
$user = $_POST["UserId"];
if(is_numeric($user))
{
if(strlen($_POST["grouplist"]))
{
$groups = explode(",",$_POST["grouplist"]);
if(is_array($groups))
{
for($i=0; $i<count($groups);$i++)
{
$g = $objGroups->GetItemByField("ResourceId",$groups[$i]);
$g->AddUser($user);
}
}
else
{
$g = $objGroups->GetItem($groups);
$g->AddUser($user);
}
}
}
break;
case "m_group_add_user":
if($ro_perm) break;
$objSession->SetVariable("HasChanges", 1);
$group = $_POST["GroupId"];
$EditGroups = new clsGroupList();
$EditGroups->SourceTable = $objSession->GetEditTable($objGroups->SourceTable);
$g = $EditGroups->GetItem($group);
// echo "Group: $group <br>\n";
if(is_numeric($group))
{
$users = explode(",",$_POST["userlist"]);
foreach($users as $userid)
{
$u = $objUsers->GetItemByField("ResourceId",$userid);
$g->AddUser($u->Get("PortalUserId"));
}
}
break;
case "m_group_removeuser":
if($ro_perm) break;
$objSession->SetVariable("HasChanges", 1);
$group = $_POST["GroupId"];
$g = $objGroups->GetItem($group);
//if($group>0)
//{
foreach($_POST["itemlist"] as $user_id)
{
$u = $objUsers->GetItemByField("ResourceId",$user_id);
$g->DeleteUser($u->Get("PortalUserId"));
}
//}
break;
case "m_user_removegroup":
if($ro_perm) break;
$objSession->SetVariable("HasChanges", 1);
$user = $_POST["UserId"];
//if($user>0)
//{
foreach($_POST["itemlist"] as $groupid)
{
$g = $objGroups->GetItem($groupid);
$g->DeleteUser($user);
}
//}
break;
case "m_sendmail":
if($ro_perm) break;
$idlist = explode(",",$_POST["idlist"]);
$html = (int)$_POST["html_enable"];
$body = inp_escape($_POST["email_body"],$html);
$subject = inp_escape($_POST["email_body"],$html);
$Email = new clsEmailMessage();
$Email->Set("Subject",$subject);
$Email->Set("Template",$body);
if($html)
$Email->Set("MessageType","HTML");
if(count($idlist)>0)
{
switch($_POST["IdType"])
{
case "group":
foreach($idlist as $id)
$Email->SendToGroup($id);
break;
case "user":
foreach($idlist as $id)
$Email->SendToUser($id);
break;
}/*switch*/
}
break;
// not used anywhere
/* case "m_item_recount":
if($ro_perm) break;
RunDown($m_var_list["cat"],"UpdateCacheCounts");
break; */
case "m_cat_delete":
if($ro_perm) break;
if($objSession->HasCatPermission("CATEGORY.DELETE",$objCatList->CurrentCategoryID()))
{
if(isset($_POST["catlist"]))
{
if(is_array($_POST["catlist"]))
foreach($_POST["catlist"] as $catid)
{
$objCatList->Delete_Category($catid);
}
}
}
break;
case "m_cat_cut":
if($ro_perm) break;
if(isset($_POST["catlist"]))
{
if($objSession->HasCatPermission("CATEGORY.DELETE",$catid))
{
$objCatList->CopyToClipboard("CUT","CategoryId",$_POST["catlist"]);
}
else
$objCatList->CopyToClipboard("COPY","CategoryId",$_POST["catlist"]);
}
break;
case "m_cat_copy":
if($ro_perm) break;
if(isset($_POST["catlist"]))
{
$objCatList->CopyToClipboard("COPY","CategoryId",$_POST["catlist"]);
}
break;
case "m_paste":
if($ro_perm) break;
if($objCatList->ItemsOnClipboard()>0)
{
/* category's paste function populates a sparse array where array[old_id]=new_id */
$PastedCatIds = array();
$objCatList->PasteFromClipboard($objCatList->CurrentCategoryID(),"Name");
}
else
{
$clip = $objSession->GetVariable("ClipBoard");
if(strlen($clip))
{
$ClipBoard = ParseClipboard($clip);
$Action= strtolower($ClipBoard["table"])."_paste";
}
}
break;
case "m_cat_move_up":
if($ro_perm) break;
if (isset($_POST["catlist"]))
{
foreach($_POST["catlist"] as $catid)
{
$cat =& $objCatList->GetCategory($catid);
$cat->MoveUp();
}
}
break;
case "m_cat_move_down":
if($ro_perm) break;
if (isset($_POST["catlist"]))
{
$catlist=array_reverse($_POST["catlist"]);
foreach($catlist as $catid)
{
$cat =& $objCatList->GetCategory($catid);
$cat->MoveDown();
}
}
break;
case "m_cat_approve":
if($ro_perm) break;
if (isset($_POST["catlist"]))
{
foreach($_POST["catlist"] as $catid)
{
$cat =& $objCatList->GetCategory($catid);
$cat->Approve();
}
}
break;
case "m_cat_decline":
if($ro_perm) break;
if (isset($_POST["catlist"]))
{
foreach($_POST["catlist"] as $catid)
{
$cat =& $objCatList->GetCategory($catid);
//$cat->Deny();
RunDown($catid,"Deny");
}
}
break;
case "m_rel_delete":
$adodbConnection= &GetADODBConnection();
$table = $objSession->GetEditTable("Relationship");
if(isset($_POST["itemlist"]))
{
if(is_array($_POST["itemlist"]))
{
foreach($_POST["itemlist"] as $id)
{
$sql = "DELETE FROM ".$table." WHERE RelationshipId=".$id;
$adodbConnection->Execute($sql);
if($objSession->HasSystemPermission("DEBUG.LIST"))
echo $sql."<br>\n";
}
}
else
{
$sql = "DELETE FROM ".$table." WHERE RelationshipId=".$_POST["itemlist"];
$adodbConnection->Execute($sql);
if($objSession->HasSystemPermission("DEBUG.LIST"))
echo $sql."<br>\n";
}
}
break;
case "m_add_relation":
$RelList = new clsRelationshipList();
$RelList->SourceTable = $objSession->GetEditTable("Relationship");
//$r = $RelList->Add($_POST["SourceId"],$_POST["SourceType"],$_POST["TargetId"],$_POST["TargetType"],
// 0,(int)$_POST["Enabled"],$_POST["RelType"], $Rel);
$ado = &GetADODBConnection();
$NewId = intval($ado->GetOne('SELECT MIN(RelationshipId) as MinValue FROM '.$RelList->SourceTable));
if($NewId > 0) $NewId = 0;
$NewId--;
$priority = (int)GetVar('priority');
$r = $RelList->Add($_POST["SourceId"],$_POST["SourceType"],$_POST["TargetId"],$_POST["TargetType"],
$priority,(int)$_POST["Enabled"],$_POST["RelType"], $NewId);
$sql = "UPDATE ".$RelList->SourceTable." SET RelationshipId=".$NewId." WHERE RelationshipId=".$r->Get("RelationshipId");
if($objSession->HasSystemPermission("DEBUG.LIST"))
echo $sql."<br>\n";
$ado->Execute($sql);
break;
case "m_edit_relation":
if($_POST["CatEditStatus"]==0)
{
$RelList = new clsRelationshipList();
$RelList->SourceTable = $objSession->GetEditTable("Relationship");
$r = $RelList->GetItem($_POST["RelationshipId"]);
if(is_object($r))
{
$r->Set("Enabled",(int)$_POST["Enabled"]);
$r->Set("Type",(int)$_POST["RelType"]);
$r->Set("Priority",(int)$_POST["priority"]);
$r->Update();
}
}
break;
case "m_rel_move_up":
$objRelList = new clsRelationshipList();
$objRelList->SourceTable = $objSession->GetEditTable("Relationship");
if (isset($_POST["itemlist"]))
{
foreach($_POST["itemlist"] as $id)
{
$r = $objRelList->GetItem($id);
$r->MoveUp($_POST["SourceId"]);
}
}
break;
case "m_rel_move_down":
$objRelList = new clsRelationshipList();
$objRelList->SourceTable = $objSession->GetEditTable("Relationship");
if (isset($_POST["itemlist"]))
{
$itemlist=array_reverse($_POST["itemlist"]);
foreach($itemlist as $id)
{
$r = $objRelList->GetItem($id);
$r->MoveDown($_POST["SourceId"]);
}
}
break;
case "m_add_category":
if (ValidDate($_POST['cat_date'], GetDateFormat(0, true))) {
$CreatedOn = DateTimestamp($_POST['cat_date'],GetDateFormat(0, true));
}
else {
$CreatedOn = adodb_mktime();
}
$html = (int)$_POST["html_enable"];
$cat_pick = GetVar('cat_pick');
$Status = (int)$_POST["status"];
$Hot=(int)$_POST["itemhot"];
$Pop = (int)$_POST["itempop"];
$New = (int)$_POST["itemnew"];
$objEditItems = new clsCatList();
$objEditItems->SourceTable = $objSession->GetEditTable("Category");
$cat = $objEditItems->Add($_POST["ParentId"], $_POST["cat_name"], inp_escape($_POST["cat_desc"],$html), $CreatedOn,
$cat_pick, $Status, $Hot, $New, $Pop, $_POST["Priority"],
$_POST["meta_keywords"],$_POST["meta_desc"], GetVar('auto_filename'), GetVar('filename') );
$objCustomEdit = new clsCustomDataList($objSession->GetEditTable("CustomMetaData"));
$objCustomEdit->LoadResource($cat->Get("ResourceId"));
$CustomFields = new clsCustomFieldList(1);
$DataChanged = FALSE;
foreach($_POST as $key=>$value)
{
if(substr($key,0,1)=="_")
{
$field = substr($key,1);
$cvalue = $CustomFields->GetItemByField("FieldName",$field,FALSE);
if(is_object($cvalue))
{
$objCustomEdit->SetFieldValue($cvalue->Get("CustomFieldId"),$cat->Get("ResourceId"),$value);
$DataChanged = TRUE;
}
}
}
if($DataChanged)
$objCustomEdit->SaveData();
break;
case "m_edit_category":
$CreatedOn = DateTimestamp($_POST["cat_date"],GetDateFormat(0, true));
$cat_pick = GetVar('cat_pick');
$Status = (int)$_POST["status"];
$Hot = false; //(int)$_POST["itemhot"];
$Pop = false; //(int)$_POST["itempop"];
$New = (int)$_POST["itemnew"];
$html = (int)$_POST["html_enable"];
$objEditItems = new clsCatList();
$objEditItems->SourceTable = $objSession->GetEditTable("Category");
// check if name of cat isn't changed: begin
if( GetVar('CategoryId') > 0 )
{
$original_cats = new clsCatList();
$original_cat = $original_cats->GetItemByField('CategoryId', GetVar('CategoryId'));
$match_fields = Array('Name' => 'cat_name', 'Filename' => 'filename');
foreach ($match_fields as $db_field => $submit_field)
{
if( $original_cat->Get($db_field) != stripslashes( GetVar($submit_field) ) )
{
$objSession->SetVariable('PermCache_UpdateRequired', 1);
break;
}
}
unset($original_cat, $original_cats);
}
else
{
$objSession->SetVariable('PermCache_UpdateRequired', 1);
}
// check if name of cat isn't changed: end
$cat = $objEditItems->Edit_Category($_POST["CategoryId"],inp_escape($_POST["cat_name"],$html), inp_escape($_POST["cat_desc"],$html), $CreatedOn, $cat_pick, $Status, $Hot, $New, $Pop, $_POST["Priority"], $_POST["meta_keywords"], $_POST["meta_desc"], GetVar('auto_filename'), GetVar('filename') );
$objCustomEdit = new clsCustomDataList($objSession->GetEditTable("CustomMetaData"));
$objCustomEdit->LoadResource($cat->Get("ResourceId"));
$CustomFields = new clsCustomFieldList(1);
$DataChanged = FALSE;
foreach($_POST as $key=>$value)
{
if(substr($key,0,1)=="_")
{
$field = substr($key,1);
$cvalue = $CustomFields->GetItemByField("FieldName",$field,FALSE);
if(is_object($cvalue))
{
$objCustomEdit->SetFieldValue($cvalue->Get("CustomFieldId"),$cat->Get("ResourceId"),$value);
$DataChanged = TRUE;
}
}
}
if($DataChanged)
$objCustomEdit->SaveData();
break;
case "m_edit_custom_data":
$id = $_POST["ItemId"];
$objCustomEdit = new clsCustomDataList($objSession->GetEditTable("CustomMetaData"));
$objCustomEdit->LoadResource($id);
$CustomFields = new clsCustomFieldList($_POST['CustomType']);
$DataChanged = FALSE;
foreach($_POST as $key=>$value)
{
if(substr($key,0,1)=="_")
{
$field = substr($key,1);
$cvalue = $CustomFields->GetItemByField("FieldName",$field,FALSE);
if(is_object($cvalue))
{
$objCustomEdit->SetFieldValue($cvalue->Get("CustomFieldId"),$id,$value);
$DataChanged = TRUE;
}
}
}
if($DataChanged)
$objCustomEdit->SaveData();
/*
$id = $_POST["ItemId"];
$objEditData = new clsCustomDataList(); //$objSession->GetEditTable("CustomMetaData"));
$objEditData->SetTable('edit');
$ado = &GetADODBConnection();
if($id && is_array($_POST["CustomData"]))
{
foreach($_POST["CustomData"] as $FieldId => $Value)
{
$sql = "SELECT count(*) as reccount FROM ".$objEditData->SourceTable." WHERE CustomFieldId=$FieldId AND ResourceId=".$_POST["ItemId"];
$rs = $ado->Execute($sql);
$intable = $rs->fields["reccount"];
if(!$intable)
{
$sql = "INSERT INTO ".$objEditData->SourceTable." (ResourceId,CustomFieldId,Value) VALUES ('".$id."','$FieldId','$Value')";
$ado->Execute($sql);
//echo $sql."<br>\n";
}
else
{
$sql = "UPDATE ".$objEditData->SourceTable." SET Value='".$Value."' WHERE CustomFieldId=$FieldId AND ResourceId=".$_POST["ItemId"];
$ado->Execute($sql);
//echo $sql."<br>\n";
}
}
}
$objEditData->SetTable('live');
*/
break;
case "m_customfield_edit":
if($ro_perm) break;
$DataType = $_POST["DataType"];
$FieldId = $_POST["CustomFieldId"];
$FieldName = $_POST["fieldname"];
//$FieldLabel = $_POST["fieldlabel"];
if(strlen($FieldName))
{
$objCustomFields = new clsCustomFieldList($DataType);
$objCustomFields->EditField($FieldId,$DataType,$FieldName,"",(int)$_POST["generaltab"],
$_POST["heading"],$_POST["fieldprompt"],$_POST["input_type"],
$_POST["valuelist"]);
}
unset($objCustomFields);
break;
case "m_customfield_add":
if($ro_perm) break;
$DataType = $_POST["DataType"];
$FieldName = $_POST["fieldname"];
//$FieldLabel = $_POST["fieldlabel"];
if(strlen($FieldName))
{
$objCustomFields = new clsCustomFieldList($DataType);
$objCustomFields->AddField($DataType,$FieldName,"",(int)$_POST["generaltab"],
$_POST["heading"],$_POST["fieldprompt"],$_POST["input_type"],
$_POST["valuelist"]);
unset($objCustomFields);
}
break;
case "m_customfield_delete":
if($ro_perm) break;
$DataType = $_POST["DataType"];
$objCustomFields = new clsCustomFieldList($DataType);
foreach($_POST["itemlist"] as $f)
{
$objCustomFields->DeleteField($f);
//$c = $objCustomFields->GetItem($f);
//$c->Delete();
}
unset($objCustomFields);
break;
case "m_SearchConfig_Edit":
if($ro_perm) break;
$SimpleValues = $_POST["simple"];
$AdvValues = $_POST["advanced"];
$module = $_POST["module"];
$priority = $_POST["pri"];
//phpinfo(INFO_VARIABLES);
$objSearchConfig = new clsSearchConfigList($module);
foreach($objSearchConfig->Items as $i)
{
$id = $i->Get("SearchConfigId");
$objSearchConfig->EditFieldSettings($id,(int)$SimpleValues[$id],(int)$AdvValues[$id],$priority[$id]);
}
$objSearchConfig->Clear();
/* save relevence settings */
$vals = $_POST["req_increase"];
foreach($vals as $var=>$value)
{
$cfg = "SearchRel_Increase_".$var;
$objConfig->Set($cfg,$value);
}
$vals = $_POST["rel_keyword"];
foreach($vals as $var=>$value)
{
$cfg = "SearchRel_Keyword_".$var;
$objConfig->Set($cfg,$value);
}
$vals = $_POST["rel_pop"];
foreach($vals as $var=>$value)
{
$cfg = "SearchRel_Pop_".$var;
$objConfig->Set($cfg,$value);
}
$vals = $_POST["rel_rating"];
foreach($vals as $var=>$value)
{
$cfg = "SearchRel_Rating_".$var;
$objConfig->Set($cfg,$value);
}
$vals = $_POST["multiple"];
if (count($vals) > 0) {
foreach($vals as $var=>$value)
{
$cfg = "Search_ShowMultiple_".$var;
$objConfig->Set($cfg,$value);
}
}
else {
$cfg = "Search_ShowMultiple_".$_POST['cfg_var'];
$objConfig->Set($cfg, 0);
}
if (isset($_POST['minkeyword'])) {
$objConfig->Set("Search_MinKeyword_Length", $_POST['minkeyword']);
}
$objConfig->Save();
break;
case "m_keyword_reset":
if($ro_perm) break;
$objSearchList = new clsSearchLogList();
foreach($_POST["itemlist"] as $k)
{
$c = $objSearchList->GetItem($k);
$c->Delete();
}
break;
case 'm_clear_searchlog':
$objSearchList = new clsSearchLogList();
$db =& GetADODBConnection();
$db->Execute('DELETE FROM '.$objSearchList->SourceTable );
break;
case "m_review_add":
$post_info = GetSubmitVariable($_POST, 'EditStatus');
if($post_info['variable'] > -1)
{
$objReviews = new clsItemReviewList();
$objReviews->SourceTable = $objSession->GetEditTable("ItemReview");
$Pending = (int)$_POST["review_pending"];
$Enabled = (int)$_POST["review_enabled"];
$Status = (int)$_POST["status"];
$CreatedOn = DateTimestamp($_POST["review_date"],GetDateFormat(0, true));
$CreatedOn += SecondsSinceMidnight($_POST["review_time"]);
$html = (int)$_POST["html_enable"];
$ReviewText = inp_escape($_POST["review_body"],1);
$CreatedById = 0;
if(strlen($_POST["createdby"])>0)
{
if(strtolower($_POST["createdby"])=="root")
{
$CreatedById = -1;
}
else
{
$u = $objUsers->GetItemByField("Login",$_POST["createdby"]);
if(is_object($u))
{
$CreatedById = $u->Get("PortalUserId");
if($CreatedById<1)
{
$CreatedById = $objSession->Get("PortalUserId");
}
}
else
$CreatedById = $objSession->Get("PortalUserId");
}
}
else
$CreatedById = $objSession->Get("PortalUserId");
$r = $objReviews->AddReview($CreatedOn,$ReviewText,$Status, $IPAddress,
(int)$_POST["review_priority"], $_POST["ItemId"],$_POST["ItemType"],
$CreatedById,$html, $post_info['Module']);
$ado = &GetADODBConnection();
$rs = $ado->Execute("SELECT MIN(ReviewId) as MinValue FROM ".$objReviews->SourceTable);
$NewId = $rs->fields["MinValue"]-1;
$sql = "UPDATE ".$objReviews->SourceTable." SET ReviewId=".$NewId." WHERE ReviewId=".(int)$r->Get("ReviewId");
if($objSession->HasSystemPermission("DEBUG.LIST"))
echo $sql."<br>\n";
$ado->Execute($sql);
}
break;
case "m_review_edit":
case 'm_review_direct_edit';
$post_info = GetSubmitVariable($_POST, 'EditStatus');
if($post_info['variable'] > -1)
{
$objReviews = new clsItemReviewList();
$objReviews->SourceTable = $objSession->GetEditTable("ItemReview");
$Status = (int)$_POST["status"];
$CreatedOn = DateTimestamp($_POST["review_date"],GetDateFormat(0, true));
$CreatedOn += SecondsSinceMidnight($_POST["review_time"]);
$html = (int)$_POST["html_enable"];
$ReviewText = inp_escape($_POST["review_body"],1);
$ReviewId = $_POST["ReviewId"];
$CreatedById = 0;
if(strlen($_POST["createdby"])>0)
{
if(strtolower($_POST["createdby"])=="root")
{
$CreatedById = -1;
}
else
{
$u = $objUsers->GetItemByField("Login",$_POST["createdby"]);
if(is_object($u))
{
$CreatedById = $u->Get("PortalUserId");
if($CreatedById<1)
{
$CreatedById = $objSession->Get("PortalUserId");
}
}
else
$CreatedById = $objSession->Get("PortalUserId");
}
}
$r = $objReviews->EditReview($ReviewId,$CreatedOn,$ReviewText,$Status, $IPAddress,
(int)$_POST["review_priority"],$_POST["ItemId"],$_POST["ItemType"],
$CreatedById,$html);
}
break;
case "m_review_delete":
$objReviews = new clsItemReviewList();
$objReviews->SourceTable = $objSession->GetEditTable("ItemReview");
foreach($_POST["itemlist"] as $id)
{
$objReviews->DeleteReview($id);
}
break;
case 'm_review_direct_delete':
$objReviews = new clsItemReviewList();
foreach($_POST['reviewlist'] as $id)
{
$objReviews->DeleteReview($id);
}
break;
case "m_review_approve":
if (isset($_POST["itemlist"]))
{
$objReviews = new clsItemReviewList();
$objReviews->SourceTable = $objSession->GetEditTable("ItemReview");
foreach($_POST["itemlist"] as $id)
{
$i = $objReviews->GetItem($id);
$i->Set("Status",1);
$i->Update();
}
}
break;
case 'm_review_direct_approve':
if(isset($_POST["reviewlist"]))
{
$objReviews = new clsItemReviewList();
foreach($_POST["reviewlist"] as $id)
{
$i = $objReviews->GetItem($id);
$i->Set("Status",1);
$i->Update();
}
}
break;
case "m_review_deny":
if (isset($_POST["itemlist"]))
{
$objReviews = new clsItemReviewList();
$objReviews->SourceTable = $objSession->GetEditTable("ItemReview");
foreach($_POST["itemlist"] as $id)
{
$i = $objReviews->GetItem($id);
$i->Set("Status",0);
$i->Update();
}
}
break;
case 'm_review_direct_decline':
if (isset($_POST["reviewlist"]))
{
$objReviews = new clsItemReviewList();
foreach($_POST["reviewlist"] as $id)
{
$i = $objReviews->GetItem($id);
$i->Set("Status",0);
$i->Update();
}
}
break;
case "m_review_move_up":
if (isset($_POST["itemlist"]))
{
$objReviews = new clsItemReviewList();
$objReviews->SourceTable = $objSession->GetEditTable("ItemReview");
foreach($_POST["itemlist"] as $id)
{
$i = $objReviews->GetItem($id);
$i->MoveUp();
}
}
break;
case "m_review_move_down":
if (isset($_POST["itemlist"]))
{
$objReviews = new clsItemReviewList();
$objReviews->SourceTable = $objSession->GetEditTable("ItemReview");
$itemlist=array_reverse($_POST["itemlist"]);
foreach($itemlist as $id)
{
$i = $objReviews->GetItem($id);
$i->MoveDown();
}
}
break;
case 'm_themes_rescan':
$objThemes->CreateMissingThemes();
if (!$objThemes->Items)
{
$objThemes->Query_Item('SELECT * FROM '.$objThemes->SourceTable);
}
$keys = array_keys($objThemes->Items);
foreach ($keys as $theme_index)
{
$theme =& $objThemes->Items[$theme_index];
$theme->VerifyTemplates();
}
break;
case "m_theme_add":
$ado = &GetADODBConnection();
$rs = $ado->Execute("SELECT COUNT(*) as c FROM ".GetTablePrefix().'Theme WHERE Name="'.$_POST["name"].'"');
if(!$rs->fields["c"])
{
$objEditItems = new clsThemeList();
$objEditItems->SourceTable = $objSession->GetEditTable("Theme");
$Primary = (int)$_POST["primary"];
if(!(int)$_POST["enabled"])
$Primary = 0;
$t = $objEditItems->AddTheme($_POST["name"],$_POST["description"],(int)$_POST["enabled"],$Primary,
(int)$_POST["CacheTimeout"],GetVar('StylesheetId'));
$t->Files->ThemeId=$t->Get("ThemeId");
$rs = $ado->Execute("SELECT MIN(ThemeId) as MinValue FROM ".$objEditItems->SourceTable);
$NewId = $rs->fields["MinValue"]-1;
$sql = "UPDATE ".$objEditItems->SourceTable." SET ThemeId=".$NewId." WHERE ThemeId=".$t->Get("ThemeId");
if($objSession->HasSystemPermission("DEBUG.LIST"))
echo $sql."<br>\n";
$ado->Execute($sql);
// $t->Files->FindMissingFiles(strtolower($t->Get('name')));
}
break;
case "m_theme_edit":
$objEditItems = new clsThemeList();
$objEditItems->SourceTable = $objSession->GetEditTable("Theme");
$Primary = (int)$_POST["primary"];
if(!(int)$_POST["enabled"])
$Primary = 0;
$objEditItems->EditTheme($_POST["ThemeId"],$_POST["name"],$_POST["description"],
(int)$_POST["enabled"],$Primary,(int)$_POST["CacheTimeout"], GetVar('StylesheetId'));
// if ($Primary==1)
// {
// $objEditItems->SetPrimaryTheme($_POST["ThemeId"]);
// }
break;
case "m_theme_delete":
if($ro_perm) break;
if (isset($_POST["itemlist"]))
{
$Themes = new clsThemeList();
foreach($_POST["itemlist"] as $id)
{
$deleting_primary = (!$Themes->DeleteTheme($id));
}
}
break;
case "m_theme_primary":
if($ro_perm) break;
if( count($_POST['itemlist']) )
{
$ThemeId = array_shift( $_POST['itemlist'] );
$t = new clsThemeList();
$t->SetPrimaryTheme($ThemeId);
}
break;
case "m_template_edit":
if($ro_perm) break;
$objSession->SetVariable("HasChanges", 1);
$ThemeId = $_POST["ThemeId"];
$FileId = $_POST["FileId"];
$f = new clsThemeFile($FileId);
$f->Set("Description", $_POST["Description"] );
$f->Update();
$c = stripslashes($_POST["contents"]);
$f->SaveFileContents($c);
break;
case "m_template_add":
if($ro_perm) break;
$objSession->SetVariable("HasChanges", 1);
$ThemeId = $_POST["ThemeId"];
if( !is_object($f) ) $f = new clsThemeFile();
$FilePath = $_POST['name'];
if(!$FilePath)
{
$f->SetError('Template Name is required',3);
break;
}
else
{
if( substr($FilePath,1) != '/' ) $FilePath = '/'.$FilePath;
if( substr($FilePath,-3) != '.tpl' ) $FilePath .= '.tpl';
$FileName = basename($FilePath);
$FilePath = dirname($FilePath);
// test if such file not already created
$f->LoadFromDataBase( Array($FilePath,$FileName), Array('FilePath','FileName') );
if( !$f->Get('FileId') )
{
$f->Set( Array('FilePath','FileName','ThemeId', 'Description'),
Array($FilePath, $FileName,$_POST['ThemeId'], $_POST["Description"])
);
if( $f->IsWriteablePath(true) )
{
$f->Create();
$c = stripslashes($_POST["contents"]);
$f->SaveFileContents($c, true);
}
}
else
$f->SetError('Template with this name already exists',4);
}
break;
case "m_template_delete":
if($ro_perm) break;
$objSession->SetVariable("HasChanges", 1);
$dummy = new clsThemeFile();
foreach($_POST["itemlist"] as $FileId)
{
$dummy->LoadFromDatabase($FileId);
$dummy->Delete();
}
break;
case "m_lang_add":
$ado = &GetADODBConnection();
$objEditItems = new clsLanguageList();
$objEditItems->SourceTable = $objSession->GetEditTable("Language");
$l = $objEditItems->AddLanguage($_POST["packname"],$_POST["localname"],
(int)$_POST["enabled"],(int)$_POST["primary"],
$_POST["icon"],$_POST["date_format"],$_POST["time_format"],
$_POST["decimal"],$_POST["thousand"],$_POST['charset']);
$rs = $ado->Execute("SELECT MIN(LanguageId) as MinValue FROM ".$objEditItems->SourceTable);
$NewId = $rs->fields["MinValue"]-1;
$sql = "UPDATE ".$objEditItems->SourceTable." SET LanguageId=".$NewId." WHERE LanguageId=".$l->Get("LanguageId");
if($objSession->HasSystemPermission("DEBUG.LIST"))
echo $sql."<br>\n";
$ado->Execute($sql);
if($_POST["importlabels"]==1 && $_POST["srcpack"]>0)
{
// Phrase import
/*
$sql = "SELECT * FROM ".GetTablePrefix()."Phrase WHERE LanguageId=".$_POST["srcpack"];
if($objSession->HasSystemPermission("DEBUG.LIST"))
echo $sql."<br>\n";
$rs = $ado->Execute($sql);
$plist = new clsPhraseList();
$plist->SourceTable = $objSession->GetEditTable("Phrase");
$sql = "SELECT MIN(PhraseId) as MinId FROM ".$plist->SourceTable;
$as = $ado->Execute($sql);
if($as && !$as->EOF)
{
$MinId = (int)$as->fields["MinId"];
}
else
$MinId = 0;
$MinId--;
while($rs && !$rs->EOF)
{
$data = $rs->fields;
$plist->AddPhrase($data["Phrase"],$NewId,$data["Translation"],$data["PhraseType"]);
$sql = "UPDATE ".$plist->SourceTable." SET PhraseId=$MinId WHERE PhraseId=0 LIMIT 1";
$ado->Execute($sql);
$MinId--;
$rs->MoveNext();
}
*/
$sql='INSERT INTO '.$objSession->GetEditTable('Phrase').' SELECT Phrase, Translation, PhraseType, 0-PhraseId, '.$NewId.' FROM '.GetTablePrefix().'Phrase WHERE LanguageId='.$_POST['srcpack'];
$ado->Execute($sql);
// Events import
$sql = "SELECT * FROM ".GetTablePrefix()."EmailMessage WHERE LanguageId=".$_POST["srcpack"];
if($objSession->HasSystemPermission("DEBUG.LIST"))
echo $sql."<br>\n";
$rs = $ado->Execute($sql);
$eList = new clsEmailMessageList();
//$eList->SourceTable = $objSession->GetEditTable("EmailMessage");
if (!$l->TableExists($objSession->GetEditTable("EmailMessage"))) {
$eList->CreateEmptyEditTable("EmailMessageId", true);
$eList->SourceTable = $objSession->GetEditTable("EmailMessage");
}
else {
$eList->SourceTable = $objSession->GetEditTable("EmailMessage");
}
$sql = "SELECT MIN(EmailMessageId) as MinId FROM ".$eList->SourceTable;
$as = $ado->Execute($sql);
if($as && !$as->EOF)
{
$MinId = (int)$as->fields["MinId"];
}
else {
$MinId = 0;
}
$MinId--;
while($rs && !$rs->EOF)
{
$data = $rs->fields;
$eList->AddEmailEvent($data["Template"], $data["MessageType"], $NewId, $data["EventId"]);
$sql = "UPDATE ".$eList->SourceTable." SET EmailMessageId=$MinId WHERE EmailMessageId=0 LIMIT 1";
$ado->Execute($sql);
$MinId--;
$rs->MoveNext();
}
}
break;
case "m_lang_export":
if($ro_perm) break;
include_once($pathtoroot."kernel/include/xml.php");
$Ids = $_POST["LangList"]; // language ids list to export phrases from
$phrase_types = GetVar('langtypes');
$phrase_types = ($phrase_types !== false) ? implode(',',$phrase_types) : null;
$filename=$_POST["filename"];
if(strlen($filename)>0)
{
$ExportFilename = $pathtoroot.$admin."/export/".$filename;
$ExportResult = $objLanguages->ExportPhrases($ExportFilename,$Ids, $phrase_types);
}
break;
case "m_lang_edit":
$ado = &GetADODBConnection();
$objEditItems = new clsLanguageList();
$objEditItems->SourceTable = $objSession->GetEditTable("Language");
$objEditItems->EditLanguage($_POST["LanguageId"],$_POST["packname"],
$_POST["localname"],(int)GetVar('enabled'),
(int)GetVar('primary'), $_POST["icon"],$_POST["date_format"],
$_POST["time_format"], $_POST["decimal"],$_POST["thousand"],
$_POST['charset']);
if( GetVar('importlabels') && $_POST["srcpack"]>0)
{
$rs = $ado->Execute("SELECT * FROM ".GetTablePrefix()."Phrase WHERE LanguageId=".$_POST["srcpack"]);
$plist = new clsPhraseList();
$plist->SourceTable = $objSession->GetEditTable("Phrase");
$sql = "SELECT MIN(PhraseId) as MinId FROM ".$plist->SourceTable;
$as = $ado->Execute($sql);
if($as && !$as->EOF)
{
$MinId = (int)$as->fields["MinId"];
}
else
$MinId = 0;
$MinId--;
while($rs && !$rs->EOF)
{
$data = $rs->fields;
$plist->AddPhrase($data["Phrase"],$_POST["LanguageId"],$data["Translation"],$data["PhraseType"]);
$sql = "UPDATE ".$plist->SourceTable." SET PhraseId=$MinId WHERE PhraseId=0 LIMIT 1";
$ado->Execute($sql);
$MinId--;
$rs->MoveNext();
}
unset($plist);
// Events import
$sql = "SELECT * FROM ".GetTablePrefix()."EmailMessage WHERE LanguageId=".$_POST["srcpack"];
if($objSession->HasSystemPermission("DEBUG.LIST"))
echo $sql."<br>\n";
$rs = $ado->Execute($sql);
$eList = new clsEmailMessageList();
//$eList->SourceTable = $objSession->GetEditTable("EmailMessage");
$l = new clsEmailMessage();
if (!$l->TableExists($objSession->GetEditTable("EmailMessage"))) {
$eList->CreateEmptyEditTable("EmailMessageId", true);
$eList->SourceTable = $objSession->GetEditTable("EmailMessage");
}
else {
$eList->SourceTable = $objSession->GetEditTable("EmailMessage");
}
$sql = "SELECT MIN(EmailMessageId) as MinId FROM ".$eList->SourceTable;
$as = $ado->Execute($sql);
if($as && !$as->EOF)
{
$MinId = (int)$as->fields["MinId"];
}
else {
$MinId = 0;
}
$MinId--;
while($rs && !$rs->EOF)
{
$data = $rs->fields;
$eList->AddEmailEvent($data["Template"], $data["MessageType"], $_POST["LanguageId"], $data["EventId"]);
$sql = "UPDATE ".$eList->SourceTable." SET EmailMessageId=$MinId WHERE EmailMessageId=0 LIMIT 1";
$ado->Execute($sql);
$MinId--;
$rs->MoveNext();
}
unset($eList);
}
break;
case "m_lang_delete":
if($ro_perm) break;
if (isset($_POST["itemlist"]))
{
$Phrases = new clsPhraseList();
$Messages = new clsEmailMessageList();
foreach($_POST["itemlist"] as $id)
{
$objLanguages->DeleteLanguage($id);
$Phrases->DeleteLanguage($id);
$Messages->DeleteLanguage($id);
}
unset($Phrases);
unset($Messages);
}
break;
case "m_lang_select":
if($ro_perm) break;
$LangId = (int)$_POST["langselect"];
if($LangId)
{
if($objSession->Get("PortalUserId")>0)
{
//echo "$LangId";
$objSession->SetPersistantVariable("Language",$LangId);
}
$objSession->Set("Language",$LangId);
$objSession->Update();
$m_var_list_update["lang"] = $LangId;
$m_var_list["lang"] = $LangId;
}
break;
case "m_phrase_edit":
if( !GetVar('direct') ) $objSession->SetVariable("HasChanges", 1);
$objPhraseList = new clsPhraseList();
if((int)$_POST["direct"] != 1)
$objPhraseList->SourceTable = $objSession->GetEditTable("Phrase");
$Phrases = $_POST["name"];
foreach($Phrases as $PhraseId =>$name)
{
if($PhraseId>0)
{
$objPhraseList->EditPhrase($PhraseId,$_POST["name"][$PhraseId],$_POST["LanguageId"],$_POST["translation"][$PhraseId],$_POST["phrasetype"][$PhraseId]);
}
}
if(strlen($_POST["name"][0]) && strlen($_POST["translation"][0]) && $_POST['Action1'] == "new")
{
$r = $objPhraseList->AddPhrase($_POST["name"][0],$_POST["LanguageId"],$_POST["translation"][0],$_POST["phrasetype"][0]);
if ($r != "Error") {
$ado = &GetADODBConnection();
$rs = $ado->Execute("SELECT MIN(PhraseId) as MinValue FROM ".$objPhraseList->SourceTable);
$NewId = $rs->fields["MinValue"]-1;
$sql = "UPDATE ".$objPhraseList->SourceTable." SET PhraseId=".$NewId." WHERE PhraseId=$PhraseId";
if($objSession->HasSystemPermission("DEBUG.LIST"))
echo $sql."<br>\n";
$ado->Execute($sql);
}
else {
$add_error = "Language tag with the same name already exists!";
}
}
else if ($_POST['Action1'] == "new") {
$add_error = "Fields name and translation are required!";
}
unset($objPhraseList);
break;
case "m_config_missing_phrase":
if($ro_perm) break;
$LangId = $_POST["LangId"];
$ThemeId = $_POST["ThemeId"];
if(is_array($_POST["Phrase"]))
{
$objPhraseList = new clsPhraseList();
$objPhraseList->SourceTable = $objSession->GetSessionKey()."_".$ThemeId."_labels";
foreach($_POST["Phrase"] as $p => $value)
{
if(strlen($value))
{
$obj = $objPhraseList->GetItemByField("Phrase",$p,TRUE);
if(is_object($obj))
{
if($obj->Get("Phrase")==$p)
{
$obj->Set("Translation",$value);
$obj->Update();
}
else
$objPhraseList->AddPhrase($p,$LangId,$value,1);
}
else
$objPhraseList->AddPhrase($p,$LangId,$value,1);
}
}
}
break;
case "m_phrase_delete":
$objSession->SetVariable("HasChanges", 1);
if (isset($_POST["itemlist"]))
{
foreach($_POST["itemlist"] as $id)
{
$sql = "UPDATE ".$objSession->GetEditTable("Phrase")." SET LanguageId = 0 WHERE PhraseId = ".$id;
$ado = &GetADODBConnection();
$ado->Execute($sql);
}
}
unset($objPhraseList);
break;
case "m_emailevent_disable":
if($ro_perm) break;
$objEvents = new clsEventList();
if (isset($_POST["itemlist"]))
{
foreach($_POST["itemlist"] as $id)
{
$m =& $objEvents->GetItem($id);
$m->Set("Enabled",0);
$m->Update();
}
}
unset($objEvents);
break;
case "m_emailevent_enable":
if($ro_perm) break;
$objEvents = new clsEventList();
if (isset($_POST["itemlist"]))
{
foreach($_POST["itemlist"] as $id)
{
$m =& $objEvents->GetItem($id);
$m->Set("Enabled",1);
$m->Update();
}
}
unset($objEvents);
break;
case "m_emailevent_frontonly":
if($ro_perm) break;
$objEvents = new clsEventList();
if (isset($_POST["itemlist"]))
{
foreach($_POST["itemlist"] as $id)
{
$m =& $objEvents->GetItem($id);
$m->Set("Enabled",2);
$m->Update();
}
}
unset($objEvents);
break;
case "m_dlid":
echo $Action.":".$DownloadId;
die();
break;
case "m_emailevent_user":
if($ro_perm) break;
$objEvents = new clsEventList();
//phpinfo(INFO_VARIABLES);
//$objEvents->SourceTable = $objSession->GetEditTable("Events");
$ids = $_POST["EventId"];
$ids = str_replace("[","",$ids);
$ids = str_replace("]","",$ids);
$ids = str_replace("\"","",$ids);
$ids = str_replace("\\","",$ids);
$idlist = explode(",",$ids);
foreach($idlist as $EventId)
{
$id = (int)stripslashes($EventId);
$e =& $objEvents->GetItem((int)$EventId);
$e->Set("FromUserId", $_POST["FromUserId"]);
$e->Update();
}
$objEvents->Clear();
unset($objEvents);
break;
case "m_emailevent_edit":
$Template = $_POST["headers"];
if(strlen($Template))
{
$Template .= "\n";
}
$Template = str_replace("\n\n","",$Template);
$Template .= "Subject: "._unhtmlentities($_POST['subject'])."\n\n";
$Template .= $_POST["messageBody"];
$objMessages = new clsEmailMessageList();
$objMessages->SourceTable = $objSession->GetEditTable("EmailMessage");
$m =& $objMessages->GetItem($_POST["MessageId"]);
if(is_object($m))
{
if($_POST["sendhtml"]==1)
{
$m->Set("MessageType","html");
}
else
$m->Set("MessageType","text");
$m->Set("Template",$Template);
$m->Update();
}
break;
case "m_config_edit":
//phpinfo(INFO_VARIABLES);
if($ro_perm) break;
$objAdmin = new clsConfigAdmin();
$objAdmin->module = $_POST["module"];
$objAdmin->section = $_POST["section"];
if($objAdmin->section=="in-portal:configure_users")
{
if(strlen($_POST["RootPass"]) && strlen($_POST["RootPassVerify"]))
{
if($_POST["RootPass"]==$_POST["RootPassVerify"])
{
$_POST["RootPass"] = md5($_POST["RootPass"]);
}
}
else
{
$_POST["RootPass"] = $objConfig->Get("RootPass");
$_POST["RootPassVerify"] = $objConfig->Get("RootPassVerify");
}
}
$objAdmin->LoadItems(FALSE);
$objAdmin->SaveItems($_POST);
break;
case "m_mod_enable":
if($ro_perm) break;
if (isset($_POST["itemlist"]))
{
foreach($_POST["itemlist"] as $id)
{
$m =& $objModules->GetItemByField("Name",$id);
if(is_object($m))
{
$m->Set("Loaded",1);
$m->Update();
}
}
$_GET["Refresh"] = 1;
}
break;
case "m_mod_disable":
if($ro_perm) break;
if (isset($_POST["itemlist"]))
{
foreach($_POST["itemlist"] as $id)
{
if($id != "In-Portal")
{
$m =& $objModules->GetItemByField("Name",$id);
if(is_object($m))
{
$m->Set("Loaded",0);
$m->Update();
}
}
}
$_GET["Refresh"] = 1;
}
break;
case "m_img_add":
$objImageList = new clsImageList();
$objImageList->SourceTable = $objSession->GetEditTable("Images");
$LocalImage=0;
$LocalThumb=0;
$DestDir = "kernel/images/";
$UserThumbSource = (int)$_POST["imgLocalThumb"];
$LocalThumb = $UserThumbSource;
$thumb_url = !$LocalThumb? $_POST["imgThumbUrl"] : "";
if($_POST["imgSameImages"])
{
$LocalImage = $LocalThumb;
$full_url = $thumb_url;
}
else
{
$LocalImage = (int)$_POST["imgLocalFull"];
$file = $_FILES["imgFullFile"];
$full_url = $LocalImage? "" : $_POST["imgFullUrl"];
}
if((!strlen($thumb_url) && !$LocalThumb) || (!strlen($full_url) && !$LocalImage))
{
break;
}
$ado = &GetADODBConnection();
$NewId = $ado->GetOne('SELECT MIN(ImageId) as MinValue FROM '.$objImageList->SourceTable);
if($NewId > 0) $NewId = 0;
$NewId--;
$img = $objImageList->Add($_POST["imgName"], $_POST["imgAlt"], $_POST["ResourceId"], $LocalImage, $LocalThumb, $full_url, $thumb_url, (int)$_POST["imgEnabled"], 0, (int)$_POST["imgDefault"], 0,(int)$_POST["imgSameImages"], $NewId);
$img->Set("ImageId", $NewId);
// $img->debuglevel=1;
/*
$sql = "UPDATE ".$objImageList->SourceTable." SET ImageId=".$NewId." WHERE ImageId=0";
$ado->Execute($sql);
// $img->Update();
*/
// echo "SL: $sql $NewId<BR>";
// $img->debuglevel=1;
$img->Pending=false;
if($LocalImage)
{
$file = $_FILES["imgFullFile"];
if(is_array($file))
{
if($file["size"]>0)
{
$img->Set("LocalPath",$img->StoreUploadedImage($file,1, $DestDir,0));
$uploaded=1;
}
}
}
if($LocalThumb)
{
$thumb = $_FILES["imgThumbFile"];
if(is_array($thumb))
{
if($thumb["size"]>0)
{
$img->Set("ThumbPath",$img->StoreUploadedImage($thumb,1, $DestDir,1));
$uploaded=1;
}
}
}
if($uploaded==1)
$img->Update();
break;
case "m_img_edit":
$objImageList = new clsImageList();
$objImageList->SourceTable = $objSession->GetEditTable("Images");
// $img->debuglevel=1;
$img = $objImageList->GetItem($_POST["ImageId"]);
## Get original values
$LocalImage = $img->Get("LocalImage");
$LocalThumb = $img->Get("LocalThumb");
$SameImages = $img->Get("SameImages");
$ThumbPath = $img->Get("ThumbPath");
## New values
$LocalThumbN = (int)$_POST["imgLocalThumb"];
$LocalImageN = (int)$_POST["imgLocalFull"];
$FULLFile = $_FILES["imgFullFile"];
$THFile = $_FILES["imgThumbFile"];
$DestDir = "kernel/images/";
$img->Pending = FALSE;
$SameImagesN = 0;
$uploaded = 0;
## Images were the same, but not any more
if ($SameImages && !$_POST["imgSameImages"])
{
## TH was a local file
if ($LocalThumb)
{
## TH image
{
## Try to Delete OLD FULL
$img->DeleteLocalImage(FALSE, TRUE);
## FULL image select, but field EMPTY - make a copy of old TH as FULL
if ($LocalImageN && !(int)$FULLFile["size"])
{
// echo $pathToPending = $img->GetImageDir();
if (!eregi("pending/$", $pathToPending))
$pathToPending.= "pending/";
$LocalThumb_File = $img->GetFileName(1);
// echo "<b>CAN'T FIND FILE:</b> ".$pathToPending.$LocalThumb_File."<BR>";
if (file_exists($pathToPending.$LocalThumb_File))
{
$LocalThumb_FileN = eregi_replace("^th_", "", $LocalThumb_File);
$LocalThumb_FullFileN = $pathToPending.$LocalThumb_FileN;
@unlink($LocalThumb_FullFileN);
@copy($pathToPending.$LocalThumb_File, $LocalThumb_FullFileN);
$uploaded = 1;
$copied = 1;
// echo "COPING: ".$DestDir."pending/".$LocalThumb_FileN." <BR>";
}
else
{
// echo "CAN'T FIND FILE: ".$pathToPending.$LocalThumb_File."<BR>";
}
}
## Upload new FULL image
elseif ($LocalImageN && (int)$FULLFile['size'])
{
$FULL_FileToUpload = $FULLFile;
$FULL_URL = "";
// echo " Upload new FULL image";
}
## Full is URL
elseif (!$LocalImageN)
{
$img->DeleteLocalImage(FALSE, TRUE);
$FULL_URL = $_POST['imgFullUrl'];
$FULL_FileToUpload = "";
}
else
{
// echo " ## Unknow condition";
}
## Take care of Thumbnail here
if ($LocalThumbN)
{
## Delete old if NEW TH image selected
if ((int)$THFile['size'])
{
$img->DeleteLocalImage(TRUE, FALSE);
$TH_FileToUpload = $THFile;
}
else
$TH_FileToUpload = "";
}
else
{
$img->DeleteLocalImage(TRUE, FALSE);
$TH_FileToUpload = "";
$TH_URL = $_POST['imgThumbUrl'];
}
}
}
## TH was URL
else
{
## Take care of FULL image here
if ($LocalImageN && (int)$FULLFile["size"])
{
$FULL_FileToUpload = $FULLFile;
$FULL_URL = "";
}
## Full is URL (or image size 0)
else
{
$FULL_FileToUpload = "";
$FULL_URL = $_POST['imgFullUrl'];
}
## Take care of Thumbnail here
if ($LocalThumbN)
{
$TH_FileToUpload = (int)$THFile['size']? $THFile : "";
$TH_URL = "";
}
else
{
$TH_FileToUpload = "";
$TH_URL = $_POST['imgThumbUrl'];
}
}
}
## Images were the same, and still the same
elseif ($SameImages && $_POST['imgSameImages'])
{
## Take care of Thumbnail & FULL here
if ($LocalThumbN)
{
if ((int)$THFile['size'])
{
$img->DeleteLocalImage(TRUE, FALSE);
$TH_FileToUpload = $THFile;
}
else
$TH_FileToUpload = "";
$FULL_URL = $TH_URL = "";
}
else
{
$TH_FileToUpload = $FULL_FileToUpload = "";
$FULL_URL = $TH_URL = $_POST['imgThumbUrl'];
}
## Delete old FULL image
$img->DeleteLocalImage(FALSE,TRUE);
$SameImagesN = 1;
}
## Images were NOT the same, and selected as the same now
elseif (!$SameImages && $_POST["imgSameImages"])
{
## Take care of Thumbnail & FULL here
if ($LocalThumbN)
{
if ((int)$THFile['size'])
{
$img->DeleteLocalImage(TRUE, FALSE);
$TH_FileToUpload = $THFile;
}
else
$TH_FileToUpload = "";
$FULL_URL = $TH_URL = "";
}
else
{
$img->DeleteLocalImage(TRUE, FALSE);
$TH_FileToUpload = $FULL_FileToUpload = "";
$FULL_URL = $TH_URL = $_POST['imgThumbUrl'];
}
## Clean up FULL image
$img->DeleteLocalImage(FALSE, TRUE);
$SameImagesN = 1;
}
## Images were NOT the same, and selected as NOT the same
elseif (!$SameImages && !$_POST["imgSameImages"])
{
## Take care of Thumbnail
if ($LocalThumbN)
{
if ((int)$THFile['size'])
{
$img->DeleteLocalImage(TRUE, FALSE);
$TH_FileToUpload = $THFile;
}
else
$TH_FileToUpload = "";
$TH_URL = "";
}
else
{
$img->DeleteLocalImage(TRUE, FALSE);
$TH_FileToUpload = "";
$TH_URL = $_POST['imgThumbUrl'];
}
## Take care of FULL here
if ($LocalImageN)
{
if ((int)$FULLFile['size'])
{
$img->DeleteLocalImage(FALSE, TRUE);
$FULL_FileToUpload = $FULLFile;
}
else
$FULL_FileToUpload = "";
$FULL_URL = "";
}
else
{
$img->DeleteLocalImage(FALSE, TRUE);
$FULL_FileToUpload = "";
$FULL_URL = $_POST['imgFullUrl'];
}
}
## Unknow condition
else
{
;
}
$img = $objImageList->Edit($_POST["ImageId"],$_POST["imgName"], $_POST["imgAlt"], $_POST["ResourceId"], $LocalImageN, $LocalThumbN, $FULL_URL, $TH_URL, (int)$_POST["imgEnabled"], (int)$_POST["imgPriority"], (int)$_POST["imgDefault"], 0, $SameImagesN);
// echo "<B>DATA:</B> <BR> LocalImageN: $LocalImageN, LocalThumbN: $LocalThumbN, FULL_URL: $FULL_URL, TH_URL: $TH_URL, SameImagesN: $SameImagesN <BR>";
$img->Pending = TRUE;
if (!empty($FULL_FileToUpload))
{
$img->Set("LocalPath",$img->StoreUploadedImage($FULL_FileToUpload, 1, $DestDir, 0));
$uploaded = 1;
}
/*
elseif (!$LocalImageN)
{
$img->Set("LocalPath", "");
$uploaded = 1;
}
*/
if (!empty($TH_FileToUpload))
{
$img->Set("ThumbPath", $img->StoreUploadedImage($TH_FileToUpload, 1, $DestDir, 1));
$uploaded = 1;
}
if ($copied)
{
$img->Set("LocalPath", $DestDir."pending/".$LocalThumb_FileN);
$uploaded = 1;
}
if($uploaded==1)
$img->Update();
break;
case "m_img_move_up":
if (isset($_POST["itemlist"]))
{
$objImageList = new clsImageList();
$objImageList->SourceTable = $objSession->GetEditTable("Images");
foreach($_POST["itemlist"] as $id)
{
$img = $objImageList->GetItem($id);
$img->MoveUp();
}
}
break;
case "m_img_move_down":
if (isset($_POST["itemlist"]))
{
$objImageList = new clsImageList();
$objImageList->SourceTable = $objSession->GetEditTable("Images");
$itemlist=array_reverse($_POST["itemlist"]);
foreach($itemlist as $id)
{
$img = $objImageList->GetItem($id);
$img->MoveDown();
}
}
break;
case "m_img_delete":
if(isset($_POST["itemlist"]))
{
$objImageList = new clsImageList();
$objImageList->SourceTable = $objSession->GetEditTable("Images");
foreach($_POST["itemlist"] as $id)
{
$img = $objImageList->GetItem($id);
$img->Set("ResourceId", 0);
$img->Update();
//$img->Delete();
}
}
break;
case "m_restore_delete":
if($ro_perm) break;
$bdate = $_POST["backupdate"];
if($bdate>0)
{
$BackupFile = $objConfig->Get("Backup_Path")."/dump".$bdate.".txt";
if(file_exists($BackupFile))
unlink($BackupFile);
}
break;
case "m_taglib":
include($pathtoroot."kernel/include/tag-class.php");
ParseTagLibrary();
break;
case "m_sql_query":
if($ro_perm) break;
$SqlQuery = $_POST["sql"];
$ado = &GetADODBConnection();
if(strlen($sql))
{
$SqlResult = $ado->Execute(stripslashes($SqlQuery));
$SqlError = $ado->ErrorMsg();
$SqlErrorNum = $ado->ErrorNo();
}
break;
case "m_purge_email_log":
if($ro_perm) break;
$ado = &GetADODBConnection();
$sql = "DELETE FROM ".GetTablePrefix()."EmailLog";
$ado->Execute($sql);
break;
case "m_session_delete":
if($ro_perm) break;
$ado = &GetADODBConnection();
if (count($_POST['itemlist']) > 0) {
foreach($_POST["itemlist"] as $id)
{
$sql = "DELETE FROM ".GetTablePrefix()."UserSession WHERE SessionKey='$id'";
$ado->Execute($sql);
$sql = "DELETE FROM ".GetTablePrefix()."SessionData WHERE SessionKey = '$id'";
$ado->Execute($sql);
}
}
else {
$sql = "DELETE FROM ".GetTablePrefix()."UserSession WHERE Status='0'";
$ado->Execute($sql);
}
break;
case "m_add_rule":
$objEditItems = new clsBanRuleList();
$objEditItems->SourceTable = $objSession->GetEditTable("BanRules");
//$ItemType,$RuleType,$ItemField,$ItemVerb,$ItemValue,$Priority,$Status;
$objEditItems->AddRule($_POST["rule_itemtype"],$_POST["rule_type"],$_POST["rule_field"],
$_POST["rule_verb"],$_POST["rule_value"],(int)$_POST["rule_priority"],
(int)$_POST["rule_status"], $_POST['rule_error']);
break;
case "m_edit_rule":
$objEditItems = new clsBanRuleList();
$objEditItems->SourceTable = $objSession->GetEditTable("BanRules");
//$ItemType,$RuleType,$ItemField,$ItemVerb,$ItemValue,$Priority,$Status;
$objEditItems->EditRule($_POST["rule_id"],$_POST["rule_itemtype"],$_POST["rule_type"],$_POST["rule_field"],
$_POST["rule_verb"],$_POST["rule_value"],(int)$_POST["rule_priority"],
(int)$_POST["rule_status"], $_POST['rule_error']);
break;
case "m_rule_move_up":
if($ro_perm) break;
if(isset($_POST["itemlist"]))
{
foreach($_POST["itemlist"] as $id)
{
$i = $objBanList->GetItem($id);
$i->Increment("Priority");
}
}
break;
case "m_rule_move_down":
if($ro_perm) break;
if(isset($_POST["itemlist"]))
{
foreach($_POST["itemlist"] as $id)
{
$i = $objBanList->GetItem($id);
$i->Decrement("Priority");
}
}
break;
case "m_rule_delete":
if($ro_perm) break;
if(isset($_POST["itemlist"]))
{
foreach($_POST["itemlist"] as $id)
{
$i = $objBanList->GetItem($id);
$i->Delete();
}
}
break;
case "m_ban_user":
if($ro_perm) break;
if($_POST["UserEditStatus"]==1)
{
$UserId = $_POST["user_id"];
$objUsers->SetTable('edit');
$u = $objUsers->GetItem($UserId);
if(is_object($u))
{
if((int)$_POST["ban_login"])
{
if(strlen($_POST["user_login"]))
$objBanList->AddRule(6,0,"Login",3,$_POST["user_login"],0,1);
}
if((int)$_POST["ban_email"])
{
if(strlen($_POST["user_email"]))
$objBanList->AddRule(6,0,"Email",3,$_POST["user_email"],0,1);
}
if((int)$_POST["ban_ip"])
{
if(strlen($_POST["user_ip"]))
$objBanList->AddRule(6,0,"ip",3,$_POST["user_ip"],0,1);
}
$u->Deny();
}
$objUsers->SetTable('restore');
}
break;
case 'm_rebuild_cache':
$objSession->SetVariable('PermCache_UpdateRequired', 1);
break;
}
/* image upload management */
if( isset($_POST['img']) && $_POST['img'] == 1 )
{
foreach($_FILES as $img => $FILE)
{
$name = $_POST["img_Name_$img"];
$alt = $_POST["img_Alt_$img"];
$url = $_POST["img_Url_$img"];
$res_id = $_POST["img_Res_$img"];
$relvalue = $_POST["img_Rel_$img"];
$thumb = (int)$_POST["img_Thumb_$img"];
$dest = AddSlash($_POST["img_DestDir_$img"]);
if($_POST["img_Del_$img"]=="Delete")
{
$img = $objImageList->GetImageByResource($res_id,$relvalue);
$img->Delete();
unset($img);
$objImageList->Clear();
}
else
{
if($FILE["size"]>0)
{
/* an image was uploaded */
$objImageList->HandleImageUpload($FILE,$res_id,$relvalue,$dest, $name,$alt,$thumb);
}
else
{ /* remote images handled here */
if(strlen($url)>0)
{
if($relvalue>0)
{
$img = $objImageList->GetImageByResource($res_id,$relvalue);
$img->Set("Name",$name);
$img->Set("AltName", $alt);
$img->Set("IsThumbnail",$thumb);
$img->Set("Url",$url);
$img->Update();
}
else
{
$relvalue = $objImageList->GetNextRelateValue($res_id);
$objImageList->NewRemoteImage($url,$res_id,$relvalue, $name, $alt, $thumb);
}
}
}
}
}
}
// ALL Saving Stuff From Temp Tables Heppens Here
//echo "==== BEGIN ==== <br>";
$has_perm = $objSession->HasSystemPermission("SYSTEM_ACCESS.READONLY");
//echo "PortalUserID: [".$objSession->Get("PortalUserId")."]<br>";
//print_pre($objSession);
//echo "PermSet: [".$has_perm."]<br>";
if( !$has_perm )
{
if( GetVar('ReviewEditStatus') == 1 )
{
$objReviews=new clsItemReviewList();
$objReviews->CopyFromEditTable_Direct();
}
if( GetVar('ReviewEditStatus') == -1 )
{
$objReviews=new clsItemReviewList();
$objReviews->PurgeEditTable();
}
/* category Edit */
if( GetVar('CatEditStatus') == 1 )
{
$adodbConnection = &GetADODBConnection();
// $sql = "SELECT * FROM ".$objSession->GetEditTable("Category")." WHERE CategoryId=0";
$sql = "SELECT ParentId FROM ".$objSession->GetEditTable("Category")." WHERE CategoryId=-1";
$rs = $adodbConnection->Execute($sql);
while ($rs && !$rs->EOF)
{
if($rs->fields["ParentId"] > 0) RunUp($rs->fields["ParentId"],"Increment_Count");
$rs->MoveNext();
}
$cat_ids = $objCatList->CopyFromEditTable("CategoryId");
if($cat_ids)
{
$db =& GetADODBConnection();
$sql = 'SELECT ResourceId FROM '.$objCatList->SourceTable.' WHERE CategoryId IN ('.implode(',', $cat_ids).')';
$rids = $db->GetCol($sql);
$objCustomDataList->CopyFromEditTable("CustomDataId", $rids);
}
$objCatList->Clear();
if($_REQUEST['CategoryId'] > 0) // not root category is updated
{
$objImages = new clsImageList();
$objImages->CopyFromEditTable("ImageId");
}
}
if( GetVar('CatEditStatus') == 2 )
{
$objCatList->PurgeEditTable("CategoryId");
$objCustomDataList->PurgeEditTable("CustomDataId");
if($_REQUEST['CategoryId'] > 0) // not root category is updated
{
$objImages = new clsImageList();
//$objImages->CopyFromEditTable("ImageId");
$objImages->PurgeEditTable("ImageId");
}
$objCatList->Clear();
}
/* User Edit */
if( GetVar('UserEditStatus') == 1 )
{
$objUserGroupsList = new clsUserGroupList();
$objUserGroupsList->CopyFromEditTable("PortalUserId");
$user_ids = $objUsers->CopyFromEditTable("PortalUserId");
if ($user_ids) {
$db =& GetADODBConnection();
$sql = 'SELECT ResourceId FROM '.$objUsers->SourceTable.' WHERE PortalUserId IN ('.implode(',', $user_ids).')';
$rids = $db->GetCol($sql);
$objCustomDataList->CopyFromEditTable("CustomDataId", $rids);
}
$objGroups->Clear();
$objImages = new clsImageList();
$objImages->CopyFromEditTable("ImageId");
}
if( GetVar('UserEditStatus') == 2 )
{
$objUserGroupsList = new clsUserGroupList();
$objGroups->PurgeEditTable("PortalUserId");
$objUserGroupsList->PurgeEditTable("PortalUserId");
$objCustomDataList->PurgeEditTable("CustomDataId");
$objGroups->Clear();
}
/* Group Edit */
if( GetVar('GroupEditStatus') == 1 )
{
$objUserGroupsList = new clsUserGroupList();
$objUserGroupsList->CopyFromEditTable("GroupId");
$group_ids = $objGroups->CopyFromEditTable("GroupId");
if ($group_ids) {
$db =& GetADODBConnection();
$sql = 'SELECT ResourceId FROM '.$objGroups->SourceTable.' WHERE GroupId IN ('.implode(',', $group_ids).')';
$rids = $db->GetCol($sql);
$objCustomDataList->CopyFromEditTable("CustomDataId", $rids);
}
$objGroups->Clear();
}
if( GetVar('GroupEditStatus') == 2 )
{
$objUserGroupsList = new clsUserGroupList();
$objGroups->PurgeEditTable("GroupId");
$objCustomDataList->PurgeEditTable("CustomDataId");
$objUserGroupsList->PurgeEditTable("PortalUserId");
$objGroups->Clear();
}
/* Theme Edit */
if( GetVar('ThemeEditStatus') == 1 )
{
$objThemes->CopyFromEditTable();
$objThemes->Clear();
}
if( GetVar('ThemeEditStatus') == 2 )
{
$objThemes->PurgeEditTable();
$objThemes->Clear();
}
/* Language Edit */
if( GetVar('LangEditStatus') == 1 )
{
$objLanguages->CopyFromEditTable();
$objLanguages->Clear();
$objLanguages->PurgeEditTable();
$Phrases = new clsPhraseList();
$Phrases->CopyFromEditTable();
$Phrases->Clear();
$Phrases->PurgeEditTable();
$Messages = new clsEmailMessageList();
$Messages->CopyFromEditTable();
$Messages->Clear();
}
if( GetVar('LangEditStatus') == 2 )
{
$objLanguages->PurgeEditTable();
$objLanguages->Clear();
$Phrases = new clsPhraseList();
$Phrases->PurgeEditTable();
$Messages = new clsEmailMessageList();
$Messages->PurgeEditTable();
}
if( GetVar('MissingLangEditStatus') == 1 )
{
$objPhraseList = new clsPhraseList();
$objPhraseList->SourceTable = $objSession->GetSessionKey()."_".$ThemeId."_labels";
$objEditList = new clsPhraseList();
$objEditList->SourceTable = $objSession->GetEditTable("Phrase");
$ado = &GetADODBConnection();
$rs = $ado->Execute("SELECT MIN(PhraseId) as MinValue FROM ".$objEditList->SourceTable);
$NewId = $rs->fields["MinValue"]-1;
$objPhraseList->Query_Item("SELECT * FROM ".$objPhraseList->SourceTable);
foreach($objPhraseList->Items as $p)
{
if(strlen($p->Get("Translation"))>0)
{
$p->tablename = $objEditList->SourceTable;
$p->Dirty();
$p->UnsetIDField();
$p->Set("PhraseId",$NewId);
$NewId--;
$p->Create();
}
}
$ado->Execute("DROP TABLE IF EXISTS ".$objPhraseList->SourceTable);
}
if( GetVar('MissingLangEditStatus') == 2 )
{
$table = $objSession->GetSessionKey()."_".$ThemeId."_labels";
$ado = &GetADODBConnection();
$ado->Execute("DROP TABLE IF EXISTS ".$table);
}
/* Ban Rule Edit */
if( GetVar('RuleEditStatus') == 1 )
{
$objBanList->CopyFromEditTable("RuleId");
$objBanList->Clear();
}
if( GetVar('RuleEditStatus') == 2 )
{
$objBanList->PurgeEditTable("RuleId");
$objBanList->Clear();
}
}
elseif( defined('DEBUG_ACTIONS') )
{
if( isset($_REQUEST['Action']) && $_REQUEST['Action'] )
echo "<b>USER HAS RO-ACCESS</b> on action [<b>".$_REQUEST['Action']."</b>]<br>";
}
//echo "==== END ==== <br>";
?>
\ No newline at end of file
Property changes on: branches/unlabeled/unlabeled-1.103.2/kernel/action.php
___________________________________________________________________
Modified: cvs2svn:cvs-rev
## -1 +1 ##
-1.103.2.2
\ No newline at end of property
+1.103.2.3
\ No newline at end of property
Index: branches/unlabeled/unlabeled-1.3.2/admin/install/upgrades/readme_1_1_7.txt
===================================================================
--- branches/unlabeled/unlabeled-1.3.2/admin/install/upgrades/readme_1_1_7.txt (revision 4039)
+++ branches/unlabeled/unlabeled-1.3.2/admin/install/upgrades/readme_1_1_7.txt (revision 4040)
@@ -1,5 +1,6 @@
0011144 search log record is created/updated when simple search is made from onlinestore theme
0011217 error message was not shown on search form (on front, default theme)
0011210 custom field values were not stripslashed after submit
0011209 mod_rewrite now works a bit faster
-0011211 category sorting in admin in case when we have non-editor pics new categories and already edited ones
\ No newline at end of file
+0011211 category sorting in admin in case when we have non-editor pics new categories and already edited ones
+0011367 system permissions with DENIED value are not saved to db (e.g. LOGIN) + upgrade script that fixes perms
\ No newline at end of file
Property changes on: branches/unlabeled/unlabeled-1.3.2/admin/install/upgrades/readme_1_1_7.txt
___________________________________________________________________
Modified: cvs2svn:cvs-rev
## -1 +1 ##
-1.3
\ No newline at end of property
+1.3.2.1
\ No newline at end of property
Index: branches/unlabeled/unlabeled-1.17.44/kernel/include/portalgroup.php
===================================================================
--- branches/unlabeled/unlabeled-1.17.44/kernel/include/portalgroup.php (revision 4039)
+++ branches/unlabeled/unlabeled-1.17.44/kernel/include/portalgroup.php (revision 4040)
@@ -1,564 +1,564 @@
<?php
class clsPortalGroup extends clsParsedItem
{
var $UserCount;
function clsPortalGroup($GroupId=NULL)
{
$this->clsParsedItem($GroupId);
$this->tablename=GetTablePrefix()."PortalGroup";
$this->type=7;
$this->BasePermission="GROUP";
$this->id_field = "GroupId";
if($GroupId)
$this->LoadFromDatabase($GroupId);
}
function Validate()
{
global $objSession, $Errors;
$dataValid = true;
if(!isset($this->m_Name) || $this->m_Name == "")
{
$Errors->AddError("error.fieldIsRequired",'Login',"","",get_class($this),"Validate");
$dataValid = false;
}
return $dataValid;
}
function HasSystemPermission($PermissionName)
{
$GroupId = (int)$this->Get("GroupId");
$sql = "SELECT * FROM ".GetTablePrefix()."Permissions WHERE GroupId=$GroupId AND Permission='$PermissionName' AND type=1";
$result = $this->adodbConnection->Execute($sql);
if($result && !$result->EOF)
{
$this->SysPermCache[$PermissionName] = (int)$result->fields["PermissionValue"];
return (int)$result->fields["PermissionValue"];
}
else
return -1;
}
/* set $Value to -1 to delete the permission row from the DB */
- function SetSystemPermission($PermName,$Value)
+ function SetSystemPermission($PermName, $Value)
{
- //echo "Setting $PermName to $Value<br>\n";
- $oldval = $this->HasSystemPermission($PermName);
- if($Value != $oldval)
- {
- if($Value>-1)
- {
- if($oldval>-1)
- {
- $sql = "UPDATE ".GetTablePrefix()."Permissions SET PermissionValue=$Value ";
- $sql .=" WHERE Type=1 AND Permission='$PermName' AND GroupId=".$this->Get("GroupId");
-
- //echo "UPDATE SQL: $sql<br>";
- }
- else
- {
- $sql = "INSERT INTO ".GetTablePrefix()."Permissions (Permission, GroupId, PermissionValue, Type, CatId) ";
- $sql .="VALUES ('$PermName',".$this->Get("GroupId").",$Value,1,0)";
- //echo "INSERT SQL: $sql<br>";
- }
- $this->adodbConnection->Execute($sql);
- //echo $sql."<br>\n";
- }
- else
- {
- $sql = "DELETE FROM ".GetTablePrefix()."Permissions ";
- $sql .=" WHERE Type=1 AND Permission='$PermName' AND GroupId=".$this->Get("GroupId");
- //echo "DELETE SQL: $sql<br>";
- $this->adodbConnection->Execute($sql);
+ // don't save DENY system permissions
+
+ //echo "Setting $PermName to $Value<br>\n";
+ $old_value = $this->HasSystemPermission($PermName);
+ if ($Value == $old_value) {
+ return true;
+ }
+
+ if ($Value == 1) {
+ // new value is ALLOWED
+ if ($old_value > -1) {
+ // old value is ALLOWED/DENIED
+ $sql = 'UPDATE '.GetTablePrefix().'Permissions
+ SET PermissionValue = '.$Value.'
+ WHERE Type = 1 AND Permission = '.$this->adodbConnection->qstr($PermName).' AND GroupId = '.$this->Get('GroupId');
+ }
+ else {
+ // permission was inherited before => no record in db
+ $sql = 'INSERT INTO '.GetTablePrefix().'Permissions (Permission, GroupId, PermissionValue, Type, CatId) ';
+ $sql .= 'VALUES ('.$this->adodbConnection->qstr($PermName).','.$this->Get('GroupId').','.$Value.',1,0)';
+ }
+ $this->adodbConnection->Execute($sql);
}
- }
+ else {
+ // permission becomes inherited now or set to DENIED
+ $sql = 'DELETE FROM '.GetTablePrefix().'Permissions
+ WHERE Type = 1 AND Permission = '.$this->adodbConnection->qstr($PermName).' AND GroupId = '.$this->Get('GroupId');
+ $this->adodbConnection->Execute($sql);
+ }
+
}
function CheckPermission($permissionName)
{
//Check permission and if needs approval set approval
global $objSession, $Errors;
if(!$objSession->HasSystemPermission($permissionName))
{
//$Errors->AddError("error.AccessDenied","","","",get_class($this),"CheckPermission");
return false;
}
return true;
}
function LoadFromDatabase($Id)
{
global $Errors;
if(!isset($Id))
{
$Errors->AddError("error.AppError",NULL,'Internal error: LoadFromDatabase id',"",get_class($this),"LoadFromDatabase");
return false;
}
$sql = "SELECT * FROM ".$this->tablename." WHERE GroupId = $Id";
$result = $this->adodbConnection->Execute($sql);
if ($result === false)
{
$Errors->AddError("error.DatabaseError",NULL,$this->adodbConnection->ErrorMsg(),"",get_class($this),"LoadFromDatabase");
return false;
}
$data = $result->fields;
$this->SetFromArray($data);
$this->Clean();
return true;
}
function AddUser($UserId,$PrimaryGroup=0,$edit_table = true)
{
global $objSession;
// add user to group OR just updates it's status there
$db =& $this->adodbConnection;
$table=$edit_table?$objSession->GetEditTable('UserGroup'):GetTablePrefix().'UserGroup';
$group_id = $this->Get('GroupId');
$sql_patterns['check'] = 'SELECT PortalUserId FROM %s WHERE GroupId = %s AND PortalUserId = %s';
$sql_patterns['reset_primary'] = 'UPDATE %s SET PrimaryGroup = 0 WHERE PortalUserId = %s';
$sql_patterns['set_primary'] = 'UPDATE %s SET PrimaryGroup = 1 WHERE GroupId = %s AND PortalUserId = %s';
$sql_patterns['add_to_group'] = 'INSERT INTO %s (PortalUserId,GroupId,PrimaryGroup) VALUES (%s, %s, %s)';
$tmp_sql = sprintf($sql_patterns['check'], $table, $group_id, $UserId);
$check_result = $db->GetOne($tmp_sql);
if(!$check_result)
{
// user is not a memeber of this group
$GroupCount = TableCount($table,"PortalUserId = $UserId", 0);
if(!$PrimaryGroup) $PrimaryGroup = ($GroupCount == 0) ? 1 : 0; // reset primary status if not already
$tmp_sql = sprintf($sql_patterns['add_to_group'], $table, $UserId, $group_id, $PrimaryGroup);
$db->Execute($tmp_sql);
}
if($PrimaryGroup)
{
$tmp_sql = sprintf($sql_patterns['reset_primary'], $table, $UserId);
$db->Execute($tmp_sql);
$tmp_sql = sprintf($sql_patterns['set_primary'], $table, $group_id, $UserId);
$db->Execute($tmp_sql);
}
}
function DeleteUser($UserId)
{
global $objSession;
$sql = "DELETE FROM ".$objSession->GetEditTable("UserGroup")." WHERE PortalUserId=$UserId AND GroupId=".$this->Get("GroupId");
$this->adodbConnection->Execute($sql);
}
function GetCustomField( $fieldName)
{
global $Errors;
if(!isset($this->m_UserId))
{
$Errors->AddError("error.AppError",NULL,"Get field is required in order to set custom field values","","clsPortalGroup","GetCustomField");
return false;
}
return GetCustomFieldValue($this->m_UserId,"portaluser",$fieldName);
}
function SetCustomField( $fieldName, $value)
{
global $Errors;
if(!isset($this->m_UserId))
{
$Errors->AddError("error.AppError",NULL,"Set field is required in order to set custom field values","","clsPortalGroup","SetCustomField");
return false;
}
return SetCustomFieldValue($this->m_UserId,"portaluser",$fieldName,$value);
}
function GetUserCount()
{
if(!is_numeric($this->UserCount))
{
$sql = "SELECT count(*) as UserCount FROM ".GetTablePrefix()."UserGroup WHERE GroupId=".$this->Get("GroupId");
$rs = $this->adodbConnection->Execute($sql);
if($rs && !$rs->EOF)
$users = $rs->fields["UserCount"];
$this->UserCount = (int)$users;
}
return $this->UserCount;
}
function GetUserList($edit_table = false)
{
global $objSession;
$table = $edit_table ? $objSession->GetEditTable('UserGroup') : GetTablePrefix().'UserGroup';
$sql = 'SELECT PortalUserId FROM '.$table.' WHERE GroupId = '.$this->UniqueId(); // Get('GroupId');
return $this->adodbConnection->GetCol($sql);
}
function parsetag($tag)
{
global $var_list_update, $objConfig, $objSession;
$tagname = is_object($tag) ? $tag->name : $tag;
$is_temp = strpos($this->SourceTable, $objSession->Get('SessionKey') ) !== false;
switch($tagname)
{
case 'GroupName':
$db =& GetADODBConnection();
$table = $is_temp ? $objSession->GetEditTable('PortalGroup') : GetTablePrefix().'PortalGroup';
$sql = 'SELECT Name FROM '.$table.' WHERE GroupId = '.$this->Get('GroupId');
return $db->GetOne($sql);
break;
case 'membership_expires_date':
return $this->Get('MembershipExpires') <= 0 ? '' : LangDate( $this->Get('MembershipExpires'), 0, true );
break;
case 'membership_expires_time':
return $this->Get('MembershipExpires') <= 0 ? '' : LangTime( $this->Get('MembershipExpires'), 0, true );
break;
case "group_id":
return $this->Get("GroupId");
break;
case "group_name":
return $this->Get("Name");
break;
case "group_desc":
return $this->Get("Description");
break;
case "group_date":
return LangDate($this->Get("CreatedOn"));
break;
case "group_name":
return $this->Get("Name");
break;
case "group_enabled":
return $this->Get("Enabled");
break;
case "group_date_month":
return adodb_date("m", $this->Get("CreatedOn"));
break;
case "group_date_day":
return adodb_date("d", $this->Get("CreatedOn"));
break;
case "group_date_year":
return adodb_date("Y", $this->Get("CreatedOn"));
break;
case "group_system":
if ($this->Get("System") == 1)
return "System";
else
return "User Defined";
break;
case "group_status":
if ($this->Get("Enabled") == 1)
return "Enabled";
else
return "Disabled";
break;
default:
if (substr($tag, 0, 6) == "custom")
return Users_Custom($this->Get("ResourceId"), $tag);
else
return "Undefined:$tagname";
break;
}
}
}
class clsGroupList extends clsItemCollection
{
var $Page;
function clsGroupList()
{
$this->clsItemCollection();
$this->classname = "clsPortalGroup";
$this->SetTable('live', GetTablePrefix()."PortalGroup");
$this->AdminSearchFields = array("name");
$this->id_field = "GroupId";
}
function NumGroups()
{
return $this->NumItems();
}
function GetGroup($GroupID)
{
return $this->GetItem($GroupID);
}
function GetPersonalGroup($UserLogin)
{
$n = "_".$UserLogin;
$g = $this->GetItemByField("Name",$n);
return $g;
}
function LoadGroups($where = "",$orderBy = "")
{
global $objConfig;
$this->Clear();
if($this->Page<1)
$this->Page=1;
if(is_numeric($objConfig->Get("Perpage_Groups")))
{
$Start = ($this->Page-1)*$objConfig->Get("Perpage_Groups");
$limit = "LIMIT ".$Start.",".$objConfig->Get("Perpage_Groups");
}
else
$limit = NULL;
if(strlen($where) == 0) $where = '1';
$this->QueryItemCount=TableCount($this->SourceTable, $where, 0);
//echo $this->QueryItemCount."<br>\n";
if ($orderBy!="")
{
$this->Query_PortalGroup($where,$orderBy,$limit);
}
else
{
$this->Query_PortalGroup($where,"Name DESC",$limit);
}
}
function Query_PortalGroup($whereClause=NULL,$orderByClause=NULL,$limit=null)
{
global $m_var_list,$objSession,$Errors;
$sql = "SELECT * FROM ".$this->SourceTable." ";
if(strlen($whereClause))
$sql = sprintf('%s WHERE %s',$sql,$whereClause);
if(strlen($orderByClause))
if(strlen(trim($orderByClause)))
$sql = sprintf('%s ORDER BY %s',$sql,$orderByClause);
if( isset($limit) ) $sql .= ' '.$limit;
return $this->Query_Item($sql);
}
function Query_UserPortalGroup($whereClause,$orderByClause)
{
global $m_var_list,$objSession,$Errors;
if ($m_var_list["action"] == "m_group_search")
$table = $userSession->Get("SessionKey") . "_search";
else
$table = $this->SourceTable;
$sql = "SELECT * FROM $table LEFT JOIN UserGroup USING (GroupId) ";
if(isset($whereClause))
$sql = sprintf('%s WHERE %s',$sql,$whereClause);
if(isset($orderByClause))
if (strlen(trim($orderByClause)))
{
$sql = sprintf('%s ORDER BY %s',$sql,$orderByClause);
}
$result = $this->adodbConnection->Execute($sql);
return $this->Query_Item($sql);
}
function GetAllGroupList()
{
static $GroupListCache;
if(!is_array($GroupListCache))
{
$GroupListCache = array();
$sql = "SELECT GroupId FROM ".$this->SourceTable." WHERE Enabled=1";
$rs = $this->adodbConnection->Execute($sql);
while($rs && !$rs->EOF)
{
$GroupListCache[] = $rs->fields["GroupId"];
$rs->MoveNext();
}
}
return $GroupListCache;
}
function Group_Custom($ResourceId, $tag)
{
$fieldname= substr($tag, 7);
$sql = "SELECT Value FROM ".GetTablePrefix()."CustomMetaData LEFT JOIN ".GetTablePrefix()."CustomField USING (CustomFieldId) where ".GetTablePrefix()."CustomMetaData.ResourceId=$ResourceId AND ".GetTablePrefix()."CustomField.FieldName='$fieldname'";
$result = $this->adodbConnection->Execute($sql);
if ($result->EOF)
return "";
else
return $result->fields["Value"];
}
function Add_Users_To_Group($groupid)
{
global $g_usergroup_status;
$userids = explode("-", $g_usergroup_status);
$g = $this->GetItem($groupid);
foreach($userids as $userid)
$g->AddUser($userid);
}
function Delete_Group($GroupId)
{
$g = $this->GetItem($GroupId);
if(is_object($g))
{
$g->Delete();
}
}
function Edit_Group($GroupId, $Name, $Description)
{
$g = $this->GetItem($GroupId);
$g->Set(array("Name", "Description"), array($Name, $Description));
$g->Update();
return $g;
}
function &Add_Group($Name, $Description, $System=1)
{
$g = new clsPortalGroup(NULL);
$g->tablename = $this->SourceTable;
$g->Set(array("Name", "Description", "System"),array($Name, $Description,$System));
$g->Set("CreatedOn",adodb_date("U"));
$g->Create();
return $g;
}
function CopyFromEditTable($idfield)
{
global $objSession;
$GLOBALS['_CopyFromEditTable']=1;
$edit_table = $objSession->GetEditTable($this->SourceTable);
$sql = "SELECT * FROM $edit_table";
$item_ids = Array();
$rs = $this->adodbConnection->Execute($sql);
while ($rs && !$rs->EOF) {
$data = $rs->fields;
$c = new $this->classname;
$c->SetFromArray($data);
$c->idfield = $idfield;
$c->Dirty();
if($c->Get($idfield)<1)
{
$old_id = $c->Get($idfield);
$c->UnsetIdField();
if(!is_numeric($c->Get("OrgId")))
$c->Clean(array("OrgId"));
$c->Create();
$sql = "UPDATE ".GetTablePrefix()."UserGroup SET GroupId=".$c->Get("GroupId")." WHERE GroupId=$old_id";
$this->adodbConnection->Execute($sql);
$sql = "UPDATE ".GetTablePrefix()."Permissions SET GroupId=".$c->Get("GroupId")." WHERE GroupId=$old_id";
$this->adodbConnection->Execute($sql);
}
$c->Update();
$item_ids[] = $c->UniqueId();
unset($c);
unset($r);
$rs->MoveNext();
}
@$this->adodbConnection->Execute("DROP TABLE IF EXISTS $edit_table");
unset($GLOBALS['_CopyFromEditTable']);
return $item_ids;
}
function PurgeEditTable($idfield)
{
global $objSession;
$edit_table = $objSession->GetEditTable($this->SourceTable);
@$this->adodbConnection->Execute("DROP TABLE IF EXISTS $edit_table");
$sql = "DELETE FROM ".GetTablePrefix()."UserGroup WHERE GroupId<1";
$this->adodbConnection->Execute($sql);
$sql = "DELETE FROM ".GetTablePrefix()."Permissions WHERE GroupId<1";
$this->adodbConnection->Execute($sql);
}
}
class clsUserGroupList extends clsItemCollection
{
function clsUserGroupList()
{
$this->clsItemCollection();
$this->classname = "clsPortalGroup";
$this->SetTable('live', GetTablePrefix()."UserGroup");
$this->id_field = "PortalUserId"; // don't try to insert by this ID :)
}
function CopyFromEditTable($idfield)
{
global $objSession;
$GLOBALS['_CopyFromEditTable']=1;
$edit_table = $objSession->GetEditTable($this->SourceTable);
$sql = "SELECT * FROM $edit_table";
$rs = $this->adodbConnection->Execute($sql);
//echo $sql."<BR>";
$clear_old = true;
$insert_sql = 'INSERT INTO %s (PortalUserId,GroupId,MembershipExpires,PrimaryGroup) VALUES (%s,%s,%s,%s)';
while($rs && !$rs->EOF)
{
$data = $rs->fields;
if($clear_old)
{
$sql = "DELETE FROM ".$this->SourceTable." WHERE $idfield = ".$data[$idfield];
@$this->adodbConnection->Execute($sql);
$clear_old = false;
}
if(!$data['MembershipExpires']) $data['MembershipExpires'] = 'NULL';
$sql = sprintf($insert_sql, $this->SourceTable, $data['PortalUserId'], $data['GroupId'], $data['MembershipExpires'], $data['PrimaryGroup'] );
@$this->adodbConnection->Execute($sql);
$rs->MoveNext();
}
@$this->adodbConnection->Execute("DROP TABLE IF EXISTS $edit_table");
unset($GLOBALS['_CopyFromEditTable']);
}
function &Edit_UserGroup($group_id, $user_id, $membership_expires)
{
$ug =& $this->GetItemByField( Array('GroupId','PortalUserId'), Array($group_id,$user_id) );
if($membership_expires == 0) $membership_expires = null;
$ug->Set('MembershipExpires', $membership_expires);
$ug->Update();
return $ug;
}
}
?>
Property changes on: branches/unlabeled/unlabeled-1.17.44/kernel/include/portalgroup.php
___________________________________________________________________
Modified: cvs2svn:cvs-rev
## -1 +1 ##
-1.17.44.2
\ No newline at end of property
+1.17.44.3
\ No newline at end of property
Index: branches/unlabeled/unlabeled-1.4.2/admin/install/upgrades/inportal_upgrade_v1.1.7.sql
===================================================================
--- branches/unlabeled/unlabeled-1.4.2/admin/install/upgrades/inportal_upgrade_v1.1.7.sql (revision 4039)
+++ branches/unlabeled/unlabeled-1.4.2/admin/install/upgrades/inportal_upgrade_v1.1.7.sql (revision 4040)
@@ -1,18 +1,20 @@
ALTER TABLE ThemeFiles ADD INDEX (FileName);
ALTER TABLE ThemeFiles ADD INDEX (FilePath);
ALTER TABLE Category CHANGE EditorsPick EditorsPick TINYINT(4) NOT NULL DEFAULT '0';
ALTER TABLE PortalUser ADD Company VARCHAR(255) NOT NULL AFTER LastName;
ALTER TABLE PortalUser ADD Fax VARCHAR(255) NOT NULL AFTER Phone;
ALTER TABLE PortalUser ADD Street2 VARCHAR(255) NOT NULL AFTER Street;
INSERT INTO ConfigurationAdmin VALUES ('UseCronForRegularEvent', 'la_Text_Website', 'la_UseCronForRegularEvent', 'checkbox', NULL, NULL, 18, 0);
INSERT INTO ConfigurationValues VALUES ('UseCronForRegularEvent', '0', 'In-Portal', 'in-portal:configure_general');
ALTER TABLE Language ADD InputDateFormat VARCHAR(50) NOT NULL AFTER TimeFormat, ADD InputTimeFormat VARCHAR(50) NOT NULL AFTER InputDateFormat;
UPDATE Language SET InputDateFormat = 'm/d/Y', InputTimeFormat = 'g:i:s A';
CREATE TABLE ImportCache (CacheId int(11) NOT NULL auto_increment, CacheName varchar(255) NOT NULL default '', VarName int(11) NOT NULL default '0', VarValue text NOT NULL, PRIMARY KEY (CacheId), KEY CacheName (CacheName), KEY VarName (VarName));
+DELETE FROM Permissions WHERE Type = 1 AND PermissionValue = 0;
+
UPDATE Modules SET Version = '1.1.7' WHERE Name = 'In-Portal';
\ No newline at end of file
Property changes on: branches/unlabeled/unlabeled-1.4.2/admin/install/upgrades/inportal_upgrade_v1.1.7.sql
___________________________________________________________________
Modified: cvs2svn:cvs-rev
## -1 +1 ##
-1.4.2.2
\ No newline at end of property
+1.4.2.3
\ No newline at end of property

Event Timeline

In-Portal CMS · In-Portal Community Pages · In-Portal Issue Tracker · In-Portal Repository Browser · Quality Assurance · In-Portal CI Server