Page MenuHomeIn-Portal Phabricator
Files F772903

in-portal
No OneTemporary
Actions

File Metadata

Created
Sat, Feb 1, 8:51 PM

in-portal
View Options

Index: trunk/kernel/action.php
===================================================================
--- trunk/kernel/action.php (revision 266)
+++ trunk/kernel/action.php (revision 267)
@@ -1,2219 +1,2219 @@
<?php
$ro_perm = $objSession->HasSystemPermission("SYSTEM_ACCESS.READONLY");
if( defined('DEBUG_ACTIONS') && (DEBUG_ACTIONS & KERNEL_ACTIONS) == KERNEL_ACTIONS )
{
if($Action) echo "Kernel Action [<b>$Action</b>]<br>\n";
}
if( defined('DEBUG_ACTIONS') && (DEBUG_ACTIONS & SHOW_REQUEST) == SHOW_REQUEST )
{
// don't show debug output in tree & header of admin & while logging in
$script = basename($_SERVER['PHP_SELF']);
$skip_debug = Array('index.php','tree.php','head.php','credits.php');
if( !in_array($script, $skip_debug) )
{
echo "ScriptName: <b>$script</b> (<b>".dirname($_SERVER['PHP_SELF'])."</b>)<br><br>";
echo '<table border="0" cellspacing="0" cellpadding="4" class="debug_table">';
echo '<thead style="font-weight: bold;"><td>Src</td><td>Name</td><td>Value</td></thead>';
foreach($_REQUEST as $key => $value)
{
if( !is_array($value) && trim($value) == '' ) $value = '&nbsp;';
$src = isset($_GET[$key]) ? 'GE' : (isset($_POST[$key]) ? 'PO' : (isset($_COOKIE[$key]) ? 'CO' : '?') );
echo '<tr><td>'.$src.'</td><td>'.$key.'</td><td>'.print_r($value, true).'</td></tr>';
}
echo '</table>';
}
unset($script, $skip_debug);
}
switch($Action)
{
case "m_add_user":
$dupe_user = '';
$user_pending = (int)$_POST["user_pending"];
$user_enabled = (int)$_POST["user_enabled"];
$CreatedOn = DateTimestamp($_POST["user_date"],GetDateFormat());
$dob = DateTimestamp($_POST["user_dob"],GetDateFormat());
$objEditItems = new clsUserManager();
$objEditItems->SourceTable = $objSession->GetEditTable("PortalUser");
if(strlen($_POST["user_login"]))
$id = $objUsers->GetUserId($_POST["user_login"]);
else
$dob = 0;
if($id)
{
$lvErrorString = language('la_error_duplicate_username');
$dupe_user = $_POST["user_login"];
$_POST["user_login"] = '';
}
$password = md5($_POST["password"]);
$u = $objEditItems->Add_User($_POST["user_login"], $password,
$_POST["user_email"], $CreatedOn, $_POST["user_firstname"],
$_POST["user_lastname"], $_POST["status"],
$_POST["user_phone"],
$_POST["user_street"], $_POST["user_city"],
$_POST["user_state"], $_POST["user_zip"], $_POST["user_country"], $dob);
$objCustomEdit = new clsCustomDataList(); //$objSession->GetEditTable("CustomMetaData"));
$objCustomEdit->SetTable('edit');
$objCustomEdit->LoadResource($u->Get("ResourceId"));
$CustomFields = new clsCustomFieldList(6);
$DataChanged = FALSE;
foreach($_POST as $key=>$value)
{
if(substr($key,0,1)=="_")
{
$field = substr($key,1);
$cvalue = $CustomFields->GetItemByField("FieldName",$field,FALSE);
if(is_object($cvalue))
{
$objCustomEdit->SetFieldValue($cvalue->Get("CustomFieldId"),$u->Get("ResourceId"),$value);
$DataChanged = TRUE;
}
}
}
if($DataChanged) $objCustomEdit->SaveData();
$objCustomEdit->SetTable('live');
break;
case "m_edit_user":
$CreatedOn = DateTimestamp($_POST["user_date"],GetDateFormat());
$dob = DateTimestamp($_POST["user_dob"],GetDateFormat());
$objEditItems = new clsUserManager();
$objEditItems->SourceTable = $objSession->GetEditTable("PortalUser");
$user_pending = (int)$_POST["user_pending"];
$user_enabled = (int)$_POST["user_enabled"];
$UserId=(int)$_POST["user_id"];
//echo $UserId."<br>\n";
if(!strlen($_POST["user_login"]))
$dob = 0;
if(strlen($_POST["password"]))
{
$password = md5($_POST["password"]);
}
else
$password = "";
$u = $objEditItems->Edit_User($UserId, $_POST["user_login"], $password,
$_POST["user_email"], $CreatedOn, $_POST["user_firstname"],
$_POST["user_lastname"], $_POST["status"],
$_POST["user_phone"],
$_POST["user_street"], $_POST["user_city"],
$_POST["user_state"], $_POST["user_zip"], $_POST["user_country"],
$dob);
$objCustomEdit = new clsCustomDataList(); //$objSession->GetEditTable("CustomMetaData"));
$objCustomEdit->SetTable('edit');
$DataChanged = false;
$objCustomEdit->LoadResource($u->Get("ResourceId"));
$CustomFields = new clsCustomFieldList(6);
foreach($_POST as $key=>$value)
{
if(substr($key,0,1)=="_")
{
$field = substr($key,1);
$cvalue = $CustomFields->GetItemByField("FieldName",$field,FALSE);
if(is_object($cvalue))
{
//echo "Saving CF: (".$cvalue->Get("CustomFieldId")." ; ".$u->Get("ResourceId")." ; $value)<br>";
$objCustomEdit->SetFieldValue($cvalue->Get("CustomFieldId"),$u->Get("ResourceId"),$value);
$DataChanged = TRUE;
}
}
}
if($DataChanged)
$objCustomEdit->SaveData();
$objCustomEdit->SetTable('live');
break;
case "m_user_primarygroup":
//print_pre($_REQUEST);
if($ro_perm) break;
$users = explode(',', $_POST["userlist"]);
$GroupResourceId = $_POST['grouplist'];
$g = $objGroups->GetItemByField("ResourceId", $GroupResourceId);
$GroupId = $g->UniqueId();
if( is_array($users) )
foreach($users as $user_id)
{
$u = $objUsers->GetItemByField("ResourceId", $user_id);
$g->AddUser($u->Get("PortalUserId"), 1);
}
break;
case "m_edit_group":
$objEditItems = new clsGroupList();
$objEditItems->SourceTable = $objSession->GetEditTable("PortalGroup");
$objEditItems->Edit_Group($_POST["group_id"], $_POST["group_name"],$_POST["group_comments"]);
break;
case "m_add_group":
$objEditItems = new clsGroupList();
$objEditItems->SourceTable = $objSession->GetEditTable("PortalGroup");
$objEditItems->Add_Group($_POST["group_name"], $_POST["group_comments"],0);
break;
case "m_group_sysperm":
if($_POST["GroupEditStatus"]==0)
{
$objSession->ResetSysPermCache();
$GroupId = $_POST["GroupId"];
if($GroupId)
{
$objEditItems = new clsGroupList();
$objEditItems->SourceTable = $objSession->GetEditTable("PortalGroup");
$g = $objEditItems->GetItemByField("ResourceId",$GroupId);
if(is_object($g))
{
$PermList = explode(",",$_POST["PermList"]);
for($i=0;$i<count($PermList);$i++)
{
if(@in_array($PermList[$i],$_POST["inherit"]))
{
$value = -1;
}
else
{
$value = 0;
if(@in_array($PermList[$i],$_POST["permvalue"]))
$value = 1;
}
$g->SetSystemPermission($PermList[$i],$value);
}
}
}
}
break;
case "m_user_sysperm":
if($ro_perm) break;
if($_POST["UserEditStatus"]==0)
{
$UserId = $_POST["ItemId"];
if($UserId)
{
$objEditItems = new clsUserManager();
$objEditItems->SourceTable = $objSession->GetEditTable("PortalUser");
$u = $objEditItems->GetItemByField("ResourceId",$UserId);
unset($g);
if(is_object($u))
{
$objSession->ResetSysPermCache();
$g = $u->GetPersonalGroup(FALSE);
$PermList = explode(",",$_POST["PermList"]);
for($i=0;$i<count($PermList);$i++)
{
if(!@in_array($PermList[$i],$_POST["inherit"]))
{
if(!is_object($g))
$g = $u->GetPersonalGroup(TRUE);
$value = 0;
if(is_array($_POST["permvalue"]))
{
if(in_array($PermList[$i],$_POST["permvalue"]))
$value =1;
$g->SetSystemPermission($PermList[$i],$value);
}
else
$g->SetSystemPermission($PermList[$i],-1);
}
else
{
if(is_object($g))
$g->SetSystemPermission($PermList[$i],-1);
}
}
}
}
}
break;
case "m_approve_user":
if($ro_perm) break;
foreach($_POST["itemlist"] as $userid)
{
$user = $objUsers->GetItemByField("ResourceId",$userid);
$user->Approve();
}
$objUsers->Clear();
break;
case "m_deny_user":
if($ro_perm) break;
foreach($_POST["itemlist"] as $userid)
{
$user = $objUsers->GetItemByField("ResourceId",$userid);
$user->Deny();
}
$objUsers->Clear();
break;
case "m_delete_user":
if($ro_perm) break;
foreach($_POST["itemlist"] as $userid)
$objUsers->Delete_User($userid);
break;
case "m_delete_group":
if($ro_perm) break;
foreach($_POST["itemlist"] as $groupid)
{
$objGroups->Delete_Group($groupid);
}
break;
case "m_user_assign":
$useridlist = implode("-", $userlist);
$objSession->SetUserStatus($useridlist, "g_usergroup_status");
$g_usergroup_status = $useridlist;
break;
case "m_group_assign":
foreach($grouplist as $group)
$objGroups->Add_Users_To_Group($group);
break;
case "m_remove_group":
$adodbConnection = GetAdodbConnection();
$adodbConnection->Execute("DELETE FROM UserGroup where UserId='$UserId' AND GroupId='$GroupId'");
break;
case "m_SetVariable":
$objSession->SetPersistantVariable($_POST["fieldname"], $_POST["varvalue"]);
break;
case "m_SetSessionVariable":
$objSession->SetVariable($_POST["fieldname"], $_POST["varvalue"]);
//echo "Setting $fieldname to $varvalue<br>\n";
if($_POST["fieldname"]=="SearchType")
$objSession->SetVariable("SearchWord","");
break;
case "m_edit_permissions":
if($ro_perm) break;
if($_POST["CatEditStatus"] != -1)
{
$objSession->SetVariable('PermCache_UpdateRequired', 1);
$GroupId = $_POST["GroupId"];
$CatId = $_POST["CategoryId"];
$Module = $_POST["Module"];
$ado = GetADODBConnection();
$sql = "SELECT * FROM ".GetTablePrefix()."PermissionConfig WHERE ModuleId='$Module'";
$rs = $ado->Execute($sql);
$PermNames = array();
while($rs && !$rs->EOF)
{
$data = $rs->fields;
$PermNames[] = $data["PermissionName"];
$rs->MoveNext();
}
$inherit = array();
if(is_array($_POST["inherit"]))
{
foreach($_POST["inherit"] as $perm)
{
$inherit[$perm] = 1;
}
}
$access = array();
if(is_array($_POST["permvalue"]))
{
foreach($_POST["permvalue"] as $perm)
{
$access[$perm] = 1;
}
}
$objPermList = new clsPermList($CatId,$GroupId);
$objPermList->LoadCategory($CatId);
for($i=0;$i<count($PermNames);$i++)
{
if(!array_key_exists($PermNames[$i],$inherit))
{
$PermValue = (int)$access[$PermNames[$i]];
$Perm = $objPermList->GetPermByName($PermNames[$i]);
if($Perm)
{
$Id = $Perm->Get("PermissionId");
//echo "Editing $Id<br>\n";
$objPermList->Edit_Permission($Id,$CatId,$GroupId,$PermNames[$i],$PermValue,0);
}
else
{
//echo "Adding ".$PermNames[$i];
$objPermList->Add_Permission($CatId,$GroupId,$PermNames[$i],$PermValue,0);
}
}
else
{
$Perm = $objPermList->GetPermByName($PermNames[$i]);
if($Perm)
{
$Id = $Perm->Get("PermissionId");
$objPermList->Delete_Permission($Id);
}
}
}
//$c = $objCatList->GetItem($CatId);
//$glist = $objGroups->GetAllGroupList();
//$ViewList = $objPermList->GetGroupPermList($c,"CATEGORY.VIEW",$glist );
//$c->SetViewPerms("CATEGORY.VIEW",$ViewList,$glist);
//$c->Update();
}
break;
case "m_perm_delete_group":
$ado = GetADODBConnection();
$CatId = $_POST["CategoryId"];
foreach($_POST["itemlist"] as $groupid)
{
$g = $objGroups->GetItemByField("ResourceId",$groupid);
if(is_object($g))
{
$sql = "DELETE FROM ".GetTablePrefix()."Permissions WHERE CatId=$CatId AND GroupId=".$g->Get("GroupId");
if($objSession->HasSystemPermission("DEBUG.LIST"))
echo $sql."<br>\n";
$ado->Execute($sql);
}
}
break;
case "m_user_addto_group":
if($ro_perm) break;
$user = $_POST["UserId"];
if(is_numeric($user))
{
if(strlen($_POST["grouplist"]))
{
$groups = explode(",",$_POST["grouplist"]);
if(is_array($groups))
{
for($i=0; $i<count($groups);$i++)
{
$g = $objGroups->GetItemByField("ResourceId",$groups[$i]);
$g->AddUser($user);
}
}
else
{
$g = $objGroups->GetItem($groups);
$g->AddUser($user);
}
}
}
break;
case "m_group_add_user":
if($ro_perm) break;
$group = $_POST["GroupId"];
$EditGroups = new clsGroupList();
$EditGroups->SourceTable = $objSession->GetEditTable($objGroups->SourceTable);
$g = $EditGroups->GetItem($group);
// echo "Group: $group <br>\n";
if(is_numeric($group))
{
$users = explode(",",$_POST["userlist"]);
foreach($users as $userid)
{
$u = $objUsers->GetItemByField("ResourceId",$userid);
$g->AddUser($u->Get("PortalUserId"));
}
}
break;
case "m_group_removeuser":
if($ro_perm) break;
$group = $_POST["GroupId"];
$g = $objGroups->GetItem($group);
if($group>0)
{
foreach($_POST["itemlist"] as $user_id)
{
$u = $objUsers->GetItemByField("ResourceId",$user_id);
$g->DeleteUser($u->Get("PortalUserId"));
}
}
break;
case "m_user_removegroup":
if($ro_perm) break;
$user = $_POST["UserId"];
if($user>0)
{
foreach($_POST["itemlist"] as $groupid)
{
$g = $objGroups->GetItem($groupid);
$g->DeleteUser($user);
}
}
break;
case "m_sendmail":
$idlist = explode(",",$_POST["idlist"]);
$html = (int)$_POST["html_enable"];
$body = inp_escape($_POST["email_body"],$html);
$subject = inp_escape($_POST["email_body"],$html);
$Email = new clsEmailMessage();
$Email->Set("Subject",$subject);
$Email->Set("Template",$body);
if($html)
$Email->Set("MessageType","HTML");
if(count($idlist)>0)
{
switch($_POST["IdType"])
{
case "group":
foreach($idlist as $id)
$Email->SendToGroup($id);
break;
case "user":
foreach($idlist as $id)
$Email->SendToUser($id);
break;
}/*switch*/
}
break;
case "m_item_recount":
RunDown($m_var_list["cat"],"UpdateCacheCounts");
break;
case "m_cat_delete":
if($objSession->HasCatPermission("CATEGORY.DELETE",$objCatList->CurrentCategoryID()))
{
if(isset($_POST["catlist"]))
{
if(is_array($_POST["catlist"]))
foreach($_POST["catlist"] as $catid)
{
$objCatList->Delete_Category($catid);
}
}
}
break;
case "m_cat_cut":
if(isset($_POST["catlist"]))
{
if($objSession->HasCatPermission("CATEGORY.DELETE",$catid))
{
$objCatList->CopyToClipboard("CUT","CategoryId",$_POST["catlist"]);
}
else
$objCatList->CopyToClipboard("COPY","CategoryId",$_POST["catlist"]);
}
break;
case "m_cat_copy":
if(isset($_POST["catlist"]))
{
$objCatList->CopyToClipboard("COPY","CategoryId",$_POST["catlist"]);
}
break;
case "m_paste":
if($objCatList->ItemsOnClipboard()>0)
{
/* category's paste function populates a sparse array where array[old_id]=new_id */
$PastedCatIds = array();
$objCatList->PasteFromClipboard($objCatList->CurrentCategoryID(),"Name");
}
else
{
$clip = $objSession->GetVariable("ClipBoard");
if(strlen($clip))
{
$ClipBoard = ParseClipboard($clip);
$Action= strtolower($ClipBoard["table"])."_paste";
}
}
break;
case "m_cat_move_up":
if (isset($_POST["catlist"]))
{
foreach($_POST["catlist"] as $catid)
{
$cat =& $objCatList->GetCategory($catid);
$cat->MoveUp();
}
}
break;
case "m_cat_move_down":
if (isset($_POST["catlist"]))
{
$catlist=array_reverse($_POST["catlist"]);
foreach($catlist as $catid)
{
$cat =& $objCatList->GetCategory($catid);
$cat->MoveDown();
}
}
break;
case "m_cat_approve":
if (isset($_POST["catlist"]))
{
foreach($_POST["catlist"] as $catid)
{
$cat =& $objCatList->GetCategory($catid);
$cat->Approve();
}
}
break;
case "m_cat_decline":
if (isset($_POST["catlist"]))
{
foreach($_POST["catlist"] as $catid)
{
$cat =& $objCatList->GetCategory($catid);
// $cat->Deny();
RunDown($catid,"Deny");
}
}
break;
case "m_rel_delete":
$adodbConnection= GetADODBConnection();
$table = $objSession->GetEditTable("Relationship");
if(isset($_POST["itemlist"]))
{
if(is_array($_POST["itemlist"]))
{
foreach($_POST["itemlist"] as $id)
{
$sql = "DELETE FROM ".$table." WHERE RelationshipId=".$id;
$adodbConnection->Execute($sql);
if($objSession->HasSystemPermission("DEBUG.LIST"))
echo $sql."<br>\n";
}
}
else
{
$sql = "DELETE FROM ".$table." WHERE RelationshipId=".$_POST["itemlist"];
$adodbConnection->Execute($sql);
if($objSession->HasSystemPermission("DEBUG.LIST"))
echo $sql."<br>\n";
}
}
break;
case "m_add_relation":
if($_POST["CatEditStatus"]==0)
{
$RelList = new clsRelationshipList();
$RelList->SourceTable = $objSession->GetEditTable("Relationship");
//$r = $RelList->Add($_POST["SourceId"],$_POST["SourceType"],$_POST["TargetId"],$_POST["TargetType"],
// 0,(int)$_POST["Enabled"],$_POST["RelType"], $Rel);
$ado = GetADODBConnection();
$rs = $ado->Execute("SELECT MIN(RelationshipId) as MinValue FROM ".$RelList->SourceTable);
$NewId = $rs->fields["MinValue"]-1;
$r = $RelList->Add($_POST["SourceId"],$_POST["SourceType"],$_POST["TargetId"],$_POST["TargetType"],
0,(int)$_POST["Enabled"],$_POST["RelType"], $NewId);
$sql = "UPDATE ".$RelList->SourceTable." SET RelationshipId=".$NewId." WHERE RelationshipId=".$r->Get("RelationshipId");
if($objSession->HasSystemPermission("DEBUG.LIST"))
echo $sql."<br>\n";
$ado->Execute($sql);
}
break;
case "m_edit_relation":
if($_POST["CatEditStatus"]==0)
{
$RelList = new clsRelationshipList();
$RelList->SourceTable = $objSession->GetEditTable("Relationship");
$r = $RelList->GetItem($_POST["RelationshipId"]);
if(is_object($r))
{
$r->Set("Enabled",(int)$_POST["Enabled"]);
$r->Set("Type",(int)$_POST["RelType"]);
$r->Set("Priority",(int)$_POST["priority"]);
$r->Update();
}
}
break;
case "m_rel_move_up":
$objRelList = new clsRelationshipList();
$objRelList->SourceTable = $objSession->GetEditTable("Relationship");
if (isset($_POST["itemlist"]))
{
foreach($_POST["itemlist"] as $id)
{
$r = $objRelList->GetItem($id);
$r->MoveUp($_POST["SourceId"]);
}
}
break;
case "m_rel_move_down":
$objRelList = new clsRelationshipList();
$objRelList->SourceTable = $objSession->GetEditTable("Relationship");
if (isset($_POST["itemlist"]))
{
$itemlist=array_reverse($_POST["itemlist"]);
foreach($itemlist as $id)
{
$r = $objRelList->GetItem($id);
$r->MoveDown($_POST["SourceId"]);
}
}
break;
case "m_add_category":
if(ValidDate($_POST["cat_date"],GetDateFormat()))
{
$CreatedOn = DateTimestamp($_POST["cat_date"],GetDateFormat());
}
else
$CreatedOn = time();
$html = (int)$_POST["html_enable"];
$cat_pick = $_POST["cat_pick"];
$Status = (int)$_POST["status"];
$Hot=(int)$_POST["itemhot"];
$Pop = (int)$_POST["itempop"];
$New = (int)$_POST["itemnew"];
$objEditItems = new clsCatList();
$objEditItems->SourceTable = $objSession->GetEditTable("Category");
$cat = $objEditItems->Add($_POST["ParentId"], $_POST["cat_name"], inp_escape($_POST["cat_desc"],$html), $CreatedOn,
$cat_pick, $Status, $Hot, $New, $Pop, $_POST["Priority"],
$_POST["meta_keywords"],$_POST["meta_desc"]);
$objCustomEdit = new clsCustomDataList($objSession->GetEditTable("CustomMetaData"));
$objCustomEdit->LoadResource($cat->Get("ResourceId"));
$CustomFields = new clsCustomFieldList(1);
$DataChanged = FALSE;
foreach($_POST as $key=>$value)
{
if(substr($key,0,1)=="_")
{
$field = substr($key,1);
$cvalue = $CustomFields->GetItemByField("FieldName",$field,FALSE);
if(is_object($cvalue))
{
$objCustomEdit->SetFieldValue($cvalue->Get("CustomFieldId"),$cat->Get("ResourceId"),$value);
$DataChanged = TRUE;
}
}
}
if($DataChanged)
$objCustomEdit->SaveData();
break;
case "m_edit_category":
$CreatedOn = DateTimestamp($_POST["cat_date"],GetDateFormat());
$cat_pick = $_POST["cat_pick"];
$Status = (int)$_POST["status"];
$Hot=(int)$_POST["itemhot"];
$Pop = (int)$_POST["itempop"];
$New = (int)$_POST["itemnew"];
$html = (int)$_POST["html_enable"];
$objEditItems = new clsCatList();
$objEditItems->SourceTable = $objSession->GetEditTable("Category");
// check if name of cat isn't changed: begin
$original_cats = new clsCatList();
$original_cat = $original_cats->GetItemByField('CategoryId', $_POST['CategoryId']);
if( $original_cat->Get('Name') != $_POST['cat_name'] )
$objSession->SetVariable('PermCache_UpdateRequired', 1);
unset($original_cat, $original_cats);
// check if name of cat isn't changed: end
$cat = $objEditItems->Edit_Category($_POST["CategoryId"],inp_escape($_POST["cat_name"],$html), inp_escape($_POST["cat_desc"],$html), $CreatedOn, $cat_pick, $Status, $Hot, $New, $Pop, $_POST["Priority"], $_POST["meta_keywords"], $_POST["meta_desc"]);
$objCustomEdit = new clsCustomDataList($objSession->GetEditTable("CustomMetaData"));
$objCustomEdit->LoadResource($cat->Get("ResourceId"));
$CustomFields = new clsCustomFieldList(1);
$DataChanged = FALSE;
foreach($_POST as $key=>$value)
{
if(substr($key,0,1)=="_")
{
$field = substr($key,1);
$cvalue = $CustomFields->GetItemByField("FieldName",$field,FALSE);
if(is_object($cvalue))
{
$objCustomEdit->SetFieldValue($cvalue->Get("CustomFieldId"),$cat->Get("ResourceId"),$value);
$DataChanged = TRUE;
}
}
}
if($DataChanged)
$objCustomEdit->SaveData();
break;
case "m_edit_custom_data":
$id = $_POST["ItemId"];
$objEditData = new clsCustomDataList(); //$objSession->GetEditTable("CustomMetaData"));
$objEditData->SetTable('edit');
$ado = GetADODBConnection();
if($id && is_array($_POST["CustomData"]))
{
foreach($_POST["CustomData"] as $FieldId => $Value)
{
$sql = "SELECT count(*) as reccount FROM ".$objEditData->SourceTable." WHERE CustomFieldId=$FieldId AND ResourceId=".$_POST["ItemId"];
$rs = $ado->Execute($sql);
$intable = $rs->fields["reccount"];
if(!$intable)
{
$sql = "INSERT INTO ".$objEditData->SourceTable." (ResourceId,CustomFieldId,Value) VALUES ('".$id."','$FieldId','$Value')";
$ado->Execute($sql);
//echo $sql."<br>\n";
}
else
{
$sql = "UPDATE ".$objEditData->SourceTable." SET Value='".$Value."' WHERE CustomFieldId=$FieldId AND ResourceId=".$_POST["ItemId"];
$ado->Execute($sql);
//echo $sql."<br>\n";
}
}
}
$objEditData->SetTable('live');
break;
case "m_customfield_edit":
if($ro_perm) break;
$DataType = $_POST["DataType"];
$FieldId = $_POST["CustomFieldId"];
$FieldName = $_POST["fieldname"];
//$FieldLabel = $_POST["fieldlabel"];
if(strlen($FieldName))
{
$objCustomFields = new clsCustomFieldList($DataType);
$objCustomFields->EditField($FieldId,$DataType,$FieldName,"",(int)$_POST["generaltab"],
$_POST["heading"],$_POST["fieldprompt"],$_POST["input_type"],
$_POST["valuelist"]);
}
unset($objCustomFields);
break;
case "m_customfield_add":
if($ro_perm) break;
$DataType = $_POST["DataType"];
$FieldName = $_POST["fieldname"];
//$FieldLabel = $_POST["fieldlabel"];
if(strlen($FieldName))
{
$objCustomFields = new clsCustomFieldList($DataType);
$objCustomFields->AddField($DataType,$FieldName,"",(int)$_POST["generaltab"],
$_POST["heading"],$_POST["fieldprompt"],$_POST["input_type"],
$_POST["valuelist"]);
unset($objCustomFields);
}
break;
case "m_customfield_delete":
if($ro_perm) break;
$DataType = $_POST["DataType"];
$objCustomFields = new clsCustomFieldList($DataType);
foreach($_POST["itemlist"] as $f)
{
$objCustomFields->DeleteField($f);
//$c = $objCustomFields->GetItem($f);
//$c->Delete();
}
unset($objCustomFields);
break;
case "m_SearchConfig_Edit":
if($ro_perm) break;
$SimpleValues = $_POST["simple"];
$AdvValues = $_POST["advanced"];
$module = $_POST["module"];
$priority = $_POST["pri"];
//phpinfo(INFO_VARIABLES);
$objSearchConfig = new clsSearchConfigList($module);
foreach($objSearchConfig->Items as $i)
{
$id = $i->Get("SearchConfigId");
$objSearchConfig->EditFieldSettings($id,(int)$SimpleValues[$id],(int)$AdvValues[$id],$priority[$id]);
}
$objSearchConfig->Clear();
/* save relevence settings */
$vals = $_POST["req_increase"];
foreach($vals as $var=>$value)
{
$cfg = "SearchRel_Increase_".$var;
$objConfig->Set($cfg,$value);
}
$vals = $_POST["rel_keyword"];
foreach($vals as $var=>$value)
{
$cfg = "SearchRel_Keyword_".$var;
$objConfig->Set($cfg,$value);
}
$vals = $_POST["rel_pop"];
foreach($vals as $var=>$value)
{
$cfg = "SearchRel_Pop_".$var;
$objConfig->Set($cfg,$value);
}
$vals = $_POST["rel_rating"];
foreach($vals as $var=>$value)
{
$cfg = "SearchRel_Rating_".$var;
$objConfig->Set($cfg,$value);
}
break;
case "m_keyword_reset":
if($ro_perm) break;
$objSearchList = new clsSearchLogList();
foreach($_POST["itemlist"] as $k)
{
$c = $objSearchList->GetItem($k);
$c->Delete();
}
break;
case "m_review_add":
$post_info = GetSubmitVariable($_POST, 'EditStatus');
if($post_info['variable'] > -1)
{
$objReviews = new clsItemReviewList();
$objReviews->SourceTable = $objSession->GetEditTable("ItemReview");
$Pending = (int)$_POST["review_pending"];
$Enabled = (int)$_POST["review_enabled"];
$Status = (int)$_POST["status"];
$CreatedOn = DateTimestamp($_POST["review_date"],GetDateFormat());
$CreatedOn += SecondsSinceMidnight($_POST["review_time"]);
$html = (int)$_POST["html_enable"];
$ReviewText = inp_escape($_POST["review_body"],1);
$CreatedById = 0;
if(strlen($_POST["createdby"])>0)
{
if(strtolower($_POST["createdby"])=="root")
{
$CreatedById = -1;
}
else
{
$u = $objUsers->GetItemByField("Login",$_POST["createdby"]);
if(is_object($u))
{
$CreatedById = $u->Get("PortalUserId");
if($CreatedById<1)
{
$CreatedById = $objSession->Get("PortalUserId");
}
}
else
$CreatedById = $objSession->Get("PortalUserId");
}
}
else
$CreatedById = $objSession->Get("PortalUserId");
$r = $objReviews->AddReview($CreatedOn,$ReviewText,$Status, $IPAddress,
(int)$_POST["review_priority"], $_POST["ItemId"],$_POST["ItemType"],
$CreatedById,$html, $post_info['Module']);
$ado = GetADODBConnection();
$rs = $ado->Execute("SELECT MIN(ReviewId) as MinValue FROM ".$objReviews->SourceTable);
$NewId = $rs->fields["MinValue"]-1;
$sql = "UPDATE ".$objReviews->SourceTable." SET ReviewId=".$NewId." WHERE ReviewId=".$r->Get("ReviewId");
if($objSession->HasSystemPermission("DEBUG.LIST"))
echo $sql."<br>\n";
$ado->Execute($sql);
}
break;
case "m_review_edit":
$post_info = GetSubmitVariable($_POST, 'EditStatus');
if($post_info['variable'] > -1)
{
$objReviews = new clsItemReviewList();
$objReviews->SourceTable = $objSession->GetEditTable("ItemReview");
$Status = (int)$_POST["status"];
$CreatedOn = DateTimestamp($_POST["review_date"],GetDateFormat());
$CreatedOn += SecondsSinceMidnight($_POST["review_time"]);
$html = (int)$_POST["html_enable"];
$ReviewText = inp_escape($_POST["review_body"],1);
$ReviewId = $_POST["ReviewId"];
$CreatedById = 0;
if(strlen($_POST["createdby"])>0)
{
if(strtolower($_POST["createdby"])=="root")
{
$CreatedById = -1;
}
else
{
$u = $objUsers->GetItemByField("Login",$_POST["createdby"]);
if(is_object($u))
{
$CreatedById = $u->Get("PortalUserId");
if($CreatedById<1)
{
$CreatedById = $objSession->Get("PortalUserId");
}
}
else
$CreatedById = $objSession->Get("PortalUserId");
}
}
$r = $objReviews->EditReview($ReviewId,$CreatedOn,$ReviewText,$Status, $IPAddress,
(int)$_POST["review_priority"],$_POST["ItemId"],$_POST["ItemType"],
$CreatedById,$html, $post_info['Module']);
}
break;
case "m_review_delete":
$objReviews = new clsItemReviewList();
$objReviews->SourceTable = $objSession->GetEditTable("ItemReview");
foreach($_POST["itemlist"] as $id)
{
$objReviews->DeleteReview($id);
}
break;
case "m_review_approve":
if (isset($_POST["itemlist"]))
{
$objReviews = new clsItemReviewList();
$objReviews->SourceTable = $objSession->GetEditTable("ItemReview");
foreach($_POST["itemlist"] as $id)
{
$i = $objReviews->GetItem($id);
$i->Set("Status",1);
$i->Update();
}
}
break;
case "m_review_deny":
if (isset($_POST["itemlist"]))
{
$objReviews = new clsItemReviewList();
$objReviews->SourceTable = $objSession->GetEditTable("ItemReview");
foreach($_POST["itemlist"] as $id)
{
$i = $objReviews->GetItem($id);
$i->Set("Status",0);
$i->Update();
}
}
break;
case "m_review_move_up":
if (isset($_POST["itemlist"]))
{
$objReviews = new clsItemReviewList();
$objReviews->SourceTable = $objSession->GetEditTable("ItemReview");
foreach($_POST["itemlist"] as $id)
{
$i = $objReviews->GetItem($id);
$i->MoveUp();
}
}
break;
case "m_review_move_down":
if (isset($_POST["itemlist"]))
{
$objReviews = new clsItemReviewList();
$objReviews->SourceTable = $objSession->GetEditTable("ItemReview");
$itemlist=array_reverse($_POST["itemlist"]);
foreach($itemlist as $id)
{
$i = $objReviews->GetItem($id);
$i->MoveDown();
}
}
break;
case "m_theme_add":
$objEditItems = new clsThemeList();
$objEditItems->SourceTable = $objSession->GetEditTable("Theme");
$Primary = (int)$_POST["primary"];
if(!(int)$_POST["enabled"])
$Primary = 0;
$t = $objEditItems->AddTheme($_POST["name"],$_POST["description"],(int)$_POST["enabled"],
(int)$_POST["CacheTimeout"],$Primary);
$ado = GetADODBConnection();
$rs = $ado->Execute("SELECT MIN(ThemeId) as MinValue FROM ".$objEditItems->SourceTable);
$NewId = $rs->fields["MinValue"]-1;
$sql = "UPDATE ".$objEditItems->SourceTable." SET ThemeId=".$NewId." WHERE ThemeId=".$t->Get("ThemeId");
if($objSession->HasSystemPermission("DEBUG.LIST"))
echo $sql."<br>\n";
if ($Primary==1)
{
$objEditItems->SetPrimaryTheme($_POST["ThemeId"]);
}
$ado->Execute($sql);
break;
case "m_theme_edit":
$objEditItems = new clsThemeList();
$objEditItems->SourceTable = $objSession->GetEditTable("Theme");
$Primary = (int)$_POST["primary"];
if(!(int)$_POST["enabled"])
$Primary = 0;
$objEditItems->EditTheme($_POST["ThemeId"],$_POST["name"],$_POST["description"],
(int)$_POST["enabled"],$Primary,(int)$_POST["CacheTimeout"]);
if ($Primary==1)
{
$objEditItems->SetPrimaryTheme($_POST["ThemeId"]);
}
break;
case "m_theme_delete":
if (isset($_POST["itemlist"]))
{
$Themes = new clsThemeList();
foreach($_POST["itemlist"] as $id)
{
$Themes->DeleteTheme($id);
}
}
break;
case "m_theme_primary":
if( count($_POST['itemlist']) )
{
$ThemeId = array_shift( $_POST['itemlist'] );
$t = new clsThemeList();
$t->SetPrimaryTheme($ThemeId);
}
break;
case "m_template_edit":
$ThemeId = $_POST["ThemeId"];
$FileId = $_POST["FileId"];
$f = new clsThemeFile($FileId);
$f->Set("Description", $_POST["Description"] );
$f->Update();
$c = stripslashes($_POST["contents"]);
$f->SaveFileContents($c);
break;
case "m_template_add":
$ThemeId = $_POST["ThemeId"];
if( !is_object($f) ) $f = new clsThemeFile();
$FilePath = $_POST['name'];
if(!$FilePath)
{
$f->SetError('Template Name is required',3);
break;
}
else
{
if( substr($FilePath,1) != '/' ) $FilePath = '/'.$FilePath;
if( substr($FilePath,-3) != '.tpl' ) $FilePath .= '.tpl';
$FileName = basename($FilePath);
$FilePath = dirname($FilePath);
// test if such file not already created
$f->LoadFromDataBase( Array($FilePath,$FileName), Array('FilePath','FileName') );
if( !$f->Get('FileId') )
{
$f->Set( Array('FilePath','FileName','ThemeId', 'Description'),
Array($FilePath, $FileName,$_POST['ThemeId'], $_POST["Description"])
);
if( $f->IsWriteablePath(true) )
{
$f->Create();
$c = stripslashes($_POST["contents"]);
$f->SaveFileContents($c, true);
}
}
else
$f->SetError('Template with this name already exists',4);
}
break;
case "m_template_delete":
$dummy = new clsThemeFile();
foreach($_POST["itemlist"] as $FileId)
{
$dummy->LoadFromDatabase($FileId);
$dummy->Delete();
}
break;
case "m_lang_add":
$objEditItems = new clsLanguageList();
$objEditItems->SourceTable = $objSession->GetEditTable("Language");
$l = $objEditItems->AddLanguage($_POST["packname"],$_POST["localname"],
(int)$_POST["enabled"],(int)$_POST["primary"],
$_POST["icon"],$_POST["date_format"],$_POST["time_format"],
$_POST["decimal"],$_POST["thousand"]);
$ado = GetADODBConnection();
$rs = $ado->Execute("SELECT MIN(LanguageId) as MinValue FROM ".$objEditItems->SourceTable);
$NewId = $rs->fields["MinValue"]-1;
$sql = "UPDATE ".$objEditItems->SourceTable." SET LanguageId=".$NewId." WHERE LanguageId=".$l->Get("LanguageId");
if($objSession->HasSystemPermission("DEBUG.LIST"))
echo $sql."<br>\n";
$ado->Execute($sql);
if($_POST["importlabels"]==1 && $_POST["srcpack"]>0)
{
$sql = "SELECT * FROM ".GetTablePrefix()."Phrase WHERE LanguageId=".$_POST["srcpack"];
if($objSession->HasSystemPermission("DEBUG.LIST"))
echo $sql."<br>\n";
$rs = $ado->Execute($sql);
$plist = new clsPhraseList();
$plist->SourceTable = $objSession->GetEditTable("Phrase");
$sql = "SELECT MIN(PhraseId) as MinId FROM ".$plist->SourceTable;
$as = $ado->Execute($sql);
if($as && !$as->EOF)
{
$MinId = (int)$as->fields["MinId"];
}
else
$MinId = 0;
$MinId--;
while($rs && !$rs->EOF)
{
$data = $rs->fields;
$plist->AddPhrase($data["Phrase"],$NewId,$data["Translation"],$data["PhraseType"]);
$sql = "UPDATE ".$plist->SourceTable." SET PhraseId=$MinId WHERE PhraseId=0 LIMIT 1";
$ado->Execute($sql);
$MinId--;
$rs->MoveNext();
}
}
break;
case "m_lang_export":
include_once($pathtoroot."kernel/include/xml.php");
$Ids = $_POST["LangList"]; // language ids list to export phrases from
$phrase_types = GetVar('langtypes');
$phrase_types = ($phrase_types !== false) ? implode(',',$phrase_types) : null;
$filename=$_POST["filename"];
if(strlen($filename)>0)
{
$ExportFilename = $pathtoroot.$admin."/export/".$filename;
$ExportResult = $objLanguages->ExportPhrases($ExportFilename,$Ids, $phrase_types);
}
break;
case "m_lang_edit":
$objEditItems = new clsLanguageList();
$objEditItems->SourceTable = $objSession->GetEditTable("Language");
$objEditItems->EditLanguage($_POST["LanguageId"],$_POST["packname"],
$_POST["localname"],(int)$_POST["enabled"],
(int)$_POST["primary"], $_POST["icon"],$_POST["date_format"],
$_POST["time_format"], $_POST["decimal"],$_POST["thousand"]);
if($_POST["importlabels"]==1 && $_POST["srcpack"]>0)
{
$ado = GetADODBConnection();
$rs = $ado->Execute("SELECT * FROM ".GetTablePrefix()."Phrase WHERE LanguageId=".$_POST["srcpack"]);
$plist = new clsPhraseList();
$plist->SourceTable = $objSession->GetEditTable("Phrase");
$sql = "SELECT MIN(PhraseId) as MinId FROM ".$plist->SourceTable;
$as = $ado->Execute($sql);
if($as && !$as->EOF)
{
$MinId = (int)$as->fields["MinId"];
}
else
$MinId = 0;
$MinId--;
while($rs && !$rs->EOF)
{
$data = $rs->fields;
$plist->AddPhrase($data["Phrase"],$_POST["LanguageId"],$data["Translation"],$data["PhraseType"]);
$sql = "UPDATE ".$plist->SourceTable." SET PhraseId=$MinId WHERE PhraseId=0 LIMIT 1";
$ado->Execute($sql);
$MinId--;
$rs->MoveNext();
}
unset($plist);
}
break;
case "m_lang_delete":
if($ro_perm) break;
if (isset($_POST["itemlist"]))
{
$Phrases = new clsPhraseList();
foreach($_POST["itemlist"] as $id)
{
$objLanguages->DeleteLanguage($id);
$Phrases->DeleteLanguage($id);
}
unset($Phrases);
}
break;
case "m_lang_select":
$LangId = (int)$_POST["langselect"];
if($LangId)
{
if($objSession->Get("PortalUserId")>0)
{
//echo "$LangId";
$objSession->SetPersistantVariable("Language",$LangId);
}
$objSession->Set("Language",$LangId);
$objSession->Update();
$m_var_list_update["lang"] = $LangId;
$m_var_list["lang"] = $LangId;
}
break;
case "m_phrase_edit":
$objPhraseList = new clsPhraseList();
if((int)$_POST["direct"] != 1)
$objPhraseList->SourceTable = $objSession->GetEditTable("Phrase");
$Phrases = $_POST["name"];
foreach($Phrases as $PhraseId =>$name)
{
if($PhraseId>0)
{
$objPhraseList->EditPhrase($PhraseId,$_POST["name"][$PhraseId],$_POST["LanguageId"],$_POST["translation"][$PhraseId],$_POST["phrasetype"][$PhraseId]);
}
}
if(strlen($_POST["name"][0]) && strlen($_POST["translation"][0]) && $_POST['Action1'] == "new")
{
$r = $objPhraseList->AddPhrase($_POST["name"][0],$_POST["LanguageId"],$_POST["translation"][0],$_POST["phrasetype"][0]);
if ($r != "Error") {
$ado = GetADODBConnection();
$rs = $ado->Execute("SELECT MIN(PhraseId) as MinValue FROM ".$objPhraseList->SourceTable);
$NewId = $rs->fields["MinValue"]-1;
$sql = "UPDATE ".$objPhraseList->SourceTable." SET PhraseId=".$NewId." WHERE PhraseId=$PhraseId";
if($objSession->HasSystemPermission("DEBUG.LIST"))
echo $sql."<br>\n";
$ado->Execute($sql);
}
else {
$add_error = "Language tag with the same name already exists!";
}
}
else if ($_POST['Action1'] == "new") {
$add_error = "Fields name and translation are required!";
}
unset($objPhraseList);
break;
case "m_config_missing_phrase":
//phpinfo(INFO_VARIABLES);
$LangId = $_POST["LangId"];
$ThemeId = $_POST["ThemeId"];
if(is_array($_POST["Phrase"]))
{
$objPhraseList = new clsPhraseList();
$objPhraseList->SourceTable = $objSession->GetSessionKey()."_".$ThemeId."_labels";
foreach($_POST["Phrase"] as $p => $value)
{
if(strlen($value))
{
$obj = $objPhraseList->GetItemByField("Phrase",$p,TRUE);
if(is_object($obj))
{
if($obj->Get("Phrase")==$p)
{
$obj->Set("Translation",$value);
$obj->Update();
}
else
$objPhraseList->AddPhrase($p,$LangId,$value,1);
}
else
$objPhraseList->AddPhrase($p,$LangId,$value,1);
}
}
}
break;
case "m_phrase_delete":
$objPhraseList = new clsPhraseList();
$objPhraseList->SourceTable = $objSession->GetEditTable("Phrase");
if (isset($_POST["itemlist"]))
{
foreach($_POST["itemlist"] as $id)
{
$objPhraseList->DeletePhrase($id);
}
}
unset($objPhraseList);
break;
case "m_emailevent_disable":
if($ro_perm) break;
$objEvents = new clsEventList();
if (isset($_POST["itemlist"]))
{
foreach($_POST["itemlist"] as $id)
{
$m =& $objEvents->GetItem($id);
$m->Set("Enabled",0);
$m->Update();
}
}
unset($objEvents);
break;
case "m_emailevent_enable":
if($ro_perm) break;
$objEvents = new clsEventList();
if (isset($_POST["itemlist"]))
{
foreach($_POST["itemlist"] as $id)
{
$m =& $objEvents->GetItem($id);
$m->Set("Enabled",1);
$m->Update();
}
}
unset($objEvents);
break;
case "m_emailevent_frontonly":
if($ro_perm) break;
$objEvents = new clsEventList();
if (isset($_POST["itemlist"]))
{
foreach($_POST["itemlist"] as $id)
{
$m =& $objEvents->GetItem($id);
$m->Set("Enabled",2);
$m->Update();
}
}
unset($objEvents);
break;
case "m_dlid":
echo $Action.":".$DownloadId;
die();
break;
case "m_emailevent_user":
if($ro_perm) break;
$objEvents = new clsEventList();
//phpinfo(INFO_VARIABLES);
//$objEvents->SourceTable = $objSession->GetEditTable("Events");
$ids = $_POST["EventId"];
$ids = str_replace("[","",$ids);
$ids = str_replace("]","",$ids);
$ids = str_replace("\"","",$ids);
$ids = str_replace("\\","",$ids);
$idlist = explode(",",$ids);
foreach($idlist as $EventId)
{
$id = (int)stripslashes($EventId);
$e =& $objEvents->GetItem((int)$EventId);
$e->Set("FromUserId", $_POST["FromUserId"]);
$e->Update();
}
$objEvents->Clear();
unset($objEvents);
break;
case "m_emailevent_edit":
$Template = $_POST["headers"];
if(strlen($Template))
{
$Template .= "\n";
}
$Template = str_replace("\n\n","",$Template);
$Template .= "Subject: ".$_POST["subject"]."\n\n";
$Template .= $_POST["messageBody"];
$objMessages = new clsEmailMessageList();
$objMessages->SourceTable = $objSession->GetEditTable("EmailMessage");
$m =& $objMessages->GetItem($_POST["MessageId"]);
if(is_object($m))
{
if($_POST["sendhtml"]==1)
{
$m->Set("MessageType","html");
}
else
$m->Set("MessageType","text");
$m->Set("Template",$Template);
$m->Update();
}
break;
case "m_config_edit":
//phpinfo(INFO_VARIABLES);
if($ro_perm) break;
$objAdmin = new clsConfigAdmin();
$objAdmin->module = $_POST["module"];
$objAdmin->section = $_POST["section"];
if($objAdmin->section=="in-portal:configure_users")
{
if(strlen($_POST["RootPass"]) && strlen($_POST["RootPassVerify"]))
{
if($_POST["RootPass"]==$_POST["RootPassVerify"])
{
$_POST["RootPass"] = md5($_POST["RootPass"]);
}
}
else
{
$_POST["RootPass"] = $objConfig->Get("RootPass");
$_POST["RootPassVerify"] = $objConfig->Get("RootPassVerify");
}
}
$objAdmin->LoadItems(FALSE);
$objAdmin->SaveItems($_POST);
break;
case "m_mod_enable":
if($ro_perm) break;
if (isset($_POST["itemlist"]))
{
foreach($_POST["itemlist"] as $id)
{
$m =& $objModules->GetItemByField("Name",$id);
if(is_object($m))
{
$m->Set("Loaded",1);
$m->Update();
}
}
$_GET["Refresh"] = 1;
}
break;
case "m_mod_disable":
if($ro_perm) break;
if (isset($_POST["itemlist"]))
{
foreach($_POST["itemlist"] as $id)
{
if($id != "In-Portal")
{
$m =& $objModules->GetItemByField("Name",$id);
if(is_object($m))
{
$m->Set("Loaded",0);
$m->Update();
}
}
}
$_GET["Refresh"] = 1;
}
break;
case "m_img_add":
$objImageList = new clsImageList();
$objImageList->SourceTable = $objSession->GetEditTable("Images");
$LocalImage=0;
$LocalThumb=0;
$DestDir = "kernel/images/";
$UserThumbSource = (int)$_POST["imgLocalThumb"];
$LocalThumb = $UserThumbSource;
$thumb_url = !$LocalThumb? $_POST["imgThumbUrl"] : "";
if($_POST["imgSameImages"])
{
$LocalImage = $LocalThumb;
$full_url = $thumb_url;
}
else
{
$LocalImage = (int)$_POST["imgLocalFull"];
$file = $_FILES["imgFullFile"];
$full_url = $LocalImage? "" : $_POST["imgFullUrl"];
}
if((!strlen($thumb_url) && !$LocalThumb) || (!strlen($full_url) && !$LocalImage))
{
break;
}
$ado = GetADODBConnection();
$sql = "SELECT MIN(ImageId) as MinValue FROM ".$objImageList->SourceTable;
$rs = $ado->Execute($sql);
$NewId = ($rs->fields["MinValue"]<0)? $rs->fields["MinValue"]-1 : -1;
$img = $objImageList->Add($_POST["imgName"], $_POST["imgAlt"], $_POST["ResourceId"], $LocalImage, $LocalThumb, $full_url, $thumb_url, (int)$_POST["imgEnabled"], 0, (int)$_POST["imgDefault"], 0,(int)$_POST["imgSameImages"], $NewId);
$img->Set("ImageId", $NewId);
// $img->debuglevel=1;
/*
$sql = "UPDATE ".$objImageList->SourceTable." SET ImageId=".$NewId." WHERE ImageId=0";
$ado->Execute($sql);
// $img->Update();
*/
// echo "SL: $sql $NewId<BR>";
// $img->debuglevel=1;
$img->Pending=TRUE;
if($LocalImage)
{
$file = $_FILES["imgFullFile"];
if(is_array($file))
{
if($file["size"]>0)
{
$img->Set("LocalPath",$img->StoreUploadedImage($file,1, $DestDir,0));
$uploaded=1;
}
}
}
if($LocalThumb)
{
$thumb = $_FILES["imgThumbFile"];
if(is_array($thumb))
{
if($thumb["size"]>0)
{
$img->Set("ThumbPath",$img->StoreUploadedImage($thumb,1, $DestDir,1));
$uploaded=1;
}
}
}
if($uploaded==1)
$img->Update();
break;
case "m_img_edit":
$objImageList = new clsImageList();
$objImageList->SourceTable = $objSession->GetEditTable("Images");
// $img->debuglevel=1;
$img = $objImageList->GetItem($_POST["ImageId"]);
## Get original values
$LocalImage = $img->Get("LocalImage");
$LocalThumb = $img->Get("LocalThumb");
$SameImages = $img->Get("SameImages");
$ThumbPath = $img->Get("ThumbPath");
## New values
$LocalThumbN = (int)$_POST["imgLocalThumb"];
$LocalImageN = (int)$_POST["imgLocalFull"];
$FULLFile = $_FILES["imgFullFile"];
$THFile = $_FILES["imgThumbFile"];
$DestDir = "kernel/images/";
$img->Pending = FALSE;
$SameImagesN = 0;
$uploaded = 0;
## Images were the same, but not any more
if ($SameImages && !$_POST["imgSameImages"])
{
## TH was a local file
if ($LocalThumb)
{
## TH image
{
## Try to Delete OLD FULL
$img->DeleteLocalImage(FALSE, TRUE);
## FULL image select, but field EMPTY - make a copy of old TH as FULL
if ($LocalImageN && !(int)$FULLFile["size"])
{
// echo $pathToPending = $img->GetImageDir();
if (!eregi("pending/$", $pathToPending))
$pathToPending.= "pending/";
$LocalThumb_File = $img->GetFileName(1);
// echo "<b>CAN'T FIND FILE:</b> ".$pathToPending.$LocalThumb_File."<BR>";
if (file_exists($pathToPending.$LocalThumb_File))
{
$LocalThumb_FileN = eregi_replace("^th_", "", $LocalThumb_File);
$LocalThumb_FullFileN = $pathToPending.$LocalThumb_FileN;
@unlink($LocalThumb_FullFileN);
@copy($pathToPending.$LocalThumb_File, $LocalThumb_FullFileN);
$uploaded = 1;
$copied = 1;
// echo "COPING: ".$DestDir."pending/".$LocalThumb_FileN." <BR>";
}
else
{
// echo "CAN'T FIND FILE: ".$pathToPending.$LocalThumb_File."<BR>";
}
}
## Upload new FULL image
elseif ($LocalImageN && (int)$FULLFile['size'])
{
$FULL_FileToUpload = $FULLFile;
$FULL_URL = "";
// echo " Upload new FULL image";
}
## Full is URL
elseif (!$LocalImageN)
{
$img->DeleteLocalImage(FALSE, TRUE);
$FULL_URL = $_POST['imgFullUrl'];
$FULL_FileToUpload = "";
}
else
{
// echo " ## Unknow condition";
}
## Take care of Thumbnail here
if ($LocalThumbN)
{
## Delete old if NEW TH image selected
if ((int)$THFile['size'])
{
$img->DeleteLocalImage(TRUE, FALSE);
$TH_FileToUpload = $THFile;
}
else
$TH_FileToUpload = "";
}
else
{
$img->DeleteLocalImage(TRUE, FALSE);
$TH_FileToUpload = "";
$TH_URL = $_POST['imgThumbUrl'];
}
}
}
## TH was URL
else
{
## Take care of FULL image here
if ($LocalImageN && (int)$FULLFile["size"])
{
$FULL_FileToUpload = $FULLFile;
$FULL_URL = "";
}
## Full is URL (or image size 0)
else
{
$FULL_FileToUpload = "";
$FULL_URL = $_POST['imgFullUrl'];
}
## Take care of Thumbnail here
if ($LocalThumbN)
{
$TH_FileToUpload = (int)$THFile['size']? $THFile : "";
$TH_URL = "";
}
else
{
$TH_FileToUpload = "";
$TH_URL = $_POST['imgThumbUrl'];
}
}
}
## Images were the same, and still the same
elseif ($SameImages && $_POST['imgSameImages'])
{
## Take care of Thumbnail & FULL here
if ($LocalThumbN)
{
if ((int)$THFile['size'])
{
$img->DeleteLocalImage(TRUE, FALSE);
$TH_FileToUpload = $THFile;
}
else
$TH_FileToUpload = "";
$FULL_URL = $TH_URL = "";
}
else
{
$TH_FileToUpload = $FULL_FileToUpload = "";
$FULL_URL = $TH_URL = $_POST['imgThumbUrl'];
}
## Delete old FULL image
$img->DeleteLocalImage(FALSE,TRUE);
$SameImagesN = 1;
}
## Images were NOT the same, and selected as the same now
elseif (!$SameImages && $_POST["imgSameImages"])
{
## Take care of Thumbnail & FULL here
if ($LocalThumbN)
{
if ((int)$THFile['size'])
{
$img->DeleteLocalImage(TRUE, FALSE);
$TH_FileToUpload = $THFile;
}
else
$TH_FileToUpload = "";
$FULL_URL = $TH_URL = "";
}
else
{
$img->DeleteLocalImage(TRUE, FALSE);
$TH_FileToUpload = $FULL_FileToUpload = "";
$FULL_URL = $TH_URL = $_POST['imgThumbUrl'];
}
## Clean up FULL image
$img->DeleteLocalImage(FALSE, TRUE);
$SameImagesN = 1;
}
## Images were NOT the same, and selected as NOT the same
elseif (!$SameImages && !$_POST["imgSameImages"])
{
## Take care of Thumbnail
if ($LocalThumbN)
{
if ((int)$THFile['size'])
{
$img->DeleteLocalImage(TRUE, FALSE);
$TH_FileToUpload = $THFile;
}
else
$TH_FileToUpload = "";
$TH_URL = "";
}
else
{
$img->DeleteLocalImage(TRUE, FALSE);
$TH_FileToUpload = "";
$TH_URL = $_POST['imgThumbUrl'];
}
## Take care of FULL here
if ($LocalImageN)
{
if ((int)$FULLFile['size'])
{
$img->DeleteLocalImage(FALSE, TRUE);
$FULL_FileToUpload = $FULLFile;
}
else
$FULL_FileToUpload = "";
$FULL_URL = "";
}
else
{
$img->DeleteLocalImage(FALSE, TRUE);
$FULL_FileToUpload = "";
$FULL_URL = $_POST['imgFullUrl'];
}
}
## Unknow condition
else
{
;
}
$img = $objImageList->Edit($_POST["ImageId"],$_POST["imgName"], $_POST["imgAlt"], $_POST["ResourceId"], $LocalImageN, $LocalThumbN, $FULL_URL, $TH_URL, (int)$_POST["imgEnabled"], (int)$_POST["imgPriority"], (int)$_POST["imgDefault"], 0, $SameImagesN);
// echo "<B>DATA:</B> <BR> LocalImageN: $LocalImageN, LocalThumbN: $LocalThumbN, FULL_URL: $FULL_URL, TH_URL: $TH_URL, SameImagesN: $SameImagesN <BR>";
$img->Pending = TRUE;
if (!empty($FULL_FileToUpload))
{
$img->Set("LocalPath",$img->StoreUploadedImage($FULL_FileToUpload, 1, $DestDir, 0));
$uploaded = 1;
}
/*
elseif (!$LocalImageN)
{
$img->Set("LocalPath", "");
$uploaded = 1;
}
*/
if (!empty($TH_FileToUpload))
{
$img->Set("ThumbPath", $img->StoreUploadedImage($TH_FileToUpload, 1, $DestDir, 1));
$uploaded = 1;
}
if ($copied)
{
$img->Set("LocalPath", $DestDir."pending/".$LocalThumb_FileN);
$uploaded = 1;
}
if($uploaded==1)
$img->Update();
break;
case "m_img_move_up":
if (isset($_POST["itemlist"]))
{
$objImageList = new clsImageList();
$objImageList->SourceTable = $objSession->GetEditTable("Images");
foreach($_POST["itemlist"] as $id)
{
$img = $objImageList->GetItem($id);
$img->MoveUp();
}
}
break;
case "m_img_move_down":
if (isset($_POST["itemlist"]))
{
$objImageList = new clsImageList();
$objImageList->SourceTable = $objSession->GetEditTable("Images");
$itemlist=array_reverse($_POST["itemlist"]);
foreach($itemlist as $id)
{
$img = $objImageList->GetItem($id);
$img->MoveDown();
}
}
break;
case "m_img_delete":
if(isset($_POST["itemlist"]))
{
$objImageList = new clsImageList();
$objImageList->SourceTable = $objSession->GetEditTable("Images");
foreach($_POST["itemlist"] as $id)
{
$img = $objImageList->GetItem($id);
$img->Set("ResourceId", 0);
$img->Update();
//$img->Delete();
}
}
break;
case "m_restore_delete":
$bdate = $_POST["backupdate"];
if($bdate>0)
{
$BackupFile = $objConfig->Get("Backup_Path")."/dump".$bdate.".txt";
if(file_exists($BackupFile))
unlink($BackupFile);
}
break;
case "m_taglib":
include($pathtoroot."kernel/include/tag-class.php");
ParseTagLibrary();
break;
case "m_sql_query":
$SqlQuery = $_POST["sql"];
$ado = GetADODBConnection();
if(strlen($sql))
{
- $SqlResult = $ado->Execute($SqlQuery);
+ $SqlResult = $ado->Execute(stripslashes($SqlQuery));
$SqlError = $ado->ErrorMsg();
$SqlErrorNum = $ado->ErrorNo();
}
break;
case "m_session_delete":
if($ro_perm) break;
$ado = GetADODBConnection();
if (count($_POST['itemlist']) > 0) {
foreach($_POST["itemlist"] as $id)
{
$sql = "DELETE FROM ".GetTablePrefix()."UserSession WHERE SessionKey='$id'";
$ado->Execute($sql);
}
}
else {
$sql = "DELETE FROM ".GetTablePrefix()."UserSession WHERE Status='0'";
$ado->Execute($sql);
}
break;
case "m_add_rule":
$objEditItems = new clsBanRuleList();
$objEditItems->SourceTable = $objSession->GetEditTable("BanRules");
//$ItemType,$RuleType,$ItemField,$ItemVerb,$ItemValue,$Priority,$Status;
$objEditItems->AddRule($_POST["rule_itemtype"],$_POST["rule_type"],$_POST["rule_field"],
$_POST["rule_verb"],$_POST["rule_value"],(int)$_POST["rule_priority"],
(int)$_POST["rule_status"], $_POST['rule_error']);
break;
case "m_edit_rule":
$objEditItems = new clsBanRuleList();
$objEditItems->SourceTable = $objSession->GetEditTable("BanRules");
//$ItemType,$RuleType,$ItemField,$ItemVerb,$ItemValue,$Priority,$Status;
$objEditItems->EditRule($_POST["rule_id"],$_POST["rule_itemtype"],$_POST["rule_type"],$_POST["rule_field"],
$_POST["rule_verb"],$_POST["rule_value"],(int)$_POST["rule_priority"],
(int)$_POST["rule_status"], $_POST['rule_error']);
break;
case "m_rule_move_up":
if($ro_perm) break;
if(isset($_POST["itemlist"]))
{
foreach($_POST["itemlist"] as $id)
{
$i = $objBanList->GetItem($id);
$i->Increment("Priority");
}
}
break;
case "m_rule_move_down":
if($ro_perm) break;
if(isset($_POST["itemlist"]))
{
foreach($_POST["itemlist"] as $id)
{
$i = $objBanList->GetItem($id);
$i->Decrement("Priority");
}
}
break;
case "m_rule_delete":
if($ro_perm) break;
if(isset($_POST["itemlist"]))
{
foreach($_POST["itemlist"] as $id)
{
$i = $objBanList->GetItem($id);
$i->Delete();
}
}
break;
case "m_ban_user":
if($ro_perm) break;
if($_POST["UserEditStatus"]==1)
{
$UserId = $_POST["user_id"];
$u = $objUsers->GetItem($UserId);
if(is_object($u))
{
if((int)$_POST["ban_login"])
{
if(strlen($_POST["user_login"]))
$objBanList->AddRule(6,0,"Login",3,$_POST["user_login"],0,1);
}
if((int)$_POST["ban_email"])
{
if(strlen($_POST["user_email"]))
$objBanList->AddRule(6,0,"Email",3,$_POST["user_email"],0,1);
}
if((int)$_POST["ban_ip"])
{
if(strlen($_POST["user_ip"]))
$objBanList->AddRule(6,0,"ip",3,$_POST["user_ip"],0,1);
}
$u->Deny();
}
}
break;
}
/* image upload management */
if( isset($_POST['img']) && $_POST['img'] == 1 )
{
foreach($_FILES as $img => $FILE)
{
$name = $_POST["img_Name_$img"];
$alt = $_POST["img_Alt_$img"];
$url = $_POST["img_Url_$img"];
$res_id = $_POST["img_Res_$img"];
$relvalue = $_POST["img_Rel_$img"];
$thumb = (int)$_POST["img_Thumb_$img"];
$dest = AddSlash($_POST["img_DestDir_$img"]);
if($_POST["img_Del_$img"]=="Delete")
{
$img = $objImageList->GetImageByResource($res_id,$relvalue);
$img->Delete();
unset($img);
$objImageList->Clear();
}
else
{
if($FILE["size"]>0)
{
/* an image was uploaded */
$objImageList->HandleImageUpload($FILE,$res_id,$relvalue,$dest, $name,$alt,$thumb);
}
else
{ /* remote images handled here */
if(strlen($url)>0)
{
if($relvalue>0)
{
$img = $objImageList->GetImageByResource($res_id,$relvalue);
$img->Set("Name",$name);
$img->Set("AltName", $alt);
$img->Set("IsThumbnail",$thumb);
$img->Set("Url",$url);
$img->Update();
}
else
{
$relvalue = $objImageList->GetNextRelateValue($res_id);
$objImageList->NewRemoteImage($url,$res_id,$relvalue, $name, $alt, $thumb);
}
}
}
}
}
}
// ALL Saving Stuff From Temp Tables Heppens Here
//echo "==== BEGIN ==== <br>";
$has_perm = $objSession->HasSystemPermission("SYSTEM_ACCESS.READONLY");
//echo "PortalUserID: [".$objSession->Get("PortalUserId")."]<br>";
//echo "PermSet: [".$has_perm."]<br>";
if( !$has_perm )
{
/* category Edit */
if( GetVar('CatEditStatus') == 1 )
{
$adodbConnection = GetADODBConnection();
// $sql = "SELECT * FROM ".$objSession->GetEditTable("Category")." WHERE CategoryId=0";
$sql = "SELECT * FROM ".$objSession->GetEditTable("Category")." WHERE CategoryId=-1";
$rs = $adodbConnection->Execute($sql);
while ($rs && !$rs->EOF)
{
if($rs->fields["ParentId"]>0)
RunUp($rs->fields["ParentId"],"Increment_Count");
$rs->MoveNext();
}
$objCatList->CopyFromEditTable("CategoryId");
$objCustomDataList->CopyFromEditTable("CustomDataId");
$objCatList->Clear();
if($_REQUEST['CategoryId'] > 0) // not root category is updated
{
$objImages = new clsImageList();
$objImages->CopyFromEditTable("ImageId");
}
}
if( GetVar('CatEditStatus') == 2 )
{
$objCatList->PurgeEditTable("CategoryId");
$objCustomDataList->PurgeEditTable("CustomDataId");
if($_REQUEST['CategoryId'] > 0) // not root category is updated
{
$objImages = new clsImageList();
$objImages->PurgeEditTable("ImageId");
}
$objCatList->Clear();
}
/* User Edit */
if( GetVar('UserEditStatus') == 1 )
{
$objUsers->CopyFromEditTable("PortalUserId");
$objCustomDataList->CopyFromEditTable("CustomDataId");
$objGroups->Clear();
$objImages = new clsImageList();
$objImages->CopyFromEditTable("ImageId");
}
if( GetVar('UserEditStatus') == 2 )
{
$objGroups->PurgeEditTable("PortalUserId");
$objCustomDataList->PurgeEditTable("CustomDataId");
$objGroups->Clear();
}
/* Group Edit */
if( GetVar('GroupEditStatus') == 1 )
{
$objGroups->CopyFromEditTable("GroupId");
$objCustomDataList->CopyFromEditTable("CustomDataId");
$objGroups->Clear();
}
if( GetVar('GroupEditStatus') == 2 )
{
$objGroups->PurgeEditTable("GroupId");
$objCustomDataList->PurgeEditTable("CustomDataId");
$objGroups->Clear();
}
/* Theme Edit */
if( GetVar('ThemeEditStatus') == 1 )
{
$objThemes->CopyFromEditTable();
$objThemes->Clear();
}
if( GetVar('ThemeEditStatus') == 2 )
{
$objThemes->PurgeEditTable();
$objThemes->Clear();
}
/* Language Edit */
if( GetVar('LangEditStatus') == 1 )
{
$Messages = new clsEmailMessageList();
$Messages->CopyFromEditTable();
$Messages->Clear();
$objLanguages->CopyFromEditTable();
$objLanguages->Clear();
$Phrases = new clsPhraseList();
$Phrases->CopyFromEditTable();
$Phrases->Clear();
$Phrases->PurgeEditTable();
}
if( GetVar('LangEditStatus') == 2 )
{
$objLanguages->PurgeEditTable();
$objLanguages->Clear();
$Phrases = new clsPhraseList();
$Phrases->PurgeEditTable();
$Messages = new clsEmailMessageList();
$Messages->PurgeEditTable();
}
if( GetVar('MissingLangEditStatus') == 1 )
{
$objPhraseList = new clsPhraseList();
$objPhraseList->SourceTable = $objSession->GetSessionKey()."_".$ThemeId."_labels";
$objEditList = new clsPhraseList();
$objEditList->SourceTable = $objSession->GetEditTable("Phrase");
$ado = GetADODBConnection();
$rs = $ado->Execute("SELECT MIN(PhraseId) as MinValue FROM ".$objEditList->SourceTable);
$NewId = $rs->fields["MinValue"]-1;
$objPhraseList->Query_Item("SELECT * FROM ".$objPhraseList->SourceTable);
foreach($objPhraseList->Items as $p)
{
if(strlen($p->Get("Translation"))>0)
{
$p->tablename = $objEditList->SourceTable;
$p->Dirty();
$p->UnsetIDField();
$p->Set("PhraseId",$NewId);
$NewId--;
$p->Create();
}
}
$ado->Execute("DROP TABLE ".$objPhraseList->SourceTable);
}
if( GetVar('MissingLangEditStatus') == 2 )
{
$table = $objSession->GetSessionKey()."_".$ThemeId."_labels";
$ado = GetADODBConnection();
$ado->Execute("DROP TABLE ".$table);
}
/* Ban Rule Edit */
if( GetVar('RuleEditStatus') == 1 )
{
$objBanList->CopyFromEditTable("RuleId");
$objBanList->Clear();
}
if( GetVar('RuleEditStatus') == 2 )
{
$objBanList->PurgeEditTable("RuleId");
$objBanList->Clear();
}
}
elseif( defined('DEBUG_ACTIONS') )
{
if( isset($_REQUEST['Action']) && $_REQUEST['Action'] )
echo "<b>USER HAS RO-ACCESS</b> on action [<b>".$_REQUEST['Action']."</b>]<br>";
}
//echo "==== END ==== <br>";
?>
Property changes on: trunk/kernel/action.php
___________________________________________________________________
Modified: cvs2svn:cvs-rev
## -1 +1 ##
-1.20
\ No newline at end of property
+1.21
\ No newline at end of property
Index: trunk/kernel/include/modules.php
===================================================================
--- trunk/kernel/include/modules.php (revision 266)
+++ trunk/kernel/include/modules.php (revision 267)
@@ -1,896 +1,901 @@
<?php
/* List of installed modules and module-specific variables
Copyright 2002, Intechnic Corporation, All rights reserved
*/
setcookie("CookiesTest", "1");
$ExtraVars = array();
function ParseEnv()
{
global $env, $var_list, $mod_prefix,$objSession, $SessionQueryString;
/* parse individual sections */
$env = isset($_GET['env']) ? $_GET['env'] : '';
if ($env == "")
{
$var_list["t"] = "index";
if(is_array($mod_prefix))
{
foreach($mod_prefix as $key => $value)
{
if(strlen($key))
{
$parser_name = $key . "_ParseEnv";
if(function_exists($parser_name))
{
@$parser_name();
}
}
}
}
}
else
{
$envsections = explode(":", $env);
foreach($mod_prefix as $key => $value)
{
if(strlen($key))
{
$parsed=FALSE;
$parser_name = $key . "_ParseEnv";
for($i=1; $i<sizeof($envsections); $i++)
{
$pieces = explode("-", $envsections[$i]);
if(substr($pieces[0],0,strlen($key))==$key)
{
$parsed=TRUE;
if(function_exists($parser_name))
{
$parser_name($envsections[$i]);
}
}
}
if(!$parsed)
{
if(function_exists($parser_name))
{
@$parser_name();
}
}
}
}
$req_vars = explode("-", $envsections[0]);
$sid = $req_vars[0];
if(!$SessionQueryString)
{
if(!strlen($sid) || $sid=="_")
{
if($sid != "_")
$sid = $_COOKIE["sid"];
}
else
$SessionQueryString = TRUE;
}
$var_list["sid"] = $sid;
$var_list["t"] = $req_vars[1];
if( isset($_GET['dest']) )
$var_list['dest'] = $_GET['dest'];
}
}
function LoadEnv()
{
global $env, $var_list, $mod_prefix,$objSession;
$env = $_GET["env"];
// echo "Loading Variables..<br>\n";
if ($env != "")
{
$envsections = explode(":", $env);
foreach($mod_prefix as $key => $value)
{
if(strlen($key))
{
$parsed=FALSE;
for($i=1; $i<sizeof($envsections); $i++)
{
$pieces = explode("-", $envsections[$i]);
if(substr($pieces[0],0,strlen($key))==$key)
{
$parsed=TRUE;
break;
}
}
if(!$parsed)
{
$parser_name = $key . "_LoadEnv";
//echo $parser_name;
if(function_exists($parser_name))
{
$parser_name();
}
}
else
{
$parser_name = $key . "_SaveEnv";
//echo $parser_name;
if(function_exists($parser_name))
{
$parser_name($envsections[$i]);
}
}
}
}
}
}
function BuildEnv($mod_prefix = false)
{
global $var_list,$m_var_list, $var_list_update, $mod_prefix, $objSession, $objConfig,
$ExtraVars, $objThemes, $CurrentTheme, $SessionQueryString, $FrontEnd;
static $theme;
$env = "";
//echo "Query String: $SessionQueryString<br>\n";
if(($objConfig->Get("CookieSessions")==0 || !$FrontEnd || ($objConfig->Get("CookieSessions")==2 && $SessionQueryString==TRUE)))
{
if(!$objSession->UseTempKeys)
{
$sessionkey = $objSession->GetSessionKey();
}
else
$sessionkey = $objSession->Get("CurrentTempKey");
$env = $sessionkey;
}
$env .= "-";
if (isset($var_list_update["t"]))
{
if($var_list_update["t"]=="_referer_")
{
$var_list_update["t"] =$objSession->GetVariable("Template_Referer");
}
$t = $var_list_update["t"];
if(!is_numeric($t))
{
if(!is_object($theme))
$theme = $objThemes->GetItem($m_var_list["theme"]);
$id = $theme->GetTemplateId($t);
$var_list_update["t"] = $id;
}
$env .= $var_list_update["t"];
}
else
{
$t = $var_list["t"];
if(!is_numeric($t))
{
if(!is_object($theme))
$theme = $objThemes->GetItem($m_var_list["theme"]);
$id = $theme->GetTemplateId($t);
$t = $id;
}
$env .= $t;
}
if(is_array($mod_prefix))
{
foreach($mod_prefix as $key => $value)
{
$builder_name = $key . "_BuildEnv";
if(function_exists($builder_name))
{
$GLOBALS[$key.'_var_list_update']['test'] = 'test';
$env .= $builder_name();
}
}
}
$extra = "";
$keys = array_keys($ExtraVars);
if(is_array($keys))
{
for($i=0;$i<count($keys);$i++)
{
$key = $keys[$i];
$e = "&".$key."=".$ExtraVars[$key];
$extra .= $e;
$e = "";
}
}
$env .= $extra;
return $env;
}
function CategoryActionFunc($basename,$CatList)
{
global $mod_prefix;
foreach($mod_prefix as $key => $value)
{
$function_name = $key."_".$basename;
if(function_exists($function_name))
{
$function_name($CatList);
}
}
}
function RegisterEnv($Var,$Value)
{
global $ExtraVars;
$ExtraVars[$Var] = $Value;
}
function UnregisterEnv($Var)
{
global $ExtraVars;
unset($ExtraVars[$Var]);
}
function ModuleTagPrefix($name)
{
global $modules_loaded;
$ret = "";
foreach($modules_loaded as $prefix=>$mod_name)
{
if($name==$mod_name)
{
$ret = $prefix;
break;
}
}
return $ret;
}
function ModuleEnabled($name)
{
global $template_path;
$a = array_keys($template_path);
if(in_array($name,$a))
return TRUE;
return FALSE;
}
function GetModuleArray($array_name="mod_prefix")
{
switch($array_name)
{
case "mod_prefix":
global $mod_prefix;
return $mod_prefix;
break;
case "admin":
global $mod_prefix, $modules_loaded;
$mod = array();
if(is_array($mod_prefix) && is_array($modules_loaded))
{
foreach ($mod_prefix as $key=>$value)
{
if(_ModuleLicensed($modules_loaded[$key]) || $key=="m")
{
$mod[$key] = $value;
}
}
}
return $mod;
break;
case "loaded":
global $modules_loaded;
return $modules_loaded;
break;
case "template":
global $template_path;
return $template_path;
case "rootcat":
global $mod_root_cats;
return $mod_root_cats;
break;
}
}
function admin_login()
{
global $objSession,$login_error, $objConfig,$g_Allow,$g_Deny;
//echo "<pre>"; print_r($objSession); echo "</pre>";
if( GetVar('help_usage') == 'install' ) return true;
$env_arr = explode('-', $_GET['env']);
$get_session_key = $env_arr[0];
if(!$objSession->ValidSession() || ($objSession->GetSessionKey() != $get_session_key && $_POST['adminlogin'] != 1)) {
if ($_GET['expired'] == 1) {
$login_error = admin_language("la_text_sess_expired");
}
return FALSE;
//echo "Expired<br>";
}
if ($objSession->HasSystemPermission("ADMIN") == 1)
return TRUE;
if(count($_POST)==0 || $_POST["adminlogin"]!=1)
return FALSE;
$login=$_POST["login"];
$password = $_POST["password"];
if (strlen($login) && strlen($password))
{
if(!_IpAccess($_SERVER['REMOTE_ADDR'],$g_Allow,$g_Deny))
{
$login_error = admin_language("la_text_address_denied");
return FALSE;
}
$valid = $objSession->Login($login, md5($password));
$hasperm = ($objSession->HasSystemPermission("ADMIN") == 1);
if (($login=="root" || $hasperm) && $valid)
{
if(_ValidateModules())
{
return TRUE;
}
else
$login_error = "Missing or invalid In-Portal License";
}
else
{
if(!$hasperm && $valid)
{
$login_error = admin_language("la_text_nopermissions");
}
else
{
$login_error = admin_language("la_Text_Access_Denied");
}
return FALSE;
}
}
else
{
if(!strlen($login))
{
$login_error = admin_language("la_Text_Missing_Username");
}
else
if(!strlen($password))
$login_error = admin_language("la_Text_Missing_Password");
return FALSE;
}
}
#---------------------------------------------------------------------------
function _EnableCookieSID()
{
global $var_list, $objConfig;
if((!$_COOKIE["sid"] && $objConfig->Get("CookieSessions")>0 && strlen($var_list["sid"])<2 && !headers_sent())
|| strlen($_COOKIE["sid"])>0)
{
return TRUE;
}
else
return FALSE;
}
function _IsSpider($UserAgent)
{
global $robots, $pathtoroot;
$lines = file($pathtoroot."robots_list.txt");
if(!is_array($robots))
{
$robots = array();
for($i=0;$i<count($lines);$i++)
{
$l = $lines[$i];
$p = explode("\t",$l,3);
$robots[] = $p[2];
}
}
return in_array($UserAgent,$robots);
}
function _StripDomainHost($d)
{
$dotcount = substr_count($d,".");
if($dotcount==3)
{
$IsIp = TRUE;
for($x=0;$x<strlen($d);$x++)
{
if(!is_numeric(substr($d,$x,1)) && substr($d,$x,1)!=".")
{
$IsIp = FALSE;
break;
}
}
}
if($dotcount>1 && !$IsIp)
{
$p = explode(".",$d);
$ret = $p[count($p)-2].".".$p[count($p)-1];
}
else
$ret = $d;
return $ret;
}
function _MatchIp($ip1,$ip2)
{
$matched = TRUE;
$ip = explode(".",$ip1);
$MatchIp = explode(".",$ip2);
for($i=0;$i<count($ip);$i++)
{
if($i==count($MatchIp))
break;
if(trim($ip[$i]) != trim($MatchIp[$i]) || trim($ip[$i])=="*")
{
$matched=FALSE;
break;
}
}
return $matched;
}
function _IpAccess($IpAddress,$AllowList,$DenyList)
{
$allowed = explode(",",$AllowList);
$denied = explode(",",$DenyList);
$MatchAllowed = FALSE;
for($x=0;$x<count($allowed);$x++)
{
$ip = explode(".",$allowed[$x]);
$MatchAllowed = _MatchIp($IpAddress,$allowed[$x]);
if($MatchAllowed)
break;
}
$MatchDenied = FALSE;
for($x=0;$x<count($denied);$x++)
{
$ip = explode(".",$denied[$x]);
$MatchDenied = _MatchIp($IpAddress,$denied[$x]);
if($MatchDenied)
break;
}
$Result = (($MatchAllowed && !$MatchDenied) || (!$MatchAllowed && !$MatchDenied) ||
($MatchAllowed && $MatchDenied));
return $Result;
}
function _ValidateModules()
{
global $i_Keys, $objConfig, $g_License;
$lic = base64_decode($g_License);
_ParseLicense($lic);
$modules = array();
//echo "License: ".$lic."<br>";
$domain = _GetDomain();
//echo "Domain: ".$domain."<br>";
if(!_IsLocalSite($domain))
{
$domain = _StripDomainHost($domain);
//echo "New domain: $domain<br>";
// echo "<pre>"; print_r($i_Keys); echo "</pre>";
for($x=0;$x<count($i_Keys);$x++)
{
$key = $i_Keys[$x];
if(strlen(stristr($key["domain"],$domain)))
{
$modules = explode(",",$key["mod"]);
//echo "Modules: $modules";
}
}
if(count($modules)>0)
{
return TRUE;
}
}
else
return TRUE;
return FALSE;
}
function _ModuleLicensed($name)
{
global $i_Keys, $objConfig, $pathtoroot;
$vars = parse_portal_ini($pathtoroot."config.php");
while($key = key($vars))
{
$key = "g_".$key;
global $$key;
$$key = current($vars); //variable variables
if(strlen($$key)>80)
{
$lic = base64_decode($$key);
}
next($vars);
}
//$lic = base64_decode($g_License);
_ParseLicense($lic);
$modules = array();
if(!_IsLocalSite(_GetDomain()))
{
for($x=0;$x<count($i_Keys);$x++)
{
$key = $i_Keys[$x];
if(strlen(stristr(_GetDomain(),$key["domain"])))
{
//echo "ok<br>";
$modules = explode(",",$key["mod"]);
}
}
if(in_array($name,$modules)) {
//echo "ok<br>";
return TRUE;
}
}
else {
return TRUE;
}
return FALSE;
}
function _GetDomain()
{
global $objConfig, $g_Domain;
if($objConfig->Get("DomainDetect"))
{
$d = $_SERVER['HTTP_HOST'];
}
else
$d = $g_Domain;
return $d;
}
function _keyED($txt,$encrypt_key)
{
$encrypt_key = md5($encrypt_key);
$ctr=0;
$tmp = "";
for ($i=0;$i<strlen($txt);$i++)
{
if ($ctr==strlen($encrypt_key)) $ctr=0;
$tmp.= substr($txt,$i,1) ^ substr($encrypt_key,$ctr,1);
$ctr++;
}
return $tmp;
}
function _decrypt($txt,$key)
{
$txt = _keyED($txt,$key);
$tmp = "";
for ($i=0;$i<strlen($txt);$i++)
{
$md5 = substr($txt,$i,1);
$i++;
$tmp.= (substr($txt,$i,1) ^ $md5);
}
return $tmp;
}
function LoadFromRemote()
{
return "";
}
function DLid()
{
global $lid;
echo $lid."\n";
die();
}
function _LoadLicense($LoadRemote=FALSE)
{
global $pathtoroot, $objConfig;
$f = $pathtoroot."intechnic.php";
if(file_exists($f))
{
$contents = file($f);
$data = base64_decode($contents[1]);
}
else
if($LoadRemote)
return $LoadFromRemote;
return $data;
}
function _VerifyKey($domain,$k)
{
$key = md5($domain);
$lkey = substr($key,0,strlen($key)/2);
$rkey = substr($key,strlen($key)/2);
$r = $rkey.$lkey;
if($k==$r)
return TRUE;
return FALSE;
}
function _ParseLicense($txt)
{
global $i_User, $i_Pswd, $i_Keys;
$data = _decrypt($txt,"beagle");
$i_Keys = array();
$lines = explode("\n",$data);
for($x=0;$x<count($lines);$x++)
{
$l = $lines[$x];
$p = explode("=",$l,2);
switch($p[0])
{
case "Username":
$i_User = $p[1];
break;
case "UserPass":
$i_Pswd = $p[1];
break;
default:
if(substr($p[0],0,3)=="key")
{
$parts = explode("|",$p[1]);
if(_VerifyKey($parts[0],$parts[1]))
{
unset($K);
$k["domain"]=$parts[0];
$k["key"]=$parts[1];
$k["desc"]=$parts[2];
$k["mod"]=$parts[3];
$i_Keys[] = $k;
}
}
break;
}
}
}
function _IsLocalSite($domain)
{
$localb = FALSE;
if(substr($domain,0,3)=="172")
{
$b = substr($domain,0,6);
$p = explode(".",$domain);
$subnet = $p[1];
if($p[1]>15 && $p[1]<32)
$localb=TRUE;
}
if($domain=="localhost" || $domain=="127.0.0.1" || substr($domain,0,7)=="192.168" ||
substr($domain,0,3)=="10." || $localb || strpos($domain,".")==0)
{
return TRUE;
}
return FALSE;
}
LogEntry("Loading Modules\n");
/* get the module list from the database */
$adodbConnection = GetADODBConnection();
$sql = "SELECT Name, Path, Var,TemplatePath, RootCat from ".GetTablePrefix()."Modules where Loaded=1 ORDER BY LoadOrder";
$rs = $adodbConnection->Execute($sql);
while($rs && !$rs->EOF)
{
$key = $rs->fields["Var"];
$mod_prefix[$key] = $rs->fields["Path"];
$modules_loaded[$key] = $rs->fields["Name"];
$name = $rs->fields["Name"];
$template_path[$name] = $rs->fields["TemplatePath"];
$mod_root_cats[$name] = $rs->fields["RootCat"];
// echo $key . "=". $modules_loaded[$key]."<br>\n";
$rs->MoveNext();
}
LogEntry("Loading Module Parser scripts\n");
/* for each module enabled, load up parser.php */
//foreach($mod_prefix as $key => $value)
$LogLevel++;
if(is_array($mod_prefix))
{
foreach($mod_prefix as $key => $value)
{
$mod = $pathtoroot . $value . "parser.php";
// LogEntry("Loading parser $mod \n");
require_once($mod);
}
}
$LogLevel--;
LogEntry("Finished Loading Module Parser scripts\n");
/*now each module gets a look at the environment string */
$SessionQueryString = FALSE;
if(!isset($FrontEnd)) $FrontEnd = false;
if($FrontEnd != 1)
$SessionQueryString = TRUE;
if(is_array($mod_prefix))
ParseEnv();
/* create the session object */
$ip = $_SERVER["REMOTE_ADDR"];
if ( !isset($var_list['sid']) ) $var_list['sid'] = '';
if ( !isset($_GET['env']) ) $_GET['env'] = '';
if(strlen($var_list["sid"])==0 && strlen($_GET["env"])>0 && $objConfig->Get("CookieSessions")==2)
{
if(_IsSpider($_SERVER["HTTP_USER_AGENT"]))
{
$UseSession = FALSE;
}
else
{
/* switch user to GET session var */
if (!$_COOKIE['sid']) {
$SessionQueryString = TRUE;
}
//else {
//$SessionQueryString = FALSE;
//}
$UseSession = TRUE;
}
}
else {
$UseSession = TRUE;
}
if($var_list["sid"]=="_")
$var_list["sid"]="";
/*setup action variable*/
$Action = isset($_REQUEST['Action']) ? $_REQUEST['Action'] : '';
if($Action=="m_logout")
{
$u = new clsUserSession($var_list["sid"] ,($SessionQueryString && $FrontEnd==1));
$u->Logout();
unset($u);
$var_list_update["t"] = "index";
$var_list["t"] = "";
$var_list["sid"]="";
setcookie("login","",time()-3600);
setcookie("sid","",time()-3600);
}
$CookieTest = isset($_COOKIE["CookiesTest"]) ? $_COOKIE["CookiesTest"] : '';
$HTTP_REFERER = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
if ( ($CookieTest == 1) || !strstr($HTTP_REFERER, $_SERVER['SERVER_NAME'].$objConfig->Get("Site_Path"))) {
$SessionQueryString = FALSE;
}
if ($FrontEnd != 1) {
$SessionQueryString = TRUE;
}
$objSession = new clsUserSession($var_list["sid"],($SessionQueryString && $FrontEnd==1));
if($UseSession)
{
if(!$objSession->ValidSession())
{
/* Get rid of Invalid Session and make a brand new one*/
// echo "Dumping Session ".$var_list["sid"]."<br>";
unset($var_list["sid"]);
$objSession->GetNewSession();
$var_list["sid"] = $objSession->GetSessionKey();
$var_list_update["sid"]=$objSession->GetSessionKey();
if(is_numeric($m_var_list["theme"]))
$objSession->SetThemeName($m_var_list["theme"]);
if($objConfig->Get("CookieSessions")>0 && !$SessionQueryString && !headers_sent())
setcookie("sid",$var_list["sid"]);
//echo "New Session: ".$objSession->GetSessionKey()."<br>\n";
if(isset($_COOKIE["login"]) && $Action != "m_logout" && $FrontEnd==1)
{
$parts = explode("|",$_COOKIE["login"]);
$username = $parts[0];
$pass = $parts[1];
$objSession->Login($username,$pass);
}
}
else
{ //echo "Update Session<br>";
if($objSession->Get("Language")!=$m_var_list["lang"])
{
$objSession->Set("Language",$m_var_list["lang"]);
}
$objSession->LoadSessionData();
$objSession->UpdateAccessTime();
$objSession->Update();
LoadEnv();
}
}
if(is_numeric($var_list["t"]))
{
if( !isset($CurrentTheme) ) $CurrentTheme = null;
if(!is_object($CurrentTheme))
$CurrentTheme = $objThemes->GetItem($m_var_list["theme"]);
$var_list["t"] = $CurrentTheme->GetTemplateById($var_list["t"]);
$objSession->Set("Theme",$CurrentTheme->Get("Name"));
}
/*create the global current user object */
$UserID=$objSession->Get("PortalUserId");
$objCurrentUser = new clsPortalUser($UserID);
$objLanguageCache = new clsLanguageCache($m_var_list["lang"]);
/* include each module's action.php script */
LogEntry("Loading Module action scripts\n");
## Global Referer Template
$_local_t = $var_list["t"];
if(is_array($mod_prefix))
{
foreach($mod_prefix as $key => $folder_name)
{
if($FrontEnd==0 || !is_numeric($FrontEnd) || $FrontEnd==2)
{
$rootURL="http://".ThisDomain().$objConfig->Get("Site_Path");
$admin = $objConfig->Get("AdminDirectory");
if( !strlen($admin) ) $admin = "admin";
$adminURL = $rootURL.$admin;
$imagesURL = $adminURL."/images";
if(_ModuleLicensed($modules_loaded[$key]))
{
$mod = $pathtoroot.$folder_name."module_init.php";
if( file_exists($mod) ) require_once($mod);
$mod = $pathtoroot.$folder_name."action.php";
if( file_exists($mod) ) require_once($mod);
$mod = $pathtoroot.$folder_name."searchaction.php";
if( file_exists($mod) ) require_once($mod);
}
}
if($FrontEnd==1 || $FrontEnd==2)
{
$mod = $pathtoroot.$folder_name."module_init.php";
if(file_exists($mod))
require_once($mod);
$mod = $pathtoroot.$folder_name."frontaction.php";
if(file_exists($mod))
require_once($mod);
}
}
}
+
+if (strstr($_SERVER['SCRIPT_NAME'], 'install')) {
+ $objSession->Delete();
+}
+
if( !isset($SearchPerformed) ) $SearchPerformed = false;
if($SearchPerformed == true) $objSearch->BuildIndexes();
LogEntry("Finished Loading Module action scripts\n");
?>
Property changes on: trunk/kernel/include/modules.php
___________________________________________________________________
Modified: cvs2svn:cvs-rev
## -1 +1 ##
-1.8
\ No newline at end of property
+1.9
\ No newline at end of property
Index: trunk/kernel/include/portaluser.php
===================================================================
--- trunk/kernel/include/portaluser.php (revision 266)
+++ trunk/kernel/include/portaluser.php (revision 267)
@@ -1,1001 +1,1004 @@
<?php
RegisterPrefix("clsPortalUser","user","kernel/include/portaluser.php");
class clsPortalUser extends clsItem
{
var $Vars; //contains the PersistantSessionData for the user
var $VarsLoaded;
var $PrimeGroup;
function clsPortalUser($UserId=NULL)
{
$this->clsParsedItem();
$this->tablename=GetTablePrefix()."PortalUser";
$this->type=6;
$this->BasePermission="USER";
$this->id_field = "PortalUserId";
$this->TagPrefix="user";
$this->Vars = array();
$VarsLoaded = FALSE;
$this->debuglevel = 0;
if(isset($UserId))
$this->LoadFromDatabase($UserId);
}
function Delete()
{
global $objGroups, $objFavorites;
$g = $objGroups->GetPersonalGroup($this->Get("Login"));
if(is_object($g))
$g->Delete();
$objFavorites->DeleteUser($this->Get("PortalUserId")); //delete favorites
parent::Delete();
}
function RemoveFromAllGroups()
{
$sql = "DELETE FROM ".GetTablePrefix()."UserGroup WHERE PortaluserId=".$this->Get("PortalUserId");
$this->adodbConnection->Execute($sql);
}
function RemoveFromGroup($GroupId)
{
$sql = "DELETE FROM ".GetTablePrefix()."UserGroup WHERE PortaluserId=".$this->Get("PortalUserId");
$sql .= " AND GroupId=$GroupId";
$this->adodbConnection->Execute($sql);
}
function PrimaryGroup($ReturnField = "GroupId")
{
global $objGroups;
$ret = "";
if(!is_object($this->PrimeGroup))
{
if((int)$this->Get("GroupId")>0)
{
$this->PrimeGroup =& $objGroups->GetItem($this->Get("GroupId"));
}
else
{
$this->PrimeGroup = new clsPortalGroup();
$sql = "SELECT * FROM ".GetTablePrefix()."UserGroup INNER JOIN ".GetTablePrefix()."PortalGroup ON (".GetTablePrefix()."UserGroup.GroupId=".GetTablePrefix()."PortalGroup.GroupId) WHERE PrimaryGroup = 1 AND PortalUserId=".$this->Get("PortalUserId");
//echo $sql;
$rs = $this->adodbConnection->Execute($sql);
if($rs && !$rs->EOF)
$this->PrimeGroup->SetFromArray($rs->fields);
}
}
$ret = $this->PrimeGroup->Get($ReturnField);
return $ret;
}
function SetPrimaryGroup($GroupId)
{
if($this->IsInGroup($GroupId))
{
$sql = "UPDATE ".GetTablePrefix()."UserGroup SET PrimaryGroup=0 WHERE PortalUserId=".$this->Get("PortalUserId");
$this->adodbConnection->Execute($sql);
$sql = "UPDATE ".GetTablePrefix()."UserGroup SET PrimaryGroup=1 WHERE GroupId=$GroupId AND PortalUserId=".$this->Get("PortalUserId");
$this->adodbConnection->Execute($sql);
}
}
function GetGroupList()
{
$ret = array();
$sql = "SELECT GroupId FROM %sUserGroup WHERE PortalUserId = %s ORDER BY PrimaryGroup";
$sql = sprintf($sql, GetTablePrefix(), $this->Get("PortalUserId"));
$ret = $this->adodbConnection->GetCol($sql);
return $ret;
}
function IsInGroup($GroupId)
{
$groups = $this->GetGroupList();
if( $groups === false ) return false;
return in_array($GroupId, $groups) ? true : false;
}
function GetPersonalGroup($CreateIfMissing = FALSE)
{
global $objGroups;
$n = "_".$this->Get("Login");
$g = $objGroups->GetItemByField("Name",$n);
if(!is_object($g) && $CreateIfMissing)
$g = $this->CreatePersonalGroup();
return $g;
}
function CreatePersonalGroup()
{
global $objGroups;
$Description = $this->Get("FirstName")." ".$this->Get("LastName");
$CreatedOn=time();
$n = "_".$this->Get("Login");
$g = $objGroups->Add_Group($n, $Description, $CreatedOn, 1, 0);
$g->Set("Personal",1);
$g->Set("System",0);
$g->Set("Enabled",1);
$g->Update();
if(is_object($g))
$g->AddUser($this->Get("PortalUserId"));
return $g;
}
function Validate()
{
global $Errors;
$dataValid = true;
if(!strlen($this->Get("Login")))
{
$Errors->AddError("error.fieldIsRequired",'Login',"","",get_class($this),"Validate");
$dataValid = false;
}
if(!strlen($this->Get("Email")))
{
$Errors->AddError("error.fieldIsRequired",'Email',"","",get_class($this),"Validate");
$dataValid = false;
}
return $dataValid;
}
function Approve()
{
$this->Set("Status", 1);
$this->Update();
$this->SendUserEventMail("USER.APPROVE",$this->Get("PortalUserId"));
$this->SendAdminEventMail("USER.APPROVE");
}
function Deny($IsBanned = 0)
{
$this->Set( Array('Status','IsBanned'), Array(0,$IsBanned) );
$this->Update();
$this->SendUserEventMail("USER.DENY",$this->Get("PortalUserId"));
$this->SendAdminEventMail("USER.DENY");
}
function HasSystemPermission($PermissionName)
{
global $objGroups;
$GroupList = $this->GetGroupList();
for($i=0;$i<count($GroupList);$i++)
{
$g = $objGroups->GetItem($GroupList[$i]);
$value = $g->HasSystemPermission($PermissionName);
if($value != -1)
break;
}
return $value;
}
function LoadPersistantVars()
{
global $objConfig;
unset($this->Vars);
$this->Vars = array();
$user_id = $this->HasField('PortalUserId') ? $this->Get('PortalUserId') : 0;
$sql = "SELECT VariableName, VariableValue FROM ".GetTablePrefix()."PersistantSessionData WHERE PortalUserId = 0 OR PortalUserId = ".$user_id." ORDER BY PortalUserId ASC";
$result = $this->adodbConnection->Execute($sql);
while ($result && !$result->EOF)
{
$data = $result->fields;
$this->Vars[$data["VariableName"]] = $data["VariableValue"];
$objConfig->Set($data["VariableName"], $data["VariableValue"], 1, 1);
$result->MoveNext();
}
$this->VarsLoaded=TRUE;
}
function SetPersistantVariable($variableName, $variableValue)
{
global $objConfig;
if(!$this->VarsLoaded)
$this->LoadPersistantVars();
$userid = $this->Get("PortalUserId");
$objConfig->Set($variableName,$variableValue,1);
$fields = array_keys($this->Vars);
if(strlen($variableValue)>0)
{
if(in_array($variableName,$fields))
{
$sql = "UPDATE ".GetTablePrefix()."PersistantSessionData SET VariableValue='$variableValue' WHERE VariableName='$variableName' AND PortalUserId=$userid";
}
else
$sql = "INSERT INTO ".GetTablePrefix()."PersistantSessionData (VariableName,VariableValue,PortalUserId) VALUES ('$variableName','$variableValue',$userid)";
}
else
$sql = "DELETE FROM ".GetTablePrefix()."PersistantSessionData WHERE VariableName='$variableName' AND PortalUserId=$userid";
$this->Vars[$variableName] = $variableValue;
// echo "<BR>SQL: $sql<BR>";
$this->adodbConnection->Execute($sql);
}
function GetPersistantVariable($variableName)
{
global $objConfig;
if(!$this->VarsLoaded)
$this->LoadPersistantVars();
$fields = array_keys($this->Vars);
if(in_array($variableName,$fields))
{
$val = $this->Vars[$variableName];
}
else
$val = $objConfig->Get($variableName);
return $val;
}
function GetAllPersistantVars()
{
if(!$this->VarsLoaded)
$this->LoadPersistantVars();
return $this->Vars;
}
function GetIcon()
{
}
function StatusIcon()
{
global $imagesURL;
$url = $imagesURL."/itemicons/icon16_user";
if($this->Get("Status")==0)
{
$url .= "_disabled";
}
else
if($this->Get("Status")==2)
{
$url .= "_pending";
}
$url .= ".gif";
return $url;
}
function IsFriend($UserId)
{
$ftable = GetTablePrefix()."Favorites";
$sql = "SELECT count(*) as FriendCount FROM $ftable WHERE PortalUserId=$UserId AND ResourceId=";
$sql .=$this->Get("ResourceId")." AND ItemTypeId=6";
$rs = $this->adodbConnection->Execute($sql);
if($rs && !$rs->EOF)
return ($rs->fields["FriendCount"]>0);
return FALSE;
}
function GetUserTime($timestamp)
{
if(is_numeric($this->Get("tz")))
{
return GetLocalTime($timestamp,$this->Get("tz"));
}
else
return GetLocalTime($timestamp);
}
function ParseObject($element)
{
global $objConfig, $objUsers, $objCatList,$objSession, $var_list_update, $var_list, $m_var_list_update;
//echo "<PRE>"; print_r($element); echo "</pre>";
if (strtolower($element->name) == 'touser') {
$this->TagPrefix = "touser";
}
$extra_attribs = ExtraAttributes($element->attributes);
if(strtolower($element->name)==$this->TagPrefix)
{
$field = strtolower($element->attributes["_field"]);
if(substr($field,0,3)=="pp_")
{
$perm = $objSession->GetPersistantVariable($field);
if($perm)
{
$field = substr($field,3);
}
else
$field = "";
}
switch($field)
{
/*
@field:user.login
@description:User's login name
*/
case "username":
case "login":
$ret = $this->Get("Login");
break;
case "firstname":
$ret = $this->Get("FirstName");
break;
case "lastname":
$ret = $this->Get("LastName");
break;
case "password":
/*
@field:user.password
@description:User password
*/
$ret = $this->Get("Password");
break;
case "email":
$ret = $this->Get("Email");
break;
case "street":
$ret = $this->Get("Street");
break;
case "city":
$ret = $this->Get("City");
break;
case "state":
$ret = $this->Get("State");
break;
case "zip":
$ret = $this->Get("Zip");
break;
case "phone":
$ret = $this->Get("Phone");
break;
case "country":
$ret = $this->Get("Country");
break;
case "primarygroup":
/*
@field:user.primarygroup
@description:Parses a field from the user's primary group
@attrib:_groupfield::group field name to parse, defaults to group name
*/
$groupfield = $element->attributes["_groupfield"];
if(!strlen($groupfield))
$groupfield="Name";
$ret = $this->PrimaryGroup($groupfield);
break;
case "date":
/*
@field:user.date
@description:Returns the date/time the user was created
@attrib:_tz:bool:Convert the date to the user's local time
@attrib:_part::Returns part of the date. The following options are available: month,day,year,time_24hr,time_12hr
*/
$d = $this->Get("CreatedOn");
if($element->attributes["_tz"])
{
$d = GetLocalTime($d,$objSession->Get("tz"));
}
$part = strtolower($element->attributes["_part"]);
if(strlen($part))
{
$ret = ExtractDatePart($part,$d);
}
else
{
if($d<=0)
{
$ret = "";
}
else
$ret = LangDate($d);
}
break;
case "dob":
/*
@field:user.dob
@description:Returns the date/time of the users date of birth
@attrib:_tz:bool:Convert the date to the user's local time
@attrib:_part::Returns part of the date. The following options are available: month,day,year,time_24hr,time_12hr
*/
$d = $this->Get("dob");
if($element->attributes["_tz"])
{
$d = GetLocalTime($d,$objSession->Get("tz"));
}
$part = strtolower($element->attributes["_part"]);
if(strlen($part))
{
$ret = ExtractDatePart($part,$d);
}
else
{
if($d<=0)
{
$ret = "";
}
else
$ret = LangDate($d);
}
break;
case "modified":
/*
@field:user.modified
@description:Returns the date/time the user was last modified
@attrib:_tz:bool:Convert the date to the user's local time
@attrib:_part::Returns part of the date. The following options are available: month,day,year,time_24hr,time_12hr
*/
$d = $this->Get("Modified");
if($d<=0)
$d = $this->Get("CreatedOn");
if($element->attributes["_tz"])
{
$d = GetLocalTime($d,$objSession->Get("tz"));
}
$part = strtolower($element->attributes["_part"]);
if(strlen($part))
{
$ret = ExtractDatePart($part,$d);
}
else
{
if($d<=0)
{
$ret = "";
}
else
$ret = LangDate($d);
}
break;
case "profile_link":
/*
@field:user.profile_link
@description:Create a link to the user's profile
@attrib:_template:tpl:template the link should point to
*/
$t = $element->attributes["_template"];
if(strlen($t))
{
$var_list_update["t"] = $t;
}
else
$var_list_update["t"] = $var_list["t"];
$ret = GetIndexURL()."?env=" . BuildEnv()."&UserId=".$this->Get("PortalUserId");
break;
case "add_friend_link":
/*
@field:user.add_friend_link
@description:link to add a user to the friends list
@attrib:_template:tpl:Template link shoukd point to
*/
if($element->attributes["_force"] || !$this->IsFriend($objSession->Get("PortalUserId")) &&
$this->Get("PortalUserId") != $objSession->Get("PortalUserId"))
{
$t = $element->attributes["_template"];
if(strlen($t))
{
$var_list_update["t"] = $t;
}
else
$var_list_update["t"] = $var_list["t"];
$action = "m_add_friend";
$ret = GetIndexURL()."?env=" . BuildEnv()."&Action=".$action."&UserId=".$this->Get("PortalUserId");
}
else
$ret = "";
break;
case "del_friend_link":
/*
@field:user.del_friend_link
@description:link to remove a user from the friends list
@attrib:_template:tpl:Template link shoukd point to
*/
if($element->attributes["_force"] || $this->IsFriend($objSession->Get("PortalUserId")) &&
$this->Get("PortalUserId") != $objSession->Get("PortalUserId"))
{
$t = $element->attributes["_template"];
if(strlen($t))
{
$var_list_update["t"] = $t;
}
else
$var_list_update["t"] = $var_list["t"];
$action = "m_del_friend";
$ret = GetIndexURL()."?env=" . BuildEnv()."&Action=".$action."&UserId=".$this->Get("PortalUserId");
}
else
$ret = "";
break;
case "icon":
$ret = $this->GetIcon();
break;
case "image":
/*
@field:user.image
@description:Return an image associated with the user
@attrib:_default:bool:If true, will return the default image if the requested image does not exist
@attrib:_name::Return the image with this name
@attrib:_thumbnail:bool:If true, return the thumbnail version of the image
@attrib:_imagetag:bool:If true, returns a complete image tag. exta html attributes are passed to the image tag
*/
$default = $element->attributes["_primary"];
$name = $element->attributes["_name"];
if(strlen($name))
{
$img = $this->GetImageByName($name);
// echo "<PRE>";print_r($img); echo "</PRE>";
}
else
{
if($default)
$img = $this->GetDefaultImage();
}
if($img)
{
if($element->attributes["_thumbnail"])
{
$url = $img->parsetag("thumb_url");
}
else
$url = $img->parsetag("image_url");
}
else
{
$url = $element->attributes["_defaulturl"];
}
if($element->attributes["_imagetag"])
{
if(strlen($url))
{
$ret = "<IMG src=\"$url\" $extra_attribs >";
}
else
$ret = "";
}
else
$ret = $url;
break;
case "custom":
/*
@field:cat.custom
@description:Returns a custom field
@attrib:_customfield::field name to return
@attrib:_default::default value
*/
$field = $element->attributes["_customfield"];
$default = $element->attributes["
"];
$ret = $this->GetPersistantVariable($field);
if(!strlen($ret))
$ret = $this->GetCustomFieldValue($field,$default);
break;
}
}
else
{
$ret = $this->parsetag($element->name);
}
return $ret;
}
function parsetag($tag)
{
global $m_var_list_update, $var_list_update, $var_list, $objConfig;
if(is_object($tag))
{
$tagname = $tag->name;
}
else
$tagname = $tag;
switch($tagname)
{
case "user_id":
return $this->Get("ResourceId");
break;
case "user_login":
return $this->Get("Login");
break;
case "user_group":
return $this->Get("PrimaryGroupName");
break;
case "user_firstname":
return $this->Get("FirstName");
break;
case "user_lastname":
return $this->Get("LastName");
break;
case "user_email":
return $this->Get("Email");
break;
case "user_date":
return LangDate($this->Get("CreatedOn"));
break;
+ case "user_datetime":
+ return LangDate($this->Get("CreatedOn"))." ".LangTime($this->Get("CreatedOn"));
+ break;
case "user_dob":
return LangDate($this->Get("dob"));
break;
case "user_password":
return $this->Get("Password");
break;
case "user_phone":
return $this->Get("Phone");
break;
case "user_street":
return $this->Get("Street");
break;
case "user_city":
return $this->Get("City");
break;
case "user_state":
return $this->Get("State");
break;
case "user_zip":
return $this->Get("Zip");
break;
case "user_country":
return $this->Get("Country");
break;
case "user_resourceid":
return $this->Get("ResourceId");
break;
case "user_icon":
return $this->GetIcon();
break;
case "user_profile_link":
$var_list_update["t"] = "user_profile";
$m_var_list_update["action"] = $this->Get("UserId");
$ret = GetIndexURL()."?env=" . BuildEnv();
unset($m_var_list_update["action"], $var_list_update["t"]);
return $ret;
break;
case "user_messages":
return $this->NewMessages();
break;
case "user_messages_link":
$var_list_update["t"] = "inbulletin/bb_private_msg_list";
return GetIndexURL()."?env=" . BuildEnv();
unset($var_list_update);
break;
default:
return "Undefined:$tagname";
break;
}
}
} /* class clsPortalUser*/
class clsUserManager extends clsItemList //clsItemCollection
{
/*this class wraps common user-related functions */
// var $Page;
function clsUserManager()
{
$this->clsItemCollection(); // clsItemList() // need to use this, but double limit clause being created (normal+default 0,100)
$this->classname = "clsPortalUser";
$this->SourceTable = GetTablePrefix()."PortalUser";
$this->Page = isset($_GET['lpn']) ? $_GET['lpn'] : 1;
$this->EnablePaging = true;
$this->PerPageVar = "Perpage_User";
$this->AdminSearchFields = array("Login","FirstName","LastName","Email","Street","City", "State","Zip","Country","Phone");
}
function GetPageLinkList($dest_template=NULL,$link_template=NULL,$page = "")
{
global $objConfig, $m_var_list_update, $var_list_update, $var_list;
if(!strlen($page))
$page = GetIndexURL();
$NumPages = $this->GetNumPages($objConfig->Get("Perpage_Topics"));
if(strlen($dest_template)>0)
{
$var_list_update["t"]=$dest_template;
}
else
{
$var_list_update["t"] = $var_list["t"];
}
$o = "";
if($this->Page>1)
{
$m_var_list_update["p"]=$this->Page-1;
$prev_url = $page."?env=".BuildEnv();
}
if($this->Page<$NumPages)
{
$m_var_list_update["p"]=$this->Page+1;
$next_url = $page."?env=".BuildEnv();
}
for($p=1;$p<=$NumPages;$p++)
{
$t = template($link_template);
if($p!=$this->Page)
{
$m_var_list_update["p"]=$p;
$href = $page."?env=".BuildEnv();
$t = str_replace("<%page_link%>", $href, $t);
$t = str_replace("<%page_number%>",$p,$t);
$t = str_replace("<%prev_url%>",$prev_url,$t);
$t = str_replace("<%next_url%>",$next_url,$t);
$o .= $t;
}
else
{
$o .= "<SPAN class=\"CURRENT_PAGE\">$p</SPAN>";
}
}
return $o;
}
function GetUser($ID)
{
$u = $this->GetItem($ID);
return $u;
}
function GetUserName($Id)
{
$rs = $this->adodbConnection->Execute("SELECT Login from ".$this->SourceTable." where PortalUserId=$Id");
return $rs->fields["Login"];
}
function GetUserId($Login)
{
$rs = $this->adodbConnection->Execute("SELECT PortalUserId from ".$this->SourceTable." where Login LIKE '$Login'");
return $rs->fields["PortalUserId"];
}
function GetTotalUsers()
{
return $this->UserCount("1");
}
function GetLatestUser()
{
global $Errors;
$sql = "SELECT max(CreatedOn) as LastDate FROM ".$this->SourceTable;
$result = $this->adodbConnection->Execute($sql);
if ($result === false || !is_object($result))
{
$Errors->AddError("error.DatabaseError",NULL,$adodbConnection->ErrorMsg(),"",get_class($this),"GetLatestUser");
return false;
}
$sql = "SELECT PortalUserId FROM ".$this->SourceTable." WHERE CreatedOn >= ".$result->fields["LastDate"];
$result = $this->adodbConnection->Execute($sql);
if (!rs || $rs->EOF)
{
$Errors->AddError("error.DatabaseError",NULL,$adodbConnection->ErrorMsg(),"",get_class($this),"GetLatestUser");
return false;
}
$u = $this->GetUser($result->fields["PortalUserId"]);
return $u;
}
function &Add_User($Login, $Password, $Email, $CreatedOn, $FirstName="", $LastName="", $Status=2,
$Phone="", $Street="", $City="", $State="", $Zip="", $Country="", $dob=0, $ip="", $CheckBanned=FALSE)
{
$u = new clsPortalUser(NULL);
$u->tablename = $this->SourceTable;
//echo "Creating User..<br>\n";
$u->Set(array("Login", "Password", "FirstName", "LastName", "Email", "Status",
"Phone","Street", "City", "State", "Zip", "Country", "CreatedOn","dob"),
array($Login, $Password, $FirstName, $LastName, $Email, $Status,
$Phone, $Street, $City, $State, $Zip, $Country, $CreatedOn, $dob));
if($CheckBanned)
{
$BrokenRule = $u->CheckBanned();
}
if(!$BrokenRule)
{
$u->Create();
return $u;
}
return $BrokenRule;
/*md5($Password)*/
}
function &Edit_User($UserId, $Login, $Password, $Email, $CreatedOn, $FirstName="", $LastName="",
$Status=2, $Phone="", $Street="", $City="", $State="", $Zip="", $Country="", $dob=0)
{
//echo "<font color=\"red\">Editing User: [$UserId]</font><br>";
$u =& $this->GetItem($UserId);
if(!$CreatedOn)
$CreatedOn = $u->Get("CreatedOn");
// $u->debuglevel=1;
if (is_object($u))
{
$IsBanned = $u->Get('IsBanned');
if($Status == 1) $IsBanned = 0;
$u->Set(array("Login", "FirstName", "LastName", "Email", "Status",
"Phone", "Street", "City", "State", "Zip", "Country", "CreatedOn","dob","IsBanned"),
array($Login, $FirstName, $LastName, $Email, $Status,
$Phone, $Street, $City, $State, $Zip, $Country, $CreatedOn,$dob,$IsBanned));
if(strlen($Password))
$u->Set("Password",$Password);
$u->Update();
}
return $u;
}
function Delete_User($UserId)
{
$u = $this->GetItemByField("ResourceId",$UserId);
if(is_object($u))
{
$u->RemoveFromAllGroups();
$u->Delete();
}
}
function LoadUsers($where = "",$orderBy = "")
{
global $objConfig;
$this->Clear();
if($this->Page<1)
$this->Page=1;
if(is_numeric($objConfig->Get("Perpage_Users")))
{
$Start = ($this->Page-1)*$objConfig->Get("Perpage_Users");
$limit = "LIMIT ".$Start.",".$objConfig->Get("Perpage_Users");
}
else
$limit = NULL;
$where = trim($where);
$orderBy = trim($orderBy);
if(!strlen($where))
$where = "1";
$this->QueryItemCount=TableCount($this->SourceTable,$where,0);
if($this->QueryItemCount>0)
{
if ($orderBy!="")
{
$this->Query_PortalUser($where,$orderBy,$limit);
}
else
{
$this->Query_PortalUser($where,"Login DESC",$limit);
}
}
}
function Query_PortalUser($whereClause,$orderByClause="", $limitClause="")
{
global $m_var_list,$Errors, $objSession;
$resultSet = array();
$utable = $this->SourceTable;
$gtable = GetTablePrefix()."UserGroup";
$sql = "SELECT * FROM $utable LEFT JOIN $gtable ON ($utable.PortalUserId=$gtable.PortalUserId)";
if(isset($whereClause))
$sql = sprintf('%s WHERE %s',$sql,$whereClause);
if(isset($orderByClause))
if(strlen(trim($orderByClause))>0)
$sql = sprintf('%s ORDER BY %s',$sql,$orderByClause);
if(isset($limitClause))
$sql = sprintf('%s %s',$sql,$limitClause);
return $this->Query_Item($sql);
}
function Query_GroupPortalUser($whereClause,$orderByClause)
{
global $m_var_list,$objSession,$Errors;
$resultSet = array();
$table = $this->SourceTable;
$sql = "SELECT * FROM $table LEFT JOIN ".GetTablePrefix()."UserGroup USING (PortalUserId) ";
if(isset($whereClause))
$sql = sprintf('%s WHERE %s',$sql,$whereClause);
if(isset($orderByClause))
$sql = sprintf('%s ORDER BY %s',$sql,$orderByClause);
return $this->query_item($sql);
}
function UserCount($whereClause)
{
$count = TableCount($this->SourceTable,$whereClause,0);
return $count;
}
function CountActive()
{
return $this->UserCount("Status=1");
}
function CountPending()
{
return $this->UserCount("Status=2");
}
function CountDisabled()
{
return $this->UserCount("Status=0");
}
function CopyFromEditTable($idfield)
{
global $objSession;
$edit_table = $objSession->GetEditTable($this->SourceTable);
$sql = "SELECT * FROM $edit_table";
$rs = $this->adodbConnection->Execute($sql);
// echo $sql."<BR>";
while($rs && !$rs->EOF)
{
$data = $rs->fields;
$c = new $this->classname;
$c->SetFromArray($data);
$c->idfield = $idfield;
$c->Dirty();
if($c->Get($idfield)<1)
{
$old_id = $c->Get($idfield);
$c->UnsetIdField();
$c->Create();
$sql = "UPDATE ".GetTablePrefix()."UserGroup SET PortalUserId=".$c->Get("PortalUserId");
$sql .=" WHERE PortalUserId=0";
$this->adodbConnection->Execute($sql);
}
else
$c->Update();
unset($c);
$rs->MoveNext();
}
@$this->adodbConnection->Execute("DROP TABLE $edit_table");
}
function PurgeEditTable()
{
parent::PurgeEditTable();
$sql = "DELETE FROM ".GetTablePrefix()."UserGroup WHERE PortalUserId=0";
$this->adodbConnection->Execute($sql);
}
} /*clsUserManager*/
?>
Property changes on: trunk/kernel/include/portaluser.php
___________________________________________________________________
Modified: cvs2svn:cvs-rev
## -1 +1 ##
-1.6
\ No newline at end of property
+1.7
\ No newline at end of property
Index: trunk/kernel/include/usersession.php
===================================================================
--- trunk/kernel/include/usersession.php (revision 266)
+++ trunk/kernel/include/usersession.php (revision 267)
@@ -1,1128 +1,1128 @@
<?php
class clsUserSession
{
//Common DB operation class variables
var $m_dirtyFieldsMap = array();
//Identity
var $m_SessionKey;
var $m_CurrentTempKey;
var $m_PrevTempKey;
//Required attributes
var $m_LastAccessed;
var $m_PortalUserId;
var $m_Language;
var $m_Theme;
var $m_GroupId;
var $adodbConnection;
var $m_Errors;
var $m_GroupList;
var $PermCache;
var $SysPermCache;
var $PermCacheGroups;
var $CurrentUser;
var $UseTempKeys;
function clsUserSession($id=NULL, $TempKeys=FALSE)
{
global $objConfig, $objLanguages, $objThemes, $m_var_list;
$this->m_Errors = new clsErrorManager();
$this->adodbConnection = GetADODBConnection();
$this->PermCache = array();
$this->PermCacheGroups ="";
$this->UseTempKeys = $TempKeys;
- if( GetVar('help_usage') == 'install' ) return;
+ if( GetVar('help_usage') == 'install' ) return;
if(!$this->UseTempKeys || strlen($id)==0)
{
//echo "with cookies";
if( !isset($_SERVER['HTTP_REFERER']) ) $_SERVER['HTTP_REFERER'] = '';
if( strlen($id) && (strstr($_SERVER['HTTP_REFERER'], $_SERVER['SERVER_NAME'].$objConfig->Get("Site_Path")) || $_GET['destform'] == 'popup' || $_GET['continue_sess'] == 1))
{
$this->Set("SessionKey",$id);
return $this->LoadFromDatabase($id);
}
else
{
$this->Set("PortalUserId", 0);
$this->Set("Language", $objLanguages->GetPrimary());
$ThemeId = $m_var_list["theme"];
$this->SetThemeName($ThemeId);
//$this->Set("Theme", $objConfig->Get("Default_Theme"));
$this->Set("GroupList",0);
$this->Set("SessionKey","");
$this->Set("GroupList",$objConfig->Get("User_GuestGroup"));
}
}
else
{
//echo "without cookies";
return $this->LoadFromTempKey($id);
}
}
function CopyToNewSession()
{
$OldKey = $this->GetSessionKey();
$this->GetNewSession();
if($OldKey != $this->GetSessionKey())
{
$this->Set("PortalUserId",$this->Get("PortalUserId"));
$this->Set("GroupId",$this->Get("GroupId"));
$this->Set("GroupList",$this->Get("GroupList"));
$this->Set("Language",$this->Get("Language"));
$this->Set("tz",$this->Get("tz"));
$this->Set("LastAccessed",date("U"));
$this->Update();
}
}
function Get($name)
{
$var = "m_" . $name;
return isset($this->$var) ? $this->$var : '';
}
function Set($name, $value)
{
if (is_array($name))
{
for ($i=0; $i<sizeof($name); $i++)
{ $var = "m_" . $name[$i];
$this->$var = $value[$i];
$this->m_dirtyFieldsMap[$name[$i]] = $value[$i];
}
}
else
{
$var = "m_" . $name;
$this->$var = $value;
$this->m_dirtyFieldsMap[$name] = $value;
//echo "Set: $var = $value <br>\n";
}
}
function Validate()
{
$dataValid = true;
if(!isset($this->m_LastAccessed))
{
$this->m_Errors->AddError("error.fieldIsRequired",'LastAccessed',"","",get_class($this),"Validate");
$dataValid = false;
}
if(!isset($this->m_PortalUserId))
{
$this->m_Errors->AddError("error.fieldIsRequired",'PortalUserId',"","",get_class($this),"Validate");
$dataValid = false;
}
if(!isset($this->m_Language))
{
$this->m_Errors->AddError("error.fieldIsRequired",'Language',"","",get_class($this),"Validate");
$dataValid = false;
}
if(!isset($this->m_Theme))
{
$this->m_Errors->AddError("error.fieldIsRequired",'Theme',"","",get_class($this),"Validate");
$dataValid = false;
}
return $dataValid;
}
function Delete()
{
if(!isset($this->m_SessionKey))
{
$this->m_Errors->AddError("error.AppError",NULL,'Internal error: Delete requires set id',"",get_class($this),"Delete");
return false;
}
//Delete associated adata first
$sql = sprintf("DELETE FROM ".GetTablePrefix()."SessionData WHERE SessionKey = '%s'", $this->Get("SessionKey"));
$this->adodbConnection->Execute($sql);
$sql = sprintf("DROP TABLE %s%s_search",GetTablePrefix(), $this->Get("SessionKey"));
$this->adodbConnection->Execute($sql);
$sql = sprintf("DELETE FROM ".GetTablePrefix()."UserSession WHERE SessionKey = '%s'", $this->Get("SessionKey"));
$this->adodbConnection->Execute($sql);
if ($this->adodbConnection->Execute($sql) === false)
{
$this->m_Errors->AddError("error.DatabaseError",NULL,$this->adodbConnection->ErrorMsg(),"",get_class($this),"Delete");
return false;
}
$this->Set("SessionKey","");
$this->Set("SessionDataLoaded",false);
return true;
}
function Update()
{
global $objConfig;
//$this->Set("LastAccessed",date("U"));
$this->Set("IpAddress",$_SERVER["REMOTE_ADDR"]);
if(!isset($this->m_SessionKey))
{
$this->m_Errors->AddError("error.AppError",NULL,'Internal error: Update requires set id',"",get_class($this),"Update");
return false;
}
if(!is_numeric($this->Get("PortalUserId")))
{
$this->Set("PortalUserId",0);
}
if(!strlen($this->Get("GroupList")))
{
$this->Set("GroupList",$objConfig->Get("User_GuestGroup"));
}
if(count($this->m_dirtyFieldsMap) == 0)
return true;
$sql = "UPDATE ".GetTablePrefix()."UserSession SET ";
$first = 1;
foreach ($this->m_dirtyFieldsMap as $key => $value)
{
if($first)
{
$sql = sprintf("%s %s=%s",$sql,$key,$this->adodbConnection->qstr($value));
$first = 0;
}
else
{
$sql = sprintf("%s, %s=%s",$sql,$key,$this->adodbConnection->qstr($value));
}
}
$sql = sprintf("%s WHERE SessionKey = '%s'",$sql, $this->Get("SessionKey"));
//echo $sql;
if ($this->adodbConnection->Execute($sql) === false)
{
$this->m_Errors->AddError("error.DatabaseError",NULL,$this->adodbConnection->ErrorMsg(),"",get_class($this),"Update");
return false;
}
return true;
}
function Create()
{
global $objConfig;
$this->Set("LastAccessed", time());
if(!is_numeric($this->Get("PortalUserId")))
{
$this->Set("PortalUserId",0);
}
if(!strlen($this->Get("GroupList")))
{
$this->Set("GroupList",$objConfig->Get("User_GuestGroup"));
}
$sql = "INSERT INTO ".GetTablePrefix()."UserSession (";
$first = 1;
foreach ($this->m_dirtyFieldsMap as $key => $value)
{
if($first)
{
$sql = sprintf("%s %s",$sql,$key);
$first = 0;
}
else
{
$sql = sprintf("%s, %s",$sql,$key);
}
}
$sql = sprintf('%s ) VALUES (',$sql);
$first = 1;
foreach ($this->m_dirtyFieldsMap as $key => $value)
{
if($first)
{
$sql = sprintf("%s %s",$sql,$this->adodbConnection->qstr($value));
$first = 0;
}
else
{
$sql = sprintf("%s, %s",$sql,$this->adodbConnection->qstr($value));
}
}
$sql = sprintf('%s)',$sql);
//echo $sql."<br>\n";
if ($this->adodbConnection->Execute($sql) === false)
{
$this->m_Errors->AddError("error.DatabaseError",NULL,$this->adodbConnection->ErrorMsg(),"",get_class($this),"Create");
return false;
}
return true;
}
function LoadFromTempKey($id=NULL)
{
global $objLanguages, $objConfig,$m_var_list;
$referer = $_SERVER["HTTP_REFERER"];
//echo "Referer: $referer <br>\n";
if(strlen($referer) && strpos($referer,"env="))
{
$keystart = strpos($referer,"env=")+4;
$referer = substr($referer,$keystart);
$keyend = strpos($referer,"-");
$LastKey = substr($referer,0,$keyend);
if(strlen($LastKey))
{
$sql = "SELECT * FROM ".GetTablePrefix()."UserSession WHERE (CurrentTempKey = '$id' OR PrevTempKey='$id' OR CurrentTempKey='$LastKey' OR PrevTempKey='$LastKey') ";
}
else
$sql = "SELECT * FROM ".GetTablePrefix()."UserSession WHERE CurrentTempKey = '$id' AND PrevTempKey IS NULL";
}
else
$sql = "SELECT * FROM ".GetTablePrefix()."UserSession WHERE CurrentTempKey = '$id' AND PrevTempKey IS NULL";
$result = $this->adodbConnection->Execute($sql);
if ($result === false)
{
$this->m_Errors->AddError("error.DatabaseError",NULL,$this->adodbConnection->ErrorMsg(),"",get_class($this),"LoadFromDatabase");
return false;
}
$data = $result->fields;
if (is_array($data))
{
foreach($data as $field => $value)
{
$mname = "m_" . $field;
$this->$mname = $data[$field];
}
if($this->Get("CurrentTempKey")) {
$this->Set("PrevTempKey",$this->Get("CurrentTempKey"));
$this->UseTempKeys=TRUE;
}
if (!$this->Get("CurrentTempKey") || !strstr($_SERVER['HTTP_REFERER'], $_SERVER['SERVER_NAME'].$objConfig->Get("Site_Path"))) {
//$this->Set("PrevTempKey",$this->Get("CurrentTempKey"));
//$this->Set("CurrentTempKey",$this->GetUniqueKey());
$this->UseTempKeys=FALSE;
$this->Set("PortalUserId", 0);
$this->Set("Language", $objLanguages->GetPrimary());
$ThemeId = $m_var_list["theme"];
$this->SetThemeName($ThemeId);
//$this->Set("Theme", $objConfig->Get("Default_Theme"));
$this->Set("GroupList",0);
$this->Set("SessionKey","");
$this->Set("GroupList",$objConfig->Get("User_GuestGroup"));
}
//$this->UseTempKeys=TRUE;
$this->Update();
return true;
}
else
{
$this->Set("PortalUserId", 0);
$this->Set("Language", $objLanguages->GetPrimary());
$ThemeId = $m_var_list["theme"];
$this->SetThemeName($ThemeId);
//$this->Set("Theme", $objConfig->Get("Default_Theme"));
$this->Set("GroupList",0);
$this->Set("SessionKey","");
$this->Set("GroupList",$objConfig->Get("User_GuestGroup"));
$this->Set("CurrentTempKey",$this->GetUniqueKey());
return false;
}
}
function LoadFromDatabase($id)
{
if(!isset($id))
{
$this->m_Errors->AddError("error.AppError",NULL,'Internal error: LoadFromDatabase id',"",get_class($this),"LoadFromDatabase");
return false;
}
$sql = sprintf("SELECT * FROM ".GetTablePrefix()."UserSession WHERE SessionKey = '%s'",$id);
$result = $this->adodbConnection->Execute($sql);
if ($result === false)
{
$this->m_Errors->AddError("error.DatabaseError",NULL,$this->adodbConnection->ErrorMsg(),"",get_class($this),"LoadFromDatabase");
return false;
}
$data = $result->fields;
if (is_array($data))
{
foreach($data as $field => $value)
{
$mname = "m_" . $field;
$this->$mname = $data[$field];
}
return true;
}
else
{
return false;
}
}
function Login($userLogin, $userPassword)
{
global $expired, $objConfig;
if($userLogin == "root")
{
// logging in "root" (admin only)
$rootpass = $objConfig->Get("RootPass");
if($rootpass!=$userPassword)
{
return FALSE;
}
else
{
if(!strlen($this->GetSessionKey()))
$this->GetNewSession();
$this->Set("PortalUserId",-1);
$this->Update();
return TRUE;
}
}
else
{
// logging in any user (admin & front)
$pre = GetTablePrefix();
$sql = "SELECT *,MD5(".$pre."PortalUser.Password) as md5pw FROM ".$pre."PortalUser LEFT JOIN ".$pre."UserGroup USING (PortalUserId) "
."LEFT JOIN ".$pre."PortalGroup ON (".$pre."UserGroup.GroupId=".$pre."PortalGroup.GroupId)
WHERE
".$pre."PortalUser.Login='$userLogin' AND ".$pre."PortalUser.Status=1
AND (".$pre."PortalUser.Password='$userPassword' OR MD5(".$pre."PortalUser.Password)='$userPassword' OR ".$pre."PortalUser.Password='".md5($userPassword)."')
ORDER BY ".$pre."UserGroup.PrimaryGroup DESC, ".$pre."PortalGroup.Personal DESC";
//echo $sql."<br>\n";
$result = $this->adodbConnection->Execute($sql);
if ($result === false)
{
$this->m_Errors->AddError("error.DatabaseError",NULL,$this->adodbConnection->ErrorMsg(),"",get_class($this),"Login");
return false;
}
if($result->EOF)
return false;
}
if(!strlen($this->GetSessionKey()))
{
$this->GetNewSession();
}
$this->Set("PortalUserId", $result->fields["PortalUserId"]);
if(strlen($result->fields["tz"])>0)
$this->Set("tz",$result->fields["tz"]);
$PrimaryGroup=0;
$PersonalGroup=0;
$GroupList = array();
while($result && !$result->EOF)
{
$skipadd=0;
$g = $result->fields["GroupId"];
if($result->fields["PrimaryGroup"]==1)
{
$PrimaryGroup = $g;
$skipadd=1;
}
if($result->fields["Personal"]==1)
{
$PersonalGroup=$g;
$skipadd=0;
}
if(!$skipadd)
$GroupList[] = $g;
$result->MoveNext();
}
$extra_groups = implode(",",$GroupList);
if($PrimaryGroup)
$extra_groups = $PrimaryGroup.",".$extra_groups;
if($PersonalGroup)
{
$this->Set("GroupId",$PersonalGroup);
//$extra_groups .= ",".$PersonalGroup;
}
else
{
$this->Set("GroupId",$PrimaryGroup);
}
$this->Set("GroupList", $extra_groups);
$this->Set("LastAccessed",date("U"));
$this_login = $this->GetPersistantVariable("ThisLogin");
$this->SetPersistantVariable("LastLogin", $this_login);
$this->SetPersistantVariable("ThisLogin", time());
$this->ResetSysPermCache();
$this->PermCache = array();
$this->Update();
if($userLogin != 'root')
{
if( ! $this->HasSystemPermission('LOGIN') )
{
$this->Logout();
return false;
}
}
return true;
}
function Logout()
{
global $objConfig;
$this->Set("PortalUserId", 0);
$this->Set("GroupId", $objConfig->Get("User_GuestGroup"));
#$this->SetPersistantVariable("LastLogin", time());
$this->Set("GroupList",$objConfig->Get("User_GuestGroup"));
$this->Set("IpAddress",$_SERVER['REMOTE_ADDR']);
$this->DeleteSessionData($this->GetSessionKey());
$this->Update();
$this->Delete();
$this->ResetSysPermCache();
$this->PermCache = array();
}
function SetVariable( $variableName, $variableValue)
{
global $objConfig, $FrontEnd;
$objConfig->Set($variableName,$variableValue,2);
//if(!(int)$FrontEnd==1)
//{
$sessionkey = $this->GetSessionKey();
$sql = "SELECT * FROM ".GetTablePrefix()."SessionData WHERE VariableName='$variableName' AND SessionKey='$sessionkey'";
$rs = $this->adodbConnection->Execute($sql);
if($rs && !$rs->EOF)
{
$sql = "UPDATE ".GetTablePrefix()."SessionData SET VariableValue='$variableValue' WHERE VariableName='$variableName' AND SessionKey='$sessionkey'";
}
else
$sql = "INSERT INTO ".GetTablePrefix()."SessionData (VariableName,VariableValue,SessionKey) VALUES ('$variableName','$variableValue','$sessionkey')";
$this->adodbConnection->Execute($sql);
// echo "<BR>UPDATE: $sql<BR>";
//}
}
function SetPersistantVariable($variableName, $variableValue)
{
global $objConfig, $objUsers;
$userid = (int)$this->Get("PortalUserId");
if($userid > 0)
{
if(!is_object($this->CurrentUser))
$this->CurrentUser = $objUsers->GetItem($this->Get("PortalUserId"));
if(!$this->CurrentUser->VarsLoaded)
$this->CurrentUser->LoadPersistantVars();
//echo "setting current user' $variableName, $variableValue<br>";
$this->CurrentUser->SetPersistantVariable($variableName, $variableValue);
//$this->SetVariable($variableName,$variableValue);
}
else
$this->SetVariable($variableName,$variableValue);
}
function GetPersistantVariable($variableName)
{
global $objConfig, $objUsers;
if(is_numeric($this->Get("PortalUserId")))
{
if(!is_object($this->CurrentUser))
$this->CurrentUser = $objUsers->GetItem($this->Get("PortalUserId"));
if(!$this->CurrentUser->VarsLoaded)
$this->CurrentUser->LoadPersistantVars();
$val = $this->CurrentUser->GetPersistantVariable($variableName);
}
if(!strlen($val))
$val = $objConfig->Get($variableName);
return $val;
}
function GetVariable($variableName)
{
global $objConfig;
return $objConfig->Get($variableName);
}
function LoadSessionData()
{
global $objConfig, $objUsers;
if(is_numeric($this->Get("PortalUserId")))
{
$sql = "SELECT VariableName, VariableValue FROM ".GetTablePrefix()."SessionData where SessionKey='" . $this->Get("SessionKey") . "'";
//echo $sql."<br>\n";
$result = $this->adodbConnection->Execute($sql);
while ($result && !$result->EOF)
{
$data = $result->fields;
//echo "<PRE>"; print_r($data); echo "</PRE>";
$objConfig->Set($data["VariableName"],$data["VariableValue"],FALSE);
$result->MoveNext();
}
if(!is_object($this->CurrentUser))
$this->CurrentUser = $objUsers->GetItem($this->Get("PortalUserId"));
if(!$this->CurrentUser->VarsLoaded)
$this->CurrentUser->LoadPersistantVars();
}
if((int)$this->GetPersistantVariable("Language"))
$this->Set("Language",$objConfig->Get("Language"));
$this->DeleteExpiredSessions();
return true;
}
function DeleteSessionData($key)
{
$sql = "DELETE FROM ".GetTablePrefix()."SessionData WHERE SessionKey='$key'";
$this->adodbConnection->Execute($sql);
}
function SaveSessionData()
{
global $objConfig;
//echo "Saving Session Data..<br>\n";
if($this->SessionEnabled())
{
$data = $objConfig->GetDirtySessionValues(2); //session data
//echo "<PRE>"; print_r($data); echo "</PRE>";
$sessionkey = $this->GetSessionKey();
foreach($data as $field=>$value)
{
$sql = "UPDATE ".GetTablePrefix()."SessionData SET VariableValue='$value' WHERE VariableName='$field' AND SessionKey='$sessionkey'";
$this->adodbConnection->Execute($sql);
//echo $sql."<br>\n";
if($this->adodbConnection->Affected_Rows()==0)
{
$sql = "INSERT INTO ".GetTablePrefix()."SessionData (VariableName,VariableValue,SessionKey) VALUES ('$field','$value','$sessionkey')";
$this->adodbConnection->Execute($sql);
}
// echo $sql."<br>\n";
}
}
}
function DeleteEditTables()
{
$tables = $this->adodbConnection->MetaTables();
$sql = "SHOW TABLES";
//echo "<PRE>";print_r($tables); echo "</PRE>";
for($i=0;$i<count($tables);$i++)
{
$t = strtoupper($tables[$i]);
$p = strtoupper(GetTablePrefix()."ses_ad");
$k = substr($t,0,strlen($p));
if($k == $p && strpos($t,"FD_")>0)
{
$key = "AD".strtoupper(substr($t,strlen($p),strpos($t,"FD_")-strlen($p)))."FD";
$sql = "SELECT * FROM ".GetTablePrefix()."UserSession WHERE SessionKey='$key'";
//echo $sql."<br>\n";
$rs = $this->adodbConnection->Execute($sql);
if(!$rs || $rs->EOF)
{
//echo "Dropping Table $tables[$i] <br>\n";
@$this->adodbConnection->Execute("DROP TABLE ".$tables[$i]);
}
}
}
}
function DeleteExpiredSessions()
{
global $objConfig;
$cutoff = time()-$objConfig->Get("SessionTimeout");
$thiskey = $this->GetSessionKey();
$sql = "SELECT SessionKey from ".GetTablePrefix()."UserSession WHERE LastAccessed<$cutoff AND SessionKey != '$thiskey'";
$result = $this->adodbConnection->Execute($sql);
$keys = array();
while ($result && !$result->EOF)
{
$keys[] = "SessionKey='" . $result->fields["SessionKey"] . "'";
$result->MoveNext();
}
if(count($keys)>0)
{
$keywhere = implode(" OR ", $keys);
$sql = "DELETE FROM ".GetTablePrefix()."SessionData WHERE $keywhere";
//echo $sql;
$this->adodbConnection->Execute($sql);
$this->adodbConnection->Execute("DELETE FROM ".GetTablePrefix()."UserSession WHERE LastAccessed<$cutoff");
$this->DeleteEditTables();
}
}
function SetSysPermCache()
{
unset($this->SysPermCache);
$GroupList = $this->Get("GroupList");
if(strlen($GroupList) && $GroupList !="0")
{
$this->SysPermCache = array();
$sql = "SELECT * FROM ".GetTablePrefix()."Permissions WHERE Type=1 AND PermissionValue=1 AND GroupId IN (".$GroupList.")";
//echo $sql."<br>\n";
$rs = $this->adodbConnection->Execute($sql);
while($rs && !$rs->EOF)
{
$val = $rs->fields["PermissionValue"];
if($val==1)
$this->SysPermCache[$rs->fields["Permission"]] = 1;
$PermList[] = $rs->fields["Permission"];
$rs->MoveNext();
}
if( isset($PermList) && count($PermList) > 0) // I think this is never issued (comment by Alex)
$this->SetVariable("SysPerm",implode(",",$PermList));
}
}
function GetSysPermCache()
{
$perms = trim($this->GetVariable("SysPerm"));
if(!strlen($perms))
{
$this->SetSysPermCache();
}
else
{
$p = explode(",",$perms);
$this->SysPermCache = array();
for($i=0;$i<count($p);$i++)
{
$n = $p[$i];
$this->SysPermCache[$n]=1;
}
}
}
function SysPermCacheLoaded()
{
return (isset($this->SysPermCache));
}
function ResetSysPermCache()
{
// echo "Resetting Perm Cache<br>\n";
$this->SetVariable("SysPerm","");
unset($this->SysPermCache);
//$this->SysPermCache=array();
}
function HasSystemPermission($PermissionName)
{
global $objGroups;
if($this->Get("PortalUserId")==-1 && ($PermissionName=="ADMIN" || $PermissionName=="LOGIN"))
return TRUE;
//echo "Looking up $PermissionName:".$this->Get("GroupList")."<br>\n";
//echo $this->Get("GroupList")." - ".$this->PermCacheGroups;
$GroupList = $this->Get("GroupList");
if(substr($GroupList,-1)==",")
{
$GroupList = substr($GroupList,0,-1);
$this->Set("GroupList",$GroupList);
}
//print_pre( $GroupList);
if($this->Get("GroupList")!=$this->PermCacheGroups)
$this->ResetSysPermCache();
if(!$this->SysPermCacheLoaded())
{
//echo "Loading Perm Cache<br>\n";
$this->GetSysPermCache();
$this->PermCacheGroups = $this->Get("GroupList");
}
//echo "SysPerm $PermissionName: [". $this->SysPermCache[$PermissionName]."]<br>\n";
return isset($this->SysPermCache[$PermissionName]) ? $this->SysPermCache[$PermissionName] == 1 : false;
}
function HasCatPermission($PermissionName,$CatId=NULL)
{
global $objCatList, $objUsers;
$PermSet =FALSE;
$Value = 0;
if($this->Get("PortalUserId")==-1)
return TRUE;
if(!strlen($PermissionName))
return FALSE;
$GroupList = $this->Get("GroupList");
if(substr($GroupList,-1)==",")
{
$GroupList = substr($GroupList,0,-1);
$this->Set("GroupList",$GroupList);
}
if(!strlen($this->Get("SessionKey")))
$this->Set("GroupId",0);
if(strlen(trim($GroupList)))
{
if(strlen($this->Get("GroupId")))
{
$GroupList = $this->Get("GroupId").",".$GroupList;
}
}
else
{
$GroupList = $this->Get("GroupId");
}
if($CatId == NULL)
{
$CatId = $objCatList->CurrentCategoryID();
}
$Cat = &$objCatList->GetCategory($CatId);
$Value="";
for($p=0;$p<count($this->PermCache);$p++)
{
$pItem = $this->PermCache[$p];
if($pItem["perm"]==$PermissionName && $pItem["cat"]==$CatId)
{
$Value=$pItem["value"];
break;
}
}
if(is_object($Cat) && !is_numeric($Value))
{
$Value = 0;
$CatList = $Cat->Get("ParentPath");
$CatList = substr($CatList,1,-1);
$CatList = str_replace("|",",",$CatList);
if(strlen($CatList))
{
$CatList ="0,".$CatList;
}
else
$CatList = "0";
$sql = "SELECT * FROM ".GetTablePrefix()."Permissions WHERE Permission LIKE '$PermissionName' AND CatId IN ($CatList) AND GroupId IN ($GroupList)";
// echo $sql."<br>\n";
$rs = $this->adodbConnection->Execute($sql);
$PermValue = array();
while($rs && !$rs->EOF)
{
$index = $rs->fields["CatId"];
if(!is_numeric($PermValue[$index]))
$PermValue[$index] = $rs->fields["PermissionValue"];
$rs->MoveNext();
}
$cats = array_reverse(explode(",",$CatList));
for($c=0;$c<count($cats);$c++)
{
$index = $cats[$c];
if(is_numeric($PermValue[$index]))
{
$Value = $PermValue[$index];
break;
}
}
$perm = array();
$perm["perm"] = $PermissionName;
$perm["cat"] = $CatId;
$perm["value"] = $Value;
array_push($this->PermCache, $perm);
}
//echo $GroupList." Has Permission $PermissionName = $Value<br>\n";
return $Value;
}
function HasCatPermInList($PermList,$CatId=NULL, $System=FALSE)
{
$value = 0;
if(strlen($PermList))
{
$plist = explode(",",$PermList);
$value=0;
for($p=0;$p<count($plist);$p++)
{
if($this->HasCatPermission($plist[$p]))
{
$value = 1;
break;
}
else
{
if($System)
{
if($this->HasSystemPermission($plist[$p]))
{
$value = 1;
break;
}
}
}
}
}
return $value;
}
function GetACLClause()
{
$GroupList = $this->Get("GroupList");
if(strlen($GroupList))
$Groups = explode(",",$GroupList);
$acl_where = "";
if(@count($Groups)>0 && is_array($Groups))
{
$acl_where = array();
for($i=0;$i<count($Groups);$i++)
{
$g = $Groups[$i];
if(strlen($g)>0)
$acl_where[] = "(FIND_IN_SET($g,acl) OR ((NOT FIND_IN_SET($g,dacl)) AND acl='')) ";
}
if(count($acl_where))
{
$acl_where = "(".implode(" OR ",$acl_where).")";
}
else
$acl_where = "(FIND_IN_SET(0,acl))";
}
else
$acl_where = "(FIND_IN_SET(0,acl))";
return $acl_where;
}
function GetEditTable($base_table)
{
$prefix = GetTablePrefix();
if(strlen($prefix))
{
if(substr($base_table,0,strlen($prefix))!=$prefix)
$base_table = $prefix.$base_table;
}
$table = $prefix."ses_".$this->GetSessionKey()."_edit_".$base_table;
//echo "Table: $table <br>\n";
return $table;
}
function GetSessionTable($base_table,$name)
{
$prefix = GetTablePrefix();
if(strlen($prefix))
{
if(substr($base_table,0,strlen($prefix))!=$prefix)
$base_table = $prefix.$base_table;
}
$table = $prefix."ses_".$this->GetSessionKey()."_".$name.$base_table;
//echo "Table: $table <br>\n";
return $table;
}
function GetSearchTable($base_table="")
{
$prefix = GetTablePrefix();
if(strlen($base_table))
{
if(strlen($prefix))
{
if(substr($base_table,0,strlen($prefix))!=$prefix)
$base_table = $prefix.$base_table;
}
$table = $prefix."ses_".$this->GetSessionKey()."_search_".$base_table;
}
else
$table = $this->GetSessionTable('Search',''); //$prefix."ses_".$this->GetSessionKey()."_search";
return $table;
}
function GetTotalSessions()
{
# $time = time() - 900;
$sql = "SELECT count(*) as SesCount FROM ".GetTablePrefix()."UserSession";
$result = $this->adodbConnection->Execute($sql);
if ($result === false)
{
$this->m_Errors->AddError("error.DatabaseError",NULL,$this->adodbConnection->ErrorMsg(),"",get_class($this),"GetTotalSessions");
return false;
}
return $result->fields["SesCount"];
}
function Query_UserSession($whereClause,$orderByClause)
{
$resultSet = array();
$sql = "SELECT ".GetTablePrefix()."* FROM ".GetTablePrefix()."UserSession ";
if(isset($whereClause))
$sql = sprintf('%s WHERE %s',$sql,$whereClause);
if(isset($orderByClause))
$sql = sprintf('%s ORDER BY %s',$sql,$orderByClause);
$result = $this->adodbConnection->Execute($sql);
if ($result === false)
{
$this->m_Errors->AddError("error.DatabaseError",NULL,$this->adodbConnection->ErrorMsg(),"",get_class($this),"Query_UserSession");
return false;
}
while (!$result->EOF)
{
$item = new clsUserSession(NULL);
$item->Set("SessionKey",$result->fields["SessionKey"]);
$item->Set("LastAccessed", $result->fields["LastAccessed"]);
$item->Set("PortalUserId", $result->fields["PortalUserId"]);
$item->Set("Language", $result->fields["Language"]);
$item->Set("Theme" , $result->fields["Theme"]);
array_push($resultSet,$item);
$result->MoveNext();
}
return $resultSet;
}
function GetUniqueKey()
{
while(true)
{
/* create the new session key here */
mt_srand(100000000*(double)microtime());
$sessionId=strtoupper(sprintf("AD%xFD",mt_rand(100000000,999999999))); //9 digit hex session id
$query = "select SessionKey from ".GetTablePrefix()."UserSession ";
$query .= "where SessionKey='$sessionId' OR CurrentTempKey='$sessionId' OR PrevTempKey='$sessionId'";
$rs = $this->adodbConnection->Execute($query);
if($rs->EOF)
break;
if($i>100)
{
return "";
}
$i++;
}
//echo "Getting Unique Key: $sessionId<br>";
return $sessionId;
}
function GetNewSession()
{
global $sessionId, $objConfig, $objLanguages, $m_var_list;
$i=0;
if($this->Get("PortalUserId")>0 || $objConfig->Get("GuestSessions")==1)
{
//echo "Creating Session<br>\n";
$sessionId = $this->GetUniqueKey();
$this->Set("SessionKey", $sessionId);
$this->Set("CurrentTempKey",$sessionId);
if($m_var_list["lang"])
{
$this->Set("Language",$m_var_list["lang"]);
}
else
$this->Set("Language", $objLanguages->GetPrimary());
$this->SetThemeName();
//$this->Set("Theme", $objConfig->Get("Default_Theme"));
$this->UpdateAccessTime();
$this->Set("IpAddress", $_SERVER['REMOTE_ADDR'] );
$this->Create();
}
else
$this->Set("SessionKey","");
}
function SessionEnabled()
{
$res = FALSE;
$key = $this->GetSessionKey();
if(strlen($key)>0)
$res = TRUE;
return $res;
}
function GetSessionKey()
{
return $this->Get("SessionKey");
}
function SetThemeName($id=0)
{
global $objThemes;
if($id==0)
$id = $objThemes->GetPrimaryTheme();
$Theme = $objThemes->GetItem($id);
$name = $Theme->Get("Name");
$this->Set("Theme",$name);
//$this->Update();
}
function ValidSession($SessionKey=NULL)
{
global $objConfig;
$a = $this->Get("LastAccessed");
$cutoff = time()-$objConfig->Get("SessionTimeout");
//echo $a." ".$cutoff."<br>";
//$ip = ($_SERVER['REMOTE_ADDR'] == $this->Get("IpAddress"));
//echo $this->Get("IpAddress");
//$ip = TRUE;
if ($a < $cutoff) {
//$this->UpdateAccessTime();
}
return ($a >= $cutoff);
}
function UpdateAccessTime()
{
$now = time();
$this->Set("LastAccessed",$now);
}
function InSpamControl($ResourceId,$DataType=NULL)
{
static $ClearStat;
if(!$ClearStat)
$this->PurgeSpamControl();
$ClearStat=1;
if(strlen($DataType))
$DataType="'".$DataType."'";
$sql = "SELECT count(*) as SpamCount FROM ".GetTablePrefix()."SpamControl WHERE ItemResourceId=$ResourceId AND DataType=$DataType";
if($this->Get("PortalUserId")==0)
{
$sql .= " AND PortalUserId=0 AND IPaddress='".$_SERVER["REMOTE_ADDR"]."'";
}
else
{
$sql .= " AND PortalUserId=".$this->Get("PortalUserId");
}
$rs = $this->adodbConnection->Execute($sql);
$value = (int)$rs->fields["SpamCount"];
if($value>0)
{
return TRUE;
}
else
return FALSE;
}
function AddToSpamControl($ResourceId,$secstoexpire,$DataType=NULL)
{
$expire = adodb_date("U") + $secstoexpire;
if(strlen($DataType))
$DataType = "'".$DataType."'";
$sql = "INSERT INTO ".GetTablePrefix()."SpamControl (ItemResourceId,IPaddress,Expire,PortalUserId,DataType) VALUES (";
$sql .= $ResourceId.",'".$_SERVER["REMOTE_ADDR"]."',$expire,".$this->Get("PortalUserId").",$DataType)";
//echo $sql;
$this->adodbConnection->Execute($sql);
}
function PurgeSpamControl()
{
$sql = "DELETE FROM ".GetTablePrefix()."SpamControl WHERE Expire<".adodb_date("U");
$this->adodbConnection->Execute($sql);
}
}/* clsUserSession */
?>
Property changes on: trunk/kernel/include/usersession.php
___________________________________________________________________
Modified: cvs2svn:cvs-rev
## -1 +1 ##
-1.7
\ No newline at end of property
+1.8
\ No newline at end of property
Index: trunk/admin/tools/sql_result.php
===================================================================
--- trunk/admin/tools/sql_result.php (revision 266)
+++ trunk/admin/tools/sql_result.php (revision 267)
@@ -1,180 +1,180 @@
<?php
##############################################################
##In-portal ##
##############################################################
## In-portal ##
## Intechnic Corporation ##
## All Rights Reserved, 1998-2002 ##
## ##
## No portion of this code may be copied, reproduced or ##
## otherwise redistributed without proper written ##
## consent of Intechnic Corporation. Violation will ##
## result in revocation of the license and support ##
## privileges along maximum prosecution allowed by law. ##
##############################################################
if(!strlen($pathtoroot))
{
$path=dirname(realpath($_SERVER['SCRIPT_FILENAME']));
if(strlen($path))
{
/* determine the OS type for path parsing */
$pos = strpos($path,":");
if ($pos === false)
{
$gOS_TYPE="unix";
$pathchar = "/";
}
else
{
$gOS_TYPE="win";
$pathchar="\\";
}
$p = $path.$pathchar;
/*Start looking for the root flag file */
while(!strlen($pathtoroot) && strlen($p))
{
$sub = substr($p,strlen($pathchar)*-1);
if($sub==$pathchar)
{
$filename = $p."root.flg";
}
else
$filename = $p.$pathchar."root.flg";
if(file_exists($filename))
{
$pathtoroot = $p;
}
else
{
$parent = realpath($p.$pathchar."..".$pathchar);
if($parent!=$p)
{
$p = $parent;
}
else
$p = "";
}
}
if(!strlen($pathtoroot))
$pathtoroot = ".".$pathchar;
}
else
{
$pathtoroot = ".".$pathchar;
}
}
$sub = substr($pathtoroot,strlen($pathchar)*-1);
if($sub!=$pathchar)
{
$pathtoroot = $pathtoroot.$pathchar;
}
//echo $pathtoroot;
require_once($pathtoroot."kernel/startup.php");
//admin only util
$rootURL="http://".ThisDomain().$objConfig->Get("Site_Path");
$admin = $objConfig->Get("AdminDirectory");
if(!strlen($admin))
$admin = "admin";
$localURL=$rootURL."kernel/";
$adminURL = $rootURL.$admin;
$imagesURL = $adminURL."/images";
//$pathtolocal = $pathtoroot."in-news/";
require_once ($pathtoroot.$admin."/include/elements.php");
require_once ($pathtoroot."kernel/admin/include/navmenu.php");
//require_once ($pathtolocal."admin/include/navmenu.php");
require_once($pathtoroot.$admin."/toolbar.php");
require_once($pathtoroot.$admin."/listview/listview.php");
$envar = "env=" . BuildEnv();
$section = 'in-portal:sql_query';
$sec = $objSections->GetSection($section);
$parent = $objSections->GetSection($sec->Get("parent"));
$title = admin_language("la_tab_QueryDB");
//$saveURL = $admin."/browse.php";
$saveURL = $admin."/tools/sql_results.php";
$ParentUrl = $parent->URL();
if(strlen($ParentUrl)>0)
{
$cancelUrl = $ParentUrl;
}
else
$cancelUrl = $_SERVER['PHP_SELF']."?".$envar;
$action = "m_sql_query";
$sql_query = trim($objSession->GetVariable("LastSQLquery"));
//$objCatToolBar = new clsToolBar();
//$objCatToolBar->Add("img_save", "la_Save","#","swap('img_save','toolbar/tool_select_f2.gif');", "swap('img_save', 'toolbar/tool_select.gif');","edit_submit('sqlform','$saveURL',1,'');","tool_select.gif");
//$objCatToolBar->Add("img_cancel", "la_Cancel","#","swap('img_cancel','toolbar/tool_cancel_f2.gif');", "swap('img_cancel', 'toolbar/tool_cancel.gif');","edit_submit('category','$cancelURL',2,'');","tool_cancel.gif");
int_header(NULL,NULL,$title);
?>
<table width="100%" border="0" cellspacing="0" cellpadding="4" class="tableborder">
<?php int_subsection_title(admin_language("la_prompt_sqlquery_result")); ?>
<tr <?php echo int_table_color(); ?>>
<TD colspan=3>
- <?php echo $SqlQuery; ?>
+ <?php echo stripslashes($SqlQuery); ?>
<input class="button" type=button value="<?php echo admin_language("la_prompt_edit_query"); ?>" onclick="history.go(-1);">
</td>
</tr>
<tr>
<?php
if($SqlErrorNum>0)
{
?>
<?php int_subsection_title(admin_language("la_prompt_sqlquery_error")); ?>
<tr <?php echo int_table_color(); ?>>
<TD colspan=3>
- <?php echo $SqlError; ?>
+ <?php echo stripslashes($SqlError); ?>
</td>
</tr>
<tr>
<?php
}
else
{
$ResultObject = new clsItemCollection();
$ResultObject->classname = "clsItemDB";
echo "<TR><TD colspan=3><table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"4\">";
while($SqlResult && !$SqlResult->EOF)
{
$ResultObject->AddItemFromArray($SqlResult->fields,TRUE);
$SqlResult->MoveNext();
}
$objListView = new clsListView(NULL,$ResultObject);
$fields = $SqlResult->FieldTypesArray();
if(is_array($fields))
{
$width = 100 / count($fields);
$width = "width=\"".$width."%\"";
foreach($fields as $f)
{
$name = $f->name;
$objListView->ColumnHeaders->Add($name,$name,1,0,"",$width,"", "",$name);
}
}
$objListView->PrintToolBar = FALSE;
$objListView->nowrap = FALSE;
$objListView->CurrentPageVar = "";
$objListView->PerPageVar = "";
$objListView->checkboxes=false;
echo $objListView->ColumnHeaders->PrintColumns();
if($ResultObject->NumItems()>0)
{
echo $objListView->PrintItems();
}
echo "</TABLE></TD></TR>";
}
?>
</TABLE>
<?php int_footer(); ?>
\ No newline at end of file
Property changes on: trunk/admin/tools/sql_result.php
___________________________________________________________________
Modified: cvs2svn:cvs-rev
## -1 +1 ##
-1.1
\ No newline at end of property
+1.2
\ No newline at end of property
Index: trunk/admin/users/user_list.php
===================================================================
--- trunk/admin/users/user_list.php (revision 266)
+++ trunk/admin/users/user_list.php (revision 267)
@@ -1,367 +1,367 @@
<?php
##############################################################
##In-portal ##
##############################################################
## In-portal ##
## Intechnic Corporation ##
## All Rights Reserved, 1998-2002 ##
## ##
## No portion of this code may be copied, reproduced or ##
## otherwise redistributed without proper written ##
## consent of Intechnic Corporation. Violation will ##
## result in revocation of the license and support ##
## privileges along maximum prosecution allowed by law. ##
##############################################################
if(!strlen($pathtoroot))
{
$path=dirname(realpath($_SERVER['SCRIPT_FILENAME']));
if(strlen($path))
{
/* determine the OS type for path parsing */
$pos = strpos($path,":");
if ($pos === false)
{
$gOS_TYPE="unix";
$pathchar = "/";
}
else
{
$gOS_TYPE="win";
$pathchar="\\";
}
$p = $path.$pathchar;
/*Start looking for the root flag file */
while(!strlen($pathtoroot) && strlen($p))
{
$sub = substr($p,strlen($pathchar)*-1);
if($sub==$pathchar)
{
$filename = $p."root.flg";
}
else
$filename = $p.$pathchar."root.flg";
if(file_exists($filename))
{
$pathtoroot = $p;
}
else
{
$parent = realpath($p.$pathchar."..".$pathchar);
if($parent!=$p)
{
$p = $parent;
}
else
$p = "";
}
}
if(!strlen($pathtoroot))
$pathtoroot = ".".$pathchar;
}
else
{
$pathtoroot = ".".$pathchar;
}
}
$sub = substr($pathtoroot,strlen($pathchar)*-1);
if($sub!=$pathchar)
{
$pathtoroot = $pathtoroot.$pathchar;
}
//echo $pathtoroot;
require_once($pathtoroot."kernel/startup.php");
if (!admin_login())
{
if(!headers_sent())
setcookie("sid"," ",time()-3600);
$objSession->Logout();
header("Location: ".$adminURL."/login.php");
die();
//require_once($pathtoroot."admin/login.php");
}
$admin = $objConfig->Get("AdminDirectory");
if(!strlen($admin))
$admin = "admin";
$rootURL="http://".ThisDomain().$objConfig->Get("Site_Path");
$localURL=$rootURL."kernel/";
$adminURL = $rootURL.$admin;
$imagesURL = $adminURL."/images";
$pathtolocal = $pathtoroot."kernel/";
require_once ($pathtoroot.$admin."/include/elements.php");
require_once ($pathtoroot."kernel/admin/include/navmenu.php");
//require_once ($pathtolocal."admin/include/navmenu.php");
require_once($pathtoroot.$admin."/toolbar.php");
require_once($pathtoroot.$admin."/listview/listview.php");
$pathtolocal = $pathtoroot;
/* -------------------------------------- Section configuration ------------------------------------------- */
$section = 'in-portal:user_list';
$envar = "env=" . BuildEnv();
$SortFieldVar = "User_SortField";
$SortOrderVar = "User_SortOrder";
$DefaultSortField = "Login";
$PerPageVar = "Perpage_User";
$CurrentPageVar = "Page_UserList";
$CurrentFilterVar = "User_View";
$ListForm = "userlistform";
$CheckClass = "UserChecks";
/* ------------------------------------- Configure the toolbar ------------------------------------------- */
$objListToolBar = new clsToolBar();
$objListToolBar->Set("section",$section);
$objListToolBar->Set("load_menu_func","");
$objListToolBar->Set("CheckClass",$CheckClass);
$objListToolBar->Set("CheckForm",$ListForm);
$listImages = array();
//$img, $alt, $link, $onMouseOver, $onMouseOut, $onClick
$objListToolBar->Add("new_user", "la_ToolTip_New_User",$adminURL."/users/adduser.php?$envar&new=1","swap('new_user','toolbar/tool_new_user_f2.gif');",
"swap('new_user', 'toolbar/tool_new_user.gif');","");
$objListToolBar->Add("user_edit","la_ToolTip_Edit","#", "if (UserChecks.itemChecked()) swap('user_edit','toolbar/tool_edit_f2.gif');",
"if (UserChecks.itemChecked()) swap('user_edit', 'toolbar/tool_edit.gif');","if (UserChecks.itemChecked()) UserChecks.check_submit('adduser', '');",
"tool_edit.gif",TRUE,TRUE);
$listImages[] = "UserChecks.addImage('user_edit','$imagesURL/toolbar/tool_edit.gif','$imagesURL/toolbar/tool_edit_f3.gif',1); ";
$objListToolBar->Add("user_del","la_ToolTip_Delete","#", "if (UserChecks.itemChecked()) swap('user_del','toolbar/tool_delete_f2.gif');",
"if (UserChecks.itemChecked()) swap('user_del', 'toolbar/tool_delete.gif');","if (UserChecks.itemChecked()) UserChecks.check_submit('user_list', 'm_delete_user');",
"tool_delete.gif",FALSE,TRUE);
$listImages[] = "UserChecks.addImage('user_del','$imagesURL/toolbar/tool_delete.gif','$imagesURL/toolbar/tool_delete_f3.gif',1); ";
$objListToolBar->Add("user_primary","la_ToolTip_PrimaryGroup","#", "if (UserChecks.itemChecked()) swap('user_primary','toolbar/tool_primary_user_group_f2.gif');",
"if (UserChecks.itemChecked()) swap('user_primary', 'toolbar/tool_primary_user_group.gif');","if (UserChecks.itemChecked()) SelectPrimaryGroup();",
"tool_primary_user_group.gif",FALSE,TRUE);
$listImages[] = "UserChecks.addImage('user_primary','$imagesURL/toolbar/tool_primary_user_group.gif','$imagesURL/toolbar/tool_primary_user_group_f3.gif',1); ";
$objListToolBar->Add("divider");
$objListToolBar->Add("user_app","la_ToolTip_Approve","#","if (UserChecks.itemChecked()) swap('user_app','toolbar/tool_approve_f2.gif');",
"if (UserChecks.itemChecked()) swap('user_app', 'toolbar/tool_approve.gif');","if (UserChecks.itemChecked()) UserChecks.check_submit('user_list', 'm_approve_user');",
"tool_approve.gif",FALSE,TRUE);
$listImages[] = "UserChecks.addImage('user_app','$imagesURL/toolbar/tool_approve.gif','$imagesURL/toolbar/tool_approve_f3.gif',1); ";
$objListToolBar->Add("user_deny","la_ToolTip_Deny","#","if (UserChecks.itemChecked()) swap('user_deny','toolbar/tool_decline_f2.gif');",
"if (UserChecks.itemChecked()) swap('user_deny', 'toolbar/tool_decline.gif');","if (UserChecks.itemChecked()) UserChecks.check_submit('user_list', 'm_deny_user');",
"tool_deny.gif",FALSE,TRUE);
$listImages[] = "UserChecks.addImage('user_deny','$imagesURL/toolbar/tool_decline.gif','$imagesURL/toolbar/tool_decline_f3.gif',1); ";
$objListToolBar->Add("user_ban","la_ToolTip_Ban","#","if (UserChecks.itemChecked()) swap('user_ban','toolbar/tool_ban_user_f2.gif');",
"if (UserChecks.itemChecked()) swap('user_ban', 'toolbar/tool_ban_user.gif');","if (UserChecks.itemChecked()) UserChecks.check_submit('banuser', '');",
"tool_deny.gif",FALSE,TRUE);
$listImages[] = "UserChecks.addImage('user_ban','$imagesURL/toolbar/tool_ban_user.gif','$imagesURL/toolbar/tool_ban_user_f3.gif',1); ";
$objListToolBar->Add("divider");
$objListToolBar->Add("user_mail","la_ToolTip_SendMail","#", "if (UserChecks.itemChecked()) swap('user_mail','toolbar/tool_e-mail_f2.gif');",
"if (UserChecks.itemChecked()) swap('user_mail', 'toolbar/tool_e-mail.gif');","if (UserChecks.itemChecked()) openEmailPopup('','sendmail',$CheckClass);",
"tool_e-mail.gif",FALSE,TRUE);
$listImages[] = "UserChecks.addImage('user_mail','$imagesURL/toolbar/tool_e-mail.gif','$imagesURL/toolbar/tool_e-mail_f3.gif',1); ";
$objListToolBar->Add("user_print", "la_ToolTip_Print","#","swap('user_print','toolbar/tool_print_f2.gif');",
"swap('user_print', 'toolbar/tool_print.gif');","window.print();","tool_print.gif");
$objListToolBar->Add("viewmenubutton", "la_ToolTip_View","#","swap('viewmenubutton','toolbar/tool_view_f2.gif'); ",
"swap('viewmenubutton', 'toolbar/tool_view.gif');",
"ShowViewMenu();","tool_view.gif");
$objListToolBar->AddToInitScript($listImages);
/* ----------------------------------------- Set the View Filter ---------------------------------------- */
/* bit place holders for category view menu */
$Bit_Pending=4;
$Bit_Disabled=2;
$Bit_Valid=1;
$Bit_All = 7;
$FilterLabels = array();
$FilterLabels[0] = admin_language("la_Text_Enabled");
$FilterLabels[1] = admin_language("la_Text_Disabled");
$FilterLabels[2] = admin_language("la_Text_Pending");
/* determine current view menu settings */
$UserView = $objConfig->Get("User_View");
if(!is_numeric($UserView))
{
$UserView = $Bit_All; //Set all bits ON
$UserFilter = "";
}
if($UserView & $Bit_Valid)
$Status[] = 1;
if($UserView & $Bit_Disabled)
$Status[] = 0;
if($UserView & $Bit_Pending)
$Status[] = 2;
if(count($Status)>0)
{
$UserFilter = "Status IN (".implode(",",$Status).")";
}
else
$UserFilter = "Status = -1";
$order = $objConfig->Get($SortOrderVar);
$SearchWords = $objSession->GetVariable("UserSearchWord");
$where = "(ug.PrimaryGroup!=0 OR ug.PrimaryGroup IS NULL)";
if(strlen($SearchWords))
{
$SearchWhere = $objUsers->AdminSearchWhereClause($SearchWords);
}
if(strlen($SearchWhere))
{
$where .= " AND (".$SearchWhere.")";
}
if(strlen($UserFilter))
$where .= " AND (".$UserFilter.")";
/* ------------------------------------ Build the SQL statement to populate the list ---------------------------*/
$sql = "SELECT u.*,g.Name as GroupName,ELT(u.status+1,'".admin_language("la_Text_Disabled")." ','".admin_language("la_Text_Enabled")." ','".admin_language("la_Text_Pending")."') as UserStatus, ";
-$sql .="FROM_UNIXTIME(u.CreatedOn,'%m-%d-%Y') as DateCreated FROM ".GetTablePrefix()."PortalUser as u ";
+$sql .="FROM_UNIXTIME(u.CreatedOn,'%m-%d-%Y %H:%i:%s') as DateCreated FROM ".GetTablePrefix()."PortalUser as u ";
$sql .="LEFT JOIN ".GetTablePrefix()."UserGroup as ug ON (u.PortalUserId=ug.PortalUserId) ";
$sql .="LEFT JOIN ".GetTablePrefix()."PortalGroup as g ON (ug.GroupId=g.GroupId) WHERE $where";
if(!strlen($objConfig->Get($SortFieldVar)))
$objConfig->Set($SortFieldVar,$DefaultSortField);
$orderBy = trim($objConfig->Get($SortFieldVar)." ".$objConfig->Get($SortOrderVar));
if(strlen($orderBy))
$sql .=" ORDER BY ".$orderBy;
if((int)$_GET["resetpage"])
{
$page = 1;
$objSession->SetVariable($CurrentPageVar,1);
}
else
{
if((int)$_GET["lpn"])
{
$objSession->SetVariable($CurrentPageVar,(int)$_GET["lpn"]);
$page = (int)$_GET["lpn"];
}
else
{
$page = $objSession->GetVariable($CurrentPageVar);
}
}
//$sql .=" ".GetLimitSQL($page,(int)$objConfig->Get($PerPageVar));
if($objSession->HasSystemPermission("DEBUG.LIST"))
echo htmlentities($sql,ENT_NOQUOTES)."<br>\n";
$objListView = new clsListView($objListToolBar);
$objListView->CurrentPageVar = $CurrentPageVar;
$objListView->PerPageVar = $PerPageVar;
//echo "SQL: $sql<br>";
$objUsers->Query_Item($sql, false, 'set_first');
$objSession->SetVariable($CurrentPageVar, 1);
$itemcount = QueryCount($sql);
//$title = prompt_language("la_Text_ShowingUsers")." (".$objUsers->NumItems().")";
//removed by PSK 2004-10-21
if(strlen($SearchWords))
{
$title = prompt_language("la_Text_Search_Results")." (".$itemcount.")";
}
else
$title = prompt_language("la_Text_ShowingUsers")." (".$itemcount.")";
$objListView->SetListItems($objUsers);
/* ---------------------------------------- Configure the list view ---------------------------------------- */
$objListView->IdField = "ResourceId";
$objListView->PageLinkTemplate = $pathtoroot.$admin."/templates/user_page_link.tpl";
$objListView->ColumnHeaders->Add("Login",admin_language("la_prompt_Username"),1,0,$order,"width=\"15%\"",$SortFieldVar,$SortOrderVar,"Login");
$objListView->ColumnHeaders->Add("LastName",admin_language("la_prompt_Last_Name"),1,0,$order,"width=\"15%\"",$SortFieldVar,$SortOrderVar,"LastName");
$objListView->ColumnHeaders->Add("FirstName",admin_language("la_prompt_First_Name"),1,0,$order,"width=\"15%\"",$SortFieldVar,$SortOrderVar,"FirstName");
$objListView->ColumnHeaders->Add("Email",admin_language("la_prompt_Email"),1,0,$order,"width=\"20%\"",$SortFieldVar,$SortOrderVar,"Email");
$objListView->ColumnHeaders->Add("GroupName",admin_language("la_prompt_PrimaryGroup"),1,0,$order,"width=\"20%\"",$SortFieldVar,$SortOrderVar,"GroupName");
$objListView->ColumnHeaders->Add("DateCreated",admin_language("la_prompt_CreatedOn"),1,0,$order,"width=\"15%\"",$SortFieldVar,$SortOrderVar,"u.CreatedOn");
$objListView->ColumnHeaders->SetSort($objConfig->Get($SortFieldVar), $objConfig->Get($SortOrderVar));
$objListView->PrintToolBar = FALSE;
$objListView->SearchBar = TRUE;
$objListView->SearchKeywords = $SearchWords;
$objListView->SearchAction="m_user_search";
$objListView->CheckboxName = "itemlist[]";
$objListView->TotalItemCount = $itemcount;
$objListView->ConfigureViewMenu($SortFieldVar,$SortOrderVar,$DefaultSortField,
$CurrentFilterVar,$UserView,$Bit_All);
foreach($FilterLabels as $Bit=>$Label)
{
$objListView->AddViewMenuFilter($Label,$Bit);
}
for($i=0;$i<count($objUsers->Items);$i++)
{
$u =& $objUsers->GetItemRefByIndex($i);
$objListView->RowIcons[] = $u->StatusIcon();
}
$objListToolBar->AddToInitScript("fwLoadMenus();");
$h = "\n\n<SCRIPT Language=\"JavaScript1.2\">\n".$objListView->GetViewMenu($imagesURL)."\n</SCRIPT>\n";
int_header($objListToolBar,NULL, $title,NULL,$h);
?>
<FORM method="POST" ACTION="" NAME="userlistform" ID="userlistform">
<?php
print $objListView->PrintList();
?>
<input type="hidden" name="Action" value="">
</FORM>
<FORM method=POST NAME="sendmail" ID="sendmail" target="sendmail" ACTION="<?php echo $adminURL."/email/sendmail.php?env=".BuildEnv(); ?>">
<INPUT TYPE="HIDDEN" NAME="idlist" ID="idlist" VALUE="">
<INPUT TYPE="hidden" NAME="idtype" ID="idtype" VALUE="user">
</FORM>
<!-- CODE FOR VIEW MENU -->
<form ID="viewmenu" method="post" action="user_list.php?env=<?php echo BuildEnv(); ?>" name="viewmenu">
<input type="hidden" name="fieldname" value="">
<input type="hidden" name="varvalue" value="">
<input type="hidden" name="varvalue2" value="">
<input type="hidden" name="Action" value="">
</form>
<form ID="popup" method="post" action="user_list.php?env=<?php echo BuildEnv(); ?>" name="popup">
<INPUT TYPE="hidden" NAME="grouplist">
<input TYPE="hidden" NAME="Action" VALUE="m_user_primarygroup">
<input type="hidden" NAME="userlist">
</FORM>
<FORM ID="ListSearchForm" NAME="ListSearchForm" method="POST" action="<?php echo $_SERVER["PHP_SELF"]."?env=".BuildEnv(); ?>">
<INPUT TYPE="HIDDEN" NAME="Action" VALUE="">
<INPUT TYPE="HIDDEN" NAME="list_search">
</FORM>
<script src="<?php echo $adminURL; ?>/listview/listview.js"></script>
<script>
initSelectiorContainers();
<?php echo $objListToolBar->Get("CheckClass").".setImages();"; ?>
</script>
<!-- END CODE-->
<?php int_footer(); ?>
Property changes on: trunk/admin/users/user_list.php
___________________________________________________________________
Modified: cvs2svn:cvs-rev
## -1 +1 ##
-1.3
\ No newline at end of property
+1.4
\ No newline at end of property
Index: trunk/admin/users/adduser.php
===================================================================
--- trunk/admin/users/adduser.php (revision 266)
+++ trunk/admin/users/adduser.php (revision 267)
@@ -1,375 +1,375 @@
<?php
##############################################################
##In-portal ##
##############################################################
## In-portal ##
## Intechnic Corporation ##
## All Rights Reserved, 1998-2002 ##
## ##
## No portion of this code may be copied, reproduced or ##
## otherwise redistributed without proper written ##
## consent of Intechnic Corporation. Violation will ##
## result in revocation of the license and support ##
## privileges along maximum prosecution allowed by law. ##
##############################################################
if(!strlen($pathtoroot))
{
$path=dirname(realpath($_SERVER['SCRIPT_FILENAME']));
if(strlen($path))
{
/* determine the OS type for path parsing */
$pos = strpos($path,":");
if ($pos === false)
{
$gOS_TYPE="unix";
$pathchar = "/";
}
else
{
$gOS_TYPE="win";
$pathchar="\\";
}
$p = $path.$pathchar;
/*Start looking for the root flag file */
while(!strlen($pathtoroot) && strlen($p))
{
$sub = substr($p,strlen($pathchar)*-1);
if($sub==$pathchar)
{
$filename = $p."root.flg";
}
else
$filename = $p.$pathchar."root.flg";
if(file_exists($filename))
{
$pathtoroot = $p;
}
else
{
$parent = realpath($p.$pathchar."..".$pathchar);
if($parent!=$p)
{
$p = $parent;
}
else
$p = "";
}
}
if(!strlen($pathtoroot))
$pathtoroot = ".".$pathchar;
}
else
{
$pathtoroot = ".".$pathchar;
}
}
$sub = substr($pathtoroot,strlen($pathchar)*-1);
if($sub!=$pathchar)
{
$pathtoroot = $pathtoroot.$pathchar;
}
//echo $pathtoroot;
require_once($pathtoroot."kernel/startup.php");
//admin only util
$rootURL="http://".ThisDomain().$objConfig->Get("Site_Path");
$admin = $objConfig->Get("AdminDirectory");
if(!strlen($admin))
$admin = "admin";
$localURL=$rootURL."kernel/";
$adminURL = $rootURL.$admin;
$imagesURL = $adminURL."/images";
//$pathtolocal = $pathtoroot."in-news/";
require_once ($pathtoroot.$admin."/include/elements.php");
require_once ($pathtoroot."kernel/admin/include/navmenu.php");
//require_once ($pathtolocal."admin/include/navmenu.php");
require_once($pathtoroot.$admin."/toolbar.php");
unset($objEditItems);
$objEditItems = new clsUserManager();
$objEditItems->SourceTable = $objSession->GetEditTable("PortalUser");
$objEditItems->EnablePaging = FALSE;
$objCustomFields = new clsCustomFieldList(6);
$objRelList = new clsRelationshipList();
$objImages = new clsImageList();
//$objUserGroupsList = new clsUserGroupList();
//Multiedit init
if ($_GET["new"] == 1)
{
$c = new clsPortalUser(NULL);
$c->Set("CreatedOn", time());
$c->Set("Status", 2);
$en = 0;
$action = "m_add_user";
$objUsers->CreateEmptyEditTable("PortalUserId");
$objRelList->CreateEmptyEditTable("RelationshipId");
$objCustomDataList->CreateEmptyEditTable("CustomDataId");
$objImages->CreateEmptyEditTable("ResourceId");
//$objUserGroupsList->CreateEmptyEditTable("PortalUserId");
}
else
{
$en = (int)$_GET["en"];
if (isset($_POST["itemlist"]))
{
$objUsers->CopyToEditTable("ResourceId",$_POST["itemlist"]);
}
$objEditItems->Query_Item("SELECT * FROM ".$objEditItems->SourceTable);
$first=1;
foreach($objEditItems->Items as $u)
{
$objItemTypes->BuildUserItemTable($u->Get("PortalUserId"),$first);
$first=0;
}
if(isset($_POST["itemlist"]))
{
/* make a copy of the relationship records */
$ids = $objEditItems->GetResourceIDList();
$objRelList->CopyToEditTable("SourceId",$ids);
$objCustomDataList->CopyToEditTable("ResourceId",$ids);
$objImages->CopyToEditTable("ResourceId",$ids);
//$objUserGroupsList->CopyToEditTable("PortalUserId", $ids);
}
$itemcount=$objEditItems->NumItems();
$c = $objEditItems->GetItemByIndex($en);
if($itemcount>1)
{
if ($en+1 == $itemcount)
$en_next = -1;
else
$en_next = $en+1;
if ($en == 0)
$en_prev = -1;
else
$en_prev = $en-1;
}
$action = "m_edit_user";
}
$envar = "env=" . BuildEnv() . "&en=$en";
$section = 'in-portal:edituser_general';
if (strlen($c->Get("Login")))
$editing_title = "'".$c->Get("Login")."' ";
else
$editing_title = "";
$title = prompt_language("la_Text_Editing")." ".prompt_language("la_Text_User")." $editing_title- ".prompt_language("la_tab_General");
//Display header
$sec = $objSections->GetSection($section);
$objCatToolBar = new clsToolBar();
$objCatToolBar->Add("img_save", "la_Save","#","swap('img_save','toolbar/tool_select_f2.gif');", "swap('img_save', 'toolbar/tool_select.gif');","edit_submit('edituser','UserEditStatus','".$admin."/users/user_list.php',1);","tool_select.gif");
$objCatToolBar->Add("img_cancel", "la_Cancel","#","swap('img_cancel','toolbar/tool_cancel_f2.gif');", "swap('img_cancel', 'toolbar/tool_cancel.gif');","edit_submit('edituser','UserEditStatus','".$admin."/users/user_list.php',2);","tool_cancel.gif");
if ( isset($en_prev) || isset($en_next) )
{
$url = $RootUrl.$admin."/users/adduser.php";
$StatusField = "UserEditStatus";
$form = "edituser";
MultiEditButtons($objCatToolBar,$en_next,$en_prev,$form,$StatusField,$url,$sec->Get("OnClick"),'','la_PrevUser','la_NextUser');
}
int_header($objCatToolBar,NULL,$title);
?>
<table width="100%" border="0" cellspacing="0" cellpadding="4" class="tableborder">
<form ID="edituser" name="edituser" action="" method=POST>
<?php int_subsection_title(prompt_language("la_Text_User")); ?>
<tr <?php int_table_color(); ?>>
<td valign="top"><span id="prompt_user_login" class="text"><?php echo prompt_language("la_prompt_Usermame"); ?></span></td>
<td>
<input type="text" tabindex="1" name="user_login" ID="user_login" class="text" ValidationType="exists" size="20" value="<?php echo $dupe_user ? $dupe_user : $c->parsetag("user_login"); ?>">
<span class="validation_error"><?php if( isset($dupe_user) && $dupe_user ) echo admin_language($lvErrorString); ?></span>
</td>
<td></td>
</tr>
<tr <?php int_table_color(); ?>>
<td valign="top"><span ID="prompt_password" class="text"><?php echo prompt_language("la_prompt_Password"); ?></span></td>
<td>
<input type="password" id="password" tabindex="2" name="password" class="text" ValidationType="password" size="20" value="">
<?php if(!$_GET["new"]) echo prompt_language("la_password_info"); ?>
</td>
<td></td>
</tr>
<tr <?php int_table_color(); ?>>
<td valign="top"><span ID="prompt_password_verify" class="text"><?php echo prompt_language("la_prompt_PasswordRepeat"); ?></span></td>
<td>
<input type="password" id="password_verify" tabindex="4" name="password_verify" class="text" size="20" value="">
</td>
<td></td>
</tr>
<?php int_subsection_title(prompt_language("la_prompt_PersonalInfo")); ?>
<tr <?php int_table_color(); ?>>
<td valign="top"><span id="prompt_user_firstname" class="text"><?php echo prompt_language("la_prompt_FirstName"); ?></span></td>
<td>
<input type="text" name="user_firstname" class="text" tabindex="5" size="30" value="<?php echo $c->parsetag("user_firstname"); ?>">
</td>
<td></td>
</tr>
<tr <?php int_table_color(); ?>>
<td valign="top"><span id="prompt_user_lastname" class="text"><?php echo prompt_language("la_prompt_LastName"); ?></span></td>
<td>
<input type="text" name="user_lastname" class="text" tabindex="6" size="30" value="<?php echo $c->parsetag("user_lastname"); ?>">
</td>
<td></td>
</tr>
<tr <?php int_table_color(); ?>>
<td valign="top"><span ID="prompt_user_email" class="text"><?php echo prompt_language("la_prompt_Email"); ?></span></td>
<td>
<input type="text" ValidationType="exists" name="user_email" tabindex="7" ID="user_email" class="text" size="30" value="<?php echo $c->parsetag("user_email"); ?>">
</td>
<td><span class="text">&nbsp;</span></td>
</tr>
<tr <?php int_table_color(); ?>>
<td valign="top"><SPAN id="prompt_user_dob" class="text"><?php echo prompt_language("la_prompt_birthday"); ?></SPAN></td>
<td>
<input type="text" ValidationType="date,exists" tabindex="8" name="user_dob" id="user_dob_selector" datepickerIcon="<?php echo $adminURL; ?>/images/ddarrow.gif" class="text" size="20" value="<?php echo $c->parsetag("user_dob"); ?>">
<span class="small"><?php echo prompt_language("la_prompt_DateFormat"); ?></span></td>
<td></td>
</tr>
<tr <?php int_table_color(); ?>>
<td valign="top"><span id="prompt_user_phone" class="text"><?php echo prompt_language("la_prompt_Phone"); ?></span></td>
<td>
<input type="text" name="user_phone" tabindex="9" class="text" size="30" value="<?php echo $c->parsetag("user_phone"); ?>">
</td>
<td><span class="text">&nbsp;</span></td>
</tr>
<tr <?php int_table_color(); ?>>
<td valign="top"><span id="prompt_user_street" class="text"><?php echo prompt_language("la_prompt_Street"); ?></span></td>
<td>
<input type="text" name="user_street" tabindex="10" class="text" size="40" value="<?php echo $c->parsetag("user_street"); ?>">
</td>
<td><span class="text">&nbsp;</span></td>
</tr>
<tr <?php int_table_color(); ?>>
<td valign="top"><span id="prompt_user_city" class="text"><?php echo prompt_language("la_prompt_City"); ?></span></td>
<td>
<input type="text" name="user_city" class="text" tabindex="11" size="30" value="<?php echo $c->parsetag("user_city"); ?>">
</td>
<td><span class="text">&nbsp;</span></td>
</tr>
<tr <?php int_table_color(); ?>>
<td valign="top"><span id="prompt_user_state" class="text"><?php echo prompt_language("la_prompt_State"); ?></span></td>
<td>
<input type="text" name="user_state" class="text" tabindex="12" size="20" value="<?php echo $c->parsetag("user_state"); ?>">
</td>
<td><span class="text">&nbsp;</span></td>
</tr>
<tr <?php int_table_color(); ?>>
<td valign="top"><span id="prompt_user_zip" class="text"><?php echo prompt_language("la_prompt_Zip"); ?></span></td>
<td>
<input type="text" name="user_zip" class="text" size="15" tabindex="13" value="<?php echo $c->parsetag("user_zip"); ?>">
</td>
<td><span class="text">&nbsp;</span></td>
</tr>
<tr <?php int_table_color(); ?>>
<td valign="top"><span id="prompt_user_country" class="text"><?php echo prompt_language("la_prompt_Country"); ?></span></td>
<td>
<input type="text" name="user_country" class="text" tabindex="14" size="30" value="<?php echo $c->parsetag("user_country"); ?>">
</td>
<td><span class="text">&nbsp;</span></td>
</tr>
<?php int_subsection_title(prompt_language("la_prompt_Properties")); ?>
<tr <?php int_table_color(); ?>>
<td valign="top"><span id="prompt_status" class="text"><?php echo prompt_language("la_prompt_Status"); ?></span></td>
<td>
<input type="radio" name="status" class="text" tabindex="15" value="1" <?php if($c->Get("Status") == 1) echo "checked"; ?>><?php echo prompt_language("la_val_Active"); ?>
<input type="radio" name="status" class="text" tabindex="15" value="2" <?php if($c->Get("Status") == 2) echo "checked"; ?>><?php echo prompt_language("la_val_Pending"); ?>
<input type="radio" name="status" class="text" tabindex="15" value="0" <?php if($c->Get("Status") == 0) echo "checked"; ?>><?php echo prompt_language("la_val_Disabled"); ?>
</td>
<td class="text">&nbsp;</td>
</tr>
<tr <?php int_table_color(); ?>>
<td valign="top"><SPAN id="prompt_user_date" class="text"><?php echo prompt_language("la_prompt_CreatedOn"); ?></SPAN></td>
<td>
- <input type="text" name="user_date" id="user_date_selector" tabindex="16" datepickerIcon="<?php echo $adminURL; ?>/images/ddarrow.gif" class="text" size="20" value="<?php echo $c->parsetag("user_date"); ?>">
+ <input type="text" name="user_date" id="user_date_selector" tabindex="16" datepickerIcon="<?php echo $adminURL; ?>/images/ddarrow.gif" class="text" size="20" value="<?php echo $c->parsetag("user_datetime"); ?>">
<span class="small"><?php echo prompt_language("la_prompt_DateFormat"); ?></span></td>
<td></td>
</tr>
<?php
$CustomFieldUI = $objCustomFields->GetFieldUIList(TRUE);
if($CustomFieldUI->NumItems()>0)
{
$objCustomDataList->SetTable('edit');
if((int)$c->Get("ResourceId")>0)
$objCustomDataList->LoadResource($c->Get("ResourceId"));
$headings = $CustomFieldUI->GetHeadingList();
//echo "<PRE>";print_r($objCustomFields); echo "</PRE>";
for($i=0;$i<=count($headings);$i++)
{
$h = $headings[$i];
if(strlen($h))
{
int_subsection_title(prompt_language($h));
$Items = $CustomFieldUI->GetHeadingItems($h);
foreach($Items as $f)
{
$n = substr($f->name,1);
$cfield = $objCustomFields->GetItemByField("FieldName",$n,FALSE);
if(is_object($cfield))
{
$cv = $objCustomDataList->GetDataItem($cfield->Get("CustomFieldId"));
if(is_object($cv))
{
$f->default_value = $cv->Get("Value");
}
}
print "<tr ".int_table_color_ret().">\n";
print " <td valign=\"top\"><span class=\"text\">".$f->GetPrompt()."</span></td>\n";
print " <td nowrap>".$f->ItemFormElement()."</TD>";
if(is_object($f->NextItem))
{
$n = $f->NextItem;
print " <td>".$n->ItemFormElement()."</TD>";
}
else
print " <td><span class=\"text\">&nbsp;</span></td>\n";
print "</tr>\n";
}
}
}
$objCustomDataList->SetTable('live');
}
?>
<tr <?php int_table_color(); ?>>
<td colspan="3">
<input type="hidden" name="Action" value="<?php echo $action; ?>">
<input type="hidden" name="user_id" value="<?php echo $c->Get("PortalUserId"); ?>">
<input type="hidden" name="UserEditStatus" VALUE="0">
</td>
</tr>
</td>
</tr>
</table>
</form>
<script src="<?php echo $adminURL; ?>/include/calendar.js"></script>
<SCRIPT language="JavaScript">
initCalendar("user_date_selector", CalDateFormat);
initCalendar("user_dob_selector", CalDateFormat);
</SCRIPT>
<?php
MarkFields('edituser');
int_footer();
?>
\ No newline at end of file
Property changes on: trunk/admin/users/adduser.php
___________________________________________________________________
Modified: cvs2svn:cvs-rev
## -1 +1 ##
-1.3
\ No newline at end of property
+1.4
\ No newline at end of property

Event Timeline

In-Portal CMS · In-Portal Community Pages · In-Portal Issue Tracker · In-Portal Repository Browser · Quality Assurance · In-Portal CI Server