Page MenuHomeIn-Portal Phabricator
Files F785074

in-portal
No OneTemporary
Actions

File Metadata

Created
Wed, Feb 12, 12:31 AM

in-portal
View Options

Index: branches/RC/core/kernel/processors/main_processor.php
===================================================================
--- branches/RC/core/kernel/processors/main_processor.php (revision 11864)
+++ branches/RC/core/kernel/processors/main_processor.php (revision 11865)
@@ -1,1148 +1,1146 @@
<?php
class kMainTagProcessor extends TagProcessor {
function Init($prefix, $special, $event_params = null)
{
parent::Init($prefix, $special, $event_params);
$actions =& $this->Application->recallObject('kActions');
$actions->Set('t', $this->Application->GetVar('t'));
$actions->Set('sid', $this->Application->GetSID());
$actions->Set('m_opener', $this->Application->GetVar('m_opener') );
}
/**
* Used to handle calls where tag name
* match with existing php function name
*
* @param Tag $tag
* @return string
*/
function ProcessTag(&$tag)
{
if ($tag->Tag=='include') $tag->Tag='MyInclude';
return parent::ProcessTag($tag);
}
/**
* Base folder for all template includes
*
* @param Array $params
* @return string
*/
function TemplatesBase($params)
{
$force_admin = array_key_exists('force_admin', $params) && $params['force_admin'];
$module = array_key_exists('module', $params) ? $params['module'] : 'core';
if ($this->Application->IsAdmin() || $force_admin) {
if ($module == 'in-portal') {
$module = 'kernel';
}
$path = $force_admin ? '/core/admin_templates' : THEMES_PATH;
$path = preg_replace('/\/(.*?)\/(.*)/', $module.'/\\2', $path); // remove leading slash + substitute module
}
else {
$path = mb_substr(THEMES_PATH, 1);
if (mb_strtolower($module) == 'in-portal') {
$module_folder = 'platform';
}
else {
$module_folder = $this->Application->findModule('Name', $module, 'TemplatePath');
}
$path .= rtrim('/' . trim($module_folder, '/'), '/') . '/';
}
return $this->Application->BaseURL() . $path;
}
/**
* Creates <base href ..> HTML tag for all templates
* affects future css, js files and href params of links
*
* @return string
* @access public
*/
function Base_Ref($params)
{
return '<base href="'.$this->TemplatesBase($params).'/" />';
}
/**
* Returns base url for web-site
*
* @return string
* @access public
*/
function BaseURL()
{
return $this->Application->BaseURL();
}
//for compatability with K3 tags
function Base($params)
{
return $this->TemplatesBase($params).'/';
}
function ProjectBase($params)
{
return $this->Application->BaseURL();
}
/*function Base($params)
{
return $this->Application->BaseURL().$params['add'];
}*/
/**
* Used to create link to any template.
* use "pass" paramter if "t" tag to specify
* prefix & special of object to be represented
* in resulting url
*
* @param Array $params
* @return string
* @access public
*/
function T($params)
{
//by default link to current template
$t = $this->SelectParam($params, 't,template');
unset($params['t']);
unset($params['template']);
$prefix=isset($params['prefix']) ? $params['prefix'] : ''; unset($params['prefix']);
$index_file = isset($params['index_file']) ? $params['index_file'] : null; unset($params['index_file']);
return $this->Application->HREF($t, $prefix, $params, $index_file);
}
function Link($params)
{
if (isset($params['template'])) {
$params['t'] = $params['template'];
unset($params['template']);
}
if (!isset($params['pass']) && !isset($params['no_pass'])) $params['pass'] = 'm';
if (isset($params['no_pass'])) unset($params['no_pass']);
if ( $this->Application->GetVar('admin') ) {
$params['admin'] = 1;
if (!array_key_exists('editing_mode', $params)) {
$params['editing_mode'] = EDITING_MODE;
}
}
return $this->T($params);
}
function Env($params)
{
$t = $params['template'];
unset($params['template']);
return $this->Application->BuildEnv($t, $params, 'm', null, false);
}
function FormAction($params)
{
$params['pass'] = 'all,m';
$params['pass_category'] = 1;
return $this->Application->HREF('', '', $params);
}
/*// NEEDS TEST
function Config($params)
{
return $this->Application->ConfigOption($params['var']);
}
function Object($params)
{
$name = $params['name'];
$method = $params['method'];
$tmp =& $this->Application->recallObject($name);
if ($tmp != null) {
if (method_exists($tmp, $method))
return $tmp->$method($params);
else
echo "Method $method does not exist in object ".get_class($tmp)." named $name<br>";
}
else
echo "Object $name does not exist in the appliaction<br>";
}*/
/**
* Tag, that always returns true.
* For parser testing purposes
*
* @param Array $params
* @return bool
* @access public
*/
function True($params)
{
return true;
}
/**
* Tag, that always returns false.
* For parser testing purposes
*
* @param Array $params
* @return bool
* @access public
*/
function False($params)
{
return false;
}
/**
* Returns block parameter by name
*
* @param Array $params
* @return stirng
* @access public
*/
function Param($params)
{
//$parser =& $this->Application->recallObject('TemplateParser');
$name = $params['name'];
if (isset($this->Application->LateParsed[$name])) {
$f = $this->Application->PreParsedBlocks['capture_'.$name.$this->Application->LateParsed[$name]];
$this->Application->Parser->SetParam($name, $f(array()));
}
$res = $this->Application->Parser->GetParam($params['name']);
if ($res === false) $res = '';
if (isset($params['plus']))
$res += $params['plus'];
return $res;
}
function DefaultParam($params)
{
foreach ($params as $key => $val) {
if ($this->Application->Parser->GetParam($key) === false) {
$this->Application->Parser->SetParam($key, $val);
}
}
}
/**
* Gets value of specified field from specified prefix_special and set it as parser param
*
* @param Array $params
*/
/*function SetParam($params)
{
// <inp2:m_SetParam param="custom_name" src="cf:FieldName"/>
list($prefix_special, $field_name) = explode(':', $params['src']);
$object =& $this->Application->recallObject($prefix_special);
$name = $this->SelectParam($params, 'param,name,var');
$this->Application->Parser->SetParam($name, $object->GetField($field_name) );
}*/
/**
* Compares block parameter with value specified
*
* @param Array $params
* @return bool
* @access public
*/
function ParamEquals($params)
{
//$parser =& $this->Application->recallObject('TemplateParser');
$name = $this->SelectParam($params, 'name,var,param');
$value = $params['value'];
return ($this->Application->Parser->GetParam($name) == $value);
}
/*function PHP_Self($params)
{
return $HTTP_SERVER_VARS['PHP_SELF'];
}
*/
/**
* Returns session variable value by name
*
* @param Array $params
* @return string
* @access public
*/
function Recall($params)
{
$var_name = $this->SelectParam($params,'name,var,param');
if (isset($params['persistent']) && $params['persistent']) {
$ret = $this->Application->RecallPersistentVar($var_name);
}
else {
$ret = $this->Application->RecallVar($var_name);
}
$ret = ($ret === false && isset($params['no_null'])) ? '' : $ret;
if (getArrayValue($params, 'special') || getArrayValue($params, 'htmlchars')) {
$ret = htmlspecialchars($ret);
}
if (getArrayValue($params, 'urlencode')) {
$ret = urlencode($ret);
}
return $ret;
}
function RemoveVar($params)
{
$this->Application->RemoveVar( $this->SelectParam($params,'name,var,param') );
}
// bad style to store something from template to session !!! (by Alex)
// Used here only to test how session works, nothing more
function Store($params)
{
//echo"Store $params[name]<br>";
$name = $params['name'];
$value = $params['value'];
$this->Application->StoreVar($name,$value);
}
/**
* Sets application variable value(-s)
*
* @param Array $params
* @access public
*/
function Set($params)
{
foreach ($params as $param => $value) {
$this->Application->SetVar($param, $value);
}
}
/**
* Increment application variable
* specified by number specified
*
* @param Array $params
* @access public
*/
function Inc($params)
{
$this->Application->SetVar($params['param'], $this->Application->GetVar($params['param']) + $params['by']);
}
/**
* Retrieves application variable
* value by name
*
* @param Array $params
* @return string
* @access public
*/
function Get($params)
{
$ret = $this->Application->GetVar($this->SelectParam($params, 'name,var,param'), '');
return getArrayValue($params, 'htmlchars') ? htmlspecialchars($ret) : $ret;
}
/**
* Retrieves application constant
* value by name
*
* @param Array $params
* @return string
* @access public
*/
function GetConst($params)
{
return defined($this->SelectParam($params, 'name,const')) ? constant($this->SelectParam($params, 'name,const,param')) : '';
}
/**
* Retrieves configuration variable value by name
*
* @param Array $params
* @return string
* @access public
*/
function GetConfig($params)
{
$config_name = $this->SelectParam($params, 'name,var');
$ret = $this->Application->ConfigValue($config_name);
if( getArrayValue($params, 'escape') ) $ret = addslashes($ret);
return $ret;
}
function ConfigEquals($params)
{
$option = $this->SelectParam($params, 'name,option,var');
return $this->Application->ConfigValue($option) == getArrayValue($params, 'value');
}
/**
* Creates all hidden fields
* needed for kernel_form
*
* @param Array $params
* @return string
* @access public
*/
function DumpSystemInfo($params)
{
$actions =& $this->Application->recallObject('kActions');
$actions->Set('t', $this->Application->GetVar('t') );
$params = $actions->GetParams();
$o='';
foreach ($params AS $name => $val)
{
$o .= "<input type='hidden' name='$name' id='$name' value='$val'>\n";
}
return $o;
}
/**
* Used for search sidebox on front-end only
*
* @param Array $params
* @return string
* @author Alex
*/
function GetFormHiddens($params)
{
$t = $this->SelectParam($params, 'template,t');
unset($params['template']);
$form_fields = Array ();
if ($this->Application->RewriteURLs()) {
$session =& $this->Application->recallObject('Session');
if ($session->NeedQueryString()) {
$form_fields['sid'] = $this->Application->GetSID();
}
}
else {
$form_fields['env'] = $this->Application->BuildEnv($t, $params, 'm', null, false);
}
if ($this->Application->GetVar('admin') == 1) {
$form_fields['admin'] = 1;
}
$ret = '';
$field_tpl = '<input type="hidden" name="%1$s" id="%1$s" value="%2$s"/>'."\n";
foreach ($form_fields as $form_field => $field_value) {
$ret .= sprintf($field_tpl, $form_field, $field_value);
}
return $ret;
}
function Odd_Even($params)
{
$odd = $params['odd'];
$even = $params['even'];
if (!isset($params['var'])) {
$var = 'odd_even';
}
else {
$var = $params['var'];
}
if ($this->Application->GetVar($var) == 'even') {
if (!isset($params['readonly']) || !$params['readonly']) {
$this->Application->SetVar($var, 'odd');
}
return $even;
}
else {
if (!isset($params['readonly']) || !$params['readonly']) {
$this->Application->SetVar($var, 'even');
}
return $odd;
}
}
/**
* Returns phrase translation by name
*
* @param Array $params
* @return string
* @access public
*/
function Phrase($params)
{
// m:phrase name="phrase_name" default="Tr-alala" updated="2004-01-29 12:49"
$phrase_name = $this->SelectParam($params, 'label,name,title');
if (isset($params['source']) && $params['source']) {
$phrase_name = $this->Application->GetVar($phrase_name);
if (array_key_exists('default', $params) && !$phrase_name) {
$phrase_name = $params['default'];
}
}
$translation = $this->Application->Phrase($phrase_name);
if (isset($params['escape']) && $params['escape']) {
$translation = htmlspecialchars($translation, ENT_QUOTES);
$translation = addslashes($translation);
}
return $translation;
}
// for tabs
function is_active($params)
{
$test_templ = $this->SelectParam($params, 'templ,template,t');
if ( !getArrayValue($params,'allow_empty') )
{
$if_true=getArrayValue($params,'true') ? $params['true'] : 1;
$if_false=getArrayValue($params,'false') ? $params['false'] : 0;
}
else
{
$if_true=$params['true'];
$if_false=$params['false'];
}
if ( preg_match("/^".str_replace('/', '\/', $test_templ)."/i", $this->Application->GetVar('t'))) {
return $if_true;
}
else {
return $if_false;
}
}
function IsNotActive($params)
{
return !$this->is_active($params);
}
function IsActive($params)
{
return $this->is_active($params);
}
function is_t_active($params)
{
return $this->is_active($params);
}
function CurrentTemplate($params)
{
return $this->is_active($params);
}
/**
* Checks if session variable
* specified by name value match
* value passed as parameter
*
* @param Array $params
* @return string
* @access public
*/
function RecallEquals($params)
{
$name = $this->SelectParam($params, 'name,var');
$value = $params['value'];
if (isset($params['persistent']) && $params['persistent']) {
return $this->Application->RecallPersistentVar($name) == $value;
}
return ($this->Application->RecallVar($name) == $value);
}
/**
* Checks if application variable
* specified by name value match
* value passed as parameter
*
* @param Array $params
* @return bool
* @access public
*/
function GetEquals($params)
{
$name = $this->SelectParam($params, 'var,name,param');
$value = $params['value'];
if ($this->Application->GetVar($name) == $value) {
return 1;
}
}
/**
* Includes template
* and returns it's
* parsed version
*
* @param Array $params
* @return string
* @access public
*/
function MyInclude($params)
{
if (defined('NPARSER') && NPARSER) {
return $this->Application->Parser->IncludeTemplate($params, isset($params['is_silent']) ? 1 : 0);
}
$BlockParser =& $this->Application->makeClass('TemplateParser');
/* @var $BlockParser TemplateParser */
// $BlockParser->SetParams($params);
$parser =& $this->Application->Parser;
$this->Application->Parser =& $BlockParser;
// this is for the parser to know the master template in case an error occurs,
// ParseTemplate will reset it anyway, but this will allow error handler to display the tempalte
// which tries to include missing template for example
$this->Application->Parser->TemplateName = $parser->TemplateName;
$t = $this->SelectParam($params, 't,template,block,name');
$t = eregi_replace("\.tpl$", '', $t);
if (!$t) {
trigger_error('Template name not specified in <b>&lt;inp2:m_include .../&gt;</b> tag', E_USER_ERROR);
}
if (isset($this->Application->PreParsedBlocks[$t]) ) {
$params['name'] = $t;
$res = $this->Application->ParseBlock($params);
}
else {
$res = $BlockParser->ParseTemplate($t, 1, $params, isset($params['is_silent']) ? 1 : 0 );
}
if (!$BlockParser->DataExists && ((isset($params['data_exists']) && $params['data_exists']) || isset($params['block_no_data']))) {
if ($block_no_data = getArrayValue($params, 'block_no_data')) {
if (isset($this->Application->PreParsedBlocks[$block_no_data]) ) {
// block_no_data is another block name
$res = $this->Application->ParseBlock(Array('name' => $block_no_data));
}
else {
// block_no_data is template name (only looks through real templates)
$res = $BlockParser->ParseTemplate($block_no_data, 1, Array(), getArrayValue($params, 'is_silent'));
}
}
else {
$res = '';
}
}
$this->Application->Parser =& $parser;
$this->Application->Parser->DataExists = $this->Application->Parser->DataExists || $BlockParser->DataExists;
if (isset($params['return_params']) && $params['return_params']) {
$new_params = array_merge($this->Application->Parser->Params, $BlockParser->ParamsStack[0]);
$this->Application->Parser->SetParams($new_params, false);
}
return $res;
}
function ModuleInclude($params)
{
$ret = '';
$block_params = array_merge($params, Array('is_silent' => 2)); // don't make fatal errors in case if template is missing
$current_template = $this->Application->GetVar('t');
$replace_main = isset($params['replace_m']) && $params['replace_m'];
$skip_prefixes = isset($params['skip_prefixes']) ? explode(',', $params['skip_prefixes']) : Array();
$cms_mode = $this->Application->GetVar('admin');
foreach ($this->Application->ModuleInfo as $module_name => $module_data) {
$module_key = mb_strtolower($module_name);
if ($module_name == 'In-Portal') {
if (!$cms_mode && $this->Application->IsAdmin()) {
// don't process In-Portal templates in admin
continue;
}
// Front-End still relies on In-Portal module
$module_prefix = $module_data['TemplatePath'];
}
else {
$module_prefix = $this->Application->IsAdmin() ? $module_key.'/' : rtrim($module_data['TemplatePath'], '/').'/';
}
$block_params['t'] = $module_prefix.$this->SelectParam($params, $module_key.'_template,'.$module_key.'_t,template,t');
$check_prefix = $module_data['Var'];
if ($check_prefix == 'adm' && $replace_main) {
$check_prefix = 'c';
}
if ($block_params['t'] == $current_template || in_array($check_prefix, $skip_prefixes)) {
continue;
}
$no_data = $this->SelectParam($params, $module_key.'_block_no_data,block_no_data');
if ($no_data) {
$block_params['block_no_data'] = $module_prefix.'/'.$no_data;
}
$ret .= $this->MyInclude($block_params);
}
return $ret;
}
function ModuleEnabled($params)
{
return $this->Application->isModuleEnabled( $params['module'] );
}
/*function Kernel_Scripts($params)
{
return '<script type="text/javascript" src="'.PROTOCOL.SERVER_NAME.BASE_PATH.'/kernel3/js/grid.js"></script>';
}*/
/*function GetUserPermission($params)
{
// echo"GetUserPermission $params[name]";
if ($this->Application->RecallVar('user_type') == 1)
return 1;
else {
$perm_name = $params[name];
$aPermissions = unserialize($this->Application->RecallVar('user_permissions'));
if ($aPermissions)
return $aPermissions[$perm_name];
}
}*/
/**
* Set's parser block param value
*
* @param Array $params
* @access public
*/
function AddParam($params)
{
$parser =& $this->Application->Parser; // recallObject('TemplateParser');
foreach ($params as $param => $value) {
$this->Application->SetVar($param, $value);
$parser->SetParam($param, $value);
$parser->AddParam('/\$'.$param.'/', $value);
}
}
/*function ParseToVar($params)
{
$var = $params['var'];
$tagdata = $params['tag'];
$parser =& $this->Application->Parser; //recallObject('TemplateParser');
$res = $this->Application->ProcessTag($tagdata);
$parser->SetParam($var, $res);
$parser->AddParam('/\$'.$var.'/', $res);
return '';
}*/
/*function TagNotEmpty($params)
{
$tagdata = $params['tag'];
$res = $this->Application->ProcessTag($tagdata);
return $res != '';
}*/
/*function TagEmpty($params)
{
return !$this->TagNotEmpty($params);
}*/
/**
* Checks if debug mode is on
*
* @param Array $params
* @return bool
* @access public
*/
function IsDebugMode($params)
{
return $this->Application->isDebugMode();
}
function MassParse($params)
{
$qty = $params['qty'];
$block = $params['block'];
$mode = $params['mode'];
$o = '';
if ($mode == 'func') {
$func = create_function('$params', '
$o = \'<tr>\';
$o.= \'<td>a\'.$params[\'param1\'].\'</td>\';
$o.= \'<td>a\'.$params[\'param2\'].\'</td>\';
$o.= \'<td>a\'.$params[\'param3\'].\'</td>\';
$o.= \'<td>a\'.$params[\'param4\'].\'</td>\';
$o.= \'</tr>\';
return $o;
');
for ($i=1; $i<$qty; $i++) {
$block_params['param1'] = rand(1, 10000);
$block_params['param2'] = rand(1, 10000);
$block_params['param3'] = rand(1, 10000);
$block_params['param4'] = rand(1, 10000);
$o .= $func($block_params);
}
return $o;
}
$block_params['name'] = $block;
for ($i=0; $i<$qty; $i++) {
$block_params['param1'] = rand(1, 10000);
$block_params['param2'] = rand(1, 10000);
$block_params['param3'] = rand(1, 10000);
$block_params['param4'] = rand(1, 10000);
$block_params['passed'] = $params['passed'];
$block_params['prefix'] = 'm';
$o.= $this->Application->ParseBlock($block_params, 1);
}
return $o;
}
function LoggedIn($params)
{
return $this->Application->LoggedIn();
}
/**
* Allows to check if permission exists directly in template and perform additional actions if required
*
* @param Array $params
* @return bool
*/
function CheckPermission($params)
{
$perm_helper =& $this->Application->recallObject('PermissionsHelper');
return $perm_helper->TagPermissionCheck($params);
}
/**
* Checks if user is logged in and if not redirects it to template passed
*
* @param Array $params
*/
function RequireLogin($params)
{
$t = $this->Application->GetVar('t');
if ($next_t = getArrayValue($params, 'next_template')) {
$t = $next_t;
}
// check by permissions: begin
if ((isset($params['perm_event']) && $params['perm_event']) ||
(isset($params['perm_prefix']) && $params['perm_prefix']) ||
(isset($params['permissions']) && $params['permissions'])) {
$perm_helper =& $this->Application->recallObject('PermissionsHelper');
/* @var $perm_helper kPermissionsHelper */
$perm_status = $perm_helper->TagPermissionCheck($params);
if (!$perm_status) {
list($redirect_template, $redirect_params) = $perm_helper->getPermissionTemplate($params);
$this->Application->Redirect($redirect_template, $redirect_params);
}
else {
return ;
}
}
// check by permissions: end
// check by configuration value: begin
$condition = getArrayValue($params, 'condition');
if (!$condition) {
$condition = true;
}
else {
if (substr($condition, 0, 1) == '!') {
$condition = !$this->Application->ConfigValue(substr($condition, 1));
}
else {
$condition = $this->Application->ConfigValue($condition);
}
}
// check by configuration value: end
// check by belonging to group: begin
$group = $this->SelectParam($params, 'group');
$group_access = true;
if ($group) {
$conn =& $this->Application->GetADODBConnection();
$group_id = $conn->GetOne('SELECT GroupId FROM '.TABLE_PREFIX.'PortalGroup WHERE Name = '.$conn->qstr($group));
if ($group_id) {
$groups = explode(',', $this->Application->RecallVar('UserGroups'));
$group_access = in_array($group_id, $groups);
}
}
// check by belonging to group: end
if ((!$this->Application->LoggedIn() || !$group_access) && $condition) {
- $redirect_params = $this->Application->HttpQuery->getRedirectParams();
+ $redirect_params = $this->Application->HttpQuery->getRedirectParams(true);
$redirect_params['next_template'] = $t;
if (array_key_exists('pass_category', $params)) {
$redirect_params['pass_category'] = $params['pass_category'];
}
if ( $this->Application->LoggedIn() && !$group_access) {
$this->Application->Redirect( $params['no_group_perm_template'], $redirect_params);
}
- $redirect_params['lang_mode'] = ''; // if expiration happens while editing language it will be in temp mode
- $redirect_params['m_wid'] = ''; // remove wid, otherwise parent window may add wid to its name breaking all the frameset (for <a> targets)
$this->Application->Redirect($params['login_template'], $redirect_params);
}
}
function IsMember($params)
{
$group = getArrayValue($params, 'group');
$conn =& $this->Application->DB;
$group_id = $conn->GetOne('SELECT GroupId FROM '.TABLE_PREFIX.'PortalGroup WHERE Name = '.$conn->qstr($group));
if ($group_id) {
$groups = explode(',', $this->Application->RecallVar('UserGroups'));
$group_access = in_array($group_id, $groups);
}
return $group_access;
}
/**
* Checks if SSL is on and redirects to SSL URL if needed
* If SSL_URL is not defined in config - the tag does not do anything
* If for_logged_in_only="1" exits if user is not logged in.
* If called without params forces https right away. If called with by_config="1" checks the
* Require SSL setting from General Config and if it is ON forces https
*
* @param unknown_type $params
*/
function CheckSSL($params)
{
$ssl = $this->Application->IsAdmin() ? $this->Application->ConfigValue('AdminSSL_URL') : false;
if (!$ssl) {
// not in admin or admin ssl url is empty
$ssl = $this->Application->ConfigValue('SSL_URL');
}
if (!$ssl) return; //SSL URL is not set - no way to require SSL
$require = false;
if (isset($params['mode']) && $params['mode'] == 'required') {
$require = true;
if (isset($params['for_logged_in_only']) && $params['for_logged_in_only'] && !$this->Application->LoggedIn()) {
$require = false;
}
if (isset($params['condition'])) {
if (!$this->Application->ConfigValue($params['condition'])) {
$require = false;
}
}
}
$http_query =& $this->Application->recallObject('HTTPQuery');
$pass = $http_query->getRedirectParams();
if ($require) {
if (PROTOCOL == 'https://') {
$this->Application->SetVar('__KEEP_SSL__', 1);
return;
}
$this->Application->Redirect('', array_merge_recursive2($pass, Array('__SSL__' => 1)));
}
else {
if (PROTOCOL == 'https://' && $this->Application->ConfigValue('Force_HTTP_When_SSL_Not_Required')) {
if ($this->Application->GetVar('__KEEP_SSL__')) return;
// $pass_more = Array ('pass' => 'm', 'm_cat_id' => 0, '__SSL__' => 0);
$this->Application->Redirect('', array_merge_recursive2($pass, Array('__SSL__' => 0))); // $pass_more
}
}
}
function ConstOn($params)
{
$name = $this->SelectParam($params,'name,const');
return constOn($name);
}
function SetDefaultCategory($params)
{
$category_id = $this->Application->findModule('Name', $params['module'], 'RootCat');
$this->Application->SetVar('m_cat_id', $category_id);
}
function XMLTemplate($params)
{
safeDefine('DBG_SKIP_REPORTING', 1);
if (isset($params['cache']) && $params['cache']) {
$nextyear = intval(date('Y') + 1);
$format = "D, d M Y H:i:s";
$expiration = gmdate($format, mktime() + $params['cache']).' GMT';
$last_modified = mktime();
header ('Cache-Control: public, cache, max-age='.$params['cache']);
header ("Expires: $expiration");
header ('Pragma: public');
// Getting headers sent by the client.
$headers = request_headers();
// Checking if the client is validating his cache and if it is current.
if (isset($headers['If-Modified-Since']) && (strtotime($headers['If-Modified-Since']) > $last_modified-$params['cache'])) {
// Client's cache IS current, so we just respond '304 Not Modified'.
header('Last-Modified: '.date($format, strtotime($headers['If-Modified-Since'])).' GMT', true, 304);
exit();
} else {
// Image not cached or cache outdated, we respond '200 OK' and output the image.
header('Last-Modified: '.gmdate($format, $last_modified).' GMT', true, 200);
}
}
// xml documents are usually long
set_time_limit(0);
ini_set('memory_limit', -1);
return $this->Application->XMLHeader(getArrayValue($params, 'xml_version'));
}
function Header($params)
{
header($params['data']);
}
function NoDebug($params)
{
if (!$this->Application->GetVar('debug')) {
define('DBG_SKIP_REPORTING', 1);
}
}
function RootCategoryName($params)
{
$root_phrase = $this->Application->ConfigValue('Root_Name');
return $this->Application->Phrase($root_phrase);
}
/**
* Allows to attach file directly from email event template
*
* @param Array $params
*/
function AttachFile($params)
{
$esender =& $application->recallObject('EmailSender'.(isset($params['special']) ? '.'.$params['special'] : ''));
/* @var $esender kEmailSendingHelper */
$path = FULL_PATH.'/'.$params['path'];
if (file_exists($path)) {
$esender->AddAttachment($path);
}
}
function CaptchaImage($params){
$captcha_helper =& $this->Application->recallObject('CaptchaHelper');
/* @var $captcha_helper kCaptchaHelper */
$captcha_helper->GenerateCaptchaImage(
$this->Application->RecallVar($this->Application->GetVar('var')),
$this->Application->GetVar('w'),
$this->Application->GetVar('h'),
true
);
}
function SID($params)
{
return $this->Application->GetSID();
}
function ModuleInfo($params)
{
return $this->Application->findModule($params['key'], $params['value'], $params['return']);
}
function Random($params)
{
return rand(1, 100000000);
}
/**
* Prints parser params, available at current deep level
*
* @param Array $params
* @return string
*/
function PrintCurrentParams($params)
{
$current_params = $this->Application->Parser->Params;
foreach ($current_params as $param_name => $param_value) {
$current_params[$param_name] = $param_name . ' = "' . $param_value . '"';
}
return '<pre>' . implode("\n", $current_params) . '</pre>';
}
/**
* Gets previously defined counter result
*
* @param Array $params
* @return int
*/
function GetCounter($params)
{
return $this->Application->getCounter($params['name'], $params);
}
/**
* Increments PageHit counter
*
* @param Array $params
* @return int
*/
function RegisterPageHit($params)
{
if ($this->Application->ConfigValue('UsePageHitCounter')) {
$db =& $this->Application->GetADODBConnection();
// get current counte
$sql = 'SELECT VariableValue
FROM '.TABLE_PREFIX.'ConfigurationValues
WHERE VariableName = "PageHitCounter"';
$page_counter = (int)$db->GetOne($sql);
$sql = 'UPDATE LOW_PRIORITY '.TABLE_PREFIX.'ConfigurationValues
SET VariableValue = '.($page_counter + 1).'
WHERE VariableName = "PageHitCounter"';
$db->Query($sql);
}
}
function Timestamp($params)
{
$format = isset($params['format']) ? $params['format'] : 'd.m.Y H:i:s';
return adodb_date($format);
}
}
Index: branches/RC/core/kernel/session/session.php
===================================================================
--- branches/RC/core/kernel/session/session.php (revision 11864)
+++ branches/RC/core/kernel/session/session.php (revision 11865)
@@ -1,1131 +1,1155 @@
<?php
/*
The session works the following way:
1. When a visitor loads a page from the site the script checks if cookies_on varibale has been passed to it as a cookie.
2. If it has been passed, the script tries to get Session ID (SID) from the request:
3. Depending on session mode the script is getting SID differently.
The following modes are available:
smAUTO - Automatic mode: if cookies are on at the client side, the script relays only on cookies and
ignore all other methods of passing SID.
If cookies are off at the client side, the script relays on SID passed through query string
and referal passed by the client. THIS METHOD IS NOT 100% SECURE, as long as attacker may
get SID and substitude referal to gain access to user' session. One of the faults of this method
is that the session is only created when the visitor clicks the first link on the site, so
there is NO session at the first load of the page. (Actually there is a session, but it gets lost
after the first click because we do not use SID in query string while we are not sure if we need it)
smCOOKIES_ONLY - Cookies only: in this mode the script relays solely on cookies passed from the browser
and ignores all other methods. In this mode there is no way to use sessions for clients
without cookies support or cookies support disabled. The cookies are stored with the
full domain name and path to base-directory of script installation.
smGET_ONLY - GET only: the script will not set any cookies and will use only SID passed in
query string using GET, it will also check referal. The script will set SID at the
first load of the page
smCOOKIES_AND_GET - Combined mode: the script will use both cookies and GET right from the start. If client has
cookies enabled, the script will check SID stored in cookie and passed in query string, and will
use this SID only if both cookie and query string matches. However if cookies are disabled on the
client side, the script will work the same way as in GET_ONLY mode.
4. After the script has the SID it tries to load it from the Storage (default is database)
5. If such SID is found in the database, the script checks its expiration time. If session is not expired, it updates
its expiration, and resend the cookie (if applicable to session mode)
6. Then the script loads all the data (session variables) pertaining to the SID.
Usage:
$session = new Session(smAUTO); //smAUTO is default, you could just leave the brackets empty, or provide another mode
$session->SetCookieDomain('my.domain.com');
$session->SetCookiePath('/myscript');
$session->SetCookieName('my_sid_cookie');
$session->SetGETName('sid');
$session->InitSession();
...
//link output:
echo "<a href='index.php?'". ( $session->NeedQueryString() ? 'sid='.$session->SID : '' ) .">My Link</a>";
*/
//Implements session storage in the database
class SessionStorage extends kDBBase {
var $Expiration;
var $SessionTimeout=0;
var $DirectVars = Array();
var $ChangedDirectVars = Array();
var $PersistentVars = Array ();
var $OriginalData=Array();
var $TimestampField;
var $SessionDataTable;
var $DataValueField;
var $DataVarField;
function Init($prefix,$special)
{
parent::Init($prefix,$special);
$this->setTableName('sessions');
$this->setIDField('sid');
$this->TimestampField = 'expire';
$this->SessionDataTable = 'SessionData';
$this->DataValueField = 'value';
$this->DataVarField = 'var';
}
function setSessionTimeout($new_timeout)
{
$this->SessionTimeout = $new_timeout;
}
function StoreSession(&$session, $additional_fields = Array())
{
if (defined('IS_INSTALL') && IS_INSTALL && !$this->Application->TableFound($this->TableName)) {
return false;
}
$fields_hash = Array (
$this->IDField => $session->SID,
$this->TimestampField => $session->Expiration
);
$fields_hash = array_merge($fields_hash, $additional_fields);
$this->Conn->doInsert($fields_hash, $this->TableName);
foreach ($additional_fields as $field_name => $field_value) {
$this->SetField($session, $field_name, $field_value);
}
}
function DeleteSession(&$session)
{
$query = ' DELETE FROM '.$this->TableName.' WHERE '.$this->IDField.' = '.$this->Conn->qstr($session->SID);
$this->Conn->Query($query);
$query = ' DELETE FROM '.$this->SessionDataTable.' WHERE '.$this->IDField.' = '.$this->Conn->qstr($session->SID);
$this->Conn->Query($query);
$this->OriginalData = Array();
}
function UpdateSession(&$session, $timeout=0)
{
$this->SetField($session, $this->TimestampField, $session->Expiration);
$query = ' UPDATE '.$this->TableName.' SET '.$this->TimestampField.' = '.$session->Expiration.' WHERE '.$this->IDField.' = '.$this->Conn->qstr($session->SID);
$this->Conn->Query($query);
}
function LocateSession($sid)
{
$query = ' SELECT * FROM '.$this->TableName.' WHERE '.$this->IDField.' = '.$this->Conn->qstr($sid);
$result = $this->Conn->GetRow($query);
if ($result === false) {
return false;
}
$this->DirectVars = $result;
$this->Expiration = $result[$this->TimestampField];
return true;
}
function GetExpiration()
{
return $this->Expiration;
}
function LoadData(&$session)
{
$query = 'SELECT '.$this->DataValueField.','.$this->DataVarField.' FROM '.$this->SessionDataTable.' WHERE '.$this->IDField.' = '.$this->Conn->qstr($session->SID);
$this->OriginalData = $this->Conn->GetCol($query, $this->DataVarField);
return $this->OriginalData;
}
/**
* Enter description here...
*
* @param Session $session
* @param string $var_name
* @param mixed $default
*/
function GetField(&$session, $var_name, $default = false)
{
return isset($this->DirectVars[$var_name]) ? $this->DirectVars[$var_name] : $default;
//return $this->Conn->GetOne('SELECT '.$var_name.' FROM '.$this->TableName.' WHERE `'.$this->IDField.'` = '.$this->Conn->qstr($session->GetID()) );
}
function SetField(&$session, $var_name, $value)
{
$value_changed = !isset($this->DirectVars[$var_name]) || ($this->DirectVars[$var_name] != $value);
if ($value_changed) {
$this->DirectVars[$var_name] = $value;
$this->ChangedDirectVars[] = $var_name;
$this->ChangedDirectVars = array_unique($this->ChangedDirectVars);
}
//return $this->Conn->Query('UPDATE '.$this->TableName.' SET '.$var_name.' = '.$this->Conn->qstr($value).' WHERE '.$this->IDField.' = '.$this->Conn->qstr($session->GetID()) );
}
function SaveData(&$session)
{
if(!$session->SID) return false; // can't save without sid
$ses_data = $session->Data->GetParams();
$replace = '';
foreach ($ses_data as $key => $value)
{
if ( isset($this->OriginalData[$key]) && $this->OriginalData[$key] == $value)
{
continue; //skip unchanged session data
}
else
{
$replace .= sprintf("(%s, %s, %s),",
$this->Conn->qstr($session->SID),
$this->Conn->qstr($key),
$this->Conn->qstr($value));
}
}
$replace = rtrim($replace, ',');
if ($replace != '') {
$query = ' REPLACE INTO '.$this->SessionDataTable. ' ('.$this->IDField.', '.$this->DataVarField.', '.$this->DataValueField.') VALUES '.$replace;
$this->Conn->Query($query);
}
if ($this->ChangedDirectVars) {
$changes = array();
foreach ($this->ChangedDirectVars as $var) {
$changes[] = $var.' = '.$this->Conn->qstr($this->DirectVars[$var]);
}
$query = 'UPDATE '.$this->TableName.' SET '.implode(',', $changes).' WHERE '.$this->IDField.' = '.$this->Conn->qstr($session->GetID());
$this->Conn->Query($query);
}
}
function RemoveFromData(&$session, $var)
{
$query = 'DELETE FROM '.$this->SessionDataTable.' WHERE '.$this->IDField.' = '.$this->Conn->qstr($session->SID).
' AND '.$this->DataVarField.' = '.$this->Conn->qstr($var);
$this->Conn->Query($query);
unset($this->OriginalData[$var]);
}
function GetFromData(&$session, $var)
{
return getArrayValue($this->OriginalData, $var);
}
function GetExpiredSIDs()
{
$query = ' SELECT '.$this->IDField.' FROM '.$this->TableName.' WHERE '.$this->TimestampField.' > '.adodb_mktime();
return $this->Conn->GetCol($query);
}
function DeleteExpired()
{
$expired_sids = $this->GetExpiredSIDs();
if ($expired_sids) {
$sessionlog_table = $this->Application->getUnitOption('session-log', 'TableName');
$session_log_sql =
' UPDATE '.$sessionlog_table.'
SET Status = 2, SessionEnd =
( SELECT '.$this->TimestampField.' - '.$this->SessionTimeout.'
FROM '.$this->TableName.'
WHERE '.$this->IDField.' = '.$sessionlog_table.'.SessionId
)
WHERE Status = 0 AND SessionId IN ('.join(',', $expired_sids).')';
if ($sessionlog_table) {
$this->Conn->Query($session_log_sql);
}
$where_clause = ' WHERE '.$this->IDField.' IN ("'.implode('","',$expired_sids).'")';
$sql = 'DELETE FROM '.$this->SessionDataTable.$where_clause;
$this->Conn->Query($sql);
$sql = 'DELETE FROM '.$this->TableName.$where_clause;
$this->Conn->Query($sql);
// delete debugger ouputs left of expired sessions
foreach ($expired_sids as $expired_sid) {
$debug_file = (defined('WRITEABLE') ? WRITEABLE : FULL_PATH.'/kernel').'/cache/debug_@'.$expired_sid.'@.txt';
if (file_exists($debug_file)) {
@unlink($debug_file);
}
}
}
return $expired_sids;
}
function LoadPersistentVars(&$session)
{
$user_id = $session->RecallVar('user_id');
if ($user_id != -2) {
// root & normal users
$sql = 'SELECT VariableValue, VariableName
FROM '.TABLE_PREFIX.'PersistantSessionData
WHERE PortalUserId = '.$user_id;
$this->PersistentVars = $this->Conn->GetCol($sql, 'VariableName');
}
else {
$this->PersistentVars = Array ();
}
}
/**
* Stores variable to persistent session
*
* @param Session $session
* @param string $var_name
* @param mixed $var_value
*/
function StorePersistentVar(&$session, $var_name, $var_value)
{
$user_id = $session->RecallVar('user_id');
if ($user_id == -2 || $user_id === false) {
// -2 (when not logged in), false (when after u:OnLogout event)
$session->StoreVar($var_name, $var_value);
return ;
}
$this->PersistentVars[$var_name] = $var_value;
$key_clause = 'PortalUserId = '.$user_id.' AND VariableName = '.$this->Conn->qstr($var_name);
$sql = 'SELECT VariableName
FROM '.TABLE_PREFIX.'PersistantSessionData
WHERE '.$key_clause;
$record_found = $this->Conn->GetOne($sql);
$fields_hash = Array (
'PortalUserId' => $user_id,
'VariableName' => $var_name,
'VariableValue' => $var_value,
);
if ($record_found) {
$this->Conn->doUpdate($fields_hash, TABLE_PREFIX.'PersistantSessionData', $key_clause);
}
else {
$this->Conn->doInsert($fields_hash, TABLE_PREFIX.'PersistantSessionData');
}
}
/**
* Gets persistent variable
*
* @param Session $session
* @param string $var_name
* @param mixed $default
* @return mixed
*/
function RecallPersistentVar(&$session, $var_name, $default = false)
{
if ($session->RecallVar('user_id') == -2) {
if ($default == ALLOW_DEFAULT_SETTINGS) {
$default = null;
}
return $session->RecallVar($var_name, $default);
}
if (array_key_exists($var_name, $this->PersistentVars)) {
return $this->PersistentVars[$var_name];
}
elseif ($default == ALLOW_DEFAULT_SETTINGS) {
$default_user_id = $this->Application->ConfigValue('DefaultSettingsUserId');
if (!$default_user_id) {
$default_user_id = -1;
}
$sql = 'SELECT VariableValue, VariableName
FROM '.TABLE_PREFIX.'PersistantSessionData
WHERE VariableName = '.$this->Conn->qstr($var_name).' AND PortalUserId = '.$default_user_id;
$value = $this->Conn->GetOne($sql);
$this->PersistentVars[$var_name] = $value;
if ($value !== false) {
$this->StorePersistentVar($session, $var_name, $value); //storing it, so next time we don't load default user setting
}
return $value;
}
else {
return $default;
}
}
function RemovePersistentVar(&$session, $var_name)
{
unset($this->PersistentVars[$var_name]);
$user_id = $session->RecallVar('user_id');
if ($user_id != -2) {
$sql = 'DELETE FROM '.TABLE_PREFIX.'PersistantSessionData
WHERE PortalUserId = '.$user_id.' AND VariableName = '.$this->Conn->qstr($var_name);
$this->Conn->Query($sql);
}
}
}
define('smAUTO', 1);
define('smCOOKIES_ONLY', 2);
define('smGET_ONLY', 3);
define('smCOOKIES_AND_GET', 4);
class Session extends kBase {
var $Checkers;
var $Mode;
var $OriginalMode = null;
var $GETName = 'sid';
var $CookiesEnabled = true;
var $CookieName = 'sid';
var $CookieDomain;
var $CookiePath;
var $CookieSecure = 0;
var $SessionTimeout = 3600;
var $Expiration;
var $SID;
var $CachedSID;
var $SessionSet = false;
/**
* Enter description here...
*
* @var SessionStorage
*/
var $Storage;
var $CachedNeedQueryString = null;
/**
* Session Data array
*
* @var Params
*/
var $Data;
/**
* Names of optional session keys (which does not need to be always stored
*
* @var array
*/
var $OptionalData = array();
function Session($mode=smAUTO)
{
parent::kBase();
$this->SetMode($mode);
}
function SetMode($mode)
{
$this->Mode = $mode;
$this->CachedNeedQueryString = null;
$this->CachedSID = null;
}
function SetCookiePath($path)
{
$this->CookiePath = str_replace(' ', '%20', $path);
}
/**
* Setting cookie domain. Set false for local domains, because they don't contain dots in their names.
*
* @param string $domain
*/
function SetCookieDomain($domain)
{
$this->CookieDomain = substr_count($domain, '.') ? '.'.ltrim($domain, '.') : false;
}
function SetGETName($get_name)
{
$this->GETName = $get_name;
}
function SetCookieName($cookie_name)
{
$this->CookieName = $cookie_name;
}
function InitStorage($special)
{
$this->Storage =& $this->Application->recallObject('SessionStorage.'.$special);
$this->Storage->setSessionTimeout($this->SessionTimeout);
}
function Init($prefix,$special)
{
parent::Init($prefix,$special);
$this->CheckIfCookiesAreOn();
if ($this->CookiesEnabled) $_COOKIE['cookies_on'] = 1;
$this->Checkers = Array();
$this->InitStorage($special);
$this->Data = new Params();
$tmp_sid = $this->GetPassedSIDValue();
$check = $this->Check();
+
+ if ($this->Application->IsAdmin()) {
+ // 1. Front-End session may not be created (SID is present, but no data in database).
+ // Check expiration LATER from kApplication::Init, because template, used in session
+ // expiration redirect should be retrieved from mod-rewrite url first.
+
+ // 2. Admin sessions are always created, so case when SID is present,
+ // but session in database isn't is 100% session expired. Check expiration
+ // HERE because Session::SetSession will create missing session in database
+ // and when Session::ValidateExpired will be called later from kApplication::Init
+ // it won't consider such session as expired !!!
+ $this->ValidateExpired();
+ }
+
if ($check) {
$this->SID = $this->GetPassedSIDValue();
$this->Refresh();
$this->LoadData();
}
else {
$this->SetSession();
}
if (!is_null($this->OriginalMode)) $this->SetMode($this->OriginalMode);
}
- function ValidateExpired() {
- if( !(defined('IS_INSTALL') && IS_INSTALL) )
- {
- $expired_sids = $this->DeleteExpired();
- if ( ( $expired_sids && in_array($this->CachedSID,$expired_sids) ) || ( $this->CachedSID && !$this->SessionSet ) ) {
- $this->RemoveSessionCookie();
- // true was here to force new session creation, but I used RemoveCookie a line above, to avoid redirect loop with expired sid not being removed
- // setSession with true was used before, to set NEW session cookie
- $this->SetSession();
- $this->Application->HandleEvent($event, 'u:OnSessionExpire');
- return ;
- }
+ function ValidateExpired()
+ {
+ if (defined('IS_INSTALL') && IS_INSTALL) {
+ return ;
+ }
+
+ $expired_sids = $this->DeleteExpired();
+ $my_sid_expired = in_array($this->CachedSID, $expired_sids);
+
+ if ( ($expired_sids && $my_sid_expired) || ($this->CachedSID && !$this->SessionSet) ) {
+ $this->RemoveSessionCookie();
+ // true was here to force new session creation, but I (kostja) used
+ // RemoveCookie a line above, to avoid redirect loop with expired sid
+ // not being removed setSession with true was used before, to set NEW
+ // session cookie
+ $this->SetSession();
+
+ // case #1: I've OR other site visitor expired my session
+ // case #2: I have no session in database, but SID is present
+ $expire_event = new kEvent('u:OnSessionExpire');
+ $this->Application->HandleEvent($expire_event);
}
}
function IsHTTPSRedirect()
{
$http_referer = getArrayValue($_SERVER, 'HTTP_REFERER');
return (
( PROTOCOL == 'https://' && preg_match('#http:\/\/#', $http_referer) )
||
( PROTOCOL == 'http://' && preg_match('#https:\/\/#', $http_referer) )
);
}
function CheckReferer($for_cookies=0)
{
if (!$for_cookies) {
if ( !$this->Application->ConfigValue('SessionReferrerCheck') || $_SERVER['REQUEST_METHOD'] != 'POST') {
return true;
}
}
$path = preg_replace('/admin[\/]{0,1}$/', '', $this->CookiePath); // removing /admin for compatability with in-portal (in-link/admin/add_link.php)
$reg = '#^'.preg_quote(PROTOCOL.ltrim($this->CookieDomain, '.').$path).'#';
return preg_match($reg, getArrayValue($_SERVER, 'HTTP_REFERER') ) || (defined('IS_POPUP') && IS_POPUP);
}
/*function CheckDuplicateCookies()
{
if (isset($_SERVER['HTTP_COOKIE'])) {
$cookie_str = $_SERVER['HTTP_COOKIE'];
$cookies = explode('; ', $cookie_str);
$all_cookies = array();
foreach ($cookies as $cookie) {
list($name, $value) = explode('=', $cookie);
if (isset($all_cookies[$name])) {
//double cookie name!!!
$this->RemoveCookie($name);
}
else $all_cookies[$name] = $value;
}
}
}
function RemoveCookie($name)
{
$path = $_SERVER['PHP_SELF'];
$path_parts = explode('/', $path);
$cur_path = '';
setcookie($name, false, null, $cur_path);
foreach ($path_parts as $part) {
$cur_path .= $part;
setcookie($name, false, null, $cur_path);
$cur_path .= '/';
setcookie($name, false, null, $cur_path);
}
}*/
function CheckIfCookiesAreOn()
{
// $this->CheckDuplicateCookies();
if ($this->Mode == smGET_ONLY)
{
//we don't need to bother checking if we would not use it
$this->CookiesEnabled = false;
return;
}
$http_query =& $this->Application->recallObject('HTTPQuery');
$cookies_on = isset($http_query->Cookie['cookies_on']); // not good here
$get_sid = getArrayValue($http_query->Get, $this->GETName);
if ($this->IsHTTPSRedirect() && $get_sid) { //Redirect from http to https on different domain
$this->OriginalMode = $this->Mode;
$this->SetMode(smGET_ONLY);
}
if (!$cookies_on || $this->IsHTTPSRedirect()) {
//If referer is our server, but we don't have our cookies_on, it's definetly off
$is_install = defined('IS_INSTALL') && IS_INSTALL;
if (!$is_install && $this->CheckReferer(1) && !$this->Application->GetVar('admin') && !$this->IsHTTPSRedirect()) {
$this->CookiesEnabled = false;
}
else {
//Otherwise we still suppose cookies are on, because may be it's the first time user visits the site
//So we send cookies on to get it next time (when referal will tell us if they are realy off
$this->SetCookie('cookies_on', 1, adodb_mktime() + 31104000); //one year should be enough
}
}
else
$this->CookiesEnabled = true;
return $this->CookiesEnabled;
}
/**
* Sets cookie for current site using path and domain
*
* @param string $name
* @param mixed $value
* @param int $expires
*/
function SetCookie($name, $value, $expires = null)
{
setcookie($name, $value, $expires, $this->CookiePath, $this->CookieDomain, $this->CookieSecure);
}
function Check()
{
// we should check referer if cookies are disabled, and in combined mode
// auto mode would detect cookies, get only mode would turn it off - so we would get here
// and we don't care about referal in cookies only mode
if ( $this->Mode != smCOOKIES_ONLY && (!$this->CookiesEnabled || $this->Mode == smCOOKIES_AND_GET) ) {
if (!$this->CheckReferer())
return false;
}
$sid = $this->GetPassedSIDValue();
if (empty($sid)) return false;
//try to load session by sid, if everything is fine
$result = $this->LoadSession($sid);
$this->SessionSet = $result;
return $result;
}
function LoadSession($sid)
{
if( $this->Storage->LocateSession($sid) ) {
//if we have session with such SID - get its expiration
$this->Expiration = $this->Storage->GetExpiration();
//If session has expired
if ($this->Expiration < adodb_mktime()) {
$this->Destroy();
// when Destory methods calls SetSession inside and new session get created
return $this->SessionSet;
}
//Otherwise it's ok
return true;
}
else //fake or deleted due to expiration SID
return false;
}
function GetPassedSIDValue($use_cache = 1)
{
if (!empty($this->CachedSID) && $use_cache) return $this->CachedSID;
$http_query =& $this->Application->recallObject('HTTPQuery');
$get_sid = getArrayValue($http_query->Get, $this->GETName);
if ($this->Application->GetVar('admin') == 1 && $get_sid) {
$sid = $get_sid;
}
else {
switch ($this->Mode) {
case smAUTO:
//Cookies has the priority - we ignore everything else
$sid = $this->CookiesEnabled ? $this->GetSessionCookie() : $get_sid;
break;
case smCOOKIES_ONLY:
$sid = $this->GetSessionCookie();
break;
case smGET_ONLY:
$sid = $get_sid;
break;
case smCOOKIES_AND_GET:
$cookie_sid = $this->GetSessionCookie();
//both sids should match if cookies are enabled
if (!$this->CookiesEnabled || ($cookie_sid == $get_sid))
{
$sid = $get_sid; //we use get here just in case cookies are disabled
}
else
{
$sid = '';
}
break;
}
}
$this->CachedSID = $sid;
return $this->CachedSID;
}
/**
* Returns session id
*
* @return int
* @access public
*/
function GetID()
{
return $this->SID;
}
/**
* Generates new session id
*
* @return int
* @access private
*/
function GenerateSID()
{
list($usec, $sec) = explode(" ",microtime());
$sid_part_1 = substr($usec, 4, 4);
$sid_part_2 = mt_rand(1,9);
$sid_part_3 = substr($sec, 6, 4);
$digit_one = substr($sid_part_1, 0, 1);
if ($digit_one == 0) {
$digit_one = mt_rand(1,9);
$sid_part_1 = ereg_replace("^0","",$sid_part_1);
$sid_part_1=$digit_one.$sid_part_1;
}
$this->setSID($sid_part_1.$sid_part_2.$sid_part_3);
return $this->SID;
}
/**
* Set's new session id
*
* @param int $new_sid
* @access private
*/
function setSID($new_sid)
{
$this->SID = $this->CachedSID = $new_sid;
$this->Application->SetVar($this->GETName,$new_sid);
}
function NeedSession()
{
$data = $this->Data->GetParams();
$data_keys = array_keys($data);
$optional_keys = array_unique($this->OptionalData);
$real_keys = array_diff($data_keys, $optional_keys);
return $real_keys ? true : false;
}
function SetSession($force = false)
{
if ($this->SessionSet && !$force) return true;
if (!$force && !($this->Application->IsAdmin() || $this->Application->GetVar('admin')) && !$this->NeedSession()) {
+ // don't create session (in db) on Front-End, when sid is present (GPC), but data in db isn't
$this->GenerateSID();
return false;
}
if (!$this->SID || $force) $this->GenerateSID();
$this->Expiration = adodb_mktime() + $this->SessionTimeout;
switch ($this->Mode) {
case smAUTO:
if ($this->CookiesEnabled) {
$this->SetSessionCookie();
}
break;
case smGET_ONLY:
break;
case smCOOKIES_ONLY:
case smCOOKIES_AND_GET:
$this->SetSessionCookie();
break;
}
$this->Storage->StoreSession($this);
if ($this->Application->IsAdmin() || $this->Special == 'admin') {
$this->StoreVar('admin', 1);
}
$this->SessionSet = true; // should be called before SaveData, because SaveData will try to SetSession again
if ($this->Special != '') {
// front-session called from admin or otherwise, then save it's data
$this->SaveData();
}
$this->Application->resetCounters('UserSession');
return true;
}
/**
* Returns SID from cookie.
*
* Use 2 cookies to have 2 expiration:
* - 1. for normal expiration when browser is not closed (30 minutes by default), configurable
* - 2. for advanced expiration when browser is closed
*
* @return int
*/
function GetSessionCookie()
{
$keep_session_on_browser_close = $this->Application->ConfigValue('KeepSessionOnBrowserClose');
if (isset($this->Application->HttpQuery->Cookie[$this->CookieName]) &&
( $keep_session_on_browser_close ||
(
!$keep_session_on_browser_close &&
isset($this->Application->HttpQuery->Cookie[$this->CookieName.'_live'])
&&
$this->Application->HttpQuery->Cookie[$this->CookieName] == $this->Application->HttpQuery->Cookie[$this->CookieName.'_live']
)
)
) {
return $this->Application->HttpQuery->Cookie[$this->CookieName];
}
return false;
}
/**
* Updates SID in cookie with new value
*
*/
function SetSessionCookie()
{
$this->SetCookie($this->CookieName, $this->SID, $this->Expiration);
$this->SetCookie($this->CookieName.'_live', $this->SID);
$_COOKIE[$this->CookieName] = $this->SID; // for compatibility with in-portal
}
function RemoveSessionCookie()
{
$this->SetCookie($this->CookieName, '');
$this->SetCookie($this->CookieName.'_live', '');
$_COOKIE[$this->CookieName] = null; // for compatibility with in-portal
}
/**
* Refreshes session expiration time
*
* @access private
*/
function Refresh()
{
if ($this->Application->GetVar('skip_session_refresh')) {
return ;
}
if ($this->CookiesEnabled) {
// we need to refresh the cookie
$this->SetSessionCookie();
}
$this->Storage->UpdateSession($this);
}
function Destroy()
{
$this->Storage->DeleteSession($this);
$this->Data = new Params();
$this->SID = $this->CachedSID = '';
$this->SessionSet = false;
if ($this->CookiesEnabled) $this->SetSessionCookie(); //will remove the cookie due to value (sid) is empty
$this->SetSession(true); //will create a new session, true to force
}
function NeedQueryString($use_cache = 1)
{
if ($this->CachedNeedQueryString != null && $use_cache) return $this->CachedNeedQueryString;
$result = false;
switch ($this->Mode)
{
case smAUTO:
if (!$this->CookiesEnabled) $result = true;
break;
/*case smCOOKIES_ONLY:
break;*/
case smGET_ONLY:
case smCOOKIES_AND_GET:
$result = true;
break;
}
$this->CachedNeedQueryString = $result;
return $result;
}
function LoadData()
{
$this->Data->AddParams($this->Storage->LoadData($this));
}
function PrintSession($comment='')
{
if($this->Application->isDebugMode() && constOn('DBG_SHOW_SESSIONDATA')) {
// dump session data
$this->Application->Debugger->appendHTML('SessionStorage [' . ($this->RecallVar('admin') == 1 ? 'Admin' : 'Front-End') . '] ('.$comment.'):');
$session_data = $this->Data->GetParams();
ksort($session_data);
foreach ($session_data as $session_key => $session_value) {
if (IsSerialized($session_value)) {
$session_data[$session_key] = unserialize($session_value);
}
}
$this->Application->Debugger->dumpVars($session_data);
}
if ($this->Application->isDebugMode() && constOn('DBG_SHOW_PERSISTENTDATA')) {
// dump persistent session data
if ($this->Storage->PersistentVars) {
$this->Application->Debugger->appendHTML('Persistant Session:');
$session_data = $this->Storage->PersistentVars;
ksort($session_data);
foreach ($session_data as $session_key => $session_value) {
if (IsSerialized($session_value)) {
$session_data[$session_key] = unserialize($session_value);
}
}
$this->Application->Debugger->dumpVars($session_data);
}
}
}
function SaveData($params = Array ())
{
if (!$this->SetSession()) { // call it here - it may be not set before, because there was no need; if there is a need, it will be set here
return;
}
if (!$this->Application->GetVar('skip_last_template') && $this->Application->GetVar('ajax') != 'yes') {
$this->SaveLastTemplate( $this->Application->GetVar('t'), $params );
}
$this->PrintSession('after save');
$this->Storage->SaveData($this);
}
/**
* Save last template
*
* @param string $t
* @param Array $params
*/
function SaveLastTemplate($t, $params = Array ())
{
$wid = $this->Application->GetVar('m_wid');
$last_env = $this->getLastTemplateENV($t, Array('m_opener' => 'u'));
$last_template = basename($_SERVER['PHP_SELF']).'|'.mb_substr($last_env, mb_strlen(ENV_VAR_NAME) + 1);
$this->StoreVar(rtrim('last_template_'.$wid, '_'), $last_template);
// prepare last_template for opener stack, module & session could be added later
$last_env = $this->getLastTemplateENV($t, null, false);
$last_template = basename($_SERVER['PHP_SELF']).'|'.mb_substr($last_env, mb_strlen(ENV_VAR_NAME) + 1);
// save last_template in persistant session
if (!$wid) {
if ($this->Application->IsAdmin()) {
// only for main window, not popups, not login template, not temp mode (used in adm:MainFrameLink tag)
$temp_mode = false;
$passed = explode(',', $this->Application->GetVar('passed'));
foreach ($passed as $passed_prefix) {
if ($this->Application->GetVar($passed_prefix.'_mode')) {
$temp_mode = true;
break;
}
}
if (!$temp_mode) {
if (isset($this->Application->HttpQuery->Get['section'])) {
// check directly in GET, bacause LinkVar (session -> request) used on these vars
$last_template .= '&section='.$this->Application->GetVar('section').'&module='.$this->Application->GetVar('module');
}
$this->StorePersistentVar('last_template_popup', $last_template);
}
}
elseif ($this->Application->GetVar('admin')) {
// admin checking by session data to prevent recursive session save
if (!$this->RecallVar('admin')) {
$admin_session =& $this->Application->recallObject('Session.admin');
/* @var $admin_session Session */
// save to admin last_template too, because when F5 is pressed in frameset Front-End frame should reload as well
$admin_session->StoreVar('last_template_popup', '../' . $last_template);
$admin_session->StorePersistentVar('last_template_popup', '../' . $last_template);
$admin_session->SaveData( Array ('save_last_template' => false) );
}
else {
// don't allow admin=1 & editing_mode=* to get in admin last_template
$last_template = preg_replace('/&(admin|editing_mode)=[\d]/', '', $last_template);
}
}
}
// save other last... variables for mistical purposes (customizations may be)
$this->StoreVar('last_url', $_SERVER['REQUEST_URI']); // needed by ord:StoreContinueShoppingLink
$this->StoreVar('last_env', mb_substr($last_env, mb_strlen(ENV_VAR_NAME)+1));
$save_last_template = array_key_exists('save_last_template', $params) ? $params['save_last_template'] : true;
if ($save_last_template) {
// save last template here, becase section & module could be added before
$this->StoreVar(rtrim('last_template_popup_'.$wid, '_'), $last_template);
}
}
function getLastTemplateENV($t, $params = null, $encode = true)
{
if (!isset($params)) {
$params = Array ();
}
$params['__URLENCODE__'] = 1; // uses "&" instead of "&amp;" for url part concatenation + replaces "\" to "%5C" (works in HTML)
$params = array_merge($this->Application->getPassThroughVariables($params), $params);
$ret = $this->Application->BuildEnv($t, $params, 'all');
if (!$encode) {
// cancels 2nd part of replacements, that URLENCODE does
$ret = str_replace('%5C', '\\', $ret);
}
return $ret;
}
function StoreVar($name, $value, $optional = false)
{
$this->Data->Set($name, $value);
if ($optional) {
$this->OptionalData[] = $name;
}
}
function StorePersistentVar($name, $value)
{
$this->Storage->StorePersistentVar($this, $name, $value);
}
function LoadPersistentVars()
{
$this->Storage->LoadPersistentVars($this);
}
function StoreVarDefault($name, $value, $optional=false)
{
$tmp = $this->RecallVar($name);
if($tmp === false || $tmp == '')
{
$this->StoreVar($name, $value, $optional);
}
}
function RecallVar($name, $default = false)
{
$ret = $this->Data->Get($name);
return ($ret === false) ? $default : $ret;
}
function RecallPersistentVar($name, $default = false)
{
return $this->Storage->RecallPersistentVar($this, $name, $default);
}
function RemoveVar($name)
{
$this->Storage->RemoveFromData($this, $name);
$this->Data->Remove($name);
}
function RemovePersistentVar($name)
{
return $this->Storage->RemovePersistentVar($this, $name);
}
/**
* Ignores session varible value set before
*
* @param string $name
*/
function RestoreVar($name)
{
return $this->StoreVar($name, $this->Storage->GetFromData($this, $name));
}
function GetField($var_name, $default = false)
{
return $this->Storage->GetField($this, $var_name, $default);
}
function SetField($var_name, $value)
{
$this->Storage->SetField($this, $var_name, $value);
}
/**
* Deletes expired sessions
*
* @return Array expired sids if any
* @access private
*/
function DeleteExpired()
{
return $this->Storage->DeleteExpired();
}
/**
* Allows to check if user in this session is logged in or not
*
* @return bool
*/
function LoggedIn()
{
$user_id = $this->RecallVar('user_id');
$ret = $user_id > 0;
if (($this->RecallVar('admin') == 1 || defined('ADMIN')) && ($user_id == -1)) {
$ret = true;
}
return $ret;
}
}
?>
\ No newline at end of file
Index: branches/RC/core/kernel/utility/http_query.php
===================================================================
--- branches/RC/core/kernel/utility/http_query.php (revision 11864)
+++ branches/RC/core/kernel/utility/http_query.php (revision 11865)
@@ -1,608 +1,646 @@
<?php
class kHTTPQuery extends Params {
/**
* $_POST vars
*
* @var Array
* @access private
*/
var $Post;
/**
* $_GET vars
*
* @var Array
* @access private
*/
var $Get;
/**
* $_COOKIE vars
*
* @var Array
* @access private
*/
var $Cookie;
/**
* $_SERVER vars
*
* @var Array
* @access private
*/
var $Server;
/**
* $_ENV vars
*
* @var Array
* @access private
*/
var $Env;
/**
* Order in what write
* all vars together in
* the same array
*
* @var string
*/
var $Order;
/**
* Uploaded files info
*
* @var Array
* @access private
*/
var $Files;
var $specialsToRemove = Array();
var $Admin = false;
/**
* Description
*
* @var kDBConnection
* @access public
*/
var $Conn;
/**
* Loads info from $_POST, $_GET and
* related arrays into common place
*
* @param string $order
* @return HTTPQuery
* @access public
*/
function kHTTPQuery($order = 'CGPF')
{
parent::Params();
$this->Conn =& $this->Application->GetADODBConnection();
$this->Order = $order;
$this->Admin = $this->Application->IsAdmin(); // better cache this value, not to calculate it each time in foreach
if (array_key_exists('HTTP_X_REQUESTED_WITH', $_SERVER) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
// when AJAX request is made from jQuery, then create ajax variable,
// so any logic based in it (like redirects) will not break down
$_GET['ajax'] = 'yes';
}
}
function Init($prefix, $special)
{
$this->AddAllVars();
$this->specialsToRemove = $this->Get('remove_specials');
if ($this->specialsToRemove) {
foreach ($this->specialsToRemove as $prefix_special => $flag) {
if ($flag && strpos($prefix_special, '.') === false) {
unset($this->specialsToRemove[$prefix_special]);
trigger_error('Incorrect usage of "<strong>remove_specials['.$prefix_special.']</strong>" field (no special found)', E_USER_WARNING);
}
}
$this->_Params = $this->removeSpecials($this->_Params);
}
ini_set('magic_quotes_gpc', 0);
}
function removeSpecials($array)
{
$ret = Array();
$removed = false;
foreach ($this->specialsToRemove as $prefix_special => $flag) {
if ($flag) {
$removed = true;
list ($prefix,$special) = explode('.', $prefix_special, 2);
foreach ($array as $key => $val) {
$new_key = preg_match("/^".$prefix."[._]{1}".$special."(.*)/", $key, $regs) ? $prefix.$regs[1] : $key;
$ret[$new_key] = is_array($val) ? $this->removeSpecials($val) : $val;
}
}
}
return $removed ? $ret : $array;
}
/**
* All all requested vars to
* common storage place
*
* @access private
*/
function AddAllVars()
{
for ($i=0; $i < strlen($this->Order); $i++)
{
$current = $this->Order[$i];
switch ($current) {
case 'G':
$this->Get = $this->AddVars($_GET);
$vars = $this->processQueryString( $this->Get(ENV_VAR_NAME) );
$this->AddParams($vars);
break;
case 'P':
$this->Post = $this->AddVars($_POST);
$this->convertPostEvents();
$this->_processPostEnvVariables();
break;
case 'C':
$this->Cookie = $this->AddVars($_COOKIE);
break;
case 'E';
$this->Env = $this->AddVars($_ENV);
break;
case 'S';
$this->Server = $this->AddVars($_SERVER);
break;
case 'F';
$this->convertFiles();
$this->Files = $this->MergeVars($_FILES, false); //do not strip slashes!
break;
}
}
// $this->AfterInit();
}
/**
* Allow POST variables, that names were transformed by PHP ("." replaced with "_") to
* override variables, that were virtually created through enviroment variable parsing
*
*/
function _processPostEnvVariables()
{
$passed = $this->Get('passed');
if (!$passed) {
return ;
}
$passed = explode(',', $passed);
foreach ($passed as $prefix_special) {
if (strpos($prefix_special, '.') === false) {
continue;
}
list ($prefix, $special) = explode('.', $prefix_special);
$query_map = $this->Application->EventManager->getQueryMap($prefix);
$post_prefix_special = $prefix . '_' . $special;
foreach ($query_map as $index => $var_name) {
if (array_key_exists($post_prefix_special . '_' . $var_name, $this->Post)) {
$this->Set($prefix_special . '_' . $var_name, $this->Post[$post_prefix_special . '_' . $var_name]);
}
}
}
}
function AfterInit()
{
// $vars = $this->processQueryString($this->Get(ENV_VAR_NAME));
// $this->AddParams($vars);
// $this->convertPostEvents();
// if ($this->Application->RewriteURLs()) {
if ($this->Application->RewriteURLs() || $this->Get('_mod_rw_url_')) {
if( $this->Application->isDebugMode() )
{
$this->Application->Debugger->profileStart('url_parsing');
$this->processRewriteURL();
$description = 'Parsing <b>MOD_REWRITE</b> url (template: <b>'.$this->Get('t').'</b>)';
$this->Application->Debugger->profileFinish('url_parsing', $description);
}
else
{
$this->processRewriteURL();
}
}
else {
$this->Application->VerifyLanguageId();
$this->Application->VerifyThemeId();
}
}
function convertFiles()
{
if (!$_FILES)
{
return false;
}
$file_keys = Array('error','name','size','tmp_name','type');
$tmp = Array();
foreach($_FILES as $file_name => $file_info)
{
if( is_array($file_info['error']) )
{
$tmp[$file_name] = $this->getArrayLevel( $file_info['error'], $file_name );
}
else
{
$normal_files[$file_name] = $file_info;
}
}
if(!$tmp) return false;
$files = $_FILES;
$_FILES = Array();
foreach($tmp as $prefix => $prefix_files)
{
$anchor =& $_FILES;
foreach($prefix_files['keys'] as $key)
{
$anchor =& $anchor[$key];
}
foreach($prefix_files['value'] as $field_name)
{
unset($inner_anchor);
unset($copy);
$work_copy = $prefix_files['keys'];
foreach($file_keys as $file_key)
{
$inner_anchor =& $files[$prefix][$file_key];
if (isset($copy))
{
$work_copy = $copy;
}
else
{
$copy = $work_copy;
}
array_shift($work_copy);
foreach($work_copy as $prefix_file_key)
{
$inner_anchor =& $inner_anchor[$prefix_file_key];
}
$anchor[$field_name][$file_key] = $inner_anchor[$field_name];
}
}
}
// keys: img_temp, 0, values: LocalPath, ThumbPath
}
function getArrayLevel(&$level, $prefix='')
{
$ret['keys'] = $prefix ? Array($prefix) : Array();
$ret['value'] = Array();
foreach($level as $level_key => $level_value)
{
if( is_array($level_value) )
{
$ret['keys'][] = $level_key;
$tmp = $this->getArrayLevel($level_value);
$ret['keys'] = array_merge($ret['keys'], $tmp['keys']);
$ret['value'] = array_merge($ret['value'], $tmp['value']);
}
else
{
$ret['value'][] = $level_key;
}
}
return $ret;
}
/**
* Owerwrites GET events with POST events in case if they are set and not empty
*
*/
function convertPostEvents()
{
$events = $this->Get('events');
if (is_array($events)) {
foreach ($events as $prefix_special => $event_name) {
if ($event_name) {
$this->Set($prefix_special.'_event', $event_name);
}
}
}
}
function finalizeParsing($passed = Array(), $module_params = Array() )
{
if ($passed) {
$event_manger =& $this->Application->recallObject('EventManager');
foreach ($passed as $passed_prefix) {
$event_manger->setQueryMap($passed_prefix);
}
$this->Set('passed', implode(',', array_keys($event_manger->queryMaps)));
}
// get joined version (env var + mod rewrite parsed)
$passed = $this->Application->GetVar('passed');
$env = $this->Application->BuildEnv( $this->Get('t'), $module_params, $passed, false, false );
$this->Set(ENV_VAR_NAME, $env);
$_REQUEST['env'] = $_GET['env'] = $env; // for capability with old in-portal code
}
function processRewriteURL()
{
$mod_rw_helper = $this->Application->recallObject('ModRewriteHelper');
$mod_rw_helper->processRewriteURL();
}
function getDefaultTemplate($t)
{
$t = $this->getTemplateName( trim($t, '/') );
if (!$t) $t = 'index';
return trim($t, '/');
}
function extractSIDAndTemplate(&$parts)
{
$vars = Array ();
if (defined('INPORTAL_ENV') && INPORTAL_ENV) { // SID-TEMPLATE
$sub_parts = array_shift($parts);
list($sid, $t) = explode('-', $sub_parts, 2);
// Save Session ID
if ($sid) {
$this->Set('sid', $sid);
$vars['sid'] = $sid;
}
}
else { // SID:TEMPLATE
// Save Session ID
$sid = array_shift($parts);
if ($sid) $vars['sid'] = $sid;
$t = array_shift($parts);
}
// Save Template Name
$vars['t'] = $this->getDefaultTemplate($t);
return $vars;
}
/**
* Process QueryString only, create
* events, ids, based on config
* set template name and sid in
* desired application variables.
*
* @param string $env_var enviroment string value
*
* @access public
*/
function processQueryString($env_var, $pass_name = 'passed')
{
// env=SID:TEMPLATE:m-1-1-1-1:l0-0-0:n-0-0-0:bb-0-0-1-1-1-0
$vars = Array ();
if ($env_var) {
$more_vars = strpos($env_var, '&');
if ($more_vars !== false) {
parse_str(substr($env_var, $more_vars + 1), $vars);
$env_var = substr($env_var, 0, $more_vars);
}
// replace escaped ":" symbol not to explode by it
$env_var = str_replace('\:','_&+$$+&_', $env_var); // replace escaped "=" with spec-chars :)
$parts = explode(':', $env_var);
if (!$this->Application->RewriteURLs() || ($this->Application->RewriteURLs() && $this->Get('rewrite') != 'on')) {
$vars = array_merge_recursive2($vars, $this->extractSIDAndTemplate($parts));
}
if ($parts) {
$passed = Array ();
foreach ($parts as $mixed_part) {
list ($passed[], $processed_vars) = $this->_parseEnvPart($mixed_part);
$vars = array_merge_recursive2($vars, $processed_vars);
}
$vars[$pass_name] = implode(',', array_unique($passed));
}
}
else {
$t = $this->getTemplateName('index');
$vars['t'] = $t;
}
return $vars;
}
/**
* Converts enviroment part into variable array (based on query map for given prefix)
*
* @param string $mixed_part
* @return Array
*/
function _parseEnvPart($mixed_part)
{
// In-portal old style env conversion - adds '-' between prefix and first var
$mixed_part = str_replace('_&+$$+&_', ':', $mixed_part);
$mixed_part = preg_replace("/^([a-zA-Z]+)([0-9]+)-(.*)/", "$1-$2-$3", $mixed_part);
// replace escaped "-" symbol not to explode by it
$escaped_part = str_replace('\-', '_&+$$+&_', $mixed_part);
$escaped_part = explode('-', $escaped_part);
$mixed_part = Array();
foreach ($escaped_part as $escaped_val) {
$mixed_part[] = str_replace('_&+$$+&_', '-', $escaped_val);
}
$prefix_special = array_shift($mixed_part); // l.pick, l
$query_map = $this->Application->EventManager->setQueryMap($prefix_special);
$vars = Array ();
// if config is not defined for prefix in QueryString, then don't process it
if ($query_map) {
foreach ($query_map as $index => $var_name) {
// l_id, l_page, l_bla-bla-bla
$val = $mixed_part[$index - 1];
if ($val == '') $val = false;
$vars[$prefix_special.'_'.$var_name] = $val;
}
}
return Array ($prefix_special, $vars);
}
/**
* Removes tpl part from template name + resolved template ID to name
*
* @param string $t
* @return string
* @access private
*/
function getTemplateName($t)
{
if (isset($this->Get['t']) && $this->Get['t']) {
// template name is passed directly in url (GET method)
$t = $this->Get['t'];
}
// if t was set through env, even in mod_rewrite mode!
if ($this->Get('env') && $this->Application->RewriteURLs() && $this->Get('t')) {
$t = $this->Get('t');
}
if (is_numeric($t)) {
$sql = 'SELECT CONCAT(FilePath, \'/\', FileName)
FROM '.TABLE_PREFIX.'ThemeFiles
WHERE FileId = '.$t;
$t = $this->Conn->GetOne($sql);
}
return preg_replace('/\.tpl$/', '', $t);
}
/**
* Saves variables from array specified
* into common variable storage place
*
* @param Array $array
* @return Array
* @access private
*/
function AddVars($array)
{
$array = $this->StripSlashes($array);
foreach($array as $key => $value)
{
$this->Set($key,$value);
}
return $array;
}
function MergeVars($array, $strip_slashes=true)
{
if ($strip_slashes) $array = $this->StripSlashes($array);
foreach($array as $key => $value)
{
$this->_Params = array_merge_recursive2($this->_Params, Array($key=>$value));
}
return $array;
}
function StripSlashes($array)
{
//if( !get_magic_quotes_gpc() ) return $array;
foreach($array as $key=>$value)
{
if( is_array($value) )
{
$array[$key] = $this->StripSlashes($value);
}
else
{
// $value = iconv('UTF-8', 'windows-1257', $value);
if( get_magic_quotes_gpc() ) $value = stripslashes($value);
if(!$this->Admin) $value = htmlspecialchars($value);
$array[$key] = $value;
}
//$array[$key]=is_array($value)?$this->StripSlashes($value):stripslashes($value);
}
return $array;
}
/**
* Returns all $_GET array excluding system parameters, that are not allowed to be passed through generated urls
*
+ * @param bool $access_error Method is called during no_permission, require login, session expiration link preparation
* @return Array
*/
- function getRedirectParams()
+ function getRedirectParams($access_error = false)
{
- $unset_vars = Array(ENV_VAR_NAME, 'rewrite', '_mod_rw_url_', 'Action');
+ $unset_vars = Array (ENV_VAR_NAME, 'rewrite', '_mod_rw_url_', 'Action');
+
$ret = $this->Get;
- foreach ($unset_vars as $var_name)
- {
- if( isset($ret[$var_name]) ) unset( $ret[$var_name] );
+ foreach ($unset_vars as $var_name) {
+ if( isset($ret[$var_name]) ) {
+ unset( $ret[$var_name] );
+ }
+ }
+
+ if ($access_error) {
+ $ret = $this->_removePassThroughVariables($ret);
+
+ if ($this->Application->IsAdmin()) {
+ // place 1 of 2 (also in UsersEventHandler::OnSessionExpire)
+ $ret['m_cat_id'] = 0; // category means nothing on admin login screen
+ $ret['m_wid'] = ''; // remove wid, otherwise parent window may add wid to its name breaking all the frameset (for <a> targets)
+ $ret['pass'] = 'm'; // don't pass any other (except "m") prefixes to admin login template
+ }
}
+
return $ret;
}
+ /**
+ * Removes all pass_though variables from redirect params
+ *
+ * @param Array $url_params
+ * @return Array
+ */
+ function _removePassThroughVariables($url_params)
+ {
+ $pass_through = array_key_exists('pass_through', $url_params) ? $url_params['pass_through'] : '';
+ if (!$pass_through) {
+ return $url_params;
+ }
+
+ $pass_through = explode(',', $pass_through . ',pass_through');
+ foreach ($pass_through as $pass_through_var) {
+ unset($url_params[$pass_through_var]);
+ }
+
+ $url_params['no_pass_through'] = 1; // this way kApplication::HREF won't add them again
+
+ return $url_params;
+ }
+
function writeRequestLog($filename)
{
$folder_path = dirname(FULL_PATH.'/'.$filename);
if (is_writable($folder_path)) {
$fp = fopen(FULL_PATH.'/'.$filename, 'a');
if ($fp) {
$session =& $this->Application->recallObject('Session');
$user_id = $session->GetField('PortalUserId');
$admin_mark = $this->Application->IsAdmin() ? 'ADMIN' : 'FRONT';
$data = '['.date('D M d H:i:s Y').'] '.$admin_mark.'; ip: '.$_SERVER['REMOTE_ADDR'].'; user_id: '.$user_id.'; sid: '.$this->Application->GetSID().'; request: '."\n";
if ($this->Get) {
$data .= "_GET:\n".print_r($this->Get, true);
}
if ($this->Post) {
$data .= "_POST:\n".print_r($this->Post, true);
}
if ($this->Cookie) {
$data .= "_COOKIE:\n".print_r($this->Cookie, true);
}
$data .= str_repeat('=', 100)."\n";
fwrite($fp, $data);
fclose($fp);
}
else {
trigger_error('Requrest Log directory not writable', E_USER_WARNING);
}
}
else {
trigger_error('Requrest Log directory not writable', E_USER_WARNING);
}
}
}
?>
\ No newline at end of file
Index: branches/RC/core/units/users/users_event_handler.php
===================================================================
--- branches/RC/core/units/users/users_event_handler.php (revision 11864)
+++ branches/RC/core/units/users/users_event_handler.php (revision 11865)
@@ -1,1798 +1,1815 @@
<?php
class UsersEventHandler extends kDBEventHandler
{
/**
* Allows to override standart permission mapping
*
*/
function mapPermissions()
{
parent::mapPermissions();
$permissions = Array (
// admin
'OnSetPersistantVariable' => Array('self' => 'view'), // because setting to logged in user only
'OnUpdateRootPassword' => Array('self' => true),
'OnUpdatePassword' => Array('self' => true),
// front
'OnRefreshForm' => Array('self' => true),
'OnForgotPassword' => Array('self' => true),
'OnResetPassword' => Array('self' => true),
'OnResetPasswordConfirmed' => Array('self' => true),
'OnSubscribeQuery' => Array('self' => true),
'OnSubscribeUser' => Array('self' => true),
'OnRecommend' => Array('self' => true),
'OnItemBuild' => Array('self' => true),
'OnMassResetSettings' => Array('self' => 'edit'),
'OnMassCloneUsers' => Array('self' => 'add'),
);
$this->permMapping = array_merge($this->permMapping, $permissions);
}
/**
* Shows only admins when required
*
* @param kEvent $event
*/
function SetCustomQuery(&$event)
{
$object =& $event->getObject();
/* @var $object kDBList */
if ($event->Special == 'admins') {
$object->addFilter('primary_filter', 'ug.GroupId = 11');
}
if ($event->Special == 'regular') {
$object->addFilter('primary_filter', 'ug.GroupId <> 11');
}
if (!$this->Application->IsAdmin()) {
$object->addFilter('status_filter', '%1$s.Status = '.STATUS_ACTIVE);
}
if ($event->Special == 'online') {
$object->addFilter('online_users_filter', 's.PortalUserId IS NOT NULL');
}
if ($event->Special == 'group') {
$group_id = $this->Application->GetVar('g_id');
if ($group_id !== false) {
// show only users, that user doesn't belong to current group
$table_name = $this->Application->GetTempName(TABLE_PREFIX.'UserGroup', 'prefix:g');
$sql = 'SELECT PortalUserId
FROM '.$table_name.'
WHERE GroupId = '.$group_id;
$user_ids = $this->Conn->GetCol($sql);
// array_push($user_ids); // Guest & Everyone groups are set dynamically
if ($user_ids) {
$object->addFilter('already_member_filter', '%1$s.PortalUserId NOT IN ('.implode(',', $user_ids).')');
}
}
}
}
/**
* Checks permissions of user
*
* @param kEvent $event
*/
function CheckPermission(&$event)
{
if ($event->Name == 'OnLogin' || $event->Name == 'OnLogout') {
// permission is checked in OnLogin event directly
return true;
}
if (!$this->Application->IsAdmin()) {
$user_id = $this->Application->RecallVar('user_id');
$items_info = $this->Application->GetVar($event->getPrefixSpecial(true));
if ($event->Name == 'OnCreate' && $user_id == -2) {
// "Guest" can create new users
return true;
}
if ($event->Name == 'OnUpdate' && $user_id > 0) {
$user_dummy =& $this->Application->recallObject($event->Prefix.'.-item', null, Array('skip_autoload' => true));
foreach ($items_info as $id => $field_values) {
if ($id != $user_id) {
// registered users can update their record only
return false;
}
$user_dummy->Load($id);
$status_field = array_shift($this->Application->getUnitOption($event->Prefix, 'StatusField'));
if ($user_dummy->GetDBField($status_field) != STATUS_ACTIVE) {
// not active user is not allowed to update his record (he could not activate himself manually)
return false;
}
if (isset($field_values[$status_field]) && $user_dummy->GetDBField($status_field) != $field_values[$status_field]) {
// user can't change status by himself
return false;
}
}
return true;
}
if ($event->Name == 'OnUpdate' && $user_id <= 0) {
// guests are not allowed to update their record, because they don't have it :)
return false;
}
}
return parent::CheckPermission($event);
}
- function OnSessionExpire()
+ /**
+ * Handles session expiration (redirects to valid template)
+ *
+ * @param kEvent $event
+ */
+ function OnSessionExpire(&$event)
{
$this->Application->resetCounters('UserSession');
+ // place 2 of 2 (also in kHTTPQuery::getRedirectParams)
+ $admin_url_params = Array (
+ 'm_cat_id' => 0, // category means nothing on admin login screen
+ 'm_wid' => '', // remove wid, otherwise parent window may add wid to its name breaking all the frameset (for <a> targets)
+ 'pass' => 'm', // don't pass any other (except "m") prefixes to admin session expiration template
+ 'expired' => 1, // expiration mark to show special error on login screen
+ 'no_pass_through' => 1, // this way kApplication::HREF won't add them again
+ );
+
if ($this->Application->IsAdmin()) {
- $this->Application->Redirect('index', Array('expired' => 1), '', 'index.php');
+
+ $this->Application->Redirect('index', $admin_url_params, '', 'index.php');
}
if ($this->Application->GetVar('admin') == 1) {
+ // Front-End showed in admin's right frame
$session_admin =& $this->Application->recallObject('Session.admin');
/* @var $session_admin Session */
if (!$session_admin->LoggedIn()) {
// front-end session created from admin session & both expired
$this->Application->DeleteVar('admin');
- $this->Application->Redirect('index', Array('expired' => 1), '', 'admin/index.php');
+ $this->Application->Redirect('index', $admin_url_params, '', 'admin/index.php');
}
}
+ // Front-End session expiration
$get = $this->Application->HttpQuery->getRedirectParams();
$t = $this->Application->GetVar('t');
$get['js_redirect'] = $this->Application->ConfigValue('UseJSRedirect');
$this->Application->Redirect($t ? $t : 'index', $get);
}
/**
* Checks user data and logs it in if allowed
*
* OnLogin is called from u:autoLoginUser and password is supplied
* OnLogin is called from u:OnAutoLoginUser supplying cookie with encoded username & password
*
* @param kEvent $event
*/
function OnLogin(&$event)
{
// persistent session data after login is not refreshed, because redirect will follow in any case
$prefix_special = $this->Application->IsAdmin() ? 'u.current' : 'u'; // "u" used on front not to change theme
$object =& $this->Application->recallObject($prefix_special, null, Array('skip_autoload' => true));
$password = $this->Application->GetVar('password');
$invalid_pseudo = $this->Application->IsAdmin() ? 'la_invalid_password' : 'lu_invalid_password';
$remember_login_cookie = $this->Application->GetVar('remember_login');
if (!$password && !$remember_login_cookie) {
$object->SetError('ValidateLogin', 'invalid_password', $invalid_pseudo);
$event->status = erFAIL;
return false;
}
$email_as_login = $this->Application->ConfigValue('Email_As_Login');
list ($login_field, $submit_field) = $email_as_login && !$this->Application->IsAdmin() ? Array('Email', 'email') : Array('Login', 'login');
$login_value = $this->Application->GetVar($submit_field);
// process "Save Username" checkbox
if ($this->Application->IsAdmin()) {
$save_username = $this->Application->GetVar('cb_save_username') ? $login_value : '';
$this->Application->Session->SetCookie('save_username', $save_username, adodb_mktime() + 31104000); // 1 year expiration
$this->Application->SetVar('save_username', $save_username); // cookie will be set on next refresh, but refresh won't occur if login error present, so duplicate cookie in HTTPQuery
}
$super_admin = ($login_value == 'super-root') && $this->verifySuperAdmin();
if ($this->Application->IsAdmin() && ($login_value == 'root') || ($super_admin && $login_value == 'super-root')) {
// logging in "root" (admin only)
$login_value = 'root';
$root_password = $this->Application->ConfigValue('RootPass');
$password_formatter =& $this->Application->recallObject('kPasswordFormatter');
$test = $password_formatter->EncryptPassword($password, 'b38');
if ($root_password != $test) {
$object->SetError('ValidateLogin', 'invalid_password', $invalid_pseudo);
$event->status = erFAIL;
return false;
}
elseif ($this->checkLoginPermission($login_value)) {
$user_id = -1;
$object->Load($user_id);
$object->SetDBField('Login', $login_value);
$session =& $this->Application->recallObject('Session');
$session->SetField('PortalUserId', $user_id);
// $session->SetField('GroupList', implode(',', $groups) );
$this->Application->SetVar('u.current_id', $user_id);
$this->Application->StoreVar('user_id', $user_id);
if ($super_admin) {
$this->Application->StoreVar('super_admin', 1);
}
$this->Application->HandleEvent($dummy, 'session-log:OnStartSession');
$this->processLoginRedirect($event, $password);
return true;
}
else {
$object->SetError('ValidateLogin', 'invalid_license', 'la_invalid_license');
$event->status = erFAIL;
return false;
}
}
/*$sql = 'SELECT PortalUserId FROM '.$object->TableName.' WHERE (%s = %s) AND (Password = MD5(%s))';
$user_id = $this->Conn->GetOne( sprintf($sql, $login_field, $this->Conn->qstr($login_value), $this->Conn->qstr($password) ) );*/
if ($remember_login_cookie) {
$user_info = explode('|', $remember_login_cookie); // 0 - username, 1 - md5(password)
$sql = 'SELECT PortalUserId
FROM '.$object->TableName.'
WHERE (Email = %1$s OR Login = %1$s) AND (Password = %2$s)';
$user_id = $this->Conn->GetOne( sprintf($sql, $this->Conn->qstr($user_info[0]), $this->Conn->qstr($user_info[1]) ) );
} else {
$sql = 'SELECT PortalUserId
FROM '.$object->TableName.'
WHERE (Email = %1$s OR Login = %1$s) AND (Password = MD5(%2$s))';
$user_id = $this->Conn->GetOne( sprintf($sql, $this->Conn->qstr($login_value), $this->Conn->qstr($password) ) );
}
if ($user_id) {
$object->Load($user_id);
if (!$this->checkBanRules($object)) {
$event->status = erFAIL;
return false;
}
if ($object->GetDBField('Status') == STATUS_ACTIVE) {
$groups = $object->getMembershipGroups(true);
if(!$groups) $groups = Array();
array_push($groups, $this->Application->ConfigValue('User_LoggedInGroup') );
$this->Application->StoreVar( 'UserGroups', implode(',', $groups) );
if ($this->checkLoginPermission($login_value)) {
$session =& $this->Application->recallObject('Session');
$session->SetField('PortalUserId', $user_id);
$session->SetField('GroupList', implode(',', $groups) );
$this->Application->SetVar('u.current_id', $user_id);
$this->Application->StoreVar('user_id', $user_id);
$this->Application->LoadPersistentVars();
if (!$remember_login_cookie) {
// don't change last login time when auto-login is used
$this_login = (int)$this->Application->RecallPersistentVar('ThisLogin');
$this->Application->StorePersistentVar('LastLogin', $this_login);
$this->Application->StorePersistentVar('ThisLogin', adodb_mktime());
}
if ($this->Application->GetVar('cb_remember_login') == 1) {
// remember username & password when "Remember Login" checkbox us checked (when user is using login form on Front-End)
$remember_login_cookie = $login_value . '|' . md5($password);
$this->Application->Session->SetCookie('remember_login', $remember_login_cookie, adodb_mktime() + 2592000); // 30 days
}
$this->Application->HandleEvent($dummy, 'session-log:OnStartSession');
}
else {
$object->Load(-2);
$object->SetError('ValidateLogin', 'no_permission', 'lu_no_permissions');
$event->status = erFAIL;
}
if (!$remember_login_cookie) {
$this->processLoginRedirect($event, $password);
}
}
else {
$event->redirect = $this->Application->GetVar('pending_disabled_template');
}
}
else
{
$object->SetID(-2);
$object->SetError('ValidateLogin', 'invalid_password', $invalid_pseudo);
$event->status = erFAIL;
}
$event->SetRedirectParam('pass', 'all');
// $event->SetRedirectParam('pass_category', 1); // to test
}
/**
* [HOOK] Auto-Logins Front-End user when "Remember Login" cookie is found
*
* @param kEvent $event
*/
function OnAutoLoginUser(&$event)
{
$remember_login_cookie = $this->Application->GetVar('remember_login');
if (!$remember_login_cookie || $this->Application->IsAdmin() || $this->Application->LoggedIn()) {
return ;
}
$event->CallSubEvent('OnLogin');
}
/**
* Checks that user is allowed to use super admin mode
*
* @return bool
*/
function verifySuperAdmin()
{
$sa_mode = ipMatch(defined('SA_IP') ? SA_IP : '');
return $sa_mode || $this->Application->isDebugMode();
}
/**
* Enter description here...
*
* @param string $user_name
* @return bool
*/
function checkLoginPermission($user_name)
{
$ret = true;
if ($this->Application->IsAdmin()) {
$modules_helper =& $this->Application->recallObject('ModulesHelper');
if ($user_name != 'root') {
// root is virtual user, so allow him to login to admin in any case
$ret = $this->Application->CheckPermission('ADMIN', 1);
}
}
else {
$ret = $this->Application->CheckPermission('LOGIN', 1);
}
return $ret;
}
/**
* Process all required data and redirect logged-in user
*
* @param kEvent $event
*/
function processLoginRedirect(&$event, $password)
{
$prefix_special = $this->Application->IsAdmin() ? 'u.current' : 'u'; // "u" used on front not to change theme
$object =& $this->Application->recallObject($prefix_special, null, Array('skip_autoload' => true));
$next_template = $this->Application->GetVar('next_template');
if ($next_template == '_ses_redirect') {
$location = $this->Application->BaseURL().$this->Application->RecallVar($next_template);
if( $this->Application->isDebugMode() && constOn('DBG_REDIRECT') )
{
$this->Application->Debugger->appendTrace();
echo "<b>Debug output above!!!</b> Proceed to redirect: <a href=\"$location\">$location</a><br>";
}
else {
header('Location: '.$location);
}
$session =& $this->Application->recallObject('Session');
$session->SaveData();
exit;
}
if ($next_template) {
$event->redirect = $next_template;
}
if ($this->Application->ConfigValue('UseJSRedirect')) {
$event->SetRedirectParam('js_redirect', 1);
}
$sync_manager =& $this->Application->recallObjectP('UsersSyncronizeManager', null, Array(), 'InPortalSyncronize');
$sync_manager->performAction('LoginUser', $object->GetDBField('Login'), $password);
$this->Application->resetCounters('UserSession');
}
/**
* Called when user logs in using old in-portal
*
* @param kEvent $event
*/
function OnInpLogin(&$event)
{
$sync_manager =& $this->Application->recallObjectP('UsersSyncronizeManager', null, Array(), 'InPortalSyncronize');
$sync_manager->performAction('LoginUser', $event->getEventParam('user'), $event->getEventParam('pass') );
if ($event->redirect && is_string($event->redirect)) {
// some real template specified instead of true
$this->Application->Redirect($event->redirect, $event->redirect_params);
}
}
/**
* Called when user logs in using old in-portal
*
* @param kEvent $event
*/
function OnInpLogout(&$event)
{
$sync_manager =& $this->Application->recallObjectP('UsersSyncronizeManager', null, Array(), 'InPortalSyncronize');
$sync_manager->performAction('LogoutUser');
}
function OnLogout(&$event)
{
$sync_manager =& $this->Application->recallObjectP('UsersSyncronizeManager', null, Array(), 'InPortalSyncronize');
$sync_manager->performAction('LogoutUser');
$this->Application->HandleEvent($dummy, 'session-log:OnEndSession');
$session =& $this->Application->recallObject('Session');
$session->SetField('PortalUserId', -2);
$this->Application->SetVar('u.current_id', -2);
$this->Application->StoreVar('user_id', -2);
$object =& $this->Application->recallObject('u.current', null, Array('skip_autoload' => true));
$object->Load(-2);
$this->Application->DestroySession();
$group_list = $this->Application->ConfigValue('User_GuestGroup').','.$this->Application->ConfigValue('User_LoggedInGroup');
$session->SetField('GroupList', $group_list);
$this->Application->StoreVar('UserGroups', $group_list);
if ($this->Application->ConfigValue('UseJSRedirect')) {
$event->SetRedirectParam('js_redirect', 1);
}
$this->Application->resetCounters('UserSession');
$this->Application->Session->SetCookie('remember_login', '', adodb_mktime() - 3600);
$event->SetRedirectParam('pass', 'all');
}
/**
* Prefill states dropdown with correct values
*
* @param kEvent $event
* @access public
*/
function OnPrepareStates(&$event)
{
$cs_helper =& $this->Application->recallObject('CountryStatesHelper');
$cs_helper->PopulateStates($event, 'State', 'Country');
$object =& $event->getObject();
if( $object->isRequired('Country') && $cs_helper->CountryHasStates( $object->GetDBField('Country') ) ) $object->setRequired('State', true);
$object->setLogin();
}
/**
* Redirects user after succesfull registration to confirmation template (on Front only)
*
* @param kEvent $event
*/
function OnAfterItemCreate(&$event)
{
$this->saveUserImages($event);
if ($this->Application->GetVar('skip_set_primary')) return;
$is_subscriber = $this->Application->GetVar('IsSubscriber');
if(!$is_subscriber)
{
$object =& $event->getObject();
$ug_table = TABLE_PREFIX.'UserGroup';
if ($object->mode == 't') {
$ug_table = $this->Application->GetTempName($ug_table, 'prefix:'.$event->Prefix);
}
$sql = 'UPDATE '.$ug_table.'
SET PrimaryGroup = 0
WHERE PortalUserId = '.$object->GetDBField('PortalUserId');
$this->Conn->Query($sql);
// set primary group to user
if ($this->Application->IsAdmin() && $this->Application->GetVar('user_group')) {
// while in admin you can set any group for new users
$group_id = $this->Application->GetVar('user_group');
}
else {
$group_id = $object->GetDBField('UserGroup');
if ($group_id) {
// check, that group is allowed for Front-End
$sql = 'SELECT GroupId
FROM ' . TABLE_PREFIX . 'PortalGroup
WHERE GroupId = ' . (int)$group_id . ' AND FrontRegistration = 1';
$group_id = $this->Conn->GetOne($sql);
}
if (!$group_id) {
// when group not selected -> use default group
$group_id = $this->Application->ConfigValue('User_NewGroup');
}
}
$sql = 'REPLACE INTO '.$ug_table.'(PortalUserId,GroupId,PrimaryGroup) VALUES (%s,%s,1)';
$this->Conn->Query( sprintf($sql, $object->GetID(), $group_id) );
}
}
/**
* Login user if possible, if not then redirect to corresponding template
*
* @param kEvent $event
*/
function autoLoginUser(&$event)
{
$object =& $event->getObject();
$this->Application->SetVar('u.current_id', $object->GetID() );
if($object->GetDBField('Status') == STATUS_ACTIVE && !$this->Application->ConfigValue('User_Password_Auto'))
{
$email_as_login = $this->Application->ConfigValue('Email_As_Login');
list($login_field, $submit_field) = $email_as_login ? Array('Email', 'email') : Array('Login', 'login');
$this->Application->SetVar($submit_field, $object->GetDBField($login_field) );
$this->Application->SetVar('password', $object->GetDBField('Password_plain') );
$event->CallSubEvent('OnLogin');
}
}
/**
* When creating user & user with such email exists then force to use OnUpdate insted of ?
*
* @param kEvent $event
*/
function OnSubstituteSubscriber(&$event)
{
$ret = false;
$object =& $event->getObject( Array('skip_autoload' => true) );
$items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) );
if($items_info)
{
list($id, $field_values) = each($items_info);
$user_email = isset($field_values['Email']) ? $field_values['Email'] : false;
if($user_email)
{
// check if is subscriber
$verify_user =& $this->Application->recallObject('u.verify', null, Array('skip_autoload' => true) );
$verify_user->Load($user_email, 'Email');
if( $verify_user->isLoaded() && $verify_user->isSubscriberOnly() )
{
$items_info = Array( $verify_user->GetDBField('PortalUserId') => $field_values );
$this->Application->SetVar($event->getPrefixSpecial(true), $items_info);
$ret = true;
}
}
}
if( isset($event->MasterEvent) )
{
$event->MasterEvent->setEventParam('is_subscriber_only', $ret);
}
else
{
$event->setEventParam('is_subscriber_only', $ret);
}
}
/**
* Enter description here...
*
* @param kEvent $event
* @return bool
*/
function isSubscriberOnly(&$event)
{
$event->CallSubEvent('OnSubstituteSubscriber');
$is_subscriber = false;
if( $event->getEventParam('is_subscriber_only') )
{
$is_subscriber = true;
$object =& $event->getObject( Array('skip_autoload' => true) );
$this->OnUpdate($event);
if($event->status == erSUCCESS)
{
$this->OnAfterItemCreate($event);
$object->SendEmailEvents();
if( !$this->Application->IsAdmin() && ($event->status == erSUCCESS) && $event->redirect) $this->autoLoginUser($event);
}
}
return $is_subscriber;
}
/**
* Creates new user
*
* @param kEvent $event
*/
function OnCreate(&$event)
{
if( !$this->Application->IsAdmin() ) $this->setUserStatus($event);
if( !$this->isSubscriberOnly($event) )
{
$cs_helper =& $this->Application->recallObject('CountryStatesHelper');
$cs_helper->CheckStateField($event, 'State', 'Country');
$object =& $event->getObject( Array('skip_autoload' => true) );
/* @var $object kDBItem */
if ($this->Application->ConfigValue('User_Password_Auto')) {
$pass = makepassword4(rand(5,8));
$object->SetField('Password', $pass);
$object->SetField('VerifyPassword', $pass);
$this->Application->SetVar('user_password',$pass);
}
parent::OnCreate($event);
$this->Application->SetVar('u.current_id', $object->getID() ); // for affil:OnRegisterAffiliate after hook
$this->setNextTemplate($event);
if( !$this->Application->IsAdmin() && ($event->status == erSUCCESS) && $event->redirect)
{
$object->SendEmailEvents();
$this->autoLoginUser($event);
}
}
}
/**
* Set's new user status based on config options
*
* @param kEvent $event
*/
function setUserStatus(&$event)
{
$object =& $event->getObject( Array('skip_autoload' => true) );
$new_users_allowed = $this->Application->ConfigValue('User_Allow_New');
// 1 - Instant, 2 - Not Allowed, 3 - Pending
switch ($new_users_allowed)
{
case 1: // Instant
$object->SetDBField('Status', 1);
$next_template = $this->Application->GetVar('registration_confirm_template');
if($next_template) $event->redirect = $next_template;
break;
case 3: // Pending
$next_template = $this->Application->GetVar('registration_confirm_pending_template');
if($next_template) $event->redirect = $next_template;
$object->SetDBField('Status', 2);
break;
case 2: // Not Allowed
$object->SetDBField('Status', 0);
break;
}
/*if ($object->GetDBField('PaidMember') == 1) {
$this->Application->HandleEvent($add_to_cart, 'ord:OnAddToCart');
$event->redirect = 'in-commerce/checkout/shop_cart';
} */
}
/**
* Set's new unique resource id to user
*
* @param kEvent $event
*/
function OnBeforeItemCreate(&$event)
{
$email_as_login = $this->Application->ConfigValue('Email_As_Login');
$object =& $event->getObject();
if (!$this->checkBanRules($object)) {
$event->status = erFAIL;
return false;
}
if ($email_as_login) {
$object->Fields['Email']['error_msgs']['unique'] = $this->Application->Phrase('lu_user_and_email_already_exist');
}
}
/**
* Set's new unique resource id to user
*
* @param kEvent $event
*/
function OnAfterItemValidate(&$event)
{
$object =& $event->getObject();
$resource_id = $object->GetDBField('ResourceId');
if (!$resource_id)
{
$object->SetDBField('ResourceId', $this->Application->NextResourceId() );
}
}
/**
* Enter description here...
*
* @param kEvent $event
*/
function OnRecommend(&$event)
{
$friend_email = $this->Application->GetVar('friend_email');
$friend_name = $this->Application->GetVar('friend_email');
// used for error reporting only -> rewrite code + theme (by Alex)
$object =& $this->Application->recallObject('u', null, Array('skip_autoload' => true)); // TODO: change theme too
/* @var $object UsersItem */
if (preg_match('/^(' . REGEX_EMAIL_USER . '@' . REGEX_EMAIL_DOMAIN . ')$/i', $friend_email))
{
/*$cutoff = adodb_mktime() + (int)$this->Application->ConfigValue('Suggest_MinInterval');
$sql = 'SELECT *
FROM ' . TABLE_PREFIX . 'SuggestMail
WHERE email = ' . $this->Conn->qstr($friend_email) . ' AND sent < ' . $cutoff;
if ($this->Conn->GetRow($sql) !== false) {
$object->SetError('Email', 'send_error', 'lu_email_already_suggested');
$event->status = erFAIL;
return ;
}*/
$send_params = Array ();
$send_params['to_email'] = $friend_email;
$send_params['to_name'] = $friend_name;
$user_id = $this->Application->RecallVar('user_id');
$email_event =& $this->Application->EmailEventUser('USER.SUGGEST', $user_id, $send_params);
if ($email_event->status == erSUCCESS){
/*$fields_hash = Array (
'email' => $friend_email,
'sent' => adodb_mktime(),
);
$this->Conn->doInsert($fields_hash, TABLE_PREFIX . 'SuggestMail');*/
$event->redirect_params = array('opener' => 's', 'pass' => 'all');
$event->redirect = $this->Application->GetVar('template_success');
}
else {
// $event->redirect_params = array('opener' => 's', 'pass' => 'all');
// $event->redirect = $this->Application->GetVar('template_fail');
$object->SetError('Email', 'send_error', 'lu_email_send_error');
$event->status = erFAIL;
}
}
else {
$object->SetError('Email', 'invalid_email', 'lu_InvalidEmail');
$event->status = erFAIL;
}
}
/**
* Saves address changes and mades no redirect
*
* @param kEvent $event
*/
function OnUpdateAddress(&$event)
{
$object =& $event->getObject( Array('skip_autoload' => true) );
$items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) );
if($items_info)
{
list($id,$field_values) = each($items_info);
if($id > 0) $object->Load($id);
$object->SetFieldsFromHash($field_values);
$object->setID($id);
$object->Validate();
}
$event->redirect = false;
}
/**
* Validate subscriber's email & store it to session -> redirect to confirmation template
*
* @param kEvent $event
*/
function OnSubscribeQuery(&$event)
{
$user_email = $this->Application->GetVar('subscriber_email');
if (preg_match('/^(' . REGEX_EMAIL_USER . '@' . REGEX_EMAIL_DOMAIN . ')$/i', $user_email)) {
$object =& $this->Application->recallObject($this->Prefix.'.subscriber', null, Array('skip_autoload' => true));
/* @var $object UsersItem */
$this->Application->StoreVar('SubscriberEmail', $user_email);
$object->Load($user_email, 'Email');
if ($object->isLoaded()) {
$group_info = $this->GetGroupInfo($object->GetID());
$event->redirect = $this->Application->GetVar($group_info ? 'unsubscribe_template' : 'subscribe_template');
}
else {
$event->redirect = $this->Application->GetVar('subscribe_template');
$this->Application->StoreVar('SubscriberEmail', $user_email);
}
}
else {
// used for error reporting only -> rewrite code + theme (by Alex)
$object =& $this->Application->recallObject('u', null, Array('skip_autoload' => true)); // TODO: change theme too
/* @var $object UsersItem */
$object->SetError('SubscribeEmail', 'invalid_email', 'lu_InvalidEmail');
$event->status = erFAIL;
}
}
/**
* Subscribe/Unsubscribe user based on email stored in previous step
*
* @param kEvent $event
*/
function OnSubscribeUser(&$event)
{
$object = &$this->Application->recallObject($this->Prefix.'.subscriber', null, Array('skip_autoload' => true));
/* @var $object UsersItem */
$user_email = $this->Application->RecallVar('SubscriberEmail');
if (preg_match('/^(' . REGEX_EMAIL_USER . '@' . REGEX_EMAIL_DOMAIN . ')$/i', $user_email)) {
$this->RemoveRequiredFields($object);
$object->Load($user_email, 'Email');
if ($object->isLoaded()) {
$group_info = $this->GetGroupInfo($object->GetID());
if ($group_info){
if ($event->getEventParam('no_unsubscribe')) return;
if ($group_info['PrimaryGroup']){
// delete user
$object->Delete();
}
else {
$this->RemoveSubscriberGroup($object->GetID());
}
$event->redirect = $this->Application->GetVar('unsubscribe_ok_template');
}
else {
$this->AddSubscriberGroup($object->GetID(), 0);
$event->redirect = $this->Application->GetVar('subscribe_ok_template');
}
}
else {
$object->SetField('Email', $user_email);
$object->SetField('Login', $user_email);
$object->SetDBField('dob', 1);
$object->SetDBField('dob_date', 1);
$object->SetDBField('dob_time', 1);
$object->SetDBField('Status', STATUS_ACTIVE); // make user subscriber Active by default
$ip = getenv('HTTP_X_FORWARDED_FOR')?getenv('HTTP_X_FORWARDED_FOR'):getenv('REMOTE_ADDR');
$object->SetDBField('ip', $ip);
$this->Application->SetVar('IsSubscriber', 1);
if ($object->Create()) {
$this->AddSubscriberGroup($object->GetID(), 1);
$event->redirect = $this->Application->GetVar('subscribe_ok_template');
}
$this->Application->SetVar('IsSubscriber', 0);
}
}
}
function AddSubscriberGroup($user_id, $is_primary){
$group_id = $this->Application->ConfigValue('User_SubscriberGroup');
$sql = 'INSERT INTO '.TABLE_PREFIX.'UserGroup(PortalUserId,GroupId,PrimaryGroup) VALUES (%s,%s,'.$is_primary.')';
$this->Conn->Query( sprintf($sql, $user_id, $group_id) );
$this->Application->EmailEventAdmin('USER.SUBSCRIBE', $user_id);
$this->Application->EmailEventUser('USER.SUBSCRIBE', $user_id);
}
function RemoveSubscriberGroup($user_id){
$group_id = $this->Application->ConfigValue('User_SubscriberGroup');
$sql = 'DELETE FROM '.TABLE_PREFIX.'UserGroup WHERE PortalUserId='.$user_id.' AND GroupId='.$this->Application->ConfigValue('User_SubscriberGroup');
$this->Conn->Query($sql);
$this->Application->EmailEventAdmin('USER.UNSUBSCRIBE', $user_id);
$this->Application->EmailEventUser('USER.UNSUBSCRIBE', $user_id);
}
/**
* Allows to detect user subscription status (subscribed or not)
*
* @param int $user_id
* @return bool
*/
function GetGroupInfo($user_id)
{
$sql = 'SELECT *
FROM '.TABLE_PREFIX.'UserGroup
WHERE (PortalUserId = '.$user_id.') AND (GroupId = '.$this->Application->ConfigValue('User_SubscriberGroup').')';
return $this->Conn->GetRow($sql);
}
function OnForgotPassword(&$event)
{
$user_object =& $this->Application->recallObject('u.forgot', null, Array('skip_autoload' => true));
/* @var $user_object UsersItem */
// used for error reporting only -> rewrite code + theme (by Alex)
$user_current_object =& $this->Application->recallObject('u', null, Array('skip_autoload' => true)); // TODO: change theme too
/* @var $user_current_object UsersItem */
$username = $this->Application->GetVar('username');
$email = $this->Application->GetVar('email');
$found = false;
$allow_reset = true;
if (strlen($username)) {
$user_object->Load($username, 'Login');
if ($user_object->isLoaded()) {
$found = ($user_object->GetDBField("Login")==$username && $user_object->GetDBField("Status")==1) && strlen($user_object->GetDBField("Password"));
}
}
else if(strlen($email)) {
$user_object->Load($email, 'Email');
if ($user_object->isLoaded()) {
$found = ($user_object->GetDBField("Email")==$email && $user_object->GetDBField("Status")==1) && strlen($user_object->GetDBField("Password"));
}
}
if ($user_object->isLoaded()) {
$PwResetConfirm = $user_object->GetDBField('PwResetConfirm');
$PwRequestTime = $user_object->GetDBField('PwRequestTime');
$PassResetTime = $user_object->GetDBField('PassResetTime');
//$MinPwResetDelay = $user_object->GetDBField('MinPwResetDelay');
$MinPwResetDelay = $this->Application->ConfigValue('Users_AllowReset');
$allow_reset = (strlen($PwResetConfirm) ?
adodb_mktime() > $PwRequestTime + $MinPwResetDelay :
adodb_mktime() > $PassResetTime + $MinPwResetDelay);
}
if ($found && $allow_reset) {
$this->Application->StoreVar('tmp_user_id', $user_object->GetDBField("PortalUserId"));
$this->Application->StoreVar('tmp_email', $user_object->GetDBField("Email"));
$confirm_template = $this->Application->GetVar('reset_confirm_template');
if (!$confirm_template) {
$this->Application->SetVar('reset_confirm_template', 'platform/login/forgotpass_reset');
}
$this->Application->EmailEventUser('USER.PSWDC', $user_object->GetDBField('PortalUserId'));
$event->redirect = $this->Application->GetVar('template_success');
}
else {
if (!strlen($username) && !strlen($email)) {
$user_current_object->SetError('Login', 'forgotpw_nodata', 'lu_ferror_forgotpw_nodata');
$user_current_object->SetError('Email', 'forgotpw_nodata', 'lu_ferror_forgotpw_nodata');
}
else {
if ($allow_reset) {
if (strlen($username)) {
$user_current_object->SetError('Login', 'unknown_username', 'lu_ferror_unknown_username');
}
if (strlen($email)) {
$user_current_object->SetError('Email', 'unknown_email', 'lu_ferror_unknown_email');
}
}
else {
if (strlen($username)) {
$user_current_object->SetError('Login', 'reset_denied', 'lu_ferror_reset_denied');
}
if (strlen($email)) {
$user_current_object->SetError('Email', 'reset_denied', 'lu_ferror_reset_denied');
}
}
}
if($user_current_object->FieldErrors){
$event->redirect = false;
}
}
}
/**
* Enter description here...
*
* @param kEvent $event
*/
function OnResetPassword(&$event)
{
$user_object =& $this->Application->recallObject('u.forgot');
if($user_object->Load($this->Application->RecallVar('tmp_user_id'))){
$this->Application->EmailEventUser('USER.PSWDC', $user_object->GetDBField("PortalUserId"));
$event->redirect = $this->Application->GetVar('template_success');
$m_cat_id = $this->Application->findModule('Name', 'In-Commerce', 'RootCat');
$this->Application->SetVar('m_cat_id', $m_cat_id);
$event->SetRedirectParam('pass', 'm');
}
}
function OnResetPasswordConfirmed(&$event)
{
// used for error reporting only -> rewrite code + theme (by Alex)
$user_current_object =& $this->Application->recallObject('u', null, Array('skip_autoload' => true));// TODO: change theme too
/* @var $user_current_object UsersItem */
$passed_key = trim($this->Application->GetVar('user_key'));
if (!$passed_key) {
$event->redirect_params = Array('opener' => 's', 'pass' => 'all');
$event->redirect = false;
$user_current_object->SetError('PwResetConfirm', 'code_is_not_valid', 'lu_code_is_not_valid');
}
$user_object =& $this->Application->recallObject('u.forgot', null, Array('skip_autoload' => true));
/* @var $user_object UsersItem */
$user_object->Load($passed_key, 'PwResetConfirm');
if ($user_object->isLoaded()) {
$exp_time = $user_object->GetDBField('PwRequestTime') + 3600;
$user_object->SetDBField('PwResetConfirm', '');
$user_object->SetDBField('PwRequestTime', 0);
if ($exp_time > adodb_mktime()) {
$newpw = makepassword4();
$this->Application->StoreVar('password', $newpw);
$user_object->SetDBField('Password', $newpw);
$user_object->SetDBField('PassResetTime', adodb_mktime());
$user_object->SetDBField('PwResetConfirm', '');
$user_object->SetDBField('PwRequestTime', 0);
$user_object->Update();
$this->Application->SetVar('ForgottenPassword', $newpw);
$email_event_user =& $this->Application->EmailEventUser('USER.PSWD', $user_object->GetDBField('PortalUserId'));
$email_event_admin =& $this->Application->EmailEventAdmin('USER.PSWD');
$this->Application->DeleteVar('ForgottenPassword');
if ($email_event_user->status == erSUCCESS) {
$event->redirect_params = array('opener' => 's', 'pass' => 'all');
$event->redirect = $this->Application->GetVar('template_success');
}
$user_object->SetDBField('Password', md5($newpw));
$user_object->Update();
} else {
$user_current_object->SetError('PwResetConfirm', 'code_expired', 'lu_code_expired');
$event->redirect = false;
}
} else {
$user_current_object->SetError('PwResetConfirm', 'code_is_not_valid', 'lu_code_is_not_valid');
$event->redirect = false;
}
}
function OnUpdate(&$event)
{
$cs_helper =& $this->Application->recallObject('CountryStatesHelper');
$cs_helper->CheckStateField($event, 'State', 'Country');
parent::OnUpdate($event);
$this->setNextTemplate($event);
}
/**
* Enter description here...
*
* @param kEvent $event
*/
function setNextTemplate(&$event)
{
if( !$this->Application->IsAdmin() )
{
$event->redirect_params['opener'] = 's';
$object =& $event->getObject();
if($object->GetDBField('Status') == STATUS_ACTIVE)
{
$next_template = $this->Application->GetVar('next_template');
if($next_template) $event->redirect = $next_template;
}
}
}
/**
* Delete users from groups if their membership is expired
*
* @param kEvent $event
*/
function OnCheckExpiredMembership(&$event)
{
// send pre-expiration reminders: begin
$pre_expiration = adodb_mktime() + $this->Application->ConfigValue('User_MembershipExpirationReminder') * 3600 * 24;
$sql = 'SELECT PortalUserId, GroupId
FROM '.TABLE_PREFIX.'UserGroup
WHERE (MembershipExpires IS NOT NULL) AND (ExpirationReminderSent = 0) AND (MembershipExpires < '.$pre_expiration.')';
$skip_clause = $event->getEventParam('skip_clause');
if ($skip_clause) {
$sql .= ' AND !('.implode(') AND !(', $skip_clause).')';
}
$records = $this->Conn->Query($sql);
if ($records) {
$conditions = Array();
foreach ($records as $record) {
$email_event_user =& $this->Application->EmailEventUser('USER.MEMBERSHIP.EXPIRATION.NOTICE', $record['PortalUserId']);
$email_event_admin =& $this->Application->EmailEventAdmin('USER.MEMBERSHIP.EXPIRATION.NOTICE');
$conditions[] = '(PortalUserId = '.$record['PortalUserId'].' AND GroupId = '.$record['GroupId'].')';
}
$sql = 'UPDATE '.TABLE_PREFIX.'UserGroup
SET ExpirationReminderSent = 1
WHERE '.implode(' OR ', $conditions);
$this->Conn->Query($sql);
}
// send pre-expiration reminders: end
// remove users from groups with expired membership: begin
$sql = 'SELECT PortalUserId
FROM '.TABLE_PREFIX.'UserGroup
WHERE (MembershipExpires IS NOT NULL) AND (MembershipExpires < '.adodb_mktime().')';
$user_ids = $this->Conn->GetCol($sql);
if ($user_ids) {
foreach ($user_ids as $id) {
$email_event_user =& $this->Application->EmailEventUser('USER.MEMBERSHIP.EXPIRED', $id);
$email_event_admin =& $this->Application->EmailEventAdmin('USER.MEMBERSHIP.EXPIRED');
}
}
$sql = 'DELETE FROM '.TABLE_PREFIX.'UserGroup
WHERE (MembershipExpires IS NOT NULL) AND (MembershipExpires < '.adodb_mktime().')';
$this->Conn->Query($sql);
// remove users from groups with expired membership: end
}
/**
* Enter description here...
*
* @param kEvent $event
*/
function OnRefreshForm(&$event)
{
$event->redirect = false;
$item_info = $this->Application->GetVar($event->Prefix_Special);
list($id, $fields) = each($item_info);
$object =& $event->getObject( Array('skip_autoload' => true) );
$object->setID($id);
$object->IgnoreValidation = true;
$object->SetFieldsFromHash($fields);
}
/**
* Sets persistant variable
*
* @param kEvent $event
*/
function OnSetPersistantVariable(&$event)
{
$field = $this->Application->GetVar('field');
$value = $this->Application->GetVar('value');
$this->Application->StorePersistentVar($field, $value);
$force_tab = $this->Application->GetVar('SetTab');
if ($force_tab) {
$this->Application->StoreVar('force_tab', $force_tab);
}
}
/**
* Overwritten to return user from order by special .ord
*
* @param kEvent $event
*/
function getPassedID(&$event)
{
switch ($event->Special) {
case 'ord':
$order =& $this->Application->recallObject('ord');
/* @var $order OrdersItem */
$id = $order->GetDBField('PortalUserId');
break;
case 'profile':
$id = $this->Application->GetVar('user_id');
if (!$id) {
// if none user_id given use current user id
$id = $this->Application->RecallVar('user_id');
}
break;
default:
$id = parent::getPassedID($event);
break;
}
return $id;
}
/**
* Allows to change root password
*
* @param kEvent $event
*/
function OnUpdateRootPassword(&$event)
{
return $this->OnUpdatePassword($event);
}
/**
* Allows to change root password
*
* @param kEvent $event
*/
function OnUpdatePassword(&$event)
{
$items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) );
if (!$items_info) return ;
list ($id, $field_values) = each($items_info);
$user_id = $this->Application->RecallVar('user_id');
if ($id == $user_id && ($user_id > 0 || $user_id == -1)) {
$user_dummy =& $this->Application->recallObject($event->Prefix.'.-item', null, Array('skip_autoload' => true));
/* @var $user_dummy kDBItem */
$user_dummy->Load($id);
$status_field = array_shift($this->Application->getUnitOption($event->Prefix, 'StatusField'));
if ($user_dummy->GetDBField($status_field) != STATUS_ACTIVE) {
// not active user is not allowed to update his record (he could not activate himself manually)
return false;
}
}
if ($user_id == -1) {
$object =& $event->getObject( Array('skip_autoload' => true) );
/* @var $object UsersItem */
// put salt to user's config
$field_options = $object->GetFieldOptions('RootPassword');
$field_options['salt'] = 'b38';
$object->SetFieldOptions('RootPassword', $field_options);
$verify_options = $object->GetFieldOptions('VerifyRootPassword');
$verify_options['salt'] = 'b38';
$object->SetFieldOptions('VerifyRootPassword', $verify_options);
// this is internal hack to allow root/root passwords for dev
if ($this->Application->isDebugMode() && $field_values['RootPassword'] == 'root') {
$this->Application->ConfigHash['Min_Password'] = 4;
}
$this->RemoveRequiredFields($object);
$object->SetDBField('RootPassword', $this->Application->ConfigValue('RootPass'));
$object->SetFieldsFromHash($field_values);
$object->setID(-1);
$status = $object->Validate();
if ($status) {
// validation on, password match too
$fields_hash = Array (
'VariableValue' => $object->GetDBField('RootPassword')
);
$conf_table = $this->Application->getUnitOption('conf', 'TableName');
$this->Conn->doUpdate($fields_hash, $conf_table, 'VariableName = "RootPass"');
$event->SetRedirectParam('opener', 'u');
}
else {
$event->status = erFAIL;
$event->redirect = false;
return;
}
}
else {
$object =& $event->getObject();
$object->SetFieldsFromHash($field_values);
if (!$object->Update()) {
$event->status = erFAIL;
$event->redirect = false;
}
}
$event->SetRedirectParam('opener', 'u');
$event->redirect == true;
}
/**
* Apply custom processing to item
*
* @param kEvent $event
*/
function customProcessing(&$event, $type)
{
if ($event->Name == 'OnCreate' && $type == 'before') {
$object =& $event->getObject();
/* @var $object kDBItem */
// if auto password has not been set already - store real one - to be used in email events
if (!$this->Application->GetVar('user_password')) {
$this->Application->SetVar('user_password', $object->GetDirtyField('Password'));
$object->SetDBField('Password_plain', $object->GetDirtyField('Password'));
}
// validate here, because subscribing procedure should not validate captcha code
if ($this->Application->ConfigValue('RegistrationCaptcha')) {
$captcha_helper =& $this->Application->recallObject('CaptchaHelper');
/* @var $captcha_helper kCaptchaHelper */
$captcha_helper->validateCode($event, false);
}
}
}
function OnMassResetSettings(&$event)
{
if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
return;
}
$event->status=erSUCCESS;
$ids = $this->StoreSelectedIDs($event);
$default_user_id = $this->Application->ConfigValue('DefaultSettingsUserId');
if (in_array($default_user_id, $ids)) {
array_splice($ids, array_search($default_user_id, $ids), 1);
}
if ($ids) {
$q = 'DELETE FROM '.TABLE_PREFIX.'PersistantSessionData WHERE PortalUserId IN ('.join(',', $ids).') AND
(VariableName LIKE "%_columns_%"
OR
VariableName LIKE "%_filter%"
OR
VariableName LIKE "%_PerPage%")';
$this->Conn->Query($q);
}
$this->clearSelectedIDs($event);
}
/**
* Checks, that currently loaded item is allowed for viewing (non permission-based)
*
* @param kEvent $event
* @return bool
*/
function checkItemStatus(&$event)
{
$object =& $event->getObject();
if (!$object->isLoaded()) {
return true;
}
$virtual_users = Array (-1, -2); // root, Guest
return ($object->GetDBField('Status') == STATUS_ACTIVE) || in_array($object->GetID(), $virtual_users);
}
/**
* Sends approved/declined email event on user status change
*
* @param kEvent $event
*/
function OnAfterItemUpdate(&$event)
{
$this->saveUserImages($event);
$object =& $event->getObject();
/* @var $object UsersItem */
if (!$this->Application->IsAdmin() || $object->IsTempTable()) {
return ;
}
$this->sendStatusChangeEvent($object->GetID(), $object->GetOriginalField('Status'), $object->GetDBField('Status'));
}
/**
* Stores user's original Status before overwriting with data from temp table
*
* @param kEvent $event
*/
function OnBeforeDeleteFromLive(&$event)
{
$user_status = $this->Application->GetVar('user_status');
if (!$user_status) {
$user_status = Array ();
}
$user_id = $event->getEventParam('id');
if ($user_id > 0) {
$user_status[$user_id] = $this->getUserStatus($user_id);
$this->Application->SetVar('user_status', $user_status);
}
}
/**
* Sends approved/declined email event on user status change (in temp tables during editing)
*
* @param kEvent $event
*/
function OnAfterCopyToLive(&$event)
{
$temp_id = $event->getEventParam('temp_id');
if ($temp_id == 0) {
// this is new user create, don't send email events
return ;
}
$new_status = $this->getUserStatus($temp_id);
$user_status = $this->Application->GetVar('user_status');
$this->sendStatusChangeEvent($temp_id, $user_status[$temp_id], $new_status);
}
/**
* Returns user status (active, pending, disabled) based on ID and temp mode setting
*
* @param int $user_id
* @return int
*/
function getUserStatus($user_id)
{
$id_field = $this->Application->getUnitOption($this->Prefix, 'IDField');
$table_name = $this->Application->getUnitOption($this->Prefix, 'TableName');
$sql = 'SELECT Status
FROM '.$table_name.'
WHERE '.$id_field.' = '.$user_id;
return $this->Conn->GetOne($sql);
}
/**
* Sends approved/declined email event on user status change
*
* @param int $user_id
* @param int $prev_status
* @param int $new_status
*/
function sendStatusChangeEvent($user_id, $prev_status, $new_status)
{
$status_events = Array (
STATUS_ACTIVE => 'USER.APPROVE',
STATUS_DISABLED => 'USER.DENY',
);
$email_event = isset($status_events[$new_status]) ? $status_events[$new_status] : false;
if (($prev_status != $new_status) && $email_event) {
$this->Application->EmailEventUser($email_event, $user_id);
$this->Application->EmailEventAdmin($email_event);
}
}
/**
* OnAfterConfigRead for users
*
* @param kEvent $event
*/
function OnAfterConfigRead(&$event)
{
parent::OnAfterConfigRead($event);
// 1. arrange user registration countries
$first_country = $this->Application->ConfigValue('User_Default_Registration_Country');
if ($first_country) {
// update user country dropdown sql
$fields = $this->Application->getUnitOption($event->Prefix, 'Fields');
$fields['Country']['options_sql'] = preg_replace('/ORDER BY (.*)/', 'ORDER BY IF (DestId = '.$first_country.', 1, 0) DESC, \\1', $fields['Country']['options_sql']);
$this->Application->setUnitOption($event->Prefix, 'Fields', $fields);
}
// 2. set default user registration group
$virtual_fields = $this->Application->getUnitOption($event->Prefix, 'VirtualFields');
$virtual_fields['UserGroup']['default'] = $this->Application->ConfigValue('User_NewGroup');
$this->Application->setUnitOption($event->Prefix, 'VirtualFields', $virtual_fields);
// 3. allow avatar upload on Front-End
$file_helper =& $this->Application->recallObject('FileHelper');
/* @var $file_helper FileHelper */
$file_helper->createItemFiles($event->Prefix, true); // create image fields
if ($this->Application->IsAdmin()) {
// 4. when in administrative console, then create all users with Active status
$fields = $this->Application->getUnitOption($event->Prefix, 'Fields');
// $fields['Password']['required'] = 1; // set password required (will broke approve/decline buttons)
$fields['Status']['default'] = STATUS_ACTIVE;
$this->Application->setUnitOption($event->Prefix, 'Fields', $fields);
// 5. remove groups tab on editing forms when AdvancedUserManagement config variable not set
if (!$this->Application->ConfigValue('AdvancedUserManagement')) {
$edit_tab_presets = $this->Application->getUnitOption($event->Prefix, 'EditTabPresets');
foreach ($edit_tab_presets as $preset_name => $preset_tabs) {
if (array_key_exists('groups', $preset_tabs)) {
unset($edit_tab_presets[$preset_name]['groups']);
if (count($edit_tab_presets[$preset_name]) == 1) {
// only 1 tab left -> remove it too
$edit_tab_presets[$preset_name] = Array ();
}
}
}
$this->Application->setUnitOption($event->Prefix, 'EditTabPresets', $edit_tab_presets);
}
}
}
/**
* OnMassCloneUsers
*
* @param kEvent $event
*/
function OnMassCloneUsers(&$event)
{
if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
return;
}
$event->status=erSUCCESS;
$ids = $this->StoreSelectedIDs($event);
$this->Application->SetVar('skip_set_primary', 1); // otherwise it will default primary group, search for skip_set_primary above
$temp_handler =& $this->Application->recallObject($event->Prefix.'_TempHandler', 'kTempTablesHandler');
/* @var $temp_handler kTempTablesHandler */
$cloned_users = $temp_handler->CloneItems($event->Prefix, '', $ids);
$this->clearSelectedIDs($event);
}
/**
* When cloning users, reset password (set random)
*
* @param kEvent $event
*/
function OnBeforeClone(&$event)
{
$object =& $event->getObject();
/* @var $object kDBItem */
$object->setRequired('Password', 0);
$object->setRequired('VerifyPassword', 0);
$object->SetDBField('Password', rand(100000000, 999999999));
$object->SetDBField('CreatedOn', adodb_mktime());
$object->SetDBField('ResourceId', false); // this will reset it
// change email cause it should be unique
$object->NameCopy(array(), $object->GetID(), 'Email', 'copy%1$s.%2$s');
$object->UpdateFormattersSubFields();
}
/**
* Copy user groups after copying user
*
* @param kEvent $event
*/
function OnAfterClone(&$event)
{
$id = $event->getEventParam('id');
$original_id = $event->getEventParam('original_id');
$sql = 'INSERT '.TABLE_PREFIX."UserGroup SELECT $id, GroupId, MembershipExpires, PrimaryGroup, 0 FROM ".TABLE_PREFIX."UserGroup WHERE PortalUserId = $original_id";
$this->Conn->Query($sql);
}
/**
* Saves selected ids to session
*
* @param kEvent $event
*/
function OnSaveSelected(&$event)
{
$this->StoreSelectedIDs($event);
// remove current ID, otherwise group selector will use it in filters
$this->Application->DeleteVar($event->getPrefixSpecial(true).'_id');
}
/**
* Adds selected link to listing
*
* @param kEvent $event
*/
function OnProcessSelected(&$event)
{
$event->SetRedirectParam('opener', 'u');
$user_ids = $this->getSelectedIDs($event, true);
$this->clearSelectedIDs($event);
$dst_field = $this->Application->RecallVar('dst_field');
if ($dst_field != 'PrimaryGroupId') {
return ;
}
$group_ids = $this->Application->GetVar('g');
$primary_group_id = $group_ids ? array_shift( array_keys($group_ids) ) : false;
if (!$user_ids || !$primary_group_id) {
return ;
}
$table_name = $this->Application->getUnitOption('ug', 'TableName');
$sql = 'SELECT PortalUserId
FROM '.$table_name.'
WHERE (GroupId = '.$primary_group_id.') AND (PortalUserId IN ('.implode(',', $user_ids).'))';
$existing_members = $this->Conn->GetCol($sql);
// 1. reset primary group mark
$sql = 'UPDATE '.$table_name.'
SET PrimaryGroup = 0
WHERE PortalUserId IN ('.implode(',', $user_ids).')';
$this->Conn->Query($sql);
foreach ($user_ids as $user_id) {
if (in_array($user_id, $existing_members)) {
// 2. already member of that group -> just make primary
$sql = 'UPDATE '.$table_name.'
SET PrimaryGroup = 1
WHERE (PortalUserId = '.$user_id.') AND (GroupId = '.$primary_group_id.')';
$this->Conn->Query($sql);
}
else {
// 3. not member of that group -> make member & make primary
$fields_hash = Array (
'GroupId' => $primary_group_id,
'PortalUserId' => $user_id,
'PrimaryGroup' => 1,
);
$this->Conn->doInsert($fields_hash, $table_name);
}
}
}
/**
* Loads user images
*
* @param kEvent $event
*/
function OnAfterItemLoad(&$event)
{
parent::OnAfterItemLoad($event);
// linking existing images for item with virtual fields
$image_helper =& $this->Application->recallObject('ImageHelper');
/* @var $image_helper ImageHelper */
$object =& $event->getObject();
/* @var $object kDBItem */
$image_helper->LoadItemImages($object);
}
/**
* Save user images
*
* @param kEvent $event
*/
function saveUserImages(&$event)
{
if (!$this->Application->IsAdmin()) {
$image_helper =& $this->Application->recallObject('ImageHelper');
/* @var $image_helper ImageHelper */
$object =& $event->getObject();
/* @var $object kDBItem */
// process image upload in virtual fields
$image_helper->SaveItemImages($object);
}
}
/**
* Checks, if given user fields matches at least one of defined ban rules
*
* @param kDBItem $object
* @return bool
*/
function checkBanRules(&$object)
{
$table = $this->Application->getUnitOption('ban-rule', 'TableName');
if (!$this->Conn->TableFound($table)) {
// when ban table not found -> assume user is ok by default
return true;
}
$sql = 'SELECT *
FROM '.$table.'
WHERE ItemType = 6 AND Status = ' . STATUS_ACTIVE . '
ORDER BY Priority DESC';
$rules = $this->Conn->Query($sql);
$found = false;
foreach ($rules as $rule) {
$field = $rule['ItemField'];
$this_value = strtolower( $object->GetDBField($field) );
$test_value = strtolower( $rule['ItemValue'] );
switch ($rule['ItemVerb']) {
/*case 0: // any
$found = true;
break;*/
case 1: // is
if ($this_value == $test_value) {
$found = true;
}
break;
/*case 2: // is not
if ($this_value != $test_value) {
$found = true;
}
break;*/
case 3: // contains
if (strstr($this_value, $test_value)) {
$found = true;
}
break;
/*case 4: // not contains
if (!strstr($this_value, $test_value)) {
$found = true;
}
break;
case 5: // Greater Than
if ($test_value > $this_value) {
$found = true;
}
break;
case 6: // Less Than
if ($test_value < $this_value) {
$found = true;
}
break;
case 7: // exists
if (strlen($this_value) > 0) {
$found = true;
}
break;
case 8: // unique
if ($this->ValueExists($field, $this_value)) {
$found = true;
}
break;*/
}
if ($found) {
break;
}
}
return !$found;
}
}
?>
\ No newline at end of file
Index: branches/RC/core/units/general/helpers/permissions_helper.php
===================================================================
--- branches/RC/core/units/general/helpers/permissions_helper.php (revision 11864)
+++ branches/RC/core/units/general/helpers/permissions_helper.php (revision 11865)
@@ -1,670 +1,668 @@
<?php
class kPermissionsHelper extends kHelper {
/**
* Current set of permissions for group being edited
*
* @var Array
*/
var $Permissions = Array();
function LoadPermissions($group_id, $cat_id, $type = 1, $prefix = '')
{
$perm_table = $this->Application->getUnitOption('perm', 'TableName');
$perm_table = $this->Application->GetTempName($perm_table, 'prefix:'.$prefix);
$sql = 'SELECT *
FROM '.$perm_table.'
WHERE (GroupId = '.$group_id.') AND (CatId = '.$cat_id.') AND (Type = '.$type.')';
$permissions = $this->Conn->Query($sql, 'Permission');
$this->Permissions = Array();
foreach ($permissions as $perm_name => $perm_options) {
$perm_record['value'] = $perm_options['PermissionValue'];
$perm_record['id'] = $perm_options['PermissionId'];
$this->Permissions[$perm_name] = $perm_record;
}
}
function getPermissionValue($perm_name)
{
return isset($this->Permissions[$perm_name]) ? $this->Permissions[$perm_name]['value'] : 0;
}
function getPermissionID($perm_name)
{
return isset($this->Permissions[$perm_name]) ? $this->Permissions[$perm_name]['id'] : 0;
}
/**
* This is old permission like ADMIN or LOGIN
*
* @param string $section_name
* @param string $perm_name
* @return bool
*/
function isOldPermission($section_name, $perm_name)
{
return $section_name == 'in-portal:root' && $perm_name != 'view';
}
/**
* Returns permission names to check based on event name and item prefix (main item or subitem)
*
* @param kEvent $event
* @return Array
*/
function getPermissionByEvent(&$event, $perm_mapping)
{
$top_prefix = $event->getEventParam('top_prefix');
$pefix_type = ($top_prefix == $event->Prefix) ? 'self' : 'subitem';
$perm_mapping = getArrayValue($perm_mapping, $event->Name);
if (!$perm_mapping[$pefix_type]) {
trigger_error('Permission mappings not defined for event <b>'.$top_prefix.' <- '.$event->Prefix.':'.$event->Name.'</b>', E_USER_ERROR);
}
if ($perm_mapping[$pefix_type] === true) {
// event is defined in mapping but is not checked by permissions
return true;
}
return explode('|', $perm_mapping[$pefix_type]);
}
/**
* Common event permission checking method
*
* @param kEvent $event
*/
function CheckEventPermission(&$event, $perm_mapping)
{
$section = $event->getSection();
if (preg_match('/^CATEGORY:(.*)/', $section)) {
return $this->CheckEventCategoryPermission($event, $perm_mapping);
}
$top_prefix = $event->getEventParam('top_prefix');
$check_perms = $this->getPermissionByEvent($event, $perm_mapping);
if ($check_perms === true) {
// event is defined in mapping but is not checked by permissions
return true;
}
$perm_status = false;
foreach ($check_perms as $perm_name) {
// check if at least one of required permissions is set
$perm_name = $section.'.'.$perm_name;
$perm_status = $this->CheckPermission($perm_name, 1);
if (($perm_name == $section.'.add') && $perm_status && ($top_prefix == $event->Prefix)) {
// main item, add permission allowed, but ID is > 0, then deny permission
// how to get id here
}
if ($perm_status) {
return $perm_status;
}
}
return $this->finalizePermissionCheck($event, $perm_status);
}
/**
* Returns owner + primary category for each item (used for permission checking)
*
* @param string $prefix
* @param string $ids
* @param bool $temp_mode
* @return Array
* @author Alex
*/
function GetCategoryItemData($prefix, $ids, $temp_mode = false)
{
if (is_array($ids)) {
$ids = implode(',', $ids);
}
$id_field = $this->Application->getUnitOption($prefix, 'IDField');
$table_name = $this->Application->getUnitOption($prefix, 'TableName');
$ci_table = $this->Application->getUnitOption('ci', 'TableName');
if ($temp_mode) {
$table_name = $this->Application->GetTempName($table_name, 'prefix:' . $prefix);
$ci_table = $this->Application->GetTempName($ci_table, 'prefix:' . $prefix);
}
$owner_field = $this->Application->getUnitOption($prefix, 'OwnerField');
if (!$owner_field) {
$owner_field = 'CreatedById';
}
$sql = 'SELECT item_table.'.$id_field.', item_table.'.$owner_field.' AS CreatedById, ci.CategoryId
FROM '.$table_name.' item_table
LEFT JOIN '.$ci_table.' ci ON ci.ItemResourceId = item_table.ResourceId
WHERE item_table.'.$id_field.' IN ('.$ids.') AND (ci.PrimaryCat = 1)';
return $this->Conn->Query($sql, $id_field);
}
/**
* Check category-based permissions for category items
*
* @param kEvent $event
*/
function _frontCheckEventCategoryPermission(&$event, $event_perm_mapping)
{
// mapping between specific permissions and common permissions
static $perm_mapping = Array(
'add' => 'ADD', 'add.pending' => 'ADD.PENDING', 'edit' => 'MODIFY',
'edit.pending' => 'MODIFY.PENDING', 'delete' => 'DELETE', 'view' => 'VIEW'
);
$top_prefix = $event->getEventParam('top_prefix');
$event_handler =& $this->Application->recallObject($event->Prefix.'_EventHandler');
/* @var $event_handler kCatDBEventHandler */
$raise_warnings = $event->getEventParam('raise_warnings');
$event->setEventParam('raise_warnings', 0);
if ($event->Prefix != $top_prefix) {
$top_event = new kEvent($top_prefix.':'.$event->Name);
$id = $event_handler->getPassedID($top_event);
}
else {
$id = $event_handler->getPassedID($event);
}
$event->setEventParam('raise_warnings', $raise_warnings);
$owner_id = -1; // owner is root if not detected
if (!$id) {
// item being created -> check by current (before editing started, saved in OnPreCreate event) category permissions
// note: category in session is placed on catalog data import start
$category_id = $this->Application->IsAdmin() ? $this->Application->RecallVar('m_cat_id') : $this->Application->GetVar('m_cat_id');
}
elseif ($top_prefix == 'c' || $top_prefix == 'st') {
$category_id = $id;
}
else {
// item being edited -> check by it's primary category permissions
$items_info = $this->GetCategoryItemData($top_prefix, $id);
$category_id = $items_info[$id]['CategoryId'];
$owner_id = $items_info[$id]['CreatedById'];
}
// specific permission check for pending & owner permissions: begin
$uploader_events = Array ('OnUploadFile', 'OnDeleteFile', 'OnViewFile');
if (in_array($event->Name, $uploader_events)) {
// don't recall target object during uploader-related, because OnItemLoad will use incorrect
// $user_id in Firefox (during Flash problems session will be used from Internet Exploere)
$new_item = false;
}
else {
$new_item = $this->Application->IsAdmin() && $event_handler->isNewItemCreate($event) ? true : false;
$check_status = $this->checkCombinedPermissions($event, $owner_id, (int)$category_id, $new_item);
}
if (isset($check_status)) {
return $this->finalizePermissionCheck($event, $check_status);
}
// specific permission check for pending & owner permissions: end
$perm_status = false;
$check_perms = $this->getPermissionByEvent($event, $event_perm_mapping);
if ($check_perms === true) {
// event is defined in mapping but is not checked by permissions
return true;
}
$item_prefix = $this->Application->getUnitOption($top_prefix, 'PermItemPrefix');
foreach ($check_perms as $perm_name) {
// check if at least one of required permissions is set
if (!isset($perm_mapping[$perm_name])) {
// not mapped permission (e.g. advanced:approve) -> skip
continue;
}
$perm_name = $item_prefix.'.'.$perm_mapping[$perm_name];
$perm_status = $this->CheckPermission($perm_name, 0, (int)$category_id);
if ($perm_status) {
return $perm_status;
}
}
return $this->finalizePermissionCheck($event, $perm_status);
}
/**
* Finalizes permission checking (with additional debug output, when in debug mode)
*
* @param kEvent $event
* @param bool $perm_status
* @return bool
*/
function finalizePermissionCheck(&$event, $perm_status)
{
if (!$perm_status) {
if ($this->Application->isDebugMode()) {
// for debugging purposes
$event->SetRedirectParam('section', $event->getSection());
$event->SetRedirectParam('main_prefix', $event->getEventParam('top_prefix'));
$event->SetRedirectParam('event_name', $event->Name);
$event->SetRedirectParam('next_template', $this->Application->GetVar('t'));
}
$event->status = erPERM_FAIL;
}
return $perm_status;
}
/**
* Allows to check combined permissions (*.owner, *.pending) for add/modify/delete operations from admin & front-end
*
* @param kEvent $event
* @param int $owner_id
* @param int $category_id
* @param bool $new_item
* @return mixed
*/
function checkCombinedPermissions(&$event, $owner_id, $category_id, $new_item = false)
{
$ret = null; // true/false when used, null when not used
$top_prefix = $event->getEventParam('top_prefix');
// check admin permission
if (substr($event->Name, 0, 9) == 'OnPreSave') {
if ($new_item) {
$ret = $this->AddCheckPermission($category_id, $top_prefix);
}
else {
// add & modify because $new_item is false, when item is aready created & then saved in temp table (even with 0 id)
$ret = $this->AddCheckPermission($category_id, $top_prefix) ||
$this->ModifyCheckPermission($owner_id, $category_id, $top_prefix);
}
}
// check front-end permissions
switch ($event->Name) {
case 'OnCreate':
$ret = $this->AddCheckPermission($category_id, $top_prefix);
break;
case 'OnUpdate':
$ret = $this->ModifyCheckPermission($owner_id, $category_id, $top_prefix);
break;
case 'OnDelete':
case 'OnMassDelete':
$ret = $this->DeleteCheckPermission($owner_id, $category_id, $top_prefix);
break;
}
if ($ret === 0) {
// permission check failed (user has no permission)
$event->status = erPERM_FAIL;
}
return $ret;
}
/**
* Simplified permission check for category items, when adding/editing them from advanced view.
*
* @param kEvent $event
* @return mixed
*/
function CheckEventCategoryPermission(&$event, $event_perm_mapping)
{
if (!$this->Application->IsAdmin()) {
// check front-end permission by old scheme
return $this->_frontCheckEventCategoryPermission($event, $event_perm_mapping);
}
if (substr($event->Name, 0, 9) == 'OnPreSave') {
// check separately, because permission mapping is not defined for OnPreSave* events
$check_perms = Array ('add', 'edit');
}
else {
$check_perms = $this->getPermissionByEvent($event, $event_perm_mapping);
}
if ($check_perms === true) {
// event is defined in mapping but is not checked by permissions
return true;
}
// 1. most of events does require admin login only
$perm_status = $this->Application->LoggedIn() && $this->Application->IsAdmin();
// 2. in case, when event require more, then "view" right, then restrict it to temporary tables only
if (!in_array('view', $check_perms)) {
$perm_status = $perm_status && $this->Application->IsTempMode($event->Prefix, $event->Special);
}
return $this->finalizePermissionCheck($event, $perm_status);
}
function TagPermissionCheck($params, $is_owner = false)
{
$perm_prefix = getArrayValue($params, 'perm_prefix');
$perm_event = getArrayValue($params, 'perm_event');
$permission_groups = getArrayValue($params, 'permissions');
if ($permission_groups && !$perm_event) {
// check permissions by permission names in current category
$permission_groups = explode('|', $permission_groups);
$group_has_permission = false;
$perm_category = isset($params['cat_id']) ? $params['cat_id'] : $this->Application->GetVar('m_cat_id');
if ($perm_prefix) {
// use primary category of item with id from {perm_prefix}_id as base for permission checking
$perm_category = $this->getPrimaryCategory($perm_prefix);
}
$is_system = isset($params['system']) && $params['system'] ? 1 : 0;
foreach ($permission_groups as $permission_group) {
$permissions = explode(',', $permission_group);
$has_permission = true;
foreach ($permissions as $permission) {
$owner_checked = (strpos($permission, '.OWNER.') !== false) ? $is_owner : true;
$has_permission = $has_permission && $this->CheckPermission($permission, $is_system, $perm_category) && $owner_checked;
}
$group_has_permission = $group_has_permission || $has_permission;
if ($group_has_permission) {
return true;
}
}
return false;
}
elseif ($perm_event) {
// check permission by event name
list ($prefix, $event) = explode(':', $perm_event);
$event_handler =& $this->Application->recallObject($prefix.'_EventHandler');
return $event_handler->CheckPermission( new kEvent($perm_event) );
}
return true;
}
/**
* Returns item's primary category (get item_id from request)
*
* @param string $prefix
* @return int
*/
function getPrimaryCategory($prefix)
{
$id_field = $this->Application->getUnitOption($prefix, 'IDField');
$table_name = $this->Application->getUnitOption($prefix, 'TableName');
$id = $this->Application->GetVar($prefix.'_id');
if (!$id) return $this->Application->GetVar('m_cat_id');
$sql = 'SELECT ResourceId
FROM '.$table_name.'
WHERE '.$id_field.' = '.$id;
$resource_id = $this->Conn->GetOne($sql);
$sql = 'SELECT CategoryId
FROM '.$this->Application->getUnitOption('ci', 'TableName').'
WHERE ItemResourceId = '.$resource_id.' AND PrimaryCat = 1';
return $this->Conn->GetOne($sql);
}
/**
* Returns no permission template to redirect to
*
* @param Array $params
* @return Array
*/
function getPermissionTemplate($params)
{
$t = $this->Application->GetVar('t');
if ($next_t = getArrayValue($params, 'next_template')) {
$t = $next_t;
}
- $redirect_params = $this->Application->HttpQuery->getRedirectParams();
- $redirect_params['lang_mode'] = '';
- $redirect_params['m_wid'] = '';
+ $redirect_params = $this->Application->HttpQuery->getRedirectParams(true);
if (array_key_exists('pass_category', $params)) {
$redirect_params['pass_category'] = $params['pass_cateogry'];
}
if (!$this->Application->LoggedIn()) {
- $redirect_template = $params['login_template'];
+ $redirect_template = array_key_exists('login_template', $params) ? $params['login_template'] : '';
if (!$redirect_template && $this->Application->IsAdmin()) {
$redirect_template = 'login';
}
$redirect_params['next_template'] = $t;
}
else {
if (isset($params['no_permissions_template'])) {
$redirect_template = $params['no_permissions_template'];
}
else {
$redirect_template = $this->Application->IsAdmin() ? 'no_permission' : $this->Application->ConfigValue('NoPermissionTemplate');
}
if ($this->Application->isDebugMode()) {
$redirect_params['from_template'] = 1;
$redirect_params['perms'] = $params[ isset($params['permissions']) ? 'permissions' : 'perm_event' ];
$redirect_params['next_template'] = $t;
}
}
if (isset($params['index_file']) && $params['index_file']) {
$redirect_params['index_file'] = $params['index_file'];
}
return Array($redirect_template, $redirect_params);
}
/**
* Check current user permissions based on it's group permissions in specified category (for non-system permissions) or just checks if system permission is set
*
* @param string $name permission name
* @param int $cat_id category id, current used if not specified
* @param int $type permission type {1 - system, 0 - per category}
* @return int
*/
function CheckPermission($name, $type = 1, $cat_id = null)
{
$user_id = $this->Application->RecallVar('user_id');
return $this->CheckUserPermission($user_id, $name, $type, $cat_id);
}
function CheckUserPermission($user_id, $name, $type = 1, $cat_id = null)
{
if ($user_id == -1) {
// "root" is allowed anywhere
return $name == 'SYSTEM_ACCESS.READONLY' ? 0 : 1;
}
if ($type == 1) {
// "system" permission are always checked per "Home" category (ID = 0)
$cat_id = 0;
}
if (!isset($cat_id)) {
$cat_id = $this->Application->GetVar('m_cat_id');
}
$cache_key = $name.'|'.$type.'|'.$cat_id;
$perm_value = $this->Application->getCache('permissions', $cache_key);
if ($perm_value !== false) {
return $perm_value;
}
// perm cache is build only based on records in db, that's why if permission is not explicitly denied, then
// that (perm cache creator) code thinks that it is allowed & adds corresponding record and code below will
// return incorrect results
if ($user_id == $this->Application->RecallVar('user_id')) {
$groups = explode(',', $this->Application->RecallVar('UserGroups'));
}
else { // checking not current user
$sql = 'SELECT GroupId
FROM '.TABLE_PREFIX.'UserGroup
WHERE (PortalUserId = '.$user_id.') AND ( (MembershipExpires IS NULL) OR ( MembershipExpires >= UNIX_TIMESTAMP() ) )';
$groups = $this->Conn->GetCol($sql);
array_push($groups, $this->Application->ConfigValue('User_LoggedInGroup') );
}
if (preg_match('/(.*)\.VIEW$/', $name) && ($type == 0)) {
// cached view permission of category: begin
if (strpos($cat_id, '|') !== false) {
$category_path = explode('|', substr($cat_id, 1, -1));
$cat_id = end($category_path);
}
$sql = 'SELECT PermissionConfigId
FROM '.TABLE_PREFIX.'PermissionConfig
WHERE PermissionName = '.$this->Conn->qstr($name);
$perm_id = $this->Conn->GetOne($sql);
$sql = 'SELECT PermId
FROM '.TABLE_PREFIX.'PermCache
WHERE (PermId = '.$perm_id.') AND (CategoryId = '.$cat_id.')';
$view_filters = Array();
foreach ($groups as $group) {
$view_filters[] = 'FIND_IN_SET('.$group.', ACL)';
}
$sql .= ' AND ('.implode(' OR ', $view_filters).')';
$perm_value = $this->Conn->GetOne($sql) ? 1 : 0;
$this->Application->setCache('permissions', $cache_key, $perm_value);
return $perm_value;
// cached view permission of category: end
}
if (is_numeric($cat_id) && $cat_id == 0) {
$cat_hierarchy = Array(0);
}
else {
if (strpos($cat_id, '|') !== false) {
$cat_hierarchy = $cat_id;
}
else {
$sql = 'SELECT ParentPath
FROM '.$this->Application->getUnitOption('c', 'TableName').'
WHERE CategoryId = '.$cat_id;
$cat_hierarchy = $this->Conn->GetOne($sql);
if ($cat_hierarchy === false) {
// category was deleted, but refrence to it stays in other tables -> data integrity is broken
$cat_hierarchy = '|' . $this->Application->findModule('Name', 'Core', 'RootCat') . '|';
}
}
$cat_hierarchy = explode('|', substr($cat_hierarchy, 1, -1));
$cat_hierarchy = array_reverse($cat_hierarchy);
array_push($cat_hierarchy, 0);
}
$perm_value = 0;
$groups = implode(',',$groups);
foreach ($cat_hierarchy as $category_id) {
$sql = 'SELECT SUM(PermissionValue)
FROM '.TABLE_PREFIX.'Permissions
WHERE Permission = "'.$name.'" AND CatId = '.$category_id.' AND GroupId IN ('.$groups.') AND Type = '.$type;
$res = $this->Conn->GetOne($sql);
if ($res !== false && !is_null($res)) {
$perm_value = $res ? 1 : 0;
break;
}
}
$this->Application->setCache('permissions', $cache_key, $perm_value);
return $perm_value;
}
/**
* Allows to check MODIFY & OWNER.MODFY +/- PENDING permission combinations on item
*
* @param int $owner_id user_id, that is owner of the item
* @param int $category_id primary category of item
* @param string $prefix prefix of item
* @return int {0 - no MODIFY permission, 1 - has MODIFY permission, 2 - has MODIFY.PENDING permission}
*/
function ModifyCheckPermission($owner_id, $category_id, $prefix)
{
$perm_prefix = $this->Application->getUnitOption($prefix, 'PermItemPrefix');
$live_modify = $this->CheckPermission($perm_prefix.'.MODIFY', ptCATEGORY, $category_id);
if ($live_modify) {
return 1;
}
else if ($this->CheckPermission($perm_prefix.'.MODIFY.PENDING', ptCATEGORY, $category_id)) {
return 2;
}
if ($owner_id == $this->Application->RecallVar('user_id')) {
// user is item's OWNER -> check this permissions first
$live_modify = $this->CheckPermission($perm_prefix.'.OWNER.MODIFY', ptCATEGORY, $category_id);
if ($live_modify) {
return 1;
}
else if ($this->CheckPermission($perm_prefix.'.OWNER.MODIFY.PENDING', ptCATEGORY, $category_id)) {
return 2;
}
}
return 0;
}
/**
* Allows to check DELETE & OWNER.DELETE permission combinations on item
*
* @param int $owner_id user_id, that is owner of the item
* @param int $category_id primary category of item
* @param string $prefix prefix of item
* @return int {0 - no DELETE permission, 1 - has DELETE/OWNER.DELETE permission}
*/
function DeleteCheckPermission($owner_id, $category_id, $prefix)
{
$perm_prefix = $this->Application->getUnitOption($prefix, 'PermItemPrefix');
$live_delete = $this->CheckPermission($perm_prefix.'.DELETE', ptCATEGORY, $category_id);
if ($live_delete) {
return 1;
}
if ($owner_id == $this->Application->RecallVar('user_id')) {
// user is item's OWNER -> check this permissions first
$live_delete = $this->CheckPermission($perm_prefix.'.OWNER.DELETE', ptCATEGORY, $category_id);
if ($live_delete) {
return 1;
}
}
return 0;
}
/**
* Allows to check ADD +/- PENDING permission combinations on item
*
* @param int $category_id primary category of item
* @param string $prefix prefix of item
* @return int {0 - no ADD permission, 1 - has ADD permission, 2 - has ADD.PENDING permission}
*/
function AddCheckPermission($category_id, $prefix)
{
$perm_prefix = $this->Application->getUnitOption($prefix, 'PermItemPrefix');
$live_add = $this->CheckPermission($perm_prefix.'.ADD', ptCATEGORY, $category_id);
if ($live_add) {
return 1;
}
else if ($this->CheckPermission($perm_prefix.'.ADD.PENDING', ptCATEGORY, $category_id)) {
return 2;
}
return 0;
}
}
?>
\ No newline at end of file
Index: branches/RC/core/admin_templates/tools/sql_query.tpl
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Index: branches/RC/core/admin_templates/js/script.js
===================================================================
--- branches/RC/core/admin_templates/js/script.js (revision 11864)
+++ branches/RC/core/admin_templates/js/script.js (revision 11865)
@@ -1,1763 +1,1769 @@
if ( !( isset($init_made) && $init_made ) ) {
var Application = new kApplication();
var Grids = new Array();
var GridScrollers = new Array ();
var Toolbars = new Array();
var $Menus = new Array();
var $ViewMenus = new Array();
var $nls_menus = new Array();
var $MenuNames = new Array();
var $form_name = 'kernel_form';
if(!$fw_menus) var $fw_menus = new Array();
var $env = '';
var submitted = false;
var unload_legal = false;
var $edit_mode = false;
var $init_made = true; // in case of double inclusion of script.js :)
// hook processing
var hBEFORE = 1; // this is const, but including this twice causes errors
var hAFTER = 2; // this is const, but including this twice causes errors
replaceFireBug();
}
function use_popups($prefix_special, $event) {
return $use_popups;
}
function getArrayValue()
{
var $value = arguments[0];
var $current_key = 0;
$i = 1;
while ($i < arguments.length) {
$current_key = arguments[$i];
if (isset($value[$current_key])) {
$value = $value[$current_key];
}
else {
return false;
}
$i++;
}
return $value;
}
function setArrayValue()
{
// first argument - array, other arguments - keys (arrays too), last argument - value
var $array = arguments[0];
var $current_key = 0;
$i = 1;
while ($i < arguments.length - 1) {
$current_key = arguments[$i];
if (!isset($array[$current_key])) {
$array[$current_key] = new Array();
}
$array = $array[$current_key];
$i++;
}
$array[$array.length] = arguments[arguments.length - 1];
}
function resort_grid($prefix_special, $field, $ajax)
{
set_form($prefix_special, $ajax);
set_hidden_field($prefix_special + '_Sort1', $field);
submit_event($prefix_special, 'OnSetSorting', null, null, $ajax);
}
function direct_sort_grid($prefix_special, $field, $direction, $field_pos, $ajax)
{
if(!isset($field_pos)) $field_pos = 1;
set_form($prefix_special, $ajax);
set_hidden_field($prefix_special+'_Sort'+$field_pos,$field);
set_hidden_field($prefix_special+'_Sort'+$field_pos+'_Dir',$direction);
set_hidden_field($prefix_special+'_SortPos',$field_pos);
submit_event($prefix_special,'OnSetSortingDirect', null, null, $ajax);
}
function reset_sorting($prefix_special, $ajax)
{
submit_event($prefix_special,'OnResetSorting', null, null, $ajax);
}
function set_per_page($prefix_special, $per_page, $ajax)
{
set_form($prefix_special, $ajax);
set_hidden_field($prefix_special + '_PerPage', $per_page);
submit_event($prefix_special, 'OnSetPerPage', null, null, $ajax);
}
function set_refresh_interval($prefix_special, $refresh_interval, $ajax)
{
set_form($prefix_special, $ajax);
set_hidden_field('refresh_interval', $refresh_interval);
submit_event($prefix_special, 'OnSetAutoRefreshInterval', null, null, $ajax);
}
function submit_event(prefix_special, event, t, form_action, $ajax)
{
if (!Application.processHooks(prefix_special + ':' + event)) {
return false;
}
if ($ajax) {
return $Catalog.submit_event(prefix_special, event, t);
}
if (event) {
set_hidden_field('events[' + prefix_special + ']', event);
}
if (t) set_hidden_field('t', t);
if (form_action) {
var old_env = '';
if (!form_action.match(/\?/)) {
document.getElementById($form_name).action.match(/.*(\?.*)/);
old_env = RegExp.$1;
}
document.getElementById($form_name).action = form_action + old_env;
}
submit_kernel_form();
// reset remove special mark (otherwise all future events will have special removed too)
set_hidden_field('remove_specials[' + prefix_special + ']', null);
}
function submit_action($url, $action)
{
$form = document.getElementById($form_name);
$form.action = $url;
set_hidden_field('Action', $action);
submit_kernel_form();
}
function show_form_data()
{
var $kf = document.getElementById($form_name);
$ret = '';
for(var i in $kf.elements)
{
$elem = $kf.elements[i];
$ret += $elem.id + ' = ' + $elem.value + "\n";
}
alert($ret);
}
function submit_kernel_form()
{
if (submitted) {
return;
}
submitted = true;
unload_legal = true; // bug: when opening new popup from this window, then this window is not refreshed and this mark stays forever
var $form = document.getElementById($form_name);
if (typeof $form.onsubmit == 'function') {
$form.onsubmit();
}
$form.submit();
$form.target = '';
set_hidden_field('t', t);
window.setTimeout(function() {submitted = false}, 500);
}
function set_event(prefix_special, event)
{
var event_field=document.getElementById('events[' + prefix_special + ']');
if(isset(event_field))
{
event_field.value = event;
}
}
function isset(variable)
{
if(variable==null) return false;
return (typeof(variable)=='undefined')?false:true;
}
function in_array(needle, haystack)
{
return array_search(needle, haystack) != -1;
}
function array_search(needle, haystack)
{
for (var i=0; i<haystack.length; i++)
{
if (haystack[i] == needle) return i;
}
return -1;
}
function print_pre(variable, msg)
{
if (!isset(msg)) msg = '';
var s = msg;
for (prop in variable) {
s += prop+" => "+variable[prop] + "\n";
}
alert(s);
}
function go_to_page($prefix_special, $page, $ajax)
{
set_form($prefix_special, $ajax);
set_hidden_field($prefix_special + '_Page', $page);
submit_event($prefix_special, null, null, null, $ajax);
}
function go_to_list(prefix_special, tab)
{
set_hidden_field(prefix_special+'_GoTab', tab);
submit_event(prefix_special,'OnUpdateAndGoToTab',null);
}
function go_to_tab(prefix_special, tab)
{
set_hidden_field(prefix_special+'_GoTab', tab);
submit_event(prefix_special,'OnPreSaveAndGoToTab',null);
}
function go_to_id(prefix_special, id)
{
set_hidden_field(prefix_special+'_GoId', id);
submit_event(prefix_special,'OnPreSaveAndGo')
}
// in-portal compatibility functions: begin
function getScriptURL($script_name, tpl)
{
tpl = tpl ? '-'+tpl : '';
var $asid = get_hidden_field('sid');
return base_url+$script_name+'?env='+( isset($env)&&$env?$env:$asid )+tpl+'&en=0';
}
function OpenEditor(extra_env,TargetForm,TargetField)
{
// var $url = getScriptURL('admin/editor/editor_new.php');
var $url = getScriptURL('admin/index.php', 'popups/editor');
$url = $url+'&TargetForm='+TargetForm+'&TargetField='+TargetField+'&destform=popup';
if(extra_env.length>0) $url += extra_env;
openwin($url,'html_edit',800,575);
}
function OpenUserSelector(extra_env,TargetForm,TargetField)
{
var $url = getScriptURL('admin/users/user_select.php');
$url += '&destform='+TargetForm+'&Selector=radio&destfield='+TargetField+'&IdField=Login';
if(extra_env.length>0) $url += extra_env;
openwin($url,'user_select',800,575);
return false;
}
function OpenCatSelector(extra_env)
{
var $url = getScriptURL('admin/cat_select.php');
if(extra_env.length>0) $url += extra_env;
openwin($url,'catselect',750,400);
}
function OpenItemSelector(extra_env,$TargetForm)
{
var $url = getScriptURL('admin/relation_select.php') + '&destform='+$TargetForm;
if(extra_env.length>0) $url += extra_env;
openwin($url,'groupselect',750,400);
}
function OpenUserEdit($user_id, $extra_env)
{
var $url = getScriptURL('admin/users/adduser.php') + '&direct_id=' + $user_id;
if( isset($extra_env) ) $url += $extra_env;
window.location.href = $url;
}
function OpenLinkEdit($link_id, $extra_env)
{
var $url = getScriptURL('in-link/admin/addlink.php') + '&item=' + $link_id;
if( isset($extra_env) ) $url += $extra_env;
window.location.href = $url;
}
function OpenHelp($help_link)
{
// $help_link.match('http://(.*).lv/in-commerce/admin(.*)');
openwin($help_link,'HelpPopup',750,400);
}
function openEmailSend($url, $type, $prefix_special)
{
var $kf = document.getElementById($form_name);
var $prev_action = $kf.action;
var $prev_opener = get_hidden_field('m_opener');
$kf.action = $url;
set_hidden_field('m_opener', 'p');
$kf.target = 'sendmail';
set_hidden_field('idtype', 'group');
set_hidden_field('idlist', Grids[$prefix_special].GetSelected().join(',') );
openwin('','sendmail',750,400);
submit_kernel_form();
$kf.action = $prev_action;
set_hidden_field('m_opener', $prev_opener);
}
// in-portal compatibility functions: end
function InitTranslator(prefix, field, t, multi_line, $before_callback)
{
var $window_name = 'select_' + t.replace(/(\/|-)/g, '_');
var $options = {
onAfterShow: function () {
getFrame('main').initTranslatorOnAfterShow(prefix, field, t, multi_line, $before_callback);
}
};
openwin('', $window_name, 750, 400, $options);
}
function initTranslatorOnAfterShow(prefix, field, t, multi_line, $before_callback) {
var $popup_window = $('#' + TB.getId('TB_iframeContent')).get(0).contentWindow;
if (!$.isFunction($popup_window.onLoad)) {
// iframe onload happens on frame content change too -> don't react on it
return ;
}
var $window_name = 'select_' + t.replace(/(\/|-)/g, '_');
$popup_window.onLoad();
$popup_window.name = $window_name;
TB.setWindowMetaData('window_name', $window_name); // used to simulate window.opener functionality
var $opener = getWindowOpener($popup_window);
var $prev_opener = get_hidden_field('m_opener');
$opener.set_hidden_field('m_opener', 'p');
$opener.set_hidden_field('translator_wnd_name', $window_name);
$opener.set_hidden_field('translator_field', field);
$opener.set_hidden_field('translator_t', t);
$opener.set_hidden_field('translator_prefixes', prefix);
$opener.set_hidden_field('translator_multi_line', isset(multi_line) ? multi_line : 0);
if ($.isFunction($before_callback)) {
$before_callback($opener);
}
$opener.document.getElementById($opener.$form_name).target = $window_name;
var split_prefix = prefix.split(',');
$opener.submit_event(split_prefix[0], 'OnPreSaveAndOpenTranslator');
$opener.set_hidden_field('m_opener', $prev_opener);
}
function PreSaveAndOpenTranslator(prefix, field, t, multi_line)
{
InitTranslator(prefix, field, t, multi_line);
}
function PreSaveAndOpenTranslatorCV(prefix, field, t, resource_id, multi_line)
{
InitTranslator(
prefix, field, t, multi_line,
function ($opener) {
$opener.set_hidden_field('translator_resource_id', resource_id);
}
);
}
function openTranslator(prefix,field,url,wnd)
{
var $kf = document.getElementById($form_name);
set_hidden_field('trans_prefix', prefix);
set_hidden_field('trans_field', field);
set_hidden_field('events[trans]', 'OnLoad');
var $regex = new RegExp('(.*)\?env=(' + document.getElementById('sid').value + ')?-(.*?):(.*)');
var $t = $regex.exec(url)[3];
$kf.target = wnd;
submit_event(prefix,'',$t,url);
}
function openwin($url, $name, $width, $height, $options)
{
var $settings = {
url: base_url + 'core/admin_templates/blank.html?width=' + $width + '&height=' + $height + '&TB_iframe=true&modal=true',
caption: 'Loading ...',
onAfterShow: function () {
getFrame('main').onAfterWindowOpen($url, $name);
}
};
if ($options !== undefined) {
$.extend($settings, $options);
}
if (window.name != 'main') {
// all popups are opened based on main frame
return getFrame('main').TB.show($settings);
}
TB.show($settings);
return ;
// prevent window from opening larger, then screen resolution on user's computer (to Kostja)
var left = Math.round((screen.width - $width)/2);
var top = Math.round((screen.height - $height)/2);
cur_x = is.ie ? window.screenLeft : window.screenX;
cur_y = is.ie ? window.screenTop : window.screenY;
var $window_params = 'left='+left+',top='+top+',width='+$width+',height='+$height+',status=yes,resizable=yes,menubar=no,scrollbars=yes,toolbar=no';
return window.open($url,$name,$window_params);
}
function onAfterWindowOpen($url, $window_name) {
// this is always invoked from "main" frame
var $popup_window = $('#' + TB.getId('TB_iframeContent')).get(0).contentWindow;
if (!$.isFunction($popup_window.onLoad)) {
// iframe onload happens on frame content change too -> don't react on it
return ;
}
$popup_window.onLoad();
$popup_window.name = $window_name;
$popup_window.location.href = $url;
TB.setWindowMetaData('window_name', $window_name); // used to simulate window.opener functionality
}
function OnResizePopup(e) {
if (!document.all) {
var $winW = window.innerWidth;
var $winH = window.innerHeight;
}
else {
var $winW = window.document.body.offsetWidth;
var $winH = window.document.body.offsetHeight;
}
window.status = '[width: ' + $winW + '; height: ' + $winH + ']';
}
function opener_action(new_action)
{
var $prev_opener = get_hidden_field('m_opener');
set_hidden_field('m_opener', new_action);
return $prev_opener;
}
function open_popup($prefix_special, $event, $t, $window_size, $onAfterOpenPopup) {
if (!$window_size) {
// if no size given, then query it from ajax
var $default_size = '750x400';
var $pm = getFrame('head').$popup_manager;
if ($pm) {
// popup manager was found in head frame
$pm.ResponceFunction = function ($responce) {
if (!$responce.match(/([\d]+)x([\d]+)/)) {
// invalid responce was received, may be php fatal error during AJAX request
$responce = $default_size;
}
open_popup($prefix_special, $event, $t, $responce, $onAfterOpenPopup);
}
$pm.GetSize($t);
return ;
}
$window_size = $default_size;
}
$window_size = $window_size.split('x');
var $window_name = $t.replace(/(\/|-)/g, '_'); // replace "/" and "-" with "_"
var $options = {
onAfterShow: function () {
getFrame('main').onAfterOpenPopup($prefix_special, $event, $t);
if ($onAfterOpenPopup !== undefined && $.isFunction($onAfterOpenPopup)) {
$onAfterOpenPopup();
}
}
};
openwin('', $window_name, $window_size[0], $window_size[1], $options);
}
function onAfterOpenPopup($prefix_special, $event, $t) {
// this is always invoked from "main" frame
var $popup_window = $('#' + TB.getId('TB_iframeContent')).get(0).contentWindow;
if (!$.isFunction($popup_window.onLoad)) {
// iframe onload happens on frame content change too -> don't react on it
return ;
}
var $window_name = $t.replace(/(\/|-)/g, '_'); // replace "/" and "-" with "_"
$popup_window.onLoad();
$popup_window.name = $window_name;
TB.setWindowMetaData('window_name', $window_name); // used to simulate window.opener functionality
var $opener = getWindowOpener($popup_window);
if ($opener === null) {
// we are already in main window
$opener = window;
}
$opener.document.getElementById($opener.$form_name).target = $window_name;
var $prev_opener = $opener.opener_action('p');
event_bak = $opener.get_hidden_field('events[' + $prefix_special + ']')
if (!event_bak) {
event_bak = '';
}
$opener.submit_event($prefix_special, $event, $t);
$opener.opener_action($prev_opener); // restore opener in parent window
$opener.set_hidden_field('events[' + $prefix_special + ']', event_bak); // restore event
// AJAX popup size respoce is received after std_edit_item/std_precreate_item function exit
$opener.set_hidden_field($prefix_special + '_mode', null);
$opener.Application.processHooks($prefix_special + ':OnAfterOpenPopup');
}
function openSelector($prefix, $url, $dst_field, $window_size, $event)
{
// get template name from url
var $regex = new RegExp('(.*)\?env=(' + document.getElementById('sid').value + ')?-(.*?):(m[^:]+)');
$regex = $regex.exec($url);
var $t = $regex[3];
// substitute form action with selector's url
var $kf = document.getElementById($form_name);
var $prev_action = $kf.action;
$kf.action = $url;
// check parameter values
if (!isset($event)) {
$event = '';
}
Application.processHooks($prefix + ':OnBeforeOpenSelector');
// set variables need for selector to work
set_hidden_field('main_prefix', $prefix);
set_hidden_field('dst_field', $dst_field);
// alert('openSelector(' + $prefix + ', ' + $event + ', ' + $t + ', ' + $window_size + ')');
open_popup(
$prefix, $event, $t, $window_size,
function() {
// restore form action back
$kf.action = $prev_action;
}
);
}
function translate_phrase($label, $template) {
set_hidden_field('phrases_label', $label);
open_popup('phrases', 'OnNew', $template);
}
function direct_edit($prefix_special, $url) {
if (use_popups($prefix_special, '')) {
openSelector($prefix_special, $url);
}
else {
redirect($url);
}
return false;
}
function std_precreate_item(prefix_special, edit_template, $onAfterOpenPopup)
{
set_hidden_field(prefix_special+'_mode', 't');
if (use_popups(prefix_special, 'OnPreCreate')) {
open_popup(prefix_special, 'OnPreCreate', edit_template, null, $onAfterOpenPopup);
}
else {
opener_action('d');
submit_event(prefix_special,'OnPreCreate', edit_template);
}
// set_hidden_field(prefix_special+'_mode', '');
}
function std_new_item(prefix_special, edit_template, $onAfterOpenPopup)
{
if (use_popups(prefix_special, 'OnNew')) {
open_popup(prefix_special, 'OnNew', edit_template, null, $onAfterOpenPopup);
}
else {
opener_action('d');
submit_event(prefix_special,'OnNew', edit_template);
}
}
function std_edit_item(prefix_special, edit_template, $onAfterOpenPopup)
{
set_hidden_field(prefix_special+'_mode', 't');
if (use_popups(prefix_special, 'OnEdit')) {
open_popup(prefix_special, 'OnEdit', edit_template, null, $onAfterOpenPopup);
}
else {
opener_action('d');
submit_event(prefix_special,'OnEdit',edit_template);
}
// set_hidden_field(prefix_special+'_mode', '');
}
function std_edit_temp_item(prefix_special, edit_template, $onAfterOpenPopup)
{
if (use_popups(prefix_special, '')) {
open_popup(prefix_special, '', edit_template, null, $onAfterOpenPopup);
}
else {
opener_action('d');
submit_event(prefix_special,'',edit_template);
}
}
function std_delete_items(prefix_special, t, $ajax)
{
var phrase = phrases['la_Delete_Confirm'] ? phrases['la_Delete_Confirm'] : 'Are you sure you want to delete selected items?';
if (inpConfirm(phrase)) {
submit_event(prefix_special, 'OnMassDelete', t, null, $ajax);
}
}
function std_csv_export(prefix_special, grid, template)
{
set_hidden_field('PrefixSpecial', prefix_special);
set_hidden_field('grid', grid);
open_popup(prefix_special, '', template);
}
function std_csv_import(prefix_special, grid, template)
{
set_hidden_field('PrefixSpecial', prefix_special);
set_hidden_field('grid', grid);
if (use_popups(prefix_special, '')) {
open_popup(prefix_special, '', template);
}
else {
submit_event(prefix_special, '', template);
}
}
// set current form base on ajax
function set_form($prefix_special, $ajax)
{
if ($ajax) {
$form_name = $Catalog.queryTabRegistry('prefix', $prefix_special, 'tab_id') + '_form';
}
}
// sets hidden field value
// if the field does not exist - creates it
function set_hidden_field($field_id, $value, $has_id)
{
var $kf = document.getElementById($form_name);
var $field = $kf.elements[$field_id];
if ($value === null) {
if ($field) {
// alert('tag name on remove: ' + $field.parentNode.tagName);
$field.parentNode.removeChild($field); // bug: sometimes hidden fields are inside BODY tag in DOM model, why?
}
return true;
}
if ($field) {
$field.value = $value;
return true;
}
$field = document.createElement('INPUT');
$field.type = 'hidden';
$field.name = $field_id;
if (!isset($has_id) || $has_id) {
$field.id = $field_id;
}
$field.value = $value;
$kf.appendChild($field);
return false;
}
// sets hidden field value
// if the field does not exist - creates it
function setInnerHTML($field_id, $value) {
$( jq('#' + $field_id) ).html($value);
}
function get_hidden_field($field)
{
var $kf = document.getElementById($form_name);
return $kf.elements[$field] ? $kf.elements[$field].value : false;
}
function search($prefix_special, $grid_name, $ajax)
{
set_form($prefix_special, $ajax);
set_hidden_field('grid_name', $grid_name);
submit_event($prefix_special, 'OnSearch', null, null, $ajax);
}
function search_reset($prefix_special, $grid_name, $ajax)
{
set_form($prefix_special, $ajax);
set_hidden_field('grid_name', $grid_name);
submit_event($prefix_special, 'OnSearchReset', null, null, $ajax);
}
function search_keydown($event, $prefix_special, $grid, $ajax)
{
if ($prefix_special !== undefined) {
// if $prefix_special is passed, then keydown event was not assigned by jQuery
$event = $event ? $event : event;
if (window.event) {// IE
var $key_code = $event.keyCode;
}
else if($event.which) { // Netscape/Firefox/Opera
var $key_code = $event.which;
}
}
else {
// event bind with jQuery, so always use which
var $key_code = $event.which;
$prefix_special = $(this).attr('PrefixSpecial');
$grid = $(this).attr('Grid');
$ajax = $(this).attr('ajax');
}
switch ($key_code) {
case 13:
search($prefix_special, $grid, parseInt($ajax));
break;
case 27:
search_reset($prefix_special, $grid, parseInt($ajax));
break;
}
}
function getRealLeft(el)
{
if (typeof(el) == 'string') {
el = document.getElementById(el);
}
xPos = el.offsetLeft;
tempEl = el.offsetParent;
while (tempEl != null)
{
xPos += tempEl.offsetLeft;
tempEl = tempEl.offsetParent;
}
// if (obj.x) return obj.x;
return xPos;
}
function getRealTop(el)
{
if (typeof(el) == 'string') {
el = document.getElementById(el);
}
yPos = el.offsetTop;
tempEl = el.offsetParent;
while (tempEl != null)
{
yPos += tempEl.offsetTop;
tempEl = tempEl.offsetParent;
}
// if (obj.y) return obj.y;
return yPos;
}
function show_viewmenu_old($toolbar, $button_id)
{
var $img = $toolbar.GetButtonImage($button_id);
var $pos_x = getRealLeft($img) - ((document.all) ? 6 : -2);
var $pos_y = getRealTop($img) + 32;
var $prefix_special = '';
window.triedToWriteMenus = false;
if($ViewMenus.length == 1)
{
$prefix_special = $ViewMenus[$ViewMenus.length-1];
$fw_menus[$prefix_special+'_view_menu']();
$Menus[$prefix_special+'_view_menu'].writeMenus('MenuContainers['+$prefix_special+']');
window.FW_showMenu($Menus[$prefix_special+'_view_menu'], $pos_x, $pos_y);
}
else
{
// prepare menus
for(var $i in $ViewMenus)
{
$prefix_special = $ViewMenus[$i];
$fw_menus[$prefix_special+'_view_menu']();
}
$Menus['mixed'] = new Menu('ViewMenu_mixed');
// merge menus into new one
for(var $i in $ViewMenus)
{
$prefix_special = $ViewMenus[$i];
$Menus['mixed'].addMenuItem( $Menus[$prefix_special+'_view_menu'] );
}
$Menus['mixed'].writeMenus('MenuContainers[mixed]');
window.FW_showMenu($Menus['mixed'], $pos_x, $pos_y);
}
}
var nlsMenuRendered = false;
function show_viewmenu($toolbar, $button_id)
{
if($ViewMenus.length == 1) {
$prefix_special = $ViewMenus[$ViewMenus.length-1];
menu_to_show = $prefix_special+'_view_menu';
}
else
{
mixed_menu = menuMgr.createMenu(rs('mixed_menu'));
mixed_menu.applyBorder(false, false, false, false);
mixed_menu.dropShadow("none");
mixed_menu.showIcon = true;
// merge menus into new one
for(var $i in $ViewMenus)
{
$prefix_special = $ViewMenus[$i];
mixed_menu.addItem( rs($prefix_special+'.view.menu.mixed'),
$MenuNames[$prefix_special+'_view_menu'],
'javascript:void()', null, true, null,
rs($prefix_special+'.view.menu'),$MenuNames[$prefix_special+'_view_menu'] );
}
menu_to_show = 'mixed_menu';
}
renderMenus();
nls_showMenu(rs(menu_to_show), $toolbar.GetButtonImage($button_id))
}
function renderMenus()
{
menuMgr.renderMenus('nlsMenuPlace');
nlsMenuRendered = true;
}
function set_window_title($title)
{
var $window = window;
if ($window.name != 'main') {
// traverse through real popups
$window = getFrame('main');
}
$window.top.document.title = (main_title.length ? main_title + ' - ' : '') + $title;
$window.TB.setWindowTitle($title);
}
function set_filter($prefix_special, $filter_id, $filter_value, $ajax)
{
set_form($prefix_special, $ajax);
set_hidden_field('filter_id', $filter_id);
set_hidden_field('filter_value', $filter_value);
submit_event($prefix_special, 'OnSetFilter', null, null, $ajax);
}
function filters_remove_all($prefix_special, $ajax)
{
set_form($prefix_special, $ajax);
submit_event($prefix_special,'OnRemoveFilters', null, null, $ajax);
}
function filters_apply_all($prefix_special, $ajax)
{
set_form($prefix_special, $ajax);
submit_event($prefix_special,'OnApplyFilters', null, null, $ajax);
}
function filter_toggle($row_id, $prefix) {
// var $row = $('#' + jq($row_id));
var $row = $('tr.to-range-filter');
var $hidden = $row.hasClass('hidden-filter');
if ($hidden) {
$('td', $row).show();
$row.removeClass('hidden-filter');
}
else {
$('td', $row).hide();
$row.addClass('hidden-filter');
}
// recalculate filter row heights/widths
var $grid = GridScrollers[$prefix];
$grid.UpdateColWidths();
if ($hidden && $grid.FiltersExpanded !== true) {
$grid.AdjustInputWidths();
$grid.FiltersExpanded = true;
}
// $grid.SetLeftHeights();
// $grid.UpdateTotalDimensions();
// $grid.SyncScroll();
// $grid.Resize( $grid.GetAutoSize() );
}
function RemoveTranslationLink($string, $escaped)
{
if (!isset($escaped)) $escaped = true;
if ($escaped) {
return $string.replace(/&lt;a href=&quot;(.*?)&quot;&gt;(.*?)&lt;\/a&gt;/g, '$2');
}
return $string.replace(/<a href="(.*?)">(.*?)<\/a>/g, '$2');
}
function redirect($url)
{
window.location.href = $url;
}
function update_checkbox_options($cb_mask, $hidden_id)
{
var $kf = document.getElementById($form_name);
var $tmp = '';
for (var i = 0; i < $kf.elements.length; i++)
{
if ( $kf.elements[i].id.match($cb_mask) )
{
if ($kf.elements[i].checked) $tmp += '|'+$kf.elements[i].value;
}
}
if($tmp.length > 0) $tmp += '|';
document.getElementById($hidden_id).value = $tmp.replace(/,$/, '');
}
function update_multiple_options($hidden_id) {
var $select = document.getElementById($hidden_id + '_select');
var $result = '';
for (var $i = 0; $i < $select.options.length; $i++) {
if ($select.options[$i].selected) {
$result += $select.options[$i].value + '|';
}
}
document.getElementById($hidden_id).value = $result ? '|' + $result : '';
}
// related to lists operations (moving)
function move_selected($from_list, $to_list, $error_msg)
{
if (typeof($from_list) != 'object') $from_list = document.getElementById($from_list);
if (typeof($to_list) != 'object') $to_list = document.getElementById($to_list);
if (has_selected_options($from_list))
{
var $from_array = select_to_array($from_list);
var $to_array = select_to_array($to_list);
var $new_from = Array();
var $cur = null;
for (var $i = 0; $i < $from_array.length; $i++)
{
$cur = $from_array[$i];
if ($cur[2]) // If selected - add to To array
{
$to_array[$to_array.length] = $cur;
}
else //Else - keep in new From
{
$new_from[$new_from.length] = $cur;
}
}
$from_list = array_to_select($new_from, $from_list);
$to_list = array_to_select($to_array, $to_list);
}
else
{
alert(isset($error_msg) ? $error_msg : 'Please select items to perform moving!');
}
}
function select_to_array($aSelect)
{
var $an_array = new Array();
var $cur = null;
for (var $i = 0; $i < $aSelect.length; $i++)
{
$cur = $aSelect.options[$i];
$an_array[$an_array.length] = new Array($cur.text, $cur.value, $cur.selected);
}
return $an_array;
}
function array_to_select($anArray, $aSelect)
{
var $initial_length = $aSelect.length;
for (var $i = $initial_length - 1; $i >= 0; $i--)
{
$aSelect.options[$i] = null;
}
for (var $i = 0; $i < $anArray.length; $i++)
{
$cur = $anArray[$i];
$aSelect.options[$aSelect.length] = new Option($cur[0], $cur[1]);
}
}
function select_compare($a, $b)
{
if ($a[0] < $b[0])
return -1;
if ($a[0] > $b[0])
return 1;
return 0;
}
function select_to_string($aSelect)
{
var $result = '';
var $cur = null;
if (typeof($aSelect) != 'object') $aSelect = document.getElementById($aSelect);
for (var $i = 0; $i < $aSelect.length; $i++)
{
$result += $aSelect.options[$i].value + '|';
}
return $result.length ? '|' + $result : '';
}
function selected_to_string($aSelect)
{
var $result = '';
var $cur = null;
if (typeof($aSelect) != 'object') $aSelect = document.getElementById($aSelect);
for (var $i = 0; $i < $aSelect.length; $i++)
{
$cur = $aSelect.options[$i];
if ($cur.selected && $cur.value != '')
{
$result += $cur.value + '|';
}
}
return $result.length ? '|' + $result : '';
}
function string_to_selected($str, $aSelect)
{
var $cur = null;
for (var $i = 0; $i < $aSelect.length; $i++)
{
$cur = $aSelect.options[$i];
$aSelect.options[$i].selected = $str.match('\\|' + $cur.value + '\\|') ? true : false;
}
}
function set_selected($selected_options, $aSelect)
{
if (!$selected_options.length) return false;
for (var $i = 0; $i < $aSelect.length; $i++)
{
for (var $k = 0; $k < $selected_options.length; $k++)
{
if ($aSelect.options[$i].value == $selected_options[$k])
{
$aSelect.options[$i].selected = true;
}
}
}
}
function get_selected_count($theList)
{
var $count = 0;
var $cur = null;
for (var $i = 0; $i < $theList.length; $i++)
{
$cur = $theList.options[$i];
if ($cur.selected) $count++;
}
return $count;
}
function get_selected_index($aSelect, $typeIndex)
{
var $index = 0;
for (var $i = 0; $i < $aSelect.length; $i++)
{
if ($aSelect.options[$i].selected)
{
$index = $i;
if ($typeIndex == 'firstSelected') break;
}
}
return $index;
}
function has_selected_options($theList)
{
var $ret = false;
var $cur = null;
for (var $i = 0; $i < $theList.length; $i++)
{
$cur = $theList.options[$i];
if ($cur.selected) {
$ret = true;
break;
}
}
return $ret;
}
function select_sort($aSelect)
{
if (typeof($aSelect) != 'object') $aSelect = document.getElementById($aSelect);
var $to_array = select_to_array($aSelect);
$to_array.sort(select_compare);
array_to_select($to_array, $aSelect);
}
function move_options_up($aSelect, $interval)
{
if (typeof($aSelect) != 'object') $aSelect = document.getElementById($aSelect);
if (has_selected_options($aSelect))
{
var $selected_options = Array();
var $first_selected = get_selected_index($aSelect, 'firstSelected');
for (var $i = 0; $i < $aSelect.length; $i++)
{
if ($aSelect.options[$i].selected && ($first_selected > 0) )
{
swap_options($aSelect, $i, $i - $interval);
$selected_options[$selected_options.length] = $aSelect.options[$i - $interval].value;
}
else if ($first_selected == 0)
{
//alert('Begin of list');
break;
}
}
set_selected($selected_options, $aSelect);
}
else
{
//alert('Check items from moving');
}
}
function move_options_down($aSelect, $interval)
{
if (typeof($aSelect) != 'object') $aSelect = document.getElementById($aSelect);
if (has_selected_options($aSelect))
{
var $last_selected = get_selected_index($aSelect, 'lastSelected');
var $selected_options = Array();
for (var $i = $aSelect.length - 1; $i >= 0; $i--)
{
if ($aSelect.options[$i].selected && ($aSelect.length - ($last_selected + 1) > 0))
{
swap_options($aSelect, $i, $i + $interval);
$selected_options[$selected_options.length] = $aSelect.options[$i + $interval].value;
}
else if ($last_selected + 1 == $aSelect.length)
{
//alert('End of list');
break;
}
}
set_selected($selected_options, $aSelect);
}
else
{
//alert('Check items from moving');
}
}
function swap_options($aSelect, $src_num, $dst_num)
{
var $src_html = $aSelect.options[$src_num].innerHTML;
var $dst_html = $aSelect.options[$dst_num].innerHTML;
var $src_value = $aSelect.options[$src_num].value;
var $dst_value = $aSelect.options[$dst_num].value;
var $src_option = document.createElement('OPTION');
var $dst_option = document.createElement('OPTION');
$aSelect.remove($src_num);
$aSelect.options.add($dst_option, $src_num);
$dst_option.innerText = $dst_html;
$dst_option.value = $dst_value;
$dst_option.innerHTML = $dst_html;
$aSelect.remove($dst_num);
$aSelect.options.add($src_option, $dst_num);
$src_option.innerText = $src_html;
$src_option.value = $src_value;
$src_option.innerHTML = $src_html;
}
function getXMLHTTPObject(content_type)
{
if (!isset(content_type)) content_type = 'text/plain';
var http_request = false;
if (window.XMLHttpRequest) { // Mozilla, Safari,...
http_request = new XMLHttpRequest();
if (http_request.overrideMimeType) {
http_request.overrideMimeType(content_type);
// See note below about this line
}
} else if (window.ActiveXObject) { // IE
try {
http_request = new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try {
http_request = new ActiveXObject("Microsoft.XMLHTTP");
} catch (e) {}
}
}
return http_request;
}
function str_repeat($symbol, $count)
{
var $i = 0;
var $ret = '';
while($i < $count) {
$ret += $symbol;
$i++;
}
return $ret;
}
function getDocumentFromXML(xml)
{
if (window.ActiveXObject) {
var doc = new ActiveXObject("Microsoft.XMLDOM");
doc.async=false;
doc.loadXML(xml);
}
else {
var parser = new DOMParser();
var doc = parser.parseFromString(xml,"text/xml");
}
return doc;
}
function set_persistant_var($var_name, $var_value, $t, $form_action)
{
set_hidden_field('field', $var_name);
set_hidden_field('value', $var_value);
submit_event('u', 'OnSetPersistantVariable', $t, $form_action);
}
function setCookie($Name, $Value)
{
// set cookie
if (getCookie($Name) != $Value) {
document.cookie = $Name+'='+escape($Value);
}
}
function getCookie($Name)
{
// get cookie
var $cookieString = document.cookie;
var $index = $cookieString.indexOf($Name+'=');
if ($index == -1) {
return null;
}
$index = $cookieString.indexOf('=',$index)+1;
var $endstr = $cookieString.indexOf(';',$index);
if($endstr == -1) $endstr = $cookieString.length;
return unescape($cookieString.substring($index, $endstr));
}
function deleteCookie($Name)
{
// deletes cookie
if (getCookie($Name)) {
var d = new Date();
document.cookie = $Name + '=;expires=' + d.toGMTString() + ';' + ';';
}
}
function addElement($dst_element, $tag_name) {
var $new_element = document.createElement($tag_name.toUpperCase());
$dst_element.appendChild($new_element);
return $new_element;
}
Math.sum = function($array) {
var $i = 0;
var $total = 0;
while ($i < $array.length) {
$total += $array[$i];
$i++;
}
return $total;
}
Math.average = function($array) {
return Math.sum($array) / $array.length;
}
// remove spaces and underscores from a string, used for nls_menu
function rs(str, is_phrase)
{
if (isset(is_phrase) && is_phrase) {
str = RemoveTranslationLink(str, false);
}
return str.replace(/[ _\']+/g, '.');
}
function getFrame($name)
{
var $main_window = window;
// 1. cycle through popups to get main window
try {
// will be error, when other site is opened in parent window
var $i = 0;
var $opener;
do {
if ($i == 10) {
break;
}
// get popup opener
$opener = $main_window.opener;
if (!$opener) {
// when no opener found, then try parent window
$opener = $main_window.parent;
}
if ($opener) {
$main_window = $opener;
}
$i++;
} while ($opener);
}
catch (err) {
// catch Access/Permission Denied error
// alert('getFrame.Error: [' + err.description + ']');
return window;
}
var $frameset = $main_window.parent.frames;
for ($i = 0; $i < $frameset.length; $i++) {
if ($frameset[$i].name == $name) {
return $frameset[$i];
}
}
return $main_window.parent;
}
function ClearBrowserSelection()
{
if (window.getSelection) {
// removeAllRanges will be supported by Opera from v 9+, do nothing by now
var selection = window.getSelection();
if (selection.removeAllRanges) { // Mozilla & Opera 9+
// alert('clearing FF')
window.getSelection().removeAllRanges();
}
} else if (document.selection && !is.opera) { // IE
// alert('clearing IE')
document.selection.empty();
}
}
function reset_form(prefix, event, msg)
{
if (confirm(RemoveTranslationLink(msg, true))) {
submit_event(prefix, event)
}
}
function cancel_edit(prefix, cancel_ev, save_ev, msg)
{
if ((!Form || (Form && Form.HasChanged)) && confirm(RemoveTranslationLink(msg, true))) {
submit_event(prefix, save_ev)
}
else {
submit_event(prefix, cancel_ev)
}
}
function execJS(node)
{
var bSaf = (navigator.userAgent.indexOf('Safari') != -1);
var bOpera = (navigator.userAgent.indexOf('Opera') != -1);
var bMoz = (navigator.appName == 'Netscape');
if (!node) return;
/* IE wants it uppercase */
var st = node.getElementsByTagName('SCRIPT');
var strExec;
for(var i=0;i<st.length; i++)
{
if (bSaf) {
strExec = st[i].innerHTML;
st[i].innerHTML = "";
} else if (bOpera) {
strExec = st[i].text;
st[i].text = "";
} else if (bMoz) {
strExec = st[i].textContent;
st[i].textContent = "";
} else {
strExec = st[i].text;
st[i].text = "";
}
try {
var x = document.createElement("script");
x.type = "text/javascript";
/* In IE we must use .text! */
if ((bSaf) || (bOpera) || (bMoz))
x.innerHTML = strExec;
else x.text = strExec;
document.getElementsByTagName("head")[0].appendChild(x);
} catch(e) {
alert(e);
}
}
};
function NumberFormatter() {}
NumberFormatter.ThousandsSep = '\'';
NumberFormatter.DecimalSep = '.';
NumberFormatter.Parse = function(num)
{
if (num == '') return 0;
return parseFloat( num.toString().replace(this.ThousandsSep, '').replace(this.DecimalSep, '.') );
}
NumberFormatter.Format = function(num)
{
num += '';
x = num.split('.');
x1 = x[0];
x2 = x.length > 1 ? this.DecimalSep + x[1] : '';
var rgx = /(\d+)(\d{3})/;
while (rgx.test(x1)) {
x1 = x1.replace(rgx, '$1' + this.ThousandsSep + '$2');
}
return x1 + x2;
}
function getDimensions(obj) {
var style
if (obj.currentStyle) {
style = obj.currentStyle;
}
else {
style = getComputedStyle(obj,'');
}
padding = [parseInt(style.paddingTop), parseInt(style.paddingRight), parseInt(style.paddingBottom), parseInt(style.paddingLeft)]
border = [parseInt(style.borderTopWidth), parseInt(style.borderRightWidth), parseInt(style.borderBottomWidth), parseInt(style.borderLeftWidth)]
for (var i in padding) if ( isNaN( padding[i] ) ) padding[i] = 0
for (var i in border) if ( isNaN( border[i] ) ) border[i] = 0
var result = new Object();
result.innerHeight = obj.clientHeight - padding[0] - padding[2];
result.innerWidth = obj.clientWidth - padding[1] - padding[3];
result.padding = padding;
result.borders = border;
result.outerHeight = obj.clientHeight + border[0] + border[2];
result.outerWidth = obj.clientHeight + border[1] + border[3];
return result;
}
function findPos(obj, with_scroll) {
/*var $offset = $(obj).offset();
return [$offset.left, $offset.top];*/
if (!with_scroll) var with_scroll = false;
var curleft = curtop = 0;
if (obj.offsetParent) {
curleft = obj.offsetLeft - (with_scroll ? obj.scrollLeft : 0)
curtop = obj.offsetTop - (with_scroll ? obj.scrollTop : 0)
while (obj = obj.offsetParent) {
curleft += obj.offsetLeft - (with_scroll ? obj.scrollLeft : 0)
curtop += obj.offsetTop - (with_scroll ? obj.scrollTop : 0)
}
}
return [curleft,curtop];
}
function scrollbarWidth() {
// Scrollbalken im Body ausschalten
var $overflow_backup = document.body.style.overflow;
document.body.style.overflow = 'hidden';
var width = document.body.clientWidth;
// Scrollbalken
document.body.style.overflow = 'scroll';
width -= document.body.clientWidth;
// Der IE im Standardmode
if (!width) {
width = document.body.offsetWidth - document.body.clientWidth;
}
// urspr?ngliche Einstellungen
document.body.style.overflow = $overflow_backup;
return width;
}
function maximizeElement($selector, $max_height) {
if ($max_height === undefined) {
$max_height = false;
}
var $element = $($selector);
if ($element.length == 0) {
return ;
}
$element.width('100%');
var $container_id = $element.attr('id') + '_container';
var $container = $( jq('#' + $container_id) );
if ($container.length == 0) {
// don't create same container twice
// all <script> tags will be executed again after wrap method is called, so remove them to prevent that
$('script', $element).remove();
$element.wrap('<div id="' + $container_id + '" style="position: relative; overflow: auto; width: 100%;"></div>');
$container = $( jq('#' + $container_id) );
+
+ $(window).resize(
+ function() {
+ maximizeElement($selector, $max_height);
+ }
+ );
}
var $offset_top = $container.offset().top;
var $window_height = $(window).height();
var $height_left = $window_height - $offset_top;
if (($max_height !== false) && ($max_height < $height_left)) {
$height_left = $max_height;
}
$height_left -= ($element.outerHeight() - $element.height());
$container.height($height_left);
var $element_width = $(window).width() - ($element.outerWidth() - $element.width());
if ( $height_left < $element.height() ) {
// needs vertical scrolling, so substract vertical scrollbar width
$element_width -= scrollbarWidth();
}
$element.width($element_width);
}
function addEvent(el, evname, func, traditional) {
if (traditional) {
eval('el.on'+evname+'='+func);
return;
}
if (evname.match(/mousedown|mousemove|mouseup/)) {
$(el)
.unbind(evname) // don't allow more then one
.bind(evname, func);
return ;
}
if (is.ie) {
el.attachEvent("on" + evname, func);
} else {
el.addEventListener(evname, func, true);
}
};
/*function removeEvent(el, evname, func) {
if (is.ie) {
el.detachEvent('on' + evname, func);
} else {
el.removeEventListener(evname, func, true);
}
}*/
function addLoadEvent(func, wnd)
{
Application.setHook('m:OnAfterWindowLoad', func);
}
function replaceFireBug() {
if (window.console === undefined || !console.firebug) {
var names = [
'log', 'debug', 'info', 'warn', 'error', 'assert', 'dir', 'dirxml',
'group', 'groupEnd', 'time', 'timeEnd', 'count', 'trace', 'profile', 'profileEnd'
];
if (window.top.console !== undefined || window.top.firebug) {
// console is not defined in iframes, so define it here
window.console = window.top.console;
window._getFirebugConsoleElement = window.top._getFirebugConsoleElement;
}
else {
window.console = {};
for (var i = 0; i < names.length; ++i) {
window.console[names[i]] = function($msg) {
alert('FireBug console object methods are not available outside Firefox!' + "\n" + $msg);
}
}
}
}
}
function runOnChange(elId) {
var evt;
var el = typeof(elId) == 'string' ? document.getElementById(elId) : elId
if (document.createEvent) {
evt = document.createEvent("HTMLEvents");
evt.initEvent("change", true, false);
(evt) ? el.dispatchEvent(evt) : (el.onchange && el.onchange());
return;
}
if (el.fireEvent) {
el.fireEvent('onchange');
}
}
function WatchClosing(win, $url)
{
window.setTimeout(function() {
if (win.closed) {
var req = Request.getRequest();
var $ajax_mark = ($url.indexOf('?') ? '&' : '?') + 'ajax=yes';
req.open('GET', $url + $ajax_mark, false); //!!!SYNCRONIOUS!!! REQUEST (3rd param = false!!!)
req.send(null);
}
},
2000
)
}
function IterateUploaders($method) {
if (typeof UploadsManager != 'undefined') {
UploadsManager.iterate($method);
}
}
String.prototype.trim = function () {
return this.replace(/\s*((\S+\s*)*)/, "$1").replace(/((\s*\S+)*)\s*/, "$1");
}
String.prototype.toNumeric = function () {
return parseInt( this.replace(/(auto|medium)/, '0px').replace(/[a-z]/gi,'') );
}
function jq($selector) {
return $selector.replace(/(\[|\]|\.)/g, '\\$1');
}
function setHelpLink($user_docs_url, $title_preset) {
if (!$user_docs_url) {
return ;
}
$('#help_link', getFrame('head').document).attr('href', $user_docs_url + '/' + $title_preset);
}
// window management functions:
function getWindowOpener($window) {
// use this intead of "window.opener"
if ($window.name == 'main' || $window.name == 'main_frame') {
return null;
}
return getFrame('main').TB.findWindow($window.name, -1);
}
function window_close($close_callback) {
// use this instead of "window.close();"
if (window.name == 'main') {
return ;
}
if ($close_callback !== undefined) {
return getFrame('main').TB.remove(null, $close_callback);
}
return getFrame('main').TB.remove();
}
Index: branches/RC/core/admin_templates/js/ajax.js
===================================================================
--- branches/RC/core/admin_templates/js/ajax.js (revision 11864)
+++ branches/RC/core/admin_templates/js/ajax.js (revision 11865)
@@ -1,481 +1,484 @@
function preg_print_pre(obj, reg)
{
if (!reg) reg = /.*/;
var p = ''
for (var prop in obj) {
if (prop.match(reg) ) {
p += prop + ': '+obj[prop] + '\n'
}
}
alert(p)
}
// Main AJAX classs
function Request() {}
Request.timeout = 60000; //60 seconds
Request.method = 'GET';
Request.headers = new Array();
Request.params = null;
Request.progressText = 'Loading ...';
Request.makeRequest = function(p_url, p_busyReq, p_progId, p_successCallBack, p_errorCallBack, p_pass, p_object) {
//p_url: the web service url
//p_busyReq: is a request for this object currently in progress?
//p_progId: element id where progress HTML should be shown
//p_successCallBack: callback function for successful response
//p_errorCallBack: callback function for erroneous response
//p_pass: string of params to pass to callback functions
//p_object: object of params to pass to callback functions
if (p_busyReq) return;
var req = Request.getRequest();
if (req != null) {
p_busyReq = true;
Request.showProgress(p_progId);
req.onreadystatechange = function() {
if (req.readyState == 4) {
p_busyReq = false;
window.clearTimeout(toId);
try {
if (req.status == 200) {
// preg_print_pre(req)
p_successCallBack(req, p_pass, p_object);
} else {
p_errorCallBack(req, p_pass, p_object);
}
Request.hideProgress(p_progId);
}
catch (e) {
// alert('AJAX error')
}
}
}
var $ajax_mark = (p_url.indexOf('?') ? '&' : '?') + 'ajax=yes';
req.open(Request.method, p_url + $ajax_mark, true);
if (Request.method == 'POST') {
Request.headers['Content-type'] = 'application/x-www-form-urlencoded';
Request.headers['referer'] = p_url;
}
else {
Request.headers['If-Modified-Since'] = 'Sat, 1 Jan 2000 00:00:00 GMT';
}
Request.sendHeaders(req);
if (Request.method == 'POST') {
req.send(Request.params);
Request.method = 'GET'; // restore method back to GET
}
else {
req.send(null);
}
var toId = window.setTimeout( function() {if (p_busyReq) req.abort();}, Request.timeout );
}
}
Request.processRedirect = function($request) {
var $match_redirect = new RegExp('^#redirect#(.*)').exec($request.responseText);
if ($match_redirect != null) {
// redirect to external template requested
window.location.href = $match_redirect[1];
return true;
}
return false;
}
Request.sendHeaders = function($request) {
for (var $header_name in Request.headers) {
if (typeof Request.headers[$header_name] == 'function') {
continue;
}
$request.setRequestHeader($header_name, Request.headers[$header_name]);
}
Request.headers = new Array(); // reset header afterwards
}
Request.getRequest = function() {
var xmlHttp;
try { xmlHttp = new ActiveXObject('MSXML2.XMLHTTP'); return xmlHttp; } catch (e) {}
try { xmlHttp = new ActiveXObject('Microsoft.XMLHTTP'); return xmlHttp; } catch (e) {}
try { xmlHttp = new XMLHttpRequest(); return xmlHttp; } catch(e) {}
return null;
}
Request.showProgress = function(p_id) {
if (p_id != '') {
var $content_div = $( jq('#' + p_id) );
var $content_offset = $content_div.offset();
+ var $content_width = $content_div.width();
var $content_height = $content_div.height();
// alert('id: ' + p_id + '; ch: ' + $content_div.get(0).clientHeight + '; sh: ' + $content_div.get(0).style.height);
var $parent_div = $content_div.parents(':first');
// use parent height, when own height is larger, then parent's
+ $content_width = Math.min($content_width, $parent_div.width());
$content_height = Math.min($content_height, $parent_div.height());
var $progress_overlay = $( jq('#' + p_id + '_progress') );
if ($progress_overlay.length == 0) {
$progress_overlay = $('<div id="' + p_id + '_progress"></div>');
var $maximal_height = $(window).height() - $content_offset.top;
$progress_overlay.css(
{
width: $content_div.width(),
height: $content_height > 0 ? $content_height : $maximal_height,
left: $content_offset.left,
top: $content_offset.top + $parent_div.scrollTop(),
position: 'absolute',
zIndex: 30,
opacity: 0.5,
backgroundColor: '#2D79D6',
// don't show progress overlay, when target div is hidden
display: $content_offset.top /*$content_height*/ > 0 ? 'block' : 'none'
}
);
$('body').append($progress_overlay);
$progress_overlay.html( Request.getProgressHtml() );
}
else {
if ($content_height > 0) {
// show progress, only when target div is visible
$progress_overlay.css(
{
+ width: $content_width,
height: $content_height,
top: $content_offset.top + $parent_div.scrollTop()
}
);
}
$progress_overlay.show();
}
}
}
Request.hideProgress = function(p_id) {
if (p_id != '') {
$( jq('#' + p_id + '_progress') ).hide();
}
}
Request.setOpacity = function (opacity, id) {
var $element = $( typeof(id) == 'string' ? jq('#' + id) : id );
$element.css('opacity', opacity / 100);
}
Request.getProgressHtml = function() {
return "<div class='progress' style='position: relative; top: 50%; text-align: center; color: white;'>" + Request.progressText + "<br /><img src='img/ajax_progress.gif' align='absmiddle' width='100' height='7' alt='" + Request.progressText + "' title='" + Request.progressText + "'/></div>";
}
Request.getErrorHtml = function(p_req) {
//TODO: implement accepted way to handle request error
return '[status: ' + p_req.status + '; status_text: ' + p_req.statusText + '; responce_text: ' + p_req.responseText + ']';
}
Request.serializeForm = function(theform) {
if (typeof(theform) == 'string') {
theform = document.getElementById(theform);
}
var els = theform.elements;
var len = els.length;
var queryString = '';
Request.addField = function(name, value) {
if (queryString.length > 0) queryString += '&';
queryString += encodeURIComponent(name) + '=' + encodeURIComponent(value);
};
for (var i = 0; i<len; i++) {
var el = els[i];
if (el.disabled) continue;
switch(el.type) {
case 'text':
case 'password':
case 'hidden':
case 'textarea':
Request.addField(el.name, el.value);
break;
case 'select-one':
if (el.selectedIndex >= 0) {
Request.addField(el.name, el.options[el.selectedIndex].value);
}
break;
case 'select-multiple':
for (var j = 0; j < el.options.length; j++) {
if (!el.options[j].selected) continue;
Request.addField(el.name, el.options[j].value);
}
break;
case 'checkbox':
case 'radio':
if (!el.checked) continue;
Request.addField(el.name,el.value);
break;
}
}
return queryString;
};
// AJAX ProgressBar class
function AjaxProgressBar($url) {
this.WindowTitle = this.GetWindow().document.title;
this.URL = $url;
this.BusyRequest = false;
this.LastResponceTime = this.GetMicroTime();
this.ProgressPercent = 0; // progress percent
this.ProgressTime = new Array();
this.Query();
}
AjaxProgressBar.prototype.GetWindow = function() {
return window.parent ? window.parent : window;
}
AjaxProgressBar.prototype.GetMicroTime = function() {
var $now = new Date();
return Math.round($now.getTime() / 1000); // because miliseconds are returned too
}
AjaxProgressBar.prototype.Query = function() {
// prompt('requestinng', this.URL);
Request.makeRequest(this.URL, this.BusyRequest, '', this.successCallback, this.errorCallback, '', this);
}
// return time needed for progress to finish
AjaxProgressBar.prototype.GetEstimatedTime = function() {
return Math.ceil((100 - this.ProgressPercent) * Math.sum(this.ProgressTime) / this.ProgressPercent);
}
AjaxProgressBar.prototype.successCallback = function($request, $params, $object) {
var $responce = $request.responseText;
var $match_redirect = new RegExp('^#redirect#(.*)').exec($responce);
if ($match_redirect != null) {
$object.showProgress(100);
// redirect to external template requested
window.location.href = $match_redirect[1];
return false;
}
if (isNaN(parseFloat($responce))) {
// error message received, otherwise $responce should be number
alert($responce);
return ;
}
if ($object.showProgress($responce)) {
$object.Query();
}
}
AjaxProgressBar.prototype.errorCallback = function($request, $params, $object) {
alert('AJAX Error; class: AjaxProgressBar; ' + Request.getErrorHtml($request));
}
AjaxProgressBar.prototype.FormatTime = function ($seconds) {
$seconds = parseInt($seconds);
var $minutes = Math.floor($seconds / 60);
if ($minutes < 10) $minutes = '0' + $minutes;
$seconds = $seconds % 60;
if ($seconds < 10) $seconds = '0' + $seconds;
return $minutes + ':' + $seconds;
}
AjaxProgressBar.prototype.showProgress = function ($percent) {
this.ProgressPercent = $percent;
var $now = this.GetMicroTime();
this.ProgressTime[this.ProgressTime.length] = $now - this.LastResponceTime;
this.LastResponceTime = $now;
var $display_progress = parseInt(this.ProgressPercent);
this.GetWindow().document.title = $display_progress + '% - ' + this.WindowTitle;
document.getElementById('progress_display[percents_completed]').innerHTML = $display_progress + '%';
document.getElementById('progress_display[elapsed_time]').innerHTML = this.FormatTime( Math.sum(this.ProgressTime) );
document.getElementById('progress_display[Estimated_time]').innerHTML = this.FormatTime( this.GetEstimatedTime() );
document.getElementById('progress_bar[done]').style.width = $display_progress + '%';
document.getElementById('progress_bar[left]').style.width = (100 - $display_progress) + '%';
return $percent < 100 ? true : false;
}
// AJAX PopupManager class
function AjaxPopupManager($url) {
this.URL = $url;
this.ResponceFunction = null;
this.PopupSizes = new Array();
}
AjaxPopupManager.prototype.GetSize = function ($template) {
if (this.ResponceFunction == null) {
alert ('Please define responce function first (type: '+typeof(this.ResponceFunction)+')');
}
if (!isset(this.PopupSizes[$template])) {
var $url = this.URL + '&type=GetPopupSize&template_name=' + $template;
// alert('from ajax: '+$url);
Request.makeRequest($url, this.BusyRequest, '', this.successCallback, this.errorCallback, ['GetSize', $template], this);
}
else {
// alert('from cache');
this.ResponceFunction(this.PopupSizes[$template]);
}
}
AjaxPopupManager.prototype.successCallback = function($request, $params, $object) {
var $responce = $request.responseText;
/*var $match_redirect = new RegExp('^#redirect#(.*)').exec($responce);
if ($match_redirect != null) {
alert('AJAX REDIRECT!!!')
// redirect to external template requested
window.location.href = $match_redirect[1];
return false;
}*/
switch ($params[0]) {
case 'GetSize':
// store responce to cache for future use
$object.PopupSizes[ $params[1] ] = $responce;
break;
}
$object.ResponceFunction($responce);
$object.ResponceFunction = null; // reset responce function
}
AjaxPopupManager.prototype.errorCallback = function($request, $params, $object) {
alert('AJAX Error; class: AjaxPopupManager; ' + Request.getErrorHtml($request));
}
// AJAX DropdownPreloader class
function AjaxDropdownPreloader($url, $input_mask, $filter_field, $dependend_field, value) {
this.URL = $url;
this.InputMask = $input_mask;
this.FilterField = $filter_field;
this.DependendField = $dependend_field;
this.Titles = this.prepareTitles();
this.Value = value;
this.BusyRequest = false;
}
AjaxDropdownPreloader.prototype.prepareURL = function()
{
return this.URL.replace('#DEPENDEND#', this.Dependend).replace('#FILTER_VALUE#', this.getValue(this.FilterField));
}
AjaxDropdownPreloader.prototype.prepareTitles = function() {
var $control = this.getControl(this.DependendField);
var $i = 0;
var $ret = new Array ();
while ($i < $control.options.length) {
$ret[$control.options[$i].value] = $control.options[$i].innerHTML;
$i++;
}
return $ret;
}
AjaxDropdownPreloader.prototype.getValue = function($field_name) {
var $control = this.getControl($field_name);
if ($control.tagName == 'INPUT') return $control.value;
return $control.selectedIndex > 0 ? $control.options[$control.selectedIndex].value : '';
}
AjaxDropdownPreloader.prototype.Query = function () {
var $url = this.prepareURL();
var $selected_value = this.Value || this.getValue(this.DependendField);
// remove all existing options
this.removeOptions();
Request.makeRequest($url, this.BusyRequest, '', this.successCallback, this.errorCallback, $selected_value, this);
}
AjaxDropdownPreloader.prototype.getControl = function($field) {
var $id = this.InputMask.replace('#FIELD#', $field);
return document.getElementById($id);
}
AjaxDropdownPreloader.prototype.successCallback = function($request, $params, $object) {
if (Request.processRedirect($request) === true) {
return ;
}
var control = $object.getControl($object.DependendField)
$object.ProcessXMLNode($request.responseXML, control, $params);
runOnChange(control);
$object.AfterProcess();
}
AjaxDropdownPreloader.prototype.ProcessXMLNode = function($node, $dst_field, $selected_value) {
for (var i = 0; i < $node.childNodes.length; i++) {
var $child = $node.childNodes.item(i);
switch ($child.tagName) {
case 'option':
var opt_value = $child.getAttribute('value');
var title;
if (opt_value) { // value is passed explicically
title = $child.firstChild.nodeValue
}
else {
opt_value = $child.firstChild.nodeValue;
title = this.Titles[$child.firstChild.nodeValue];
}
this.addOption($dst_field, opt_value, title, $child.attributes);
if (!$dst_field.multiple && (opt_value == $selected_value)) {
$dst_field.options[$dst_field.options.length - 1].selected = true;
}
break;
case 'field_options':
if (!$dst_field.multiple) {
this.addOption($dst_field, '', '');
}
// add new states
this.ProcessXMLNode($child, $dst_field, $selected_value);
if ($dst_field.options.length == 0 || $dst_field.options.length == 2) {
$dst_field.value = $dst_field.options[$dst_field.options.length - 1].value;
}
break;
}
}
}
AjaxDropdownPreloader.prototype.AfterProcess = function() {
}
AjaxDropdownPreloader.prototype.removeOptions = function($object) {
if (!$object) $object = this.getControl(this.DependendField);
if ($object.options.length > 0) {
while ($object.options.length > 0) {
$object.remove(0);
}
}
}
AjaxDropdownPreloader.prototype.addOption = function($object, $value, $title, attributes) {
var $option = document.createElement('OPTION');
$object.options.add($option, $object.options.length);
$option.innerText = $title;
$option.innerHTML = $title;
$option.value = $value;
if (attributes) {
for (var i=0; i<attributes.length; i++) {
if (attributes[i].nodeName == 'value') continue;
$option.setAttribute(attributes[i].nodeName, attributes[i].nodeValue);
}
}
}
AjaxDropdownPreloader.prototype.errorCallback = function($request, $params, $object) {
alert('AJAX Error; class: AjaxDropdownPreloader; ' + Request.getErrorHtml($request));
}
\ No newline at end of file

Event Timeline

In-Portal CMS · In-Portal Community Pages · In-Portal Issue Tracker · In-Portal Repository Browser · Quality Assurance · In-Portal CI Server