Index: trunk/kernel/action.php =================================================================== --- trunk/kernel/action.php (revision 954) +++ trunk/kernel/action.php (revision 955) @@ -1,2491 +1,2491 @@ <?php $ro_perm = $objSession->HasSystemPermission("SYSTEM_ACCESS.READONLY"); // ====== Debugger related: begin ====== $script = basename($_SERVER['PATH_TRANSLATED']); $skipDebug = Array('index.php','tree.php','head.php','credits.php'); if( admin_login() && !in_array($script, $skipDebug) ) { if( IsDebugMode() ) { if($Action) $debugger->setHTMLByIndex(1,'Kernel Action: <b>'.$Action.'</b>','append'); if(!(defined('REDIRECT_REQUIRED')&&REDIRECT_REQUIRED)) { echo '<a href="javascript:self.location.reload();">Reload Frame</a> || '; echo '<a href="javascript:toggleDebugLayer();">Show Debugger</a><br>'; } } } unset($script, $skipDebug); // ====== Debugger related: end ====== // Session expiration related if (!admin_login() && strlen($Action) > 0) { if(!headers_sent()) setcookie("sid"," ",time()-3600); $objSession->Logout(); header("Location: ".$adminURL.'/index.php?env='.BuildEnv().'&expired=1'); die(); //require_once($pathtoroot."admin/login.php"); } // End session exipration related switch($Action) { case "m_save_import_config": // Set New Import Category if( GetVar('categorylist', true) !== false ) { $cat_id = $_POST['categorylist']; $objSession->SetVariable('categoryid', $cat_id); if($cat_id > 0) { $cat = $objCatList->GetByResource($cat_id); if(is_object($cat)) { $navbar = $cat->Get('CachedNavbar'); $objSession->SetVariable('catnavbar', $navbar); $objSession->SetVariable('import_category_id', $cat->UniqueId() ); } }elseif($cat_id == 0) { global $objConfig; $objSession->SetVariable('import_category_id', 0); } $objSession->SetVariable('categorylist', $_POST['categorylist']); } // Set Import Admin Group if( GetVar('grouplist1', true) ) { $group_id = $_POST['grouplist1']; $group = $objGroups->GetItemByField('ResourceId',$group_id); $objSession->SetVariable('user_admin_names', $group->Get('Name')); $objSession->SetVariable('user_admin_values', $group->Get('GroupId')); $objSession->SetVariable('grouplist1', $_POST['grouplist1']); } // Set Import User Group if( GetVar('grouplist2', true) ) { $group_id = $_POST['grouplist2']; $group = $objGroups->GetItemByField('ResourceId', $group_id); $objSession->SetVariable('user_regular_names', $group->Get('Name')); $objSession->SetVariable('user_regular_values', $group->Get('GroupId')); $objSession->SetVariable('grouplist2', $_POST['grouplist2']); } break; case "m_add_user": $dupe_user = ''; //$user_pending = (int)$_POST["user_pending"]; //$user_enabled = (int)$_POST["user_enabled"]; $CreatedOn = DateTimestamp($_POST["user_date"],GetDateFormat()); $CreatedOn += SecondsSinceMidnight($_POST["user_time"]); $dob = DateTimestamp($_POST["user_dob"],GetDateFormat()); $objEditItems = new clsUserManager(); $objEditItems->SourceTable = $objSession->GetEditTable("PortalUser"); if(strlen($_POST["user_login"])) $id = $objUsers->GetUserId($_POST["user_login"]); else $dob = 0; if($id) { $lvErrorString = language('la_error_duplicate_username'); $dupe_user = $_POST["user_login"]; $_POST["user_login"] = ''; } $password = md5($_POST["password"]); $u = $objEditItems->Add_User($_POST["user_login"], $password, $_POST["user_email"], $CreatedOn, $_POST["user_firstname"], $_POST["user_lastname"], $_POST["status"], $_POST["user_phone"], $_POST["user_street"], $_POST["user_city"], $_POST["user_state"], $_POST["user_zip"], $_POST["user_country"], $dob); $objCustomEdit = new clsCustomDataList(); //$objSession->GetEditTable("CustomMetaData")); $objCustomEdit->SetTable('edit'); $objCustomEdit->LoadResource($u->Get("ResourceId")); $CustomFields = new clsCustomFieldList(6); $DataChanged = FALSE; foreach($_POST as $key=>$value) { if(substr($key,0,1)=="_") { $field = substr($key,1); $cvalue = $CustomFields->GetItemByField("FieldName",$field,FALSE); if(is_object($cvalue)) { $objCustomEdit->SetFieldValue($cvalue->Get("CustomFieldId"),$u->Get("ResourceId"),$value); $DataChanged = TRUE; } } } if($DataChanged) $objCustomEdit->SaveData(); $objCustomEdit->SetTable('live'); break; case "m_edit_user": //$CreatedOn = DateTimestamp($_POST["user_date"],GetDateFormat()); //$CreatedOn += SecondsSinceMidnight($_POST["user_time"]); $dob = DateTimestamp($_POST["user_dob"],GetDateFormat()); $objEditItems = new clsUserManager(); $objEditItems->SourceTable = $objSession->GetEditTable("PortalUser"); //$user_pending = (int)$_POST["user_pending"]; //$user_enabled = (int)$_POST["user_enabled"]; $UserId = (int)$_POST["user_id"]; //echo $UserId."<br>\n"; if(!strlen($_POST["user_login"])) $dob = 0; if(strlen($_POST["password"])) { $password = md5($_POST["password"]); } else $password = ""; $u = $objEditItems->Edit_User($UserId, $_POST["user_login"], $password, $_POST["user_email"], $CreatedOn, $_POST["user_firstname"], $_POST["user_lastname"], $_POST["status"], $_POST["user_phone"], $_POST["user_street"], $_POST["user_city"], $_POST["user_state"], $_POST["user_zip"], $_POST["user_country"], $dob); $objCustomEdit = new clsCustomDataList(); //$objSession->GetEditTable("CustomMetaData")); $objCustomEdit->SetTable('edit'); $DataChanged = false; $objCustomEdit->LoadResource($u->Get("ResourceId")); $CustomFields = new clsCustomFieldList(6); foreach($_POST as $key=>$value) { if(substr($key,0,1)=="_") { $field = substr($key,1); $cvalue = $CustomFields->GetItemByField("FieldName",$field,FALSE); if(is_object($cvalue)) { //echo "Saving CF: (".$cvalue->Get("CustomFieldId")." ; ".$u->Get("ResourceId")." ; $value)<br>"; $objCustomEdit->SetFieldValue($cvalue->Get("CustomFieldId"),$u->Get("ResourceId"),$value); $DataChanged = TRUE; } } } if($DataChanged) $objCustomEdit->SaveData(); $objCustomEdit->SetTable('live'); break; case "m_user_primarygroup": if($ro_perm) break; $users = explode(',', $_POST["userlist"]); $GroupResourceId = $_POST['grouplist']; $g = $objGroups->GetItemByField("ResourceId", $GroupResourceId); $GroupId = $g->UniqueId(); if( is_array($users) ) foreach($users as $user_id) { $u = $objUsers->GetItemByField("ResourceId", $user_id); - $g->AddUser($u->Get("PortalUserId"), 1,GetTablePrefix().'UserGroup'); + $g->AddUser($u->Get("PortalUserId"),1,false); } break; case "m_edit_group": $objEditItems = new clsGroupList(); $objEditItems->SourceTable = $objSession->GetEditTable("PortalGroup"); $objEditItems->Edit_Group($_POST["group_id"], $_POST["group_name"],$_POST["group_comments"]); break; case "m_add_group": $objEditItems = new clsGroupList(); $objEditItems->SourceTable = $objSession->GetEditTable("PortalGroup"); $objEditItems->Add_Group($_POST["group_name"], $_POST["group_comments"],0); break; case "m_group_sysperm": if($ro_perm) break; if($_POST["GroupEditStatus"]==0) { $objSession->ResetSysPermCache(); $GroupId = $_POST["GroupId"]; if($GroupId) { $objEditItems = new clsGroupList(); $objEditItems->SourceTable = $objSession->GetEditTable("PortalGroup"); $g = $objEditItems->GetItemByField("ResourceId",$GroupId); if(is_object($g)) { $PermList = explode(",",$_POST["PermList"]); for($i=0;$i<count($PermList);$i++) { if(@in_array($PermList[$i],$_POST["inherit"])) { $value = -1; } else { $value = 0; if(@in_array($PermList[$i],$_POST["permvalue"])) $value = 1; } $g->SetSystemPermission($PermList[$i],$value); } } } } break; case "m_user_sysperm": if($ro_perm) break; if($_POST["UserEditStatus"]==0) { $UserId = $_POST["ItemId"]; if($UserId) { $objEditItems = new clsUserManager(); $objEditItems->SourceTable = $objSession->GetEditTable("PortalUser"); $u = $objEditItems->GetItemByField("ResourceId",$UserId); unset($g); if(is_object($u)) { $objSession->ResetSysPermCache(); $g = $u->GetPersonalGroup(FALSE); $PermList = explode(",",$_POST["PermList"]); for($i=0;$i<count($PermList);$i++) { if(!@in_array($PermList[$i],$_POST["inherit"])) { if(!is_object($g)) $g = $u->GetPersonalGroup(TRUE); $value = 0; if(is_array($_POST["permvalue"])) { if(in_array($PermList[$i],$_POST["permvalue"])) $value =1; $g->SetSystemPermission($PermList[$i],$value); } else { $g->SetSystemPermission($PermList[$i], 0); } } else { if(is_object($g)) $g->SetSystemPermission($PermList[$i],-1); } } } } } break; case "m_approve_user": if($ro_perm) break; foreach($_POST["itemlist"] as $userid) { $user = $objUsers->GetItemByField("ResourceId",$userid); $user->Approve(); } $objUsers->Clear(); break; case "m_deny_user": if($ro_perm) break; foreach($_POST["itemlist"] as $userid) { $user = $objUsers->GetItemByField("ResourceId",$userid); $user->Deny(); } $objUsers->Clear(); break; case "m_delete_user": if($ro_perm) break; foreach($_POST["itemlist"] as $userid) $objUsers->Delete_User($userid); break; case "m_delete_group": if($ro_perm) break; foreach($_POST["itemlist"] as $groupid) { $objGroups->Delete_Group($groupid); } break; case "m_user_assign": // not sure if action is used anywhere if($ro_perm) break; $useridlist = implode("-", $userlist); $objSession->SetUserStatus($useridlist, "g_usergroup_status"); $g_usergroup_status = $useridlist; break; case "m_group_assign": // not sure if action is used anywhere if($ro_perm) break; foreach($grouplist as $group) $objGroups->Add_Users_To_Group($group); break; case "m_remove_group": if($ro_perm) break; $adodbConnection = &GetADODBConnection(); $adodbConnection->Execute("DELETE FROM UserGroup where UserId='$UserId' AND GroupId='$GroupId'"); break; case "m_SetVariable": $objSession->SetPersistantVariable($_POST["fieldname"], $_POST["varvalue"]); break; case "m_SetSessionVariable": $objSession->SetVariable($_POST["fieldname"], $_POST["varvalue"]); //echo "Setting $fieldname to $varvalue<br>\n"; if($_POST["fieldname"]=="SearchType") $objSession->SetVariable("SearchWord",""); break; case "m_edit_permissions": if($ro_perm) break; if($_POST["CatEditStatus"] != -1) { $objSession->SetVariable('PermCache_UpdateRequired', 1); $GroupId = $_POST["GroupId"]; $CatId = $_POST["CategoryId"]; $Module = $_POST["Module"]; $ado = &GetADODBConnection(); $sql = "SELECT * FROM ".GetTablePrefix()."PermissionConfig WHERE ModuleId='$Module'"; $rs = $ado->Execute($sql); $PermNames = array(); while($rs && !$rs->EOF) { $data = $rs->fields; $PermNames[] = $data["PermissionName"]; $rs->MoveNext(); } $inherit = array(); if(is_array($_POST["inherit"])) { foreach($_POST["inherit"] as $perm) { $inherit[$perm] = 1; } } $access = array(); if(is_array($_POST["permvalue"])) { foreach($_POST["permvalue"] as $perm) { $access[$perm] = 1; } } $objPermList = new clsPermList($CatId,$GroupId); $objPermList->LoadCategory($CatId); for($i=0;$i<count($PermNames);$i++) { if(!array_key_exists($PermNames[$i],$inherit)) { $PermValue = (int)$access[$PermNames[$i]]; $Perm = $objPermList->GetPermByName($PermNames[$i]); if($Perm) { $Id = $Perm->Get("PermissionId"); //echo "Editing $Id<br>\n"; $objPermList->Edit_Permission($Id,$CatId,$GroupId,$PermNames[$i],$PermValue,0); } else { //echo "Adding ".$PermNames[$i]; $objPermList->Add_Permission($CatId,$GroupId,$PermNames[$i],$PermValue,0); } } else { $Perm = $objPermList->GetPermByName($PermNames[$i]); if($Perm) { $Id = $Perm->Get("PermissionId"); $objPermList->Delete_Permission($Id); } } } //$c = $objCatList->GetItem($CatId); //$glist = $objGroups->GetAllGroupList(); //$ViewList = $objPermList->GetGroupPermList($c,"CATEGORY.VIEW",$glist ); //$c->SetViewPerms("CATEGORY.VIEW",$ViewList,$glist); //$c->Update(); } break; case "m_perm_delete_group": if($ro_perm) break; $ado = &GetADODBConnection(); $CatId = $_POST["CategoryId"]; foreach($_POST["itemlist"] as $groupid) { $g = $objGroups->GetItemByField("ResourceId",$groupid); if(is_object($g)) { $sql = "DELETE FROM ".GetTablePrefix()."Permissions WHERE CatId=$CatId AND GroupId=".$g->Get("GroupId"); if($objSession->HasSystemPermission("DEBUG.LIST")) echo $sql."<br>\n"; $ado->Execute($sql); } } break; case "m_user_addto_group": if($ro_perm) break; $objSession->SetVariable("HasChanges", 1); $user = $_POST["UserId"]; if(is_numeric($user)) { if(strlen($_POST["grouplist"])) { $groups = explode(",",$_POST["grouplist"]); if(is_array($groups)) { for($i=0; $i<count($groups);$i++) { $g = $objGroups->GetItemByField("ResourceId",$groups[$i]); $g->AddUser($user); } } else { $g = $objGroups->GetItem($groups); $g->AddUser($user); } } } break; case "m_group_add_user": if($ro_perm) break; $objSession->SetVariable("HasChanges", 1); $group = $_POST["GroupId"]; $EditGroups = new clsGroupList(); $EditGroups->SourceTable = $objSession->GetEditTable($objGroups->SourceTable); $g = $EditGroups->GetItem($group); // echo "Group: $group <br>\n"; if(is_numeric($group)) { $users = explode(",",$_POST["userlist"]); foreach($users as $userid) { $u = $objUsers->GetItemByField("ResourceId",$userid); $g->AddUser($u->Get("PortalUserId")); } } break; case "m_group_removeuser": if($ro_perm) break; $objSession->SetVariable("HasChanges", 1); $group = $_POST["GroupId"]; $g = $objGroups->GetItem($group); //if($group>0) //{ foreach($_POST["itemlist"] as $user_id) { $u = $objUsers->GetItemByField("ResourceId",$user_id); $g->DeleteUser($u->Get("PortalUserId")); } //} break; case "m_user_removegroup": if($ro_perm) break; $objSession->SetVariable("HasChanges", 1); $user = $_POST["UserId"]; //if($user>0) //{ foreach($_POST["itemlist"] as $groupid) { $g = $objGroups->GetItem($groupid); $g->DeleteUser($user); } //} break; case "m_sendmail": if($ro_perm) break; $idlist = explode(",",$_POST["idlist"]); $html = (int)$_POST["html_enable"]; $body = inp_escape($_POST["email_body"],$html); $subject = inp_escape($_POST["email_body"],$html); $Email = new clsEmailMessage(); $Email->Set("Subject",$subject); $Email->Set("Template",$body); if($html) $Email->Set("MessageType","HTML"); if(count($idlist)>0) { switch($_POST["IdType"]) { case "group": foreach($idlist as $id) $Email->SendToGroup($id); break; case "user": foreach($idlist as $id) $Email->SendToUser($id); break; }/*switch*/ } break; case "m_item_recount": if($ro_perm) break; RunDown($m_var_list["cat"],"UpdateCacheCounts"); break; case "m_cat_delete": if($ro_perm) break; if($objSession->HasCatPermission("CATEGORY.DELETE",$objCatList->CurrentCategoryID())) { if(isset($_POST["catlist"])) { if(is_array($_POST["catlist"])) foreach($_POST["catlist"] as $catid) { $objCatList->Delete_Category($catid); } } } break; case "m_cat_cut": if($ro_perm) break; if(isset($_POST["catlist"])) { if($objSession->HasCatPermission("CATEGORY.DELETE",$catid)) { $objCatList->CopyToClipboard("CUT","CategoryId",$_POST["catlist"]); } else $objCatList->CopyToClipboard("COPY","CategoryId",$_POST["catlist"]); } break; case "m_cat_copy": if($ro_perm) break; if(isset($_POST["catlist"])) { $objCatList->CopyToClipboard("COPY","CategoryId",$_POST["catlist"]); } break; case "m_paste": if($ro_perm) break; if($objCatList->ItemsOnClipboard()>0) { /* category's paste function populates a sparse array where array[old_id]=new_id */ $PastedCatIds = array(); $objCatList->PasteFromClipboard($objCatList->CurrentCategoryID(),"Name"); } else { $clip = $objSession->GetVariable("ClipBoard"); if(strlen($clip)) { $ClipBoard = ParseClipboard($clip); $Action= strtolower($ClipBoard["table"])."_paste"; } } break; case "m_cat_move_up": if($ro_perm) break; if (isset($_POST["catlist"])) { foreach($_POST["catlist"] as $catid) { $cat =& $objCatList->GetCategory($catid); $cat->MoveUp(); } } break; case "m_cat_move_down": if($ro_perm) break; if (isset($_POST["catlist"])) { $catlist=array_reverse($_POST["catlist"]); foreach($catlist as $catid) { $cat =& $objCatList->GetCategory($catid); $cat->MoveDown(); } } break; case "m_cat_approve": if($ro_perm) break; if (isset($_POST["catlist"])) { foreach($_POST["catlist"] as $catid) { $cat =& $objCatList->GetCategory($catid); $cat->Approve(); } } break; case "m_cat_decline": if($ro_perm) break; if (isset($_POST["catlist"])) { foreach($_POST["catlist"] as $catid) { $cat =& $objCatList->GetCategory($catid); //$cat->Deny(); RunDown($catid,"Deny"); } } break; case "m_rel_delete": $adodbConnection= &GetADODBConnection(); $table = $objSession->GetEditTable("Relationship"); if(isset($_POST["itemlist"])) { if(is_array($_POST["itemlist"])) { foreach($_POST["itemlist"] as $id) { $sql = "DELETE FROM ".$table." WHERE RelationshipId=".$id; $adodbConnection->Execute($sql); if($objSession->HasSystemPermission("DEBUG.LIST")) echo $sql."<br>\n"; } } else { $sql = "DELETE FROM ".$table." WHERE RelationshipId=".$_POST["itemlist"]; $adodbConnection->Execute($sql); if($objSession->HasSystemPermission("DEBUG.LIST")) echo $sql."<br>\n"; } } break; case "m_add_relation": $RelList = new clsRelationshipList(); $RelList->SourceTable = $objSession->GetEditTable("Relationship"); //$r = $RelList->Add($_POST["SourceId"],$_POST["SourceType"],$_POST["TargetId"],$_POST["TargetType"], // 0,(int)$_POST["Enabled"],$_POST["RelType"], $Rel); $ado = &GetADODBConnection(); $NewId = intval($ado->GetOne('SELECT MIN(RelationshipId) as MinValue FROM '.$RelList->SourceTable)); if($NewId > 0) $NewId = 0; $NewId--; $r = $RelList->Add($_POST["SourceId"],$_POST["SourceType"],$_POST["TargetId"],$_POST["TargetType"], 0,(int)$_POST["Enabled"],$_POST["RelType"], $NewId); $sql = "UPDATE ".$RelList->SourceTable." SET RelationshipId=".$NewId." WHERE RelationshipId=".$r->Get("RelationshipId"); if($objSession->HasSystemPermission("DEBUG.LIST")) echo $sql."<br>\n"; $ado->Execute($sql); break; case "m_edit_relation": if($_POST["CatEditStatus"]==0) { $RelList = new clsRelationshipList(); $RelList->SourceTable = $objSession->GetEditTable("Relationship"); $r = $RelList->GetItem($_POST["RelationshipId"]); if(is_object($r)) { $r->Set("Enabled",(int)$_POST["Enabled"]); $r->Set("Type",(int)$_POST["RelType"]); $r->Set("Priority",(int)$_POST["priority"]); $r->Update(); } } break; case "m_rel_move_up": $objRelList = new clsRelationshipList(); $objRelList->SourceTable = $objSession->GetEditTable("Relationship"); if (isset($_POST["itemlist"])) { foreach($_POST["itemlist"] as $id) { $r = $objRelList->GetItem($id); $r->MoveUp($_POST["SourceId"]); } } break; case "m_rel_move_down": $objRelList = new clsRelationshipList(); $objRelList->SourceTable = $objSession->GetEditTable("Relationship"); if (isset($_POST["itemlist"])) { $itemlist=array_reverse($_POST["itemlist"]); foreach($itemlist as $id) { $r = $objRelList->GetItem($id); $r->MoveDown($_POST["SourceId"]); } } break; case "m_add_category": if(ValidDate($_POST["cat_date"],GetDateFormat())) { $CreatedOn = DateTimestamp($_POST["cat_date"],GetDateFormat()); } else $CreatedOn = time(); $html = (int)$_POST["html_enable"]; $cat_pick = $_POST["cat_pick"]; $Status = (int)$_POST["status"]; $Hot=(int)$_POST["itemhot"]; $Pop = (int)$_POST["itempop"]; $New = (int)$_POST["itemnew"]; $objEditItems = new clsCatList(); $objEditItems->SourceTable = $objSession->GetEditTable("Category"); $cat = $objEditItems->Add($_POST["ParentId"], $_POST["cat_name"], inp_escape($_POST["cat_desc"],$html), $CreatedOn, $cat_pick, $Status, $Hot, $New, $Pop, $_POST["Priority"], $_POST["meta_keywords"],$_POST["meta_desc"]); $objCustomEdit = new clsCustomDataList($objSession->GetEditTable("CustomMetaData")); $objCustomEdit->LoadResource($cat->Get("ResourceId")); $CustomFields = new clsCustomFieldList(1); $DataChanged = FALSE; foreach($_POST as $key=>$value) { if(substr($key,0,1)=="_") { $field = substr($key,1); $cvalue = $CustomFields->GetItemByField("FieldName",$field,FALSE); if(is_object($cvalue)) { $objCustomEdit->SetFieldValue($cvalue->Get("CustomFieldId"),$cat->Get("ResourceId"),$value); $DataChanged = TRUE; } } } if($DataChanged) $objCustomEdit->SaveData(); break; case "m_edit_category": $CreatedOn = DateTimestamp($_POST["cat_date"],GetDateFormat()); $cat_pick = GetVar('cat_pick', true); $Status = (int)$_POST["status"]; $Hot = false; //(int)$_POST["itemhot"]; $Pop = false; //(int)$_POST["itempop"]; $New = (int)$_POST["itemnew"]; $html = (int)$_POST["html_enable"]; $objEditItems = new clsCatList(); $objEditItems->SourceTable = $objSession->GetEditTable("Category"); // check if name of cat isn't changed: begin if( GetVar('CategoryId') > 0 ) { $original_cats = new clsCatList(); $original_cat = $original_cats->GetItemByField('CategoryId', GetVar('CategoryId')); if( $original_cat->Get('Name') != stripslashes($_POST['cat_name'] )) $objSession->SetVariable('PermCache_UpdateRequired', 1); unset($original_cat, $original_cats); } else { $objSession->SetVariable('PermCache_UpdateRequired', 1); } // check if name of cat isn't changed: end $cat = $objEditItems->Edit_Category($_POST["CategoryId"],inp_escape($_POST["cat_name"],$html), inp_escape($_POST["cat_desc"],$html), $CreatedOn, $cat_pick, $Status, $Hot, $New, $Pop, $_POST["Priority"], $_POST["meta_keywords"], $_POST["meta_desc"]); $objCustomEdit = new clsCustomDataList($objSession->GetEditTable("CustomMetaData")); $objCustomEdit->LoadResource($cat->Get("ResourceId")); $CustomFields = new clsCustomFieldList(1); $DataChanged = FALSE; foreach($_POST as $key=>$value) { if(substr($key,0,1)=="_") { $field = substr($key,1); $cvalue = $CustomFields->GetItemByField("FieldName",$field,FALSE); if(is_object($cvalue)) { $objCustomEdit->SetFieldValue($cvalue->Get("CustomFieldId"),$cat->Get("ResourceId"),$value); $DataChanged = TRUE; } } } if($DataChanged) $objCustomEdit->SaveData(); break; case "m_edit_custom_data": $id = $_POST["ItemId"]; $objCustomEdit = new clsCustomDataList($objSession->GetEditTable("CustomMetaData")); $objCustomEdit->LoadResource($id); $CustomFields = new clsCustomFieldList($_POST['CustomType']); $DataChanged = FALSE; foreach($_POST as $key=>$value) { if(substr($key,0,1)=="_") { $field = substr($key,1); $cvalue = $CustomFields->GetItemByField("FieldName",$field,FALSE); if(is_object($cvalue)) { $objCustomEdit->SetFieldValue($cvalue->Get("CustomFieldId"),$id,$value); $DataChanged = TRUE; } } } if($DataChanged) $objCustomEdit->SaveData(); /* $id = $_POST["ItemId"]; $objEditData = new clsCustomDataList(); //$objSession->GetEditTable("CustomMetaData")); $objEditData->SetTable('edit'); $ado = &GetADODBConnection(); if($id && is_array($_POST["CustomData"])) { foreach($_POST["CustomData"] as $FieldId => $Value) { $sql = "SELECT count(*) as reccount FROM ".$objEditData->SourceTable." WHERE CustomFieldId=$FieldId AND ResourceId=".$_POST["ItemId"]; $rs = $ado->Execute($sql); $intable = $rs->fields["reccount"]; if(!$intable) { $sql = "INSERT INTO ".$objEditData->SourceTable." (ResourceId,CustomFieldId,Value) VALUES ('".$id."','$FieldId','$Value')"; $ado->Execute($sql); //echo $sql."<br>\n"; } else { $sql = "UPDATE ".$objEditData->SourceTable." SET Value='".$Value."' WHERE CustomFieldId=$FieldId AND ResourceId=".$_POST["ItemId"]; $ado->Execute($sql); //echo $sql."<br>\n"; } } } $objEditData->SetTable('live'); */ break; case "m_customfield_edit": if($ro_perm) break; $DataType = $_POST["DataType"]; $FieldId = $_POST["CustomFieldId"]; $FieldName = $_POST["fieldname"]; //$FieldLabel = $_POST["fieldlabel"]; if(strlen($FieldName)) { $objCustomFields = new clsCustomFieldList($DataType); $objCustomFields->EditField($FieldId,$DataType,$FieldName,"",(int)$_POST["generaltab"], $_POST["heading"],$_POST["fieldprompt"],$_POST["input_type"], $_POST["valuelist"]); } unset($objCustomFields); break; case "m_customfield_add": if($ro_perm) break; $DataType = $_POST["DataType"]; $FieldName = $_POST["fieldname"]; //$FieldLabel = $_POST["fieldlabel"]; if(strlen($FieldName)) { $objCustomFields = new clsCustomFieldList($DataType); $objCustomFields->AddField($DataType,$FieldName,"",(int)$_POST["generaltab"], $_POST["heading"],$_POST["fieldprompt"],$_POST["input_type"], $_POST["valuelist"]); unset($objCustomFields); } break; case "m_customfield_delete": if($ro_perm) break; $DataType = $_POST["DataType"]; $objCustomFields = new clsCustomFieldList($DataType); foreach($_POST["itemlist"] as $f) { $objCustomFields->DeleteField($f); //$c = $objCustomFields->GetItem($f); //$c->Delete(); } unset($objCustomFields); break; case "m_SearchConfig_Edit": if($ro_perm) break; $SimpleValues = $_POST["simple"]; $AdvValues = $_POST["advanced"]; $module = $_POST["module"]; $priority = $_POST["pri"]; //phpinfo(INFO_VARIABLES); $objSearchConfig = new clsSearchConfigList($module); foreach($objSearchConfig->Items as $i) { $id = $i->Get("SearchConfigId"); $objSearchConfig->EditFieldSettings($id,(int)$SimpleValues[$id],(int)$AdvValues[$id],$priority[$id]); } $objSearchConfig->Clear(); /* save relevence settings */ $vals = $_POST["req_increase"]; foreach($vals as $var=>$value) { $cfg = "SearchRel_Increase_".$var; $objConfig->Set($cfg,$value); } $vals = $_POST["rel_keyword"]; foreach($vals as $var=>$value) { $cfg = "SearchRel_Keyword_".$var; $objConfig->Set($cfg,$value); } $vals = $_POST["rel_pop"]; foreach($vals as $var=>$value) { $cfg = "SearchRel_Pop_".$var; $objConfig->Set($cfg,$value); } $vals = $_POST["rel_rating"]; foreach($vals as $var=>$value) { $cfg = "SearchRel_Rating_".$var; $objConfig->Set($cfg,$value); } $vals = $_POST["multiple"]; if (count($vals) > 0) { foreach($vals as $var=>$value) { $cfg = "Search_ShowMultiple_".$var; $objConfig->Set($cfg,$value); } } else { $cfg = "Search_ShowMultiple_".$_POST['cfg_var']; $objConfig->Set($cfg, 0); } if (isset($_POST['minkeyword'])) { $objConfig->Set("Search_MinKeyword_Length", $_POST['minkeyword']); } $objConfig->Save(); break; case "m_keyword_reset": if($ro_perm) break; $objSearchList = new clsSearchLogList(); foreach($_POST["itemlist"] as $k) { $c = $objSearchList->GetItem($k); $c->Delete(); } break; case "m_review_add": $post_info = GetSubmitVariable($_POST, 'EditStatus'); if($post_info['variable'] > -1) { $objReviews = new clsItemReviewList(); $objReviews->SourceTable = $objSession->GetEditTable("ItemReview"); $Pending = (int)$_POST["review_pending"]; $Enabled = (int)$_POST["review_enabled"]; $Status = (int)$_POST["status"]; $CreatedOn = DateTimestamp($_POST["review_date"],GetDateFormat()); $CreatedOn += SecondsSinceMidnight($_POST["review_time"]); $html = (int)$_POST["html_enable"]; $ReviewText = inp_escape($_POST["review_body"],1); $CreatedById = 0; if(strlen($_POST["createdby"])>0) { if(strtolower($_POST["createdby"])=="root") { $CreatedById = -1; } else { $u = $objUsers->GetItemByField("Login",$_POST["createdby"]); if(is_object($u)) { $CreatedById = $u->Get("PortalUserId"); if($CreatedById<1) { $CreatedById = $objSession->Get("PortalUserId"); } } else $CreatedById = $objSession->Get("PortalUserId"); } } else $CreatedById = $objSession->Get("PortalUserId"); $r = $objReviews->AddReview($CreatedOn,$ReviewText,$Status, $IPAddress, (int)$_POST["review_priority"], $_POST["ItemId"],$_POST["ItemType"], $CreatedById,$html, $post_info['Module']); $ado = &GetADODBConnection(); $rs = $ado->Execute("SELECT MIN(ReviewId) as MinValue FROM ".$objReviews->SourceTable); $NewId = $rs->fields["MinValue"]-1; $sql = "UPDATE ".$objReviews->SourceTable." SET ReviewId=".$NewId." WHERE ReviewId=".$r->Get("ReviewId"); if($objSession->HasSystemPermission("DEBUG.LIST")) echo $sql."<br>\n"; $ado->Execute($sql); } break; case "m_review_edit": $post_info = GetSubmitVariable($_POST, 'EditStatus'); if($post_info['variable'] > -1) { $objReviews = new clsItemReviewList(); $objReviews->SourceTable = $objSession->GetEditTable("ItemReview"); $Status = (int)$_POST["status"]; $CreatedOn = DateTimestamp($_POST["review_date"],GetDateFormat()); $CreatedOn += SecondsSinceMidnight($_POST["review_time"]); $html = (int)$_POST["html_enable"]; $ReviewText = inp_escape($_POST["review_body"],1); $ReviewId = $_POST["ReviewId"]; $CreatedById = 0; if(strlen($_POST["createdby"])>0) { if(strtolower($_POST["createdby"])=="root") { $CreatedById = -1; } else { $u = $objUsers->GetItemByField("Login",$_POST["createdby"]); if(is_object($u)) { $CreatedById = $u->Get("PortalUserId"); if($CreatedById<1) { $CreatedById = $objSession->Get("PortalUserId"); } } else $CreatedById = $objSession->Get("PortalUserId"); } } $r = $objReviews->EditReview($ReviewId,$CreatedOn,$ReviewText,$Status, $IPAddress, (int)$_POST["review_priority"],$_POST["ItemId"],$_POST["ItemType"], $CreatedById,$html, $post_info['Module']); } break; case "m_review_delete": $objReviews = new clsItemReviewList(); $objReviews->SourceTable = $objSession->GetEditTable("ItemReview"); foreach($_POST["itemlist"] as $id) { $objReviews->DeleteReview($id); } break; case "m_review_approve": if (isset($_POST["itemlist"])) { $objReviews = new clsItemReviewList(); $objReviews->SourceTable = $objSession->GetEditTable("ItemReview"); foreach($_POST["itemlist"] as $id) { $i = $objReviews->GetItem($id); $i->Set("Status",1); $i->Update(); } } break; case "m_review_deny": if (isset($_POST["itemlist"])) { $objReviews = new clsItemReviewList(); $objReviews->SourceTable = $objSession->GetEditTable("ItemReview"); foreach($_POST["itemlist"] as $id) { $i = $objReviews->GetItem($id); $i->Set("Status",0); $i->Update(); } } break; case "m_review_move_up": if (isset($_POST["itemlist"])) { $objReviews = new clsItemReviewList(); $objReviews->SourceTable = $objSession->GetEditTable("ItemReview"); foreach($_POST["itemlist"] as $id) { $i = $objReviews->GetItem($id); $i->MoveUp(); } } break; case "m_review_move_down": if (isset($_POST["itemlist"])) { $objReviews = new clsItemReviewList(); $objReviews->SourceTable = $objSession->GetEditTable("ItemReview"); $itemlist=array_reverse($_POST["itemlist"]); foreach($itemlist as $id) { $i = $objReviews->GetItem($id); $i->MoveDown(); } } break; case "m_theme_add": $ado = &GetADODBConnection(); $rs = $ado->Execute("SELECT COUNT(*) as c FROM ".GetTablePrefix().'Theme WHERE Name="'.$_POST["name"].'"'); if(!$rs->fields["c"]) { $objEditItems = new clsThemeList(); $objEditItems->SourceTable = $objSession->GetEditTable("Theme"); $Primary = (int)$_POST["primary"]; if(!(int)$_POST["enabled"]) $Primary = 0; $t = $objEditItems->AddTheme($_POST["name"],$_POST["description"],(int)$_POST["enabled"],$Primary, (int)$_POST["CacheTimeout"]); $t->Files->ThemeId=$t->Get("ThemeId"); $rs = $ado->Execute("SELECT MIN(ThemeId) as MinValue FROM ".$objEditItems->SourceTable); $NewId = $rs->fields["MinValue"]-1; $sql = "UPDATE ".$objEditItems->SourceTable." SET ThemeId=".$NewId." WHERE ThemeId=".$t->Get("ThemeId"); if($objSession->HasSystemPermission("DEBUG.LIST")) echo $sql."<br>\n"; $ado->Execute($sql); } break; case "m_theme_edit": $objEditItems = new clsThemeList(); $objEditItems->SourceTable = $objSession->GetEditTable("Theme"); $Primary = (int)$_POST["primary"]; if(!(int)$_POST["enabled"]) $Primary = 0; $objEditItems->EditTheme($_POST["ThemeId"],$_POST["name"],$_POST["description"], (int)$_POST["enabled"],$Primary,(int)$_POST["CacheTimeout"]); // if ($Primary==1) // { // $objEditItems->SetPrimaryTheme($_POST["ThemeId"]); // } break; case "m_theme_delete": if($ro_perm) break; if (isset($_POST["itemlist"])) { $Themes = new clsThemeList(); foreach($_POST["itemlist"] as $id) { $Themes->DeleteTheme($id); } } break; case "m_theme_primary": if($ro_perm) break; if( count($_POST['itemlist']) ) { $ThemeId = array_shift( $_POST['itemlist'] ); $t = new clsThemeList(); $t->SetPrimaryTheme($ThemeId); } break; case "m_template_edit": if($ro_perm) break; $objSession->SetVariable("HasChanges", 1); $ThemeId = $_POST["ThemeId"]; $FileId = $_POST["FileId"]; $f = new clsThemeFile($FileId); $f->Set("Description", $_POST["Description"] ); $f->Update(); $c = stripslashes($_POST["contents"]); $f->SaveFileContents($c); break; case "m_template_add": if($ro_perm) break; $objSession->SetVariable("HasChanges", 1); $ThemeId = $_POST["ThemeId"]; if( !is_object($f) ) $f = new clsThemeFile(); $FilePath = $_POST['name']; if(!$FilePath) { $f->SetError('Template Name is required',3); break; } else { if( substr($FilePath,1) != '/' ) $FilePath = '/'.$FilePath; if( substr($FilePath,-3) != '.tpl' ) $FilePath .= '.tpl'; $FileName = basename($FilePath); $FilePath = dirname($FilePath); // test if such file not already created $f->LoadFromDataBase( Array($FilePath,$FileName), Array('FilePath','FileName') ); if( !$f->Get('FileId') ) { $f->Set( Array('FilePath','FileName','ThemeId', 'Description'), Array($FilePath, $FileName,$_POST['ThemeId'], $_POST["Description"]) ); if( $f->IsWriteablePath(true) ) { $f->Create(); $c = stripslashes($_POST["contents"]); $f->SaveFileContents($c, true); } } else $f->SetError('Template with this name already exists',4); } break; case "m_template_delete": if($ro_perm) break; $objSession->SetVariable("HasChanges", 1); $dummy = new clsThemeFile(); foreach($_POST["itemlist"] as $FileId) { $dummy->LoadFromDatabase($FileId); $dummy->Delete(); } break; case "m_lang_add": $ado = &GetADODBConnection(); $objEditItems = new clsLanguageList(); $objEditItems->SourceTable = $objSession->GetEditTable("Language"); $l = $objEditItems->AddLanguage($_POST["packname"],$_POST["localname"], (int)$_POST["enabled"],(int)$_POST["primary"], $_POST["icon"],$_POST["date_format"],$_POST["time_format"], $_POST["decimal"],$_POST["thousand"],$_POST['charset']); $rs = $ado->Execute("SELECT MIN(LanguageId) as MinValue FROM ".$objEditItems->SourceTable); $NewId = $rs->fields["MinValue"]-1; $sql = "UPDATE ".$objEditItems->SourceTable." SET LanguageId=".$NewId." WHERE LanguageId=".$l->Get("LanguageId"); if($objSession->HasSystemPermission("DEBUG.LIST")) echo $sql."<br>\n"; $ado->Execute($sql); if($_POST["importlabels"]==1 && $_POST["srcpack"]>0) { // Phrase import /* $sql = "SELECT * FROM ".GetTablePrefix()."Phrase WHERE LanguageId=".$_POST["srcpack"]; if($objSession->HasSystemPermission("DEBUG.LIST")) echo $sql."<br>\n"; $rs = $ado->Execute($sql); $plist = new clsPhraseList(); $plist->SourceTable = $objSession->GetEditTable("Phrase"); $sql = "SELECT MIN(PhraseId) as MinId FROM ".$plist->SourceTable; $as = $ado->Execute($sql); if($as && !$as->EOF) { $MinId = (int)$as->fields["MinId"]; } else $MinId = 0; $MinId--; while($rs && !$rs->EOF) { $data = $rs->fields; $plist->AddPhrase($data["Phrase"],$NewId,$data["Translation"],$data["PhraseType"]); $sql = "UPDATE ".$plist->SourceTable." SET PhraseId=$MinId WHERE PhraseId=0 LIMIT 1"; $ado->Execute($sql); $MinId--; $rs->MoveNext(); } */ $sql='INSERT INTO '.$objSession->GetEditTable('Phrase').' SELECT Phrase, Translation, PhraseType, 0-PhraseId, '.$NewId.' FROM '.GetTablePrefix().'Phrase WHERE LanguageId='.$_POST['srcpack']; $ado->Execute($sql); // Events import $sql = "SELECT * FROM ".GetTablePrefix()."EmailMessage WHERE LanguageId=".$_POST["srcpack"]; if($objSession->HasSystemPermission("DEBUG.LIST")) echo $sql."<br>\n"; $rs = $ado->Execute($sql); $eList = new clsEmailMessageList(); //$eList->SourceTable = $objSession->GetEditTable("EmailMessage"); if (!$l->TableExists($objSession->GetEditTable("EmailMessage"))) { $eList->CreateEmptyEditTable("EmailMessageId", true); $eList->SourceTable = $objSession->GetEditTable("EmailMessage"); } else { $eList->SourceTable = $objSession->GetEditTable("EmailMessage"); } $sql = "SELECT MIN(EmailMessageId) as MinId FROM ".$eList->SourceTable; $as = $ado->Execute($sql); if($as && !$as->EOF) { $MinId = (int)$as->fields["MinId"]; } else { $MinId = 0; } $MinId--; while($rs && !$rs->EOF) { $data = $rs->fields; $eList->AddEmailEvent($data["Template"], $data["MessageType"], $NewId, $data["EventId"]); $sql = "UPDATE ".$eList->SourceTable." SET EmailMessageId=$MinId WHERE EmailMessageId=0 LIMIT 1"; $ado->Execute($sql); $MinId--; $rs->MoveNext(); } } break; case "m_lang_export": if($ro_perm) break; include_once($pathtoroot."kernel/include/xml.php"); $Ids = $_POST["LangList"]; // language ids list to export phrases from $phrase_types = GetVar('langtypes'); $phrase_types = ($phrase_types !== false) ? implode(',',$phrase_types) : null; $filename=$_POST["filename"]; if(strlen($filename)>0) { $ExportFilename = $pathtoroot.$admin."/export/".$filename; $ExportResult = $objLanguages->ExportPhrases($ExportFilename,$Ids, $phrase_types); } break; case "m_lang_edit": $ado = &GetADODBConnection(); $objEditItems = new clsLanguageList(); $objEditItems->SourceTable = $objSession->GetEditTable("Language"); $objEditItems->EditLanguage($_POST["LanguageId"],$_POST["packname"], $_POST["localname"],(int)$_POST["enabled"], (int)$_POST["primary"], $_POST["icon"],$_POST["date_format"], $_POST["time_format"], $_POST["decimal"],$_POST["thousand"], $_POST['charset']); if($_POST["importlabels"]==1 && $_POST["srcpack"]>0) { $rs = $ado->Execute("SELECT * FROM ".GetTablePrefix()."Phrase WHERE LanguageId=".$_POST["srcpack"]); $plist = new clsPhraseList(); $plist->SourceTable = $objSession->GetEditTable("Phrase"); $sql = "SELECT MIN(PhraseId) as MinId FROM ".$plist->SourceTable; $as = $ado->Execute($sql); if($as && !$as->EOF) { $MinId = (int)$as->fields["MinId"]; } else $MinId = 0; $MinId--; while($rs && !$rs->EOF) { $data = $rs->fields; $plist->AddPhrase($data["Phrase"],$_POST["LanguageId"],$data["Translation"],$data["PhraseType"]); $sql = "UPDATE ".$plist->SourceTable." SET PhraseId=$MinId WHERE PhraseId=0 LIMIT 1"; $ado->Execute($sql); $MinId--; $rs->MoveNext(); } unset($plist); // Events import $sql = "SELECT * FROM ".GetTablePrefix()."EmailMessage WHERE LanguageId=".$_POST["srcpack"]; if($objSession->HasSystemPermission("DEBUG.LIST")) echo $sql."<br>\n"; $rs = $ado->Execute($sql); $eList = new clsEmailMessageList(); //$eList->SourceTable = $objSession->GetEditTable("EmailMessage"); $l = new clsEmailMessage(); if (!$l->TableExists($objSession->GetEditTable("EmailMessage"))) { $eList->CreateEmptyEditTable("EmailMessageId", true); $eList->SourceTable = $objSession->GetEditTable("EmailMessage"); } else { $eList->SourceTable = $objSession->GetEditTable("EmailMessage"); } $sql = "SELECT MIN(EmailMessageId) as MinId FROM ".$eList->SourceTable; $as = $ado->Execute($sql); if($as && !$as->EOF) { $MinId = (int)$as->fields["MinId"]; } else { $MinId = 0; } $MinId--; while($rs && !$rs->EOF) { $data = $rs->fields; $eList->AddEmailEvent($data["Template"], $data["MessageType"], $_POST["LanguageId"], $data["EventId"]); $sql = "UPDATE ".$eList->SourceTable." SET EmailMessageId=$MinId WHERE EmailMessageId=0 LIMIT 1"; $ado->Execute($sql); $MinId--; $rs->MoveNext(); } unset($eList); } break; case "m_lang_delete": if($ro_perm) break; if (isset($_POST["itemlist"])) { $Phrases = new clsPhraseList(); $Messages = new clsEmailMessageList(); foreach($_POST["itemlist"] as $id) { $objLanguages->DeleteLanguage($id); $Phrases->DeleteLanguage($id); $Messages->DeleteLanguage($id); } unset($Phrases); unset($Messages); } break; case "m_lang_select": if($ro_perm) break; $LangId = (int)$_POST["langselect"]; if($LangId) { if($objSession->Get("PortalUserId")>0) { //echo "$LangId"; $objSession->SetPersistantVariable("Language",$LangId); } $objSession->Set("Language",$LangId); $objSession->Update(); $m_var_list_update["lang"] = $LangId; $m_var_list["lang"] = $LangId; } break; case "m_phrase_edit": $objSession->SetVariable("HasChanges", 1); $objPhraseList = new clsPhraseList(); if((int)$_POST["direct"] != 1) $objPhraseList->SourceTable = $objSession->GetEditTable("Phrase"); $Phrases = $_POST["name"]; foreach($Phrases as $PhraseId =>$name) { if($PhraseId>0) { $objPhraseList->EditPhrase($PhraseId,$_POST["name"][$PhraseId],$_POST["LanguageId"],$_POST["translation"][$PhraseId],$_POST["phrasetype"][$PhraseId]); } } if(strlen($_POST["name"][0]) && strlen($_POST["translation"][0]) && $_POST['Action1'] == "new") { $r = $objPhraseList->AddPhrase($_POST["name"][0],$_POST["LanguageId"],$_POST["translation"][0],$_POST["phrasetype"][0]); if ($r != "Error") { $ado = &GetADODBConnection(); $rs = $ado->Execute("SELECT MIN(PhraseId) as MinValue FROM ".$objPhraseList->SourceTable); $NewId = $rs->fields["MinValue"]-1; $sql = "UPDATE ".$objPhraseList->SourceTable." SET PhraseId=".$NewId." WHERE PhraseId=$PhraseId"; if($objSession->HasSystemPermission("DEBUG.LIST")) echo $sql."<br>\n"; $ado->Execute($sql); } else { $add_error = "Language tag with the same name already exists!"; } } else if ($_POST['Action1'] == "new") { $add_error = "Fields name and translation are required!"; } unset($objPhraseList); break; case "m_config_missing_phrase": if($ro_perm) break; $LangId = $_POST["LangId"]; $ThemeId = $_POST["ThemeId"]; if(is_array($_POST["Phrase"])) { $objPhraseList = new clsPhraseList(); $objPhraseList->SourceTable = $objSession->GetSessionKey()."_".$ThemeId."_labels"; foreach($_POST["Phrase"] as $p => $value) { if(strlen($value)) { $obj = $objPhraseList->GetItemByField("Phrase",$p,TRUE); if(is_object($obj)) { if($obj->Get("Phrase")==$p) { $obj->Set("Translation",$value); $obj->Update(); } else $objPhraseList->AddPhrase($p,$LangId,$value,1); } else $objPhraseList->AddPhrase($p,$LangId,$value,1); } } } break; case "m_phrase_delete": $objSession->SetVariable("HasChanges", 1); if (isset($_POST["itemlist"])) { foreach($_POST["itemlist"] as $id) { $sql = "UPDATE ".$objSession->GetEditTable("Phrase")." SET LanguageId = 0 WHERE PhraseId = ".$id; $ado = &GetADODBConnection(); $ado->Execute($sql); } } unset($objPhraseList); break; case "m_emailevent_disable": if($ro_perm) break; $objEvents = new clsEventList(); if (isset($_POST["itemlist"])) { foreach($_POST["itemlist"] as $id) { $m =& $objEvents->GetItem($id); $m->Set("Enabled",0); $m->Update(); } } unset($objEvents); break; case "m_emailevent_enable": if($ro_perm) break; $objEvents = new clsEventList(); if (isset($_POST["itemlist"])) { foreach($_POST["itemlist"] as $id) { $m =& $objEvents->GetItem($id); $m->Set("Enabled",1); $m->Update(); } } unset($objEvents); break; case "m_emailevent_frontonly": if($ro_perm) break; $objEvents = new clsEventList(); if (isset($_POST["itemlist"])) { foreach($_POST["itemlist"] as $id) { $m =& $objEvents->GetItem($id); $m->Set("Enabled",2); $m->Update(); } } unset($objEvents); break; case "m_dlid": echo $Action.":".$DownloadId; die(); break; case "m_emailevent_user": if($ro_perm) break; $objEvents = new clsEventList(); //phpinfo(INFO_VARIABLES); //$objEvents->SourceTable = $objSession->GetEditTable("Events"); $ids = $_POST["EventId"]; $ids = str_replace("[","",$ids); $ids = str_replace("]","",$ids); $ids = str_replace("\"","",$ids); $ids = str_replace("\\","",$ids); $idlist = explode(",",$ids); foreach($idlist as $EventId) { $id = (int)stripslashes($EventId); $e =& $objEvents->GetItem((int)$EventId); $e->Set("FromUserId", $_POST["FromUserId"]); $e->Update(); } $objEvents->Clear(); unset($objEvents); break; case "m_emailevent_edit": $Template = $_POST["headers"]; if(strlen($Template)) { $Template .= "\n"; } $Template = str_replace("\n\n","",$Template); $Template .= "Subject: "._unhtmlentities($_POST['subject'])."\n\n"; $Template .= $_POST["messageBody"]; $objMessages = new clsEmailMessageList(); $objMessages->SourceTable = $objSession->GetEditTable("EmailMessage"); $m =& $objMessages->GetItem($_POST["MessageId"]); if(is_object($m)) { if($_POST["sendhtml"]==1) { $m->Set("MessageType","html"); } else $m->Set("MessageType","text"); $m->Set("Template",$Template); $m->Update(); } break; case "m_config_edit": //phpinfo(INFO_VARIABLES); if($ro_perm) break; $objAdmin = new clsConfigAdmin(); $objAdmin->module = $_POST["module"]; $objAdmin->section = $_POST["section"]; if($objAdmin->section=="in-portal:configure_users") { if(strlen($_POST["RootPass"]) && strlen($_POST["RootPassVerify"])) { if($_POST["RootPass"]==$_POST["RootPassVerify"]) { $_POST["RootPass"] = md5($_POST["RootPass"]); } } else { $_POST["RootPass"] = $objConfig->Get("RootPass"); $_POST["RootPassVerify"] = $objConfig->Get("RootPassVerify"); } } $objAdmin->LoadItems(FALSE); $objAdmin->SaveItems($_POST); break; case "m_mod_enable": if($ro_perm) break; if (isset($_POST["itemlist"])) { foreach($_POST["itemlist"] as $id) { $m =& $objModules->GetItemByField("Name",$id); if(is_object($m)) { $m->Set("Loaded",1); $m->Update(); } } $_GET["Refresh"] = 1; } break; case "m_mod_disable": if($ro_perm) break; if (isset($_POST["itemlist"])) { foreach($_POST["itemlist"] as $id) { if($id != "In-Portal") { $m =& $objModules->GetItemByField("Name",$id); if(is_object($m)) { $m->Set("Loaded",0); $m->Update(); } } } $_GET["Refresh"] = 1; } break; case "m_img_add": $objImageList = new clsImageList(); $objImageList->SourceTable = $objSession->GetEditTable("Images"); $LocalImage=0; $LocalThumb=0; $DestDir = "kernel/images/"; $UserThumbSource = (int)$_POST["imgLocalThumb"]; $LocalThumb = $UserThumbSource; $thumb_url = !$LocalThumb? $_POST["imgThumbUrl"] : ""; if($_POST["imgSameImages"]) { $LocalImage = $LocalThumb; $full_url = $thumb_url; } else { $LocalImage = (int)$_POST["imgLocalFull"]; $file = $_FILES["imgFullFile"]; $full_url = $LocalImage? "" : $_POST["imgFullUrl"]; } if((!strlen($thumb_url) && !$LocalThumb) || (!strlen($full_url) && !$LocalImage)) { break; } $ado = &GetADODBConnection(); $NewId = $ado->GetOne('SELECT MIN(ImageId) as MinValue FROM '.$objImageList->SourceTable); if($NewId > 0) $NewId = 0; $NewId--; $img = $objImageList->Add($_POST["imgName"], $_POST["imgAlt"], $_POST["ResourceId"], $LocalImage, $LocalThumb, $full_url, $thumb_url, (int)$_POST["imgEnabled"], 0, (int)$_POST["imgDefault"], 0,(int)$_POST["imgSameImages"], $NewId); $img->Set("ImageId", $NewId); // $img->debuglevel=1; /* $sql = "UPDATE ".$objImageList->SourceTable." SET ImageId=".$NewId." WHERE ImageId=0"; $ado->Execute($sql); // $img->Update(); */ // echo "SL: $sql $NewId<BR>"; // $img->debuglevel=1; $img->Pending=TRUE; if($LocalImage) { $file = $_FILES["imgFullFile"]; if(is_array($file)) { if($file["size"]>0) { $img->Set("LocalPath",$img->StoreUploadedImage($file,1, $DestDir,0)); $uploaded=1; } } } if($LocalThumb) { $thumb = $_FILES["imgThumbFile"]; if(is_array($thumb)) { if($thumb["size"]>0) { $img->Set("ThumbPath",$img->StoreUploadedImage($thumb,1, $DestDir,1)); $uploaded=1; } } } if($uploaded==1) $img->Update(); break; case "m_img_edit": $objImageList = new clsImageList(); $objImageList->SourceTable = $objSession->GetEditTable("Images"); // $img->debuglevel=1; $img = $objImageList->GetItem($_POST["ImageId"]); ## Get original values $LocalImage = $img->Get("LocalImage"); $LocalThumb = $img->Get("LocalThumb"); $SameImages = $img->Get("SameImages"); $ThumbPath = $img->Get("ThumbPath"); ## New values $LocalThumbN = (int)$_POST["imgLocalThumb"]; $LocalImageN = (int)$_POST["imgLocalFull"]; $FULLFile = $_FILES["imgFullFile"]; $THFile = $_FILES["imgThumbFile"]; $DestDir = "kernel/images/"; $img->Pending = FALSE; $SameImagesN = 0; $uploaded = 0; ## Images were the same, but not any more if ($SameImages && !$_POST["imgSameImages"]) { ## TH was a local file if ($LocalThumb) { ## TH image { ## Try to Delete OLD FULL $img->DeleteLocalImage(FALSE, TRUE); ## FULL image select, but field EMPTY - make a copy of old TH as FULL if ($LocalImageN && !(int)$FULLFile["size"]) { // echo $pathToPending = $img->GetImageDir(); if (!eregi("pending/$", $pathToPending)) $pathToPending.= "pending/"; $LocalThumb_File = $img->GetFileName(1); // echo "<b>CAN'T FIND FILE:</b> ".$pathToPending.$LocalThumb_File."<BR>"; if (file_exists($pathToPending.$LocalThumb_File)) { $LocalThumb_FileN = eregi_replace("^th_", "", $LocalThumb_File); $LocalThumb_FullFileN = $pathToPending.$LocalThumb_FileN; @unlink($LocalThumb_FullFileN); @copy($pathToPending.$LocalThumb_File, $LocalThumb_FullFileN); $uploaded = 1; $copied = 1; // echo "COPING: ".$DestDir."pending/".$LocalThumb_FileN." <BR>"; } else { // echo "CAN'T FIND FILE: ".$pathToPending.$LocalThumb_File."<BR>"; } } ## Upload new FULL image elseif ($LocalImageN && (int)$FULLFile['size']) { $FULL_FileToUpload = $FULLFile; $FULL_URL = ""; // echo " Upload new FULL image"; } ## Full is URL elseif (!$LocalImageN) { $img->DeleteLocalImage(FALSE, TRUE); $FULL_URL = $_POST['imgFullUrl']; $FULL_FileToUpload = ""; } else { // echo " ## Unknow condition"; } ## Take care of Thumbnail here if ($LocalThumbN) { ## Delete old if NEW TH image selected if ((int)$THFile['size']) { $img->DeleteLocalImage(TRUE, FALSE); $TH_FileToUpload = $THFile; } else $TH_FileToUpload = ""; } else { $img->DeleteLocalImage(TRUE, FALSE); $TH_FileToUpload = ""; $TH_URL = $_POST['imgThumbUrl']; } } } ## TH was URL else { ## Take care of FULL image here if ($LocalImageN && (int)$FULLFile["size"]) { $FULL_FileToUpload = $FULLFile; $FULL_URL = ""; } ## Full is URL (or image size 0) else { $FULL_FileToUpload = ""; $FULL_URL = $_POST['imgFullUrl']; } ## Take care of Thumbnail here if ($LocalThumbN) { $TH_FileToUpload = (int)$THFile['size']? $THFile : ""; $TH_URL = ""; } else { $TH_FileToUpload = ""; $TH_URL = $_POST['imgThumbUrl']; } } } ## Images were the same, and still the same elseif ($SameImages && $_POST['imgSameImages']) { ## Take care of Thumbnail & FULL here if ($LocalThumbN) { if ((int)$THFile['size']) { $img->DeleteLocalImage(TRUE, FALSE); $TH_FileToUpload = $THFile; } else $TH_FileToUpload = ""; $FULL_URL = $TH_URL = ""; } else { $TH_FileToUpload = $FULL_FileToUpload = ""; $FULL_URL = $TH_URL = $_POST['imgThumbUrl']; } ## Delete old FULL image $img->DeleteLocalImage(FALSE,TRUE); $SameImagesN = 1; } ## Images were NOT the same, and selected as the same now elseif (!$SameImages && $_POST["imgSameImages"]) { ## Take care of Thumbnail & FULL here if ($LocalThumbN) { if ((int)$THFile['size']) { $img->DeleteLocalImage(TRUE, FALSE); $TH_FileToUpload = $THFile; } else $TH_FileToUpload = ""; $FULL_URL = $TH_URL = ""; } else { $img->DeleteLocalImage(TRUE, FALSE); $TH_FileToUpload = $FULL_FileToUpload = ""; $FULL_URL = $TH_URL = $_POST['imgThumbUrl']; } ## Clean up FULL image $img->DeleteLocalImage(FALSE, TRUE); $SameImagesN = 1; } ## Images were NOT the same, and selected as NOT the same elseif (!$SameImages && !$_POST["imgSameImages"]) { ## Take care of Thumbnail if ($LocalThumbN) { if ((int)$THFile['size']) { $img->DeleteLocalImage(TRUE, FALSE); $TH_FileToUpload = $THFile; } else $TH_FileToUpload = ""; $TH_URL = ""; } else { $img->DeleteLocalImage(TRUE, FALSE); $TH_FileToUpload = ""; $TH_URL = $_POST['imgThumbUrl']; } ## Take care of FULL here if ($LocalImageN) { if ((int)$FULLFile['size']) { $img->DeleteLocalImage(FALSE, TRUE); $FULL_FileToUpload = $FULLFile; } else $FULL_FileToUpload = ""; $FULL_URL = ""; } else { $img->DeleteLocalImage(FALSE, TRUE); $FULL_FileToUpload = ""; $FULL_URL = $_POST['imgFullUrl']; } } ## Unknow condition else { ; } $img = $objImageList->Edit($_POST["ImageId"],$_POST["imgName"], $_POST["imgAlt"], $_POST["ResourceId"], $LocalImageN, $LocalThumbN, $FULL_URL, $TH_URL, (int)$_POST["imgEnabled"], (int)$_POST["imgPriority"], (int)$_POST["imgDefault"], 0, $SameImagesN); // echo "<B>DATA:</B> <BR> LocalImageN: $LocalImageN, LocalThumbN: $LocalThumbN, FULL_URL: $FULL_URL, TH_URL: $TH_URL, SameImagesN: $SameImagesN <BR>"; $img->Pending = TRUE; if (!empty($FULL_FileToUpload)) { $img->Set("LocalPath",$img->StoreUploadedImage($FULL_FileToUpload, 1, $DestDir, 0)); $uploaded = 1; } /* elseif (!$LocalImageN) { $img->Set("LocalPath", ""); $uploaded = 1; } */ if (!empty($TH_FileToUpload)) { $img->Set("ThumbPath", $img->StoreUploadedImage($TH_FileToUpload, 1, $DestDir, 1)); $uploaded = 1; } if ($copied) { $img->Set("LocalPath", $DestDir."pending/".$LocalThumb_FileN); $uploaded = 1; } if($uploaded==1) $img->Update(); break; case "m_img_move_up": if (isset($_POST["itemlist"])) { $objImageList = new clsImageList(); $objImageList->SourceTable = $objSession->GetEditTable("Images"); foreach($_POST["itemlist"] as $id) { $img = $objImageList->GetItem($id); $img->MoveUp(); } } break; case "m_img_move_down": if (isset($_POST["itemlist"])) { $objImageList = new clsImageList(); $objImageList->SourceTable = $objSession->GetEditTable("Images"); $itemlist=array_reverse($_POST["itemlist"]); foreach($itemlist as $id) { $img = $objImageList->GetItem($id); $img->MoveDown(); } } break; case "m_img_delete": if(isset($_POST["itemlist"])) { $objImageList = new clsImageList(); $objImageList->SourceTable = $objSession->GetEditTable("Images"); foreach($_POST["itemlist"] as $id) { $img = $objImageList->GetItem($id); $img->Set("ResourceId", 0); $img->Update(); //$img->Delete(); } } break; case "m_restore_delete": if($ro_perm) break; $bdate = $_POST["backupdate"]; if($bdate>0) { $BackupFile = $objConfig->Get("Backup_Path")."/dump".$bdate.".txt"; if(file_exists($BackupFile)) unlink($BackupFile); } break; case "m_taglib": include($pathtoroot."kernel/include/tag-class.php"); ParseTagLibrary(); break; case "m_sql_query": if($ro_perm) break; $SqlQuery = $_POST["sql"]; $ado = &GetADODBConnection(); if(strlen($sql)) { $SqlResult = $ado->Execute(stripslashes($SqlQuery)); $SqlError = $ado->ErrorMsg(); $SqlErrorNum = $ado->ErrorNo(); } break; case "m_purge_email_log": if($ro_perm) break; $ado = &GetADODBConnection(); $sql = "DELETE FROM ".GetTablePrefix()."EmailLog"; $ado->Execute($sql); break; case "m_session_delete": if($ro_perm) break; $ado = &GetADODBConnection(); if (count($_POST['itemlist']) > 0) { foreach($_POST["itemlist"] as $id) { $sql = "DELETE FROM ".GetTablePrefix()."UserSession WHERE SessionKey='$id'"; $ado->Execute($sql); } } else { $sql = "DELETE FROM ".GetTablePrefix()."UserSession WHERE Status='0'"; $ado->Execute($sql); } break; case "m_add_rule": $objEditItems = new clsBanRuleList(); $objEditItems->SourceTable = $objSession->GetEditTable("BanRules"); //$ItemType,$RuleType,$ItemField,$ItemVerb,$ItemValue,$Priority,$Status; $objEditItems->AddRule($_POST["rule_itemtype"],$_POST["rule_type"],$_POST["rule_field"], $_POST["rule_verb"],$_POST["rule_value"],(int)$_POST["rule_priority"], (int)$_POST["rule_status"], $_POST['rule_error']); break; case "m_edit_rule": $objEditItems = new clsBanRuleList(); $objEditItems->SourceTable = $objSession->GetEditTable("BanRules"); //$ItemType,$RuleType,$ItemField,$ItemVerb,$ItemValue,$Priority,$Status; $objEditItems->EditRule($_POST["rule_id"],$_POST["rule_itemtype"],$_POST["rule_type"],$_POST["rule_field"], $_POST["rule_verb"],$_POST["rule_value"],(int)$_POST["rule_priority"], (int)$_POST["rule_status"], $_POST['rule_error']); break; case "m_rule_move_up": if($ro_perm) break; if(isset($_POST["itemlist"])) { foreach($_POST["itemlist"] as $id) { $i = $objBanList->GetItem($id); $i->Increment("Priority"); } } break; case "m_rule_move_down": if($ro_perm) break; if(isset($_POST["itemlist"])) { foreach($_POST["itemlist"] as $id) { $i = $objBanList->GetItem($id); $i->Decrement("Priority"); } } break; case "m_rule_delete": if($ro_perm) break; if(isset($_POST["itemlist"])) { foreach($_POST["itemlist"] as $id) { $i = $objBanList->GetItem($id); $i->Delete(); } } break; case "m_ban_user": if($ro_perm) break; if($_POST["UserEditStatus"]==1) { $UserId = $_POST["user_id"]; $u = $objUsers->GetItem($UserId); if(is_object($u)) { if((int)$_POST["ban_login"]) { if(strlen($_POST["user_login"])) $objBanList->AddRule(6,0,"Login",3,$_POST["user_login"],0,1); } if((int)$_POST["ban_email"]) { if(strlen($_POST["user_email"])) $objBanList->AddRule(6,0,"Email",3,$_POST["user_email"],0,1); } if((int)$_POST["ban_ip"]) { if(strlen($_POST["user_ip"])) $objBanList->AddRule(6,0,"ip",3,$_POST["user_ip"],0,1); } $u->Deny(); } } break; } /* image upload management */ if( isset($_POST['img']) && $_POST['img'] == 1 ) { foreach($_FILES as $img => $FILE) { $name = $_POST["img_Name_$img"]; $alt = $_POST["img_Alt_$img"]; $url = $_POST["img_Url_$img"]; $res_id = $_POST["img_Res_$img"]; $relvalue = $_POST["img_Rel_$img"]; $thumb = (int)$_POST["img_Thumb_$img"]; $dest = AddSlash($_POST["img_DestDir_$img"]); if($_POST["img_Del_$img"]=="Delete") { $img = $objImageList->GetImageByResource($res_id,$relvalue); $img->Delete(); unset($img); $objImageList->Clear(); } else { if($FILE["size"]>0) { /* an image was uploaded */ $objImageList->HandleImageUpload($FILE,$res_id,$relvalue,$dest, $name,$alt,$thumb); } else { /* remote images handled here */ if(strlen($url)>0) { if($relvalue>0) { $img = $objImageList->GetImageByResource($res_id,$relvalue); $img->Set("Name",$name); $img->Set("AltName", $alt); $img->Set("IsThumbnail",$thumb); $img->Set("Url",$url); $img->Update(); } else { $relvalue = $objImageList->GetNextRelateValue($res_id); $objImageList->NewRemoteImage($url,$res_id,$relvalue, $name, $alt, $thumb); } } } } } } // ALL Saving Stuff From Temp Tables Heppens Here //echo "==== BEGIN ==== <br>"; $has_perm = $objSession->HasSystemPermission("SYSTEM_ACCESS.READONLY"); //echo "PortalUserID: [".$objSession->Get("PortalUserId")."]<br>"; //print_pre($objSession); //echo "PermSet: [".$has_perm."]<br>"; if( !$has_perm ) { /* category Edit */ if( GetVar('CatEditStatus') == 1 ) { $adodbConnection = &GetADODBConnection(); // $sql = "SELECT * FROM ".$objSession->GetEditTable("Category")." WHERE CategoryId=0"; $sql = "SELECT ParentId FROM ".$objSession->GetEditTable("Category")." WHERE CategoryId=-1"; $rs = $adodbConnection->Execute($sql); while ($rs && !$rs->EOF) { if($rs->fields["ParentId"] > 0) RunUp($rs->fields["ParentId"],"Increment_Count"); $rs->MoveNext(); } $objCatList->CopyFromEditTable("CategoryId"); $objCustomDataList->CopyFromEditTable("CustomDataId"); $objCatList->Clear(); if($_REQUEST['CategoryId'] > 0) // not root category is updated { $objImages = new clsImageList(); $objImages->CopyFromEditTable("ImageId"); } } if( GetVar('CatEditStatus') == 2 ) { $objCatList->PurgeEditTable("CategoryId"); $objCustomDataList->PurgeEditTable("CustomDataId"); if($_REQUEST['CategoryId'] > 0) // not root category is updated { $objImages = new clsImageList(); //$objImages->CopyFromEditTable("ImageId"); $objImages->PurgeEditTable("ImageId"); } $objCatList->Clear(); } /* User Edit */ if( GetVar('UserEditStatus') == 1 ) { $objUserGroupsList = new clsUserGroupList(); $objUserGroupsList->CopyFromEditTable("PortalUserId"); $objUsers->CopyFromEditTable("PortalUserId"); $objCustomDataList->CopyFromEditTable("CustomDataId"); $objGroups->Clear(); $objImages = new clsImageList(); $objImages->CopyFromEditTable("ImageId"); } if( GetVar('UserEditStatus') == 2 ) { $objUserGroupsList = new clsUserGroupList(); $objGroups->PurgeEditTable("PortalUserId"); $objUserGroupsList->PurgeEditTable("PortalUserId"); $objCustomDataList->PurgeEditTable("CustomDataId"); $objGroups->Clear(); } /* Group Edit */ if( GetVar('GroupEditStatus') == 1 ) { $objUserGroupsList = new clsUserGroupList(); $objUserGroupsList->CopyFromEditTable("GroupId"); $objGroups->CopyFromEditTable("GroupId"); $objCustomDataList->CopyFromEditTable("CustomDataId"); $objGroups->Clear(); } if( GetVar('GroupEditStatus') == 2 ) { $objUserGroupsList = new clsUserGroupList(); $objGroups->PurgeEditTable("GroupId"); $objCustomDataList->PurgeEditTable("CustomDataId"); $objUserGroupsList->PurgeEditTable("PortalUserId"); $objGroups->Clear(); } /* Theme Edit */ if( GetVar('ThemeEditStatus') == 1 ) { $objThemes->CopyFromEditTable(); $objThemes->Clear(); } if( GetVar('ThemeEditStatus') == 2 ) { $objThemes->PurgeEditTable(); $objThemes->Clear(); } /* Language Edit */ if( GetVar('LangEditStatus') == 1 ) { $objLanguages->CopyFromEditTable(); $objLanguages->Clear(); $objLanguages->PurgeEditTable(); $Phrases = new clsPhraseList(); $Phrases->CopyFromEditTable(); $Phrases->Clear(); $Phrases->PurgeEditTable(); $Messages = new clsEmailMessageList(); $Messages->CopyFromEditTable(); $Messages->Clear(); } if( GetVar('LangEditStatus') == 2 ) { $objLanguages->PurgeEditTable(); $objLanguages->Clear(); $Phrases = new clsPhraseList(); $Phrases->PurgeEditTable(); $Messages = new clsEmailMessageList(); $Messages->PurgeEditTable(); } if( GetVar('MissingLangEditStatus') == 1 ) { $objPhraseList = new clsPhraseList(); $objPhraseList->SourceTable = $objSession->GetSessionKey()."_".$ThemeId."_labels"; $objEditList = new clsPhraseList(); $objEditList->SourceTable = $objSession->GetEditTable("Phrase"); $ado = &GetADODBConnection(); $rs = $ado->Execute("SELECT MIN(PhraseId) as MinValue FROM ".$objEditList->SourceTable); $NewId = $rs->fields["MinValue"]-1; $objPhraseList->Query_Item("SELECT * FROM ".$objPhraseList->SourceTable); foreach($objPhraseList->Items as $p) { if(strlen($p->Get("Translation"))>0) { $p->tablename = $objEditList->SourceTable; $p->Dirty(); $p->UnsetIDField(); $p->Set("PhraseId",$NewId); $NewId--; $p->Create(); } } $ado->Execute("DROP TABLE IF EXISTS ".$objPhraseList->SourceTable); } if( GetVar('MissingLangEditStatus') == 2 ) { $table = $objSession->GetSessionKey()."_".$ThemeId."_labels"; $ado = &GetADODBConnection(); $ado->Execute("DROP TABLE IF EXISTS ".$table); } /* Ban Rule Edit */ if( GetVar('RuleEditStatus') == 1 ) { $objBanList->CopyFromEditTable("RuleId"); $objBanList->Clear(); } if( GetVar('RuleEditStatus') == 2 ) { $objBanList->PurgeEditTable("RuleId"); $objBanList->Clear(); } } elseif( defined('DEBUG_ACTIONS') ) { if( isset($_REQUEST['Action']) && $_REQUEST['Action'] ) echo "<b>USER HAS RO-ACCESS</b> on action [<b>".$_REQUEST['Action']."</b>]<br>"; } //echo "==== END ==== <br>"; ?> \ No newline at end of file Property changes on: trunk/kernel/action.php ___________________________________________________________________ Modified: cvs2svn:cvs-rev ## -1 +1 ## -1.71 \ No newline at end of property +1.72 \ No newline at end of property Index: trunk/kernel/include/portalgroup.php =================================================================== --- trunk/kernel/include/portalgroup.php (revision 954) +++ trunk/kernel/include/portalgroup.php (revision 955) @@ -1,548 +1,541 @@ <?php class clsPortalGroup extends clsParsedItem { var $UserCount; function clsPortalGroup($GroupId=NULL) { $this->clsParsedItem($GroupId); $this->tablename=GetTablePrefix()."PortalGroup"; $this->type=7; $this->BasePermission="GROUP"; $this->id_field = "GroupId"; if($GroupId) $this->LoadFromDatabase($GroupId); } function Validate() { global $objSession, $Errors; $dataValid = true; if(!isset($this->m_Name) || $this->m_Name == "") { $Errors->AddError("error.fieldIsRequired",'Login',"","",get_class($this),"Validate"); $dataValid = false; } return $dataValid; } function HasSystemPermission($PermissionName) { $GroupId = $this->Get("GroupId"); $sql = "SELECT * FROM ".GetTablePrefix()."Permissions WHERE GroupId=$GroupId AND Permission='$PermissionName' AND type=1"; $result = $this->adodbConnection->Execute($sql); if($result && !$result->EOF) { $this->SysPermCache[$PermissionName] = (int)$result->fields["PermissionValue"]; return (int)$result->fields["PermissionValue"]; } else return -1; } /* set $Value to -1 to delete the permission row from the DB */ function SetSystemPermission($PermName,$Value) { //echo "Setting $PermName to $Value<br>\n"; $oldval = $this->HasSystemPermission($PermName); if($Value != $oldval) { if($Value>-1) { if($oldval>-1) { $sql = "UPDATE ".GetTablePrefix()."Permissions SET PermissionValue=$Value "; $sql .=" WHERE Type=1 AND Permission='$PermName' AND GroupId=".$this->Get("GroupId"); //echo "UPDATE SQL: $sql<br>"; } else { $sql = "INSERT INTO ".GetTablePrefix()."Permissions (Permission, GroupId, PermissionValue, Type, CatId) "; $sql .="VALUES ('$PermName',".$this->Get("GroupId").",$Value,1,0)"; //echo "INSERT SQL: $sql<br>"; } $this->adodbConnection->Execute($sql); //echo $sql."<br>\n"; } else { $sql = "DELETE FROM ".GetTablePrefix()."Permissions "; $sql .=" WHERE Type=1 AND Permission='$PermName' AND GroupId=".$this->Get("GroupId"); //echo "DELETE SQL: $sql<br>"; $this->adodbConnection->Execute($sql); } } } function CheckPermission($permissionName) { //Check permission and if needs approval set approval global $objSession, $Errors; if(!$objSession->HasSystemPermission($permissionName)) { //$Errors->AddError("error.AccessDenied","","","",get_class($this),"CheckPermission"); return false; } return true; } function LoadFromDatabase($Id) { global $Errors; if(!isset($Id)) { $Errors->AddError("error.AppError",NULL,'Internal error: LoadFromDatabase id',"",get_class($this),"LoadFromDatabase"); return false; } $sql = "SELECT * FROM ".$this->tablename." WHERE GroupId = $Id"; $result = $this->adodbConnection->Execute($sql); if ($result === false) { $Errors->AddError("error.DatabaseError",NULL,$this->adodbConnection->ErrorMsg(),"",get_class($this),"LoadFromDatabase"); return false; } $data = $result->fields; $this->SetFromArray($data); $this->Clean(); return true; } - function AddUser($UserId,$PrimaryGroup=0,$table='', $edit_table = true) + function AddUser($UserId,$PrimaryGroup=0,$edit_table = true) { global $objSession; // add user to group OR just updates it's status there $db =& $this->adodbConnection; + $table=$edit_table?$objSession->GetEditTable('UserGroup'):GetTablePrefix().'UserGroup'; - if ($edit_table) { - $table = $objSession->GetEditTable("UserGroup");//GetTablePrefix().'UserGroup'; - } - else { - $table = GetTablePrefix()."UserGroup"; - } - - if(!$table) $table=$objSession->GetEditTable("UserGroup"); $group_id = $this->Get('GroupId'); $sql_patterns['check'] = 'SELECT PortalUserId FROM %s WHERE GroupId = %s AND PortalUserId = %s'; $sql_patterns['reset_primary'] = 'UPDATE %s SET PrimaryGroup = 0 WHERE PortalUserId = %s'; $sql_patterns['set_primary'] = 'UPDATE %s SET PrimaryGroup = 1 WHERE GroupId = %s AND PortalUserId = %s'; $sql_patterns['add_to_group'] = 'INSERT INTO %s (PortalUserId,GroupId,PrimaryGroup) VALUES (%s, %s, %s)'; $tmp_sql = sprintf($sql_patterns['check'], $table, $group_id, $UserId); $check_result = $db->GetOne($tmp_sql); if(!$check_result) { // user is not a memeber of this group $GroupCount = TableCount($table,"PortalUserId = $UserId", 0); if(!$PrimaryGroup) $PrimaryGroup = ($GroupCount == 0) ? 1 : 0; // reset primary status if not already $tmp_sql = sprintf($sql_patterns['add_to_group'], $table, $UserId, $group_id, $PrimaryGroup); $db->Execute($tmp_sql); } if($PrimaryGroup) { $tmp_sql = sprintf($sql_patterns['reset_primary'], $table, $UserId); $db->Execute($tmp_sql); $tmp_sql = sprintf($sql_patterns['set_primary'], $table, $group_id, $UserId); $db->Execute($tmp_sql); } } function DeleteUser($UserId) { global $objSession; $sql = "DELETE FROM ".$objSession->GetEditTable("UserGroup")." WHERE PortalUserId=$UserId AND GroupId=".$this->Get("GroupId"); $this->adodbConnection->Execute($sql); } function GetCustomField( $fieldName) { global $Errors; if(!isset($this->m_UserId)) { $Errors->AddError("error.AppError",NULL,"Get field is required in order to set custom field values","","clsPortalGroup","GetCustomField"); return false; } return GetCustomFieldValue($this->m_UserId,"portaluser",$fieldName); } function SetCustomField( $fieldName, $value) { global $Errors; if(!isset($this->m_UserId)) { $Errors->AddError("error.AppError",NULL,"Set field is required in order to set custom field values","","clsPortalGroup","SetCustomField"); return false; } return SetCustomFieldValue($this->m_UserId,"portaluser",$fieldName,$value); } function GetUserCount() { if(!is_numeric($this->UserCount)) { $sql = "SELECT count(*) as UserCount FROM ".GetTablePrefix()."UserGroup WHERE GroupId=".$this->Get("GroupId"); $rs = $this->adodbConnection->Execute($sql); if($rs && !$rs->EOF) $users = $rs->fields["UserCount"]; $this->UserCount = (int)$users; } return $this->UserCount; } function GetUserList() { global $objSession; $sql = "SELECT * FROM ".$objSession->GetEditTable("UserGroup")." WHERE GroupId=".$this->Get("GroupId"); $rs = $this->adodbConnection->Execute($sql); $res = array(); while($rs && !$rs->EOF) { $res[] = $rs->fields["PortalUserId"]; $rs->MoveNext(); } return $res; } function parsetag($tag) { global $var_list_update, $objConfig; if(is_object($tag)) { $tagname = $tag->name; } else $tagname = $tag; switch($tagname) { case "group_id": return $this->Get("GroupId"); break; case "group_name": return $this->Get("Name"); break; case "group_desc": return $this->Get("Description"); break; case "group_date": return LangDate($this->Get("CreatedOn")); break; case "group_name": return $this->Get("Name"); break; case "group_enabled": return $this->Get("Enabled"); break; case "group_date_month": return adodb_date("m", $this->Get("CreatedOn")); break; case "group_date_day": return adodb_date("d", $this->Get("CreatedOn")); break; case "group_date_year": return adodb_date("Y", $this->Get("CreatedOn")); break; case "group_system": if ($this->Get("System") == 1) return "System"; else return "User Defined"; break; case "group_status": if ($this->Get("Enabled") == 1) return "Enabled"; else return "Disabled"; break; default: if (substr($tag, 0, 6) == "custom") return Users_Custom($this->Get("ResourceId"), $tag); else return "Undefined:$tagname"; break; } } } class clsGroupList extends clsItemCollection { var $Page; function clsGroupList() { $this->clsItemCollection(); $this->classname = "clsPortalGroup"; $this->SetTable('live', GetTablePrefix()."PortalGroup"); $this->AdminSearchFields = array("name"); $this->id_field = "GroupId"; } function NumGroups() { return $this->NumItems(); } function GetGroup($GroupID) { return $this->GetItem($GroupID); } function GetPersonalGroup($UserLogin) { $n = "_".$UserLogin; $g = $this->GetItemByField("Name",$n); return $g; } function LoadGroups($where = "",$orderBy = "") { global $objConfig; $this->Clear(); if($this->Page<1) $this->Page=1; if(is_numeric($objConfig->Get("Perpage_Groups"))) { $Start = ($this->Page-1)*$objConfig->Get("Perpage_Groups"); $limit = "LIMIT ".$Start.",".$objConfig->Get("Perpage_Groups"); } else $limit = NULL; if(strlen($where) == 0) $where = '1'; $this->QueryItemCount=TableCount($this->SourceTable, $where, 0); //echo $this->QueryItemCount."<br>\n"; if ($orderBy!="") { $this->Query_PortalGroup($where,$orderBy,$limit); } else { $this->Query_PortalGroup($where,"Name DESC",$limit); } } function Query_PortalGroup($whereClause=NULL,$orderByClause=NULL,$limit=null) { global $m_var_list,$objSession,$Errors; $sql = "SELECT * FROM ".$this->SourceTable." "; if(strlen($whereClause)) $sql = sprintf('%s WHERE %s',$sql,$whereClause); if(strlen($orderByClause)) if(strlen(trim($orderByClause))) $sql = sprintf('%s ORDER BY %s',$sql,$orderByClause); if( isset($limit) ) $sql .= ' '.$limit; return $this->Query_Item($sql); } function Query_UserPortalGroup($whereClause,$orderByClause) { global $m_var_list,$objSession,$Errors; if ($m_var_list["action"] == "m_group_search") $table = $userSession->Get("SessionKey") . "_search"; else $table = $this->SourceTable; $sql = "SELECT * FROM $table LEFT JOIN UserGroup USING (GroupId) "; if(isset($whereClause)) $sql = sprintf('%s WHERE %s',$sql,$whereClause); if(isset($orderByClause)) if (strlen(trim($orderByClause))) { $sql = sprintf('%s ORDER BY %s',$sql,$orderByClause); } $result = $this->adodbConnection->Execute($sql); return $this->Query_Item($sql); } function GetAllGroupList() { static $GroupListCache; if(!is_array($GroupListCache)) { $GroupListCache = array(); $sql = "SELECT GroupId FROM ".$this->SourceTable." WHERE Enabled=1"; $rs = $this->adodbConnection->Execute($sql); while($rs && !$rs->EOF) { $GroupListCache[] = $rs->fields["GroupId"]; $rs->MoveNext(); } } return $GroupListCache; } function Group_Custom($ResourceId, $tag) { $fieldname= substr($tag, 7); $sql = "SELECT Value FROM ".GetTablePrefix()."CustomMetaData LEFT JOIN ".GetTablePrefix()."CustomField USING (CustomFieldId) where ".GetTablePrefix()."CustomMetaData.ResourceId=$ResourceId AND ".GetTablePrefix()."CustomField.FieldName='$fieldname'"; $result = $this->adodbConnection->Execute($sql); if ($result->EOF) return ""; else return $result->fields["Value"]; } function Add_Users_To_Group($groupid) { global $g_usergroup_status; $userids = explode("-", $g_usergroup_status); $g = $this->GetItem($groupid); foreach($userids as $userid) $g->AddUser($userid); } function Delete_Group($GroupId) { $g = $this->GetItem($GroupId); if(is_object($g)) { $g->Delete(); } } function Edit_Group($GroupId, $Name, $Description) { $g = $this->GetItem($GroupId); $g->Set(array("Name", "Description"), array($Name, $Description)); $g->Update(); return $g; } function &Add_Group($Name, $Description, $System=1) { $g = new clsPortalGroup(NULL); $g->tablename = $this->SourceTable; $g->Set(array("Name", "Description", "System"),array($Name, $Description,$System)); $g->Set("CreatedOn",adodb_date("U")); $g->Create(); return $g; } function CopyFromEditTable($idfield) { global $objSession; $GLOBALS['_CopyFromEditTable']=1; $edit_table = $objSession->GetEditTable($this->SourceTable); $sql = "SELECT * FROM $edit_table"; $rs = $this->adodbConnection->Execute($sql); while($rs && !$rs->EOF) { $data = $rs->fields; $c = new $this->classname; $c->SetFromArray($data); $c->idfield = $idfield; $c->Dirty(); if($c->Get($idfield)<1) { $old_id = $c->Get($idfield); $c->UnsetIdField(); if(!is_numeric($c->Get("OrgId"))) $c->Clean(array("OrgId")); $c->Create(); $sql = "UPDATE ".GetTablePrefix()."UserGroup SET GroupId=".$c->Get("GroupId")." WHERE GroupId=$old_id"; $this->adodbConnection->Execute($sql); $sql = "UPDATE ".GetTablePrefix()."Permissions SET GroupId=".$c->Get("GroupId")." WHERE GroupId=$old_id"; $this->adodbConnection->Execute($sql); } $c->Update(); unset($c); unset($r); $rs->MoveNext(); } @$this->adodbConnection->Execute("DROP TABLE IF EXISTS $edit_table"); unset($GLOBALS['_CopyFromEditTable']); } function PurgeEditTable($idfield) { global $objSession; $edit_table = $objSession->GetEditTable($this->SourceTable); @$this->adodbConnection->Execute("DROP TABLE IF EXISTS $edit_table"); $sql = "DELETE FROM ".GetTablePrefix()."UserGroup WHERE GroupId<1"; $this->adodbConnection->Execute($sql); $sql = "DELETE FROM ".GetTablePrefix()."Permissions WHERE GroupId<1"; $this->adodbConnection->Execute($sql); } } class clsUserGroupList extends clsItemCollection { function clsUserGroupList() { $this->clsItemCollection(); $this->classname = "clsPortalGroup"; $this->SetTable('live', GetTablePrefix()."UserGroup"); $this->id_field = "PortalUserId"; // don't try to insert by this ID :) } function CopyFromEditTable($idfield) { global $objSession; $GLOBALS['_CopyFromEditTable']=1; $edit_table = $objSession->GetEditTable($this->SourceTable); $sql = "SELECT * FROM $edit_table"; $rs = $this->adodbConnection->Execute($sql); //echo $sql."<BR>"; $clear_old = true; while($rs && !$rs->EOF) { $data = $rs->fields; if ($clear_old) { $sql = "DELETE FROM ".$this->SourceTable." WHERE $idfield = ".$data[$idfield]; @$this->adodbConnection->Execute($sql); $clear_old = false; } $sql = "INSERT INTO ".$this->SourceTable." (PortalUserId, GroupId, PrimaryGroup) VALUES (".$data['PortalUserId'].", ".$data['GroupId'].", ".$data['PrimaryGroup'].")"; @$this->adodbConnection->Execute($sql); $rs->MoveNext(); } @$this->adodbConnection->Execute("DROP TABLE IF EXISTS $edit_table"); unset($GLOBALS['_CopyFromEditTable']); } } ?> Property changes on: trunk/kernel/include/portalgroup.php ___________________________________________________________________ Modified: cvs2svn:cvs-rev ## -1 +1 ## -1.13 \ No newline at end of property +1.14 \ No newline at end of property Index: trunk/kernel/frontaction.php =================================================================== --- trunk/kernel/frontaction.php (revision 954) +++ trunk/kernel/frontaction.php (revision 955) @@ -1,952 +1,952 @@ <?php switch($Action) { case "m_login": // if($objSession->ValidSession()) $objSession->Logout(); //echo $objSession->GetSessionKey()."<br>\n"; if ($objConfig->Get("CookieSessions") == 1 && $_COOKIE["CookiesTest"] != "1") { $FormError["login"]["login_user"] = language("lu_cookies_error"); } else { $MissingCount = SetMissingDataErrors("login"); if($MissingCount==2) { $FormError["login"]["login_user"]= language("lu_ferror_loginboth"); unset($FormError["login"]["login_password"]); } if($MissingCount==0) { if($_POST["login_user"]=="root") { $FormError["login"]["login_user"]= language("lu_access_denied"); } else { $LoginCheck = $objSession->Login( $_POST["login_user"], md5($_POST["login_password"]) ); if($LoginCheck === true) { if( !headers_sent() && GetVar('usercookie') == 1 ) { $c = $_POST["login_user"]."|"; $pw = $_POST["login_password"]; if(strlen($pw) < 31) $pw = md5($pw); $c .= $pw; setcookie("login",$c,time()+2592000); } // set new destination template if passed $dest = GetVar('dest', true); if(!$dest) $dest = GetVar('DestTemplate', true); if($dest) $var_list['t'] = $dest; } else { switch($LoginCheck) { case -1: // user or/and pass wrong $FormError["login"]["login_password"] = language("lu_incorrect_login"); break; case -2: // user ok, but has no permission $FormError["login"]["login_password"] = language("la_text_nopermissions"); break; } } } } } break; case "m_resetpw": $passed_arr = explode(';', base64_decode($_GET['user_key'])); $found = false; $u = $objUsers->GetItemByField("Email", $passed_arr[1]); if(is_object($u)) { $found = ($u->Get("PortalUserId")==$passed_arr[0] && $u->Get("Status")==1) && strlen($u->Get("Password")); } if($found) { $newpw = makepassword(); $objSession->Set('password', $newpw); $u->Set("Password",$newpw); $u->Set("PassResetTime", time()); $u->Update(); $u->SendUserEventMail("USER.PSWD",$u->Get("PortalUserId")); $u->SendAdminEventMail("USER.PSWD"); $u->Set("Password",md5($newpw)); $u->Update(); $u->Clean(); } break; case "m_forgotpw": $MissingCount = SetMissingDataErrors("forgotpw"); $pass_reset_add = $objConfig->Get("Users_AllowReset"); if($MissingCount==0) { $username = $_POST["username"]; $email = $_POST["email"]; $found = FALSE; if(strlen($username)) { $u = $objUsers->GetItemByField("Login",$username); if(is_object($u)) $found = ($u->Get("Login")==$username && $u->Get("Status")==1) && strlen($u->Get("Password")); } else if(strlen($email)) { $u = $objUsers->GetItemByField("Email",$email); if(is_object($u)) $found = ($u->Get("Email")==$email && $u->Get("Status")==1) && strlen($u->Get("Password")); } $allow_reset = $u->Get("PassResetTime") + $pass_reset_add; if($found && $allow_reset <= time()) { //$newpw = makepassword(); //$objSession->Set('password', $newpw); $objSession->Set('tmp_user_id', $u->Get("PortalUserId")); $objSession->Set('tmp_email', $u->Get("Email")); //$u->Set("Password",$newpw); //$u->Update(); $u->SendUserEventMail("USER.PSWDC",$u->Get("PortalUserId")); //$u->SendAdminEventMail("USER.PSWDC"); //$u->Set("Password",md5($newpw)); //$u->Update(); $u->Clean(); } else { if(!strlen($username) && !strlen($email)) { $FormError["forgotpw"]["username"] = language("lu_ferror_forgotpw_nodata"); $MissingCount++; } else { if(strlen($username)) $FormError["forgotpw"]["username"] = language("lu_ferror_unknown_username"); if(strlen($email)) $FormError["forgotpw"]["email"] = language("lu_ferror_unknown_email"); if ($allow_reset > time()) { $FormError["forgotpw"]["username"] = language("lu_ferror_reset_denied"); //$FormError["forgotpw"] = language("lu_ferror_reset_denied"); } $MissingCount++; } if(strlen($_GET["error"])) $var_list["t"] = $_GET["error"]; } } else if(strlen($_GET["error"])) $var_list["t"] = $_GET["error"]; break; case "m_subscribe_confirm": $t = ""; $SubscribeAddress = $_POST["subscribe_email"]; if(!ValidEmail($SubscribeAddress)&& strlen($SubscribeAddress)) { $t = $_GET["Error"]; $SubscribeError = "lu_invalid_emailaddress"; } else { if((int)$objConfig->Get("User_SubscriberGroup")>0) { $g = $objGroups->GetItem($objConfig->Get("User_SubscriberGroup")); if(is_object($g)) { $email = $_POST["subscribe_email"]; if(strlen($email)>0) { $u = $objUsers->GetItemByField("Email",$email); if(is_object($u)) { if($u->CheckBanned()) { $t = $_GET["Error"]; $SubscribeError ="lu_subscribe_banned"; } else { if($u->IsInGroup($g->Get("GroupId"))) { $t = $_GET["Unsubscribe"]; } else $t = $_GET["Subscribe"]; } } else $t = $_GET["Subscribe"]; } else { $t = $_GET["Error"]; $SubscribeError ="lu_subscribe_no_address"; } } else { $t = $_GET["Error"]; $SubscribeError ="lu_subscribe_unknown_error"; } } } if(strlen($t)) { $var_list["t"] = $t; $var_list_update["t"] = $t; } break; case "m_subscribe": //phpinfo(INFO_VARIABLES); if($_POST["buttons"][0]==language("lu_button_yes")) { $SubscribeAddress = $_POST["subscribe_email"]; if(strlen($SubscribeAddress)>0) { if(ValidEmail($SubscribeAddress)) { $GroupId = (int)$objConfig->Get("User_SubscriberGroup"); if ($GroupId) { $g = $objGroups->GetItem($GroupId); $u = $objUsers->GetItemByField("Email",$SubscribeAddress); if(is_object($u)) { if(strtolower($u->Get("Email"))==strtolower($SubscribeAddress)) { $bExists = TRUE; } else $bExists = FALSE; } if($bExists) { - $g->AddUser($u->Get("PortalUserId")); + $g->AddUser($u->Get("PortalUserId"),0,false); } else { $u = new clsPortalUser(NULL); $u->Set("Email",$SubscribeAddress); $u->Set("ip",$_SERVER['REMOTE_ADDR']); $u->Set("CreatedOn",date("U")); $u->Set("Status",1); if(!$u->CheckBanned()) { $u->Create(); - $g->AddUser($u->Get("PortalUserId"),1); + $g->AddUser($u->Get("PortalUserId"),1,false); } else $SubscribeResult = "lu_subscribe_banned"; } $SubscribeResult = "lu_subscribe_success"; $u->SendUserEventMail("USER.SUBSCRIBE",$u->Get("PortalUserId")); $u->SendAdminEventMail("USER.SUBSCRIBE"); if(strlen($_GET["Subscribe"])>0) $var_list["t"] = $_GET["Subscribe"]; } } else { $SubscribeResult = "lu_invalid_emailaddress"; } } else $SubscribeResult = "lu_subscribe_missing_address"; } if(!strlen($SubscribeResult)) $SubscribeResult = "lu_subscribe_success"; break; case "m_unsubscribe": if($_POST["buttons"][0]==language("lu_button_yes")) { $MissingCount = SetMissingDataErrors("m_unsubscribe"); if($MissingCount==0) { $email = $_POST["subscribe_email"]; $u = $objUsers->GetItemByField("Email",$email); if(is_object($u)) { if(strtolower($u->Get("Email"))==strtolower($email)) { $GroupId = (int)$objConfig->Get("User_SubscriberGroup"); if($u->PrimaryGroup()==$GroupId) { $u_gorup_list = $u->GetGroupList(); if (count($u_gorup_list) > 1) { $u->RemoveFromGroup($GroupId); } else { $u->RemoveFromAllGroups(); $u->Delete(); } } else { $u->RemoveFromGroup($GroupId); } } } if(strlen($_GET["Subscribe"])>0) $var_list["t"] = $_GET["Subscribe"]; } } break; case "m_logout": // $objSession->Logout(); //unset($objSession); //$objSession = new clsUserSession(); // $var_list_update["t"] = "index"; // setcookie("login","",time()-3600); break; case "m_register": $_POST=inp_escape($_POST); $MissingCount = SetMissingDataErrors("m_register"); if(!$objConfig->Get("User_Password_Auto")) { if(($_POST["password"] != $_POST["passwordverify"]) || !strlen($_POST["passwordverify"])) { $MissingCount++; $FormError["m_register"]["passwordverify"] = language("lu_ferror_pswd_mismatch"); } if(strlen($_POST["password"])>30) { // echo "VAR: ".$_POST["password"]; die(); $MissingCount++; $FormError["m_register"]["password"] = language("lu_ferror_pswd_toolong"); } if (strlen($_POST['password']) < $objConfig->Get("Min_Password")) { $MissingCount++; $FormError["m_register"]["password"] = language("lu_ferror_pswd_tooshort"); } } $u = $objUsers->GetItemByField("Login",$_POST["username"]); if(is_object($u)) { if($u->Get("Login")==$_POST["username"]) { $MissingCount++; $FormError["m_register"]["username"] = language("lu_user_exists"); } } if (strlen($_POST['username']) < $objConfig->Get("Min_UserName")) { $MissingCount++; $FormError["m_register"]["username"] = language("lu_ferror_username_tooshort"); } if(!$MissingCount) { $CreatedOn = adodb_date("U"); $GroupId = $objConfig->Get("User_NewGroup"); $Status=0; /* determine the status of new users */ switch ($objConfig->Get("User_Allow_New")) { case "1": $Status=1; break; case "3": $Status=2; break; } /* set Destination template */ $var_list["t"] = strlen($_GET["dest"])? $_GET["dest"] : "index"; if($Status>0) { if($objConfig->Get("User_Password_Auto")) { $password = makepassword(); $objSession->Set("password", $password); } else $password = $_POST["password"]; $_POST["dob"] = $_POST["dob_month"]."/".$_POST["dob_day"]."/".$_POST["dob_year"]; $dob = DateTimestamp($_POST["dob"],GetDateFormat()); $ip = $_SERVER['REMOTE_ADDR']; $u = &$objUsers->Add_User($_POST["username"], md5($password), $_POST["email"], $CreatedOn, $_POST["firstname"], $_POST["lastname"], $Status, $_POST["phone"], $_POST["street"], $_POST["city"], $_POST["state"], $_POST["zip"], $_POST["country"], $dob, $ip, TRUE); if(!is_object($u)) { $RuleId=$u; $r = $objBanList->GetItem($RuleId); $err = $r->Get("ErrorTag"); if(strlen($err)) { $FormError["m_register"][$r->Get("ItemField")] = language($err); $MissingCount++; } } else { $u->Set("Password",$password); $u->Clean(); if($GroupId>0) { $g = $objGroups->GetItem($GroupId); - $g->AddUser($u->Get("PortalUserId"),1, '', false); + $g->AddUser($u->Get("PortalUserId"),1,false); } $custom = $_POST["custom"]; if(is_array($custom)) { for($x=0;$x<count($custom);$x++) { $u->SetCustomField($custom[$x],$_POST[$custom[$x]]); } $u->SaveCustomFields(); } if($Status==1) { if($objConfig->Get("User_Password_Auto")) { $u->SendUserEventMail("USER.VALIDATE",$u->Get("PortalUserId")); $u->SendAdminEventMail("USER.VALIDATE"); } else { $doLoginNow = true; $u->SendUserEventMail("USER.ADD",$u->Get("PortalUserId")); $u->SendAdminEventMail("USER.ADD"); } } else { $u->SendUserEventMail("USER.ADD.PENDING",$u->Get("PortalUserId")); $u->SendAdminEventMail("USER.ADD.PENDING"); } if ($doLoginNow) $objSession->Login($_POST["username"], md5($password)); } } } break; case "m_add_friend": $id = $_GET["UserId"]; $userid = $objSession->Get("PortalUserId"); if($id!=$userid) { $u =& $objUsers->GetItem($id); $u->AddFavorite($userid); } break; case "m_del_friend": $id = $_GET["UserId"]; $userid = $objSession->Get("PortalUserId"); $u =& $objUsers->GetItem($id); $u->DeleteFavorite(); break; case "m_acctinfo": // phpinfo(INFO_VARIABLES); $_POST=inp_escape($_POST); $MissingCount = SetMissingDataErrors("m_acctinfo"); $UserId = $_GET["UserId"]; if($UserId != $objSession->Get("PortalUserId")) { $MissingCount++; $FormError["m_acctinfo"]["UserId"] = language("lu_ferror_m_profile_userid"); } if(strlen($_POST["password"])>0) { if(($_POST["password"] != $_POST["passwordverify"]) || !strlen($_POST["passwordverify"])) { $MissingCount++; $FormError["m_acctinfo"]["passwordverify"] = language("lu_ferror_pswd_mismatch"); } if(strlen($_POST["password"])>30) { // echo "VAR: ".$_POST["password"]; die(); $MissingCount++; $FormError["m_acctinfo"]["password"] = language("lu_ferror_pswd_toolong"); } if (strlen($_POST['password']) < $objConfig->Get("Min_Password")) { $MissingCount++; $FormError["m_acctinfo"]["password"] = language("lu_ferror_pswd_tooshort"); } } if(!$MissingCount) { /* save profile */ $u =& $objUsers->GetItem($UserId); $status = $u->Get("Status"); $_POST["dob"] = $_POST["dob_month"]."/".$_POST["dob_day"]."/".$_POST["dob_year"]; $dob = DateTimestamp($_POST["dob"], GetDateFormat()); if(strlen($_POST["password"])>0) { $password = md5($_POST["password"]); } else $password = ""; $objUsers->Edit_User($UserId, $_POST["username"], $password, $_POST["email"], 0, $_POST["firstname"], $_POST["lastname"], $status, $_POST["phone"], $_POST["street"], $_POST["city"], $_POST["state"], $_POST["zip"], $_POST["country"], $dob); $ResourceId= $u->Get("ResourceId"); $objCustomDataList->LoadResource($ResourceId); $objCustomFields = new clsCustomFieldList(6); for($i=0;$i<$objCustomFields->NumItems(); $i++) { $field = & $objCustomFields->GetItemRefByIndex($i); $fieldid= $field->Get("CustomFieldId"); $fname = $field->Get("FieldName"); if(isset($_POST[$fname])) $objCustomDataList->SetFieldValue($fieldid,$ResourceId,$_POST[$fname]); elseif(isset($_POST[strtolower($fname)])) $objCustomDataList->SetFieldValue($fieldid,$ResourceId,$_POST[strtolower($fname)]); } $objCustomDataList->SaveData(); } break; case "m_profile": $userid = $objSession->Get("PortalUserId"); if($userid>0) { $u = $objUsers->GetItem($userid); foreach($_POST as $field=>$value) { if(substr($field,0,3)=="pp_") { $objSession->SetPersistantVariable($field,$value); } } } break; case "m_set_lang": $lang = $_GET["lang"]; $LangId = 0; if(strlen($lang)) { $l = $objLanguages->GetItemByField("PackName",$lang); if(is_object($l)) { $LangId = $l->Get("LanguageId"); } } if($LangId) { if($objSession->Get("PortalUserId")>0) { $objSession->SetPersistantVariable("Language",$LangId); } $objSession->Set("Language",$LangId); $objSession->Update(); $m_var_list_update["lang"] = $LangId; $m_var_list["lang"] = $LangId; } break; case "m_set_theme": $id = $_POST["ThemeId"]; if(!is_numeric($id)) $id = $_GET["ThemeId"]; if($id) { $objSession->SetThemeName($id); $m_var_list["t"] = "index"; $m_var_list_update["theme"] = $id; $m_var_list["theme"] = $id; unset($CurrentTheme); } break; case "m_sort_cats": $objSession->SetVariable("Category_Sortfield",$_POST["cat_sort_field"]); $objSession->SetVariable("Category_Sortorder",$_POST["cat_sort_order"]); $objSession->SetVariable("Perpage_Category",$_POST["cat_perpage"]); break; case "m_add_cat_confirm": // phpinfo(INFO_VARIABLES); $perm = 0; $CategoryId=$objCatList->CurrentCategoryID(); if ($objSession->HasCatPermission("CATEGORY.ADD.PENDING")) $perm = 2; if ($objSession->HasCatPermission("CATEGORY.ADD")) $perm = 1; if ($perm == 0) { $MissingCount++; $FormError["m_addcat"]["name"] = language("lu_ferror_no_access"); } else { $MissingCount = SetMissingDataErrors("m_addcat"); if(is_array($_FILES)) { foreach($_FILES as $field => $file) { $allowed = TRUE; if(strlen($_POST["imagetypes"][$field])) { $types = explode(",",strtolower($_POST["imagetypes"][$field])); if(is_array($types)) { if(count($types)>0) { $path_parts = pathinfo($file["name"]); $ext = $path_parts["extension"]; $allowed = in_array($ext,$types); if(!$allowed) { $MissingCount++; $FormError["m_addcat"][$field] = language("lu_ferror_wrongtype"); } } } } $maxsize = (int)$_POST["maxsize"][$field]; if($maxsize>0 && $allowed && $file["size"]>$maxsize) { $allowed = FALSE; $MissingCount++; $FormError["m_addcat"][$field] = language("lu_ferror_toolarge"); } } } if($MissingCount==0) { $CreatedOn = date("U"); $_POST=inp_striptags($_POST); $name = $_POST["name"]; $desc = $_POST["description"]; $metadesc = $_POST["meta_description"]; $keywords = $_POST["meta_keywords"]; $parent = $objCatList->CurrentCategoryID(); $cat =& $objCatList->Add($parent, $name, $desc, $CreatedOn, 0, $perm, 2, 2, 2, 0, $keywords,$metadesc); $cat->UpdateCachedPath(); $cat->Update(); $cat->UpdateACL(); $objCatList->UpdateMissingCacheData(); if(strlen($_GET["Confirm"])) { $var_list["t"] = $_GET["Confirm"]; } else $var_list["t"] = $_GET["DestTemplate"]; } } break; case "m_front_review_add": if($objSession->InSpamControl($_POST["ItemId"])) { $StatusMessage["review"] = language("la_Review_AlreadyReviewed"); } else { $objReviews = new clsItemReviewList(); $Status = $objConfig->Get("Review_DefaultStatus"); $CreatedOn = adodb_date("U"); $html = (int)$objConfig->Get("Review_Html"); $ReviewText = inp_striptags($_POST["review_text"]); $r = $objReviews->AddReview($CreatedOn,$ReviewText,$Status, $IPAddress, 0, $_POST["ItemId"], $_POST["ItemType"], $objSession->Get("PortalUserId")); foreach($ItemTypes as $type=>$id) { if($id==$_POST["ItemType"]) { $ValName = $type."_ReviewDelay_Value"; $IntName = $type."_ReviewDelay_Interval"; break; } } if(strlen($ValName) && strlen($IntName)) { $exp_secs = $objConfig->Get($ValName) * $objConfig->Get($IntName); $objSession->AddToSpamControl($_POST["ItemId"],$exp_secs); if(is_object($r)) { if($Status) { $StatusMessage["review"] = language("la_Review_Added"); } else $StatusMessage["review"] = language("la_Review_Pending"); } else $StatusMessage["review"] = language("la_Review_Error"); } else $StatusMessage["error"] = language("la_ConfigError_Review"); } break; case "m_suggest_email": $cutoff = time()+(int)$objConfig->Get("Suggest_MinInterval"); $email = inp_striptags($_POST["suggest_email"]); if (strlen($email)) { if(ValidEmail($email)) { $sql = "SELECT * FROM ".GetTablePrefix()."SuggestMail WHERE email='".$email."' and sent<".$cutoff; $adodbConnection = &GetADODBConnection(); $rs = $adodbConnection->Execute($sql); $rs = false; if($rs && !$rs->EOF) { if(strlen($_GET["Error"])>0) $var_list["t"] = $_GET["Error"]; $suggest_result = "$email ".language("lu_already_suggested ")." ".LangDate($rs->fields["sent"]); } else { $Event =& $objMessageList->GetEmailEventObject("USER.SUGGEST"); if(is_object($Event)) { if($Event->Get("Enabled")=="1") { $Event->Item = $this; $Event->SendToAddress($email); $sql = "INSERT INTO ".GetTablePrefix()."SuggestMail (email,sent) VALUES ('".$email."','".time()."')"; $rs = $adodbConnection->Execute($sql); $suggest_result=language("lu_suggest_success")." ".$email; } } $e =& $objMessageList->GetEmailEventObject("USER.SUGGEST",1); if($e->Get("Enabled")==1) $e->SendAdmin(); if(strlen($_GET["Confirm"])>0) $var_list["t"] = $_GET["Confirm"]; } } else { if(strlen($_GET["Error"])>0) $var_list["t"] = $_GET["Error"]; $suggest_result=language("lu_invalid_emailaddress"); } } else { if(strlen($_GET["Error"])>0) $var_list["t"] = $_GET["Error"]; $suggest_result=language("lu_suggest_no_address"); } break; case "m_simple_search": $keywords = $_POST["keywords"]; $type = $objItemTypes->GetTypeByName("Category"); $objSearch = new clsSearchResults("Category","clsCategory"); $length = $objConfig->Get('Search_MinKeyword_Length'); if(strlen($keywords)) { $performSearch = false; $isExact = (substr($keywords, 0, 1) == '"' && substr($keywords, strlen($keywords) - 1, 1) == '"'); if ($isExact) { $performSearch = (strlen(trim(str_replace('"', '', $keywords))) >= $length); } else { $key_arr = explode(' ', $keywords); foreach($key_arr as $value) { if (strlen($value) < $length) { $keywords = str_replace(' '.$value, '', $keywords); $keywords = str_replace($value.' ', '', $keywords); } } $keywords = str_replace(' ', ' ', $keywords); $performSearch = (strlen($keywords) >= $length); } if ($performSearch) { $objSearchList = new clsSearchLogList(); $objSearchList->UpdateKeyword($keywords,0); $objSearch->SetKeywords($keywords); $objSearch->AddSimpleFields(); if(is_numeric($objConfig->Get("SearchRel_Pop_category"))) $objSearch->PctPop = ($objConfig->Get("SearchRel_Pop_category")/100); if(is_numeric($objConfig->Get("SearchRel_Keyword_category"))) $objSearch->PctRelevance = ($objConfig->Get("SearchRel_Keyword_category")/100); if(is_numeric($objConfig->Get("SearchRel_Rating_article"))) $objSearch->PctRating = ($objConfig->Get("SearchRel_Rating_category")/100); //echo "Searching On $keywords<br>\n"; $objSearch->PerformSearch(1,$SortOrder,TRUE); $SearchPerformed = TRUE; //$objSearch->SetRelevence($type->Get("ItemType"), "CategoryId"); //echo "Finished Setting Category Relevence<br>\n"; } else { if(strlen($_GET["Error"])>0) $var_list["t"] = $_GET["Error"]; $MissingCount = SetMissingDataErrors("m_simplesearch"); $MissingCount++; $FormError["m_simplesearch"]["keywords"] = language("lu_keywords_tooshort"); } } else { if(strlen($_GET["Error"])>0) $var_list["t"] = $_GET["Error"]; $MissingCount = SetMissingDataErrors("m_simplesearch"); $MissingCount++; $FormError["m_simplesearch"]["keywords"] = language("lu_no_keyword"); } break; case "m_adv_search": if( !is_object($objSearchConfig) ) $objSearchConfig = new clsSearchConfigList(); switch($_GET["type"]) { case 1: /* category */ //echo "Searching for categories<br>"; $objAdvSearch = new clsAdvancedSearchResults("Category","clsCategory"); foreach($objSearchConfig->Items as $field) { $fld = $field->Get("FieldName"); $Verb = $_POST["verb"][$field->Get("FieldName")]; if(!strlen($Verb) && $field->Get("FieldType")=="boolean") { if($_POST["value"][$field->Get("FieldName")]!=-1) { $Value = $_POST["value"][$field->Get("FieldName")]; $Verb = "is"; } } else { $Value = $_POST["value"][$field->Get("FieldName")]; } switch( $_POST["andor"][$field->Get("FieldName")]) { case 1: $Conjuction = "AND"; break; case 2: $Conjuction = "OR"; break; default: $Conjuction = ""; break; } if(strlen($Verb)>0 && $Verb!="any") { //echo "Adding CAT SearchField: [".$field->Get("TableName")."]; [".$field->Get("FieldName")."]; [$Verb]; [$Value]; [$Conjuction]<br>"; $objAdvSearch->AddAdvancedField($field->Get("TableName"),$field->Get("FieldName"),$Verb,$Value,$Conjuction); } } $objAdvSearch->PerformSearch(1,NULL,TRUE); break; } break; case "m_id": echo $Action.":".$DownloadId; die(); break; case "m_simple_subsearch": $keywords = $_POST["keywords"]; $type = $objItemTypes->GetTypeByName("Category"); $objSearch = new clsSearchResults("Category","clsCategory"); $length = $objConfig->Get('Search_MinKeyword_Length'); if(strlen($keywords)) { $performSearch = false; $isExact = (substr($keywords, 0, 1) == '"' && substr($keywords, strlen($keywords) - 1, 1) == '"'); if ($isExact) { $performSearch = (strlen(trim(str_replace('"', '', $keywords))) >= $length); } else { $key_arr = explode(' ', $keywords); foreach($key_arr as $value) { if (strlen($value) < $length) { $keywords = str_replace(' '.$value, '', $keywords); $keywords = str_replace($value.' ', '', $keywords); } } $keywords = str_replace(' ', ' ', $keywords); $performSearch = (strlen($keywords) >= $length); } if ($performSearch) { $objSearchList = new clsSearchLogList(); $objSearchList->UpdateKeyword($keywords,0); $objSearch->SetKeywords($keywords); $objSearch->AddSimpleFields(); if(is_numeric($objConfig->Get("SearchRel_Pop_category"))) $objSearch->PctPop = ($objConfig->Get("SearchRel_Pop_category")/100); if(is_numeric($objConfig->Get("SearchRel_Keyword_category"))) $objSearch->PctRelevance = ($objConfig->Get("SearchRel_Keyword_category")/100); if(is_numeric($objConfig->Get("SearchRel_Rating_article"))) $objSearch->PctRating = ($objConfig->Get("SearchRel_Rating_category")/100); $SearchResultIdList = $objSearch->Result_IdList(); if(count($SearchResultIdList)>0) { $objSearch->PerformSearch(1,$SortOrder,TRUE,$SearchResultIdList); //$objSearch->SetRelevence($type->Get("ItemType"), "CategoryId"); } $SearchPerformed = TRUE; } else { $MissingCount = SetMissingDataErrors("m_simplesearch"); $MissingCount++; $FormError["m_simplesearch"]["keywords"] = language("lu_keywords_tooshort"); } } else { $MissingCount = SetMissingDataErrors("m_simplesearch"); $MissingCount++; $FormError["m_simplesearch"]["keywords"] = language("lu_no_keyword"); } break; } ?> Property changes on: trunk/kernel/frontaction.php ___________________________________________________________________ Modified: cvs2svn:cvs-rev ## -1 +1 ## -1.32 \ No newline at end of property +1.33 \ No newline at end of property