00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 {
00004 header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005 echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006 echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007 exit(1);
00008 }
00026 function getContent($pageId, $action, $userId, $permission, $recursed=0) {
00027 if($action=="login") {
00028 if($userId==0) {
00030
00031 $newUserId = login();
00032 if(is_numeric($newUserId))
00033 return getContent($pageId, "view", $newUserId, getPermissions($newUserId,$pageId,"view"), 0);
00034 else
00035 return $newUserId;
00036 } else
00037 displayinfo("You are logged in as ".getUserName($userId)."! Click <a href=\"./+logout\">here</a> to logout.");
00038 return getContent($pageId, "view", $userId, getPermissions($userId,$pageId,"view"), $recursed=0);
00039 }
00040 if($action=="profile") {
00041 if($userId != 0) {
00042 require_once("profile.lib.php");
00043 return profile($userId);
00044 } else
00045 displayinfo("You need to <a href=\"./+login\">login</a> to view your profile.!");
00046 }
00047 if($action=="logout") {
00048 if($userId!=0) {
00049 $newUserId=resetAuth();
00050 displayinfo("You have been logged out!");
00051 global $openid_enabled;
00052 if($openid_enabled=='true')
00053 displaywarning("If you logged in via Open ID, make sure you also log out from your Open ID service provider's website. Until then your session in this website will remain active !");
00054 return getContent($pageId, "view", $newUserId, getPermissions($newUserId,$pageId,"view"), 0);
00055 } else
00056 displayinfo("You need to <a href=\"./+login\">login</a> first to logout!");
00057 }
00058 if($action=="search") {
00059 require_once("search.lib.php");
00060 $ret = getSearchBox();
00061 if(isset($_POST['query']))
00062 $ret .= getSearchResultString($_POST['query']);
00063 elseif(isset($_GET['query']))
00064 $ret .= getSearchResultString($_GET['query']);
00065
00066 return $ret;
00067 }
00068 if (isset($_GET['subaction']) && $_GET['subaction'] == 'getchildren') {
00069 if (isset($_GET['parentpath'])) {
00070 global $urlRequestRoot;
00071 require_once('menu.lib.php');
00072 $pidarr = Array();
00073 parseUrlReal(escape($_GET['parentpath']), $pidarr);
00074 $pid = $pidarr[count($pidarr) - 1];
00075 $children = getChildren($pid, $userId);
00076 $response = array();
00077 $response['path'] = escape($_GET['parentpath']);
00078 $response['items'] = array();
00079 foreach ($children as $child)
00080 $response['items'][] = array($urlRequestRoot . '/home' . escape($_GET['parentpath']) . $child[1], $child[2]);
00081
00082 exit();
00083 }
00084 }
00085
00086 if($permission!=true) {
00087 if($userId==0) $suggestion = "(Try <a href=\"./+login\">logging in?</a>)";
00088 else $suggestion = "";
00089 displayerror("You do not have the permissions to view this page. $suggestion<br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
00090 return '';
00091 }
00092
00093 if($action=="admin") {
00094 require_once("admin.lib.php");
00095 return admin($pageId,$userId);
00096 }
00099
00100 $pagetype_query = "SELECT page_module, page_modulecomponentid FROM ".MYSQL_DATABASE_PREFIX."pages WHERE page_id=".escape($pageId);
00101 $pagetype_result = mysql_query($pagetype_query);
00102 $pagetype_values = mysql_fetch_assoc($pagetype_result);
00103 if(!$pagetype_values) {
00104 displayerror("The requested page does not exist.");
00105 return "";
00106 }
00107 $moduleType = $pagetype_values['page_module'];
00108 $moduleComponentId = $pagetype_values['page_modulecomponentid'];
00109 if($action=="settings") {
00110 require_once("pagesettings.lib.php");
00111 return pagesettings($pageId,$userId);
00112 }
00113 if($action=="widgets")
00114 {
00115 return handleWidgetPageSettings($pageId);
00116 }
00117 if($recursed==0) {
00118 $pagetypeupdate_query = "UPDATE ".MYSQL_DATABASE_PREFIX."pages SET page_lastaccesstime=NOW() WHERE page_id=".escape($pageId);
00119 $pagetypeupdate_result = mysql_query($pagetypeupdate_query);
00120 if(!$pagetypeupdate_result)
00121 return '<div class="cms-error">Error No. 563 - An error has occured. Contact the site administators.</div>';
00122 }
00123 if($moduleType=="link")
00124 return getContent($moduleComponentId,$action,$userId,true,1);
00125 if($action=="grant") {
00126 return grantPermissions($userId, $pageId);
00127 }
00128 if($moduleType=="menu")
00129 return getContent(getParentPage($pageId),$action,$userId,true,1);
00130 if($moduleType=="external") {
00131 $query = "SELECT `page_extlink` FROM `".MYSQL_DATABASE_PREFIX."external` WHERE `page_modulecomponentid` =
00132 (SELECT `page_modulecomponentid` FROM `".MYSQL_DATABASE_PREFIX."pages` WHERE `page_id`= ".escape($pageId).")";
00133 $result = mysql_query($query);
00134 $values = mysql_fetch_array($result);
00135 $link=$values[0];
00136 header("Location: $link");
00137 }
00138 global $sourceFolder;
00139 global $moduleFolder;
00140 require_once($sourceFolder."/".$moduleFolder."/".$moduleType.".lib.php");
00141 $page = new $moduleType();
00142 if(!($page instanceof module)){
00143 displayerror("The module \"$moduleType\" does not implement the inteface module</div>");
00144 return "";
00145 }
00146
00147 $createperms_query = " SELECT * FROM ".MYSQL_DATABASE_PREFIX."permissionlist where perm_action = 'create' AND page_module = '".$moduleType."'";
00148 $createperms_result = mysql_query($createperms_query);
00149 if(mysql_num_rows($createperms_result)<1) {
00150 displayerror("The action \"create\" does not exist in the module \"$moduleType\"</div>");
00151 return "";
00152 }
00153
00154 $availableperms_query = "SELECT * FROM ".MYSQL_DATABASE_PREFIX."permissionlist where perm_action != 'create' AND page_module = '".$moduleType."'";
00155 $availableperms_result = mysql_query($availableperms_query);
00156 $permlist = array();
00157 while ($value=mysql_fetch_assoc($availableperms_result)) {
00158 array_push($permlist,$value['perm_action']);
00159 }
00160 array_push($permlist,"view");
00161 $class_methods = get_class_methods($moduleType);
00162 foreach($permlist as $perm) {
00163 if(!in_array("action".ucfirst($perm),$class_methods))
00164 {
00165 displayerror("The action \"$perm\" does not exist in the module \"$moduleType\"</div>");
00166 return "";
00167 }
00168 }
00169
00170 if($action=="pdf")
00171 {
00172
00173 if(isset($_GET['depth']))
00174 $depth=$_GET['depth'];
00175 else $depth=0;
00176
00177 if(!is_numeric($depth))
00178 {
00179 $depth=0;
00180 }
00181
00182 global $TITLE;
00183 global $sourceFolder;
00184 require_once("$sourceFolder/modules/pdf/html2fpdf.php");
00185 $pdf=new HTML2FPDF();
00186 $pdf->setModuleComponentId($moduleComponentId);
00187 $pdf->AddPage();
00188 $pdf->WriteHTML($page->getHtml($userId,$moduleComponentId,"view"));
00189
00190 $cp=array();
00191 $j=0;
00192
00193 if($depth == -1)
00194 {
00195 $cp=child($pageId,$userId,$depth);
00196
00197 if($cp[0][0])
00198 {
00199 for($i=0 ; $cp[$i][0] != NULL ; $i++)
00200 {
00201 require_once($sourceFolder."/".$moduleFolder."/".$cp[$i][2].".lib.php");
00202 $page1 = new $cp[$i][2]();
00203 $modCompId = $cp[$i][5];
00204 $pdf->setModuleComponentId($modCompId);
00205 $pdf->AddPage();
00206 $pdf->WriteHTML($page1->getHtml($userId,$modCompId,"view"));
00207 }
00208 }
00209 }
00210
00211 else if ($depth>0)
00212 {
00213 $cp=child($pageId,$userId,$depth);
00214 --$depth;
00215 while($depth>0)
00216 {
00217 $count = count($cp);
00218 for($j; $j<$count; $j++)
00219 {
00220 $cp=array_merge((array)$cp,(array)child($cp[$j][0],$userId,$depth));
00221 }
00222 --$depth;
00223 }
00224
00225 if($cp[0][0])
00226 {
00227 for($i=0 ; isset($cp[$i]) ; $i++)
00228 {
00229 require_once($sourceFolder."/".$moduleFolder."/".$cp[$i][2].".lib.php");
00230 $page1 = new $cp[$i][2]();
00231 $modCompId = $cp[$i][5];
00232 $pdf->setModuleComponentId($modCompId);
00233 $pdf->AddPage();
00234 $pdf->WriteHTML($page1->getHtml($userId,$modCompId,"view"));
00235 }
00236 }
00237
00238 }
00239 $filePath = $sourceFolder . "/uploads/temp/" . $TITLE . ".pdf";
00240 while(file_exists($filePath))
00241 $filePath = $sourceFolder . "/uploads/temp/" . $TITLE."-".rand() . ".pdf";
00242 $pdf->Output($filePath);
00243 header("Pragma: public");
00244 header("Expires: 0");
00245 header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
00246 header("Cache-Control: private",false);
00247 header("Content-Type: application/pdf");
00248 header("Content-Disposition: attachment; filename=\"".basename($filePath)."\";" );
00249 header("Content-Transfer-Encoding: binary");
00250 header("Content-Length: ".filesize($filePath));
00251 @readfile("$filePath");
00252 unlink($filePath);
00253 }
00254
00255 return $page->getHtml($userId, $moduleComponentId, $action);
00256 }
00257
00261 function getTitle($pageId,$action, &$heading) {
00262 if($action=="login" || $action == "logout") {
00263 $heading = ucfirst($action);
00264 return true;
00265 }
00266
00267 $pagetitle_query = "SELECT `page_title`, `page_module`, `page_modulecomponentid`, `page_displaypageheading` FROM `".MYSQL_DATABASE_PREFIX."pages` WHERE `page_id`=".$pageId;
00268 $pagetitle_result = mysql_query($pagetitle_query);
00269 if (!$pagetitle_result)
00270 return false;
00271 $pagetitle_values = mysql_fetch_assoc($pagetitle_result);
00272
00273 if ($pagetitle_values['page_displaypageheading'] == 0)
00274 return false;
00275
00276
00277 if ($action=="grant") $heading = $pagetitle_values['page_title']." - Grant Permissions";
00278 if ($action=="settings") $heading = $pagetitle_values['page_title']." - Page Settings";
00279 else $heading = $pagetitle_values['page_title'];
00280 return true;
00281 }
00282
00283 function child($pageId, $userId,$depth) {
00284 $pageId=escape($pageId);
00285 if($depth < 0)
00286 {
00287 $childrenQuery = 'SELECT `page_id`, `page_name`, `page_title`, `page_module`, `page_modulecomponentid`, `page_displayinmenu`, `page_image` , `page_displayicon` FROM `' . MYSQL_DATABASE_PREFIX . 'pages` WHERE `page_id` != ' . $pageId . ' AND `page_displayinmenu` = 1 ORDER BY `page_menurank`';
00288
00289 }
00290 else
00291 {
00292 $childrenQuery = 'SELECT `page_id`, `page_name`, `page_title`, `page_module`, `page_modulecomponentid`, `page_displayinmenu`, `page_image` , `page_displayicon` FROM `' . MYSQL_DATABASE_PREFIX . 'pages` WHERE `page_parentid` = ' . $pageId . ' AND `page_id` != ' . $pageId . ' AND `page_displayinmenu` = 1 ORDER BY `page_menurank`';
00293 }
00294
00295
00296 $childrenResult = mysql_query($childrenQuery);
00297 $children = array();
00298 while ($childrenRow = mysql_fetch_assoc($childrenResult))
00299 if ($childrenRow['page_displayinmenu'] == true && getPermissions($userId, $childrenRow['page_id'], 'view', $childrenRow['page_module']) == true)
00300 $children[] = array($childrenRow['page_id'], $childrenRow['page_name'], $childrenRow['page_module'], $childrenRow['page_image'],$childrenRow['page_displayicon'],$childrenRow['page_modulecomponentid']);
00301
00302
00303 return $children;
00304 }
00305
00310 interface module {
00311 public function getHtml($userId, $moduleComponentId, $action);
00312 public function deleteModule($moduleComponentId);
00313 public function copyModule($moduleComponentId);
00314 public function createModule(&$moduleComponentId);
00315 }
00316
00317 interface fileuploadable {
00321 public static function getFileAccessPermission($pageId,$moduleComponentId,$userId,$fileName);
00322 }
00323