00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 {
00004 header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005 echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006 echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007 exit(1);
00008 }
00017 function processUploaded($type) {
00018 global $sourceFolder;
00019 if(!file_exists($sourceFolder . "/uploads/{$type}/"))
00020 mkdir($sourceFolder . "/uploads/{$type}/");
00021 $zipFile = $sourceFolder ."/uploads/{$type}/".$_FILES['file']['name'];
00022 $ext = extension($zipFile);
00023 while(file_exists($zipFile))
00024 $zipFile = $sourceFolder . "/uploads/{$type}/" . rand() . $ext;
00025 move_uploaded_file($_FILES['file']['tmp_name'],$zipFile);
00026
00027 $len = strlen($zipFile);
00028 $moduleName = name($zipFile,".");
00029 if(substr($zipFile,$len-4,4)==".zip") {
00030 $zip = new ZipArchive();
00031 if ($zip->open($zipFile) === TRUE) {
00032 $extractedPath = $sourceFolder . "/uploads/{$type}/" . $moduleName . "/";
00033 while(file_exists($extractedPath))
00034 $extractedPath = $sourceFolder . "/uploads/{$type}/". rand() . "/";
00035 $zip->extractTo($extractedPath);
00036 $zip->close();
00037 } else {
00038 displayerror("Error while opening archive");
00039 unlink($zipFile);
00040 return -1;
00041 }
00042 } else {
00043 displayinfo("Please upload a ZIP file");
00044 unlink($zipFile);
00045 return -1;
00046 }
00047 $function = "actual{$type}Path";
00048 $moduleActualPath = $function($extractedPath);
00049
00050 if($moduleActualPath != NULL) {
00051 $function = "get{$type}Name";
00052 $moduleName = $function($moduleActualPath);
00053 if($type=="Module") {
00054 $colName = "module_name";
00055 $tableName = "modules";
00056 } else if($type=="Widget") {
00057 $colName = "widget_foldername";
00058 $tableName = "widgetsinfo";
00059 } else if($type=="Template") {
00060 $colName = "template_name";
00061 $tableName = "templates";
00062 }
00063 if(mysql_fetch_array(mysql_query("SELECT `{$colName}` FROM `".MYSQL_DATABASE_PREFIX."{$tableName}` WHERE `{$colName}` = '{$moduleName}'"))) {
00064 displayerror("A {$type} with name '{$moduleName}' already exist, Installation aborted");
00065 delDir($extractedPath);
00066 unlink($zipFile);
00067 return -1;
00068 }
00069 mysql_query("INSERT INTO `" . MYSQL_DATABASE_PREFIX . "tempuploads`(`filePath`,`info`) VALUES('{$zipFile}','{$extractedPath};{$moduleActualPath};{$moduleName}')");
00070 $result = mysql_fetch_assoc(mysql_query("SELECT `id` FROM `" . MYSQL_DATABASE_PREFIX . "tempuploads` WHERE `filePath` = '{$zipFile}'"));
00071 return $result['id'];
00072 }
00073
00074 displayerror("{$type} file not found");
00075 delDir($extractedPath);
00076 unlink($zipFile);
00077
00078 return -1;
00079 }
00080
00081 function finalizeInstallation($uploadId,$type) {
00082 global $sourceFolder, $widgetFolder, $templateFolder;
00083 $result = mysql_fetch_assoc(mysql_query("SELECT * FROM `" . MYSQL_DATABASE_PREFIX. "tempuploads` WHERE `id` = '{$uploadId}'"));
00084 if($result != NULL) {
00085 $zipFile = $result['filePath'];
00086 $temp = explode(";",$result['info']);
00087 $extractedPath = $temp[0];
00088 $moduleActualPath = $temp[1];
00089 $moduleName = $temp[2];
00090 }
00091
00092
00093 $issues = "";
00094 $function = "checkFor{$type}Issues";
00095 $ret = $function($moduleActualPath,$moduleName,$issues);
00096 if($ret[0] == 1)
00097 {
00098 displayerror("Your {$type} is still not compatible with Pragyan CMS. Please fix the reported issues during installation.");
00099 delDir($extractedPath);
00100 unlink($zipFile);
00101 mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "tempuploads` WHERE `id` = '{$uploadId}'") or displayerror(mysql_error());
00102 return "";
00103 }
00104
00105 if($type=="Module") {
00106 $colName = "module_name";
00107 $tableName = "modules";
00108 } else if($type=="Widget") {
00109 $colName = "widget_foldername";
00110 $tableName = "widgetsinfo";
00111 } else if($type=="Template") {
00112 $colName = "template_name";
00113 $tableName = "templates";
00114 }
00115
00116 if(mysql_fetch_array(mysql_query("SELECT `{$colName}` FROM `" . MYSQL_DATABASE_PREFIX . "{$tableName}` WHERE `{$colName}` = '{$moduleName}'")))
00117 {
00118 displayerror("{$type} Installation failed : {$type} already exist");
00119 delDir($extractedPath);
00120 unlink($zipFile);
00121 mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "tempuploads` WHERE `id` = '{$uploadId}'") or displayerror(mysql_error());
00122 return "";
00123 }
00124
00125 if($type=="Module")
00126 installModuleFiles($moduleActualPath, $sourceFolder . "/modules/", $moduleName);
00127 else if($type=="Widget") {
00128 $destination = "$sourceFolder/$widgetFolder/$moduleName/";
00129 if(!file_exists($destination))
00130 mkdir($destination);
00131 rename($moduleActualPath,$destination);
00132 } else if($type=="Template") {
00133 $destination = "$sourceFolder/$templateFolder/$moduleName/";
00134 if(!file_exists($destination))
00135 mkdir($destination);
00136 rename($moduleActualPath,$destination);
00137 }
00138
00139 $notice = "";
00140 if($type=="Module") {
00141 $handle = @fopen($moduleActualPath."/moduleQueries.sql", "r");
00142 $query = "";
00143 if ($handle) {
00144 while (!feof($handle)) {
00145 $buffer = fgets($handle, 4096);
00146 if (strpos($buffer,"--")!==0)
00147 $query.=$buffer;
00148 }
00149 fclose($handle);
00150 }
00151 $query = str_replace("pragyanV3_",MYSQL_DATABASE_PREFIX,$query);
00152 $singlequeries = explode(";\n",$query);
00153 foreach ($singlequeries as $singlequery) {
00154 if (trim($singlequery)!="") {
00155 $result1 = mysql_query($singlequery);
00156 if (!$result1) {
00157 displayerror("<h3>Error:</h3><pre>".$singlequery."</pre>\n<br/>Unable to execute query. " . mysql_error());
00158 }
00159 }
00160 }
00161 mysql_query("INSERT INTO `" . MYSQL_DATABASE_PREFIX . "modules`(`module_name`,`module_tables`) VALUES('{$moduleName}','" . escape(file_get_contents($moduleActualPath . "moduleTables.txt")) . "')") or displayerror(mysql_error());
00162 $notice = "";
00163 if(file_exists($moduleActualPath . "moduleNotice.txt"))
00164 $notice = ", New module says:<br>" . file_get_contents($moduleActualPath . "moduleNotice.txt");
00165 } else if($type=="Widget") {
00166 $content = explode("|",file_get_contents($moduleActualPath . "../WidgetInfo.pgyn"));
00167 $widgetName = '';
00168 $widgetClassName = '';
00169 $widgetDescription = '';
00170 $widgetVersion = '';
00171 $widgetAuthor = '';
00172 $widgetFolder = $moduleName;
00173 if(count($content)==5) {
00174 $widgetName = escape($content[0]);
00175 $widgetClassName = escape($content[1]);
00176 $widgetDescription = escape($content[2]);
00177 $widgetVersion = escape($content[3]);
00178 $widgetAuthor = escape($content[4]);
00179 } else
00180 displaywarning("Widget information could not be read properly");
00181 mysql_query("INSERT INTO `" . MYSQL_DATABASE_PREFIX . "widgetsinfo`(`widget_name`,`widget_classname`,`widget_description`,`widget_version`,`widget_author`,`widget_foldername`) VALUES ('{$widgetName}','{$widgetClassName}','{$widgetDescription}','{$widgetVersion}','{$widgetAuthor}','{$widgetFolder}')");
00182 if(!mysql_affected_rows()) {
00183 displayerror("Installation error, try again later");
00184 delDir($sourceFolder . "/widgets/" . $moduleName);
00185 }
00186 } else if($type=="Template") {
00187 mysql_query("INSERT INTO `" . MYSQL_DATABASE_PREFIX . "templates`(`template_name`) VALUES('{$moduleName}')");
00188 if(!mysql_affected_rows())
00189 displayerrro("Problem including uploaded template to database, try <a href='./+admin&subaction=reloadtemplates'>reload templates</a>");
00190 }
00191 delDir($extractedPath);
00192 unlink($zipFile);
00193 mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "tempuploads` WHERE `id` = '{$uploadId}'") or displayerror(mysql_error());
00194 displayinfo("{$type} installation complete" . $notice);
00195 return "";
00196 }
00197
00198 function handleModuleManagement() {
00199 global $sourceFolder;
00200 if(isset($_POST['btn_install'])) {
00201 $uploadId = processUploaded("Module");
00202 if($uploadId != -1)
00203 return installModule($uploadId,"Module");
00204 } else if(isset($_POST['btn_uninstall'])) {
00205 if(!isset($_POST['Module']) || $_POST['Module']=="") return "";
00206
00207 if($_POST['Module']=='article') {
00208 displayerror("Article module can't be deleted for the home page itself is a article");
00209 return "";
00210 }
00211 $toDelete = escape($_POST['Module']);
00212 $query = "SELECT `page_id` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_module` = '{$toDelete}' LIMIT 10";
00213 $result = mysql_query($query) or displayerror(mysql_error());
00214 if(mysql_num_rows($result)==0||isset($_POST['confirm']))
00215 if(deleteModule($toDelete)) {
00216 displayinfo("Module ".safe_html($_POST['Module'])." uninstalled!");
00217 return "";
00218 } else {
00219 displayerror("Module uninstallation failed!");
00220 return "";
00221 }
00222 if(isset($_POST['confirm'])) {
00223 $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_module` = '" . $toDelete . "'";
00224 mysql_query($query) or displayerror(mysql_error());
00225 }
00226
00227 $pageList = "";
00228 while($row = mysql_fetch_assoc($result))
00229 $pageList .= "/home" . getPagePath($row['page_id']) . "<br>";
00230
00231 $modulename = safe_html($_POST['Module']);
00232 $ret=<<<RET
00233 <fieldset>
00234 <legend>{$ICONS['Modules Management']['small']}Module Management</legend>
00235 Some of the page of type {$modulename} are:<br>
00236 {$pageList}
00237 <div class='cms-error'>These pages will be removed and cant be recovered, If you proceed deleting the module.</div>
00238 <form method=POST action='./+admin&subaction=module&subsubaction=uninstall'>
00239 <input type=hidden value='{$modulename}' name='Module' />
00240 <input type=submit value='Delete module' name='btn_uninstall' />
00241 <input type=hidden value='confirm' name='confirm' />
00242 </form>
00243 </fieldset>
00244 RET;
00245 return $ret;
00246 } else if(isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'finalize') {
00247 return finalizeInstallation(escape($_POST['id']),"Module");
00248 }
00249 else if(isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'cancel')
00250 {
00251 $uploadId = escape($_POST['id']);
00252 $result = mysql_fetch_assoc(mysql_query("SELECT * FROM `" . MYSQL_DATABASE_PREFIX. "tempuploads` WHERE `id` = '{$uploadId}'"));
00253 if($result != NULL) {
00254 $zipFile = $result['filePath'];
00255 $temp = explode(";",$result['info']);
00256 $extractedPath = $temp[0];
00257 $moduleActualPath = $temp[1];
00258 $moduleName = $temp[2];
00259 }
00260 delDir($extractedPath);
00261 unlink($zipFile);
00262 mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "tempuploads` WHERE `id` = '{$uploadId}'") or displayerror(mysql_error());
00263 return "";
00264 }
00265 }
00266
00267 function deleteModule($module) {
00268 $result = mysql_query("SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "modules` WHERE `module_name` = '" . $module . "'") or displayerror(mysql_error());
00269 global $sourceFolder;
00270 if($row = mysql_fetch_array($result)) {
00271 $tables = preg_split("/[\s,;]+/",$row['module_tables']);
00272 $i = 1;
00273 foreach($tables as $table)
00274 if($table != "")
00275 mysql_query("DROP TABLE `{$table}`") or displayerror(mysql_error());
00276 mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "modules` WHERE `module_name` = '" . $module . "'") or displayerror(mysql_error());
00277 $result = mysql_query("SELECT `perm_id` FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist` WHERE `page_module` = '{$module}'") or displayerror(mysql_error());
00278 $perms = "";
00279 while($row = mysql_fetch_assoc($result))
00280 $perms .= $row['perm_id'] . ",";
00281 $perms = rtrim($perms, ",");
00282 mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_id` IN ({$perms})") or displayerror(mysql_error());
00283 mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist` WHERE `page_module` = '" . $module . "'") or displayerror(mysql_error());
00284 $moduleDir = $sourceFolder . "/modules/" . $module . "/";
00285 if(file_exists($moduleDir))
00286 delDir($moduleDir);
00287 $moduleFile = $sourceFolder . "/modules/" . $module . ".lib.php";
00288 if(file_exists($moduleFile))
00289 unlink($moduleFile);
00290 return true;
00291 }
00292 return false;
00293 }
00294
00295 function installModuleFiles($from, $to, $module) {
00296 if(file_exists($from . "/" . $module . ".lib.php"))
00297 rename($from . "/" . $module . ".lib.php", $to . "/" . $module . ".lib.php");
00298 if(is_dir($from . "/" . $module . "/"))
00299 rename($from . "/" . $module . "/", $to . "/" . $module . "/");
00300 return true;
00301 }
00302
00303 function installModule($uploadId,$type) {
00304 global $sourceFolder;
00305 $result = mysql_fetch_assoc(mysql_query("SELECT * FROM `" . MYSQL_DATABASE_PREFIX. "tempuploads` WHERE `id` = '{$uploadId}'"));
00306 if($result != NULL) {
00307 $zipFile = $result['filePath'];
00308 $temp = explode(";",$result['info']);
00309 $extractedPath = $temp[0];
00310 $moduleActualPath = $temp[1];
00311 $moduleName = $temp[2];
00312 }
00313
00314 $function = "checkFor{$type}Issues";
00315 $issueType = $function($moduleActualPath,$moduleName,$issues);
00316 if($issues == "")
00317 return finalizeInstallation($uploadId,$type);
00318 $issues ="
00319 <table name='issues_table'>
00320 <tr><th>S.No.</th><th>Issue Details</th><th>Issue Type</th><th>Ignore ?</th></tr>
00321 $issues
00322 </table>
00323 Installation cannot proceed for the above mentioned issues, fix them and try again.";
00324 delDir($extractedPath);
00325 unlink($zipFile);
00326 mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "tempuploads` WHERE `id` = '{$uploadId}'") or displayerror(mysql_error());
00327 return $issues;
00328 }
00329
00330 function checkForModuleIssues($modulePath,$moduleName,&$issues) {
00331 $id = 1;
00332 $i = 0;
00333 $j = 0;
00334 if(!file_exists($modulePath . "moduleTables.txt")) {
00335 addFatalIssue($issues,"Module Info file is missing",$id++);
00336 $i = 1;
00337 }
00338 if(!file_exists($modulePath . $moduleName . ".lib.php")) {
00339 addFatalIssue($issues,"The module file is corrupt, Please download a fresh copy of the module",$id++);
00340 $i = 1;
00341 } else {
00342 $content = file_get_contents($modulePath . $moduleName . ".lib.php");
00343 $reqd = array("class ".$moduleName." implements module","public function getHtml","public function createModule","public function deleteModule","public function copyModule");
00344 foreach($reqd as $var)
00345 switch(mycount($content,$var)) {
00346 case 0:
00347 addFatalIssue($issues,"$var is missing",$id);
00348 $i = 1;
00349 $id++;
00350 break;
00351 case 1:
00352 break;
00353 default:
00354 addFatalIssue($issues,"$var is more than once",$id);
00355 $i = 1;
00356 $id++;
00357 }
00358 }
00359 if(!file_exists($modulePath . $moduleName . ".sql")) {
00360 addIssue($issue,"No sql file found",$id++);
00361 $j = 1;
00362 }
00363
00364 return array($i,$j);
00365 }
00366
00367 function actualModulePath($modulePath) {
00368 $moduleActualPath = $modulePath;
00369 $dirHandle = opendir($modulePath);
00370 while($file = readdir($dirHandle)) {
00371 if(substr($file,-8) == ".lib.php")
00372 return $modulePath;
00373 elseif(is_dir($modulePath . $file) && $file != '.' && $file != '..') {
00374 $return = actualModulePath($modulePath . $file . "/");
00375 if($return != NULL)
00376 return $return;
00377 }
00378 }
00379 return NULL;
00380 }
00381
00382 function getModuleName($moduleActualPath) {
00383 $dirHandle = opendir($moduleActualPath);
00384 while($file = readdir($dirHandle)) {
00385 if(substr($file,-8) == ".lib.php")
00386 return substr($file,0,-8);
00387 }
00388 return NULL;
00389 }
00390
00391 ?>