• Main Page
  • Related Pages
  • Namespaces
  • Data Structures
  • Files
  • Examples
  • File List
  • Globals

cms/template.lib.php

Go to the documentation of this file.
00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 { 
00004         header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005         echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006         echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007         exit(1);
00008 }
00016 function getPageTemplate($pageId)
00017 {
00018         
00019         $query="SELECT `value` FROM `".MYSQL_DATABASE_PREFIX."global` WHERE `attribute`='allow_pagespecific_template'";
00020         $result=mysql_query($query);
00021         $row=mysql_fetch_row($result);
00022         if($row[0]==0)
00023                 return DEF_TEMPLATE;
00024 
00025         $query="SELECT `page_template` FROM `".MYSQL_DATABASE_PREFIX."pages` WHERE `page_id`=$pageId";
00026         $result=mysql_query($query);
00027         $row=mysql_fetch_row($result);
00028         if($row[0]=="")
00029                 return DEF_TEMPLATE;
00030         return $row[0];
00031 }
00032 
00033 function templateReplace(&$TITLE,&$MENUBAR,&$ACTIONBARMODULE,&$ACTIONBARPAGE,&$BREADCRUMB,&$INHERITEDINFO,&$CONTENT,&$FOOTER,&$DEBUGINFO,&$ERRORSTRING,&$WARNINGSTRING,&$INFOSTRING,&$STARTSCRIPTS,&$LOGINFORM) {
00034         global $cmsFolder;
00035         global $sourceFolder;
00036         global $templateFolder;
00037         global $moduleFolder;
00038         global $urlRequestRoot;
00039         global $TEMPLATEBROWSERPATH;
00040         global $TEMPLATECODEPATH;
00041         global $SITEDESCRIPTION;
00042         global $SITEKEYWORDS;
00043         global $STARTSCRIPTS;
00044         global $LOGINFORM;
00045         global $WIDGETS;
00046 
00047         $TEMPLATEBROWSERPATH = "$urlRequestRoot/$cmsFolder/$templateFolder/".TEMPLATE;
00048         $TEMPLATECODEPATH = "$sourceFolder/$templateFolder/".TEMPLATE;
00049         include ($TEMPLATECODEPATH."/index.php");
00050 }
00051 
00052 function actualTemplatePath($templatePath) {
00053         $templateActualPath = $templatePath;
00054         $dirHandle = opendir($templatePath);
00055         $files = '';
00056         while($file = readdir($dirHandle)) {
00057                 if($file == "index.php")
00058                         return $templatePath;
00059                 elseif(is_dir($templatePath . $file) && $file != '.' && $file != '..') {
00060                         $return = actualTemplatePath($templatePath . $file . "/");
00061                         if($return != NULL)
00062                                 return $return;
00063                 }
00064         }
00065         return NULL;
00066 }
00067 
00068 function getTemplateName($actualPath) {
00069         return getWidgetName($actualPath);
00070 }
00071 
00072 function installTemplate($str) {
00073         global $sourceFolder;
00074         $len = strlen($str);
00075         $templateName = name($str,".");
00076         if(substr($str,$len-4,4)==".zip") {
00077                 $zip = new ZipArchive();
00078                 if ($zip->open($str) === TRUE) {
00079                         $templatePath = $sourceFolder . "/uploads/templates/" . $templateName . "/";
00080                         while(file_exists($templatePath))
00081                                 $templatePath = $sourceFolder . "/uploads/templates/". rand() . "/";
00082                         $zip->extractTo($templatePath);
00083                         $zip->close();
00084                 } else
00085                         return array("1", $str);
00086         } else
00087                 return array("2", $str);
00088         
00089         $templateArray = "";
00090         $templates=getAvailableTemplates();
00091         foreach($templates as $template)
00092                 $templateArray .= "'".$template."', ";
00093                 
00094         $templateArray = rtrim($templateArray,", ");
00095         
00096         $templateActualPath = actualPath($templatePath);
00097 
00098         if($templateActualPath == NULL)
00099                 return array("0", $str, $templatePath);
00100         
00101         $call = "";
00102         $issueExcess = "";
00103         $ignoreall = "";
00104         $issues = "";
00105         $issuetypes = reportIssues($templateActualPath,$issues);
00106         if($issues!="")
00107         {
00108          $issues ="
00109          <table name='issues_table'>
00110          <tr><th>S.No.</th><th>Issue Details</th><th>Issue Type</th><th>Ignore ?</th></tr>
00111          $issues
00112          </table>
00113          ";
00114         }
00115         
00116         if($issuetypes[0] == 1)
00117         {
00118          //$issuetypes[0] is fatal and [1] is ignorable
00119                 displayerror("Some fatal issues were found with the template. Please click on Cancel Installation button and fix the issues");
00120                 $call = "2";
00121         }
00122         if($issuetypes[0] == 0 && $issuetypes[1] == 1) {
00123                 displaywarning("Some issues were found with the template. You may chose to ignore them.");
00124                 $ignoreall = "<input type=button value='Ignore All' onClick='igall();'>";
00125                 $issueExcess = <<<EXTRA
00126 <script type="text/javascript">
00127 
00128 function igall() {
00129         var id = 0;
00130         while(document.getElementById('issue_' + id))
00131                 ignore(id++);
00132 }
00133 </script>
00134 EXTRA;
00135         }
00136         global $ICONS;
00137         $RET = <<<RET
00138 <script type="text/javascript">
00139 function ignore(id) {
00140         if(document.getElementById('button_' + id)) {
00141                 document.getElementById('issue_' + id).className = 'ignored';
00142                 document.getElementById('button_' + id).value = 'Ignored !';
00143                 document.getElementById('button_' + id).disabled = 'disabled';
00144         }
00145 }
00146 function validate() {
00147         var id = 0;
00148         while(document.getElementById('issue_' + id)) {
00149                 if(document.getElementById('issue_' + id).className == 'issue') {
00150                         alert("There are one or more issue(s) unresolved. Fix them and Submit.");
00151                         return false;
00152                 }
00153                 id++;
00154         }
00155         var templates = new Array('common',{$templateArray});
00156         for(template in templates)
00157                 if(document.getElementById('templatename').value == templates[template]) {
00158                         alert("Template with that name already exist in server. Choose some other name.");
00159                         return false;
00160                 }
00161         return true;
00162 }
00163 function validate2() {
00164         alert("You have one or more required variable missing. So you can not submit the template. Hit cancel.");
00165         return false;
00166 }
00167 </script>
00168 
00169 <fieldset>
00170 <legend>{$ICONS['Templates Management']['small']}Finalize Template</legend>
00171 {$issues}
00172 {$ignoreall}
00173 {$issueExcess}
00174 <form method=POST action='./+admin&subaction=template&subsubaction=finalize' onSubmit='return validate{$call}()'>
00175 Template Name: <input type=text id='templatename' name='template' value='{$templateName}'><input type=submit value="Install Template"><br/><br/>
00176 The following template names are already used :<b> 'common', {$templateArray}</b><br/>
00177 <input type=hidden name='path' value='{$templateActualPath}'>
00178 <input type=hidden name='del' value='{$templatePath}'>
00179 <input type=hidden name='file' value='{$str}'>
00180 
00181 </form>
00182 <form method=POST action='./+admin&subaction=template&subsubaction=cancel' onSubmit='myconfirm()'>
00183 <input type=hidden name='path' value='{$templatePath}'>
00184 <input type=hidden name='file' value='{$str}'>
00185 <input type=submit value="Cancel Installation">
00186 </form>
00187 </fieldset>
00188 RET;
00189 
00190         return $RET;
00191 }
00192 
00193 /*
00194 this is a custom function which i needed might not be of much significance
00195 it returns the substring starting right next from the last '/' and ends just before the end character(2nd parameter) specified
00196 */
00197 function name($path,$end) {
00198         $len = strlen($path);
00199         $start = strrpos($path,"/");
00200         $end = strpos($path,$end,$start);
00201         return substr($path,$start+1,$end-$start-1);
00202 }
00203 
00204 /*
00205 checkTemplate(templatePath) is used to check for compatibility with the pragyan cms
00206 you can redistribute the values in reqd and nreqd as per your requirement
00207 if a variables in nreqd is missing in the template, it'll be notified during installation, but can be ignored
00208 whereas variables in reqd cant be ignored.
00209 This function returns
00210         0: if it doesn't find index.php in the passed path
00211         1: if it finds index.php in the specified path and it contains all variables specified in reqd and nreqd arrays.
00212         2 and above: if it finds index.php in the specified path and it miss n-1 variables in reqd and nreqd arrays.
00213 */
00214 function addissue(&$issues,$str,$id)
00215 {
00216         $issues.="<tr><td>$id</td><td>$str</td><td>Warning</td><td><input type=hidden id='issue_{$id}' class=issue><input type=button id='button_{$id}' value=Ignore onclick='ignore($id)'></td></tr>";
00217 }
00218 function addfatalissue(&$issues,$str,$id)
00219 {
00220         $issues.="<tr><td>$id</td><td>$str</td><td><b>FATAL</b></td><td><input type=hidden id='issue_{$id}' class=issue>Can't Ignore !</td></tr>";
00221 }
00222 
00223 
00224 function checkForTemplateIssues($templatePath,$templateName,&$issues) {
00225         $content = file_get_contents($templatePath . "index.php");
00226         $reqd = array("\$CONTENT","\$ACTIONBARMODULE","\$ACTIONBARPAGE","\$SITEDESCRIPTION","\$SITEKEYWORDS","\$FOOTER","\$ERRORSTRING","\$WARNINGSTRING","\$INFOSTRING");
00227 //      $nreqd = array("\$STARTSCRIPTS","\$TITLE","\$BREADCRUMB","\$DEBUGINFO","\$MENUBAR","\$INHERITEDINFO",);
00228         $nreqd = array("\$STARTSCRIPTS","\$TITLE","\$BREADCRUMB","\$MENUBAR");
00229         $id = 0;
00230         $i = 0;
00231         $j = 0;
00232         foreach($reqd as $var)
00233                 switch(mycount($content,$var)) {
00234                         case 0:
00235                                 addfatalissue($issues,"$var is missing",$id);
00236                                 $i = 1;
00237                                 $id++;
00238                                 break;
00239                         case 1:
00240                                 break;
00241                         default:
00242                                 addissue($issues,"$var is more than once",$id);
00243                                 $j = 1;
00244                                 $id++;
00245                 }
00246         foreach($nreqd as $var)
00247                 switch(mycount($content,$var)) {
00248                         case 0:
00249                                 addissue($issues,"$var is missing",$id);
00250                                 $j = 1;
00251                                 $id++;
00252                                 break;
00253                         case 1:
00254                                 break;
00255                         default:
00256                                 addissue($issues,"$var is more than once",$id);
00257                                 $j = 1;
00258                                 $id++;
00259                 }
00260         return array($i,$j);            //returns 1 more than number of issues. see id getting incremented for every issue.
00261 }
00262 
00263 function mycount($content,$find) {
00264         $start = strpos($content,$find);
00265         if($start)
00266                 if(strpos($content,$find,$start+1))
00267                         return 2;       //to indicate the presence of 'find value' more than once
00268                 else
00269                         return 1;       //to indicate the presence of 'find value' once
00270         else
00271                 return 0;               //to indicate the 'find value' is not found
00272 }
00273 
00274 
00275 function handleTemplateManagement()
00276 {
00277 
00278 
00279         global $sourceFolder;
00280         if(isset($_POST['btn_install']))
00281         {
00282                 $uploadId = processUploaded("Template");
00283                 if($uploadId != -1)
00284                         return installModule($uploadId,"Template");
00285         }
00286         else if(isset($_POST['btn_uninstall']))         
00287         {
00288                 if(!isset($_POST['Template']) || $_POST['Template']=="") return "";
00289                 
00290                 $toDelete = escape($_POST['Template']);
00291                 $query="SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "templates` WHERE `template_name` = '" . $toDelete . "'";
00292                 
00293                 if($row = mysql_fetch_array(mysql_query($query)))
00294                 {
00295                         $query="DELETE FROM `" . MYSQL_DATABASE_PREFIX . "templates` WHERE `template_name` = '" . $toDelete . "'";
00296                         mysql_query($query);
00297                         $templateDir = $sourceFolder . "/templates/" . $toDelete . "/";
00298                         if(file_exists($templateDir))
00299                                 delDir($templateDir);
00300                         displayinfo("Template ".safe_html($_POST['Template'])." uninstalled!");
00301                         return "";
00302                 }
00303                 displayerror("Template uninstallation failed!");
00304                 return "";
00305         } 
00306         /*
00307         this finalize and cancel subsubactions are vulnerabilities, any one can vary $_POST['path'] and make cms to delete itself.
00308         so template installation is also merged with module and widget installation,
00309         but some extra features specific to template installation(ie ignoring missing template variables and changing template name)
00310         are missing in that installation, these will remain commented for reference till those features are implemented the other way
00311         else if(isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'finalize') 
00312         {               
00313         
00314                 $issues = "";
00315                 $ret = reportIssues(escape($_POST['path']),$issues);
00316                 if($ret[0] == 1) 
00317                 {
00318                         displayerror("Your template is still not compatible with Pragyan CMS. Please fix the reported issues during installation.");
00319                         delDir(escape($_POST['del']));
00320                         unlink(escape($_POST['file']));
00321                         return "";
00322                 }
00323                         
00324                 $templates=getAvailableTemplates();
00325                 $flag=false;
00326                 foreach ($templates as $template) 
00327                         if($template==$_POST['template'])
00328                         {
00329                                 $flag=true;
00330                                 break;
00331                         }
00332                 if($_POST['template']=="common" || $flag || file_exists($sourceFolder . "/templates/" . escape($_POST['template']) . "/")) 
00333                 {
00334                         displayerror("Template Installation failed : A folder by the template name already exists.");
00335                         $templatePath=safe_html($_POST['del']);
00336                         $str=safe_html($_POST['file']);
00337                         $ret=<<<RET
00338                         <form method=POST action='./+admin&subaction=canceltemplate'>
00339                         Please click the following button to start a fresh installation : 
00340                         <input type=hidden name='path' value='{$templatePath}'>
00341                         <input type=hidden name='file' value='{$str}'>
00342                         <input type=submit value="Fresh Installation">
00343                         </form>
00344 RET;
00345                         return $ret;
00346                         
00347                 }
00348                 rename(escape($_POST['path']), $sourceFolder . "/templates/" . escape($_POST['template']) . "/");
00349                 delDir(escape($_POST['del']));
00350                 unlink(escape($_POST['file']));
00351                 mysql_query("INSERT INTO `" . MYSQL_DATABASE_PREFIX . "templates` VALUES('" . escape($_POST['template']) . "')");
00352                 displayinfo("Template installation complete");
00353                 return "";
00354                 
00355         } 
00356         else if(isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'cancel') 
00357         {
00358                 delDir(escape($_POST['path']));
00359                 unlink(escape($_POST['file']));
00360                 return "";
00361         }*/
00362         
00363 }

Generated on Sun Jan 2 2011 04:55:32 for Pragyan CMS by  doxygen 1.7.1