00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 {
00004 header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005 echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006 echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007 exit(1);
00008 }
00036 class safedit implements module, fileuploadable {
00037 private $userId;
00038 private $moduleComponentId;
00039 private $action;
00040
00046 public function getHtml($gotuid, $gotmoduleComponentId, $gotaction) {
00047 $this->userId = $gotuid;
00048 $this->moduleComponentId = $gotmoduleComponentId;
00049 $this->action = $gotaction;
00050 if ($this->action == "edit")
00051 return $this->actionEdit();
00052 return $this->actionView();
00053 }
00054
00060 public function actionView() {
00061 $ret = "";
00062 $val = mysql_fetch_assoc(mysql_query("SELECT `page_title` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_module` = 'safedit' AND `page_modulecomponentid` = '{$this->moduleComponentId}'"));
00063 $ret .= "<h1>".$val['page_title']."</h1>";
00064 $result = mysql_query("SELECT `section_id`,`section_heading`,`section_type`,`section_content` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_show` = 1 ORDER BY `section_priority`");
00065 while($row = mysql_fetch_assoc($result)) {
00066 if($row['section_heading']!="")
00067 $ret .= "<h2>".$row['section_heading']."</h2>";
00068 $ret .= "<div class='safedit_section'>";
00069 $safeContent = safe_html($row['section_content']);
00070 $type = $row['section_type'];
00071 if($type=="ulist") {
00072 $ret .= "<ul class='safedit_ulist'>";
00073 $contents = explode("\n",$safeContent);
00074 foreach($contents as $line) {
00075 $line = trim($line);
00076 if($line!="")
00077 $ret .= "<li>".$this->processView($line)."</li>";
00078 }
00079 $ret .= "</ul>";
00080 } else if($type=="olist") {
00081 $ret .= "<ol class='safedit_olist'>";
00082 $contents = explode("\n",$safeContent);
00083 foreach($contents as $line) {
00084 $line = trim($line);
00085 if($line!="")
00086 $ret .= "<li>".$this->processView($line)."</li>";
00087 }
00088 $ret .= "<ol>";
00089 } else if($type=="para") {
00090 $ret .= "<p class='safedit_para'>";
00091 $contents = explode("\n",$safeContent);
00092 foreach($contents as $line) {
00093 $ret .= $this->processView($line)."<br />";
00094 }
00095 $ret .= "</p>";
00096 } else if($type=="picture") {
00097 $ret .= "<div align='center'><img src='{$safeContent}'></div>";
00098 }
00099 $ret .= "</div>";
00100 }
00101 return $ret;
00102 }
00103
00104
00110 public function actionEdit() {
00111 $ret =<<<RET
00112 <style type="text/css">
00113 textarea {
00114 font-size: 130%;
00115 background: white;
00116 }
00117 </style>
00118 RET;
00119 global $sourceFolder,$ICONS;
00120 require_once($sourceFolder."/upload.lib.php");
00121 submitFileUploadForm($this->moduleComponentId,"safedit",$this->userId,UPLOAD_SIZE_LIMIT);
00122 $end = "<fieldset id='uploadFile'><legend>{$ICONS['Uploaded Files']['small']}File Upload</legend>Upload files : <br />".getFileUploadForm($this->moduleComponentId,"safedit",'./+edit',UPLOAD_SIZE_LIMIT,5).getUploadedFilePreviewDeleteForm($this->moduleComponentId,"safedit",'./+edit').'</fieldset>';
00123 $val = mysql_fetch_assoc(mysql_query("SELECT `page_title` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_module` = 'safedit' AND `page_modulecomponentid` = '{$this->moduleComponentId}'"));
00124 $ret .= "<h1>Editing '".$val['page_title']."' page</h1>";
00125 if(isset($_GET['subaction'])) {
00126 if($_GET['subaction']=="addSection") {
00127 $show = isset($_POST['sectionShow']);
00128 $heading = escape($_POST['heading']);
00129 $result = mysql_query("SELECT MAX(`section_id`)+1 as `section_id` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}'") or die(mysql_error());
00130 $row = mysql_fetch_row($result);
00131 $sectionId = $row[0];
00132 $result = mysql_query("SELECT MAX(`section_priority`)+1 as `section_priority` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}'");
00133 $row = mysql_fetch_row($result);
00134 $priority = $row[0];
00135 $query = "INSERT INTO `safedit_sections`(`page_modulecomponentid`,`section_id`,`section_heading`,`section_type`,`section_show`,`section_priority`) VALUES ('{$this->moduleComponentId}','{$sectionId}','{$heading}','" . escape($_POST['type']) . "','{$show}','{$priority}')";
00136 mysql_query($query) or die($query . "<br>" . mysql_error());
00137 if(mysql_affected_rows()>0)
00138 displayinfo("Section: {$heading}, created");
00139 else
00140 displayerror("Couldn't create section");
00141 } else if($_GET['subaction']=='deleteSection') {
00142 $sectionId = escape($_GET['sectionId']);
00143 $query = "DELETE FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sectionId}'";
00144 mysql_query($query) or die($query . "<br>" . mysql_error());
00145 if(mysql_affected_rows()>0)
00146 displayinfo("Section deleted succesfully");
00147 else
00148 displayerror("Couldn't delete section");
00149 } else if($_GET['subaction']=='saveSection') {
00150 $sectionId = escape($_POST['sectionId']);
00151 $heading = escape($_POST['heading']);
00152 $typeUpdate = isset($_POST['type'])?", `section_type` = '{$_POST['type']}'":'';
00153 $show = ", `section_show` = '" . isset($_POST['sectionShow']) . "'";
00154 $result = mysql_query("SELECT `section_type` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sectionId}'");
00155 $row = mysql_fetch_row($result);
00156 $type = $row[0];
00157 if($type=="para"||$type=="ulist"||$type=="olist")
00158 $sectionContent = escape($this->processSave($_POST['content']));
00159 else if($type=="picture")
00160 $sectionContent = escape($_POST['selectFile']);
00161 $query = "UPDATE `safedit_sections` SET `section_heading` = '{$heading}', `section_content` = '{$sectionContent}'{$typeUpdate}{$show} WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sectionId}'";
00162 mysql_query($query) or die($query . "<br>" . mysql_error());
00163 if(mysql_affected_rows()>0)
00164 displayinfo("Section saved successfully");
00165 } else if($_GET['subaction']=='moveUp'||$_GET['subaction']=='moveDown') {
00166 $compare = $_GET['subaction']=='moveUp'?'<=':'>=';
00167 $arrange = $_GET['subaction']=='moveUp'?'DESC':'ASC';
00168 $sectionId = escape($_GET['sectionId']);
00169 $query = "SELECT `section_id`,`section_priority` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_priority` {$compare} (SELECT `section_priority` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sectionId}') ORDER BY `section_priority` {$arrange} LIMIT 2";
00170 $result = mysql_query($query);
00171 $row = mysql_fetch_row($result);
00172 $sid = $row[0]; $spr = $row[1];
00173 if($row = mysql_fetch_row($result)) {
00174 mysql_query("UPDATE `safedit_sections` SET `section_priority` = '{$spr}' WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$row[0]}'");
00175 mysql_query("UPDATE `safedit_sections` SET `section_priority` = '{$row[1]}' WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sid}'");
00176 }
00177 } else if($_GET['subaction']=='moveTop'||$_GET['subaction']=='moveBottom') {
00178 $sectionId = escape($_GET['sectionId']);
00179 $cpri = mysql_fetch_row(mysql_query("SELECT `section_priority` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sectionId}'")) or die(mysql_error());
00180 if($_GET['subaction']=='moveTop') {
00181 $sign = '+';
00182 $cmpr = '<';
00183 $set = '0';
00184 } else {
00185 $sign = '-';
00186 $cmpr = '>';
00187 $set = mysql_fetch_row(mysql_query("SELECT MAX(`section_priority`) FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}'")) or die(mysql_error());
00188 $set = isset($set[0])?$set[0]:'';
00189 }
00190 $cmpr = $_GET['subaction']=='moveTop'?'<':'>';
00191 $query = "UPDATE `safedit_sections` SET `section_priority` = `section_priority`{$sign}1 WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_priority` {$cmpr} '{$cpri[0]}'";
00192 mysql_query($query) or die(mysql_error());
00193 mysql_query("UPDATE `safedit_sections` SET `section_priority` = '{$set}' WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sectionId}'") or die(mysql_error());
00194 }
00195 }
00196
00197 $result = mysql_query("SELECT `section_id`,`section_heading`,`section_type`,`section_content`,`section_show` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' ORDER BY `section_priority`");
00198 while($row = mysql_fetch_assoc($result)) {
00199 $show = $row['section_show']?'checked ':'';
00200 $type = $row['section_type'];
00201 $help = $type!="picture"?" <a href='#help' title='Only Plain text allowed, Click to know more'>{$ICONS['Help']['small']}</a>":'';
00202 $ret .= <<<RET
00203 <form action='./+edit&subaction=saveSection' method=POST><input type=hidden value='{$row['section_id']}' name='sectionId' /><fieldset><legend><input type=checkbox name='sectionShow' {$show}/><input type=text name=heading value='{$row['section_heading']}' style='border:0;background:none;' /> <a href='./+edit&subaction=moveUp§ionId={$row['section_id']}' title='Move one level Up'>{$ICONS['Up']['small']}</a> <a href='./+edit&subaction=moveDown§ionId={$row['section_id']}' title='Move one level Down'>{$ICONS['Down']['small']}</a> <a href='./+edit&subaction=moveTop§ionId={$row['section_id']}' title='Move to Top'>{$ICONS['Top']['small']}</a> <a href='./+edit&subaction=moveBottom§ionId={$row['section_id']}' title='Move to Bottom'>{$ICONS['Bottom']['small']}</a> <a href='./+edit&subaction=deleteSection§ionId={$row['section_id']}' title='Delete Section'>{$ICONS['Delete Section']['small']}</a>{$help}</legend><div class='safedit_section'>
00204 RET;
00205 $safeContent = safe_html($row['section_content']);
00206 if($type=="ulist"||$type=="olist"||$type=="para") {
00207 $usel = $type=="ulist"?' selected':'';
00208 $osel = $type=="olist"?' selected':'';
00209 $psel = $type=="para"?' selected':'';
00210 $ret .=<<<PARA
00211 <textarea name=content rows=7 style="width:100%">{$safeContent}</textarea>
00212 <select name=type>
00213 <option value="para"$psel>Paragraph</option>
00214 <option value="ulist"$usel>List</option>
00215 <option value="olist"$osel>Numbered List</option>
00216 </select>
00217 PARA;
00218 } else if($type=="picture") {
00219 $files = getUploadedFiles($this->moduleComponentId,"safedit");
00220 $ret .= "<a href='#uploadFile'>Upload File</a><br /><select name=selectFile><option value=''>No picture</option>";
00221 foreach($files as $currFile) {
00222 $select = $row['section_content']==$currFile['upload_filename']?' selected':'';
00223 $ret .="<option value='{$currFile['upload_filename']}'{$select}>{$currFile['upload_filename']}</option>";
00224 }
00225 $ret .= "</select>";
00226 }
00227 $ret .=<<<SUBMIT
00228 <input type=submit value='Save section' /></div></fieldset></form>
00229 SUBMIT;
00230 }
00231
00232 $ret .= <<<RET
00233 <fieldset>
00234 <legend>{$ICONS['Add']['small']}Create New Section</legend>
00235 <form action="./+edit&subaction=addSection" method=POST>
00236 <select name='type'>
00237 <option value="para">Paragraph</option>
00238 <option value="ulist">List</option>
00239 <option value="olist">Numbered List</option>
00240 <option value="picture">Picture</option>
00241 </select>
00242 <input type=text name="heading" />
00243 <input type=checkbox name="sectionShow" checked />
00244 <input type=submit value="Add section" name="btnAddSection" />
00245 </form>
00246 </fieldset>
00247 RET;
00248
00249 $ret .= $end;
00250 $ret .= <<<RET
00251 <small id="help"><ul><li>You can display only Plain text, any custom formatting will be prevented.<br />To make a link, enclose the text with '{' and '}' and add the target to the end of the line after '|'<br />For eg:<br />{This is a link}, and this is not a link|http:
00252 RET;
00253 return $ret;
00254 }
00255
00270 function processView($line) {
00271 $arr = explode("|",$line,2);
00272 if(isset($arr[1])) {
00273 $in = explode("{",$arr[0],2);
00274 if(isset($in[1])) {
00275 $inn = explode("}",$in[1],2);
00276 return $in[0] . "<a href='{$arr[1]}'>{$inn[0]}</a>" . $inn[1];
00277 } else {
00278 return "<a href='{$arr[1]}'>{$arr[0]}</a>";
00279 }
00280 }
00281 return $line;
00282 }
00283
00296 function processSave($content) {
00297 $arr = explode("\n",$content);
00298 $out = array();
00299 foreach($arr as $content) {
00300 if(strpos($content,"|")!=strrpos($content,"|"))
00301 $content = str_replace("|","",$content);
00302 if(strpos($content,"{")!=strrpos($content,"{"))
00303 $content = str_replace("{","",$content);
00304 if(strpos($content,"}")!=strrpos($content,"}"))
00305 $content = str_replace("}","",$content);
00306 if(strpos($content,"}")<strpos($content,"{")||strpos($content,"{")===FALSE) {
00307 $content = str_replace("{","",$content);
00308 $content = str_replace("}","",$content);
00309 }
00310 if(strpos($content,"}")>strpos($content,"|")) {
00311 $content = str_replace("|","",$content);
00312 $content = str_replace("{","",$content);
00313 $content = str_replace("}","",$content);
00314 }
00315 $out[] = $content;
00316 }
00317 $content = implode("\n",$out);
00318 return $content;
00319 }
00320
00326 public static function getFileAccessPermission($pageId,$moduleComponentId,$userId, $fileName) {
00327 return getPermissions($userId, $pageId, "view");
00328 }
00329
00330 public static function getUploadableFileProperties(&$fileTypesArray,&$maxFileSizeInBytes) {
00331 $fileTypesArray = array('jpg','jpeg','png','gif','bmp','tiff');
00332 $maxFileSizeInBytes = 31457280;
00333 }
00334
00340 public function createModule(&$moduleComponentId) {
00341 $query = "SELECT MAX(page_modulecomponentid) as MAX FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_module` = 'safedit'";
00342 $result = mysql_query($query) or die(mysql_error());
00343 $row = mysql_fetch_assoc($result);
00344 $moduleComponentId = $row['MAX'] + 1;
00345 }
00346
00352 public function deleteModule($moduleComponentId) {
00353 mysql_query("DELETE FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$moduleComponentId}'") or die(mysql_error());
00354 return true;
00355 }
00356
00361 public function copyModule($moduleComponentId) {
00362 $query = "SELECT MAX(page_modulecomponentid) as MAX FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_module` = 'safedit'";
00363 $result = mysql_query($query) or die(mysql_error());
00364 $row = mysql_fetch_assoc($result);
00365 $newId = $row['MAX'] + 1;
00366 mysql_query("INSERT INTO `safedit_sections`(`page_modulecomponentid`,`section_id`,`section_heading`,`section_type`,`section_show`,`section_priority`,`section_content`) VALUES (SELECT '$newId' as `page_modulecomponentid`,`section_id`,`section_heading`,`section_type`,`section_show`,`section_priority`,`section_content` FROM `safedit_contents` WHERE `page_modulecomponentid` = '{$moduleComponentId})") or die(mysql_error());
00367 return $newId;
00368 }
00369 }
00370 ?>