• Main Page
  • Related Pages
  • Namespaces
  • Data Structures
  • Files
  • Examples
  • File List
  • Globals

cms/template.lib.php

Go to the documentation of this file.
00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 { 
00004         header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005         echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006         echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007         exit(1);
00008 }
00026 function getPageTemplate($pageId)
00027 {
00028         
00029         $query="SELECT `value` FROM `".MYSQL_DATABASE_PREFIX."global` WHERE `attribute`='allow_pagespecific_template'";
00030         $result=mysql_query($query);
00031         $row=mysql_fetch_row($result);
00032         if($row[0]==0)
00033                 return DEF_TEMPLATE;
00034 
00035         $query="SELECT `page_template` FROM `".MYSQL_DATABASE_PREFIX."pages` WHERE `page_id`=$pageId";
00036         $result=mysql_query($query);
00037         $row=mysql_fetch_row($result);
00038         if($row[0]=="")
00039                 return DEF_TEMPLATE;
00040         return $row[0];
00041 }
00042 
00056 function templateReplace(&$TITLE,&$MENUBAR,&$ACTIONBARMODULE,&$ACTIONBARPAGE,&$BREADCRUMB,&$INHERITEDINFO,&$CONTENT,&$FOOTER,&$DEBUGINFO,&$ERRORSTRING,&$WARNINGSTRING,&$INFOSTRING,&$STARTSCRIPTS,&$LOGINFORM) {
00057         global $cmsFolder;
00058         global $sourceFolder;
00059         global $templateFolder;
00060         global $moduleFolder;
00061         global $urlRequestRoot;
00062         global $TEMPLATEBROWSERPATH;
00063         global $TEMPLATECODEPATH;
00064         global $SITEDESCRIPTION;
00065         global $SITEKEYWORDS;
00066         global $STARTSCRIPTS;
00067         global $LOGINFORM;
00068         global $WIDGETS;
00069 
00070         $SITEDESCRIPTION=safe_html($SITEDESCRIPTION);
00071         $SITEKEYWORDS=safe_html($SITEKEYWORDS);
00072         $FOOTER=safe_html($FOOTER);
00073 
00074         $TEMPLATEBROWSERPATH = "$urlRequestRoot/$cmsFolder/$templateFolder/".TEMPLATE;
00075         $TEMPLATECODEPATH = "$sourceFolder/$templateFolder/".TEMPLATE;
00076         include ($TEMPLATECODEPATH."/index.php");
00077 }
00078 
00079 function actualTemplatePath($templatePath) {
00080         $templateActualPath = $templatePath;
00081         $dirHandle = opendir($templatePath);
00082         $files = '';
00083         while($file = readdir($dirHandle)) {
00084                 if($file == "index.php")
00085                         return $templatePath;
00086                 elseif(is_dir($templatePath . $file) && $file != '.' && $file != '..') {
00087                         $return = actualTemplatePath($templatePath . $file . "/");
00088                         if($return != NULL)
00089                                 return $return;
00090                 }
00091         }
00092         return NULL;
00093 }
00094 
00095 function getTemplateName($actualPath) {
00096         return getWidgetName($actualPath);
00097 }
00098 
00099 function installTemplate($str) {
00100         global $sourceFolder;
00101         $len = strlen($str);
00102         $templateName = name($str,".");
00103         if(substr($str,$len-4,4)==".zip") {
00104                 $zip = new ZipArchive();
00105                 if ($zip->open($str) === TRUE) {
00106                         $templatePath = $sourceFolder . "/uploads/templates/" . $templateName . "/";
00107                         while(file_exists($templatePath))
00108                                 $templatePath = $sourceFolder . "/uploads/templates/". rand() . "/";
00109                         $zip->extractTo($templatePath);
00110                         $zip->close();
00111                 } else
00112                         return array("1", $str);
00113         } else
00114                 return array("2", $str);
00115         
00116         $templateArray = "";
00117         $templates=getAvailableTemplates();
00118         foreach($templates as $template)
00119                 $templateArray .= "'".$template."', ";
00120                 
00121         $templateArray = rtrim($templateArray,", ");
00122         
00123         $templateActualPath = actualPath($templatePath);
00124 
00125         if($templateActualPath == NULL)
00126                 return array("0", $str, $templatePath);
00127         
00128         $call = "";
00129         $issueExcess = "";
00130         $ignoreall = "";
00131         $issues = "";
00132         $issuetypes = reportIssues($templateActualPath,$issues);
00133         if($issues!="")
00134         {
00135          $issues ="
00136          <table name='issues_table'>
00137          <tr><th>S.No.</th><th>Issue Details</th><th>Issue Type</th><th>Ignore ?</th></tr>
00138          $issues
00139          </table>
00140          ";
00141         }
00142         
00143         if($issuetypes[0] == 1)
00144         {
00145          //$issuetypes[0] is fatal and [1] is ignorable
00146                 displayerror("Some fatal issues were found with the template. Please click on Cancel Installation button and fix the issues");
00147                 $call = "2";
00148         }
00149         if($issuetypes[0] == 0 && $issuetypes[1] == 1) {
00150                 displaywarning("Some issues were found with the template. You may chose to ignore them.");
00151                 $ignoreall = "<input type=button value='Ignore All' onClick='igall();'>";
00152                 $issueExcess = <<<EXTRA
00153 <script type="text/javascript">
00154 
00155 function igall() {
00156         var id = 0;
00157         while(document.getElementById('issue_' + id))
00158                 ignore(id++);
00159 }
00160 </script>
00161 EXTRA;
00162         }
00163         global $ICONS;
00164         $RET = <<<RET
00165 <script type="text/javascript">
00166 function ignore(id) {
00167         if(document.getElementById('button_' + id)) {
00168                 document.getElementById('issue_' + id).className = 'ignored';
00169                 document.getElementById('button_' + id).value = 'Ignored !';
00170                 document.getElementById('button_' + id).disabled = 'disabled';
00171         }
00172 }
00173 function validate() {
00174         var id = 0;
00175         while(document.getElementById('issue_' + id)) {
00176                 if(document.getElementById('issue_' + id).className == 'issue') {
00177                         alert("There are one or more issue(s) unresolved. Fix them and Submit.");
00178                         return false;
00179                 }
00180                 id++;
00181         }
00182         var templates = new Array('common',{$templateArray});
00183         for(template in templates)
00184                 if(document.getElementById('templatename').value == templates[template]) {
00185                         alert("Template with that name already exist in server. Choose some other name.");
00186                         return false;
00187                 }
00188         return true;
00189 }
00190 function validate2() {
00191         alert("You have one or more required variable missing. So you can not submit the template. Hit cancel.");
00192         return false;
00193 }
00194 </script>
00195 
00196 <fieldset>
00197 <legend>{$ICONS['Templates Management']['small']}Finalize Template</legend>
00198 {$issues}
00199 {$ignoreall}
00200 {$issueExcess}
00201 <form method=POST action='./+admin&subaction=template&subsubaction=finalize' onSubmit='return validate{$call}()'>
00202 Template Name: <input type=text id='templatename' name='template' value='{$templateName}'><input type=submit value="Install Template"><br/><br/>
00203 The following template names are already used :<b> 'common', {$templateArray}</b><br/>
00204 <input type=hidden name='path' value='{$templateActualPath}'>
00205 <input type=hidden name='del' value='{$templatePath}'>
00206 <input type=hidden name='file' value='{$str}'>
00207 
00208 </form>
00209 <form method=POST action='./+admin&subaction=template&subsubaction=cancel' onSubmit='myconfirm()'>
00210 <input type=hidden name='path' value='{$templatePath}'>
00211 <input type=hidden name='file' value='{$str}'>
00212 <input type=submit value="Cancel Installation">
00213 </form>
00214 </fieldset>
00215 RET;
00216 
00217         return $RET;
00218 }
00219 
00220 /*
00221 this is a custom function which i needed might not be of much significance
00222 it returns the substring starting right next from the last '/' and ends just before the end character(2nd parameter) specified
00223 */
00224 function name($path,$end) {
00225         $len = strlen($path);
00226         $start = strrpos($path,"/");
00227         $end = strpos($path,$end,$start);
00228         return substr($path,$start+1,$end-$start-1);
00229 }
00230 
00231 /*
00232 checkTemplate(templatePath) is used to check for compatibility with the pragyan cms
00233 you can redistribute the values in reqd and nreqd as per your requirement
00234 if a variables in nreqd is missing in the template, it'll be notified during installation, but can be ignored
00235 whereas variables in reqd cant be ignored.
00236 This function returns
00237         0: if it doesn't find index.php in the passed path
00238         1: if it finds index.php in the specified path and it contains all variables specified in reqd and nreqd arrays.
00239         2 and above: if it finds index.php in the specified path and it miss n-1 variables in reqd and nreqd arrays.
00240 */
00241 function addissue(&$issues,$str,$id)
00242 {
00243         $issues.="<tr><td>$id</td><td>$str</td><td>Warning</td><td><input type=hidden id='issue_{$id}' class=issue><input type=button id='button_{$id}' value=Ignore onclick='ignore($id)'></td></tr>";
00244 }
00245 function addfatalissue(&$issues,$str,$id)
00246 {
00247         $issues.="<tr><td>$id</td><td>$str</td><td><b>FATAL</b></td><td><input type=hidden id='issue_{$id}' class=issue>Can't Ignore !</td></tr>";
00248 }
00249 
00250 
00251 function checkForTemplateIssues($templatePath,$templateName,&$issues) {
00252         $content = file_get_contents($templatePath . "index.php");
00253         $reqd = array("\$CONTENT","\$ACTIONBARMODULE","\$ACTIONBARPAGE","\$SITEDESCRIPTION","\$SITEKEYWORDS","\$FOOTER","\$ERRORSTRING","\$WARNINGSTRING","\$INFOSTRING");
00254 //      $nreqd = array("\$STARTSCRIPTS","\$TITLE","\$BREADCRUMB","\$DEBUGINFO","\$MENUBAR","\$INHERITEDINFO",);
00255         $nreqd = array("\$STARTSCRIPTS","\$TITLE","\$BREADCRUMB","\$MENUBAR");
00256         $id = 0;
00257         $i = 0;
00258         $j = 0;
00259         foreach($reqd as $var)
00260                 switch(mycount($content,$var)) {
00261                         case 0:
00262                                 addfatalissue($issues,"$var is missing",$id);
00263                                 $i = 1;
00264                                 $id++;
00265                                 break;
00266                         case 1:
00267                                 break;
00268                         default:
00269                                 addissue($issues,"$var is more than once",$id);
00270                                 $j = 1;
00271                                 $id++;
00272                 }
00273         foreach($nreqd as $var)
00274                 switch(mycount($content,$var)) {
00275                         case 0:
00276                                 addissue($issues,"$var is missing",$id);
00277                                 $j = 1;
00278                                 $id++;
00279                                 break;
00280                         case 1:
00281                                 break;
00282                         default:
00283                                 addissue($issues,"$var is more than once",$id);
00284                                 $j = 1;
00285                                 $id++;
00286                 }
00287         return array($i,$j);            //returns 1 more than number of issues. see id getting incremented for every issue.
00288 }
00289 
00290 function mycount($content,$find) {
00291         $start = strpos($content,$find);
00292         if($start)
00293                 if(strpos($content,$find,$start+1))
00294                         return 2;       //to indicate the presence of 'find value' more than once
00295                 else
00296                         return 1;       //to indicate the presence of 'find value' once
00297         else
00298                 return 0;               //to indicate the 'find value' is not found
00299 }
00300 
00301 
00302 function handleTemplateManagement()
00303 {
00304 
00305 
00306         global $sourceFolder;
00307         if(isset($_POST['btn_install']))
00308         {
00309                 $uploadId = processUploaded("Template");
00310                 if($uploadId != -1)
00311                         return installModule($uploadId,"Template");
00312         }
00313         else if(isset($_POST['btn_uninstall']))         
00314         {
00315                 $query = "SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE attribute= 'default_template'";
00316                         $res   = mysql_query($query);
00317                         $row1   = array();
00318                         $row1   = mysql_fetch_row($res);
00319                 
00320                 if(!isset($_POST['Template']) || $_POST['Template']=="") return "";
00321                 
00322                 $toDelete = escape($_POST['Template']);
00323                 $query="SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "templates` WHERE `template_name` = '" . $toDelete . "'";
00324                 $query2 = "SELECT `page_id` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_template` = '{$toDelete}' LIMIT 10";
00325                 $result2 = mysql_query($query2) or displayerror(mysql_error());
00326                 
00327                         if($row1[0] == $toDelete)
00328                         {
00329                                 displayerror("The default template cannot be deleted! If you want to delete this template, first change the default template from 'Global Settings'.");
00330                         return "";
00331                         }
00332                 if(mysql_num_rows($result2)==0||isset($_POST['confirm'])) {
00333                         if($row = mysql_fetch_array(mysql_query($query)))
00334                         {
00335                         $query="DELETE FROM `" . MYSQL_DATABASE_PREFIX . "templates` WHERE `template_name` = '" . $toDelete . "'";
00336                         mysql_query($query);
00337                         $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "pages` SET `page_template` = '".$row1[0]."' WHERE `page_template` = '".$toDelete."'";
00338                         mysql_query($query) or displayerror(mysql_error());
00339                         $templateDir = $sourceFolder . "/templates/" . $toDelete . "/";
00340                         if(file_exists($templateDir))
00341                                 delDir($templateDir);
00342                         displayinfo("Template ".safe_html($_POST['Template'])." uninstalled!");
00343                         return "";
00344                         } else {
00345                                 displayerror("Template uninstallation failed!");
00346                                 return "";
00347                 }}
00348                 $pageList = "";
00349                 while($row = mysql_fetch_assoc($result2))
00350                         $pageList .= "/home" . getPagePath($row['page_id']) . "<br>";
00351                 
00352                 $templatename = safe_html($_POST['Template']);
00353                 $ret=<<<RET
00354 <fieldset>
00355 <legend>{$ICONS['Templates Management']['small']}Template Management</legend>
00356 Some of the page with {$templatename} template are:<br>
00357 {$pageList}
00358 <div class='cms-error'>The templates of these pages will be reset to default template if you proceed deleting the template.</div>
00359 <form method=POST action='./+admin&subaction=template&subsubaction=uninstall'>
00360 <input type=hidden value='{$templatename}' name='Template' />
00361 <input type=submit value='Delete template' name='btn_uninstall' />
00362 <input type=hidden value='confirm' name='confirm' />
00363 </form>
00364 </fieldset>
00365 RET;
00366                 return $ret;
00367                 
00368         } 
00369         /*
00370         this finalize and cancel subsubactions are vulnerabilities, any one can vary $_POST['path'] and make cms to delete itself.
00371         so template installation is also merged with module and widget installation,
00372         but some extra features specific to template installation(ie ignoring missing template variables and changing template name)
00373         are missing in that installation, these will remain commented for reference till those features are implemented the other way
00374         else if(isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'finalize') 
00375         {               
00376         
00377                 $issues = "";
00378                 $ret = reportIssues(escape($_POST['path']),$issues);
00379                 if($ret[0] == 1) 
00380                 {
00381                         displayerror("Your template is still not compatible with Pragyan CMS. Please fix the reported issues during installation.");
00382                         delDir(escape($_POST['del']));
00383                         unlink(escape($_POST['file']));
00384                         return "";
00385                 }
00386                         
00387                 $templates=getAvailableTemplates();
00388                 $flag=false;
00389                 foreach ($templates as $template) 
00390                         if($template==$_POST['template'])
00391                         {
00392                                 $flag=true;
00393                                 break;
00394                         }
00395                 if($_POST['template']=="common" || $flag || file_exists($sourceFolder . "/templates/" . escape($_POST['template']) . "/")) 
00396                 {
00397                         displayerror("Template Installation failed : A folder by the template name already exists.");
00398                         $templatePath=safe_html($_POST['del']);
00399                         $str=safe_html($_POST['file']);
00400                         $ret=<<<RET
00401                         <form method=POST action='./+admin&subaction=canceltemplate'>
00402                         Please click the following button to start a fresh installation : 
00403                         <input type=hidden name='path' value='{$templatePath}'>
00404                         <input type=hidden name='file' value='{$str}'>
00405                         <input type=submit value="Fresh Installation">
00406                         </form>
00407 RET;
00408                         return $ret;
00409                         
00410                 }
00411                 rename(escape($_POST['path']), $sourceFolder . "/templates/" . escape($_POST['template']) . "/");
00412                 delDir(escape($_POST['del']));
00413                 unlink(escape($_POST['file']));
00414                 mysql_query("INSERT INTO `" . MYSQL_DATABASE_PREFIX . "templates` VALUES('" . escape($_POST['template']) . "')");
00415                 displayinfo("Template installation complete");
00416                 return "";
00417                 
00418         } 
00419         else if(isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'cancel') 
00420         {
00421                 delDir(escape($_POST['path']));
00422                 unlink(escape($_POST['file']));
00423                 return "";
00424         }*/
00425         
00426 }

Generated on Mon Mar 14 2011 05:35:30 for Pragyan CMS by  doxygen 1.7.1