00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 {
00004 header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005 echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006 echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007 exit(1);
00008 }
00026 function getContent($pageId, $action, $userId, $permission, $recursed=0) {
00027 if($action=="login") {
00028 if($userId==0) {
00030
00031 $newUserId = login();
00032 if(is_numeric($newUserId))
00033 return getContent($pageId, "view", $newUserId, getPermissions($newUserId,$pageId,"view"), 0);
00034 else
00035 return $newUserId;
00036 } else
00037 displayinfo("You are logged in as ".getUserName($userId)."! Click <a href=\"./+logout\">here</a> to logout.");
00038 return getContent($pageId, "view", $userId, getPermissions($userId,$pageId,"view"), $recursed=0);
00039 }
00040 if($action=="profile") {
00041 if($userId != 0) {
00042 require_once("profile.lib.php");
00043 return profile($userId);
00044 } else
00045 displayinfo("You need to <a href=\"./+login\">login</a> to view your profile.!");
00046 }
00047 if($action=="logout") {
00048 if($userId!=0) {
00049 $newUserId=resetAuth();
00050 displayinfo("You have been logged out!");
00051 global $openid_enabled;
00052 if($openid_enabled=='true')
00053 displaywarning("If you logged in via Open ID, make sure you also log out from your Open ID service provider's website. Until then your session in this website will remain active !");
00054 return getContent($pageId, "view", $newUserId, getPermissions($newUserId,$pageId,"view"), 0);
00055 } else
00056 displayinfo("You need to <a href=\"./+login\">login</a> first to logout!");
00057 }
00058 if($action=="search") {
00059 require_once("search.lib.php");
00060 $ret = getSearchBox();
00061 if(isset($_POST['query']))
00062 $ret .= getSearchResultString($_POST['query']);
00063 elseif(isset($_GET['query']))
00064 $ret .= getSearchResultString($_GET['query']);
00065
00066 return $ret;
00067 }
00068 if (isset($_GET['subaction']) && $_GET['subaction'] == 'getchildren') {
00069 if (isset($_GET['parentpath'])) {
00070 global $urlRequestRoot;
00071 require_once('menu.lib.php');
00072 $pidarr = Array();
00073 parseUrlReal(escape($_GET['parentpath']), $pidarr);
00074 $pid = $pidarr[count($pidarr) - 1];
00075 $children = getChildren($pid, $userId);
00076 $response = array();
00077 $response['path'] = escape($_GET['parentpath']);
00078 $response['items'] = array();
00079 foreach ($children as $child)
00080 $response['items'][] = array($urlRequestRoot . '/home' . escape($_GET['parentpath']) . $child[1], $child[2]);
00081
00082 exit();
00083 }
00084 }
00085
00086 if($permission!=true) {
00087 if($userId==0) $suggestion = "(Try <a href=\"./+login\">logging in?</a>)";
00088 else $suggestion = "";
00089 displayerror("You do not have the permissions to view this page. $suggestion<br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
00090 return '';
00091 }
00092
00093 if($action=="admin") {
00094 require_once("admin.lib.php");
00095 return admin($pageId,$userId);
00096 }
00099
00100 $pagetype_query = "SELECT page_module, page_modulecomponentid FROM ".MYSQL_DATABASE_PREFIX."pages WHERE page_id=".escape($pageId);
00101 $pagetype_result = mysql_query($pagetype_query);
00102 $pagetype_values = mysql_fetch_assoc($pagetype_result);
00103 if(!$pagetype_values) {
00104 displayerror("The requested page does not exist.");
00105 return "";
00106 }
00107 $moduleType = $pagetype_values['page_module'];
00108 $moduleComponentId = $pagetype_values['page_modulecomponentid'];
00109 if($action=="settings") {
00110 require_once("pagesettings.lib.php");
00111 return pagesettings($pageId,$userId);
00112 }
00113 if($action=="widgets")
00114 {
00115 return handleWidgetPageSettings($pageId);
00116 }
00117 if($recursed==0) {
00118 $pagetypeupdate_query = "UPDATE ".MYSQL_DATABASE_PREFIX."pages SET page_lastaccesstime=NOW() WHERE page_id=".escape($pageId);
00119 $pagetypeupdate_result = mysql_query($pagetypeupdate_query);
00120 if(!$pagetypeupdate_result)
00121 return '<div class="cms-error">Error No. 563 - An error has occured. Contact the site administators.</div>';
00122 }
00123 if($moduleType=="link")
00124 return getContent($moduleComponentId,$action,$userId,true,1);
00125 if($action=="grant") {
00126 return grantPermissions($userId, $pageId);
00127 }
00128 if($moduleType=="menu")
00129 return getContent(getParentPage($pageId),$action,$userId,true,1);
00130 if($moduleType=="external") {
00131 $query = "SELECT `page_extlink` FROM `".MYSQL_DATABASE_PREFIX."external` WHERE `page_modulecomponentid` =
00132 (SELECT `page_modulecomponentid` FROM `".MYSQL_DATABASE_PREFIX."pages` WHERE `page_id`= ".escape($pageId).")";
00133 $result = mysql_query($query);
00134 $values = mysql_fetch_array($result);
00135 $link=$values[0];
00136 header("Location: $link");
00137 }
00138 global $sourceFolder;
00139 global $moduleFolder;
00140 require_once($sourceFolder."/".$moduleFolder."/".$moduleType.".lib.php");
00141 $page = new $moduleType();
00142 if(!($page instanceof module)){
00143 displayerror("The module \"$moduleType\" does not implement the inteface module</div>");
00144 return "";
00145 }
00146
00147 $createperms_query = " SELECT * FROM ".MYSQL_DATABASE_PREFIX."permissionlist where perm_action = 'create' AND page_module = '".$moduleType."'";
00148 $createperms_result = mysql_query($createperms_query);
00149 if(mysql_num_rows($createperms_result)<1) {
00150 displayerror("The action \"create\" does not exist in the module \"$moduleType\"</div>");
00151 return "";
00152 }
00153
00154 $availableperms_query = "SELECT * FROM ".MYSQL_DATABASE_PREFIX."permissionlist where perm_action != 'create' AND page_module = '".$moduleType."'";
00155 $availableperms_result = mysql_query($availableperms_query);
00156 $permlist = array();
00157 while ($value=mysql_fetch_assoc($availableperms_result)) {
00158 array_push($permlist,$value['perm_action']);
00159 }
00160 array_push($permlist,"view");
00161 $class_methods = get_class_methods($moduleType);
00162 foreach($permlist as $perm) {
00163 if(!in_array("action".ucfirst($perm),$class_methods))
00164 {
00165 displayerror("The action \"$perm\" does not exist in the module \"$moduleType\"</div>");
00166 return "";
00167 }
00168 }
00169
00170 if($action=="pdf")
00171 {
00172
00173 if(isset($_GET['depth']))
00174 $depth=$_GET['depth'];
00175 else $depth=0;
00176
00177 if(!is_numeric($depth))
00178 {
00179 $depth=0;
00180 }
00181
00182 global $TITLE;
00183 global $sourceFolder;
00184 require_once("$sourceFolder/modules/pdf/html2fpdf.php");
00185 $pdf=new HTML2FPDF();
00186 $pdf->setModuleComponentId($moduleComponentId);
00187 $pdf->AddPage();
00188 $pdf->WriteHTML($page->getHtml($userId,$moduleComponentId,"view"));
00189
00190 $cp=array();
00191 $j=0;
00192
00193 if($depth == -1)
00194 {
00195 $cp=child($pageId,$userId,$depth);
00196
00197 if($cp[0][0])
00198 {
00199 for($i=0 ; $cp[$i][0] != NULL ; $i++)
00200 {
00201 require_once($sourceFolder."/".$moduleFolder."/".$cp[$i][2].".lib.php");
00202 $page1 = new $cp[$i][2]();
00203 $modCompId = $cp[$i][5];
00204 $pdf->setModuleComponentId($modCompId);
00205 $pdf->AddPage();
00206 $pdf->WriteHTML($page1->getHtml($userId,$modCompId,"view"));
00207 }
00208 }
00209 }
00210
00211 else if ($depth>0)
00212 {
00213 $cp=child($pageId,$userId,$depth);
00214 --$depth;
00215 while($depth>0)
00216 {
00217 $count = count($cp);
00218 for($j; $j<$count; $j++)
00219 {
00220 $cp=array_merge((array)$cp,(array)child($cp[$j][0],$userId,$depth));
00221 }
00222 --$depth;
00223 }
00224
00225 if($cp[0][0])
00226 {
00227 for($i=0 ; isset($cp[$i]) ; $i++)
00228 {
00229 require_once($sourceFolder."/".$moduleFolder."/".$cp[$i][2].".lib.php");
00230 $page1 = new $cp[$i][2]();
00231 $modCompId = $cp[$i][5];
00232 $pdf->setModuleComponentId($modCompId);
00233 $pdf->AddPage();
00234 $pdf->WriteHTML($page1->getHtml($userId,$modCompId,"view"));
00235 }
00236 }
00237
00238 }
00239 $filePath = $sourceFolder . "/uploads/temp/" . $TITLE . ".pdf";
00240 while(file_exists($filePath))
00241 $filePath = $sourceFolder . "/uploads/temp/" . $TITLE."-".rand() . ".pdf";
00242 $pdf->Output($filePath);
00243 header("Pragma: public");
00244 header("Expires: 0");
00245 header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
00246 header("Cache-Control: private",false);
00247 header("Content-Type: application/pdf");
00248 header("Content-Disposition: attachment; filename=\"".basename($filePath)."\";" );
00249 header("Content-Transfer-Encoding: binary");
00250 header("Content-Length: ".filesize($filePath));
00251 @readfile("$filePath");
00252 unlink($filePath);
00253 }
00254
00255 return $page->getHtml($userId, $moduleComponentId, $action);
00256 }
00257
00261 function getTitle($pageId,$action, &$heading) {
00262 if($action=="login" || $action == "logout") {
00263 $heading = ucfirst($action);
00264 return true;
00265 }
00266
00267 $pagetitle_query = "SELECT `page_title`, `page_module`, `page_modulecomponentid`, `page_displaypageheading` FROM `".MYSQL_DATABASE_PREFIX."pages` WHERE `page_id`=".$pageId;
00268 $pagetitle_result = mysql_query($pagetitle_query);
00269 if (!$pagetitle_result)
00270 return false;
00271 $pagetitle_values = mysql_fetch_assoc($pagetitle_result);
00272
00273 if ($pagetitle_values['page_displaypageheading'] == 0)
00274 return false;
00275
00276
00277 if ($action=="grant") $heading = $pagetitle_values['page_title']." - Grant Permissions";
00278 else if ($action=="settings") $heading = $pagetitle_values['page_title']." - Page Settings";
00279 else if ($action=="admin") $heading = $pagetitle_values['page_title']." - Website Administration";
00280 else if ($action=="widget") $heading = $pagetitle_values['page_title']." - Page Widgets";
00281 else if ($action=="profile") $heading = $pagetitle_values['page_title']." - User Profile";
00282 else $heading = $pagetitle_values['page_title'];
00283 return true;
00284 }
00285
00286 function child($pageId, $userId,$depth) {
00287 $pageId=escape($pageId);
00288 if($depth < 0)
00289 {
00290 $childrenQuery = 'SELECT `page_id`, `page_name`, `page_title`, `page_module`, `page_modulecomponentid`, `page_displayinmenu`, `page_image` , `page_displayicon` FROM `' . MYSQL_DATABASE_PREFIX . 'pages` WHERE `page_id` != ' . $pageId . ' AND `page_displayinmenu` = 1 ORDER BY `page_menurank`';
00291
00292 }
00293 else
00294 {
00295 $childrenQuery = 'SELECT `page_id`, `page_name`, `page_title`, `page_module`, `page_modulecomponentid`, `page_displayinmenu`, `page_image` , `page_displayicon` FROM `' . MYSQL_DATABASE_PREFIX . 'pages` WHERE `page_parentid` = ' . $pageId . ' AND `page_id` != ' . $pageId . ' AND `page_displayinmenu` = 1 ORDER BY `page_menurank`';
00296 }
00297
00298
00299 $childrenResult = mysql_query($childrenQuery);
00300 $children = array();
00301 while ($childrenRow = mysql_fetch_assoc($childrenResult))
00302 if ($childrenRow['page_displayinmenu'] == true && getPermissions($userId, $childrenRow['page_id'], 'view', $childrenRow['page_module']) == true)
00303 $children[] = array($childrenRow['page_id'], $childrenRow['page_name'], $childrenRow['page_module'], $childrenRow['page_image'],$childrenRow['page_displayicon'],$childrenRow['page_modulecomponentid']);
00304
00305
00306 return $children;
00307 }
00308
00313 interface module {
00314 public function getHtml($userId, $moduleComponentId, $action);
00315 public function deleteModule($moduleComponentId);
00316 public function copyModule($moduleComponentId,$newModuleComponentId);
00317 public function createModule($moduleComponentId);
00318 }
00319
00320 interface fileuploadable {
00324 public static function getFileAccessPermission($pageId,$moduleComponentId,$userId,$fileName);
00325 }
00326