You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
607 lines
30 KiB
607 lines
30 KiB
<?php
|
|
if(!defined('IN_INDEX')) exit;
|
|
|
|
if(isset($_SESSION[$settings['session_prefix'].'user_id']))
|
|
{
|
|
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'main';
|
|
|
|
if($settings['wysiwyg_editor'] && isset($_SESSION[$settings['session_prefix'].'wysiwyg']) && $_SESSION[$settings['session_prefix'].'wysiwyg']==1)
|
|
{
|
|
$wysiwyg_opt = true;
|
|
$wysiwyg = true;
|
|
}
|
|
elseif(!empty($settings['wysiwyg_editor']))
|
|
{
|
|
$wysiwyg_opt = true;
|
|
$wysiwyg = false;
|
|
}
|
|
else
|
|
{
|
|
$wysiwyg_opt = false;
|
|
$wysiwyg = false;
|
|
}
|
|
|
|
if($wysiwyg_opt && isset($_REQUEST['enable_wysiwyg']))
|
|
{
|
|
$wysiwyg = true;
|
|
$dbr = Database::$userdata->prepare("UPDATE ".Database::$db_settings['userdata_table']." SET wysiwyg=1 WHERE id=:id");
|
|
$dbr->bindParam(':id', $_SESSION[$settings['session_prefix'].'user_id'], PDO::PARAM_INT);
|
|
$dbr->execute();
|
|
$_SESSION[$settings['session_prefix'].'wysiwyg'] = 1;
|
|
}
|
|
if($wysiwyg_opt && isset($_REQUEST['disable_wysiwyg']))
|
|
{
|
|
$wysiwyg = false;
|
|
$dbr = Database::$userdata->prepare("UPDATE ".Database::$db_settings['userdata_table']." SET wysiwyg=0 WHERE id=:id");
|
|
$dbr->bindParam(':id', $_SESSION[$settings['session_prefix'].'user_id'], PDO::PARAM_INT);
|
|
$dbr->execute();
|
|
$_SESSION[$settings['session_prefix'].'wysiwyg'] = 0;
|
|
}
|
|
|
|
$template->assign('wysiwyg_opt',$wysiwyg_opt);
|
|
$template->assign('wysiwyg',$wysiwyg);
|
|
|
|
#if($wysiwyg) include('./modules/fckeditor/fckeditor.php');
|
|
|
|
include(BASE_PATH.'cms/config/page_types.conf.php');
|
|
$template->assign('page_types',$page_types);
|
|
|
|
// users:
|
|
$user_result = Database::$userdata->query("SELECT id, name FROM ".Database::$db_settings['userdata_table']." ORDER BY id ASC");
|
|
$i=0;
|
|
while($data = $user_result->fetch())
|
|
{
|
|
$users[$data['id']] = $data['name'];
|
|
}
|
|
|
|
// get data to edit and perform general checks:
|
|
if(isset($_GET['id']))
|
|
{
|
|
$dbr = Database::$content->prepare("SELECT id,page,author,type,type_addition,time,last_modified,display_time,title,page_title,description,keywords,category,page_info,breadcrumbs,sections,include_page,include_order,include_rss,include_sitemap,include_news,link_name,menu_1,menu_2,menu_3,gcb_1,gcb_2,gcb_3,template,language,content_type,charset,teaser_headline,teaser,teaser_img,content,sidebar_1,sidebar_2,sidebar_3,page_notes, edit_permission, edit_permission_general, tv, status FROM ".Database::$db_settings['pages_table']." WHERE id=:id LIMIT 1");
|
|
$dbr->bindParam(':id', $_REQUEST['id'], PDO::PARAM_INT);
|
|
$dbr->execute();
|
|
$data = $dbr->fetch();
|
|
if(!isset($data['id']))
|
|
{
|
|
$action='page_doesnt_exist';
|
|
}
|
|
elseif(!is_authorized_to_edit($_SESSION[$settings['session_prefix'].'user_id'],$_SESSION[$settings['session_prefix'].'user_type'],$data['author'],$data['edit_permission'],$data['edit_permission_general']))
|
|
{
|
|
$action='no_authorization';
|
|
}
|
|
else
|
|
{
|
|
$page_data['id'] = intval($data['id']);
|
|
$page_data['page'] = htmlspecialchars($data['page']);
|
|
$page_data['author'] = intval($data['author']);
|
|
$page_data['type'] = htmlspecialchars($data['type']);
|
|
$page_data['type_addition'] = htmlspecialchars($data['type_addition']);
|
|
$page_data['time'] = date("Y-m-d H:i:s", $data['time']);
|
|
$page_data['last_modified'] = date("Y-m-d H:i:s");
|
|
$page_data['display_time'] = intval($data['display_time']);
|
|
$page_data['title'] = htmlspecialchars($data['title']);
|
|
$page_data['page_title'] = htmlspecialchars($data['page_title']);
|
|
$page_data['description'] = htmlspecialchars($data['description']);
|
|
$page_data['keywords'] = htmlspecialchars($data['keywords']);
|
|
$page_data['category'] = htmlspecialchars($data['category']);
|
|
$page_data['page_info'] = htmlspecialchars($data['page_info']);
|
|
$page_data['breadcrumbs'] = explode(',',htmlspecialchars($data['breadcrumbs']));
|
|
$page_data['sections'] = str_replace(',',', ',htmlspecialchars($data['sections']));
|
|
$page_data['include_page'] = intval($data['include_page']);
|
|
$page_data['include_order'] = intval($data['include_order']);
|
|
$page_data['include_rss'] = intval($data['include_rss']);
|
|
$page_data['include_sitemap'] = intval($data['include_sitemap']);
|
|
$page_data['include_news'] = intval($data['include_news']);
|
|
$page_data['link_name'] = htmlspecialchars($data['link_name']);
|
|
$page_data['menu_1'] = htmlspecialchars($data['menu_1']);
|
|
$page_data['menu_2'] = htmlspecialchars($data['menu_2']);
|
|
$page_data['menu_3'] = htmlspecialchars($data['menu_3']);
|
|
$page_data['gcb_1'] = htmlspecialchars($data['gcb_1']);
|
|
$page_data['gcb_2'] = htmlspecialchars($data['gcb_2']);
|
|
$page_data['gcb_3'] = htmlspecialchars($data['gcb_3']);
|
|
$page_data['template'] = htmlspecialchars($data['template']);
|
|
$page_data['language'] = htmlspecialchars($data['language']);
|
|
$page_data['content_type'] = htmlspecialchars($data['content_type']);
|
|
$page_data['charset'] = htmlspecialchars($data['charset']);
|
|
$page_data['teaser_headline'] = htmlspecialchars($data['teaser_headline']);
|
|
$page_data['teaser'] = htmlspecialchars($data['teaser']);
|
|
$page_data['teaser_img'] = htmlspecialchars($data['teaser_img']);
|
|
$page_data['sidebar_1'] = htmlspecialchars($data['sidebar_1']);
|
|
$page_data['sidebar_2'] = htmlspecialchars($data['sidebar_2']);
|
|
$page_data['sidebar_3'] = htmlspecialchars($data['sidebar_3']);
|
|
$page_data['page_notes'] = htmlspecialchars($data['page_notes']);
|
|
$page_data['edit_permission_general'] = intval($data['edit_permission_general']);
|
|
$page_data['tv'] = str_replace(',',', ',htmlspecialchars($data['tv']));
|
|
$page_data['status'] = intval($data['status']);
|
|
$page_data['content'] = htmlspecialchars($data['content']);
|
|
|
|
$edit_permission_array = explode(',',$data['edit_permission']);
|
|
foreach($edit_permission_array as $edit_permission)
|
|
{
|
|
$edit_permission = intval(trim($edit_permission));
|
|
if(isset($users[$edit_permission]))
|
|
{
|
|
$permitted_users[] = htmlspecialchars($users[$edit_permission]);
|
|
}
|
|
}
|
|
if(isset($permitted_users))
|
|
{
|
|
$page_data['edit_permission'] = implode(', ',$permitted_users);
|
|
}
|
|
else
|
|
{
|
|
$page_data['edit_permission'] = '';
|
|
}
|
|
|
|
$send_pingbacks = 0;
|
|
$action='main';
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// set default values for new pages:
|
|
$page_data['time'] = date("Y-m-d H:i:s");
|
|
$page_data['last_modified'] = date("Y-m-d H:i:s");
|
|
$page_data['display_time'] = 0;
|
|
$page_data['include_page'] = 0;
|
|
$page_data['include_order'] = 0;
|
|
$page_data['include_rss'] = 0;
|
|
$page_data['include_sitemap'] = 0;
|
|
$page_data['include_news'] = 0;
|
|
$page_data['link_name'] = Localization::$lang['teaser_default_linkname'];
|
|
$page_data['template'] = $settings['default_template'];
|
|
$page_data['menu_1'] = $settings['default_menu'];
|
|
$page_data['edit_permission_general'] = 0;
|
|
$page_data['status'] = 2;
|
|
$send_pingbacks = $settings['pingbacks_enabled'] ? 1 : 0;
|
|
}
|
|
|
|
// edit submitted:
|
|
if(isset($_POST['content']))
|
|
{
|
|
if(isset($_POST['id']))
|
|
{
|
|
$dbr = Database::$content->prepare("SELECT id,author,edit_permission,edit_permission_general FROM ".Database::$db_settings['pages_table']." WHERE id=:id LIMIT 1");
|
|
$dbr->bindParam(':id', $_POST['id'], PDO::PARAM_INT);
|
|
$dbr->execute();
|
|
$data = $dbr->fetch();
|
|
if(!isset($data['id']))
|
|
{
|
|
$errors[] = 'page_doesnt_exist';
|
|
}
|
|
elseif(!is_authorized_to_edit($_SESSION[$settings['session_prefix'].'user_id'],$_SESSION[$settings['session_prefix'].'user_type'],$data['author'],$data['edit_permission'],$data['edit_permission_general']))
|
|
{
|
|
$errors[] = 'no_authorization_edit';
|
|
}
|
|
}
|
|
|
|
if(empty($errors))
|
|
{
|
|
$_POST['page'] = isset($_POST['page']) ? trim($_POST['page']) : '';
|
|
$_POST['title'] = isset($_POST['title']) ? trim($_POST['title']) : '';
|
|
$_POST['gcb_1'] = isset($_POST['gcb_1']) ? trim($_POST['gcb_1']) : '';
|
|
$_POST['gcb_2'] = isset($_POST['gcb_2']) ? trim($_POST['gcb_2']) : '';
|
|
$_POST['gcb_3'] = isset($_POST['gcb_3']) ? trim($_POST['gcb_3']) : '';
|
|
$_POST['include_page'] = isset($_POST['include_page']) ? intval($_POST['include_page']) : 0;
|
|
$_POST['include_rss'] = isset($_POST['include_rss']) ? intval($_POST['include_rss']) : 0;
|
|
$_POST['include_sitemap'] = isset($_POST['include_sitemap']) ? intval($_POST['include_sitemap']) : 0;
|
|
$_POST['include_news'] = isset($_POST['include_news']) ? intval($_POST['include_news']) : 0;
|
|
if(empty($_POST['rss'])) $_POST['rss'] = 0;
|
|
if(empty($_POST['sitemap'])) $_POST['sitemap'] = 0;
|
|
if(empty($_POST['content_type'])) $_POST['content_type'] = '';
|
|
if(empty($_POST['charset'])) $_POST['charset'] = '';
|
|
if(empty($_POST['edit_permission_general'])) $_POST['edit_permission_general'] = 0;
|
|
$_POST['status'] = isset($_POST['status']) ? intval($_POST['status']) : 0;
|
|
$_POST['display_time'] = isset($_POST['display_time']) && $_POST['display_time']==1 ? 1 : 0;
|
|
if($_POST['status']>2) $_POST['status'] = 2;
|
|
$send_pingbacks = isset($_POST['send_pingbacks']) && $_POST['send_pingbacks']==1 ? 1 : 0;
|
|
|
|
// trim sections:
|
|
$sections_array = explode(',',$_POST['sections']);
|
|
foreach($sections_array as $item)
|
|
{
|
|
if(trim($item)!='')
|
|
{
|
|
$cleared_sections_array[] = trim($item);
|
|
}
|
|
}
|
|
$_POST['sections'] = '';
|
|
if(isset($cleared_sections_array))
|
|
{
|
|
$cleared_sections_array_count = count($cleared_sections_array);
|
|
$i=1;
|
|
foreach($cleared_sections_array as $section)
|
|
{
|
|
$_POST['sections'] .= $section;
|
|
if($i<$cleared_sections_array_count) $_POST['sections'] .= ',';
|
|
++$i;
|
|
}
|
|
}
|
|
|
|
// trim custom values:
|
|
$tv_array = explode(',', $_POST['tv']);
|
|
foreach($tv_array as $item)
|
|
{
|
|
if(trim($item)!='')
|
|
{
|
|
$cleared_tv_array[] = trim($item);
|
|
}
|
|
}
|
|
if(isset($cleared_tv_array)) $_POST['tv'] = implode(',', $cleared_tv_array);
|
|
else $_POST['tv'] = '';
|
|
|
|
// generate breadcrumb list:
|
|
if(isset($_POST['breadcrumbs']) && is_array($_POST['breadcrumbs']))
|
|
{
|
|
foreach($_POST['breadcrumbs'] as $breadcrumb)
|
|
{
|
|
if(!empty($breadcrumb)) $cleared_breadcrumbs[] = intval($breadcrumb);
|
|
}
|
|
if(isset($cleared_breadcrumbs))
|
|
{
|
|
$breadcrumb_list = implode(',',$cleared_breadcrumbs);
|
|
}
|
|
}
|
|
if(empty($breadcrumb_list))
|
|
{
|
|
$breadcrumb_list = '';
|
|
}
|
|
|
|
// generate edit permission list:
|
|
$edit_permission_list = '';
|
|
$users_array = explode(',',$_POST['edit_permission']);
|
|
foreach($users_array as $current_user)
|
|
{
|
|
if(trim($current_user)!='' && in_array(strtolower(trim($current_user)),$users))
|
|
{
|
|
$cleared_users_array[] = strtolower(trim($current_user));
|
|
}
|
|
else
|
|
{
|
|
if(trim($current_user)!='')
|
|
{
|
|
$invalid_username = true;
|
|
}
|
|
}
|
|
}
|
|
if(isset($cleared_users_array))
|
|
{
|
|
$cleared_users_array_count = count($cleared_users_array);
|
|
$users_trans = array_flip($users);
|
|
$i=1;
|
|
foreach($cleared_users_array as $current_user)
|
|
{
|
|
$edit_permission_list .= $users_trans[$current_user];
|
|
if($i<$cleared_users_array_count) $edit_permission_list .= ',';
|
|
++$i;
|
|
}
|
|
}
|
|
if(isset($invalid_username))
|
|
{
|
|
$errors[] = 'invalid_edit_auth_list';
|
|
}
|
|
|
|
#$page = trim($_POST['page']);
|
|
$type_addition = trim($_POST['type_addition']);
|
|
if(empty($_POST['page'])) $errors[] = 'error_page_name_empty';
|
|
elseif(!preg_match(VALID_URL_CHARACTERS, $_POST['page'])) $errors[] ='error_page_name_spec_chars';
|
|
|
|
#if(empty($_POST['title'])) $errors[] = 'error_no_title';
|
|
|
|
if($_POST['teaser_img']!='' && !file_exists(BASE_PATH.MEDIA_DIR.$_POST['teaser_img'])) $errors[] = 'err_teaser_img_doesnt_exist';
|
|
|
|
if(empty($page_types[$_POST['type']])) $errors[] = 'invalid_page_type';
|
|
if(isset($page_types[$_POST['type']]) && $page_types[$_POST['type']]['requires_parameter'] == true && trim($type_addition)=='') $errors[] = 'page_type_req_param';
|
|
|
|
if(($time = strtotime($_POST['time']))===false) $errors[] = 'time_invalid';
|
|
if(($last_modified = strtotime($_POST['last_modified']))===false) $errors[] = 'last_modified_invalid';
|
|
|
|
}
|
|
|
|
if(empty($errors))
|
|
{
|
|
$dbr = Database::$content->prepare("SELECT id, page FROM ".Database::$db_settings['pages_table']." WHERE lower(page)=:page LIMIT 1");
|
|
$dbr->bindValue(':page', strtolower($_POST['page']), PDO::PARAM_STR);
|
|
$dbr->execute();
|
|
$data = $dbr->fetch();
|
|
if(isset($data['id']))
|
|
{
|
|
#if(isset($_POST['id']) && intval($_POST['id'])==intval($data['id']) && empty($_POST['edit_mode']))
|
|
# {
|
|
# // OK...
|
|
# }
|
|
if(!(isset($_POST['id']) && empty($_POST['edit_mode']) && intval($data['id'])==intval($_POST['id']))) $errors[] = 'error_page_name_alr_exists';
|
|
}
|
|
}
|
|
|
|
if(empty($errors))
|
|
{
|
|
if(isset($_POST['id']) && empty($_POST['edit_mode']))
|
|
{
|
|
$dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['pages_table']." SET page=:page, type=:type, type_addition=:type_addition, time=:time, last_modified=:last_modified, display_time=:display_time, last_modified_by=:last_modified_by, title=:title, page_title=:page_title, description=:description, keywords=:keywords, category=:category, page_info=:page_info, breadcrumbs=:breadcrumbs, teaser_headline=:teaser_headline, teaser=:teaser, teaser_img=:teaser_img, content=:content, sidebar_1=:sidebar_1, sidebar_2=:sidebar_2, sidebar_3=:sidebar_3, sections=:sections, include_page=:include_page, include_order=:include_order, include_rss=:include_rss, include_sitemap=:include_sitemap, include_news=:include_news, link_name=:link_name, menu_1=:menu_1, menu_2=:menu_2, menu_3=:menu_3, gcb_1=:gcb_1, gcb_2=:gcb_2, gcb_3=:gcb_3, template=:template, language=:language, content_type=:content_type, charset=:charset, page_notes=:page_notes, edit_permission=:edit_permission, edit_permission_general=:edit_permission_general, tv=:tv, status=:status WHERE id=:id");
|
|
$dbr->bindParam(':page', $_POST['page'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':type', $_POST['type'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':type_addition', $type_addition, PDO::PARAM_STR);
|
|
$dbr->bindParam(':time', $time, PDO::PARAM_INT);
|
|
$dbr->bindParam(':last_modified', $last_modified, PDO::PARAM_INT);
|
|
$dbr->bindParam(':display_time', $_POST['display_time'], PDO::PARAM_INT);
|
|
$dbr->bindParam(':last_modified_by', $_SESSION[$settings['session_prefix'].'user_id'], PDO::PARAM_INT);
|
|
$dbr->bindParam(':title', $_POST['title'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':page_title', $_POST['page_title'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':description', $_POST['description'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':keywords', $_POST['keywords'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':category', $_POST['category'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':page_info', $_POST['page_info'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':breadcrumbs', $breadcrumb_list, PDO::PARAM_STR);
|
|
$dbr->bindParam(':teaser_headline', $_POST['teaser_headline'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':teaser', $_POST['teaser'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':teaser_img', $_POST['teaser_img'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':content', $_POST['content'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':sidebar_1', $_POST['sidebar_1'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':sidebar_2', $_POST['sidebar_2'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':sidebar_3', $_POST['sidebar_3'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':sections', $_POST['sections'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':include_page', $_POST['include_page'], PDO::PARAM_INT);
|
|
$dbr->bindParam(':include_order', $_POST['include_order'], PDO::PARAM_INT);
|
|
$dbr->bindParam(':include_rss', $_POST['include_rss'], PDO::PARAM_INT);
|
|
$dbr->bindParam(':include_sitemap', $_POST['include_sitemap'], PDO::PARAM_INT);
|
|
$dbr->bindParam(':include_news', $_POST['include_news'], PDO::PARAM_INT);
|
|
$dbr->bindParam(':link_name', $_POST['link_name'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':menu_1', $_POST['menu_1'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':menu_2', $_POST['menu_2'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':menu_3', $_POST['menu_3'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':gcb_1', $_POST['gcb_1'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':gcb_2', $_POST['gcb_2'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':gcb_3', $_POST['gcb_3'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':template', $_POST['template'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':language', $_POST['language'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':content_type', $_POST['content_type'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':charset', $_POST['charset'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':page_notes', $_POST['page_notes'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':edit_permission', $edit_permission_list, PDO::PARAM_STR);
|
|
$dbr->bindParam(':edit_permission_general', $_POST['edit_permission_general'], PDO::PARAM_INT);
|
|
$dbr->bindParam(':tv', $_POST['tv'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':status', $_POST['status'], PDO::PARAM_INT);
|
|
$dbr->bindParam(':id', $_POST['id'], PDO::PARAM_INT);
|
|
$dbr->execute();
|
|
#print_r(Database::$content->errorInfo());
|
|
}
|
|
else
|
|
{
|
|
if(isset($_POST['edit_mode']))
|
|
{
|
|
$time = $last_modified;
|
|
}
|
|
$dbr = Database::$content->prepare("INSERT INTO ".Database::$db_settings['pages_table']." (page,type,type_addition,time,last_modified,display_time,last_modified_by,title,page_title,description,keywords,category,page_info,breadcrumbs,teaser_headline,teaser,teaser_img,content,sidebar_1,sidebar_2,sidebar_3,sections,include_page,include_order,include_rss,include_sitemap,include_news,link_name,menu_1,menu_2,menu_3,gcb_1,gcb_2,gcb_3,template,language,content_type,charset,page_notes,edit_permission,edit_permission_general,tv,status,author) VALUES (:page,:type,:type_addition,:time,:last_modified,:display_time,:last_modified_by,:title,:page_title,:description,:keywords,:category,:page_info,:breadcrumbs,:teaser_headline,:teaser,:teaser_img,:content,:sidebar_1,:sidebar_2,:sidebar_3,:sections,:include_page,:include_order,:include_rss,:include_sitemap,:include_news,:link_name,:menu_1,:menu_2,:menu_3,:gcb_1,:gcb_2,:gcb_3,:template,:language,:content_type,:charset,:page_notes,:edit_permission,:edit_permission_general,:tv,:status,:author)");
|
|
$dbr->bindParam(':page', $_POST['page'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':type', $_POST['type'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':type_addition', $type_addition, PDO::PARAM_STR);
|
|
$dbr->bindParam(':time', $time, PDO::PARAM_INT);
|
|
$dbr->bindParam(':last_modified', $last_modified, PDO::PARAM_INT);
|
|
$dbr->bindParam(':display_time', $_POST['display_time'], PDO::PARAM_INT);
|
|
$dbr->bindParam(':last_modified_by', $_SESSION[$settings['session_prefix'].'user_id'], PDO::PARAM_INT);
|
|
$dbr->bindParam(':title', $_POST['title'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':page_title', $_POST['page_title'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':description', $_POST['description'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':keywords', $_POST['keywords'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':category', $_POST['category'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':page_info', $_POST['page_info'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':breadcrumbs', $breadcrumb_list, PDO::PARAM_STR);
|
|
$dbr->bindParam(':teaser_headline', $_POST['teaser_headline'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':teaser', $_POST['teaser'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':teaser_img', $_POST['teaser_img'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':content', $_POST['content'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':sidebar_1', $_POST['sidebar_1'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':sidebar_2', $_POST['sidebar_2'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':sidebar_3', $_POST['sidebar_3'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':sections', $_POST['sections'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':include_page', $_POST['include_page'], PDO::PARAM_INT);
|
|
$dbr->bindParam(':include_order', $_POST['include_order'], PDO::PARAM_INT);
|
|
$dbr->bindParam(':include_rss', $_POST['include_rss'], PDO::PARAM_INT);
|
|
$dbr->bindParam(':include_sitemap', $_POST['include_sitemap'], PDO::PARAM_INT);
|
|
$dbr->bindParam(':include_news', $_POST['include_news'], PDO::PARAM_INT);
|
|
$dbr->bindParam(':link_name', $_POST['link_name'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':menu_1', $_POST['menu_1'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':menu_2', $_POST['menu_2'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':menu_3', $_POST['menu_3'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':gcb_1', $_POST['gcb_1'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':gcb_2', $_POST['gcb_2'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':gcb_3', $_POST['gcb_3'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':template', $_POST['template'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':language', $_POST['language'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':content_type', $_POST['content_type'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':charset', $_POST['charset'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':page_notes', $_POST['page_notes'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':edit_permission', $edit_permission_list, PDO::PARAM_STR);
|
|
$dbr->bindParam(':edit_permission_general', $_POST['edit_permission_general'], PDO::PARAM_INT);
|
|
$dbr->bindParam(':tv', $_POST['tv'], PDO::PARAM_STR);
|
|
$dbr->bindParam(':status', $_POST['status'], PDO::PARAM_INT);
|
|
$dbr->bindParam(':author', $_SESSION[$settings['session_prefix'].'user_id'], PDO::PARAM_INT);
|
|
$dbr->execute();
|
|
}
|
|
|
|
if(isset($cache) && $cache->autoClear) $cache->clear();
|
|
|
|
if($settings['pingbacks_enabled'] && $send_pingbacks)
|
|
{
|
|
$page_content = $_POST['content'];
|
|
if($settings['content_auto_link']==1) $page_content = make_link($page_content);
|
|
$page_content = parse_special_tags($page_content);
|
|
$pingback = new Pingback();
|
|
$pingback->ping(BASE_URL.$_POST['page'], $page_content);
|
|
}
|
|
|
|
if(intval($_POST['status'])==0)
|
|
{
|
|
header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=pages');
|
|
exit;
|
|
}
|
|
else
|
|
{
|
|
header('Location: '.BASE_URL.$_POST['page']);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
$template->assign('errors',$errors);
|
|
if(isset($_POST['id'])) $page_data['id'] = intval($_POST['id']);
|
|
$page_data['edit_mode'] = isset($_POST['edit_mode']) ? intval($_POST['edit_mode']) : 0;
|
|
$page_data['page'] = isset($_POST['page']) ? htmlspecialchars($_POST['page']) : '';
|
|
$page_data['category'] = isset($_POST['category']) ? htmlspecialchars($_POST['category']) : '';
|
|
$page_data['page_info'] = isset($_POST['page_info']) ? htmlspecialchars($_POST['page_info']) : '';
|
|
$page_data['page_title'] = isset($_POST['page_title']) ? htmlspecialchars($_POST['page_title']) : '';
|
|
$page_data['description'] = isset($_POST['description']) ? htmlspecialchars($_POST['description']) : '';
|
|
$page_data['keywords'] = isset($_POST['keywords']) ? htmlspecialchars($_POST['keywords']) : '';
|
|
$page_data['title'] = isset($_POST['title']) ? htmlspecialchars($_POST['title']) : '';
|
|
$page_data['teaser'] = isset($_POST['teaser']) ? htmlspecialchars($_POST['teaser']) : '';
|
|
$page_data['teaser_headline'] = isset($_POST['teaser_headline']) ? htmlspecialchars($_POST['teaser_headline']) : '';
|
|
$page_data['teaser_img'] = isset($_POST['teaser_img']) ? htmlspecialchars($_POST['teaser_img']) : '';
|
|
$page_data['sidebar_1'] = isset($_POST['sidebar_1']) ? htmlspecialchars($_POST['sidebar_1']) : '';
|
|
$page_data['sidebar_2'] = isset($_POST['sidebar_2']) ? htmlspecialchars($_POST['sidebar_2']) : '';
|
|
$page_data['sidebar_3'] = isset($_POST['sidebar_3']) ? htmlspecialchars($_POST['sidebar_3']) : '';
|
|
$page_data['type'] = isset($_POST['type']) ? htmlspecialchars($_POST['type']) : '';
|
|
$page_data['type_addition'] = isset($_POST['type_addition']) ? htmlspecialchars($_POST['type_addition']) : '';
|
|
$page_data['time'] = isset($_POST['time']) ? htmlspecialchars($_POST['time']) : '';
|
|
$page_data['last_modified'] = isset($_POST['last_modified']) ? htmlspecialchars($_POST['last_modified']) : '';
|
|
$page_data['display_time'] = isset($_POST['display_time']) && $_POST['display_time']==1 ? 1 : 0;
|
|
$page_data['include_page'] = isset($_POST['include_page']) ? intval($_POST['include_page']) : 0;
|
|
$page_data['include_order'] = isset($_POST['include_order']) ? intval($_POST['include_order']) : 0;
|
|
$page_data['include_rss'] = isset($_POST['include_rss']) ? intval($_POST['include_rss']) : 0;
|
|
$page_data['include_sitemap'] = isset($_POST['include_sitemap']) ? intval($_POST['include_sitemap']) : 0;
|
|
$page_data['include_news'] = isset($_POST['include_news']) ? intval($_POST['include_news']) : 0;
|
|
$page_data['link_name'] = isset($_POST['link_name']) ? htmlspecialchars($_POST['link_name']) : Localization::$lang['teaser_default_linkname'];
|
|
$page_data['template'] = isset($_POST['template']) ? htmlspecialchars($_POST['template']) : $settings['default_template'];
|
|
$page_data['language'] = isset($_POST['language']) ? htmlspecialchars($_POST['language']) : '';
|
|
$page_data['content_type'] = isset($_POST['content_type']) ? htmlspecialchars($_POST['content_type']) : '';
|
|
$page_data['charset'] = isset($_POST['charset']) ? htmlspecialchars($_POST['charset']) : '';
|
|
$page_data['menu_1'] = isset($_POST['menu_1']) ? htmlspecialchars($_POST['menu_1']) : $settings['default_menu'];
|
|
$page_data['menu_2'] = isset($_POST['menu_2']) ? htmlspecialchars($_POST['menu_2']) : '';
|
|
$page_data['menu_3'] = isset($_POST['menu_3']) ? htmlspecialchars($_POST['menu_3']) : '';
|
|
$page_data['gcb_1'] = isset($_POST['gcb_1']) ? htmlspecialchars($_POST['gcb_1']) : '';
|
|
$page_data['gcb_2'] = isset($_POST['gcb_2']) ? htmlspecialchars($_POST['gcb_2']) : '';
|
|
$page_data['gcb_3'] = isset($_POST['gcb_3']) ? htmlspecialchars($_POST['gcb_3']) : '';
|
|
$page_data['page_notes'] = isset($_POST['page_notes']) ? htmlspecialchars($_POST['page_notes']) : '';
|
|
$page_data['sections'] = isset($_POST['sections']) ? htmlspecialchars($_POST['sections']) : '';
|
|
$page_data['tv'] = isset($_POST['tv']) ? htmlspecialchars($_POST['tv']) : '';
|
|
$page_data['edit_permission_general'] = isset($_POST['edit_permission_general']) ? intval($_POST['edit_permission_general']) : 0;
|
|
$page_data['status'] = isset($_POST['status']) ? intval($_POST['status']) : 0;
|
|
|
|
if(isset($_POST['breadcrumbs']) && is_array($_POST['breadcrumbs']))
|
|
{
|
|
foreach($_POST['breadcrumbs'] as $breadcrumb)
|
|
{
|
|
if(!empty($breadcrumb)) $page_data['breadcrumbs'][] = intval($breadcrumb);
|
|
}
|
|
}
|
|
|
|
$page_data['content'] = isset($_POST['content']) ? htmlspecialchars($_POST['content']) : '';
|
|
|
|
$edit_mode = isset($_POST['edit_mode']) && $_POST['edit_mode']==1 ? 1 : 0;
|
|
}
|
|
}
|
|
// end if(isset($_POST['content']))
|
|
|
|
switch($action)
|
|
{
|
|
case 'main':
|
|
// get available pages:
|
|
$dbr = Database::$content->query("SELECT id, page, type FROM ".Database::$db_settings['pages_table']." ORDER BY page ASC");
|
|
$i=0;
|
|
$ii=0;
|
|
while($pages_data = $dbr->fetch())
|
|
{
|
|
$pages[$i]['id'] = $pages_data['id'];
|
|
$pages[$i]['page'] = $pages_data['page'];
|
|
$pages[$i]['type'] = $pages_data['type'];
|
|
|
|
if($pages_data['type']=='news' || $pages_data['type']=='simple_news')
|
|
{
|
|
$simple_news_pages[$ii]['id'] = $pages_data['id'];
|
|
$simple_news_pages[$ii]['page'] = $pages_data['page'];
|
|
++$ii;
|
|
}
|
|
|
|
++$i;
|
|
}
|
|
if(isset($pages))
|
|
{
|
|
$template->assign('pages',$pages);
|
|
}
|
|
if(isset($simple_news_pages))
|
|
{
|
|
$template->assign('simple_news_pages',$simple_news_pages);
|
|
}
|
|
|
|
// get menus:
|
|
$menu_result = Database::$content->query("SELECT DISTINCT menu FROM ".Database::$db_settings['menu_table']." ORDER BY menu ASC");
|
|
while($menu_data = $menu_result->fetch())
|
|
{
|
|
$menus[] = $menu_data['menu'];
|
|
}
|
|
if(isset($menus))
|
|
{
|
|
$template->assign('menus',$menus);
|
|
}
|
|
|
|
// get global content blocks:
|
|
$gcb_result = Database::$content->query("SELECT id, identifier FROM ".Database::$db_settings['gcb_table']." ORDER BY id ASC");
|
|
$i=0;
|
|
while($gcb_data = $gcb_result->fetch())
|
|
{
|
|
$gcbs[$i]['id'] = $gcb_data['id'];
|
|
$gcbs[$i]['identifier'] = $gcb_data['identifier'];
|
|
$i++;
|
|
}
|
|
if(isset($gcbs))
|
|
{
|
|
$template->assign('gcbs',$gcbs);
|
|
}
|
|
|
|
// get available templates:
|
|
$handle=opendir(BASE_PATH.'cms/templates/');
|
|
while($file = readdir($handle))
|
|
{
|
|
if(preg_match('/\.tpl$/i', $file))
|
|
{
|
|
$template_file_array[] = $file;
|
|
}
|
|
}
|
|
closedir($handle);
|
|
natcasesort($template_file_array);
|
|
$i=0;
|
|
foreach($template_file_array as $file)
|
|
{
|
|
$template_files[$i] = $file;
|
|
#$template_files[$i]['name'] = htmlspecialchars($file);
|
|
$i++;
|
|
}
|
|
if(isset($template_files))
|
|
{
|
|
$template->assign('template_files',$template_files);
|
|
}
|
|
|
|
$template->assign('page_languages', get_languages());
|
|
|
|
if(empty($edit_mode))
|
|
{
|
|
$edit_mode=0;
|
|
}
|
|
$template->assign('edit_mode',$edit_mode);
|
|
if(isset($page_data))
|
|
{
|
|
$template->assign('page_data', $page_data);
|
|
$template->assign('send_pingbacks', $send_pingbacks);
|
|
}
|
|
$template->assign('subtemplate', 'edit.inc.tpl');
|
|
break;
|
|
|
|
case 'page_doesnt_exist':
|
|
$template->assign('invalid_request', 'page_doesnt_exist');
|
|
$template->assign('subtemplate', 'edit.inc.tpl');
|
|
break;
|
|
case 'no_authorization':
|
|
$template->assign('invalid_request', 'no_authorization_edit');
|
|
$template->assign('subtemplate', 'edit.inc.tpl');
|
|
break;
|
|
}
|
|
}
|