HasSystemPermission("SYSTEM_ACCESS.READONLY"); // ====== Debugger related: begin ====== $script = basename($_SERVER['PHP_SELF']); $skipDebug = Array('index.php', 'tree.php', 'head.php', 'credits.php'); if( admin_login() && !in_array($script, $skipDebug) ) { if( IsDebugMode() ) { if($Action) $debugger->setHTMLByIndex(1,'Kernel Action: '.$Action.'','append'); if (!constOn('REDIRECT_REQUIRED')) { echo ''; if (!constOn('DBG_ZEND_PRESENT')) { echo '  
'; } } } } unset($script, $skipDebug); // ====== Debugger related: end ====== require_login( !admin_login() && $Action, 'expired=1', true ); // permission checking: begin $action_mapping = Array( 'm_add_user' => 'in-portal:user_list.add', 'm_edit_user' => 'in-portal:user_list.edit', 'm_delete_user' => 'in-portal:user_list.delete', 'm_user_primarygroup' => 'in-portal:user_list.add|in-portal:user_list.edit', 'm_approve_user' => 'in-portal:user_list.add|in-portal:user_list.edit', 'm_deny_user' => 'in-portal:user_list.add|in-portal:user_list.edit', 'm_clear_searchlog' => 'in-portal:searchlog.delete', 'm_keyword_reset' => 'in-portal:searchlog.delete', 'm_themes_rescan' => 'in-portal:configure_themes.add|in-portal:configure_themes.edit', 'm_theme_primary' => 'in-portal:configure_themes.add|in-portal:configure_themes.edit', 'm_theme_add' => 'in-portal:configure_themes.add', 'm_theme_edit' => 'in-portal:configure_themes.edit', 'm_theme_delete' => 'in-portal:configure_themes.delete', 'm_sql_query' => 'in-portal:sql_query.edit', 'm_purge_email_log' => 'in-portal:emaillog.delete', 'm_session_delete' => 'in-portal:sessionlog.delete', 'm_add_rule' => 'in-portal:user_banlist.add', 'm_edit_rule' => 'in-portal:user_banlist.edit', 'm_rule_move_up' => 'in-portal:user_banlist.add|in-portal:user_banlist.edit', 'm_rule_move_down' => 'in-portal:user_banlist.add|in-portal:user_banlist.edit', 'm_rule_delete' => 'in-portal:user_banlist.delete', 'm_ban_user' => 'in-portal:user_list.add|in-portal:user_list.edit', ); checkActionPermission($action_mapping, $Action); // permission checking: end switch($Action) { case "m_save_import_config": // Set New Import Category if( GetVar('categorylist', true) !== false ) { $cat_id = $_POST['categorylist']; $objSession->SetVariable('categoryid', $cat_id); if($cat_id > 0) { $cat = $objCatList->GetByResource($cat_id); if(is_object($cat)) { $navbar = $cat->Get('CachedNavbar'); $objSession->SetVariable('catnavbar', $navbar); $objSession->SetVariable('import_category_id', $cat->UniqueId() ); } }elseif($cat_id == 0) { global $objConfig; $objSession->SetVariable('import_category_id', 0); } $objSession->SetVariable('categorylist', $_POST['categorylist']); } // Set Import Admin Group if( GetVar('grouplist1', true) ) { $group_id = $_POST['grouplist1']; $group = $objGroups->GetItemByField('ResourceId',$group_id); $objSession->SetVariable('user_admin_names', $group->Get('Name')); $objSession->SetVariable('user_admin_values', $group->Get('GroupId')); $objSession->SetVariable('grouplist1', $_POST['grouplist1']); } // Set Import User Group if( GetVar('grouplist2', true) ) { $group_id = $_POST['grouplist2']; $group = $objGroups->GetItemByField('ResourceId', $group_id); $objSession->SetVariable('user_regular_names', $group->Get('Name')); $objSession->SetVariable('user_regular_values', $group->Get('GroupId')); $objSession->SetVariable('grouplist2', $_POST['grouplist2']); } break; case "m_add_user": $application =& kApplication::Instance(); $application->SetVar('u_mode', 't'); $dupe_user = ''; //$user_pending = (int)$_POST["user_pending"]; //$user_enabled = (int)$_POST["user_enabled"]; $CreatedOn = DateTimestamp($_POST["user_date"],GetDateFormat(0, true)); $CreatedOn += SecondsSinceMidnight($_POST["user_time"]); $dob = DateTimestamp($_POST["user_dob"],GetDateFormat(0, true)); $objEditItems = new clsUserManager(); $objEditItems->SourceTable = $objSession->GetEditTable("PortalUser"); if(strlen($_POST["user_login"])) { if (strtolower($_POST["user_login"]) == "root") $id = 1; else $id = $objUsers->GetUserId($_POST["user_login"]); } else $dob = 0; if(!empty($id)) { $lvErrorString = language('la_error_duplicate_username'); $dupe_user = $_POST["user_login"]; $_POST["user_login"] = ''; } else { $fields_hash = Array( 'Login' => $_POST['user_login'], 'Password' => md5($_POST['password']), 'FirstName' => $_POST['user_firstname'], 'LastName' => $_POST['user_lastname'], 'Company' => $_POST['user_company'], 'Email' => $_POST['user_email'], 'Phone' => $_POST['user_phone'], 'Fax' => $_POST['user_fax'], 'Street' => $_POST['user_street'], 'Street2' => $_POST['user_street2'], 'City' => $_POST['user_city'], 'State' => $_POST['user_state'], 'Country' => $_POST['user_country'], 'Zip' => $_POST['user_zip'], 'Status' => $_POST['status'], 'CreatedOn' => $CreatedOn, 'dob' => $dob ); $u =& $objEditItems->Add_User_NEW($fields_hash); saveCustomFields('u', $u->Get('ResourceId'), 6); } break; case "m_edit_user": $application =& kApplication::Instance(); $application->SetVar('u_mode', 't'); //$CreatedOn = DateTimestamp($_POST["user_date"],GetDateFormat(0, true)); //$CreatedOn += SecondsSinceMidnight($_POST["user_time"]); $dob = DateTimestamp($_POST["user_dob"],GetDateFormat(0, true)); $objEditItems = new clsUserManager(); $objEditItems->SourceTable = $objSession->GetEditTable("PortalUser"); //$user_pending = (int)$_POST["user_pending"]; //$user_enabled = (int)$_POST["user_enabled"]; $UserId = (int)$_POST["user_id"]; //echo $UserId."
\n"; if (!GetVar('user_login')) { $dob = 0; } $fields_hash = Array( 'Login' => $_POST['user_login'], 'Password' => GetVar('password') ? md5(GetVar('password')) : '', 'FirstName' => $_POST['user_firstname'], 'LastName' => $_POST['user_lastname'], 'Company' => $_POST['user_company'], 'Email' => $_POST['user_email'], 'Street' => $_POST['user_street'], 'Street2' => $_POST['user_street2'], 'City' => $_POST['user_city'], 'State' => $_POST['user_state'], 'Country' => $_POST['user_country'], // note: should issue some conversion from name to ISO code 'Zip' => $_POST['user_zip'], 'Phone' => $_POST['user_phone'], 'Fax' => $_POST['user_fax'], 'Status' => $_POST['status'], 'dob' => $dob, ); $u =& $objEditItems->Edit_User_NEW($UserId, $fields_hash); saveCustomFields('u', $u->Get('ResourceId'), 6); break; case "m_user_primarygroup": if($ro_perm) break; $users = explode(',', $_POST["userlist"]); $GroupResourceId = $_POST['grouplist']; $g = $objGroups->GetItemByField("ResourceId", $GroupResourceId); $GroupId = $g->UniqueId(); if( is_array($users) ) foreach($users as $user_id) { $u = $objUsers->GetItemByField("ResourceId", $user_id); $g->AddUser($u->Get("PortalUserId"),1,false); } break; case 'm_group_edit': // when editing user membership in group $membership_expires = DateTimestamp( $_POST['membership_expires_date'], GetDateFormat(0, true) ); $membership_expires += SecondsSinceMidnight( $_POST['membership_expires_time'] ); $objEditItems = new clsUserGroupList(); $objEditItems->SourceTable = $objSession->GetEditTable('UserGroup'); $objEditItems->Edit_UserGroup($_POST['GroupId'], $_POST['PortalUserId'], $membership_expires); break; case "m_user_sysperm": if($ro_perm) break; if($_POST["UserEditStatus"]==0) { $UserId = $_POST["ItemId"]; if($UserId) { $objEditItems = new clsUserManager(); $objEditItems->SourceTable = $objSession->GetEditTable("PortalUser"); $u = $objEditItems->GetItemByField("ResourceId",$UserId); unset($g); if(is_object($u)) { $objSession->ResetSysPermCache(); $g = $u->GetPersonalGroup(FALSE); $PermList = explode(",",$_POST["PermList"]); for($i=0;$iGetPersonalGroup(TRUE); $value = 0; if(is_array($_POST["permvalue"])) { if(in_array($PermList[$i],$_POST["permvalue"])) $value =1; $g->SetSystemPermission($PermList[$i],$value); } else { $g->SetSystemPermission($PermList[$i], 0); } } else { if(is_object($g)) $g->SetSystemPermission($PermList[$i],-1); } } } } } break; case "m_approve_user": if($ro_perm) break; foreach($_POST["itemlist"] as $userid) { $user = $objUsers->GetItemByField("ResourceId",$userid); $user->Approve(); } $objUsers->Clear(); break; case "m_deny_user": if($ro_perm) break; foreach($_POST["itemlist"] as $userid) { $user = $objUsers->GetItemByField("ResourceId",$userid); $user->Deny(); } $objUsers->Clear(); break; case "m_delete_user": if($ro_perm) break; foreach($_POST["itemlist"] as $userid) $objUsers->Delete_User($userid); break; case "m_user_assign": // not sure if action is used anywhere if($ro_perm) break; $useridlist = implode("-", $userlist); $objSession->SetUserStatus($useridlist, "g_usergroup_status"); $g_usergroup_status = $useridlist; break; case "m_group_assign": // not sure if action is used anywhere if($ro_perm) break; foreach($grouplist as $group) $objGroups->Add_Users_To_Group($group); break; case "m_remove_group": if($ro_perm) break; $adodbConnection = &GetADODBConnection(); $adodbConnection->Execute("DELETE FROM UserGroup where UserId='$UserId' AND GroupId='$GroupId'"); break; case "m_SetVariable": $objSession->SetPersistantVariable($_POST["fieldname"], $_POST["varvalue"]); break; case "m_SetSessionVariable": $objSession->SetVariable($_POST["fieldname"], $_POST["varvalue"]); //echo "Setting $fieldname to $varvalue
\n"; if($_POST["fieldname"]=="SearchType") $objSession->SetVariable("SearchWord",""); break; case "m_edit_permissions": if($ro_perm) break; if($_POST["CatEditStatus"] != -1) { $objSession->SetVariable('PermCache_UpdateRequired', 1); $GroupId = $_POST["GroupId"]; $CatId = $_POST["CategoryId"]; $Module = $_POST["Module"]; $ado = &GetADODBConnection(); $sql = "SELECT * FROM ".GetTablePrefix()."PermissionConfig WHERE ModuleId='$Module'"; $rs = $ado->Execute($sql); $PermNames = array(); while($rs && !$rs->EOF) { $data = $rs->fields; $PermNames[] = $data["PermissionName"]; $rs->MoveNext(); } $inherit = array(); if(is_array($_POST["inherit"])) { foreach($_POST["inherit"] as $perm) { $inherit[$perm] = 1; } } $access = array(); if(is_array($_POST["permvalue"])) { foreach($_POST["permvalue"] as $perm) { $access[$perm] = 1; } } $objPermList = new clsPermList($CatId,$GroupId); $objPermList->LoadCategory($CatId); for($i=0;$iGetPermByName($PermNames[$i]); if($Perm) { $Id = $Perm->Get("PermissionId"); //echo "Editing $Id
\n"; $objPermList->Edit_Permission($Id,$CatId,$GroupId,$PermNames[$i],$PermValue,0); } else { //echo "Adding ".$PermNames[$i]; $objPermList->Add_Permission($CatId,$GroupId,$PermNames[$i],$PermValue,0); } } else { $Perm = $objPermList->GetPermByName($PermNames[$i]); if($Perm) { $Id = $Perm->Get("PermissionId"); $objPermList->Delete_Permission($Id); } } } //$c = $objCatList->GetItem($CatId); //$glist = $objGroups->GetAllGroupList(); //$ViewList = $objPermList->GetGroupPermList($c,"CATEGORY.VIEW",$glist ); //$c->SetViewPerms("CATEGORY.VIEW",$ViewList,$glist); //$c->Update(); } break; case "m_perm_delete_group": if($ro_perm) break; $ado = &GetADODBConnection(); $CatId = $_POST["CategoryId"]; foreach($_POST["itemlist"] as $groupid) { $g = $objGroups->GetItemByField("ResourceId",$groupid); if(is_object($g)) { $sql = "DELETE FROM ".GetTablePrefix()."Permissions WHERE CatId=$CatId AND GroupId=".$g->Get("GroupId"); if($objSession->HasSystemPermission("DEBUG.LIST")) echo $sql."
\n"; $ado->Execute($sql); } } break; case "m_user_addto_group": if($ro_perm) break; $objSession->SetVariable("HasChanges", 1); $user = $_POST["UserId"]; if(is_numeric($user)) { if(strlen($_POST["grouplist"])) { $groups = explode(",",$_POST["grouplist"]); if(is_array($groups)) { for($i=0; $iGetItemByField("ResourceId",$groups[$i]); $g->AddUser($user); } } else { $g = $objGroups->GetItem($groups); $g->AddUser($user); } } } break; case "m_group_removeuser": if($ro_perm) break; $objSession->SetVariable("HasChanges", 1); $group = $_POST["GroupId"]; $g = $objGroups->GetItem($group); //if($group>0) //{ foreach($_POST["itemlist"] as $user_id) { $u = $objUsers->GetItemByField("ResourceId",$user_id); $g->DeleteUser($u->Get("PortalUserId")); } //} break; case "m_user_removegroup": if($ro_perm) break; $objSession->SetVariable("HasChanges", 1); $user = $_POST["UserId"]; //if($user>0) //{ foreach($_POST["itemlist"] as $groupid) { $g = $objGroups->GetItem($groupid); $g->DeleteUser($user); } //} break; case "m_sendmail": if($ro_perm) break; $idlist = explode(",",$_POST["idlist"]); $html = (int)$_POST["html_enable"]; $body = inp_escape($_POST["email_body"],$html); $subject = inp_escape($_POST["email_body"],$html); $Email = new clsEmailMessage(); $Email->Set("Subject",$subject); $Email->Set("Template",$body); if($html) $Email->Set("MessageType","HTML"); if(count($idlist)>0) { switch($_POST["IdType"]) { case "group": foreach($idlist as $id) $Email->SendToGroup($id); break; case "user": foreach($idlist as $id) $Email->SendToUser($id); break; }/*switch*/ } break; // not used anywhere /* case "m_item_recount": if($ro_perm) break; RunDown($m_var_list["cat"],"UpdateCacheCounts"); break; */ case "m_cat_delete": if($ro_perm) break; if($objSession->HasCatPermission("CATEGORY.DELETE",$objCatList->CurrentCategoryID())) { if(isset($_POST["catlist"])) { if(is_array($_POST["catlist"])) foreach($_POST["catlist"] as $catid) { $objCatList->Delete_Category($catid); } } } break; case "m_cat_cut": if($ro_perm) break; if(isset($_POST["catlist"])) { if($objSession->HasCatPermission("CATEGORY.DELETE",$catid)) { $objCatList->CopyToClipboard("CUT","CategoryId",$_POST["catlist"]); } else $objCatList->CopyToClipboard("COPY","CategoryId",$_POST["catlist"]); } break; case "m_cat_copy": if($ro_perm) break; if(isset($_POST["catlist"])) { $objCatList->CopyToClipboard("COPY","CategoryId",$_POST["catlist"]); } break; case "m_paste": if($ro_perm) break; if($objCatList->ItemsOnClipboard()>0) { /* category's paste function populates a sparse array where array[old_id]=new_id */ $PastedCatIds = array(); $objCatList->PasteFromClipboard($objCatList->CurrentCategoryID(),"Name"); } else { $clip = $objSession->GetVariable("ClipBoard"); if(strlen($clip)) { $ClipBoard = ParseClipboard($clip); $Action= strtolower($ClipBoard["table"])."_paste"; } } break; case "m_cat_move_up": if($ro_perm) break; if (isset($_POST["catlist"])) { foreach($_POST["catlist"] as $catid) { $cat =& $objCatList->GetCategory($catid); $cat->MoveUp(); } } break; case "m_cat_move_down": if($ro_perm) break; if (isset($_POST["catlist"])) { $catlist=array_reverse($_POST["catlist"]); foreach($catlist as $catid) { $cat =& $objCatList->GetCategory($catid); $cat->MoveDown(); } } break; case "m_cat_approve": if($ro_perm) break; if (isset($_POST["catlist"])) { foreach($_POST["catlist"] as $catid) { $cat =& $objCatList->GetCategory($catid); $cat->Approve(); } } break; case "m_cat_decline": if($ro_perm) break; if (isset($_POST["catlist"])) { foreach($_POST["catlist"] as $catid) { $cat =& $objCatList->GetCategory($catid); //$cat->Deny(); RunDown($catid,"Deny"); } } break; case "m_rel_delete": $adodbConnection= &GetADODBConnection(); $table = $objSession->GetEditTable("Relationship"); if(isset($_POST["itemlist"])) { if(is_array($_POST["itemlist"])) { foreach($_POST["itemlist"] as $id) { $sql = "DELETE FROM ".$table." WHERE RelationshipId=".$id; $adodbConnection->Execute($sql); if($objSession->HasSystemPermission("DEBUG.LIST")) echo $sql."
\n"; } } else { $sql = "DELETE FROM ".$table." WHERE RelationshipId=".$_POST["itemlist"]; $adodbConnection->Execute($sql); if($objSession->HasSystemPermission("DEBUG.LIST")) echo $sql."
\n"; } } break; case "m_add_relation": $RelList = new clsRelationshipList(); $RelList->SourceTable = $objSession->GetEditTable("Relationship"); //$r = $RelList->Add($_POST["SourceId"],$_POST["SourceType"],$_POST["TargetId"],$_POST["TargetType"], // 0,(int)$_POST["Enabled"],$_POST["RelType"], $Rel); $ado = &GetADODBConnection(); $NewId = intval($ado->GetOne('SELECT MIN(RelationshipId) as MinValue FROM '.$RelList->SourceTable)); if($NewId > 0) $NewId = 0; $NewId--; $priority = (int)GetVar('priority'); $r = $RelList->Add($_POST["SourceId"],$_POST["SourceType"],$_POST["TargetId"],$_POST["TargetType"], $priority,(int)$_POST["Enabled"],$_POST["RelType"], $NewId); $sql = "UPDATE ".$RelList->SourceTable." SET RelationshipId=".$NewId." WHERE RelationshipId=".$r->Get("RelationshipId"); if($objSession->HasSystemPermission("DEBUG.LIST")) echo $sql."
\n"; $ado->Execute($sql); break; case "m_edit_relation": if($_POST["CatEditStatus"]==0) { $RelList = new clsRelationshipList(); $RelList->SourceTable = $objSession->GetEditTable("Relationship"); $r = $RelList->GetItem($_POST["RelationshipId"]); if(is_object($r)) { $r->Set("Enabled",(int)$_POST["Enabled"]); $r->Set("Type",(int)$_POST["RelType"]); $r->Set("Priority",(int)$_POST["priority"]); $r->Update(); } } break; case "m_rel_move_up": $objRelList = new clsRelationshipList(); $objRelList->SourceTable = $objSession->GetEditTable("Relationship"); if (isset($_POST["itemlist"])) { foreach($_POST["itemlist"] as $id) { $r = $objRelList->GetItem($id); $r->MoveUp($_POST["SourceId"]); } } break; case "m_rel_move_down": $objRelList = new clsRelationshipList(); $objRelList->SourceTable = $objSession->GetEditTable("Relationship"); if (isset($_POST["itemlist"])) { $itemlist=array_reverse($_POST["itemlist"]); foreach($itemlist as $id) { $r = $objRelList->GetItem($id); $r->MoveDown($_POST["SourceId"]); } } break; case "m_add_category": $application =& kApplication::Instance(); $application->SetVar('c_mode', 't'); $created_on = GetVar('cat_date'); if (ValidDate($created_on, GetDateFormat(0, true))) { $created_on = DateTimestamp($created_on, GetDateFormat(0, true)); } else { $created_on = adodb_mktime(); } $objEditItems = new clsCatList(); $objEditItems->SourceTable = $objSession->GetEditTable("Category"); $fields_hash = Array( 'ParentId' => GetVar('ParentId'), 'Name' => inp_escape(GetVar('cat_name'), (int)GetVar('html_enable')), 'Description' => inp_escape(GetVar('cat_desc'), (int)GetVar('html_enable')), 'CreatedOn' => $created_on, 'EditorsPick' => GetVar('cat_pick'), 'Status' => (int)GetVar('status'), // 'HotItem' => (int)GetVar('itemhot'), 'NewItem' => (int)GetVar('itemnew'), // 'PopItem' => (int)GetVar('itempop'), 'Priority' => GetVar('Priority'), 'MetaKeywords' => GetVar('meta_keywords'), 'MetaDescription' => GetVar('meta_desc'), 'AutomaticFilename' => GetVar('auto_filename'), 'Filename' => GetVar('filename'), 'CategoryTemplate' => GetVar('category_template'), 'ItemTemplate' => GetVar('item_template'), ); $objSession->SetVariable('PermCache_UpdateRequired', 1); $cat =& $objEditItems->Add_NEW($fields_hash); saveCustomFields('c', $cat->Get('ResourceId'), 1); break; case 'm_edit_category': $application =& kApplication::Instance(); $application->SetVar('c_mode', 't'); $objEditItems = new clsCatList(); $objEditItems->SourceTable = $objSession->GetEditTable('Category'); // check if name of cat isn't changed: begin if (GetVar('CategoryId') > 0) { $original_cats = new clsCatList(); $original_cat = $original_cats->GetItemByField('CategoryId', GetVar('CategoryId')); $match_fields = Array( 'Name' => 'cat_name', 'Filename' => 'filename', 'CategoryTemplate' => 'category_template', 'ItemTemplate' => 'item_template'); foreach ($match_fields as $db_field => $submit_field) { if ($original_cat->Get($db_field) != stripslashes( GetVar($submit_field) )) { $objSession->SetVariable('PermCache_UpdateRequired', 1); break; } } unset($original_cat, $original_cats); } else { $objSession->SetVariable('PermCache_UpdateRequired', 1); } // check if name of cat isn't changed: end $fields_hash = Array( 'Name' => inp_escape(GetVar('cat_name'), (int)GetVar('html_enable')), 'Description' => inp_escape(GetVar('cat_desc'), (int)GetVar('html_enable')), 'CreatedOn' => DateTimestamp(GetVar('cat_date'), GetDateFormat(0, true)), 'EditorsPick' => GetVar('cat_pick'), 'Status' => (int)GetVar('status'), // 'HotItem' => (int)GetVar('itemhot'), 'NewItem' => (int)GetVar('itemnew'), // 'PopItem' => (int)GetVar('itempop'), 'Priority' => GetVar('Priority'), 'MetaKeywords' => GetVar('meta_keywords'), 'MetaDescription' => GetVar('meta_desc'), 'AutomaticFilename' => GetVar('auto_filename'), 'Filename' => GetVar('filename'), 'CategoryTemplate' => GetVar('category_template'), 'ItemTemplate' => GetVar('item_template'), ); $cat =& $objEditItems->Edit_Category(GetVar('CategoryId'), $fields_hash); saveCustomFields('c', $cat->Get('ResourceId'), 1); break; case "m_edit_custom_data": $resource_id = $_POST['ItemId']; $db =& GetADODBConnection(true); $sql = 'SELECT Prefix FROM '.TABLE_PREFIX.'ItemTypes WHERE ItemType = '.GetVar('CustomType'); $main_prefix = $db->GetOne($sql); $application->SetVar($main_prefix.'_mode', 't'); saveCustomFields($main_prefix, $resource_id, $_POST['CustomType']); break; case 'm_save_custom_data': $main_prefix = $application->GetVar('prefix'); $application->SetVar($main_prefix.'_mode', 't'); $event = new kEvent($main_prefix.':OnUpdate'); $application->HandleEvent($event); break; case "m_keyword_reset": if($ro_perm) break; $objSearchList = new clsSearchLogList(); foreach($_POST["itemlist"] as $k) { $c = $objSearchList->GetItem($k); $c->Delete(); } break; case 'm_clear_searchlog': if($ro_perm) break; $objSearchList = new clsSearchLogList(); $db =& GetADODBConnection(); $db->Execute('DELETE FROM '.$objSearchList->SourceTable ); break; case "m_review_add": $post_info = GetSubmitVariable($_POST, 'EditStatus'); if($post_info['variable'] > -1) { $objReviews = new clsItemReviewList(); $objReviews->SourceTable = $objSession->GetEditTable("ItemReview"); $Pending = (int)$_POST["review_pending"]; $Enabled = (int)$_POST["review_enabled"]; $Status = (int)$_POST["status"]; $CreatedOn = DateTimestamp($_POST["review_date"],GetDateFormat(0, true)); $CreatedOn += SecondsSinceMidnight($_POST["review_time"]); $html = (int)$_POST["html_enable"]; $ReviewText = inp_escape($_POST["review_body"],1); $CreatedById = 0; if(strlen($_POST["createdby"])>0) { if(strtolower($_POST["createdby"])=="root") { $CreatedById = -1; } else { $u = $objUsers->GetItemByField("Login",$_POST["createdby"]); if(is_object($u)) { $CreatedById = $u->Get("PortalUserId"); if($CreatedById<1) { $CreatedById = $objSession->Get("PortalUserId"); } } else $CreatedById = $objSession->Get("PortalUserId"); } } else $CreatedById = $objSession->Get("PortalUserId"); $r = $objReviews->AddReview($CreatedOn,$ReviewText,$Status, $IPAddress, (int)$_POST["review_priority"], $_POST["ItemId"],$_POST["ItemType"], $CreatedById,$html, $post_info['Module']); $ado = &GetADODBConnection(); $rs = $ado->Execute("SELECT MIN(ReviewId) as MinValue FROM ".$objReviews->SourceTable); $NewId = $rs->fields["MinValue"]-1; $sql = "UPDATE ".$objReviews->SourceTable." SET ReviewId=".$NewId." WHERE ReviewId=".(int)$r->Get("ReviewId"); if($objSession->HasSystemPermission("DEBUG.LIST")) echo $sql."
\n"; $ado->Execute($sql); } break; case "m_review_edit": case 'm_review_direct_edit'; $post_info = GetSubmitVariable($_POST, 'EditStatus'); if($post_info['variable'] > -1) { $objReviews = new clsItemReviewList(); $objReviews->SourceTable = $objSession->GetEditTable("ItemReview"); $Status = (int)$_POST["status"]; $CreatedOn = DateTimestamp($_POST["review_date"],GetDateFormat(0, true)); $CreatedOn += SecondsSinceMidnight($_POST["review_time"]); $html = (int)$_POST["html_enable"]; $ReviewText = inp_escape($_POST["review_body"],1); $ReviewId = $_POST["ReviewId"]; $CreatedById = 0; if(strlen($_POST["createdby"])>0) { if(strtolower($_POST["createdby"])=="root") { $CreatedById = -1; } else { $u = $objUsers->GetItemByField("Login",$_POST["createdby"]); if(is_object($u)) { $CreatedById = $u->Get("PortalUserId"); if($CreatedById<1) { $CreatedById = $objSession->Get("PortalUserId"); } } else $CreatedById = $objSession->Get("PortalUserId"); } } $r = $objReviews->EditReview($ReviewId,$CreatedOn,$ReviewText,$Status, $IPAddress, (int)$_POST["review_priority"],$_POST["ItemId"],$_POST["ItemType"], $CreatedById,$html); } break; case "m_review_delete": $objReviews = new clsItemReviewList(); $objReviews->SourceTable = $objSession->GetEditTable("ItemReview"); foreach($_POST["itemlist"] as $id) { $objReviews->DeleteReview($id); } break; case 'm_review_direct_delete': $objReviews = new clsItemReviewList(); foreach($_POST['reviewlist'] as $id) { $objReviews->DeleteReview($id); } break; case "m_review_approve": if (isset($_POST["itemlist"])) { $objReviews = new clsItemReviewList(); $objReviews->SourceTable = $objSession->GetEditTable("ItemReview"); foreach($_POST["itemlist"] as $id) { $i = $objReviews->GetItem($id); $i->Set("Status",1); $i->Update(); } } break; case 'm_review_direct_approve': if(isset($_POST["reviewlist"])) { $objReviews = new clsItemReviewList(); foreach($_POST["reviewlist"] as $id) { $i = $objReviews->GetItem($id); $i->Set("Status",1); $i->Update(); } } break; case "m_review_deny": if (isset($_POST["itemlist"])) { $objReviews = new clsItemReviewList(); $objReviews->SourceTable = $objSession->GetEditTable("ItemReview"); foreach($_POST["itemlist"] as $id) { $i = $objReviews->GetItem($id); $i->Set("Status",0); $i->Update(); } } break; case 'm_review_direct_decline': if (isset($_POST["reviewlist"])) { $objReviews = new clsItemReviewList(); foreach($_POST["reviewlist"] as $id) { $i = $objReviews->GetItem($id); $i->Set("Status",0); $i->Update(); } } break; case "m_review_move_up": if (isset($_POST["itemlist"])) { $objReviews = new clsItemReviewList(); $objReviews->SourceTable = $objSession->GetEditTable("ItemReview"); foreach($_POST["itemlist"] as $id) { $i = $objReviews->GetItem($id); $i->MoveUp(); } } break; case "m_review_move_down": if (isset($_POST["itemlist"])) { $objReviews = new clsItemReviewList(); $objReviews->SourceTable = $objSession->GetEditTable("ItemReview"); $itemlist=array_reverse($_POST["itemlist"]); foreach($itemlist as $id) { $i = $objReviews->GetItem($id); $i->MoveDown(); } } break; case 'm_themes_rescan': $objThemes->CreateMissingThemes(); if (!$objThemes->Items) { $objThemes->Query_Item('SELECT * FROM '.$objThemes->SourceTable); } $keys = array_keys($objThemes->Items); foreach ($keys as $theme_index) { $theme =& $objThemes->Items[$theme_index]; $theme->VerifyTemplates(); } break; case "m_theme_add": $ado = &GetADODBConnection(); $rs = $ado->Execute("SELECT COUNT(*) as c FROM ".GetTablePrefix().'Theme WHERE Name="'.$_POST["name"].'"'); if(!$rs->fields["c"]) { $objEditItems = new clsThemeList(); $objEditItems->SourceTable = $objSession->GetEditTable("Theme"); $Primary = (int)$_POST["primary"]; if(!(int)$_POST["enabled"]) $Primary = 0; $t = $objEditItems->AddTheme($_POST["name"],$_POST["description"],(int)$_POST["enabled"],$Primary, (int)$_POST["CacheTimeout"],GetVar('StylesheetId')); $t->Files->ThemeId=$t->Get("ThemeId"); $rs = $ado->Execute("SELECT MIN(ThemeId) as MinValue FROM ".$objEditItems->SourceTable); $NewId = $rs->fields["MinValue"]-1; $sql = "UPDATE ".$objEditItems->SourceTable." SET ThemeId=".$NewId." WHERE ThemeId=".$t->Get("ThemeId"); if($objSession->HasSystemPermission("DEBUG.LIST")) echo $sql."
\n"; $ado->Execute($sql); // $t->Files->FindMissingFiles(strtolower($t->Get('name'))); } break; case "m_theme_edit": $objEditItems = new clsThemeList(); $objEditItems->SourceTable = $objSession->GetEditTable("Theme"); $Primary = (int)$_POST["primary"]; if(!(int)$_POST["enabled"]) $Primary = 0; $objEditItems->EditTheme($_POST["ThemeId"],$_POST["name"],$_POST["description"], (int)$_POST["enabled"],$Primary,(int)$_POST["CacheTimeout"], GetVar('StylesheetId')); // if ($Primary==1) // { // $objEditItems->SetPrimaryTheme($_POST["ThemeId"]); // } break; case "m_theme_delete": if($ro_perm) break; if (isset($_POST["itemlist"])) { $Themes = new clsThemeList(); foreach($_POST["itemlist"] as $id) { $deleting_primary = (!$Themes->DeleteTheme($id)); } } break; case "m_theme_primary": if($ro_perm) break; if( count($_POST['itemlist']) ) { $ThemeId = array_shift( $_POST['itemlist'] ); $t = new clsThemeList(); $t->SetPrimaryTheme($ThemeId); } break; case "m_template_edit": if($ro_perm) break; $objSession->SetVariable("HasChanges", 1); $ThemeId = $_POST["ThemeId"]; $FileId = $_POST["FileId"]; $f = new clsThemeFile($FileId); $f->Set("Description", $_POST["Description"] ); $f->Update(); $c = stripslashes($_POST["contents"]); $f->SaveFileContents($c); break; case "m_template_add": if($ro_perm) break; $objSession->SetVariable("HasChanges", 1); $ThemeId = $_POST["ThemeId"]; if( !is_object($f) ) $f = new clsThemeFile(); $FilePath = $_POST['name']; if(!$FilePath) { $f->SetError('Template Name is required',3); break; } else { if( substr($FilePath,1) != '/' ) $FilePath = '/'.$FilePath; if( substr($FilePath,-3) != '.tpl' ) $FilePath .= '.tpl'; $FileName = basename($FilePath); $FilePath = dirname($FilePath); // test if such file not already created $f->LoadFromDataBase( Array($FilePath,$FileName), Array('FilePath','FileName') ); if( !$f->Get('FileId') ) { $f->Set( Array('FilePath','FileName','ThemeId', 'Description'), Array($FilePath, $FileName,$_POST['ThemeId'], $_POST["Description"]) ); if( $f->IsWriteablePath(true) ) { $f->Create(); $c = stripslashes($_POST["contents"]); $f->SaveFileContents($c, true); } } else $f->SetError('Template with this name already exists',4); } break; case "m_template_delete": if($ro_perm) break; $objSession->SetVariable("HasChanges", 1); $dummy = new clsThemeFile(); foreach($_POST["itemlist"] as $FileId) { $dummy->LoadFromDatabase($FileId); $dummy->Delete(); } break; case "m_lang_select": if($ro_perm) break; $LangId = (int)$_POST["langselect"]; if($LangId) { if($objSession->Get("PortalUserId")>0) { //echo "$LangId"; $objSession->SetPersistantVariable("Language",$LangId); } $objSession->Set("Language",$LangId); $objSession->Update(); $m_var_list_update["lang"] = $LangId; $m_var_list["lang"] = $LangId; } break; case "m_phrase_edit": if( !GetVar('direct') ) $objSession->SetVariable("HasChanges", 1); $objPhraseList = new clsPhraseList(); if((int)$_POST["direct"] != 1) $objPhraseList->SourceTable = $objSession->GetEditTable("Phrase"); $Phrases = $_POST["name"]; foreach($Phrases as $PhraseId =>$name) { if($PhraseId>0) { $objPhraseList->EditPhrase($PhraseId,$_POST["name"][$PhraseId],$_POST["LanguageId"],$_POST["translation"][$PhraseId],$_POST["phrasetype"][$PhraseId]); } } if(strlen($_POST["name"][0]) && strlen($_POST["translation"][0]) && $_POST['Action1'] == "new") { $r = $objPhraseList->AddPhrase($_POST["name"][0],$_POST["LanguageId"],$_POST["translation"][0],$_POST["phrasetype"][0]); if ($r != "Error") { $ado = &GetADODBConnection(); $rs = $ado->Execute("SELECT MIN(PhraseId) as MinValue FROM ".$objPhraseList->SourceTable); $NewId = $rs->fields["MinValue"]-1; $sql = "UPDATE ".$objPhraseList->SourceTable." SET PhraseId=".$NewId." WHERE PhraseId=$PhraseId"; if($objSession->HasSystemPermission("DEBUG.LIST")) echo $sql."
\n"; $ado->Execute($sql); } else { $add_error = "Language tag with the same name already exists!"; } } else if ($_POST['Action1'] == "new") { $add_error = "Fields name and translation are required!"; } unset($objPhraseList); break; case "m_config_missing_phrase": if($ro_perm) break; $LangId = $_POST["LangId"]; $ThemeId = $_POST["ThemeId"]; if(is_array($_POST["Phrase"])) { $objPhraseList = new clsPhraseList(); $objPhraseList->SourceTable = $objSession->GetSessionKey()."_".$ThemeId."_labels"; foreach($_POST["Phrase"] as $p => $value) { if(strlen($value)) { $obj = $objPhraseList->GetItemByField("Phrase",$p,TRUE); if(is_object($obj)) { if($obj->Get("Phrase")==$p) { $obj->Set("Translation",$value); $obj->Update(); } else $objPhraseList->AddPhrase($p,$LangId,$value,1); } else $objPhraseList->AddPhrase($p,$LangId,$value,1); } } } break; case "m_phrase_delete": $objSession->SetVariable("HasChanges", 1); if (isset($_POST["itemlist"])) { foreach($_POST["itemlist"] as $id) { $sql = "UPDATE ".$objSession->GetEditTable("Phrase")." SET LanguageId = 0 WHERE PhraseId = ".$id; $ado = &GetADODBConnection(); $ado->Execute($sql); } } unset($objPhraseList); break; case "m_dlid": echo $Action.":".$DownloadId; die(); break; case "m_emailevent_user": if($ro_perm) break; $objEvents = new clsEventList(); //phpinfo(INFO_VARIABLES); //$objEvents->SourceTable = $objSession->GetEditTable("Events"); $ids = $_POST["EventId"]; $ids = str_replace("[","",$ids); $ids = str_replace("]","",$ids); $ids = str_replace("\"","",$ids); $ids = str_replace("\\","",$ids); $idlist = explode(",",$ids); foreach($idlist as $EventId) { $id = (int)stripslashes($EventId); $e =& $objEvents->GetItem((int)$EventId); $e->Set("FromUserId", $_POST["FromUserId"]); $e->Update(); } $objEvents->Clear(); unset($objEvents); break; case "m_emailevent_edit": $Template = $_POST["headers"]; if(strlen($Template)) { $Template .= "\n"; } $Template = str_replace("\n\n","",$Template); $Template .= "Subject: "._unhtmlentities($_POST['subject'])."\n\n"; $Template .= $_POST["messageBody"]; $objMessages = new clsEmailMessageList(); $objMessages->SourceTable = $objSession->GetEditTable("EmailMessage"); $m =& $objMessages->GetItem($_POST["MessageId"]); if(is_object($m)) { if($_POST["sendhtml"]==1) { $m->Set("MessageType","html"); } else $m->Set("MessageType","text"); $m->Set("Template",$Template); $m->Update(); } break; case "m_mod_enable": if($ro_perm) break; if (isset($_POST["itemlist"])) { foreach($_POST["itemlist"] as $id) { $m =& $objModules->GetItemByField("Name",$id); if(is_object($m)) { $m->Set("Loaded",1); $m->Update(); } } $_GET["Refresh"] = 1; } break; case "m_mod_disable": if($ro_perm) break; if (isset($_POST["itemlist"])) { foreach($_POST["itemlist"] as $id) { if($id != "In-Portal") { $m =& $objModules->GetItemByField("Name",$id); if(is_object($m)) { $m->Set("Loaded",0); $m->Update(); } } } $_GET["Refresh"] = 1; } break; case "m_img_add": $objImageList = new clsImageList(); $objImageList->SourceTable = $objSession->GetEditTable("Images"); $LocalImage=0; $LocalThumb=0; $DestDir = 'kernel/images/'; $UserThumbSource = (int)$_POST["imgLocalThumb"]; $LocalThumb = $UserThumbSource; $thumb_url = !$LocalThumb? $_POST["imgThumbUrl"] : ""; if($_POST["imgSameImages"]) { $LocalImage = $LocalThumb; $full_url = $thumb_url; } else { $LocalImage = (int)$_POST["imgLocalFull"]; $file = $_FILES["imgFullFile"]; $full_url = $LocalImage? "" : $_POST["imgFullUrl"]; } if((!strlen($thumb_url) && !$LocalThumb) || (!strlen($full_url) && !$LocalImage)) { break; } $ado = &GetADODBConnection(); $NewId = $ado->GetOne('SELECT MIN(ImageId) as MinValue FROM '.$objImageList->SourceTable); if($NewId > 0) $NewId = 0; $NewId--; $img = $objImageList->Add($_POST["imgName"], $_POST["imgAlt"], $_POST["ResourceId"], $LocalImage, $LocalThumb, $full_url, $thumb_url, (int)$_POST["imgEnabled"], 0, (int)$_POST["imgDefault"], 0,(int)$_POST["imgSameImages"], $NewId); $img->Set("ImageId", $NewId); // $img->debuglevel=1; /* $sql = "UPDATE ".$objImageList->SourceTable." SET ImageId=".$NewId." WHERE ImageId=0"; $ado->Execute($sql); // $img->Update(); */ // echo "SL: $sql $NewId
"; // $img->debuglevel=1; $img->Pending=false; if($LocalImage) { $file = $_FILES["imgFullFile"]; if(is_array($file)) { if($file["size"]>0) { $img->Set("LocalPath",$img->StoreUploadedImage($file,1, $DestDir,0)); $uploaded=1; } } } if($LocalThumb) { $thumb = $_FILES["imgThumbFile"]; if(is_array($thumb)) { if($thumb["size"]>0) { $img->Set("ThumbPath",$img->StoreUploadedImage($thumb,1, $DestDir,1)); $uploaded=1; } } } if($uploaded==1) $img->Update(); break; case "m_img_edit": $objImageList = new clsImageList(); $objImageList->SourceTable = $objSession->GetEditTable("Images"); // $img->debuglevel=1; $img = $objImageList->GetItem($_POST["ImageId"]); ## Get original values $LocalImage = $img->Get("LocalImage"); $LocalThumb = $img->Get("LocalThumb"); $SameImages = $img->Get("SameImages"); $ThumbPath = $img->Get("ThumbPath"); ## New values $LocalThumbN = (int)$_POST["imgLocalThumb"]; $LocalImageN = (int)$_POST["imgLocalFull"]; $FULLFile = $_FILES["imgFullFile"]; $THFile = $_FILES["imgThumbFile"]; $DestDir = 'kernel/images/'; $img->Pending = FALSE; $SameImagesN = 0; $uploaded = 0; ## Images were the same, but not any more if ($SameImages && !$_POST["imgSameImages"]) { ## TH was a local file if ($LocalThumb) { ## TH image { ## Try to Delete OLD FULL $img->DeleteLocalImage(FALSE, TRUE); ## FULL image select, but field EMPTY - make a copy of old TH as FULL if ($LocalImageN && !(int)$FULLFile["size"]) { // echo $pathToPending = $img->GetImageDir(); if (!eregi("pending/$", $pathToPending)) $pathToPending.= "pending/"; $LocalThumb_File = $img->GetFileName(1); // echo "CAN'T FIND FILE: ".$pathToPending.$LocalThumb_File."
"; if (file_exists($pathToPending.$LocalThumb_File)) { $LocalThumb_FileN = eregi_replace("^th_", "", $LocalThumb_File); $LocalThumb_FullFileN = $pathToPending.$LocalThumb_FileN; @unlink($LocalThumb_FullFileN); @copy($pathToPending.$LocalThumb_File, $LocalThumb_FullFileN); $uploaded = 1; $copied = 1; // echo "COPING: ".$DestDir."pending/".$LocalThumb_FileN."
"; } else { // echo "CAN'T FIND FILE: ".$pathToPending.$LocalThumb_File."
"; } } ## Upload new FULL image elseif ($LocalImageN && (int)$FULLFile['size']) { $FULL_FileToUpload = $FULLFile; $FULL_URL = ""; // echo " Upload new FULL image"; } ## Full is URL elseif (!$LocalImageN) { $img->DeleteLocalImage(FALSE, TRUE); $FULL_URL = $_POST['imgFullUrl']; $FULL_FileToUpload = ""; } else { // echo " ## Unknow condition"; } ## Take care of Thumbnail here if ($LocalThumbN) { ## Delete old if NEW TH image selected if ((int)$THFile['size']) { $img->DeleteLocalImage(TRUE, FALSE); $TH_FileToUpload = $THFile; } else $TH_FileToUpload = ""; } else { $img->DeleteLocalImage(TRUE, FALSE); $TH_FileToUpload = ""; $TH_URL = $_POST['imgThumbUrl']; } } } ## TH was URL else { ## Take care of FULL image here if ($LocalImageN && (int)$FULLFile["size"]) { $FULL_FileToUpload = $FULLFile; $FULL_URL = ""; } ## Full is URL (or image size 0) else { $FULL_FileToUpload = ""; $FULL_URL = $_POST['imgFullUrl']; } ## Take care of Thumbnail here if ($LocalThumbN) { $TH_FileToUpload = (int)$THFile['size']? $THFile : ""; $TH_URL = ""; } else { $TH_FileToUpload = ""; $TH_URL = $_POST['imgThumbUrl']; } } } ## Images were the same, and still the same elseif ($SameImages && $_POST['imgSameImages']) { ## Take care of Thumbnail & FULL here if ($LocalThumbN) { if ((int)$THFile['size']) { $img->DeleteLocalImage(TRUE, FALSE); $TH_FileToUpload = $THFile; } else $TH_FileToUpload = ""; $FULL_URL = $TH_URL = ""; } else { $TH_FileToUpload = $FULL_FileToUpload = ""; $FULL_URL = $TH_URL = $_POST['imgThumbUrl']; } ## Delete old FULL image $img->DeleteLocalImage(FALSE,TRUE); $SameImagesN = 1; } ## Images were NOT the same, and selected as the same now elseif (!$SameImages && $_POST["imgSameImages"]) { ## Take care of Thumbnail & FULL here if ($LocalThumbN) { if ((int)$THFile['size']) { $img->DeleteLocalImage(TRUE, FALSE); $TH_FileToUpload = $THFile; } else $TH_FileToUpload = ""; $FULL_URL = $TH_URL = ""; } else { $img->DeleteLocalImage(TRUE, FALSE); $TH_FileToUpload = $FULL_FileToUpload = ""; $FULL_URL = $TH_URL = $_POST['imgThumbUrl']; } ## Clean up FULL image $img->DeleteLocalImage(FALSE, TRUE); $SameImagesN = 1; } ## Images were NOT the same, and selected as NOT the same elseif (!$SameImages && !$_POST["imgSameImages"]) { ## Take care of Thumbnail if ($LocalThumbN) { if ((int)$THFile['size']) { $img->DeleteLocalImage(TRUE, FALSE); $TH_FileToUpload = $THFile; } else $TH_FileToUpload = ""; $TH_URL = ""; } else { $img->DeleteLocalImage(TRUE, FALSE); $TH_FileToUpload = ""; $TH_URL = $_POST['imgThumbUrl']; } ## Take care of FULL here if ($LocalImageN) { if ((int)$FULLFile['size']) { $img->DeleteLocalImage(FALSE, TRUE); $FULL_FileToUpload = $FULLFile; } else $FULL_FileToUpload = ""; $FULL_URL = ""; } else { $img->DeleteLocalImage(FALSE, TRUE); $FULL_FileToUpload = ""; $FULL_URL = $_POST['imgFullUrl']; } } ## Unknow condition else { ; } $img = $objImageList->Edit($_POST["ImageId"],$_POST["imgName"], $_POST["imgAlt"], $_POST["ResourceId"], $LocalImageN, $LocalThumbN, $FULL_URL, $TH_URL, (int)$_POST["imgEnabled"], (int)$_POST["imgPriority"], (int)$_POST["imgDefault"], 0, $SameImagesN); // echo "DATA:
LocalImageN: $LocalImageN, LocalThumbN: $LocalThumbN, FULL_URL: $FULL_URL, TH_URL: $TH_URL, SameImagesN: $SameImagesN
"; $img->Pending = TRUE; if (!empty($FULL_FileToUpload)) { $img->Set("LocalPath",$img->StoreUploadedImage($FULL_FileToUpload, 1, $DestDir, 0)); $uploaded = 1; } /* elseif (!$LocalImageN) { $img->Set("LocalPath", ""); $uploaded = 1; } */ if (!empty($TH_FileToUpload)) { $img->Set("ThumbPath", $img->StoreUploadedImage($TH_FileToUpload, 1, $DestDir, 1)); $uploaded = 1; } if ($copied) { $img->Set("LocalPath", $DestDir."pending/".$LocalThumb_FileN); $uploaded = 1; } if($uploaded==1) $img->Update(); break; case "m_img_move_up": if (isset($_POST["itemlist"])) { $objImageList = new clsImageList(); $objImageList->SourceTable = $objSession->GetEditTable("Images"); foreach($_POST["itemlist"] as $id) { $img = $objImageList->GetItem($id); $img->MoveUp(); } } break; case "m_img_move_down": if (isset($_POST["itemlist"])) { $objImageList = new clsImageList(); $objImageList->SourceTable = $objSession->GetEditTable("Images"); $itemlist=array_reverse($_POST["itemlist"]); foreach($itemlist as $id) { $img = $objImageList->GetItem($id); $img->MoveDown(); } } break; case "m_img_delete": if(isset($_POST["itemlist"])) { $objImageList = new clsImageList(); $objImageList->SourceTable = $objSession->GetEditTable("Images"); foreach($_POST["itemlist"] as $id) { $img = $objImageList->GetItem($id); $img->Set("ResourceId", 0); $img->Update(); //$img->Delete(); } } break; case "m_restore_delete": if($ro_perm) break; $bdate = $_POST["backupdate"]; if($bdate>0) { $BackupFile = $objConfig->Get("Backup_Path")."/dump".$bdate.".txt"; if(file_exists($BackupFile)) unlink($BackupFile); } break; case "m_taglib": include($pathtoroot."kernel/include/tag-class.php"); ParseTagLibrary(); break; case "m_sql_query": if($ro_perm) break; $SqlQuery = $_POST["sql"]; $ado = &GetADODBConnection(); if(strlen($sql)) { $SqlResult = $ado->Execute(stripslashes($SqlQuery)); $SqlError = $ado->ErrorMsg(); $SqlErrorNum = $ado->ErrorNo(); } break; case 'm_purge_email_log': $conn =& $application->GetADODBConnection(); $conn->Query('DELETE FROM '.TABLE_PREFIX.'EmailLog'); break; case "m_session_delete": if($ro_perm) break; $ado = &GetADODBConnection(); if (count($_POST['itemlist']) > 0) { foreach($_POST["itemlist"] as $id) { $sql = "DELETE FROM ".GetTablePrefix()."UserSession WHERE SessionKey='$id'"; $ado->Execute($sql); $sql = "DELETE FROM ".GetTablePrefix()."SessionData WHERE SessionKey = '$id'"; $ado->Execute($sql); } } else { $sql = "DELETE FROM ".GetTablePrefix()."UserSession WHERE Status='0'"; $ado->Execute($sql); } break; case "m_add_rule": $objEditItems = new clsBanRuleList(); $objEditItems->SourceTable = $objSession->GetEditTable("BanRules"); //$ItemType,$RuleType,$ItemField,$ItemVerb,$ItemValue,$Priority,$Status; $objEditItems->AddRule($_POST["rule_itemtype"],$_POST["rule_type"],$_POST["rule_field"], $_POST["rule_verb"],$_POST["rule_value"],(int)$_POST["rule_priority"], (int)$_POST["rule_status"], $_POST['rule_error']); break; case "m_edit_rule": $objEditItems = new clsBanRuleList(); $objEditItems->SourceTable = $objSession->GetEditTable("BanRules"); //$ItemType,$RuleType,$ItemField,$ItemVerb,$ItemValue,$Priority,$Status; $objEditItems->EditRule($_POST["rule_id"],$_POST["rule_itemtype"],$_POST["rule_type"],$_POST["rule_field"], $_POST["rule_verb"],$_POST["rule_value"],(int)$_POST["rule_priority"], (int)$_POST["rule_status"], $_POST['rule_error']); break; case "m_rule_move_up": if($ro_perm) break; if(isset($_POST["itemlist"])) { foreach($_POST["itemlist"] as $id) { $i = $objBanList->GetItem($id); $i->Increment("Priority"); } } break; case "m_rule_move_down": if($ro_perm) break; if(isset($_POST["itemlist"])) { foreach($_POST["itemlist"] as $id) { $i = $objBanList->GetItem($id); $i->Decrement("Priority"); } } break; case "m_rule_delete": if($ro_perm) break; if(isset($_POST["itemlist"])) { foreach($_POST["itemlist"] as $id) { $i = $objBanList->GetItem($id); $i->Delete(); } } break; case "m_ban_user": if($ro_perm) break; if($_POST["UserEditStatus"]==1) { $UserId = $_POST["user_id"]; $objUsers->SetTable('edit'); $u = $objUsers->GetItem($UserId); if(is_object($u)) { if((int)$_POST["ban_login"]) { if(strlen($_POST["user_login"])) $objBanList->AddRule(6,0,"Login",3,$_POST["user_login"],0,1); } if((int)$_POST["ban_email"]) { if(strlen($_POST["user_email"])) $objBanList->AddRule(6,0,"Email",3,$_POST["user_email"],0,1); } if((int)$_POST["ban_ip"]) { if(strlen($_POST["user_ip"])) $objBanList->AddRule(6,0,"ip",3,$_POST["user_ip"],0,1); } $u->Deny(); } $objUsers->SetTable('restore'); } break; case 'm_rebuild_cache': $objSession->SetVariable('PermCache_UpdateRequired', 1); break; } /* image upload management */ if( isset($_POST['img']) && $_POST['img'] == 1 ) { foreach($_FILES as $img => $FILE) { $name = $_POST["img_Name_$img"]; $alt = $_POST["img_Alt_$img"]; $url = $_POST["img_Url_$img"]; $res_id = $_POST["img_Res_$img"]; $relvalue = $_POST["img_Rel_$img"]; $thumb = (int)$_POST["img_Thumb_$img"]; $dest = AddSlash($_POST["img_DestDir_$img"]); if($_POST["img_Del_$img"]=="Delete") { $img = $objImageList->GetImageByResource($res_id,$relvalue); $img->Delete(); unset($img); $objImageList->Clear(); } else { if($FILE["size"]>0) { /* an image was uploaded */ $objImageList->HandleImageUpload($FILE,$res_id,$relvalue,$dest, $name,$alt,$thumb); } else { /* remote images handled here */ if(strlen($url)>0) { if($relvalue>0) { $img = $objImageList->GetImageByResource($res_id,$relvalue); $img->Set("Name",$name); $img->Set("AltName", $alt); $img->Set("IsThumbnail",$thumb); $img->Set("Url",$url); $img->Update(); } else { $relvalue = $objImageList->GetNextRelateValue($res_id); $objImageList->NewRemoteImage($url,$res_id,$relvalue, $name, $alt, $thumb); } } } } } } // ALL Saving Stuff From Temp Tables Heppens Here //echo "==== BEGIN ====
"; $has_perm = $objSession->HasSystemPermission("SYSTEM_ACCESS.READONLY"); if (!$has_perm) { if( GetVar('ReviewEditStatus') == 1 ) { $objReviews=new clsItemReviewList(); $objReviews->CopyFromEditTable_Direct(); } if( GetVar('ReviewEditStatus') == -1 ) { $objReviews=new clsItemReviewList(); $objReviews->PurgeEditTable(); } /* category Edit */ if( GetVar('CatEditStatus') == 1 ) { $adodbConnection = &GetADODBConnection(); // $sql = "SELECT * FROM ".$objSession->GetEditTable("Category")." WHERE CategoryId=0"; $category_table = $objSession->GetVariable('IsHomeCategory') ? TABLE_PREFIX.'Category' : $objSession->GetEditTable('Category'); $sql = 'SELECT ParentId FROM '.$category_table.' WHERE CategoryId = -1'; $rs = $adodbConnection->Execute($sql); while ($rs && !$rs->EOF) { if($rs->fields["ParentId"] > 0) RunUp($rs->fields["ParentId"],"Increment_Count"); $rs->MoveNext(); } if(($_REQUEST['CategoryId'] > 0) || ($Action == 'm_add_category') || ($Action == 'm_edit_category')) // not root category is updated { $cat_ids = $objCatList->CopyFromEditTable("CategoryId"); if ($cat_ids) { $objCustomDataList->CopyFromEditTable('c'); } $objCatList->Clear(); $objImages = new clsImageList(); $objImages->CopyFromEditTable("ImageId"); } else { $objCatList->Clear(); } } if( GetVar('CatEditStatus') == 2 ) { $objCatList->PurgeEditTable("CategoryId"); $objCustomDataList->PurgeEditTable('c'); if($_REQUEST['CategoryId'] > 0) // not root category is updated { $objImages = new clsImageList(); //$objImages->CopyFromEditTable("ImageId"); $objImages->PurgeEditTable("ImageId"); } $objCatList->Clear(); } /* User Edit */ if( GetVar('UserEditStatus') == 1 ) { $objUserGroupsList = new clsUserGroupList(); $objUserGroupsList->CopyFromEditTable("PortalUserId"); $user_ids = $objUsers->CopyFromEditTable("PortalUserId"); if ($user_ids) { $objCustomDataList->CopyFromEditTable('u'); } $objGroups->Clear(); $objImages = new clsImageList(); $objImages->CopyFromEditTable("ImageId"); } if( GetVar('UserEditStatus') == 2 ) { $objUserGroupsList = new clsUserGroupList(); $objGroups->PurgeEditTable("PortalUserId"); $objUserGroupsList->PurgeEditTable("PortalUserId"); $objCustomDataList->PurgeEditTable('u'); $objGroups->Clear(); } /* Theme Edit */ if( GetVar('ThemeEditStatus') == 1 ) { $objThemes->CopyFromEditTable(); $objThemes->Clear(); } if( GetVar('ThemeEditStatus') == 2 ) { $objThemes->PurgeEditTable(); $objThemes->Clear(); } if( GetVar('MissingLangEditStatus') == 1 ) { $objPhraseList = new clsPhraseList(); $objPhraseList->SourceTable = $objSession->GetSessionKey()."_".$ThemeId."_labels"; $objEditList = new clsPhraseList(); $objEditList->SourceTable = $objSession->GetEditTable("Phrase"); $ado = &GetADODBConnection(); $rs = $ado->Execute("SELECT MIN(PhraseId) as MinValue FROM ".$objEditList->SourceTable); $NewId = $rs->fields["MinValue"]-1; $objPhraseList->Query_Item("SELECT * FROM ".$objPhraseList->SourceTable); foreach($objPhraseList->Items as $p) { if(strlen($p->Get("Translation"))>0) { $p->tablename = $objEditList->SourceTable; $p->Dirty(); $p->UnsetIDField(); $p->Set("PhraseId",$NewId); $NewId--; $p->Create(); } } $ado->Execute("DROP TABLE IF EXISTS ".$objPhraseList->SourceTable); } if( GetVar('MissingLangEditStatus') == 2 ) { $table = $objSession->GetSessionKey()."_".$ThemeId."_labels"; $ado = &GetADODBConnection(); $ado->Execute("DROP TABLE IF EXISTS ".$table); } /* Ban Rule Edit */ if( GetVar('RuleEditStatus') == 1 ) { $objBanList->CopyFromEditTable("RuleId"); $objBanList->Clear(); } if( GetVar('RuleEditStatus') == 2 ) { $objBanList->PurgeEditTable("RuleId"); $objBanList->Clear(); } } elseif( defined('DEBUG_ACTIONS') ) { if( isset($_REQUEST['Action']) && $_REQUEST['Action'] ) echo "USER HAS RO-ACCESS on action [".$_REQUEST['Action']."]
"; } //echo "==== END ====
"; ?>