2016-10-06 15:57:01 +00:00
< ? php
2020-07-07 11:13:19 +00:00
2016-10-06 15:57:01 +00:00
/**
* Project :
* Contenido Content Management System
*
* Description :
* This file handles the view of an article .
*
* To handle the page we use the Database Abstraction Layer , the Session , Authentication and Permissions Handler of the
* PHPLIB application development toolkit .
*
* The Client Id and the Language Id of an article will be determined depending on file __FRONTEND_PATH__ / config . php where
* $load_lang and $load_client are defined .
* Depending on http globals via e . g . front_content . php ? idcat = 41 & idart = 34
* the most important Contenido globals $idcat ( Category Id ), $idart ( Article Id ), $idcatart , $idartlang will be determined .
*
* The article can be displayed and edited in the Backend or the Frontend .
* The attributes of an article will be considered ( an article can be online , offline or protected ... ) .
*
* It is possible to customize the behavior by including the file __FRONTEND_PATH__ / config . local . php or
* the file __FRONTEND_PATH__ / config . after . php
*
* If you use 'Frontend User' for protected areas , the category access permission will by handled via the
* Contenido Extension Chainer .
*
* Finally the 'code' of an article will by evaluated and displayed .
*
* Requirements :
* @ con_php_req 5.0
* @ con_notice If you edit this file you must synchronise the files
* - ./ cms / front_content . php
* - ./ contenido / external / backendedit / front_content . php
* - ./ contenido / external / frontend / front_content . php
*
*
* @ package Contenido Frontend
* @ version 4.8
* @ author Olaf Niemann , Jan Lengowski , Timo A . Hummel et al .
* @ copyright four for business AG < www . 4 fb . de >
* @ license http :// www . contenido . org / license / LIZENZ . txt
* @ link http :// www . 4 fb . de
* @ link http :// www . contenido . org
* @ since file available since contenido release <= 4.6
*/
if ( ! defined ( " CON_FRAMEWORK " )) {
define ( " CON_FRAMEWORK " , true );
}
$contenido_path = '' ;
2021-10-28 13:45:12 +00:00
// Set path to current frontend
$frontend_path = str_replace ( '\\' , '/' , realpath ( dirname ( __FILE__ ) . '/' )) . '/' ;
// Include the environment definer file
include_once ( $frontend_path . 'environment.php' );
if ( defined ( 'CL_ENVIRONMENT' )) {
include_once ( $frontend_path . 'data/config/' . CL_ENVIRONMENT . '/config.php' );
if ( file_exists ( $frontend_path . 'data/config/' . CL_ENVIRONMENT . '/config.local.php' )) {
@ include ( $frontend_path . 'data/config/' . CL_ENVIRONMENT . '/config.local.php' );
}
} else {
if ( file_exists ( $frontend_path . 'config.php' )) {
include_once ( $frontend_path . 'config.php' );
}
if ( file_exists ( $frontend_path . 'config.local.php' )) {
include_once ( $frontend_path . 'config.local.php' );
}
}
if ( ! is_file ( $contenido_path . 'includes/startup.php' )) {
die ( " <h1>Fatal Error</h1><br>Couldn't include ConLite startup. " );
}
include_once ( $contenido_path . 'includes/startup.php' );
2016-10-06 15:57:01 +00:00
cInclude ( " includes " , " functions.con.php " );
cInclude ( " includes " , " functions.con2.php " );
cInclude ( " includes " , " functions.api.php " );
cInclude ( " includes " , " functions.pathresolver.php " );
2020-07-07 11:13:19 +00:00
if ( $cfg [ " use_pseudocron " ] == true ) {
2016-10-06 15:57:01 +00:00
/* Include cronjob-Emulator */
$oldpwd = getcwd ();
2020-07-07 11:13:19 +00:00
chdir ( $cfg [ " path " ][ " contenido " ] . $cfg [ " path " ][ " cronjobs " ]);
2016-10-06 15:57:01 +00:00
cInclude ( " includes " , " pseudo-cron.inc.php " );
chdir ( $oldpwd );
}
/*
* Initialize the Database Abstraction Layer , the Session , Authentication and Permissions Handler of the
* PHPLIB application development toolkit
* @ see http :// sourceforge . net / projects / phplib
*/
2022-04-03 13:18:45 +00:00
if ( ! empty ( $contenido )) {
2016-10-06 15:57:01 +00:00
//Backend
2020-07-07 11:13:19 +00:00
page_open ( array ( 'sess' => 'Contenido_Session' , 'auth' => 'Contenido_Challenge_Crypt_Auth' , 'perm' => 'Contenido_Perm' ));
i18nInit ( $cfg [ " path " ][ " contenido " ] . $cfg [ " path " ][ " locale " ], $belang );
} else {
2016-10-06 15:57:01 +00:00
//Frontend
2020-07-07 11:13:19 +00:00
page_open ( array ( 'sess' => 'Contenido_Frontend_Session' , 'auth' => 'Contenido_Frontend_Challenge_Crypt_Auth' , 'perm' => 'Contenido_Perm' ));
2016-10-06 15:57:01 +00:00
}
require_once $cfg [ 'path' ][ 'contenido' ] . $cfg [ 'path' ][ 'includes' ] . 'functions.includePluginConf.php' ;
2022-10-26 17:38:53 +00:00
// Call hook after plugins are loaded, added by Murat Purc, 2008-09-07
CEC_Hook :: execute ( 'Contenido.Frontend.AfterLoadPlugins' );
$db = new DB_ConLite ();
2016-10-06 15:57:01 +00:00
$sess -> register ( " cfgClient " );
$sess -> register ( " errsite_idcat " );
$sess -> register ( " errsite_idart " );
$sess -> register ( " encoding " );
2022-04-03 13:33:21 +00:00
if ( empty ( $cfgClient [ " set " ]) || $cfgClient [ " set " ] != " set " ) {
2016-10-06 15:57:01 +00:00
rereadClients ();
}
# Check if this request is for a compressed file
2022-04-03 13:18:45 +00:00
if ( isset ( $_GET [ 'action' ]) && $_GET [ 'action' ] == 'get_compressed' ) {
2016-10-06 15:57:01 +00:00
# Get the calling parameters
2020-07-07 11:13:19 +00:00
$sFilename = (( isset ( $_GET [ 'f' ])) ? $_GET [ 'f' ] : $_GET [ 'amp;f' ]);
$sContentType = (( isset ( $_GET [ 'c' ])) ? $_GET [ 'c' ] : $_GET [ 'amp;c' ]);
2016-10-06 15:57:01 +00:00
# Output the file using the class output() function
Output_Compressor :: output ( $cfgClient [ $client ][ 'path' ][ 'frontend' ] . 'cache/' , $sFilename , $sContentType );
2020-07-07 11:13:19 +00:00
2016-10-06 15:57:01 +00:00
# Don't do anything else
exit ();
}
// Call hook after plugins are loaded, added by Murat Purc, 2008-09-07
CEC_Hook :: execute ( 'Contenido.Frontend.AfterLoadPlugins' );
2020-07-07 11:13:19 +00:00
if ( ! isset ( $encoding ) || ! is_array ( $encoding ) || count ( $encoding ) == 0 ) {
2016-10-06 15:57:01 +00:00
// get encodings of all languages
$encoding = array ();
$sql = " SELECT idlang, encoding FROM " . $cfg [ " tab " ][ " lang " ];
$db -> query ( $sql );
while ( $db -> next_record ()) {
$encoding [ $db -> f ( 'idlang' )] = $db -> f ( 'encoding' );
}
}
// Check frontend globals
// @TODO: Should be outsourced into startup process but requires a better detection (frontend or backend)
Contenido_Security :: checkFrontendGlobals ();
// update urlbuilder set http base path
Contenido_Url :: getInstance () -> getUrlBuilder () -> setHttpBasePath ( $cfgClient [ $client ][ 'htmlpath' ][ 'frontend' ]);
// Initialize language
if ( ! isset ( $lang )) {
// if there is an entry load_lang in frontend/config.php use it, else use the first language of this client
2020-07-07 11:13:19 +00:00
if ( isset ( $load_lang )) {
2016-10-06 15:57:01 +00:00
// load_client is set in frontend/config.php
$lang = $load_lang ;
2020-07-07 11:13:19 +00:00
} else {
2016-10-06 15:57:01 +00:00
$sql = " SELECT
B . idlang
FROM
2020-07-07 11:13:19 +00:00
" . $cfg["tab"] [ " clients_lang " ] . " AS A ,
" . $cfg["tab"] [ " lang " ] . " AS B
2016-10-06 15:57:01 +00:00
WHERE
2020-07-07 11:13:19 +00:00
A . idclient = '" . Contenido_Security::toInteger($client) . "' AND
2016-10-06 15:57:01 +00:00
A . idlang = B . idlang
LIMIT
0 , 1 " ;
$db -> query ( $sql );
$db -> next_record ();
$lang = $db -> f ( " idlang " );
}
}
2020-07-07 11:13:19 +00:00
if ( ! $sess -> is_registered ( " lang " ))
$sess -> register ( " lang " );
if ( ! $sess -> is_registered ( " client " ))
$sess -> register ( " client " );
2016-10-06 15:57:01 +00:00
2020-07-07 11:13:19 +00:00
if ( isset ( $username )) {
2016-10-06 15:57:01 +00:00
$auth -> login_if ( true );
}
/*
* Send HTTP header with encoding
*/
header ( " Content-Type: text/html; charset= { $encoding [ $lang ] } " );
/*
* if http global logout is set e . g . front_content . php ? logout = true
* log out the current user .
*/
2020-07-07 11:13:19 +00:00
if ( isset ( $logout )) {
2016-10-06 15:57:01 +00:00
$auth -> logout ( true );
$auth -> unauth ( true );
$auth -> auth [ " uname " ] = " nobody " ;
}
/*
* local configuration
*/
2020-07-07 11:13:19 +00:00
if ( file_exists ( " config.local.php " )) {
2016-10-06 15:57:01 +00:00
@ include ( " config.local.php " );
}
/*
* If the path variable was passed , try to resolve it to a Category Id
* e . g . front_content . php ? path =/ company / products /
*/
2020-07-07 11:13:19 +00:00
if ( isset ( $path ) && strlen ( $path ) > 1 ) {
2016-10-06 15:57:01 +00:00
/* Which resolve method is configured? */
2020-07-07 11:13:19 +00:00
if ( $cfg [ " urlpathresolve " ] == true ) {
2016-10-06 15:57:01 +00:00
$iLangCheck = 0 ;
$idcat = prResolvePathViaURLNames ( $path , $iLangCheck );
2020-07-07 11:13:19 +00:00
} else {
2016-10-06 15:57:01 +00:00
$iLangCheck = 0 ;
$idcat = prResolvePathViaCategoryNames ( $path , $iLangCheck );
2020-07-07 11:13:19 +00:00
if (( $lang != $iLangCheck ) && (( int ) $iLangCheck != 0 )) {
2016-10-06 15:57:01 +00:00
$lang = $iLangCheck ;
}
}
}
// error page
2020-07-07 11:13:19 +00:00
$aParams = array (
'client' => $client , 'idcat' => $errsite_idcat [ $client ], 'idart' => $errsite_idart [ $client ],
'lang' => $lang , 'error' => '1'
2016-10-06 15:57:01 +00:00
);
$errsite = 'Location: ' . Contenido_Url :: getInstance () -> buildRedirect ( $aParams );
/*
* Try to initialize variables $idcat , $idart , $idcatart , $idartlang
* Note : These variables can be set via http globals e . g . front_content . php ? idcat = 41 & idart = 34 & idcatart = 35 & idartlang = 42
* If not the values will be computed .
*/
2022-10-26 16:49:45 +00:00
if ( ! empty ( $idart ) && empty ( $idcat ) && empty ( $idcatart )) {
2016-10-06 15:57:01 +00:00
/* Try to fetch the first idcat */
2020-07-07 11:13:19 +00:00
$sql = " SELECT idcat FROM " . $cfg [ " tab " ][ " cat_art " ] . " WHERE idart = ' " . Contenido_Security :: toInteger ( $idart ) . " ' " ;
2016-10-06 15:57:01 +00:00
$db -> query ( $sql );
2020-07-07 11:13:19 +00:00
if ( $db -> next_record ()) {
2016-10-06 15:57:01 +00:00
$idcat = $db -> f ( " idcat " );
}
}
2020-07-07 11:13:19 +00:00
unset ( $code );
unset ( $markscript );
2016-10-06 15:57:01 +00:00
2022-04-03 13:18:45 +00:00
if ( empty ( $idcatart )) {
if ( empty ( $idart )) {
if ( empty ( $idcat )) {
2016-10-06 15:57:01 +00:00
# Note: In earlier Contenido versions the information if an article is startarticle of a category has been stored
# in relation con_cat_art.
2020-07-07 11:13:19 +00:00
if ( $cfg [ " is_start_compatible " ] == true ) {
2016-10-06 15:57:01 +00:00
$sql = " SELECT
idart ,
B . idcat
FROM
2020-07-07 11:13:19 +00:00
" . $cfg["tab"] [ " cat_art " ] . " AS A ,
" . $cfg["tab"] [ " cat_tree " ] . " AS B ,
" . $cfg["tab"] [ " cat " ] . " AS C
2016-10-06 15:57:01 +00:00
WHERE
A . idcat = B . idcat AND
B . idcat = C . idcat AND
is_start = '1' AND
2020-07-07 11:13:19 +00:00
idclient = '" . Contenido_Security::toInteger($client) . "'
2016-10-06 15:57:01 +00:00
ORDER BY
idtree ASC " ;
2020-07-07 11:13:19 +00:00
} else {
2016-10-06 15:57:01 +00:00
# Note: Now the information if an article is startarticle of a category is stored in relation con_cat_lang.
$sql = " SELECT
A . idart ,
B . idcat
FROM
2020-07-07 11:13:19 +00:00
" . $cfg["tab"] [ " cat_art " ] . " AS A ,
" . $cfg["tab"] [ " cat_tree " ] . " AS B ,
" . $cfg["tab"] [ " cat " ] . " AS C ,
" . $cfg["tab"] [ " cat_lang " ] . " AS D ,
" . $cfg["tab"] [ " art_lang " ] . " AS E
2016-10-06 15:57:01 +00:00
WHERE
A . idcat = B . idcat AND
B . idcat = C . idcat AND
D . startidartlang = E . idartlang AND
2020-07-07 11:13:19 +00:00
D . idlang = '" . Contenido_Security::toInteger($lang) . "' AND
2016-10-06 15:57:01 +00:00
E . idart = A . idart AND
2020-07-07 11:13:19 +00:00
E . idlang = '" . Contenido_Security::toInteger($lang) . "' AND
idclient = '" . Contenido_Security::toInteger($client) . "'
2016-10-06 15:57:01 +00:00
ORDER BY
idtree ASC " ;
}
$db -> query ( $sql );
if ( $db -> next_record ()) {
$idart = $db -> f ( " idart " );
$idcat = $db -> f ( " idcat " );
} else {
2022-04-03 13:18:45 +00:00
if ( ! empty ( $contenido )) {
2016-10-06 15:57:01 +00:00
cInclude ( " includes " , " functions.i18n.php " );
die ( i18n ( " No start article for this category " ));
} else {
2020-07-07 11:13:19 +00:00
if ( $error == 1 ) {
2016-10-06 15:57:01 +00:00
die ( " Fatal error: Could not display error page. Error to display was: 'No start article in this category' " );
} else {
header ( $errsite );
2020-07-07 11:13:19 +00:00
exit ;
2016-10-06 15:57:01 +00:00
}
}
}
} else {
$idart = - 1 ;
2020-07-07 11:13:19 +00:00
if ( $cfg [ " is_start_compatible " ] == true ) {
$sql = " SELECT idart FROM " . $cfg [ " tab " ][ " cat_art " ] . " WHERE idcat=' " . Contenido_Security :: toInteger ( $idcat ) . " ' AND is_start='1' " ;
2016-10-06 15:57:01 +00:00
$db -> query ( $sql );
2020-07-07 11:13:19 +00:00
if ( $db -> next_record ()) {
2016-10-06 15:57:01 +00:00
$idart = $db -> f ( " idart " );
}
2020-07-07 11:13:19 +00:00
} else {
$sql = " SELECT startidartlang FROM " . $cfg [ " tab " ][ " cat_lang " ] . " WHERE idcat=' " . Contenido_Security :: toInteger ( $idcat ) . " ' AND idlang=' " . Contenido_Security :: toInteger ( $lang ) . " ' " ;
2016-10-06 15:57:01 +00:00
$db -> query ( $sql );
2020-07-07 11:13:19 +00:00
if ( $db -> next_record ()) {
if ( $db -> f ( " startidartlang " ) != 0 ) {
$sql = " SELECT idart FROM " . $cfg [ " tab " ][ " art_lang " ] . " WHERE idartlang=' " . Contenido_Security :: toInteger ( $db -> f ( " startidartlang " )) . " ' " ;
2016-10-06 15:57:01 +00:00
$db -> query ( $sql );
$db -> next_record ();
$idart = $db -> f ( " idart " );
}
}
}
2020-07-07 11:13:19 +00:00
if ( $idart != - 1 ) {
} else {
2016-10-06 15:57:01 +00:00
// error message in backend
2020-07-07 11:13:19 +00:00
if ( $contenido ) {
2016-10-06 15:57:01 +00:00
cInclude ( " includes " , " functions.i18n.php " );
die ( i18n ( " No start article for this category " ));
2020-07-07 11:13:19 +00:00
} else {
if ( $error == 1 ) {
2016-10-06 15:57:01 +00:00
echo " Fatal error: Could not display error page. Error to display was: 'No start article in this category' " ;
2020-07-07 11:13:19 +00:00
} else {
2016-10-06 15:57:01 +00:00
header ( $errsite );
2020-07-07 11:13:19 +00:00
exit ;
2016-10-06 15:57:01 +00:00
}
}
}
}
}
2020-07-07 11:13:19 +00:00
} else {
$sql = " SELECT idcat, idart FROM " . $cfg [ " tab " ][ " cat_art " ] . " WHERE idcatart=' " . Contenido_Security :: toInteger ( $idcatart ) . " ' " ;
2016-10-06 15:57:01 +00:00
$db -> query ( $sql );
$db -> next_record ();
$idcat = $db -> f ( " idcat " );
$idart = $db -> f ( " idart " );
}
/* Get idcatart */
2020-07-07 11:13:19 +00:00
if ( 0 != $idart && 0 != $idcat ) {
$sql = " SELECT idcatart FROM " . $cfg [ " tab " ][ " cat_art " ] . " WHERE idart = ' " . Contenido_Security :: toInteger ( $idart ) . " ' AND idcat = ' " . Contenido_Security :: toInteger ( $idcat ) . " ' " ;
2016-10-06 15:57:01 +00:00
$db -> query ( $sql );
$db -> next_record ();
$idcatart = $db -> f ( " idcatart " );
}
$idartlang = getArtLang ( $idart , $lang );
2020-07-07 11:13:19 +00:00
if ( $idartlang === false ) {
2016-10-06 15:57:01 +00:00
header ( $errsite );
2020-07-07 11:13:19 +00:00
exit ;
2016-10-06 15:57:01 +00:00
}
/*
* removed database roundtrip for checking
* if cache is enabled
* CON - 115
* 2008 - 06 - 25 Thorsten Granz
*/
// START: concache, murat purc
if ( $cfg [ " cache " ][ " disable " ] != '1' ) {
cInclude ( 'frontend' , 'includes/concache.php' );
$oCacheHandler = new cConCacheHandler ( $GLOBALS [ 'cfgConCache' ], $db );
$oCacheHandler -> start ( $iStartTime ); // $iStartTime ist optional und ist die startzeit des scriptes, z. b. am anfang von fron_content.php
}
// END: concache
##############################################
# BACKEND / FRONTEND EDITING
##############################################
/**
* If user has contenido - backend rights .
* $contenido <==> the cotenido backend session as http global
* In Backend : e . g . contenido / index . php ? contenido = dac651142d6a6076247d3afe58c8f8f2
* Can also be set via front_content . php ? contenido = dac651142d6a6076247d3afe58c8f8f2
*
* Note : In backend the file contenido / external / backendedit / front_content . php is included !
* The reason is to avoid cross - site scripting errors in the backend , if the backend domain differs from
* the frontend domain .
*/
2022-10-26 16:49:45 +00:00
if ( isset ( $contenido )) {
2016-10-06 15:57:01 +00:00
$perm -> load_permissions ();
/* Change mode edit / view */
2020-07-07 11:13:19 +00:00
if ( isset ( $changeview )) {
2016-10-06 15:57:01 +00:00
$sess -> register ( " view " );
$view = $changeview ;
}
$col = new InUseCollection ;
2020-07-07 11:13:19 +00:00
if ( $overrideid != " " && $overridetype != " " ) {
2016-10-06 15:57:01 +00:00
$col -> removeItemMarks ( $overridetype , $overrideid );
}
/* Remove all own marks */
$col -> removeSessionMarks ( $sess -> id );
/* If the override flag is set, override a specific InUseItem */
2020-07-07 11:13:19 +00:00
list ( $inUse , $message ) = $col -> checkAndMark ( " article " , $idartlang , true , i18n ( " Article is in use by %s (%s) " ), true , $cfg [ 'path' ][ 'contenido_fullhtml' ] . " external/backendedit/front_content.php?changeview=edit&action=con_editart&idartlang= $idartlang &type= $type &typenr= $typenr &idart= $idart &idcat= $idcat &idcatart= $idcatart &client= $client &lang= $lang " );
2016-10-06 15:57:01 +00:00
$sHtmlInUse = '' ;
$sHtmlInUseMessage = '' ;
2020-07-07 11:13:19 +00:00
if ( $inUse == true ) {
2016-10-06 15:57:01 +00:00
$disabled = 'disabled="disabled"' ;
2020-07-07 11:13:19 +00:00
$sHtmlInUseCss = '<link rel="stylesheet" type="text/css" href="' . $cfg [ 'path' ][ 'contenido_fullhtml' ] . 'styles/inuse.css" />' ;
2016-10-06 15:57:01 +00:00
$sHtmlInUseMessage = $message ;
}
2020-07-07 11:13:19 +00:00
$sql = " SELECT locked FROM " . $cfg [ " tab " ][ " art_lang " ] . " WHERE idart=' " . Contenido_Security :: toInteger ( $idart ) . " ' AND idlang = ' " . Contenido_Security :: toInteger ( $lang ) . " ' " ;
2016-10-06 15:57:01 +00:00
$db -> query ( $sql );
$db -> next_record ();
$locked = $db -> f ( " locked " );
2020-07-07 11:13:19 +00:00
if ( $locked == 1 ) {
2016-10-06 15:57:01 +00:00
$inUse = true ;
$disabled = 'disabled="disabled"' ;
}
// CEC to check if the user has permission to edit articles in this category
CEC_Hook :: setBreakCondition ( false , true ); // break at "false", default value "true"
$allow = CEC_Hook :: executeWhileBreakCondition (
2020-07-07 11:13:19 +00:00
'Contenido.Frontend.AllowEdit' , $lang , $idcat , $idart , $auth -> auth [ 'uid' ]
2016-10-06 15:57:01 +00:00
);
2020-07-07 11:13:19 +00:00
if ( $perm -> have_perm_area_action_item ( " con_editcontent " , " con_editart " , $idcat ) && $inUse == false && $allow == true ) {
2016-10-06 15:57:01 +00:00
/* Create buttons for editing */
$edit_preview = '<table cellspacing="0" cellpadding="4" border="0">' ;
2020-07-07 11:13:19 +00:00
if ( $view == " edit " ) {
2016-10-06 15:57:01 +00:00
$edit_preview = ' < tr >
< td width = " 18 " >
2020-07-07 11:13:19 +00:00
< a title = " Preview " style = " font-family: Verdana; font-size: 10px; color: #000000; text-decoration: none " href = " ' . $sess->url ( " front_content . php ? changeview = prev & idcat = $idcat & idart = $idart " ) . ' " >< img src = " ' . $cfg["path"] [ " contenido_fullhtml " ] . $cfg["path"] [ " images " ] . 'but_preview.gif " alt = " Preview " title = " Preview " border = " 0 " ></ a >
2016-10-06 15:57:01 +00:00
</ td >
< td width = " 18 " >
2020-07-07 11:13:19 +00:00
< a title = " Preview " style = " font-family: Verdana; font-size: 10px; color: #000000; text-decoration: none " href = " ' . $sess->url ( " front_content . php ? changeview = prev & idcat = $idcat & idart = $idart " ) . ' " > Preview </ a >
2016-10-06 15:57:01 +00:00
</ td >
</ tr > ' ;
2020-07-07 11:13:19 +00:00
} else {
2016-10-06 15:57:01 +00:00
$edit_preview = ' < tr >
< td width = " 18 " >
2020-07-07 11:13:19 +00:00
< a title = " Preview " style = " font-family: Verdana; font-size: 10px; color: #000000; text-decoration: none " href = " ' . $sess->url ( " front_content . php ? changeview = edit & idcat = $idcat & idart = $idart " ) . ' " >< img src = " ' . $cfg["path"] [ " contenido_fullhtml " ] . $cfg["path"] [ " images " ] . 'but_edit.gif " alt = " Preview " title = " Preview " border = " 0 " ></ a >
2016-10-06 15:57:01 +00:00
</ td >
< td width = " 18 " >
2020-07-07 11:13:19 +00:00
< a title = " Preview " style = " font-family: Verdana; font-size: 10px; color: #000000; text-decoration: none " href = " ' . $sess->url ( " front_content . php ? changeview = edit & idcat = $idcat & idart = $idart " ) . ' " > Edit </ a >
2016-10-06 15:57:01 +00:00
</ td >
</ tr > ' ;
}
/* Display articles */
2020-07-07 11:13:19 +00:00
if ( $cfg [ " is_start_compatible " ] == true ) {
$sql = " SELECT idart, is_start FROM " . $cfg [ " tab " ][ " cat_art " ] . " WHERE idcat=' " . Contenido_Security :: toInteger ( $idcat ) . " ' ORDER BY idart " ;
2016-10-06 15:57:01 +00:00
$db -> query ( $sql );
2020-07-07 11:13:19 +00:00
} else {
$sql = " SELECT idart FROM " . $cfg [ " tab " ][ " cat_art " ] . " WHERE idcat=' " . Contenido_Security :: toInteger ( $idcat ) . " ' ORDER BY idart " ;
2016-10-06 15:57:01 +00:00
$db -> query ( $sql );
}
$a = 1 ;
$edit_preview .= '<tr><td colspan="2"><table cellspacing="0" cellpadding="2" border="0"></tr><td style="font-family: verdana; font-size:10; color:#000000; text-decoration:none">Articles in category:<br>' ;
2020-07-07 11:13:19 +00:00
while ( $db -> next_record () && ( $db -> affected_rows () != 1 )) {
2016-10-06 15:57:01 +00:00
$class = " font-family:'Verdana'; font-size:10; color:#000000; text-decoration: underline; font-weight:normal " ;
2020-07-07 11:13:19 +00:00
if ( ! isset ( $idart )) {
if ( isStartArticle ( getArtLang ( $idart , $lang ), $idcat , $lang )) {
2016-10-06 15:57:01 +00:00
$class = " font-family: verdana; font-size:10; color:#000000; text-decoration: underline ;font-weight:bold " ;
}
2020-07-07 11:13:19 +00:00
} else {
if ( $idart == $db -> f ( " idart " )) {
2016-10-06 15:57:01 +00:00
$class = " font-family: verdana; font-size:10; color:#000000; text-decoration: underline; font-weight:bold " ;
}
}
2020-07-07 11:13:19 +00:00
$edit_preview .= " <a style= \" $class\ " href = \ " " . $sess -> url ( " front_content.php?idart= " . $db -> f ( " idart " ) . " &idcat= $idcat " ) . " \" > $a </a> " ;
$a ++ ;
2016-10-06 15:57:01 +00:00
}
$edit_preview .= '</td></tr></table></td></tr></table>' ;
}
} // end if $contenido
/* If mode is 'edit' and user has permission to edit articles in the current category */
2022-04-03 13:18:45 +00:00
if ( empty ( $inUse ) && ( isset ( $allow ) && $allow == true ) && $view == " edit " && ( $perm -> have_perm_area_action_item ( " con_editcontent " , " con_editart " , $idcat ))) {
2016-10-06 15:57:01 +00:00
cInclude ( " includes " , " functions.tpl.php " );
cInclude ( " includes " , " functions.con.php " );
2020-07-07 11:13:19 +00:00
include ( $cfg [ " path " ][ " contenido " ] . $cfg [ " path " ][ " includes " ] . " include.con_editcontent.php " );
} else {
2016-10-06 15:57:01 +00:00
##############################################
# FRONTEND VIEW
##############################################
/* Mark submenuitem 'Preview' in the Contenido Backend (Area: Contenido --> Articles --> Preview) */
2022-10-26 16:49:45 +00:00
if ( isset ( $contenido )) {
2016-10-06 15:57:01 +00:00
$markscript = markSubMenuItem ( 4 , true );
}
unset ( $edit ); // disable editmode
/* 'mode' is preview (Area: Contenido --> Articles --> Preview) or article displayed in the front-end */
$sql = " SELECT
createcode
FROM
2020-07-07 11:13:19 +00:00
" . $cfg["tab"] [ " cat_art " ] . "
2016-10-06 15:57:01 +00:00
WHERE
2020-07-07 11:13:19 +00:00
idcat = '" . Contenido_Security::toInteger($idcat) . "' AND
idart = '" . Contenido_Security::toInteger($idart) . "' " ;
2016-10-06 15:57:01 +00:00
$db -> query ( $sql );
$db -> next_record ();
##############################################
# code generation
##############################################
/* Check if code is expired, create new code if needed */
2020-07-07 11:13:19 +00:00
if ( $db -> f ( " createcode " ) == 0 && $force == 0 && $cfg [ 'dceModEdit' ][ 'use' ] !== true && $cfg [ 'dceLayEdit' ][ 'use' ] !== true ) {
$sql = " SELECT code FROM " . $cfg [ " tab " ][ " code " ] . " WHERE idcatart = ' " . Contenido_Security :: toInteger ( $idcatart ) . " ' AND idlang = ' " . Contenido_Security :: toInteger ( $lang ) . " ' " ;
2016-10-06 15:57:01 +00:00
$db -> query ( $sql );
2020-07-07 11:13:19 +00:00
if ( $db -> num_rows () == 0 ) {
2016-10-06 15:57:01 +00:00
/* Include here for performance reasons */
cInclude ( " includes " , " functions.tpl.php " );
conGenerateCode ( $idcat , $idart , $lang , $client );
2020-07-07 11:13:19 +00:00
$sql = " SELECT code FROM " . $cfg [ " tab " ][ " code " ] . " WHERE idcatart = ' " . Contenido_Security :: toInteger ( $idcatart ) . " ' AND idlang = ' " . Contenido_Security :: toInteger ( $lang ) . " ' " ;
2016-10-06 15:57:01 +00:00
$db -> query ( $sql );
}
2020-07-07 11:13:19 +00:00
if ( $db -> next_record ()) {
2016-10-06 15:57:01 +00:00
$code = stripslashes ( $db -> f ( " code " ));
2020-07-07 11:13:19 +00:00
} else {
2016-10-06 15:57:01 +00:00
if ( $contenido )
$code = " echo \" No code available. \" ; " ;
2020-07-07 11:13:19 +00:00
else {
if ( $error == 1 ) {
2016-10-06 15:57:01 +00:00
echo " Fatal error: Could not display error page. Error to display was: 'No code available' " ;
2020-07-07 11:13:19 +00:00
} else {
2016-10-06 15:57:01 +00:00
header ( $errsite );
2020-07-07 11:13:19 +00:00
exit ;
2016-10-06 15:57:01 +00:00
}
}
}
} else {
2020-07-07 11:13:19 +00:00
$sql = " DELETE FROM " . $cfg [ " tab " ][ " code " ] . " WHERE idcatart = ' " . Contenido_Security :: toInteger ( $idcatart ) . " ' " ;
2016-10-06 15:57:01 +00:00
$db -> query ( $sql );
cInclude ( " includes " , " functions.con.php " );
cInclude ( " includes " , " functions.tpl.php " );
cInclude ( " includes " , " functions.mod.php " );
conGenerateCode ( $idcat , $idart , $lang , $client );
2020-07-07 11:13:19 +00:00
$sql = " SELECT code FROM " . $cfg [ " tab " ][ " code " ] . " WHERE idcatart = ' " . Contenido_Security :: toInteger ( $idcatart ) . " ' AND idlang = ' " . Contenido_Security :: toInteger ( $lang ) . " ' " ;
2016-10-06 15:57:01 +00:00
$db -> query ( $sql );
$db -> next_record ();
$code = stripslashes ( $db -> f ( " code " ));
}
/* Add mark Script to code if user is in the backend */
2022-04-03 13:18:45 +00:00
if ( ! empty ( $markscript )) {
$code = preg_replace ( " /< \ /head>/i " , " $markscript\n </head> " , $code , 1 );
}
2016-10-06 15:57:01 +00:00
/* If article is in use, display notification */
2022-04-03 13:18:45 +00:00
if ( ! empty ( $sHtmlInUseCss ) && ! empty ( $sHtmlInUseMessage )) {
2016-10-06 15:57:01 +00:00
$code = preg_replace ( " /< \ /head>/i " , " $sHtmlInUseCss\n </head> " , $code , 1 );
$code = preg_replace ( " /(<body[^>]*)>/i " , " \$ { 1}> \n $sHtmlInUseMessage " , $code , 1 );
}
/* Check if category is public */
2020-07-07 11:13:19 +00:00
$sql = " SELECT public FROM " . $cfg [ " tab " ][ " cat_lang " ] . " WHERE idcat=' " . Contenido_Security :: toInteger ( $idcat ) . " ' AND idlang=' " . Contenido_Security :: toInteger ( $lang ) . " ' " ;
2016-10-06 15:57:01 +00:00
$db -> query ( $sql );
$db -> next_record ();
$public = $db -> f ( " public " );
##############################################
# protected categories
##############################################
2020-07-07 11:13:19 +00:00
if ( $public == 0 ) {
if ( $auth -> auth [ " uid " ] == " nobody " ) {
$sql = " SELECT user_id, value FROM " . $cfg [ " tab " ][ " user_prop " ] . " WHERE type='frontend' and name='allowed_ip' " ;
2016-10-06 15:57:01 +00:00
$db -> query ( $sql );
2020-07-07 11:13:19 +00:00
while ( $db -> next_record ()) {
2016-10-06 15:57:01 +00:00
$user_id = $db -> f ( " user_id " );
$range = urldecode ( $db -> f ( " value " ));
$slash = strpos ( $range , " / " );
2020-07-07 11:13:19 +00:00
if ( $slash == false ) {
2016-10-06 15:57:01 +00:00
$netmask = " 255.255.255.255 " ;
$network = $range ;
2020-07-07 11:13:19 +00:00
} else {
2016-10-06 15:57:01 +00:00
$network = substr ( $range , 0 , $slash );
2020-07-07 11:13:19 +00:00
$netmask = substr ( $range , $slash + 1 , strlen ( $range ) - $slash - 1 );
2016-10-06 15:57:01 +00:00
}
2020-07-07 11:13:19 +00:00
if ( IP_match ( $network , $netmask , $_SERVER [ " REMOTE_ADDR " ])) {
2016-10-06 15:57:01 +00:00
$sql = " SELECT idright
2020-07-07 11:13:19 +00:00
FROM " . $cfg["tab"] [ " rights " ] . " AS A ,
" . $cfg["tab"] [ " actions " ] . " AS B ,
" . $cfg["tab"] [ " area " ] . " AS C
WHERE B . name = 'front_allow' AND C . name = 'str' AND A . user_id = '" . Contenido_Security::escapeDB($user_id, $db2) . "' AND A . idcat = '" . Contenido_Security::toInteger($idcat) . "'
2016-10-06 15:57:01 +00:00
AND A . idarea = C . idarea AND B . idaction = A . idaction " ;
2022-10-26 17:38:53 +00:00
$db2 = new DB_ConLite ();
2016-10-06 15:57:01 +00:00
$db2 -> query ( $sql );
2020-07-07 11:13:19 +00:00
if ( $db2 -> num_rows () > 0 ) {
2016-10-06 15:57:01 +00:00
$auth -> auth [ " uid " ] = $user_id ;
$validated = 1 ;
}
}
}
2020-07-07 11:13:19 +00:00
if ( $validated != 1 ) {
2016-10-06 15:57:01 +00:00
// CEC to check category access
CEC_Hook :: setBreakCondition ( true , false ); // break at "true", default value "false"
$allow = CEC_Hook :: executeWhileBreakCondition (
2020-07-07 11:13:19 +00:00
'Contenido.Frontend.CategoryAccess' , $lang , $idcat , $auth -> auth [ 'uid' ]
2016-10-06 15:57:01 +00:00
);
$auth -> login_if ( ! $allow );
}
2020-07-07 11:13:19 +00:00
} else {
2016-10-06 15:57:01 +00:00
// CEC to check category access
CEC_Hook :: setBreakCondition ( true , false ); // break at "true", default value "false"
$allow = CEC_Hook :: executeWhileBreakCondition (
2020-07-07 11:13:19 +00:00
'Contenido.Frontend.CategoryAccess' , $lang , $idcat , $auth -> auth [ 'uid' ]
2016-10-06 15:57:01 +00:00
);
/*
2020-07-07 11:13:19 +00:00
added 2008 - 11 - 18 Timo Trautmann
in backendeditmode also check if logged in backenduser has permission to view preview of page
*/
2016-10-06 15:57:01 +00:00
if ( $allow == false && $contenido && $perm -> have_perm_area_action_item ( " con_editcontent " , " con_editart " , $idcat )) {
$allow = true ;
}
2020-07-07 11:13:19 +00:00
if ( ! $allow ) {
2016-10-06 15:57:01 +00:00
header ( $errsite );
2020-07-07 11:13:19 +00:00
exit ;
2016-10-06 15:57:01 +00:00
}
}
}
##############################################
# statistic
##############################################
$oStatCol = new cApiStatCollection ();
$oStatCol -> trackView ( $idcatart );
/*
* Check if an article is start article of the category
*/
2020-07-07 11:13:19 +00:00
if ( $cfg [ " is_start_compatible " ] == true ) {
$sql = " SELECT is_start FROM " . $cfg [ " tab " ][ " cat_art " ] . " WHERE idcatart=' " . Contenido_Security :: toInteger ( $idcatart ) . " ' " ;
2016-10-06 15:57:01 +00:00
$db -> query ( $sql );
$db -> next_record ();
$isstart = $db -> f ( " is_start " );
2020-07-07 11:13:19 +00:00
} else {
$sql = " SELECT startidartlang FROM " . $cfg [ " tab " ][ " cat_lang " ] . " WHERE idcat=' " . Contenido_Security :: toInteger ( $idcat ) . " ' AND idlang = ' " . Contenido_Security :: toInteger ( $lang ) . " ' " ;
2016-10-06 15:57:01 +00:00
$db -> query ( $sql );
$db -> next_record ();
2020-07-07 11:13:19 +00:00
if ( $db -> f ( " idartlang " ) == $idartlang ) {
2016-10-06 15:57:01 +00:00
$isstart = 1 ;
2020-07-07 11:13:19 +00:00
} else {
2016-10-06 15:57:01 +00:00
$isstart = 0 ;
}
}
##############################################
# time management
##############################################
2020-07-07 11:13:19 +00:00
$sql = " SELECT timemgmt FROM " . $cfg [ " tab " ][ " art_lang " ] . " WHERE idart=' " . Contenido_Security :: toInteger ( $idart ) . " ' AND idlang = ' " . Contenido_Security :: toInteger ( $lang ) . " ' " ;
2016-10-06 15:57:01 +00:00
$db -> query ( $sql );
$db -> next_record ();
2020-07-07 11:13:19 +00:00
if (( $db -> f ( " timemgmt " ) == " 1 " ) && ( $isstart != 1 )) {
$sql = " SELECT online, redirect, redirect_url FROM " . $cfg [ " tab " ][ " art_lang " ] . " WHERE idart=' " . Contenido_Security :: toInteger ( $idart ) . " ' AND idlang = ' " . Contenido_Security :: toInteger ( $lang ) . " '
2016-10-06 15:57:01 +00:00
AND NOW () > datestart AND NOW () < dateend " ;
2020-07-07 11:13:19 +00:00
} else {
$sql = " SELECT online, redirect, redirect_url FROM " . $cfg [ " tab " ][ " art_lang " ] . " WHERE idart=' " . Contenido_Security :: toInteger ( $idart ) . " ' AND idlang = ' " . Contenido_Security :: toInteger ( $lang ) . " ' " ;
2016-10-06 15:57:01 +00:00
}
$db -> query ( $sql );
$db -> next_record ();
$online = $db -> f ( " online " );
$redirect = $db -> f ( " redirect " );
$redirect_url = $db -> f ( " redirect_url " );
2020-07-07 11:13:19 +00:00
@ eval ( " \$ " . " redirect_url = \" $redirect_url\ " ; " ); // transform variables
2016-10-06 15:57:01 +00:00
$insert_base = getEffectiveSetting ( 'generator' , 'basehref' , " true " );
/*
* generate base url
*/
2020-07-07 11:13:19 +00:00
if ( $insert_base == " true " ) {
2016-10-06 15:57:01 +00:00
$is_XHTML = getEffectiveSetting ( 'generator' , 'xhtml' , " false " );
$str_base_uri = $cfgClient [ $client ][ " path " ][ " htmlpath " ];
// CEC for base href generation
$str_base_uri = CEC_Hook :: executeAndReturn ( 'Contenido.Frontend.BaseHrefGeneration' , $str_base_uri );
if ( $is_XHTML == " true " ) {
2020-07-07 11:13:19 +00:00
$baseCode = '<base href="' . $str_base_uri . '" />' ;
2016-10-06 15:57:01 +00:00
} else {
2020-07-07 11:13:19 +00:00
$baseCode = '<base href="' . $str_base_uri . '">' ;
2016-10-06 15:57:01 +00:00
}
2020-07-07 11:13:19 +00:00
$code = str_ireplace_once ( " <head> " , " <head> \n " . $baseCode , $code );
2016-10-06 15:57:01 +00:00
}
/*
* Handle online ( offline ) articles
*/
2020-07-07 11:13:19 +00:00
if ( $online ) {
if ( $redirect == '1' && $redirect_url != '' ) {
2016-10-06 15:57:01 +00:00
page_close ();
/*
* Redirect to the URL defined in article properties
*/
$oUrl = Contenido_Url :: getInstance ();
if ( $oUrl -> isIdentifiableFrontContentUrl ( $redirect_url )) {
// perform urlbuilding only for identified internal urls
$aUrl = $oUrl -> parse ( $redirect_url );
if ( ! isset ( $aUrl [ 'params' ][ 'lang' ])) {
$aUrl [ 'params' ][ 'lang' ] = $lang ;
}
$redirect_url = $oUrl -> buildRedirect ( $aUrl [ 'params' ]);
}
header ( " Location: $redirect_url " );
exit ;
2020-07-07 11:13:19 +00:00
} else {
if ( $cfg [ " debug " ][ " codeoutput " ]) {
echo " <textarea> " . clHtmlSpecialChars ( $code ) . " </textarea> " ;
2016-10-06 15:57:01 +00:00
}
/*
* That ' s it ! The code of an article will be evaluated .
* The code of an article is basically a PHP script which is cached in the database .
* Layout and Modules are merged depending on the Container definitions of the Template .
*/
$aExclude = explode ( ',' , getEffectiveSetting ( 'frontend.no_outputbuffer' , 'idart' , '' ));
if ( in_array ( Contenido_Security :: toInteger ( $idart ), $aExclude )) {
2020-07-07 11:13:19 +00:00
eval ( " ?> \n " . $code . " \n <?php \n " );
2016-10-06 15:57:01 +00:00
} else {
// write html output into output buffer and assign it to an variable
ob_start ();
2020-07-07 11:13:19 +00:00
eval ( " ?> \n " . $code . " \n <?php \n " );
2016-10-06 15:57:01 +00:00
$htmlCode = ob_get_contents ();
ob_end_clean ();
// process CEC to do some preparations before output
$htmlCode = CEC_Hook :: executeAndReturn ( 'Contenido.Frontend.HTMLCodeOutput' , $htmlCode );
// process CEC to handle the compression of the output
$htmlCode = CEC_Hook :: executeAndReturn ( 'Contenido.Frontend.HTMLCodeCompression' , $htmlCode );
// print output
echo $htmlCode ;
}
}
2020-07-07 11:13:19 +00:00
} else {
2016-10-06 15:57:01 +00:00
# if user is in the backend display offline articles
2020-07-07 11:13:19 +00:00
if ( $contenido ) {
eval ( " ?> \n " . $code . " \n <?php \n " );
} else {
if ( $error == 1 ) {
2016-10-06 15:57:01 +00:00
echo " Fatal error: Could not display error page. Error to display was: 'No contenido session variable set. Probable error cause: Start article in this category is not set on-line.' " ;
2020-07-07 11:13:19 +00:00
} else {
2016-10-06 15:57:01 +00:00
header ( $errsite );
2020-07-07 11:13:19 +00:00
exit ;
2016-10-06 15:57:01 +00:00
}
}
}
}
/*
* removed database roundtrip for checking
* if cache is enabled
* CON - 115
* 2008 - 06 - 25 Thorsten Granz
*/
// START: concache, murat purc
if ( $cfg [ " cache " ][ " disable " ] != '1' ) {
$oCacheHandler -> end ();
#echo $oCacheHandler->getInfo();
}
// END: concache
/*
* configuration settings after the site is displayed .
*/
2020-07-07 11:13:19 +00:00
if ( file_exists ( " config.after.php " )) {
2016-10-06 15:57:01 +00:00
@ include ( " config.after.php " );
}
2020-07-07 11:13:19 +00:00
if ( isset ( $savedlang )) {
2016-10-06 15:57:01 +00:00
$lang = $savedlang ;
}
$db -> disconnect ();
2022-10-26 17:38:53 +00:00
page_close ();