ConLite
/
ConLite
1
0
Fork 0
Code Issues 22 Pull-Requests Projekte 2 Releases 2 Wiki Aktivität

clean up

Dieser Commit ist enthalten in:
o.pinke 2020-07-07 13:13:19 +02:00
Ursprung a7bab04278
Commit d2ccd7c3a9
1 geänderte Dateien mit 181 neuen und 292 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Vergleichs-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

473
cms/front_content.php
Datei anzeigen

@ -1,4 +1,5 @@
<?php <?php
/** /**
* Project: * Project:
* Contenido Content Management System * Contenido Content Management System
@ -42,7 +43,6 @@
* @link http://www.contenido.org * @link http://www.contenido.org
* @since file available since contenido release <= 4.6 * @since file available since contenido release <= 4.6
*/ */
if (!defined("CON_FRAMEWORK")) { if (!defined("CON_FRAMEWORK")) {
define("CON_FRAMEWORK", true); define("CON_FRAMEWORK", true);
} }
@ -59,11 +59,10 @@ cInclude("includes", "functions.con2.php");
cInclude("includes", "functions.api.php"); cInclude("includes", "functions.api.php");
cInclude("includes", "functions.pathresolver.php"); cInclude("includes", "functions.pathresolver.php");
if ($cfg["use_pseudocron"] == true) if ($cfg["use_pseudocron"] == true) {
{
/* Include cronjob-Emulator */ /* Include cronjob-Emulator */
$oldpwd = getcwd(); $oldpwd = getcwd();
chdir($cfg["path"]["contenido"].$cfg["path"]["cronjobs"]); chdir($cfg["path"]["contenido"] . $cfg["path"]["cronjobs"]);
cInclude("includes", "pseudo-cron.inc.php"); cInclude("includes", "pseudo-cron.inc.php");
chdir($oldpwd); chdir($oldpwd);
} }
@ -73,16 +72,13 @@ if ($cfg["use_pseudocron"] == true)
* PHPLIB application development toolkit * PHPLIB application development toolkit
* @see http://sourceforge.net/projects/phplib * @see http://sourceforge.net/projects/phplib
*/ */
if ($contenido) if ($contenido) {
{
//Backend //Backend
page_open(array ('sess' => 'Contenido_Session', 'auth' => 'Contenido_Challenge_Crypt_Auth', 'perm' => 'Contenido_Perm')); page_open(array('sess' => 'Contenido_Session', 'auth' => 'Contenido_Challenge_Crypt_Auth', 'perm' => 'Contenido_Perm'));
i18nInit($cfg["path"]["contenido"].$cfg["path"]["locale"], $belang); i18nInit($cfg["path"]["contenido"] . $cfg["path"]["locale"], $belang);
} } else {
else
{
//Frontend //Frontend
page_open(array ('sess' => 'Contenido_Frontend_Session', 'auth' => 'Contenido_Frontend_Challenge_Crypt_Auth', 'perm' => 'Contenido_Perm')); page_open(array('sess' => 'Contenido_Frontend_Session', 'auth' => 'Contenido_Frontend_Challenge_Crypt_Auth', 'perm' => 'Contenido_Perm'));
} }
/** /**
@ -106,20 +102,19 @@ $sess->register("errsite_idcat");
$sess->register("errsite_idart"); $sess->register("errsite_idart");
$sess->register("encoding"); $sess->register("encoding");
if ($cfgClient["set"] != "set") if ($cfgClient["set"] != "set") {
{
rereadClients(); rereadClients();
} }
# Check if this request is for a compressed file # Check if this request is for a compressed file
if ($_GET['action'] == 'get_compressed') { if ($_GET['action'] == 'get_compressed') {
# Get the calling parameters # Get the calling parameters
$sFilename = ((isset($_GET['f'])) ? $_GET['f'] : $_GET['amp;f']); $sFilename = ((isset($_GET['f'])) ? $_GET['f'] : $_GET['amp;f']);
$sContentType = ((isset($_GET['c'])) ? $_GET['c'] : $_GET['amp;c']); $sContentType = ((isset($_GET['c'])) ? $_GET['c'] : $_GET['amp;c']);
# Output the file using the class output() function # Output the file using the class output() function
Output_Compressor::output($cfgClient[$client]['path']['frontend'] . 'cache/', $sFilename, $sContentType); Output_Compressor::output($cfgClient[$client]['path']['frontend'] . 'cache/', $sFilename, $sContentType);
# Don't do anything else # Don't do anything else
exit(); exit();
} }
@ -127,8 +122,7 @@ if ($_GET['action'] == 'get_compressed') {
// Call hook after plugins are loaded, added by Murat Purc, 2008-09-07 // Call hook after plugins are loaded, added by Murat Purc, 2008-09-07
CEC_Hook::execute('Contenido.Frontend.AfterLoadPlugins'); CEC_Hook::execute('Contenido.Frontend.AfterLoadPlugins');
if (!isset($encoding) || !is_array($encoding) || count($encoding) == 0) if (!isset($encoding) || !is_array($encoding) || count($encoding) == 0) {
{
// get encodings of all languages // get encodings of all languages
$encoding = array(); $encoding = array();
$sql = "SELECT idlang, encoding FROM " . $cfg["tab"]["lang"]; $sql = "SELECT idlang, encoding FROM " . $cfg["tab"]["lang"];
@ -152,18 +146,18 @@ Contenido_Url::getInstance()->getUrlBuilder()->setHttpBasePath($cfgClient[$clien
if (!isset($lang)) { if (!isset($lang)) {
// if there is an entry load_lang in frontend/config.php use it, else use the first language of this client // if there is an entry load_lang in frontend/config.php use it, else use the first language of this client
if(isset($load_lang)){ if (isset($load_lang)) {
// load_client is set in frontend/config.php // load_client is set in frontend/config.php
$lang = $load_lang; $lang = $load_lang;
}else{ } else {
$sql = "SELECT $sql = "SELECT
B.idlang B.idlang
FROM FROM
".$cfg["tab"]["clients_lang"]." AS A, " . $cfg["tab"]["clients_lang"] . " AS A,
".$cfg["tab"]["lang"]." AS B " . $cfg["tab"]["lang"] . " AS B
WHERE WHERE
A.idclient='".Contenido_Security::toInteger($client)."' AND A.idclient='" . Contenido_Security::toInteger($client) . "' AND
A.idlang = B.idlang A.idlang = B.idlang
LIMIT LIMIT
0,1"; 0,1";
@ -175,11 +169,12 @@ if (!isset($lang)) {
} }
} }
if (!$sess->is_registered("lang") ) $sess->register("lang"); if (!$sess->is_registered("lang"))
if (!$sess->is_registered("client") ) $sess->register("client"); $sess->register("lang");
if (!$sess->is_registered("client"))
$sess->register("client");
if (isset ($username)) if (isset($username)) {
{
$auth->login_if(true); $auth->login_if(true);
} }
@ -192,8 +187,7 @@ header("Content-Type: text/html; charset={$encoding[$lang]}");
* if http global logout is set e.g. front_content.php?logout=true * if http global logout is set e.g. front_content.php?logout=true
* log out the current user. * log out the current user.
*/ */
if (isset ($logout)) if (isset($logout)) {
{
$auth->logout(true); $auth->logout(true);
$auth->unauth(true); $auth->unauth(true);
$auth->auth["uname"] = "nobody"; $auth->auth["uname"] = "nobody";
@ -202,8 +196,7 @@ if (isset ($logout))
/* /*
* local configuration * local configuration
*/ */
if (file_exists("config.local.php")) if (file_exists("config.local.php")) {
{
@ include ("config.local.php"); @ include ("config.local.php");
} }
@ -211,32 +204,26 @@ if (file_exists("config.local.php"))
* If the path variable was passed, try to resolve it to a Category Id * If the path variable was passed, try to resolve it to a Category Id
* e.g. front_content.php?path=/company/products/ * e.g. front_content.php?path=/company/products/
*/ */
if (isset($path) && strlen($path) > 1) if (isset($path) && strlen($path) > 1) {
{
/* Which resolve method is configured? */ /* Which resolve method is configured? */
if ($cfg["urlpathresolve"] == true) if ($cfg["urlpathresolve"] == true) {
{
$iLangCheck = 0; $iLangCheck = 0;
$idcat = prResolvePathViaURLNames($path, $iLangCheck); $idcat = prResolvePathViaURLNames($path, $iLangCheck);
} else {
}
else
{
$iLangCheck = 0; $iLangCheck = 0;
$idcat = prResolvePathViaCategoryNames($path, $iLangCheck); $idcat = prResolvePathViaCategoryNames($path, $iLangCheck);
if(($lang != $iLangCheck) && ((int)$iLangCheck != 0)){ if (($lang != $iLangCheck) && ((int) $iLangCheck != 0)) {
$lang = $iLangCheck; $lang = $iLangCheck;
} }
} }
} }
// error page // error page
$aParams = array ( $aParams = array(
'client' => $client, 'idcat' => $errsite_idcat[$client], 'idart' => $errsite_idart[$client], 'client' => $client, 'idcat' => $errsite_idcat[$client], 'idart' => $errsite_idart[$client],
'lang' => $lang, 'error'=> '1' 'lang' => $lang, 'error' => '1'
); );
$errsite = 'Location: ' . Contenido_Url::getInstance()->buildRedirect($aParams); $errsite = 'Location: ' . Contenido_Url::getInstance()->buildRedirect($aParams);
@ -246,66 +233,58 @@ $errsite = 'Location: ' . Contenido_Url::getInstance()->buildRedirect($aParams);
* Note: These variables can be set via http globals e.g. front_content.php?idcat=41&idart=34&idcatart=35&idartlang=42 * Note: These variables can be set via http globals e.g. front_content.php?idcat=41&idart=34&idcatart=35&idartlang=42
* If not the values will be computed. * If not the values will be computed.
*/ */
if ($idart && !$idcat && !$idcatart) if ($idart && !$idcat && !$idcatart) {
{
/* Try to fetch the first idcat */ /* Try to fetch the first idcat */
$sql = "SELECT idcat FROM ".$cfg["tab"]["cat_art"]." WHERE idart = '".Contenido_Security::toInteger($idart)."'"; $sql = "SELECT idcat FROM " . $cfg["tab"]["cat_art"] . " WHERE idart = '" . Contenido_Security::toInteger($idart) . "'";
$db->query($sql); $db->query($sql);
if ($db->next_record()) if ($db->next_record()) {
{
$idcat = $db->f("idcat"); $idcat = $db->f("idcat");
} }
} }
unset ($code); unset($code);
unset ($markscript); unset($markscript);
if (!$idcatart) if (!$idcatart) {
{ if (!$idart) {
if (!$idart) if (!$idcat) {
{
if (!$idcat)
{
# Note: In earlier Contenido versions the information if an article is startarticle of a category has been stored # Note: In earlier Contenido versions the information if an article is startarticle of a category has been stored
# in relation con_cat_art. # in relation con_cat_art.
if ($cfg["is_start_compatible"] == true) if ($cfg["is_start_compatible"] == true) {
{
$sql = "SELECT $sql = "SELECT
idart, idart,
B.idcat B.idcat
FROM FROM
".$cfg["tab"]["cat_art"]." AS A, " . $cfg["tab"]["cat_art"] . " AS A,
".$cfg["tab"]["cat_tree"]." AS B, " . $cfg["tab"]["cat_tree"] . " AS B,
".$cfg["tab"]["cat"]." AS C " . $cfg["tab"]["cat"] . " AS C
WHERE WHERE
A.idcat=B.idcat AND A.idcat=B.idcat AND
B.idcat=C.idcat AND B.idcat=C.idcat AND
is_start='1' AND is_start='1' AND
idclient='".Contenido_Security::toInteger($client)."' idclient='" . Contenido_Security::toInteger($client) . "'
ORDER BY ORDER BY
idtree ASC"; idtree ASC";
} } else {
else
{
# Note: Now the information if an article is startarticle of a category is stored in relation con_cat_lang. # Note: Now the information if an article is startarticle of a category is stored in relation con_cat_lang.
$sql = "SELECT $sql = "SELECT
A.idart, A.idart,
B.idcat B.idcat
FROM FROM
".$cfg["tab"]["cat_art"]." AS A, " . $cfg["tab"]["cat_art"] . " AS A,
".$cfg["tab"]["cat_tree"]." AS B, " . $cfg["tab"]["cat_tree"] . " AS B,
".$cfg["tab"]["cat"]." AS C, " . $cfg["tab"]["cat"] . " AS C,
".$cfg["tab"]["cat_lang"]." AS D, " . $cfg["tab"]["cat_lang"] . " AS D,
".$cfg["tab"]["art_lang"]." AS E " . $cfg["tab"]["art_lang"] . " AS E
WHERE WHERE
A.idcat=B.idcat AND A.idcat=B.idcat AND
B.idcat=C.idcat AND B.idcat=C.idcat AND
D.startidartlang = E.idartlang AND D.startidartlang = E.idartlang AND
D.idlang='".Contenido_Security::toInteger($lang)."' AND D.idlang='" . Contenido_Security::toInteger($lang) . "' AND
E.idart=A.idart AND E.idart=A.idart AND
E.idlang='".Contenido_Security::toInteger($lang)."' AND E.idlang='" . Contenido_Security::toInteger($lang) . "' AND
idclient='".Contenido_Security::toInteger($client)."' idclient='" . Contenido_Security::toInteger($client) . "'
ORDER BY ORDER BY
idtree ASC"; idtree ASC";
} }
@ -316,40 +295,34 @@ if (!$idcatart)
$idart = $db->f("idart"); $idart = $db->f("idart");
$idcat = $db->f("idcat"); $idcat = $db->f("idcat");
} else { } else {
if($contenido) { if ($contenido) {
cInclude("includes", "functions.i18n.php"); cInclude("includes", "functions.i18n.php");
die(i18n("No start article for this category")); die(i18n("No start article for this category"));
} else { } else {
if($error == 1) { if ($error == 1) {
die("Fatal error: Could not display error page. Error to display was: 'No start article in this category'"); die("Fatal error: Could not display error page. Error to display was: 'No start article in this category'");
} else { } else {
header($errsite); header($errsite);
exit; exit;
} }
} }
} }
} else { } else {
$idart = -1; $idart = -1;
if ($cfg["is_start_compatible"] == true) if ($cfg["is_start_compatible"] == true) {
{ $sql = "SELECT idart FROM " . $cfg["tab"]["cat_art"] . " WHERE idcat='" . Contenido_Security::toInteger($idcat) . "' AND is_start='1'";
$sql = "SELECT idart FROM ".$cfg["tab"]["cat_art"]." WHERE idcat='".Contenido_Security::toInteger($idcat)."' AND is_start='1'";
$db->query($sql); $db->query($sql);
if ($db->next_record()) if ($db->next_record()) {
{
$idart = $db->f("idart"); $idart = $db->f("idart");
} }
} } else {
else $sql = "SELECT startidartlang FROM " . $cfg["tab"]["cat_lang"] . " WHERE idcat='" . Contenido_Security::toInteger($idcat) . "' AND idlang='" . Contenido_Security::toInteger($lang) . "'";
{
$sql = "SELECT startidartlang FROM ".$cfg["tab"]["cat_lang"]." WHERE idcat='".Contenido_Security::toInteger($idcat)."' AND idlang='".Contenido_Security::toInteger($lang)."'";
$db->query($sql); $db->query($sql);
if ($db->next_record()) if ($db->next_record()) {
{ if ($db->f("startidartlang") != 0) {
if ($db->f("startidartlang") != 0) $sql = "SELECT idart FROM " . $cfg["tab"]["art_lang"] . " WHERE idartlang='" . Contenido_Security::toInteger($db->f("startidartlang")) . "'";
{
$sql = "SELECT idart FROM ".$cfg["tab"]["art_lang"]." WHERE idartlang='".Contenido_Security::toInteger($db->f("startidartlang"))."'";
$db->query($sql); $db->query($sql);
$db->next_record(); $db->next_record();
$idart = $db->f("idart"); $idart = $db->f("idart");
@ -357,36 +330,26 @@ if (!$idcatart)
} }
} }
if ($idart != -1) if ($idart != -1) {
{
} } else {
else
{
// error message in backend // error message in backend
if ($contenido) if ($contenido) {
{
cInclude("includes", "functions.i18n.php"); cInclude("includes", "functions.i18n.php");
die(i18n("No start article for this category")); die(i18n("No start article for this category"));
} } else {
else if ($error == 1) {
{
if ($error == 1)
{
echo "Fatal error: Could not display error page. Error to display was: 'No start article in this category'"; echo "Fatal error: Could not display error page. Error to display was: 'No start article in this category'";
} } else {
else
{
header($errsite); header($errsite);
exit; exit;
} }
} }
} }
} }
} }
} } else {
else $sql = "SELECT idcat, idart FROM " . $cfg["tab"]["cat_art"] . " WHERE idcatart='" . Contenido_Security::toInteger($idcatart) . "'";
{
$sql = "SELECT idcat, idart FROM ".$cfg["tab"]["cat_art"]." WHERE idcatart='".Contenido_Security::toInteger($idcatart)."'";
$db->query($sql); $db->query($sql);
$db->next_record(); $db->next_record();
@ -396,9 +359,8 @@ else
} }
/* Get idcatart */ /* Get idcatart */
if (0 != $idart && 0 != $idcat) if (0 != $idart && 0 != $idcat) {
{ $sql = "SELECT idcatart FROM " . $cfg["tab"]["cat_art"] . " WHERE idart = '" . Contenido_Security::toInteger($idart) . "' AND idcat = '" . Contenido_Security::toInteger($idcat) . "'";
$sql = "SELECT idcatart FROM ".$cfg["tab"]["cat_art"]." WHERE idart = '".Contenido_Security::toInteger($idart)."' AND idcat = '".Contenido_Security::toInteger($idcat)."'";
$db->query($sql); $db->query($sql);
$db->next_record(); $db->next_record();
@ -408,10 +370,9 @@ if (0 != $idart && 0 != $idcat)
$idartlang = getArtLang($idart, $lang); $idartlang = getArtLang($idart, $lang);
if ($idartlang === false) if ($idartlang === false) {
{
header($errsite); header($errsite);
exit; exit;
} }
/* /*
@ -427,8 +388,6 @@ if ($cfg["cache"]["disable"] != '1') {
$oCacheHandler->start($iStartTime); // $iStartTime ist optional und ist die startzeit des scriptes, z. b. am anfang von fron_content.php $oCacheHandler->start($iStartTime); // $iStartTime ist optional und ist die startzeit des scriptes, z. b. am anfang von fron_content.php
} }
// END: concache // END: concache
############################################## ##############################################
# BACKEND / FRONTEND EDITING # BACKEND / FRONTEND EDITING
############################################## ##############################################
@ -443,44 +402,39 @@ if ($cfg["cache"]["disable"] != '1') {
* The reason is to avoid cross-site scripting errors in the backend, if the backend domain differs from * The reason is to avoid cross-site scripting errors in the backend, if the backend domain differs from
* the frontend domain. * the frontend domain.
*/ */
if ($contenido) if ($contenido) {
{
$perm->load_permissions(); $perm->load_permissions();
/* Change mode edit / view */ /* Change mode edit / view */
if (isset ($changeview)) if (isset($changeview)) {
{
$sess->register("view"); $sess->register("view");
$view = $changeview; $view = $changeview;
} }
$col = new InUseCollection; $col = new InUseCollection;
if ($overrideid != "" && $overridetype != "") if ($overrideid != "" && $overridetype != "") {
{
$col->removeItemMarks($overridetype, $overrideid); $col->removeItemMarks($overridetype, $overrideid);
} }
/* Remove all own marks */ /* Remove all own marks */
$col->removeSessionMarks($sess->id); $col->removeSessionMarks($sess->id);
/* If the override flag is set, override a specific InUseItem */ /* If the override flag is set, override a specific InUseItem */
list ($inUse, $message) = $col->checkAndMark("article", $idartlang, true, i18n("Article is in use by %s (%s)"), true, $cfg['path']['contenido_fullhtml']."external/backendedit/front_content.php?changeview=edit&action=con_editart&idartlang=$idartlang&type=$type&typenr=$typenr&idart=$idart&idcat=$idcat&idcatart=$idcatart&client=$client&lang=$lang"); list ($inUse, $message) = $col->checkAndMark("article", $idartlang, true, i18n("Article is in use by %s (%s)"), true, $cfg['path']['contenido_fullhtml'] . "external/backendedit/front_content.php?changeview=edit&action=con_editart&idartlang=$idartlang&type=$type&typenr=$typenr&idart=$idart&idcat=$idcat&idcatart=$idcatart&client=$client&lang=$lang");
$sHtmlInUse = ''; $sHtmlInUse = '';
$sHtmlInUseMessage = ''; $sHtmlInUseMessage = '';
if ($inUse == true) if ($inUse == true) {
{
$disabled = 'disabled="disabled"'; $disabled = 'disabled="disabled"';
$sHtmlInUseCss = '<link rel="stylesheet" type="text/css" href="'.$cfg['path']['contenido_fullhtml'].'styles/inuse.css" />'; $sHtmlInUseCss = '<link rel="stylesheet" type="text/css" href="' . $cfg['path']['contenido_fullhtml'] . 'styles/inuse.css" />';
$sHtmlInUseMessage = $message; $sHtmlInUseMessage = $message;
} }
$sql = "SELECT locked FROM ".$cfg["tab"]["art_lang"]." WHERE idart='".Contenido_Security::toInteger($idart)."' AND idlang = '".Contenido_Security::toInteger($lang)."'"; $sql = "SELECT locked FROM " . $cfg["tab"]["art_lang"] . " WHERE idart='" . Contenido_Security::toInteger($idart) . "' AND idlang = '" . Contenido_Security::toInteger($lang) . "'";
$db->query($sql); $db->query($sql);
$db->next_record(); $db->next_record();
$locked = $db->f("locked"); $locked = $db->f("locked");
if ($locked == 1) if ($locked == 1) {
{
$inUse = true; $inUse = true;
$disabled = 'disabled="disabled"'; $disabled = 'disabled="disabled"';
} }
@ -488,47 +442,40 @@ if ($contenido)
// CEC to check if the user has permission to edit articles in this category // CEC to check if the user has permission to edit articles in this category
CEC_Hook::setBreakCondition(false, true); // break at "false", default value "true" CEC_Hook::setBreakCondition(false, true); // break at "false", default value "true"
$allow = CEC_Hook::executeWhileBreakCondition( $allow = CEC_Hook::executeWhileBreakCondition(
'Contenido.Frontend.AllowEdit', $lang, $idcat, $idart, $auth->auth['uid'] 'Contenido.Frontend.AllowEdit', $lang, $idcat, $idart, $auth->auth['uid']
); );
if ($perm->have_perm_area_action_item("con_editcontent", "con_editart", $idcat) && $inUse == false && $allow == true) if ($perm->have_perm_area_action_item("con_editcontent", "con_editart", $idcat) && $inUse == false && $allow == true) {
{
/* Create buttons for editing */ /* Create buttons for editing */
$edit_preview = '<table cellspacing="0" cellpadding="4" border="0">'; $edit_preview = '<table cellspacing="0" cellpadding="4" border="0">';
if ($view == "edit") if ($view == "edit") {
{
$edit_preview = '<tr> $edit_preview = '<tr>
<td width="18"> <td width="18">
<a title="Preview" style="font-family: Verdana; font-size: 10px; color: #000000; text-decoration: none" href="'.$sess->url("front_content.php?changeview=prev&idcat=$idcat&idart=$idart").'"><img src="'.$cfg["path"]["contenido_fullhtml"].$cfg["path"]["images"].'but_preview.gif" alt="Preview" title="Preview" border="0"></a> <a title="Preview" style="font-family: Verdana; font-size: 10px; color: #000000; text-decoration: none" href="' . $sess->url("front_content.php?changeview=prev&idcat=$idcat&idart=$idart") . '"><img src="' . $cfg["path"]["contenido_fullhtml"] . $cfg["path"]["images"] . 'but_preview.gif" alt="Preview" title="Preview" border="0"></a>
</td> </td>
<td width="18"> <td width="18">
<a title="Preview" style="font-family: Verdana; font-size: 10px; color: #000000; text-decoration: none" href="'.$sess->url("front_content.php?changeview=prev&idcat=$idcat&idart=$idart").'">Preview</a> <a title="Preview" style="font-family: Verdana; font-size: 10px; color: #000000; text-decoration: none" href="' . $sess->url("front_content.php?changeview=prev&idcat=$idcat&idart=$idart") . '">Preview</a>
</td> </td>
</tr>'; </tr>';
} } else {
else
{
$edit_preview = '<tr> $edit_preview = '<tr>
<td width="18"> <td width="18">
<a title="Preview" style="font-family: Verdana; font-size: 10px; color: #000000; text-decoration: none" href="'.$sess->url("front_content.php?changeview=edit&idcat=$idcat&idart=$idart").'"><img src="'.$cfg["path"]["contenido_fullhtml"].$cfg["path"]["images"].'but_edit.gif" alt="Preview" title="Preview" border="0"></a> <a title="Preview" style="font-family: Verdana; font-size: 10px; color: #000000; text-decoration: none" href="' . $sess->url("front_content.php?changeview=edit&idcat=$idcat&idart=$idart") . '"><img src="' . $cfg["path"]["contenido_fullhtml"] . $cfg["path"]["images"] . 'but_edit.gif" alt="Preview" title="Preview" border="0"></a>
</td> </td>
<td width="18"> <td width="18">
<a title="Preview" style="font-family: Verdana; font-size: 10px; color: #000000; text-decoration: none" href="'.$sess->url("front_content.php?changeview=edit&idcat=$idcat&idart=$idart").'">Edit</a> <a title="Preview" style="font-family: Verdana; font-size: 10px; color: #000000; text-decoration: none" href="' . $sess->url("front_content.php?changeview=edit&idcat=$idcat&idart=$idart") . '">Edit</a>
</td> </td>
</tr>'; </tr>';
} }
/* Display articles */ /* Display articles */
if ($cfg["is_start_compatible"] == true) if ($cfg["is_start_compatible"] == true) {
{ $sql = "SELECT idart, is_start FROM " . $cfg["tab"]["cat_art"] . " WHERE idcat='" . Contenido_Security::toInteger($idcat) . "' ORDER BY idart";
$sql = "SELECT idart, is_start FROM ".$cfg["tab"]["cat_art"]." WHERE idcat='".Contenido_Security::toInteger($idcat)."' ORDER BY idart";
$db->query($sql); $db->query($sql);
} } else {
else $sql = "SELECT idart FROM " . $cfg["tab"]["cat_art"] . " WHERE idcat='" . Contenido_Security::toInteger($idcat) . "' ORDER BY idart";
{
$sql = "SELECT idart FROM ".$cfg["tab"]["cat_art"]." WHERE idcat='".Contenido_Security::toInteger($idcat)."' ORDER BY idart";
$db->query($sql); $db->query($sql);
} }
@ -537,53 +484,41 @@ if ($contenido)
$edit_preview .= '<tr><td colspan="2"><table cellspacing="0" cellpadding="2" border="0"></tr><td style="font-family: verdana; font-size:10; color:#000000; text-decoration:none">Articles in category:<br>'; $edit_preview .= '<tr><td colspan="2"><table cellspacing="0" cellpadding="2" border="0"></tr><td style="font-family: verdana; font-size:10; color:#000000; text-decoration:none">Articles in category:<br>';
while ($db->next_record() && ($db->affected_rows() != 1)) while ($db->next_record() && ($db->affected_rows() != 1)) {
{
$class = "font-family:'Verdana'; font-size:10; color:#000000; text-decoration: underline; font-weight:normal"; $class = "font-family:'Verdana'; font-size:10; color:#000000; text-decoration: underline; font-weight:normal";
if (!isset ($idart)) if (!isset($idart)) {
{ if (isStartArticle(getArtLang($idart, $lang), $idcat, $lang)) {
if (isStartArticle(getArtLang($idart, $lang), $idcat, $lang))
{
$class = "font-family: verdana; font-size:10; color:#000000; text-decoration: underline ;font-weight:bold"; $class = "font-family: verdana; font-size:10; color:#000000; text-decoration: underline ;font-weight:bold";
} }
} } else {
else if ($idart == $db->f("idart")) {
{
if ($idart == $db->f("idart"))
{
$class = "font-family: verdana; font-size:10; color:#000000; text-decoration: underline; font-weight:bold"; $class = "font-family: verdana; font-size:10; color:#000000; text-decoration: underline; font-weight:bold";
} }
} }
$edit_preview .= "<a style=\"$class\" href=\"".$sess->url("front_content.php?idart=".$db->f("idart")."&idcat=$idcat")."\">$a</a>&nbsp;"; $edit_preview .= "<a style=\"$class\" href=\"" . $sess->url("front_content.php?idart=" . $db->f("idart") . "&idcat=$idcat") . "\">$a</a>&nbsp;";
$a ++; $a++;
} }
$edit_preview .= '</td></tr></table></td></tr></table>'; $edit_preview .= '</td></tr></table></td></tr></table>';
} }
} // end if $contenido } // end if $contenido
/* If mode is 'edit' and user has permission to edit articles in the current category */ /* If mode is 'edit' and user has permission to edit articles in the current category */
if ($inUse == false && $allow == true && $view == "edit" && ($perm->have_perm_area_action_item("con_editcontent", "con_editart", $idcat))) if ($inUse == false && $allow == true && $view == "edit" && ($perm->have_perm_area_action_item("con_editcontent", "con_editart", $idcat))) {
{
cInclude("includes", "functions.tpl.php"); cInclude("includes", "functions.tpl.php");
cInclude("includes", "functions.con.php"); cInclude("includes", "functions.con.php");
include ($cfg["path"]["contenido"].$cfg["path"]["includes"]."include.con_editcontent.php"); include ($cfg["path"]["contenido"] . $cfg["path"]["includes"] . "include.con_editcontent.php");
} } else {
else
{
############################################## ##############################################
# FRONTEND VIEW # FRONTEND VIEW
############################################## ##############################################
/* Mark submenuitem 'Preview' in the Contenido Backend (Area: Contenido --> Articles --> Preview) */ /* Mark submenuitem 'Preview' in the Contenido Backend (Area: Contenido --> Articles --> Preview) */
if ($contenido) if ($contenido) {
{
$markscript = markSubMenuItem(4, true); $markscript = markSubMenuItem(4, true);
} }
@ -593,10 +528,10 @@ else
$sql = "SELECT $sql = "SELECT
createcode createcode
FROM FROM
".$cfg["tab"]["cat_art"]." " . $cfg["tab"]["cat_art"] . "
WHERE WHERE
idcat = '".Contenido_Security::toInteger($idcat)."' AND idcat = '" . Contenido_Security::toInteger($idcat) . "' AND
idart = '".Contenido_Security::toInteger($idart)."'"; idart = '" . Contenido_Security::toInteger($idart) . "'";
$db->query($sql); $db->query($sql);
$db->next_record(); $db->next_record();
@ -606,44 +541,36 @@ else
############################################## ##############################################
/* Check if code is expired, create new code if needed */ /* Check if code is expired, create new code if needed */
if($db->f("createcode") == 0 && $force == 0 && $cfg['dceModEdit']['use'] !== true && $cfg['dceLayEdit']['use'] !== true) { if ($db->f("createcode") == 0 && $force == 0 && $cfg['dceModEdit']['use'] !== true && $cfg['dceLayEdit']['use'] !== true) {
$sql = "SELECT code FROM ".$cfg["tab"]["code"]." WHERE idcatart = '".Contenido_Security::toInteger($idcatart)."' AND idlang = '".Contenido_Security::toInteger($lang)."'"; $sql = "SELECT code FROM " . $cfg["tab"]["code"] . " WHERE idcatart = '" . Contenido_Security::toInteger($idcatart) . "' AND idlang = '" . Contenido_Security::toInteger($lang) . "'";
$db->query($sql); $db->query($sql);
if ($db->num_rows() == 0) if ($db->num_rows() == 0) {
{
/* Include here for performance reasons */ /* Include here for performance reasons */
cInclude("includes", "functions.tpl.php"); cInclude("includes", "functions.tpl.php");
conGenerateCode($idcat, $idart, $lang, $client); conGenerateCode($idcat, $idart, $lang, $client);
$sql = "SELECT code FROM ".$cfg["tab"]["code"]." WHERE idcatart = '".Contenido_Security::toInteger($idcatart)."' AND idlang = '".Contenido_Security::toInteger($lang)."'"; $sql = "SELECT code FROM " . $cfg["tab"]["code"] . " WHERE idcatart = '" . Contenido_Security::toInteger($idcatart) . "' AND idlang = '" . Contenido_Security::toInteger($lang) . "'";
$db->query($sql); $db->query($sql);
} }
if ($db->next_record()) if ($db->next_record()) {
{
$code = stripslashes($db->f("code")); $code = stripslashes($db->f("code"));
} } else {
else
{
if ($contenido) if ($contenido)
$code = "echo \"No code available.\";"; $code = "echo \"No code available.\";";
else else {
{ if ($error == 1) {
if ($error == 1)
{
echo "Fatal error: Could not display error page. Error to display was: 'No code available'"; echo "Fatal error: Could not display error page. Error to display was: 'No code available'";
} } else {
else
{
header($errsite); header($errsite);
exit; exit;
} }
} }
} }
} else { } else {
$sql = "DELETE FROM ".$cfg["tab"]["code"]." WHERE idcatart = '".Contenido_Security::toInteger($idcatart)."'"; $sql = "DELETE FROM " . $cfg["tab"]["code"] . " WHERE idcatart = '" . Contenido_Security::toInteger($idcatart) . "'";
$db->query($sql); $db->query($sql);
cInclude("includes", "functions.con.php"); cInclude("includes", "functions.con.php");
@ -652,7 +579,7 @@ else
conGenerateCode($idcat, $idart, $lang, $client); conGenerateCode($idcat, $idart, $lang, $client);
$sql = "SELECT code FROM ".$cfg["tab"]["code"]." WHERE idcatart = '".Contenido_Security::toInteger($idcatart)."' AND idlang = '".Contenido_Security::toInteger($lang)."'"; $sql = "SELECT code FROM " . $cfg["tab"]["code"] . " WHERE idcatart = '" . Contenido_Security::toInteger($idcatart) . "' AND idlang = '" . Contenido_Security::toInteger($lang) . "'";
$db->query($sql); $db->query($sql);
$db->next_record(); $db->next_record();
@ -670,7 +597,7 @@ else
} }
/* Check if category is public */ /* Check if category is public */
$sql = "SELECT public FROM ".$cfg["tab"]["cat_lang"]." WHERE idcat='".Contenido_Security::toInteger($idcat)."' AND idlang='".Contenido_Security::toInteger($lang)."'"; $sql = "SELECT public FROM " . $cfg["tab"]["cat_lang"] . " WHERE idcat='" . Contenido_Security::toInteger($idcat) . "' AND idlang='" . Contenido_Security::toInteger($lang) . "'";
$db->query($sql); $db->query($sql);
$db->next_record(); $db->next_record();
@ -680,80 +607,68 @@ else
############################################## ##############################################
# protected categories # protected categories
############################################## ##############################################
if ($public == 0) if ($public == 0) {
{ if ($auth->auth["uid"] == "nobody") {
if ($auth->auth["uid"] == "nobody") $sql = "SELECT user_id, value FROM " . $cfg["tab"]["user_prop"] . " WHERE type='frontend' and name='allowed_ip'";
{
$sql = "SELECT user_id, value FROM ".$cfg["tab"]["user_prop"]." WHERE type='frontend' and name='allowed_ip'";
$db->query($sql); $db->query($sql);
while ($db->next_record()) while ($db->next_record()) {
{
$user_id = $db->f("user_id"); $user_id = $db->f("user_id");
$range = urldecode($db->f("value")); $range = urldecode($db->f("value"));
$slash = strpos($range, "/"); $slash = strpos($range, "/");
if ($slash == false) if ($slash == false) {
{
$netmask = "255.255.255.255"; $netmask = "255.255.255.255";
$network = $range; $network = $range;
} } else {
else
{
$network = substr($range, 0, $slash); $network = substr($range, 0, $slash);
$netmask = substr($range, $slash +1, strlen($range) - $slash -1); $netmask = substr($range, $slash + 1, strlen($range) - $slash - 1);
} }
if (IP_match($network, $netmask, $_SERVER["REMOTE_ADDR"])) if (IP_match($network, $netmask, $_SERVER["REMOTE_ADDR"])) {
{
$sql = "SELECT idright $sql = "SELECT idright
FROM ".$cfg["tab"]["rights"]." AS A, FROM " . $cfg["tab"]["rights"] . " AS A,
".$cfg["tab"]["actions"]." AS B, " . $cfg["tab"]["actions"] . " AS B,
".$cfg["tab"]["area"]." AS C " . $cfg["tab"]["area"] . " AS C
WHERE B.name = 'front_allow' AND C.name = 'str' AND A.user_id = '".Contenido_Security::escapeDB($user_id, $db2)."' AND A.idcat = '".Contenido_Security::toInteger($idcat)."' WHERE B.name = 'front_allow' AND C.name = 'str' AND A.user_id = '" . Contenido_Security::escapeDB($user_id, $db2) . "' AND A.idcat = '" . Contenido_Security::toInteger($idcat) . "'
AND A.idarea = C.idarea AND B.idaction = A.idaction"; AND A.idarea = C.idarea AND B.idaction = A.idaction";
$db2 = new DB_Contenido; $db2 = new DB_Contenido;
$db2->query($sql); $db2->query($sql);
if ($db2->num_rows() > 0) if ($db2->num_rows() > 0) {
{
$auth->auth["uid"] = $user_id; $auth->auth["uid"] = $user_id;
$validated = 1; $validated = 1;
} }
} }
} }
if ($validated != 1) if ($validated != 1) {
{
// CEC to check category access // CEC to check category access
CEC_Hook::setBreakCondition(true, false); // break at "true", default value "false" CEC_Hook::setBreakCondition(true, false); // break at "true", default value "false"
$allow = CEC_Hook::executeWhileBreakCondition( $allow = CEC_Hook::executeWhileBreakCondition(
'Contenido.Frontend.CategoryAccess', $lang, $idcat, $auth->auth['uid'] 'Contenido.Frontend.CategoryAccess', $lang, $idcat, $auth->auth['uid']
); );
$auth->login_if(!$allow); $auth->login_if(!$allow);
} }
} } else {
else
{
// CEC to check category access // CEC to check category access
CEC_Hook::setBreakCondition(true, false); // break at "true", default value "false" CEC_Hook::setBreakCondition(true, false); // break at "true", default value "false"
$allow = CEC_Hook::executeWhileBreakCondition( $allow = CEC_Hook::executeWhileBreakCondition(
'Contenido.Frontend.CategoryAccess', $lang, $idcat, $auth->auth['uid'] 'Contenido.Frontend.CategoryAccess', $lang, $idcat, $auth->auth['uid']
); );
/* /*
added 2008-11-18 Timo Trautmann added 2008-11-18 Timo Trautmann
in backendeditmode also check if logged in backenduser has permission to view preview of page in backendeditmode also check if logged in backenduser has permission to view preview of page
*/ */
if ($allow == false && $contenido && $perm->have_perm_area_action_item("con_editcontent", "con_editart", $idcat)) { if ($allow == false && $contenido && $perm->have_perm_area_action_item("con_editcontent", "con_editart", $idcat)) {
$allow = true; $allow = true;
} }
if (!$allow) if (!$allow) {
{
header($errsite); header($errsite);
exit; exit;
} }
} }
} }
@ -767,24 +682,18 @@ else
/* /*
* Check if an article is start article of the category * Check if an article is start article of the category
*/ */
if ($cfg["is_start_compatible"] == true) if ($cfg["is_start_compatible"] == true) {
{ $sql = "SELECT is_start FROM " . $cfg["tab"]["cat_art"] . " WHERE idcatart='" . Contenido_Security::toInteger($idcatart) . "'";
$sql = "SELECT is_start FROM ".$cfg["tab"]["cat_art"]." WHERE idcatart='".Contenido_Security::toInteger($idcatart)."'";
$db->query($sql); $db->query($sql);
$db->next_record(); $db->next_record();
$isstart = $db->f("is_start"); $isstart = $db->f("is_start");
} } else {
else $sql = "SELECT startidartlang FROM " . $cfg["tab"]["cat_lang"] . " WHERE idcat='" . Contenido_Security::toInteger($idcat) . "' AND idlang = '" . Contenido_Security::toInteger($lang) . "'";
{
$sql = "SELECT startidartlang FROM ".$cfg["tab"]["cat_lang"]." WHERE idcat='".Contenido_Security::toInteger($idcat)."' AND idlang = '".Contenido_Security::toInteger($lang)."'";
$db->query($sql); $db->query($sql);
$db->next_record(); $db->next_record();
if ($db->f("idartlang") == $idartlang) if ($db->f("idartlang") == $idartlang) {
{
$isstart = 1; $isstart = 1;
} } else {
else
{
$isstart = 0; $isstart = 0;
} }
} }
@ -792,18 +701,15 @@ else
############################################## ##############################################
# time management # time management
############################################## ##############################################
$sql = "SELECT timemgmt FROM ".$cfg["tab"]["art_lang"]." WHERE idart='".Contenido_Security::toInteger($idart)."' AND idlang = '".Contenido_Security::toInteger($lang)."'"; $sql = "SELECT timemgmt FROM " . $cfg["tab"]["art_lang"] . " WHERE idart='" . Contenido_Security::toInteger($idart) . "' AND idlang = '" . Contenido_Security::toInteger($lang) . "'";
$db->query($sql); $db->query($sql);
$db->next_record(); $db->next_record();
if (($db->f("timemgmt") == "1") && ($isstart != 1)) if (($db->f("timemgmt") == "1") && ($isstart != 1)) {
{ $sql = "SELECT online, redirect, redirect_url FROM " . $cfg["tab"]["art_lang"] . " WHERE idart='" . Contenido_Security::toInteger($idart) . "' AND idlang = '" . Contenido_Security::toInteger($lang) . "'
$sql = "SELECT online, redirect, redirect_url FROM ".$cfg["tab"]["art_lang"]." WHERE idart='".Contenido_Security::toInteger($idart)."' AND idlang = '".Contenido_Security::toInteger($lang)."'
AND NOW() > datestart AND NOW() < dateend"; AND NOW() > datestart AND NOW() < dateend";
} } else {
else $sql = "SELECT online, redirect, redirect_url FROM " . $cfg["tab"]["art_lang"] . " WHERE idart='" . Contenido_Security::toInteger($idart) . "' AND idlang = '" . Contenido_Security::toInteger($lang) . "'";
{
$sql = "SELECT online, redirect, redirect_url FROM ".$cfg["tab"]["art_lang"]." WHERE idart='".Contenido_Security::toInteger($idart)."' AND idlang = '".Contenido_Security::toInteger($lang)."'";
} }
$db->query($sql); $db->query($sql);
@ -813,15 +719,14 @@ else
$redirect = $db->f("redirect"); $redirect = $db->f("redirect");
$redirect_url = $db->f("redirect_url"); $redirect_url = $db->f("redirect_url");
@ eval ("\$"."redirect_url = \"$redirect_url\";"); // transform variables @ eval("\$" . "redirect_url = \"$redirect_url\";"); // transform variables
$insert_base = getEffectiveSetting('generator', 'basehref', "true"); $insert_base = getEffectiveSetting('generator', 'basehref', "true");
/* /*
* generate base url * generate base url
*/ */
if ($insert_base == "true") if ($insert_base == "true") {
{
$is_XHTML = getEffectiveSetting('generator', 'xhtml', "false"); $is_XHTML = getEffectiveSetting('generator', 'xhtml', "false");
$str_base_uri = $cfgClient[$client]["path"]["htmlpath"]; $str_base_uri = $cfgClient[$client]["path"]["htmlpath"];
@ -830,21 +735,19 @@ else
$str_base_uri = CEC_Hook::executeAndReturn('Contenido.Frontend.BaseHrefGeneration', $str_base_uri); $str_base_uri = CEC_Hook::executeAndReturn('Contenido.Frontend.BaseHrefGeneration', $str_base_uri);
if ($is_XHTML == "true") { if ($is_XHTML == "true") {
$baseCode = '<base href="'.$str_base_uri.'" />'; $baseCode = '<base href="' . $str_base_uri . '" />';
} else { } else {
$baseCode = '<base href="'.$str_base_uri.'">'; $baseCode = '<base href="' . $str_base_uri . '">';
} }
$code = str_ireplace_once("<head>", "<head>\n".$baseCode, $code); $code = str_ireplace_once("<head>", "<head>\n" . $baseCode, $code);
} }
/* /*
* Handle online (offline) articles * Handle online (offline) articles
*/ */
if ($online) if ($online) {
{ if ($redirect == '1' && $redirect_url != '') {
if ($redirect == '1' && $redirect_url != '')
{
page_close(); page_close();
/* /*
* Redirect to the URL defined in article properties * Redirect to the URL defined in article properties
@ -860,12 +763,9 @@ else
} }
header("Location: $redirect_url"); header("Location: $redirect_url");
exit; exit;
} } else {
else if ($cfg["debug"]["codeoutput"]) {
{ echo "<textarea>" . clHtmlSpecialChars($code) . "</textarea>";
if ($cfg["debug"]["codeoutput"])
{
echo "<textarea>".clHtmlSpecialChars($code)."</textarea>";
} }
/* /*
@ -876,11 +776,11 @@ else
$aExclude = explode(',', getEffectiveSetting('frontend.no_outputbuffer', 'idart', '')); $aExclude = explode(',', getEffectiveSetting('frontend.no_outputbuffer', 'idart', ''));
if (in_array(Contenido_Security::toInteger($idart), $aExclude)) { if (in_array(Contenido_Security::toInteger($idart), $aExclude)) {
eval ("?>\n".$code."\n<?php\n"); eval("?>\n" . $code . "\n<?php\n");
} else { } else {
// write html output into output buffer and assign it to an variable // write html output into output buffer and assign it to an variable
ob_start(); ob_start();
eval ("?>\n".$code."\n<?php\n"); eval("?>\n" . $code . "\n<?php\n");
$htmlCode = ob_get_contents(); $htmlCode = ob_get_contents();
ob_end_clean(); ob_end_clean();
@ -893,26 +793,17 @@ else
// print output // print output
echo $htmlCode; echo $htmlCode;
} }
} }
} } else {
else
{
# if user is in the backend display offline articles # if user is in the backend display offline articles
if ($contenido) if ($contenido) {
{ eval("?>\n" . $code . "\n<?php\n");
eval ("?>\n".$code."\n<?php\n"); } else {
} if ($error == 1) {
else
{
if ($error == 1)
{
echo "Fatal error: Could not display error page. Error to display was: 'No contenido session variable set. Probable error cause: Start article in this category is not set on-line.'"; echo "Fatal error: Could not display error page. Error to display was: 'No contenido session variable set. Probable error cause: Start article in this category is not set on-line.'";
} } else {
else
{
header($errsite); header($errsite);
exit; exit;
} }
} }
} }
@ -934,13 +825,11 @@ if ($cfg["cache"]["disable"] != '1') {
/* /*
* configuration settings after the site is displayed. * configuration settings after the site is displayed.
*/ */
if (file_exists("config.after.php")) if (file_exists("config.after.php")) {
{
@ include ("config.after.php"); @ include ("config.after.php");
} }
if (isset ($savedlang)) if (isset($savedlang)) {
{
$lang = $savedlang; $lang = $savedlang;
} }